Comprehensive Overview of Networking Concepts and Technologies

Layer 7 - Application Layer

The top layer of the OSI model that provides network services directly to end-user applications. It's where protocols like HTTP, FTP, SMTP, and DNS operate to format and exchange data.

Physical vs. Virtual Appliances

A dedicated hardware device with a specific function (e.g., a hardware firewall) versus a software-based version that runs on a virtual machine (VM).

IDS (Intrusion Detection System) vs. IPS (Intrusion Prevention System)

One type of system passively monitors and alerts on suspicious activity, while the other sits 'in-line' and can actively block malicious traffic.

Proxy Server

An intermediary server that sits between a client and a destination. It forwards client requests and can be used for filtering, caching, and anonymizing.

Storage Area Network (SAN)

A dedicated, high-speed network that provides block-level storage access to servers, making a pool of storage appear as locally attached disks.

Wireless LAN Controller (WLC)

A centralized device that manages, configures, and monitors multiple 'lightweight' access points on a network.

Content Delivery Network (CDN)

A geographically distributed network of servers that caches content close to end-users to reduce latency and improve content delivery speed.

Quality of Service (QoS)

A set of technologies used to manage network traffic to ensure the performance of critical applications by prioritizing specific types of data.

Network Functions Virtualization (NFV)

The concept of replacing dedicated hardware appliances (like routers and firewalls) with virtualized software equivalents that run on standard servers.

Virtual Private Cloud (VPC)

A logically isolated section of a public cloud where you can launch resources in a virtual network that you define and control.

Network Security Group (NSG) / Security List

A virtual firewall for cloud resources that contains a list of security rules to control inbound and outbound traffic based on IP, port, and protocol.

Internet Gateway vs. NAT Gateway

One type of cloud gateway allows communication between your VPC and the internet, while another type allows instances in a private subnet to initiate outbound traffic to the internet without being directly reachable.

Cloud Connectivity Options (VPN vs. Direct Connect/ExpressRoute)

Methods to connect an on-premises network to the cloud, including using an encrypted tunnel over the internet or a dedicated, private physical connection.

Internet Control Message Protocol (ICMP)

An IP protocol used by network devices to send error messages and operational information; it is the basis for utilities like ping and traceroute.

Generic Routing Encapsulation (GRE)

A tunneling protocol that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an IP network.

Internet Protocol Security (IPSec)

A secure network protocol suite that authenticates and encrypts data packets. It can operate in a mode that encrypts the entire packet or a mode that encrypts only the payload.

Authentication Header (AH) vs. Encapsulating Security Payload (ESP)

In IPSec, one component provides integrity and authentication but no encryption, while the other provides encryption, integrity, and authentication.

Internet Key Exchange (IKE)

The protocol used within the IPSec suite to negotiate security associations (SAs), algorithms, and keys.

Unicast

A one-to-one communication between a single sender and a single receiver.

Communication Method

A communication method where a message is sent from one source to the topologically nearest node out of a group of potential receivers that all share the same destination address.

Anycast

A network traffic pattern that flows into and out of a data center (e.g., from a user to a web server).

North-South Traffic

A network traffic pattern that flows between servers within the same data center (e.g., from an application server to a database server).

East-West Traffic

A network traffic pattern that flows between servers within the same data center (e.g., from an application server to a database server).

Direct Attach Copper (DAC) cable

Short, fixed-length cables with transceivers already attached on both ends, used for high-speed connections in data centers over short distances.

Twinaxial cable

A type of cable, similar to coaxial, but with two inner conductors instead of one, often used for high-speed, short-range signaling.

Ethernet transceiver

A module that converts electrical signals to optical/electrical signals to send and receive data over an Ethernet network.

Fibre Channel (FC) transceiver

A transceiver specifically designed for use in a Storage Area Network (SAN).

SFP (Small Form-factor Pluggable)

A compact, hot-pluggable transceiver that supports speeds like 1 Gbps or 10 Gbps.

QSFP (Quad Small Form-factor Pluggable)

A transceiver providing four channels, allowing for higher speeds like 40 Gbps (QSFP+) or 100 Gbps (QSFP28).

Fibre optic connectors

Common types include the small, square LC connector; the square, push-pull SC connector; and the bayonet-style ST connector.

Hybrid topology

A network topology that is a combination of two or more different basic topologies, such as star and bus.

Three-tier hierarchical model

A traditional network design with three layers: Core, Distribution, and Access.

Collapsed core architecture

A network design, often for smaller networks, where the Core and Distribution layer functions are combined into a single layer.

Spine and leaf architecture

A modern data center network topology where every access (leaf) switch connects to every core (spine) switch, providing high bandwidth and low latency.

Private IP address ranges

IP address ranges of 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

APIPA (Automatic Private IP Addressing) range

The address range 169.254.0.0/16, which a host uses to self-assign an IP when it cannot contact a DHCP server.

Loopback address

The IPv4 address 127.0.0.1, which refers to the current device and is used for testing the local TCP/IP stack.

Variable Length Subnet Mask (VLSM)

A technique that allows network administrators to divide an IP address space into subnets of different sizes to avoid wasting IP addresses.

Classless Inter-domain Routing (CIDR)

A method for allocating IP addresses and routing that discards the traditional Class A/B/C structure and uses a 'slash notation' (e.g., /24) to represent the network prefix.

Class A, B, C octet ranges

The first octet ranges of 1-126, 128-191, and 192-223 used in traditional, classful IP addressing.

Software-Defined Networking (SDN)

A network architecture that decouples the control plane (decision-making) from the data plane (forwarding), allowing for centralized management.

SD-WAN

An application of SDN principles to Wide Area Networks to manage and optimize traffic across multiple WAN connections from a central controller.

Virtual Extensible LAN (VXLAN)

A network virtualization technology that creates a logical Layer 2 network on top of a physical Layer 3 network, overcoming the scaling limitations of VLANs.

Zero Trust Security Model

A security model based on the principle of 'never trust, always verify,' requiring strict identity verification for every person and device trying to access resources.

Zero Trust Architecture (ZTA)

A cloud-native architecture that combines network security functions with WAN capabilities to securely connect users and systems to applications anywhere.

Secure Access Service Edge (SASE)

The process of managing and provisioning computer data centers and networks through machine-readable definition files rather than manual configuration.

Infrastructure as Code (IaC)

The process of managing and provisioning computer data centers and networks through machine-readable definition files rather than manual configuration.

Border Gateway Protocol (BGP)

The primary exterior gateway protocol used to make routing decisions on the Internet between different autonomous systems (AS).

Enhanced Interior Gateway Routing Protocol (EIGRP)

A Cisco-proprietary, advanced distance-vector routing protocol known for fast convergence.

Open Shortest Path First (OSPF)

An open standard, link-state routing protocol that creates a map of the network and calculates the best path based on cost.

Administrative Distance

A value from 0-255 used by routers to select the best path when multiple routes to the same destination exist from different routing protocols. Lower is better.

Metric (routing)

A value used by a routing protocol to determine the best path to a destination. Different protocols use different values (e.g., hop count, cost, bandwidth).

Network Address Translation (NAT) / Port Address Translation (PAT)

A technology that translates private IP addresses to public IP addresses, often mapping multiple private IPs to a single public IP by using different port numbers.

First Hop Redundancy Protocol (FHRP)

A class of protocols that allows two or more routers to act as a single virtual router, providing a redundant default gateway for hosts.

Virtual IP (VIP)

A shared IP address used by an FHRP that is not tied to a specific physical interface and serves as the default gateway.

Subinterfaces

A logical router interface that allows a single physical interface to route traffic for multiple VLANs, a configuration known as 'router on a stick.'

VLAN (Virtual LAN)

A logical grouping of devices in the same broadcast domain, often configured on switches to segment a network.

VLAN database

A file on a switch that stores VLAN configuration information.

Switch Virtual Interface (SVI)

A virtual Layer 3 interface on a Layer 3 switch that allows the switch to perform inter-VLAN routing.

Native VLAN

A special VLAN on a trunk link where traffic is sent and received in its original, untagged format.

Trunk link

A link between two switches (or a switch and a router) that is configured to carry traffic for multiple VLANs.

Voice VLAN

A separate VLAN configured on a switch port specifically for carrying voice traffic from an IP phone, allowing for QoS to be applied.

802.1Q tagging

The IEEE standard for VLAN trunking that works by inserting a 4-byte tag into the Ethernet frame to identify its VLAN.

Link aggregation

The practice of combining multiple physical network links into a single logical link to increase throughput and provide redundancy.

Maximum Transmission Unit (MTU)

The largest size packet or frame (in bytes) that can be sent in a network. For Ethernet, the standard is 1500 bytes.

Jumbo frame

An Ethernet frame with a payload greater than the standard 1500-byte MTU, typically up to 9000 bytes.

Wi-Fi channel

A specific frequency range within a Wi-Fi band (e.g., 2.4 GHz or 5 GHz) used for communication.

Channel width

The size of a Wi-Fi channel. Wider channels (e.g., 40, 80 MHz) can carry more data but are more susceptible to interference.

802.11h

The newest Wi-Fi band, opened up by the Wi-Fi 6E standard, offering a large amount of uncongested spectrum.

6 GHz Wi-Fi band

A feature on dual-band access points that encourages clients to connect to the less congested 5 GHz band.

Band steering

The MAC address of a single Access Point (AP).

Basic Service Set Identifier (BSSID)

The human-readable name of the Wi-Fi network (the SSID) that can be shared by multiple APs in the same network to allow roaming.

Extended Service Set Identifier (ESSID)

A peer-to-peer Wi-Fi mode where wireless clients connect directly to each other without an AP.

Ad Hoc Mode

The standard Wi-Fi mode where wireless clients connect to a central Access Point (AP).

Infrastructure Mode (Wi-Fi)

A self-contained, standalone AP that is managed individually; also known as a 'fat' AP.

Autonomous access point

An AP that requires a Wireless LAN Controller (WLC) for its configuration and management; also known as a 'thin' AP.

Lightweight access point

The primary wiring point for a building's network where outside lines terminate and main equipment is located.

MDF (Main Distribution Frame)

A secondary wiring closet used to connect devices in a specific area (like a single floor) back to the main wiring closet.

IDF (Intermediate Distribution Frame)

A unit of measure for the height of devices designed for a 19-inch rack, equal to 1.75 inches.

Rack Unit

A patch panel that terminates and manages fiber optic cable connections within a network rack.

Fiber Distribution Panel

A component of rack management that involves calculating the total power consumption of all devices to ensure it does not exceed the circuit's capacity.

Power Load

Key information tracked for every network device, typically including its name, location, owner, and lifecycle status.

Asset inventory

A contract between a service provider and a customer that defines the specific level of service to be provided, including metrics for uptime and performance.

Service-Level Agreement (SLA)

The process of tracking and controlling changes to the configuration of network devices, including maintaining a baseline and documenting changes.

Configuration Management

Summarized network traffic data collected from devices like routers and switches, often used for traffic analysis and monitoring.

Flow Data

A database on a managed device that stores objects and parameters that can be queried or set by a network management system.

Management Information Base (MIB)

A password-like string used by SNMP to provide access to a device's MIB data.

SNMP community string

A solution that collects and analyzes security alerts, logs, and event data from across the network in real-time.

Security Information and Event Management (SIEM)

Common solution types include those for monitoring performance (bandwidth/latency), faults (failures/errors), configuration (changes), and security (threats).

Four main types of monitoring solutions

Besides an IP address, this service can also provide clients with a subnet mask, default gateway, and DNS server addresses.

DHCP options

A method used by IPv6 hosts to automatically generate their own IP address without a DHCP server, using their MAC address and a network prefix from a router.

Stateless Address Autoconfiguration (SLAAC)

A suite of security protocols that adds a layer of security to DNS by enabling responses to be validated with digital signatures.

Domain Name Security Extensions (DNSSEC)

Different types include 'A' (hostname to IPv4), 'AAAA' (hostname to IPv6), 'CNAME' (alias), 'MX' (mail server), and 'PTR' (IP to hostname).

DNS Records

One type of DNS server holds the master, read/write copy of a zone's records, while the other holds a read-only copy for redundancy.

Primary vs. Secondary DNS server

A DNS server that accepts requests from clients and does the full work of finding the answer by querying other DNS servers if necessary.

Recursive DNS Server

A DNS server that accepts requests from clients and does the full work of finding the answer by querying other DNS servers if necessary.