NETWORKING LESSON 7

Unmanaged switch

provides plug-and-play capability with minimal configuration options, It has no IP address assigned to it

Managed switch

can be configured via a command-line interface or a web-based management GUI

layer 3 switch

this layer is capable of interpreting layer 3 data and works like a router

layer 4 switch

this layer is capable of interpreting layer 4 data

Redundancy

allows data the option of traveling through more than one switch toward its destination and makes your network less vulnerable to hardware malfunctions

STP

Spanning Tree Protocol

STP (Spanning Tree Protocol)

prevents traffic loops, also called switching loops, by calculating paths that avoid potential loops and by artificially blocking the links that would complete a loop

least cost path

STP chooses the most efficient paths and calls these the ____

BPDUs

Bridge Protocol Data Units

BPDU guard, BPDU filter, Root guard

Some security precautions that must be configured on STP-enabled interfaces include:

RSTP, TRILL, SPB, Some switch manufacturers have designed proprietary versions of STP optimized to work most efficiently on their equipment

Newer technologies to improve or replace STP include the following:

RSTP

Rapid Spanning Tree Protocol

TRILL

Transparent Integration of Lots and Links

SPB

Shortest Path Bridging

“shutdown/no shutdown” 

a command that disables and enables the devices

“switchport port-security“

a command to secure switch access ports

defense in depth

a strategy where security should always be implemented in layers

load balancer

helps to evenly distribute traffic to each device in a cluster so every device carries a portion of the load

three-tiered architecture

Cisco and other manufacturers have developed a hierarchical design for switches on a network called

The access layer, or edge layer

a layer which consists of workgroup switches connected directly to hosts

The distribution layer, or aggregation layer

a layer which is a highly redundant mesh of connections between multilayer switches or routers

The core layer

a layer which consists of highly efficient multilayer switchers or routers that support the network’s backbone traffic

east-west traffic

The flow of traffic between peers within a network segment is called

north-south traffic

Traffic that must leave the local segment to reach its destination is called

spine and leaf architecture

A new hierarchical design was needed to better optimize east-west traffic, that design is called

SDN

Software-defined network

SDN (Software-defined network)

is a centralized approach to networking

Infrastructure plane (data plane), Control plane, Application plane, Management plane

SDN abstracts the functions of network devices into different layers, or planes:

Infrastructure plane (data plane)

this plane is made up of the physical or virtual devices that receive and send network messages

Control plane

this plane handles the decision-making processes

Application plane

the SDN controller communications with network applications using APIs

Management plane

this plane could be considered a part of the control plane

SAN

Storage Area Network

SAN (Storage Area Network)

is a network of storage devices that communicate directly with each other and with other portions of the network

FC (Fibre Channel), FCoE (Fibre Channel over Ethernet), iSCSI (Internet SCSI), IB (InfiniBand)

To maximize throughput, SANs rely on one of these networking technologies:

FC (Fibre Channel)

is a storage networking architecture that runs separately from Ethernet networks to maximize speed of data storage and access

FCoE (Fibre Channel over Ethernet)

allows FC to travel over Ethernet hardware and connections

iSCSI (Internet SCSI)

is a transport layer protocol that runs on top of TCP to allow fast transmissions over LANs, WANs, and the Internet

IB (InfiniBand)

requires specialized hardware

Virtualization

is a virtual, or logical, version of something rather than the actual, or physical, version

Host

is a physical computer “hosting” a virtual machine

Guest

is each virtual machine

Hypervisor

creates and manages a VM, it also manages resource allocation and sharing between a host and any of its guest VMs

Type 1 hypervisor

installs on a computer before any OS and is called a bare-metal hypervisor

Type 2 hypervisor

installs in a host OS as an application and is called a hosted hypervisor

Bridged Mode

a vNIC accesses physical network using host machine’s NIC

NAT Mode

a vNIC relies on host machine to act as NAT device

Host-only Mode

VMs on one host can exchange data with each other and the host

Efficient use of resources • Cost and energy savings • Fault and threat isolation • Simple backups, recovery, and replication

Advantages of virtualization include the following:

Compromised performance • Increased complexity • Increased licensing costs • Single point of failure

Disadvantages of virtualization include the following:

NFV

Network Functions Virtualization

NFV (Network Functions Virtualization)

is the process of merging physical and virtual network architecture

Virtual firewall

install a firewall’s OS in a VM on an inexpensive server

Virtual router

install a router VM on a server instead of purchasing an expensive hardware router

Cloud computing

refers to the flexible provision of data storage, applications, and services to multiple clients over a network

On-demand service • Broad network access • Resource pooling • Metered service • Rapid elasticity

Cloud computing features include the following:

On-premises, IaaS (Infrastructure as a Service), PaaS (Platform as a Service), SaaS (Software as a Service), XaaS (Anything as a Service)

Cloud computing service models are categorized by the types of services provided:

On-premises

All hardware, software, and everything else is located and managed at the organization’s location

IaaS (Infrastructure as a Service)

Hardware services and network infrastructure devices are provided virtually

PaaS (Platform as a Service)

Includes the OS, runtime libraries or modules the OS provides to applications, and the hardware on which the OS runs

SaaS (Software as a Service)

Applications are provided

XaaS (Anything as a Service)

The cloud can provide any combination of functions depending on the client’s exact needs

Public cloud, Private cloud, Community cloud, Hybrid cloud, Multicloud

Cloud Deployment Models

Public cloud

Service provided over public transmission lines

Private cloud

Service established on an organization’s own servers in its own data center

Community cloud

Service shared between multiple organizations

Hybrid cloud

A combination of the other service models into a single deployment

Multicloud

A combination of the other service in a single deployment

IaC

Infrastructure as Code

IaC (infrastructure as code)

is the process of using text-based commands in a computer readable configuration file to create and manage cloud resources

automation

A programmed, computer-generated response to a specific event is referred to as

orchestration

As you convert more of your cloud maintenance and security tasks into code that can be run from scripts, you can automate many tasks to work together in a complex workflow, which is called

ISP outages • ISP-imposed bandwidth limitations • Cloud provider’s outages • Cloud provider’s backup and security systems • Misconfiguration that exposes one client’s data to another client • Unauthorized access to data by cloud provider employees or illegitimate users • Breaches of confidentiality • Failure to comply with data security regulations • Questions over ownership of intellectual property stored in the cloud • Questions over data maintenance • Risk to the network, proprietary data, or customer information caused by BYOC

Potential risks and limitations include the following:

Use encryption, Carefully choose the method by which your network connects to your cloud resources, Consider the following methods: • Internet • VPN (virtual private network) • Remote access connections • Leased line • Dedicated direct connection

Way to reduce risks of cloud computing include the following:

Availability

refers to how consistently and reliably a file or system can be accessed

HA (high availability)

refers to a system that functions reliably nearly all the time

Uptime

is the measure of time a system functions normally between failures

Fault tolerance

is the capacity of a system to continue performing despite unexpected hardware, software malfunction

Failure

is a deviation from a specified system performance level for a given time period

Fault

is a malfunction of one system component

MTBF

mean time between failures

MTTR

mean time to repair

MTBF (mean time between failures)

average amount of time that will pass for devices exactly like this one before the next failure is expected to occur

MTTR (mean time to repair)

average amount of time required to repair the device

Automatic failover

is the ability to immediately assume the duties of an identical component

Hot-swappable

refers to identical components that can be changed while a machine is running

Hot spare

a duplicate component that is already installed in a device and can assume function in case the original component fails

Cold spare

a duplicate component that is not installed, but can be installed in case of a failure

Link aggregation

is the combination of multiple network interfaces to act as one logical interface

Load balancing

traffic distribution over multiple components or links to optimize performance and fault tolerance

LACP

Link Aggregation Control Protocol

LACP (Link Aggregation Control Protocol)

dynamically coordinates communications between hosts on aggregated connections

Clustering

is the technique of grouping multiple devices so they appear as a single device

CARP

Common Address Redundancy Protocol

CARP (Common Address Redundancy Protocol)

allows a pool of computers or interfaces to share one or more IP addresses