Intro to Network Chapter 7: Network Architecture

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

automatically retrieved from elsewhere in the SAN

If one storage device within a SAN suffers a fault, data is

reasonably possible

In a typical SAN, specialized SAN devices contain multiple storage drives and are designed to make data available to a network of servers. With multiple connections and clusters of storage devices arranged in RAID (Redundant Array of Independent Disks) arrays, this type of architecture is as fault tolerant as

spine

Instead of using three layers, newer networks collapse the core and distribution layers into one layer called the

cabling overall and provides increased flexibility in the network design.

Keeping the bulk of a network's cabling within the rack for very short connections means the network requires less

specialized storage area network connected to their corporate network

Large enterprises that require fast access to data and large amounts of storage often have a

access layer

Layer that consists of workgroup switches connected directly to hosts such as servers, printers, and workstations

defense in depth

Layers of security implemented to protect a network from multiple attack vectors.

difficult to manage when you have dozens of servers

Making space on every server device to maximize its storage is not only bulky in your space-limited racks, but it's also

north-south traffic

Messages that must leave the local segment to reach their destinations.

if someone connects a hub to two unsecured switch ports, the hub creates a loop that generates a broadcast storm connecting both ports on a VoIP phone to the network, or possibly connecting a computer through both a wired and wireless network connection. Controlling who can connect what device to a switch's port can help prevent this type of attack.

Name two methods of conducting a broadcast storm

RSTP (Rapid Spanning Tree Protocol) TRILL (Transparent Interconnection of Lots of Links) SPB (Shortest Path Bridging) MSTP (Multiple Spanning Tree Protocol)

Newer technologies to improve on or replace STP include the following:

middleman between network applications and network hardware to ensure the network can best support the needs of those applications.

Notice the SDN controller serves as the

a security violation occurs. the switch will shut down the port, or it can be configured to restrict data from the rogue device the switch generates a notification to the network administrator

Once the MAC address table is full, if another device tries to connect to the port,

traffic destined for nearby nodes can be handled differently and more efficiently than traffic that must traverse longer paths to its destination.

One of the advantages of this three-tier design is that

Root guard

Prevents switches beyond the configured port from becoming the root bridge.

broadcast storm

Redundant broadcast transmissions that flood a network in switching loops that are not limited by some protective system such as STP (Spanning Tree Protocol).

extremely fast

SANs are not only extremely fault tolerant, but they are also

functions of network devices into different layers, or planes, and then relocates those planes in ways that make network management more effective

SDN abstracts the

disaggregation

SDN relies on a form of abstraction called

Step 1: Select the Root Bridge STP chooses a central point, the root bridge, for path calculations. All bridges start with the same priority; the one with the lowest MAC address becomes the default root bridge. Step 2: Determine Least Cost Paths STP looks at all possible paths from each bridge to the root bridge. It selects the most efficient path (least cost path) for each bridge. Each bridge is allowed only one root port, the port closest to the root bridge, for forwarding frames in that direction. Step 3: Disable Unnecessary Links STP disables unnecessary links to create a shortest path. Only the lowest-cost port on each link between two bridges (designated port) is enabled for transmitting network traffic. Other ports can still receive STP updates for potential future changes.

So how does STP select and enforce switching paths on a network? Consider the following process:

servers and other host devices

Spine switches on the backbone connect in a mesh topology with all leaf switches (but not with each other), and leaf switches connect with

multiple, or redundant, switches at critical junctures

Suppose you design a larger network with several interconnected switches. To make the network more fault tolerant, you install

SATA (Serial Advanced Technology Attachment) cable, between your computer's hard drive and its CPU.

That data travels a very short distance in SANs, probably over a

more MAC addresses per port with the "allowed-mac" command

The MAC table allows only one MAC address to be active on the port; however, a network administrator can allow

APIs defined by an SDN protocol such as the popular and open source OpenFlow.

The SDN controller communicates with the infrastructure plane using

learning the port's approved MAC address so that an attacker can spoof that address.

The biggest challenge in broadcast storm is

layer 2 switches

The features of layer 3 and layer 4 switches vary widely depending on the manufacturer and price point, and they can cost significantly more than

calculating paths that avoid potential loops and by artificially blocking the links that would complete a loop. In addition, STP can adapt to changes in the network. For instance, if a switch is removed, STP will recalculate the best loop-free data paths between the remaining switches.

The first iteration of STP, defined in IEEE standard 802.1D, functions at the data link layer. It prevents traffic loops, also called switching loops, by

east-west traffic

The flow of traffic between peers within a network segment.

Control plane

The process of decision making, such as routing, blocking, and forwarding, that is performed by protocols. the network's brain (intelligence)—it handles the decision-making processes

multipathing

The provision of multiple connections between servers and storage devices in a SAN (storage area network) to ensure quick failover and high-performance load balancing.

root bridge

The single bridge on a network selected by STP (Spanning Tree Protocol) to provide the basis for all subsequent path calculations.

Improved redundancy- Every leaf switch is connected to multiple (or perhaps all) spine switches in a full mesh topology, which provides redundant connections in case one link fails. Decreased latency- each leaf switch is connected to every spine switchs for fewer hops Increased performance- newer path management technologies such as TRILL and SPB. These technologies take advantage of the redundant links to increase performance and redundancy without creating problematic switching loops. Improved scalability- The number of available and usable paths for messages across a network improves scalability. This means a network can support larger numbers of host devices without overwhelming network pathways. Increased security- A spine-and-leaf architecture allows for security inspections of all traffic, including east-west traffic flows. Reduced expense- hardware is generally less expensive for s-a-l

The spine-and-leaf design also provides many benefits over the older, three-tiered architecture:

o create more nuanced rules specific to its network's needs.

The switch simply compares each incoming message to its list of rules from the controller, and it sends the message on its way. If a message doesn't match one of the switch's preconfigured rules, the switch can send the message to the SDN controller for further analysis. This level of insight allows the SDN controller to

Redundancy (if one switch suffers a power supply failure, traffic can reroute through a second switch.)

The use of more than one identical component, device, or connection for storing, processing, or transporting data.

EoR (end of row) switching

This approach requires fewer switches (and, therefore, fewer hops for much of the network's traffic) and less rack space, but more cabling and more work at cable management.

core layer

This layer is considered the center, or backbone, of the network?

FCoE (Fibre Channel over Ethernet)

This preserves much of the higher speed capabilities of FC, along with the convenience and cost-efficiency of using existing Ethernet network equipment

STP (Spanning Tree Protocol)

To eliminate the possibility of this and other types of traffic loops, This protocol was made

FC (Fibre Channel) FCoE (Fibre Channel over Ethernet) iSCSI (Internet SCSI) IB (InfiniBand)

To maximize throughput, SANs rely on one of these networking technologies:

abstracted to an SDN controller, which remotely manages networking devices.

Traditionally, the infrastructure plane and the control plane co-exist on the same device. With SDN, the control plane is

east-west traffic

Traffic from the web server requesting information from a database server within the same data center is what kind of traffic?

ToR (top of rack) switching EoR (end of row) switching

Two rack architectures include the following:

connect leaf switches to spine switches

Very short cable runs make very high-speed cables—supporting 10 GbE (Gigabit Ethernet) or even 40 GbE or 100 GbE—an affordable option to

manage network devices from multiple manufacturers, obtaining consistent management techniques on the network creates the potential to implement more sophisticated network functions while using less-expensive devices. generate more complex rules for managing traffic, such as tables within tables or condition-dependent rules.

While SDN does increase complexity, it also increases performance and efficiency. SDN can often be used to

SSH, Telnet, SNMP (Simple Network Management Protocol), and even HTTP for web-based user interfaces.

While not a typical layer for network communication, this plane could be considered a part of the control plane. Management Plane allows network administrators to remotely manage network devices, monitor those devices, and analyze data collected about the devices. Protocols in this plane include

SAN (storage area network)

a distinct network of storage devices that communicate directly with each other and with other portions of the network

TRILL (Transparent Interconnection of Lots of Links)

a multipath, link-state protocol developed by the IETF.

MSTP (Multiple Spanning Tree Protocol) RSTP (Rapid Spanning Tree Protocol)

can detect and correct for link failures in milliseconds.

Controlling who can connect what device to a switch's port

connecting both ports on a VoIP phone to the network, or possibly connecting a computer through both a wired and wireless network connection. What can prevent this?

Switches

designed to offer lots of ports through which devices can access a network by sending and receiving messages

SPB (Shortest Path Bridging)

differs from earlier iterations of STP in that it keeps all potential paths active while managing the flow of data across those paths to prevent loops. By utilizing all network paths, SPB greatly improves network performance.

The level of support for network virtualization tools The number of switches the SDN controller can support Its ability to function across a WAN connection The way the SDN solution scales as your network grows The types of security filtering offered The ability to provide centralized monitoring of all physical and virtual portions of the network

key differences between SDN controllers from different manufactures include the following:

Layer 3 switch

less expensive than routers and are designed to work on large LANs, providing faster layer 3 traffic management within the confines of a known network architecture.

flood guard

monitors network traffic at one-second intervals to determine if the traffic levels are within acceptable thresholds. A type of flood gaurd.

provide network technicians with more centralized control of network settings and management.

one of the primary advantages to separating the control plane from the data plane is to

Cisco command (which is also used on Arista devices) to secure switch access ports is switchport port-security

protects against MAC flooding

disaggregation

separating into pieces all the functions of a system so each piece can be handled by separate devices

mac-limit command

this command restricts the number of MAC addresses allowed in the MAC address table on juniper switches

core layer

this layer is considered the simplest layer and doesn't need switches with lots of ports. These switches simply need to pass traffic in and out of a few backbone ports as quickly as possible. These switches nearly always function primarily at OSI layer 3.

application layer

you might install an analytics application that monitors network traffic for signs of a security breach. The application plane corresponds to OSI's

SDN (software-defined networking)

A centralized approach to networking that removes most of the decision-making power from network devices and instead handles that responsibility at a software level.

load balancer

A device that distributes traffic intelligently among multiple devices or connections.

core layer

A group of highly efficient multilayer switches or routers that support the network's backbone traffic.

distribution layer

A highly redundant mesh of connections between multilayer switches or routers that provides routing within the corporate network as well as traffic filtering and the network's connection to one or more WANs

traffic loops broadcast storm the high traffic volume will severely impair network performance or possibly disable the network entirely.

A potential problem with the network shown has to do with

SDN controller

A product that integrates configuration and management control of all network devices, both physical and virtual, into one cohesive system that is overseen by the network administrator through a single dashboard. It can even make configuration changes automatically in response to changing network conditions.

EoR (end of row) switching

A rack architecture in which switches in a rack at the end of the row serve as the connection points to the network for all other devices in the row.

ToR (top of rack) switching

A rack architecture where one switch on each rack serves as the connection point to the network for all other devices on the rack.

branch offices

A remote location within the corporation's network that is often connected over a WAN link or the open Internet.

FC (Fibre Channel)

A storage networking architecture that runs separately from Ethernet networks to maximize speed of data storage and access.

Layer 3 switch

A switch capable of interpreting layer 3 data and works much like a router in that it supports the same routing protocols and makes routing decisions.

Layer 4 switch

A switch capable of interpreting layer 4 data, which means it can perform advanced filtering, keep statistics, and provide security functions.

Managed switches

A switch that can be configured via a command-line interface or a webbased management GUI, and sometimes can be configured in groups.

unmanaged switch

A switch that provides plug-and-play simplicity with minimal configuration options and has no IP address assigned to it.

STP (Spanning Tree Protocol)

A switching protocol defined by the IEEE standard 802.1D that functions at the data link layer and prevents traffic loops by artificially blocking the links that would complete a loop.

FCoE (Fibre Channel over Ethernet)

A technology that allows FC to travel over Ethernet hardware and connections.

iSCSI (Internet SCSI)

A transport layer protocol used by SANs that runs on top of TCP to allow fast transmission over LANs, WANs, and the Internet.

spine-and-leaf architecture

A two-layer network architectural design where spine switches organize traffic and network segments using OSI layer 3 technologies while leaf switches manage traffic by either layer 2 or layer 3 principles.

BPDUs (Bridge Protocol Data Units)

A type of network message that transmits STP information between switches.

MAC address table (configured either manually or dynamically)

Acceptable MAC addresses are stored in a

OSI layer 2 technologies.

Access switches typically organize traffic according to

fiber-optic cable is much more commonly used

Although FC can run over copper cables,

Application plane

An SDN (software-defined networking) construct corresponding to the OSI model's application layer where network applications communicate with the network via APIs (application programming interfaces).

data plane

An SDN (software-defined networking) construct made up of physical or virtual devices that receive and send network messages. Also called infrastructure plane. This plane is made up of the physical or virtual devices (switches, routers, firewalls, and load balancers) that receive and send network messages on their way to their destinations. This is the plane where bits cross interfaces. to forward data on to its destination

Management plane

An SDN (software-defined networking) construct sometimes considered part of the control plane that allows network administrators to remotely manage and monitor network devices.

shutdown command (This will prevent an attacker from plugging into an unused port to conduct their attack)

As a first layer of defense of broadcast storm, unused physical and virtual ports on switches and other network devices should be disabled until needed. You can do this on Cisco, Huawei, and Arista routers and switches with the

flexible and responsive network path management

As you read about SDN, you learned that the control function of switches can be abstracted away from the switches and handled by a controller. This centralized, or consolidated, control allows for more

extensive training for IT personnel to support it

Besides being expensive, Fibre Channel requires

BPDU guard

Blocks BPDUs on any port serving network hosts, such as workstations and servers, and thereby ensures these devices aren't considered as possible paths. enhances security by preventing a rogue switch or computer connected to one of these ports from hijacking the network's STP paths.

switchport port-security (command)

Cisco command (which is also used on Arista devices) to secure switch access ports is

SBI (southbound interface)

Communication between the SDN controller and network devices is called an

give an attacker easy and trusted access to your entire network

Depending on how the switch's port, or interface, is configured, this simple vulnerability could

BPDU filter (you might use a BPDU filter on the demarc, where the ISP's service connects with a business's network, to prevent the ISP's WAN topology from mixing with the corporate network's topology for the purpose of plotting STP paths.)

Disables STP on specific ports

contain dozens or hundreds of switches (many of which also function at higher OSI layers) many routers, servers, and firewalls to increase performance and to better protect the network from problems if one or more devices fail.

Enterprise-grade networks might contain many of these things and for what purpose?

MoR (middle of row) switching

EoR switching places several leaf switches in a rack at the end of each row of racks or in the middle of each row—called MoR

A hierarchical network design that organizes switches and routers into three tiers: access layer or edge layer, distribution layer or aggregation layer, and core layer. This design increases both redundancy on the network and network performance.

Explain what is Three tiered architecture and what it accomplishes. What are the tiers does it have?

encapsulated inside an FCoE frame, which is then encapsulated inside an Ethernet frame

FCoE (Fibre Channel over Ethernet) is a newer technology that allows FC to travel over Ethernet hardware and connections. To do this, the FC frame is

expensive storage connection technology

Fibre Channel requires special hardware, which makes it an


Kaugnay na mga set ng pag-aaral

Ecology, Photosynthesis, and Cellular Respiration

View Set

COMP 2210 Module 14 - Search Trees

View Set

Cisco Chapter 9: Transport Layer

View Set

Chapter 7: The News and Social Media

View Set