Key Concepts in Networking and Cloud Technologies

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/78

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

79 Terms

1
New cards

Layer 7 - Application Layer

The top layer of the OSI model that provides network services directly to end-user applications. It's where protocols like HTTP, FTP, SMTP, and DNS operate to format and exchange data.

2
New cards

Physical & Virtual Appliances

- Physical Appliance: A dedicated hardware device with a specific function (e.g., a hardware firewall or router). - Virtual Appliance: A software-based version of a network appliance that runs on a virtual machine (VM) or hypervisor.

3
New cards

IDS vs. IPS

- Intrusion Detection System (IDS): Passively monitors network traffic and detects and alerts on suspicious activity. It's 'out-of-band.' - Intrusion Prevention System (IPS): Sits 'in-line' with traffic and can detect, alert, and actively block or prevent malicious traffic from reaching its destination.

4
New cards

Proxy Server

An intermediary server that sits between a client and a destination server. It forwards client requests and can be used to filter content, cache data for faster access, and hide the client's identity.

5
New cards

Storage Area Network (SAN)

A dedicated, high-speed network that provides block-level storage access to servers. It appears to the server's OS as locally attached storage and typically uses protocols like Fibre Channel or iSCSI.

6
New cards

Wireless LAN Controller (WLC)

A centralized device that manages, configures, and monitors multiple lightweight access points (LAPs) on a network. It simplifies the deployment and administration of large Wi-Fi networks.

7
New cards

Content Delivery Network (CDN)

A geographically distributed network of proxy servers that cache content (like images and videos) close to end-users. This drastically reduces latency and improves content delivery speed.

8
New cards

Quality of Service (QoS)

A set of technologies used to manage network traffic to ensure the performance of critical applications. It works by prioritizing specific types of data (e.g., voice, video) over less time-sensitive traffic (e.g., email, file transfers).

9
New cards

Network Functions Virtualization (NFV)

The concept of replacing dedicated hardware appliances (like routers and firewalls) with virtualized software equivalents that run on standard commercial off-the-shelf (COTS) servers.

10
New cards

Virtual Private Cloud (VPC)

A logically isolated section of a public cloud where you can launch cloud resources in a virtual network that you define. It gives you control over your virtual networking environment, including IP address ranges, subnets, and gateways.

11
New cards

Network Security Group (NSG) / Security List

A virtual firewall for your virtual machines (VMs) and subnets within a cloud environment. It contains a list of security rules (allow/deny) that control inbound and outbound network traffic based on IP address, port, and protocol.

12
New cards

Cloud Gateway (Internet vs. NAT)

- Internet Gateway: A horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. It provides a target in your route tables for internet-routable traffic. - NAT Gateway: A Network Address Translation (NAT) service that allows instances in a private subnet to initiate outbound traffic to the internet or other services, but prevents the internet from initiating a connection with those instances.

13
New cards

Cloud Connectivity Options

Methods to connect your on-premises network to the cloud. Common options include: - VPN: An encrypted tunnel over the public internet. - Direct Connect / ExpressRoute: A dedicated, private physical connection between your datacenter and the cloud provider.

14
New cards

Common Ports (A Selection)

20/21: FTP (File Transfer Protocol), 22: SSH (Secure Shell) / SFTP (Secure FTP), 25: SMTP (Simple Mail Transfer Protocol), 53: DNS (Domain Name System), 80: HTTP (Hypertext Transfer Protocol), 110: POP3 (Post Office Protocol v3), 143: IMAP (Internet Message Access Protocol), 161/162: SNMP (Simple Network Management Protocol), 443: HTTPS (HTTP Secure), 3389: RDP (Remote Desktop Protocol)

15
New cards

Internet Control Message Protocol (ICMP)

A network layer protocol used by network devices to send error messages and operational information. It is the protocol behind common utilities like ping and traceroute.

16
New cards

Generic Routing Encapsulation (GRE)

A tunneling protocol developed by Cisco that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network.

17
New cards

Internet Protocol Security (IPSec)

A secure network protocol suite that authenticates and encrypts data packets sent over an IP network. It operates in two modes: Tunnel (encrypts entire packet) and Transport (encrypts only the payload).

18
New cards

IPSec Components (AH vs. ESP)

Authentication Header (AH): Provides connectionless integrity and data origin authentication for IP packets. It ensures data hasn't been tampered with but does NOT provide encryption. Encapsulating Security Payload (ESP): Provides confidentiality (encryption), data origin authentication, connectionless integrity, and anti-replay protection.

19
New cards

Internet Key Exchange (IKE)

The protocol used to set up a Security Association (SA) in the IPSec protocol suite. It handles the negotiation of protocols and algorithms and generates the encryption and authentication keys to be used by IPSec.

20
New cards

Direct Attach Copper (DAC) & Twinaxial Cable

Twinaxial Cable: A type of cable similar to coaxial cable, but with two inner conductors instead of one. DAC: Short, fixed-length twinaxial cables with transceivers (like SFP+ or QSFP) already attached on both ends. Used for short-distance, high-speed connections in data centers (e.g., server to switch).

21
New cards

Ethernet & Fibre Channel (FC) Transceivers

Ethernet Transceiver: A module that converts electrical signals to optical/electrical signals to send and receive data over Ethernet networks. Examples: SFP, QSFP. Fibre Channel (FC) Transceiver: A transceiver specifically designed for use in a Fibre Channel Storage Area Network (SAN).

22
New cards

SFP vs. QSFP

SFP (Small Form-factor Pluggable): A compact, hot-pluggable transceiver. Standard speed is 1 Gbps (SFP) or 10 Gbps (SFP+). QSFP (Quad Small Form-factor Pluggable): A transceiver providing 4 channels, allowing for higher speeds. QSFP+ supports 4x10G (40 Gbps), and QSFP28 supports 4x25G (100 Gbps).

23
New cards

Fibre Optic Connectors

Common types include: LC (Lucent Connector): Small, square connector, commonly used for high-density connections. SC (Subscriber Connector): Square, push-pull connector. ST (Straight Tip): Bayonet-style connector that locks in place.

24
New cards

Hybrid Topology

A network topology that is a combination of two or more different basic topologies (e.g., a star-bus topology).

25
New cards

Three-Tier vs. Collapsed Core

Three-Tier Hierarchical Model: A traditional network design with three layers: Core (high-speed backbone), Distribution/Aggregation (policy enforcement), and Access (end-user connectivity). Collapsed Core Architecture: A design where the Core and Distribution layer functions are combined into a single layer, often used in smaller networks.

26
New cards

Spine and Leaf Architecture

A modern data center network topology where every Leaf switch (access layer) connects to every Spine switch (core layer). This provides high bandwidth, low latency, and predictable performance. No leaf switches connect to each other.

27
New cards

North-South vs. East-West Traffic

North-South Traffic: Traffic that flows into and out of the data center (e.g., a user on the internet accessing a web server).

28
New cards

East-West Traffic

Traffic that flows between servers within the data center (e.g., an application server communicating with a database server).

29
New cards

Software-Defined Networking (SDN)

A network architecture approach that decouples the network control plane (decision-making) from the data plane (forwarding). A central controller manages the network, making it more agile and centrally programmable.

30
New cards

SD-WAN (Software-Defined WAN)

An application of SDN principles to Wide Area Networks (WANs). It allows companies to manage and optimize traffic across multiple WAN connections (like MPLS, broadband, LTE) from a central controller.

31
New cards

Virtual Extensible LAN (VXLAN)

A network virtualization technology that creates a logical Layer 2 network on top of a physical Layer 3 network. It uses encapsulation to overcome the scaling limitations of VLANs (supporting over 16 million logical networks).

32
New cards

Zero Trust Architecture (ZTA)

A security model based on the principle of 'never trust, always verify.' It requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter.

33
New cards

Secure Access Service Edge (SASE)

A cloud-native architecture that combines network security functions (like ZTA, firewall as a service) with WAN capabilities (like SD-WAN) to securely connect users, systems, and endpoints to applications and services anywhere.

34
New cards

Infrastructure as Code (IaC)

The process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. It allows for automated and repeatable network deployments.

35
New cards

Private IP Address Ranges

Class A: 10.0.0.0 - 10.255.255.255; Class B: 172.16.0.0 - 172.31.255.255; Class C: 192.168.0.0 - 192.168.255.255.

36
New cards

APIPA IP Range

Automatic Private IP Addressing (APIPA) uses the address range 169.254.0.1 to 169.254.255.254. A host assigns itself an APIPA address when it cannot contact a DHCP server.

37
New cards

Loopback Address

An address that refers to the current device. For IPv4, this is the 127.0.0.0/8 range (most commonly 127.0.0.1). For IPv6, it is ::1. Used for testing the TCP/IP stack on a local machine.

38
New cards

VLSM (Variable Length Subnet Mask)

A technique that allows network administrators to divide an IP address space into subnets of different sizes. This avoids wasting IP addresses by tailoring the subnet size to the number of hosts required.

39
New cards

CIDR (Classless Inter-domain Routing)

A method for allocating IP addresses and IP routing that discards the traditional Class A, B, and C structure. It uses a 'slash notation' (e.g., /24) to represent the network prefix, allowing for more efficient use of IP addresses.

40
New cards

Class A, B, C Octet Ranges

Class A: 1-126 in the first octet; Class B: 128-191 in the first octet; Class C: 192-223 in the first octet.

41
New cards

Border Gateway Protocol (BGP)

The primary exterior gateway protocol used to make routing decisions on the Internet. It is a path-vector protocol that manages how packets are routed across different autonomous systems (AS).

42
New cards

EIGRP vs. OSPF

EIGRP (Enhanced Interior Gateway Routing Protocol): A Cisco-proprietary, advanced distance-vector routing protocol. Known for fast convergence. OSPF (Open Shortest Path First): An open standard, link-state routing protocol. It creates a map of the network and calculates the best path.

43
New cards

Administrative Distance (AD)

A value from 0-255 used by routers to select the best path when there are two or more different routes to the same destination from two different routing protocols. The lower the AD, the more trustworthy the protocol.

44
New cards

Metric (Routing)

A value used by a routing protocol to determine the best path to a destination. Different protocols use different metrics (e.g., OSPF uses cost based on bandwidth, EIGRP uses a composite of bandwidth and delay).

45
New cards

NAT vs. PAT

NAT (Network Address Translation): Translates private IP addresses to public IP addresses, typically on a one-to-one basis. PAT (Port Address Translation): A type of NAT that maps multiple private IP addresses to a single public IP address by using different source port numbers. It is the most common form of NAT.

46
New cards

First Hop Redundancy Protocol (FHRP)

A class of protocols (like HSRP, VRRP, GLBP) that allows two or more routers to share a single virtual IP (VIP) address and act as a single virtual router. This provides a redundant default gateway for hosts on a subnet.

47
New cards

Virtual IP (VIP)

An IP address that is not tied to a specific physical interface. In the context of an FHRP, it is the shared IP address that serves as the default gateway for a subnet.

48
New cards

VLAN (Virtual LAN)

A logical grouping of devices in the same broadcast domain. VLANs are usually configured on switches by placing some interfaces into one broadcast domain and some into another. They allow you to segment a network without physical rewiring.

49
New cards

Subinterfaces

A logical division of a physical router interface. Used to allow a single physical interface to route traffic for multiple VLANs (a configuration known as 'router on a stick').

50
New cards

Switch Virtual Interface (SVI)

A virtual Layer 3 interface on a Layer 3 switch. It allows the switch to perform inter-VLAN routing, meaning it can route traffic between different VLANs without needing a separate physical router.

51
New cards

Trunk Link & 802.1Q Tagging

Trunk Link: A link between two switches (or a switch and a router) that is configured to carry traffic for multiple VLANs. 802.1Q Tagging: The IEEE standard for VLAN trunking. It works by inserting a 4-byte tag into the Ethernet frame to identify which VLAN the frame belongs to.

52
New cards

Native VLAN

A special VLAN on an 802.1Q trunk link where traffic is sent and received in its original, untagged format. Both sides of the trunk link must be configured with the same native VLAN.

53
New cards

Voice VLAN

A separate VLAN configured on a switch port specifically for carrying voice traffic from an IP phone. This allows for QoS to be applied to voice traffic to ensure high quality.

54
New cards

Link Aggregation (LAG)

The practice of combining multiple network connections (physical links) into a single logical link to increase throughput beyond what a single connection could sustain, and to provide redundancy. LACP is the standard protocol for this.

55
New cards

MTU (Maximum Transmission Unit) vs. Jumbo Frame

MTU: The largest size packet or frame, specified in octets (bytes), that can be sent in a packet- or frame-based network. For Ethernet, the standard MTU is 1500 bytes. Jumbo Frame: An Ethernet frame with a payload greater than the standard 1500-byte MTU, typically up to 9000 bytes. Used to increase throughput and reduce CPU overhead.

56
New cards

Wi-Fi Channel & Channel Width

Channel: A specific frequency range within a Wi-Fi band (e.g., 2.4 GHz or 5 GHz) that is used for communication. Channel Width: The size of the channel. Wider channels (e.g., 40, 80, 160 MHz) can carry more data but are more susceptible to interference.

57
New cards

802.11h

An IEEE standard that adds two main features to 802.11a: Dynamic Frequency Selection (DFS) to avoid interfering with radar systems, and Transmit Power Control (TPC) to manage power output.

58
New cards

6 GHz Wi-Fi Band

The newest Wi-Fi band, opened up by the Wi-Fi 6E standard.

59
New cards

Band Steering

A feature on dual-band access points that encourages dual-band capable clients to connect to the less congested 5 GHz band instead of the 2.4 GHz band, improving performance for all clients.

60
New cards

BSSID vs. ESSID

- BSSID (Basic Service Set Identifier): The MAC address of a single Access Point (AP). - ESSID (Extended Service Set Identifier): The human-readable name of the Wi-Fi network (the SSID). An ESSID can be shared by multiple APs in the same network to allow for roaming.

61
New cards

Infrastructure vs. Ad Hoc Mode

- Infrastructure Mode: The standard Wi-Fi mode where wireless clients connect to a central Access Point (AP), which then connects them to the wired network. - Ad Hoc Mode: A peer-to-peer mode where wireless clients connect directly to each other without an AP.

62
New cards

Autonomous vs. Lightweight Access Point

- Autonomous AP: A self-contained, standalone AP that is managed individually. Also known as a "fat" AP. - Lightweight AP: An AP that requires a Wireless LAN Controller (WLC) for its configuration and management. Also known as a "thin" AP.

63
New cards

MDF vs. IDF

- MDF (Main Distribution Frame): The primary wiring point for a building's network. It is the central point where outside lines terminate and where the main network equipment (routers, core switches) is located. - IDF (Intermediate Distribution Frame): A secondary wiring closet used to connect devices in a specific area (like a floor) back to the MDF.

64
New cards

Rack Unit (U)

A unit of measure for the height of devices designed for a 19-inch rack. One rack unit (1U) is 1.75 inches (44.45 mm) high.

65
New cards

Fiber Distribution Panel

A patch panel that terminates and manages fiber optic cable connections within a network rack.

66
New cards

Asset Inventory Components

Four main components to track are: 1. Device/Asset Name & Description 2. Location (Rack, Room, Building) 3. Owner/Department 4. Lifecycle Status (Purchase Date, Warranty, End-of-Life)

67
New cards

Service-Level Agreement (SLA)

A contract between a service provider and a customer that defines the specific level of service to be provided, including metrics for uptime, performance, and support response times.

68
New cards

Configuration Management

The process of tracking and controlling changes to the configuration of network devices. This includes maintaining a baseline, documenting changes, and performing audits.

69
New cards

SNMP (Simple Network Management Protocol)

An application-layer protocol used for managing and monitoring network devices. It uses a Management Information Base (MIB) and community strings.

70
New cards

MIB (Management Information Base)

A database of objects on a managed device that can be queried or set by SNMP.

71
New cards

SNMP Community String

A password-like string that provides access to a device's MIB data.

72
New cards

SIEM (Security Information and Event Management)

A solution that collects and analyzes security alerts, logs, and event data from across the network in real-time. It provides a comprehensive view of security-related activity and helps identify and respond to threats.

73
New cards

Main Types of Monitoring Solutions

1. Performance Monitoring (Bandwidth, Latency, Uptime) 2. Fault Monitoring (Device failures, errors) 3. Configuration Monitoring (Tracking changes) 4. Security Monitoring (SIEM, IDS/IPS)

74
New cards

DHCP Options

DHCP can provide more than just an IP address. Common DHCP options include: - Subnet Mask - Default Gateway (Router) - DNS Server addresses - Domain Name

75
New cards

SLAAC (Stateless Address Autoconfiguration)

A method used by IPv6 hosts to automatically generate their own IP address without a DHCP server. The host uses its MAC address and the network prefix provided by a router to create a unique address.

76
New cards

DNSSEC (Domain Name Security Extensions)

A suite of security protocols that adds a layer of security to the DNS system by enabling responses to be validated. It uses digital signatures to ensure that the DNS data received is authentic and has not been tampered with, protecting against DNS spoofing.

77
New cards

DNS Records (Common Types)

- A: Maps a hostname to an IPv4 address. - AAAA: Maps a hostname to an IPv6 address. - CNAME: An alias that maps one hostname to another hostname. - MX: Mail Exchanger record, specifies the mail server for a domain. - PTR: Pointer record, maps an IP address back to a hostname (for reverse DNS).

78
New cards

Primary vs. Secondary DNS Server

- Primary DNS Server: Holds the master, read/write copy of a zone's DNS records. Changes are made here. - Secondary DNS Server: Holds a read-only copy of the zone's records, which it gets from the primary server through a process called a "zone transfer." It provides redundancy and load balancing.

79
New cards

Recursive DNS Server

A DNS server that accepts requests from clients and takes on the full workload of finding the answer. If it doesn't know the answer, it will query other DNS servers (like root and authoritative servers) on behalf of the client until it gets the final IP address.