Chapter 7 - Network Evolution

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

application, OS

Cloud computing separates the _____________ from the hardware. Virtualization separates the __________ from hardware.

Control

Software defined networking (SDN) is a network architecture that has been developed to virtualize the network. For example, SDN can virtualize the _________ plane. Also known as controller-based SDN, SDN moves the control plane from each network device to a central network intelligence and policy-making entity called the SDN controller

leaf

The Cisco APICs and all other devices in the network physically attach to ___________ switches.

Hybrid

A _____________ cloud is made up of two or more clouds (example: part private, part public), where each part remains a distinctive object, but both are connected using a single architecture. Individuals on this type of cloud would be able to have degrees of access to various services based on user access rights.

console

A big advantage of Type 2 hypervisors is that management __________________ software is not required.

Internet

The IoT refers to the network of these physical objects accessible through the _________________.

Fog

Applications that use ____ computing can monitor or analyze real-time data from network-connected things and then take action such as locking a door, changing equipment settings, applying the brakes on a train, and more. Cisco predicts that 40% of IoT-created data will be processed in the Fog by 2018.

security

As the IoT evolves, individual networks will be connected together and will include ____________, analytics, and management.

Cloud-computing

By Definition, what is this? Typically an off-premise service that offers on-demand access to a shared pool of configurable computing resources. These resources can be rapidly provisioned and released with minimal management effort.

SDN, policy

Each flow traveling through the network must first get permission from the ______ controller, which verifies that the communication is permissible according to the network ___________. If the controller allows a flow, it computes a route for the flow to take and adds an entry for that flow in each of the switches along the path.

- Microsoft (Hyper-V/SCVMM/Azure Pack) - Red Hat Enterprise Linux OS (KVM OVS/OpenStack) - VMware (ESX/vCenter/vShield)

For virtualization, ACI supports multivendor hypervisor environments that would connect to the leaf switches, including the following (3):

Cisco Nexus 9000 Series switches

Name of these switches? These switches provide an application-aware switching fabric and work with an APIC to manage the virtual and physical network infrastructure.

- Client-Server model - Cloud computing model - Fog computing

Networking models describe how data flows within a network. Networking models include (3):

recovery

The management console provides _____________ from hardware failure. If a server component fails, the management console automatically and seamlessly moves the VM to another server

Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS)

The three main cloud computing services defined by the National Institute of Standards and Technology (NIST) in their Special Publication 800-145 are as follows:

single point

The use of virtualization normally includes redundancy to protect from a _____________ of failure. Redundancy can be implemented in different ways. If the hypervisor fails, the VM can be restarted on another hypervisor. Also, the same VM can be run on two hypervisors concurrently, copying the RAM and CPU instructions between them. If one hypervisor fails, the VM continues running on the other hypervisor. The services running on the VMs are also virtual and can be dynamically installed or uninstalled, as needed.

Public, Private, Hybrid, Community

There are four primary cloud models:

directly

With Type 1 hypervisors, the hypervisor is installed ________________ on the server or networking hardware. Then, instances of an OS are installed on the hypervisor. Type 1 hypervisors have direct access to the hardware resources; therefore, they are more efficient than hosted architectures. Type 1 hypervisors improve scalability, performance, and robustness.

Application Network Profile (ANP) Application Policy Infrastructure Controller (APIC) Cisco Nexus 9000 Series switches

These are the three core components of the ACI architecture:

Software Defined Networking (SDN) - A network architecture that virtualizes the network. Cisco Application Centric Infrastructure (ACI) - A purpose-built hardware solution for integrating cloud computing and data center management.

Two major network architectures have been developed to support network virtualization:

bare metal

Type 1 hypervisors are also called the "________________" approach because the hypervisor is installed directly on the hardware. Type 1 hypervisors are usually used on enterprise servers and data center networking devices.

Dedicated Server

What is it called when all of a server's RAM, processing power, and hard drive space are devoted to the service provided.

leaf

When compared to SDN, the APIC controller does not manipulate the data path directly. Instead, the APIC centralizes the policy definition and programs the _____________ switches to forward traffic based on the defined policies.

Policy

Which APIC-EM feature is this? Ability to view and control policies across the entire network including QoS.

Device Inventory

Which APIC-EM feature is this? Collects detailed information from devices within the network including device name, device status, MAC address, IPv4/IPv6 addresses, IOS/Firmware, platform, up time, and configuration.

Host Inventory

Which APIC-EM feature is this? Collects detailed information from hosts with the network including host name, user ID, MAC address, IPv4/IPv6 addresses, and network attachment point.

Policy Analysis

Which APIC-EM feature is this? Inspection and analysis of network access control policies. Ability to trace application specific paths between end devices to quickly identify ACLs in use and problem areas. Enables ACL change management with easy identification of redundancy, conflicts and incorrect ordering of access control entries. Incorrect ACL entries are known as shadows.

Server

______________ virtualization takes advantage of idle resources and consolidates the number of required servers. This also allows for multiple operating systems to exist on a single hardware platform.

Data Center

_______________: Typically a data storage and processing facility run by an in-house IT department or leased offsite.

Cloud

_________________ computing involves large numbers of computers connected through a network that can be physically located anywhere. Providers rely heavily on virtualization to deliver their cloud computing services. Cloud computing can reduce operational costs by using resources more efficiently.

Operational Technology (OT)

__________________ is the hardware and software that keeps power plants running and manages factory process lines. This security includes the ISA 3000 industrial security appliance (Figure 1) and Fog data services.

Community

A ________________ cloud is created for exclusive use by a specific community. The differences between public clouds and community clouds are the functional needs that have been customized for the community. For example, healthcare organizations must remain compliant with policies and laws (e.g., HIPAA) that require special authentication and confidentiality.

- Services - OS - Firmware (ROM) - Hardware (CPU, Memory, NIC, Disk)

A computer system consists of the following abstraction layers (4): At each of these layers of abstraction, some type of programming code is used as an interface between the layer below and the layer above. For example, the C programming language is often used to program the firmware that accesses the hardware.

firmware, OS

A hypervisor is installed between the _______________ and the ______. The hypervisor can support multiple instances of OSs.

host

A hypervisor is software that creates and runs VM instances. The computer, on which a hypervisor is supporting one or more VMs, is a ________ machine. Type 2 hypervisors are also called hosted hypervisors. This is because the hypervisor is installed on top of the existing OS, such as Mac OS X, Windows, or Linux. Then, one or more additional OS instances are installed on top of the hypervisor, as shown in the figure.

- Control Plane - Data Plane

A network device contains the following planes (2):

Controllers, Switches

All complex functions are performed by the controller. The __________ populates flow tables. ____________ manage the flow tables. In the figure, an SDN controller communicates with OpenFlow-compatible switches using the OpenFlow protocol. This protocol uses Transport Layer Security (TLS) to securely send control plane communications over the network. Each OpenFlow switch connects to other OpenFlow switches. They can also connect to end-user devices that are part of a packet flow. Within each switch, a series of tables implemented in hardware or firmware are used to manage the flows of packets through the switch. To the switch, a flow is a sequence of packets that matches a specific entry in a flow table.

Data Plane

Also called the forwarding plane, this plane is typically the switch fabric connecting the various network ports on a device. This plane of each device is used to forward traffic flows. Routers and switches use information from this plane to forward incoming traffic out the appropriate egress interface. Information in this plane is typically processed by a special data plane processor, such as a digital signal processor (DSP), without the CPU getting involved.

ANP

An___________ is a collection of end-point groups (EPG), their connections, and the policies that define those connections. The EPGs shown in the figure, such as VLANs, Web services, and applications, are just examples. It is often much more complex.

sprawl

Back to the history of servers, we use to use dedicated servers to house many operating systems (Linux, windows, etc.) These servers at time sat idle for long periods of time, where the service was used sparingly. These servers wasted energy and took up more space than was warranted by their amount of service. This is known as server ___________.

3

Cisco Express Forwarding (CEF) is an advanced, Layer ____ IP switching technology that enables forwarding of packets to occur at the data plane without consulting the control plane. In CEF, the control plane's routing table pre-populates the CEF Forwarding Information Base (FIB) table in the data plane. The control plane's ARP table pre-populates the adjacency table. Packets are then forwarded directly by the data plane based on the information contained in the FIB and adjacency table, without needing to consult the information in the control plane.

resources

Server virtualization hides server ___________________ (for example, the number and identity of physical servers, processors, and OSs) from server users. This practice can create problems if the data center is using traditional network architectures.

automation

Cisco delivers a broad range of IoT management and _______________ capabilities throughout the extended network. Cisco management and automation products can be customized for specific industries to provide enhanced security and control and support. Cisco delivers a broad range of IoT management and automation capabilities throughout the extended network. Cisco management and automation products can be customized for specific industries to provide enhanced security and control and support.

Cloud, data center

Cisco developed the Application Centric Infrastructure (ACI) to meet these objectives in more advanced and innovative ways than earlier SDN approaches. ACI is a data center network architecture that was developed by Insieme and acquired by Cisco in 2013. Cisco ACI is a purpose-built hardware solution for integrating _________ computing and _________ management. At a high level, the policy element of the network is removed from the data plane. This simplifies the way data center networks are created.

Data Centers

Cloud computing is possible because of ______________________. A data center is a facility used to house computer systems and associated components. A data center can occupy one room of a building, one or more floors, or an entire building. Data centers are typically very expensive to build and maintain. For this reason, only large organizations use privately built data centers to house their data and provide services to users. Smaller organizations that cannot afford to maintain their own private data center can reduce the overall cost of ownership by leasing server and storage services from a larger data center organization in the cloud.

reduces

Cloud computing supports a variety of data management issues: - Enables access to organizational data anywhere and at any time - Streamlines the organization's IT operations by subscribing only to needed services - Eliminates or reduces the need for onsite IT equipment, maintenance, and management - _______________ cost for equipment, energy, physical plant requirements, and personnel training needs - Enables rapid responses to increasing data volume requirements

pay-as-you-go

Cloud computing, with its "________________" model, allows organizations to treat computing and storage expenses more as a utility rather than investing in infrastructure. Capital expenditures are transformed into operating expenditures.

IT as a Service (ITaaS)

Cloud service providers have extended this model to also provide IT support for each of the cloud computing services known as ___________.

Virtualization

What separates the OS from the hardware?

Cloud Computing

What separates the application from the hardware?

data centers

Cloud service providers use ___________________ to host their cloud services and cloud-based resources. To ensure availability of data services and resources, providers often maintain space in several remote data centers.

Private

Cloud-based applications and services offered in a ____________ cloud are intended for a specific organization or entity, such as the government. This type of cloud can be set up using the organization's private network, though this can be expensive to build and maintain. Moreover, this cloud can also be managed by an outside organization with strict access security.

Public

Cloud-based applications and services offered in a ______________ cloud are made available to the general population. Services may be free or are offered on a pay-per-use model, such as paying for online storage. This cloud uses the Internet to provide services.

device, host

Each type of SDN has its own features and advantages. Policy-based SDN is the most robust, providing for a simple mechanism to control and manage policies across the entire network. Cisco APIC-EM provides the following features (6): - Discovery - _________ Inventory - __________ Inventory - Topology - Policy - Policy Analysis

same

In a traditional router or switch architecture, the control plane and data plane functions occur in the ___________ device. Routing decisions and packet forwarding are the responsibility of the device operating system.

incoming

In an OpenFlow Switch, you will have flow tables within the Hardware/Firmware. Flow table - this table matches ______________ packets to a particular flow and specifies the function that are to be performed on the packets. There may be multiple flow tables that operate in a pipeline fashion.

Device-based SDN

In this type of SDN, the devices are programmable by applications running on the device itself or on a server in the network, as shown in Figure 1. Cisco OnePK is an example of this kind of SDN. It enables programmers to build applications using C, and Java with Python, to integrate and interact with Cisco devices.

requests, shape, deploy

Note the use of Application Programming Interfaces (APIs) within the SDN framework. An API is a set of standardized __________ that define the proper way for an application to request services from another application. The SDN controller uses northbound APIs to communicate with the upstream applications. These APIs help network administrators _________ traffic and __________ services. The SDN controller also uses southbound APIs to define the behavior of the downstream virtual switches and routers. OpenFlow is the original and widely implemented southbound API. The Open Networking Foundation is responsible for maintaining the OpenFlow standard

resources

Note: It is important to make sure that the host machine is robust enough to install and run the VMs, so that it does not run out of _________________.

data center

Note: Traffic in a modern data center is described as North-South (going between external data center users and the data center servers) and East-West (going between ____________ servers).

equipment, space

One major advantage of virtualization is overall reduced cost: Less _____________is required Less energy is consumed Less ___________ is required

Operational Technology (OT) specific security IoT Network Security IoT Physical Security

Security Pillar - Three Cyber Security Solutions:

exceeds

Some management consoles also allow over allocation. Over allocation is when multiple OS instances are installed, but their memory allocation ________________ the total amount of memory that a server has. For example, a server has 16 GB of RAM, but the administrator creates four OS instances with 10 GB of RAM allocated to each. This type of over allocation is a common practice because all four OS instances rarely require the full 10 GB of RAM at any one moment.

APN

The APIC is positioned between the ________ and the ACI-enabled network infrastructure. The APIC translates the application requirements into a network configuration to meet those needs.

APIC and Cisco Nexus 9000 Series switches (such as 9500's and 9300's)

The Cisco ACI fabric is composed of the _____________ and the _______________ switches using two-tier spine-leaf topology, as shown in the figure. The leaf switches always attach to the spines, but they never attach to each other. Similarly, the spine switches only attach to the leaf and core switches (not shown). In this two-tier topology, everything is one hop from everything else.

- Device-based SDN - Controller-based SDN - Policy-based SDN

The Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) extends ACI aimed at enterprise and campus deployments. To better understand APIC-EM, it is helpful to take a broader look at the three types of SDN:

- Network Connectivity - Fog computing - Security (Cyber and Physical) - Data Analytics - Management and Automation - Application Enablement Platform

The Cisco IoT System uses the concept of pillars to identify foundational elements. Specifically, the IoT System identifies the six technology pillars:

security

The Cisco IoT _____________ pillar offers scalable cybersecurity solutions, enabling an organization to quickly and effectively discover, contain, and remediate an attack to minimize damage.

network connectivity

The Cisco IoT ____________________ pillar identifies devices that can be used to provide IoT connectivity to many diverse industries and applications. Example - Using Cisco's Digital Ceiling, the network can manage lighting and air temperature seamlessly, based on the preferences of the occupants.

analytics, application programming interfaces

The IoT can connect billions of devices capable of creating exabytes of data every day. To provide value, this data must be rapidly processed and transformed into actionable intelligence. The Cisco IoT _______________ infrastructure consists of distributed network infrastructure components and IoT-specific, ______________________ (APIs).

smart, Machine-to-Machine

The IoT connects __________ objects to the Internet. It connects traditional computer devices as well as untraditional devices. Within the IoT, the communication is ___________________ (M2M), enabling communication between machines without human intervention. For example, M2M occurs in cars with temperature and oil sensors communicating with an onboard computer.

digitization

The IoT system provides an infrastructure designed to manage large scale systems of very different endpoints and platforms, and the huge amount of data that they create. The Cisco IoT System uses a set of new and existing products and technologies to help reduce the complexity of __________________.

Data Plane

The SDN controller defines the data flows that occur in the SDN _______________. A flow is a sequence of packets traversing a network that share a set of header field values. For example, a flow could consist of all packets with the same source and destination IP addresses, or all packets with the same VLAN identifier.

logical

The SDN controller is a __________ entity that enables network administrators to manage and dictate how the data plane of virtual switches and routers should handle network traffic. It orchestrates, mediates, and facilitates communication between applications and network elements.

APIC

The _________ is considered to be the brains of the ACI architecture. It is a centralized software controller that manages and operates a scalable ACI clustered fabric. It is designed for programmability and centralized management. It translates application policies into network programming.

hypervisor

The _____________ is a program, firmware, or hardware that adds an abstraction layer on top of the real physical hardware. The abstraction layer is used to create virtual machines which have access to all the hardware of the physical machine such as CPUs, memory, disk controllers, and NICs. Each of these virtual machines runs a complete and separate operating system.

Application Enablement Platform, Linux

The ______________________ pillar provides the infrastructure for application hosting and application mobility between cloud and Fog computing. The Fog environment allows for multiple instances of the application across different end devices and sensors. These instances can communicate with each other for redundancy and data-sharing purposes to create business models such pay-as-you-go consumption for objects, machines, and products. For example, Cisco IOx which is a combination of Cisco IOS and _____________, allows routers to host applications close to the objects they need to monitor, control, analyze, and optimize. Cisco IOx services are offered on multiple hardware devices that are customized for various industry needs and can therefore support applications specific to those industries.

- Easier Prototyping - Self-contained labs, operating on isolated networks, can be rapidly created for testing and prototyping network deployments. - Faster Server Provisioning - Creating a virtual server is far faster than provisioning a physical server. - Increased Server up-time - Most server virtualization platforms now offer advanced redundant fault tolerance features, such as live migration, storage migration, high availability, and distributed resource scheduling. - Improved disaster recovery - Legacy Support - Virtualization can extend the life of OSs and applications providing more time for organizations to migrate to newer solutions.

These are additional benefits of virtualization (5):

OpenFlow - This approach was developed at Stanford University to manage traffic between routers, switches, wireless access points, and a controller. The OpenFlow protocol is a basic element in building SDN solutions. OpenStack - This approach is a virtualization and orchestration platform available to build scalable cloud environments and provide an infrastructure as a service (IaaS) solution. OpenStack is often used with Cisco ACI. Orchestration in networking is the process of automating the provisioning of network components such as servers, storage, switches, routers, and applications. Other components - Other components include Interface to the Routing System (I2RS), Transparent Interconnection of Lots of Links (TRILL), Cisco FabricPath (FP), and IEEE 802.1aq Shortest Path Bridging (SPB).

These are some other network virtualization technologies, some of which are included as components in SDN and ACI:

Fog computing

These models are not mutually exclusive. Network administrators can use any combination of the three models to address the needs of the network users. The____________________ basically extends cloud connectivity closer to the edge. It enables end devices, such as smart meters, industrial sensors, robotic machines, and others, to connect to a local integrated computing, networking, and storage system.

Policy-based SDN

This type of SDN is similar to controller-based SDN where a centralized controller has a view of all devices in the network, as shown in Figure 3. This SDN includes an additional Policy layer that operates at a higher level of abstraction. It uses built-in applications that automate advanced configuration tasks via a guided workflow and user-friendly GUI. No programming skills are required. Cisco APIC-EM is an example of this type of SDN.

Controller-based SDN

This type of SDN uses a centralized controller that has knowledge of all devices in the network, as shown in Figure 2. The applications can interface with the controller responsible for managing devices and manipulating traffic flows throughout the network. The Cisco Open SDN Controller is a commercial distribution of OpenDaylight.

removed

To virtualize the network, the control plane function is ______________ from each device and is performed by a centralized controller. The centralized controller communicates control plane functions to each device. Each device can now focus on forwarding data while the centralized controller manages data flow, increases security, and provides other services.

management console

Type 1 hypervisors require a "__________________" to manage the hypervisor. Management software is used to manage multiple servers using the same hypervisor. The management console can automatically consolidate servers and power on or off servers as required.

virtualization

Type 2 hypervisors are very popular with consumers and for organizations experimenting with _______________________. Common Type 2 hypervisors include: Virtual PC VMware Workstation Oracle VM VirtualBox VMware Fusion Mac OS X Parallels

Internet of Things (IoT).

Using existing and new technologies, we are connecting the physical world to the Internet. It is by connecting the unconnected that we transition from the Internet to the _________________.

switch

Virtual LANs (VLANs) used by VMs must be assigned to the same _____________ port as the physical server running the hypervisor. However, VMs are movable, and the network administrator must be able to add, drop, and change network resources and profiles. This process is difficult to do with traditional network switches.

Server virtualization

What is this called when you take advantage of the idle resources and consolidates the number of required server?

IoT Physical Security

Which Cybersecurity Solutions is this? Cisco Video Surveillance IP Cameras (Figure 3) are feature-rich digital cameras that enable surveillance in a wide variety of environments. Available in standard and high definition, box and dome, wired and wireless, and stationery and pan-tilt-zoom (PTZ) versions, the cameras support MPEG-4 and H.264, and offer efficient network utilization while providing high-quality video.

IoT Network Security

Which Cybersecurity Solutions is this? Includes network and perimeter security devices such as switches, routers, ASA Firewall devices, and Cisco FirePOWER Next-Generation Intrusion Prevention Services (NGIPS)

Software as a Service (SaaS)

Which cloud computing service is this? The cloud provider is responsible for access to services, such as email, communication, and Office 365 that are delivered over the Internet. The user is only needs to provide their data.

Platform as a Service (PaaS)

Which cloud computing service is this? The cloud provider is responsible for access to the development tools and services used to deliver the applications.

Infrastructure as a Service (IaaS)

Which cloud computing service is this? The cloud provider is responsible for access to the network equipment, virtualized network services, and supporting network infrastructure.

SaaS (Software as a Service)

Which cloud computing service? Applications delivered over the web to the end users.

IaaS (Infrastructure as a Service)

Which cloud computing service? Hardware and software to power servers, storage, networks and operating systems.

PaaS (Platform as a Service)

Which cloud computing service? Tools and services used to deliver the applications.

- Fog Computing Model

Which networking model is this? This IoT network model identifies a distributed computing infrastructure closer to the network edge. It enables edge devices to run applications locally and make immediate decisions. This reduces the data burden on networks as raw data does not need to be sent over network connections. It enhances resiliency by allowing IoT devices to operate when network connections are lost. It also enhances security by keeping sensitive data from being transported beyond the edge where it is needed.

- Cloud computing model

Which networking model is this? This is a newer model where servers and services are dispersed globally in distributed data centers.

- Client-Server model (Can be File Client, Web client, or Email Client to a Server)

Which networking model is this? This is the most common model used in networks. Client devices request services of servers.

Control Plane

Which plane is this? This is typically regarded as the brains of a device. It is used to make forwarding decisions. This plane contains Layer 2 and Layer 3 route forwarding mechanisms, such as routing protocol neighbor tables and topology tables, IPv4 and IPv6 routing tables, STP, and the ARP table. Information sent to the this plane is processed by the CPU.


Kaugnay na mga set ng pag-aaral

Anatomy & Physiology - Muscles Key Term Matching

View Set

Mechanisms of DNA/chromosome damage Pt 2

View Set

F3 Government spending affect the economy

View Set

South and Southeast Asia From 1200-1450

View Set