Clarke Ch. 9
Diffserv, known as differentiated services, is
a protocol that is used to achieve traffic shaping by prioritizing one type of traffic over another. Diffserv is an advanced form of CoS that uses policies to create rules on the traffic to assign it a priority.
Once you have configured your scope options, you are ready to put the DHCP server in production. Before the DHCP server hands out addresses on your network, you must first
activate the scope and authorize the server (for Windows DHCP servers). This helps prevent rogue DHCP servers from handing out addresses on the network
When configuring the DHCP server, you must configure a scope, which is a range of addresses that the server will hand out. The DHCP scope must also be
activated
A number of different services can be configured with RRAS, including (4)
Network Address Translation (NAT), virtual private network (VPN), Remote Access Services (RAS), and a Windows router
Proxy servers have been around for many years; these are network devices that implement a number of network and security features. __ proxy servers are configured as the default gateway of your clients so that all clients pass data destined for the Internet through the proxy server, while __ proxy servers would have the applications, such as the browser, configured to point to the proxy server.
Transparent; nontransparent
It is important to understand for the Network+ certification exam and for the real world the role of a DHCP relay on a network. Remember that DHCP messages are broadcast messages, which normally will not pass through a router. So the problem is if you have an enterprise made up of multiple networks separated by routers, then the DHCP clients on one network cannot be serviced by a DHCP server on another network. A quick solution is to configure a DHCP server on each network to assign IP addresses for that network. But you could also use a DHCP relay. For example, let's assume you have two networks separated by a single router—we'll call them Network A and Network B. Assume that you configure a DHCP server on Network A, but want the clients on Network B to use it as well (because you do not want to manage two DHCP servers). In order for the DHCP clients on Network B to reach the DHCP server, you must configure a DHCP relay on Network B. The DHCP relay is configured to forward all DHCP requests to a DHCP server, so you specify the IP address of the DHCP server on Network A. When a client on Network B sends out a DHCP discover message, the DHCP relay receives the message and then forwards it to the DHCP server that is configured. The DHCP server responds with an IP address to assign to the client. The same feature can be configured on a Cisco router and is known as an IP Helper. To configure the IP Helper feature on a Cisco router to forward traffic to the DHCP server, you can use the following commands:
VAN-R1>Enable VAN-R1#config term VAN-R1(config)#interface FastEthernet0/0 VAN-R1(config-if)#ip helper-address global 10.0.0.1 VAN-R1(config-if)#exit VAN-R1(config)#exit (Keep in mind that this will forward all User Datagram Protocol (UDP) traffic to the IP address of 10.0.0.1 and you only want to forward DHCP messages that use UDP 67 and 68. So you will need to disable all forwarding of non-DHCP messages by using the no ip forward-protocol udp <port_number> command, where the port number represents the port number of other UDPs such as TFTP (port 69) and DNS (port 53).)
Explain Primary and Secondary DNS Servers
When configuring DNS on the network, it is recommended that you have two DNS servers—a primary DNS server and a secondary DNS server. The primary DNS server has the writable copy of the DNS database, while the secondary DNS server has a read-only copy of the database that it receives from the primary DNS server. The purpose of the secondary DNS server is to hold a copy of your DNS data in case the primary DNS server fails.
Once the zone is created, you will notice that the __ record and the __ record are created automatically.
SOA; NS
Another DNS term you should be familiar with when working with Microsoft DNS servers is an AD integrated zone. (Describe)
With an AD integrated zone, the DNS records are stored in Active Directory, which means that the records can be updated on any domain controller and the DNS data is replicated with AD replication.
Windows: Once NAT has been configured, you can view the translation table on the NAT-enabled server. To view the translation table,
make sure you are in the RRAS tool, expand IPv4, and then select General. Right-click the public interface and choose Show Address Translations.
With static NAT your company will use multiple public IP addresses, with each public IP address mapping to a single internal address, as shown in Figure 9-7. This is a common solution if you want to publish an internal server out to the Internet and allow Internet users to access the server. The NAT device may have __, or it may have __.
multiple public IP addresses assigned to a single network card; multiple network cards with each network card bound to a single IP address
four phases that a DHCP client goes through to obtain an IP address from the DHCP server: (4)(Describe)
-DHCP Discover: The DHCP discover message is sent by a client to all systems on the network using the destination broadcast address (FF-FF-FF-FF-FF-FF). This message is basically saying, "If you are a DHCP server, I need an IP address." Note that all phases use this broadcast address for communication because the client does not have an IP address yet. -DHCP Offer: Any DHCP servers on the network that receive the discover message will send an offer to the client basically stating, "I am a DHCP server and you can have this IP address." -DHCP Request: The client sends out a DHCP request message stating which offer (IP address) it wishes to receive. Keep in mind that the client may receive many offers, so when the client sends out the DHCP request message confirming which offer it is taking, all other DHCP servers retract their offers. -DHCP Acknowledgment: After the DHCP server receives the DHCP request message from the client requesting to have the IP address that was offered, the DHCP server then sends a final acknowledgment message indicating to the client that the address is theirs and how long they are to have the address (known as a lease time). The DHCP acknowledgment message also contains any additional IP address options for the client, such as the router address and the DNS server address.
it is important to understand that there are different types of DNS records: (9) (Describe)
-Hosts (A): The host record is one of the most common types of records and is used to resolve an FQDN to an IPv4 address. -Hosts (AAAA): The AAAA record is also known as a host record, but is used to resolve an FQDN to an IPv6 address. -Alias (CNAME): The CNAME record is known as the alias record and is a way to create a record that has a name and points to another host record. It allows you to create many records with different names, with all the names referencing the one IP address. -Mail Exchange (MX): The MX record is known as the mail exchange record and is used to point to your inbound e-mail server. For example, when you send an e-mail to [email protected], a DNS query is sent to the mycompany.com DNS server asking where the e-mail server is for mycompany.com by asking for the MX record. -Name Server (NS): The NS record specifies who the DNS servers are for the zone. -Start Of Authority (SOA): The SOA record stores the settings for the DNS zone, such as the increment number, which acts as a version number and increments any time the zone changes. If the secondary DNS server has a different increment number, then the secondary DNS knows that it needs to copy the zone from the primary DNS server to be up to date. -Pointer (PTR): A PTR record is created in a reverse lookup zone and associates the IP address with a DNS name for reverse lookups. -TXT (SPF, DKIM): A text record is used to type a text string of information and is used by SPF and DKIM. Both SPF and DKIM are record types used to prevent spam messages received by a domain. Once you create the SPF or DKIM records in your DNS, other SMTP servers will query for those records to determine who your authorized SMTP servers are. This helps prevent companies from accepting spam messages. -SRV: A service record points to a system that provides a specific service. Examples of services that use service records are domain controllers and global catalog servers for a network.
When planning DNS there are a number of things to consider. You need to think about things such as whether you want to configure a primary or secondary DNS zone and what types of DNS records need to be configured. You need to plan other aspects, such as if you are creating an internal DNS solution or a DNS solution for Internet resources. The following is a listing of some key considerations to be aware of: (4)(Describe)
-Internal vs. external DNS: The first decision to make is if you are building a DNS solution for name resolution within your company (the internal network), or if you are creating a DNS solution for a public Internet domain such as gleneclarke.com(external network). You can separate the two and have different DNS servers hosting either the internal zone or external zone. You also need to decide if you are going to use the same name for both the internal zone and external zone but only create the required records for each zone, or if you need to create two totally different names such as gleneclarke.loc (for internal DNS) and gleneclarke.com (for external DNS). -Third-party/cloud-hosted DNS: You need to decide how you are going to host your DNS solution. With internal DNS, you can simply install DNS on one of your servers, but for external DNS on the Internet, you need to decide if you want to put your own server in the DMZ to service the Internet, or do you use a third-party company like godaddy.com to host your DNS. You could also look into using a cloud provider to host DNS. -Hierarchy: You need to decide if there is going to be a hierarchy of domains with subdomains or if you are just sticking with one domain. -Forward vs. reverse zone: You will need to create forward lookup zones to convert FQDNs to IP addresses, but you may also want a reverse lookup zone, which converts the IP address to an FQDN. To create a reverse lookup zone, you need to create a zone with the first three octets of your IP subnet in backwards order, plus the words ".in-addr.arpa". For example, if my IP subnet is 216.83.11.0, then I should create a reverse zone called 11.83.216.in-addr.arpa.
The following are some benefits of proxy servers: (7)(Describe)
-NAT: Proxy servers implement NAT so that all requests coming from clients are translated to use the public IP address of the NAT device. -Authentication/authorization: The proxy server can ensure that the user is authenticated to the network before being allowed to surf the Internet. Once the user is authenticated, the proxy server can allow or disallow users access to the Internet. -Restrict site: The proxy server can be configured to restrict access to certain sites. For example, if the company does not want employees surfing facebook.com from work, then that site can be disabled by the proxy server. -Protocol rules: The proxy server has rules that allow or disallow different Internet protocols. For example, you may be able to surf the Internet using Hypertext Transfer Protocol (HTTP), but the proxy server may block access to FTP as a protocol. -Content filters: The proxy server can have content filters that block access to certain sites based on their content. -Caching: The proxy server can cache webpages on its disk. This means that when a second employee requests a page, the page is returned from cache instead of retrieved from the Internet. -Reverse proxy: Reverse proxy is a feature that allows an Internet user to send a request to one of your internal web servers, but the request goes to the proxy server, who then verifies the request and forwards it to the internal web server on behalf of the Internet user.
Now that you have the DNS server installed, your next step is to configure the DNS service. You first create a DNS zone. A DNS zone is the area of the DNS hierarchy that you are responsible for managing. For example, I am responsible for managing the gleneclarke.comDNS zone. There are different types of DNS zones that you can create, with the two common types being (describe)
-Primary DNS zone The primary DNS zone is a read/write copy of the zone data and is where you create the DNS records. -Secondary DNS zone The secondary DNS zone is a read-only copy of the DNS data. You create secondary DNS zones to have a backup in case the server holding the primary zone fails. Also, secondary DNS zones can be used to answer DNS queries from clients, splitting the load with the primary DNS server to improve name resolution response time.
There are two major reasons why NAT is an important technology today:
-Sharing of a public IP address: Instead of purchasing multiple public IP addresses so employees can surf the Internet, NAT allows you to have all users on the network surf the Internet with the one public IP address. -Hiding internal address scheme: A security benefit of NAT is that you are hiding the internal addresses of your network because all packets sent out through the NAT device have the public address of the NAT device as the source address.
Many network devices allow you to manage access control lists (ACLs) to control who can gain access to the network. An ACL is a list of rules that specify what traffic is allowed to pass through the router and what traffic is to be denied. ACLs are also found on firewalls and specify what traffic is allowed to pass through the firewall or what traffic is to be blocked at the firewall. Most routers and firewalls have a default rule of deny all traffic that does not have a specific rule allowing traffic. When configuring the access control list, you specify conditions for the traffic that is to be allowed or denied by characteristics such as: (4)
-Source IP address -Destination IP address -Source and destination ports -Protocols such as TCP, UDP, or ICMP
When implementing a unified communications solution, you should be concerned with the performance of the network and, specifically, the Quality of Service (QoS) of the VoIP traffic. QoS is ensuring that users are experiencing good performance with the technology—in this case, the phone systems and computer network that are using VoIP traffic. You would not want packets to be lost when a phone conversation is occurring and you are using the network to carry the voice communication in VoIP. The following are some key terms to know surrounding performance concepts: (4)(Describe)
-Traffic shaping: Traffic shaping is a general term used by network professionals for being able to prioritize one type of network traffic over another type of network traffic. There are different methods to perform traffic shaping, such as using QoS features. Traffic shaping involves limiting the flow of a type of traffic while increasing the flow of another type of traffic to ensure performance. -COS: Class of Service (CoS) is another method of providing QoS, but it is done at layer 2. This QoS technique uses a field known as the Priority Code Point (PCP) within the Ethernet frame to specify a priority value from 0 (lowest priority) to 7 (highest priority). This QoS technique is known as IEEE 802.1p and is part of the IEEE 802.1Q standard. -Diffserv: Diffserv, known as differentiated services, is a protocol that is used to achieve traffic shaping by prioritizing one type of traffic over another. Diffserv is an advanced form of CoS that uses policies to create rules on the traffic to assign it a priority. -DSCP: Differentiated Services Code Point (DSCP) is a field within the IPv4 and IPv6 header known as the DS field that is designed to identify the type of traffic that the IP packet is carrying. For example, it can be used to identify voice traffic or streaming audio so that QoS can be provided. DSCP does this by assigning traffic to a class (using the DS field) and then configuring devices to manage or prioritize that traffic based on its class.
A number of different devices can participate in a unified communications solution. The following are some of those key devices: (3)(describe)
-UC servers The unified communication server is the component that provides all the UC features, such as voice features, document sharing, meeting rooms, presence information, and video and audio conferencing. An example of a UC server is Microsoft's Skype for Business. -UC devices Unified communication devices are devices such as VoIP phones and devices running soft phones (software running on a system that emulates a phone). Users can use mobile devices such as smart phones running the UC client software to participate in conference calls. -UC gateways Unified communication gateways are components that allow you to extend the unified communications feature to external environments. For example, to integrate with the existing phone system, a private branch exchange (PBX) gateway is required.
Unified communications is a set of technologies that allows employees to communicate with one another in real time. Examples of technologies used for this real-time communication are (4)(Describe)
-VoIP Unified communications integrates telephone systems into the solution by using Voice over IP (VoIP)—a protocol suite used to allow voice communication to run over an IP network. -Video Unified communications involves having users participate in video-conferencing sessions, which allows users to host meetings online and have voice and video capabilities with users at remote offices. -Desktop sharing Unified communications allows an employee to share their desktop with others so that others can view things like a presentation being shared by the employee as a meeting takes place. -Instant messaging Unified communications allows the usage of real-time chat to allow employees to text one another within a meeting session.
Class of Service (CoS) is another method of providing QoS, but it is done at layer 2. This QoS technique uses a field known as the Priority Code Point (PCP) within the Ethernet frame to specify a priority value from __ (lowest priority) to __ (highest priority).
0; 7
To have a functioning primary or secondary DNS server, you must first install the DNS service on your server. The following outlines the steps for installing DNS on a Windows Server 2016. (8)
1. Log on to 2016ServerA as administrator. 2. If Server Manager is not running, launch it by clicking the button in the task bar. 3. Choose Manage | Add Roles And Features. 4. On the Before You Begin page, choose Next. 5. Ensure Role-Based or Feature-Based Installation is selected and then choose Next. 6. Ensure 2016ServerA is selected and then choose Next. 7. From the Select Server Roles screen, choose DNS Server (select the check box). You are prompted to add the DNS Server Tools; choose Add Feature and then choose Next. 8. Choose Next two more times and then choose Install.
Once you have installed DHCP, you are ready to create a DHCP scope, which is a range of addresses that the DHCP server is allowed to give out to the network. To create the DHCP scope: (10)
1. From Server Manager, choose Tools | DHCP. 2. Once in the DHCP management console, expand your server, expand IPv4, right-click IPv4, and choose New Scope. 3. Choose Next in the New Scope Wizard. 4. Type Chapter9 Scope for the name of the scope, and leave the description blank. Choose Next. 5. Type 14.0.0.1 for the starting IP address and 14.0.0.20 for the ending address. Leave the subnet mask of 255.0.0.0, which is a length of 8 bits enabled in the subnet mask. Choose Next. 6. You are next asked if you want to exclude any addresses—this is known as IP exclusions. The reason to exclude an address is you may have already statically assigned an address to a server or printer on the network and you do not want the DHCP server to give that address out. To exclude the first five addresses, type 14.0.0.1 and 14.0.0.5, the starting and ending addresses of the range, and then click the Add button to add the range to the exclusion list. 7. Choose Next. 8. You are then asked how long the client will lease an address from the DHCP server. Type 3 days as the lease duration, and choose Next. 9. On the Configure DHCP Option dialog, choose No, I Will Configure These Options Later, and then choose Next. 10. Choose Finish to complete creating the DHCP scope.
To enable dynamic DNS on your DNS zone, follow these steps. (4)
1. From Server Manager, choose Tools | DNS. 2. Expand the server and then expand Forward Lookup Zones. 3. Right-click your DNS zone, such as chapter9.com, and choose Properties. 4. On the general page, choose Nonsecure And Secure from the Dynamic Updates drop-down list to enable dynamic updates on this zone. Secure updates means that you can configure an access control list on which systems are authorized to update the record. Nonsecure updates do not give you this feature (anyone can update the record), and as a result nonsecure updates is not recommended. (Once dynamic updates have been enabled, you can configure all clients' and servers' TCP/IP settings to point to this server for DNS and they will automatically add a host record for themselves in DNS! A great feature for internal DNS servers!)
Now that you have the DNS server installed, your next step is to configure the DNS service. You first create a DNS zone. A DNS zone is the area of the DNS hierarchy that you are responsible for managing. For example, I am responsible for managing the gleneclarke.comDNS zone. There are different types of DNS zones that you can create. To create the primary or secondary zone on a Windows Server 2016 system, follow these steps: (10)
1. If Server Manager is not already running, start it by clicking the Server Manager button on the task bar. 2. Choose Tools | DNS. 3. Once the DNS management console launches, expand the server and then select Forward Lookup Zones. A forward lookup zone will convert FQDNs to IP addresses, while a reverse lookup zone translates IP addresses to FQDNs. 4. To create a new primary zone, right-click Forward Lookup Zones and choose New Zone. 5. In the New Zone Wizard, choose Next. 6. On the Zone Type page, choose Primary Zone as the type of zone you wish to create and then disable the option to create an Active Directory-integrated zone. Note the other zone types in the list, and then choose Next. 7. Type chapter9.com as the zone name and then choose Next. 8. Choose Next to accept the default filename where the DNS records are going to be stored. 9. Select Do Not Allow Dynamic Updates and then choose Next (we will talk about dynamic updates in the next section). 10. Choose Finish.
Once you have configured your scope options, you are ready to put the DHCP server in production. Before the DHCP server hands out addresses on your network, you must first activate the scope and authorize the server (for Windows DHCP servers). This helps prevent rogue DHCP servers from handing out addresses on the network. The following demonstrates how to activate the scope and authorize the server. (3)
1. Launch the DHCP management console, if it is not already running. 2. To authorize your DHCP server, right-click the server and choose Authorize. 3. To activate the scope, right-click it and choose Activate.
When you configure your DHCP scope, you will most likely want the DHCP server to give out more than just the IP address and subnet mask. You can configure DHCP scope options, which allow you to specify additional settings such as the router address, DNS server, and DNS domain name (also known as the DNS suffix), which all should be deployed to clients along with the IP address. To configure these options: (gateway router, dns server, dns domain name) (8)
1. Launch the DHCP management console. 2. Expand the server by clicking the arrow on the left side, expand IPv4, and then expand your newly created scope. 3. Select the Scope Options folder, and notice that no scope options are configured. 4. To configure the scope options, right-click Scope Options and choose Configure Options. 5. Select the 003 Router check box. Then type the IP address for your router and click the Add button. 6. Select the 006 DNS Servers check box. Then type the IP address for your DNS server and click the Add button. 7. Select the 015 DNS Domain Name check box. Then type your domain name in the String Value field. Note that I am configuring the domain name to deploy certworld.loc. 8. Once you have finished, you will notice each of the DHCP scope options you configured on the right side of the screen.
In environments that need more control over the allocation of IP addresses using DHCP, you can use a feature called DHCP reservations. Reservations, also known as MAC reservations, are addresses configured in DHCP that are assigned to a specific Media Access Control (MAC) address and are only given out to the computer on the network that has that MAC address. The following steps can be used to configure a reservation in DHCP. (5)
1. Launch the DHCP management console. 2. Expand the server by clicking the arrow on the left side, expand IPv4, and then expand your scope. 3. Right-click the Reservations folder found under the Scope, and choose New Reservation. 4. In the New Reservation dialog box, type the name of the system the reservation is for, the IP address you would like to reserve, and the MAC address of the system the address is reserved for. 5. Choose Add to add the reservation and then choose Close.
The following outlines the steps to install the DHCP service on a Windows Server 2016. (9)
1. Log on to 2016ServerA as administrator. 2. If Server Manager is not running, launch it by clicking the button in the task bar. 3. Choose Manage | Add Roles And Features. 4. On the Before You Begin page, choose Next. 5. . Ensure Role-Based or Feature-Based Installation is selected and then choose Next. 6. Ensure 2016ServerA is selected and then choose Next. 7. From the Select Server Roles screen, choose DHCP Server (select the check box). You are prompted to add the DHCP Server Tools; choose Add Feature and then choose Next. 8. Choose Next three times and then choose Install. 9. Choose Close to finish the installation.
The first step to configuring NAT on a Windows server is to have two network cards in the Windows server. One network card connects to the Internet and is known as the public interface, while the other network card connects to the internal LAN and is known as the private interface. (steps)(9)
1. To work with NAT you must first install the Remote Access role by choosing the Manage menu from Server Manager and then Add Roles And Features. 2. Choose Next three times and then on the Select Server Roles page, choose the Remote Access role and then choose Next three more times. 3. On the Select Role Services page, choose Routing and then choose Next and Install. 4. To configure NAT on a Windows Server 2016 system, launch Routing And Remote Access (RRAS) from the Tools menu in Server Manager. 5. Once in RRAS, right-click your server and choose Configure And Enable Routing And Remote Access. 6. The RRAS Setup Wizard launches. Choose Next. 7. A number of different services can be configured with RRAS, including virtual private network (VPN), Remote Access Services (RAS), and a Windows router. Choose Network Address Translation (NAT) and then choose Next. 8. You are then asked which network interface will be used for the public interface of the NAT device; select the public interface and then choose Next. The public interface will typically be the interface that has Internet access. This interface will be overloaded. 9. All other interfaces will be considered private interfaces. Choose Finish to complete configuring NAT.
Class of Service (CoS) is another method of providing QoS, but it is done at layer
2. This QoS technique uses a field known as the Priority Code Point (PCP) within the Ethernet frame to specify a priority value from 0 (lowest priority) to 7 (highest priority). This QoS technique is known as IEEE 802.1p and is part of the IEEE 802.1Q standard.
Class of Service (CoS) is another method of providing QoS, but it is done at layer 2. This QoS technique uses a field known as the Priority Code Point (PCP) within the Ethernet frame to specify a priority value from 0 (lowest priority) to 7 (highest priority). This QoS technique is known as IEEE 802.1p and is part of the IEEE __ standard.
802.1Q
Class of Service (CoS) is another method of providing QoS, but it is done at layer 2. This QoS technique uses a field known as the Priority Code Point (PCP) within the Ethernet frame to specify a priority value from 0 (lowest priority) to 7 (highest priority). This QoS technique is known as IEEE __ and is part of the IEEE 802.1Q standard.
802.1p
Another DNS term you should be familiar with when working with Microsoft DNS servers is an __. With an __, the DNS records are stored in Active Directory, which means that the records can be updated on any domain controller and the DNS data is replicated with AD replication.
AD integrated zone
With an AD integrated zone, the DNS records are stored in Active Directory, which means that the records can be updated on any domain controller and the DNS data is replicated with __
AD replication.
Your manager is concerned that if your existing DNS server fails, your company's fully qualified DNS names will not be resolvable. What should you do? Create a primary zone. Create a secondary zone. Create a host record. Create an MX record.
B (In order to protect your DNS infrastructure from a single point of failure, you want to ensure that you have a secondary DNS server that receives a copy of the DNS data from the primary server.)
Diffserv, known as differentiated services, is a protocol that is used to achieve traffic shaping by prioritizing one type of traffic over another. Diffserv is an advanced form of __ that uses policies to create rules on the traffic to assign it a priority.
CoS
You have installed DHCP on your Windows server and authorized the server. You have created a DHCP scope on the server, but systems on the network are not receiving addresses from your DHCP server. What should you do? Delete and re-create the scope. Unauthorize the server. Authorize the server. Activate the scope.
D
Which network service is common with virtualization environments and is used to easily move systems from one network to another? Network Address Translation Access control list Port forwarding Software-defined networking
D (Software-defined networking is a feature in virtualization environments that allows you to define different networks through software and dynamically assign those networks to the virtual machines.)
Differentiated Services Code Point (DSCP) is a field within the IPv4 and IPv6 header known as the __ field that is designed to identify the type of traffic that the IP packet is carrying. For example, it can be used to identify voice traffic or streaming audio so that QoS can be provided. DSCP does this by assigning traffic to a class (using the __ field) and then configuring devices to manage or prioritize that traffic based on its class.
DS
Many products can have port forwarding enabled, with the most common example being the home router or wireless router that connects your home network to the Internet. If you check the configuration of the home router, you will notice a port-forwarding option that allows you to specify traffic that is forwarded into the network. Linux uses the __ to implement port forwarding.
Destination Network Address Translation (DNAT) feature of IPTables
__ is a field within the IPv4 and IPv6 header known as the DS field that is designed to identify the type of traffic that the IP packet is carrying. For example, it can be used to identify voice traffic or streaming audio so that QoS can be provided. __ does this by assigning traffic to a class (using the DS field) and then configuring devices to manage or prioritize that traffic based on its class.
Differentiated Services Code Point (DSCP)
__, is a protocol that is used to achieve traffic shaping by prioritizing one type of traffic over another. __ is an advanced form of CoS that uses policies to create rules on the traffic to assign it a priority.
Diffserv, known as differentiated services
Describe distributed switching
Distributed switching is a common networking term and concept in today's networking environments, especially with virtualization technology. Distributed switching gives you the benefit of being able to centrally configure your switch configuration settings across multiple virtualization host systems. For example, if you have three virtualization host systems that are going to run five virtual machines each and you need each of those virtual machines to connect to the production network (switch), test network (switch), or DMZ network (switch), you can configure the three switches on the centralized system, and those are then sent automatically to each virtualization host. This saves you the time of needing to configure each of the three virtual switches on each virtualization host manually.
Describe Public Dynamic DNS Solutions
Dynamic DNS solutions are available to the public that you can subscribe to. The benefit of public dynamic DNS solutions is that they can be used to update DNS dynamically for a system that is configured with a dynamic IP address (a DHCP client) from their Internet service provider. If you had a dynamic IP address (which most of us have) and you wanted to host services such as a website, you would constantly have to update the DNS record as your IP address changed daily. With dynamic DNS, an agent is installed on your system or router that is responsible for updating DNS automatically for you! An example of a public dynamic DNS provider is noip.com.
Differentiated Services Code Point (DSCP) is a field within the __ header known as the DS field that is designed to identify the type of traffic that the IP packet is carrying. For example, it can be used to identify voice traffic or streaming audio so that QoS can be provided. DSCP does this by assigning traffic to a class (using the DS field) and then configuring devices to manage or prioritize that traffic based on its class.
IPv4 and IPv6
Describe DHCP Relay
It is important to understand for the Network+ certification exam and for the real world the role of a DHCP relay on a network. Remember that DHCP messages are broadcast messages, which normally will not pass through a router. So the problem is if you have an enterprise made up of multiple networks separated by routers, then the DHCP clients on one network cannot be serviced by a DHCP server on another network. A quick solution is to configure a DHCP server on each network to assign IP addresses for that network. But you could also use a DHCP relay. For example, let's assume you have two networks separated by a single router—we'll call them Network A and Network B. Assume that you configure a DHCP server on Network A, but want the clients on Network B to use it as well (because you do not want to manage two DHCP servers). In order for the DHCP clients on Network B to reach the DHCP server, you must configure a DHCP relay on Network B. The DHCP relay is configured to forward all DHCP requests to a DHCP server, so you specify the IP address of the DHCP server on Network A. When a client on Network B sends out a DHCP discover message, the DHCP relay receives the message and then forwards it to the DHCP server that is configured. The DHCP server responds with an IP address to assign to the client. The same feature can be configured on a Cisco router and is known as an IP Helper.
UC servers The unified communication server is the component that provides all the UC features, such as voice features, document sharing, meeting rooms, presence information, and video and audio conferencing. An example of a UC server is
Microsoft's Skype for Business.
What type of NAT allows a number of internal systems to use the same public IP address?
NAT overloading
NAT: This is how it works. When you configure the TCP/IP settings on the client, you configure their default gateway setting to point to the internal IP address of the NAT device. This means that all traffic sent by the client to the Internet will pass through the NAT device. Looking at Figure 9-6 you can see that when the NAT device receives the packet, it strips out the source IP address from the IP header of the packet and then replaces it with the public IP address used by the NAT device. Before the NAT device sends the packet on its way, it records the original source IP address and destination IP address in the
NAT translation table so that when a reply comes back from the destination address, the NAT device can make the reverse translation and send the reply to the system on the internal network.
it is important to understand that there are different types of DNS records: A text record is used to type a text string of information and is used by (2)
SPF and DKIM. Both SPF and DKIM are record types used to prevent spam messages received by a domain. Once you create the SPF or DKIM records in your DNS, other SMTP servers will query for those records to determine who your authorized SMTP servers are. This helps prevent companies from accepting spam messages.
Most implementations of NAT use what is known as NAT overloading, which involves all internal systems accessing the Internet through the NAT device using a single public IP address. This is possible with a feature of NAT known as
Port Address Translation, or PAT
Class of Service (CoS) is another method of providing QoS, but it is done at layer 2. This QoS technique uses a field known as the __ within the Ethernet frame to specify a priority value from 0 (lowest priority) to 7 (highest priority).
Priority Code Point (PCP)
When implementing a unified communications solution, you should be concerned with the performance of the network and, specifically, the __ of the VoIP traffic.
Quality of Service (QoS)
Describe Software-Defined Networking
Software-defined networking is a hot topic these days with virtualization environments that allows you to create different network names and IPs for those networks. When creating a virtual machine (VM), you can assign the virtual machine to a network, which will then not only place the system on that network, but also assign IP address configuration. The benefit of software-defined networking is that you can easily change the network that is assigned to the virtual machine (through the software configuration) and the VM will be part of that network and receive IP configuration from the new network.
__ is another term for how long the client will have the IP address assigned by the DHCP server (typically referred to as the lease time).
TTL
It is important to understand for the Network+ certification exam and for the real world the role of a DHCP relay on a network. Remember that DHCP messages are broadcast messages, which normally will not pass through a router. So the problem is if you have an enterprise made up of multiple networks separated by routers, then the DHCP clients on one network cannot be serviced by a DHCP server on another network. A quick solution is to configure a DHCP server on each network to assign IP addresses for that network. But you could also use a DHCP relay. For example, let's assume you have two networks separated by a single router—we'll call them Network A and Network B. Assume that you configure a DHCP server on Network A, but want the clients on Network B to use it as well (because you do not want to manage two DHCP servers). In order for the DHCP clients on Network B to reach the DHCP server, you must configure a DHCP relay on Network B. The DHCP relay is configured to forward all DHCP requests to a DHCP server, so you specify the IP address of the DHCP server on Network A. When a client on Network B sends out a DHCP discover message, the DHCP relay receives the message and then forwards it to the DHCP server that is configured. The DHCP server responds with an IP address to assign to the client. The same feature can be configured on a Cisco router and is known as
an IP Helper. To configure the IP Helper feature on a Cisco router to forward traffic to the DHCP server, you can use the following commands: VAN-R1>Enable VAN-R1#config term VAN-R1(config)#interface FastEthernet0/0 VAN-R1(config-if)#ip helper-address global 10.0.0.1 VAN-R1(config-if)#exit VAN-R1(config)#exit
Differentiated Services Code Point (DSCP) is a field within the IPv4 and IPv6 header known as the DS field that is designed to identify the type of traffic that the IP packet is carrying. For example, it can be used to identify voice traffic or streaming audio so that QoS can be provided. DSCP does this by
assigning traffic to a class (using the DS field) and then configuring devices to manage or prioritize that traffic based on its class.
Traffic shaping is a general term used by network professionals for
being able to prioritize one type of network traffic over another type of network traffic. There are different methods to perform traffic shaping, such as using QoS features. Traffic shaping involves limiting the flow of a type of traffic while increasing the flow of another type of traffic to ensure performance.
DHCP is an application-layer protocol that can automatically configure each system on the network with IP address information. You first install the DHCP service on a server and then
configure a scope. A scope is the range of IP addresses that DHCP gives out on the network, as well as any additional settings like the router address (known as the default gateway), the DNS server, and how long the system is to have the IP address.
To enable dynamic DNS on your DNS zone, follow these steps.... Once dynamic updates have been enabled, you can
configure all clients' and servers' TCP/IP settings to point to this server for DNS and they will automatically add a host record for themselves in DNS! A great feature for internal DNS servers!
Now that you have the DNS server installed, your next step is to
configure the DNS service. You first create a DNS zone. A DNS zone is the area of the DNS hierarchy that you are responsible for managing. For example, I am responsible for managing the gleneclarke.comDNS zone. There are different types of DNS zones that you can create, with the two common types being Primary DNS zone The primary DNS zone is a read/write copy of the zone data and is where you create the DNS records. Secondary DNS zone The secondary DNS zone is a read-only copy of the DNS data. You create secondary DNS zones to have a backup in case the server holding the primary zone fails. Also, secondary DNS zones can be used to answer DNS queries from clients, splitting the load with the primary DNS server to improve name resolution response time.
Creating additional DNS records is fairly straightforward once you have the zone created. In order to create a host record, you
right-click the zone and choose the type of record you wish to create. For example, as shown in Figure 9-3, when you right-click chapter9.com, you see that you can create a new host record by choosing New Host (A or AAAA).Once you choose to create a new host record, you then need to fill in the details by specifying a name for the record (such as www). Notice that once you fill in the name, the FQDN is generated by the name, plus the zone name, to give you www.chapter9.com in this case (see Figure 9-4). You then specify the IP address of that record.
Port forwarding is the concept of
configuring your router or firewall to forward specific packets to systems on the demilitarized zone (DMZ) or the internal network. The benefit of port forwarding is that you typically block packets from the Internet from entering into your network, but when you wish to host your own server, such as a web server or File Transfer Protocol (FTP) server that you can access from the Internet, then you need to configure the router/firewall to forward those specific packets to a specific system on your network while still blocking all other traffic. When configuring port forwarding, you will do so using a port-forwarding rule, which allows you to specify which type of traffic you wish to forward by specifying characteristics such as the destination IP address and destination port of the packet. You then specify the IP address of where you want the router or firewall to forward the packet on to (see Figure 9-9).
Exam watch: For the Network+ exam, know that a reverse lookup zone is used to
convert the IP address to an FQDN. Also know that the zone must be named with the first three octets of your IP backwards, plus .in-addr.arpa—for example, 11.83.216 .in-addr.arpa.
Once you have created the primary zone for the DNS namespace that you are authorized for, you need to
create DNS records. The DNS records are stored in DNS and match a friendly FQDN to the corresponding IP address of that system. Actually, that is a bit of a lie, because it really depends on what type of DNS record you create.
Once you have installed DHCP, you are ready to
create a DHCP scope, which is a range of addresses that the DHCP server is allowed to give out to the network.
Now that you have the DNS server installed, your next step is to configure the DNS service. You first
create a DNS zone. A DNS zone is the area of the DNS hierarchy that you are responsible for managing. For example, I am responsible for managing the gleneclarke.comDNS zone. There are different types of DNS zones that you can create, with the two common types being
Forward vs. reverse zone: You will need to create forward lookup zones to convert FQDNs to IP addresses, but you may also want a reverse lookup zone, which converts the IP address to an FQDN. To create a reverse lookup zone, you need to
create a zone with the first three octets of your IP subnet in backwards order, plus the words ".in-addr.arpa". For example, if my IP subnet is 216.83.11.0, then I should create a reverse zone called 11.83.216.in-addr.arpa.
Many network devices allow you to manage access control lists (ACLs) to control who can gain access to the network. An ACL is a list of rules that specify what traffic is allowed to pass through the router and what traffic is to be denied. ACLs are also found on firewalls and specify what traffic is allowed to pass through the firewall or what traffic is to be blocked at the firewall. Most routers and firewalls have a default rule of
deny all traffic that does not have a specific rule allowing traffic.
it is important to understand that there are different types of DNS records: -SRV: A service record points to a system that provides a specific service. Examples of services that use service records are (2)
domain controllers and global catalog servers for a network.
Years ago, DNS name resolution was only used for Internet resources such as websites and e-mail servers. But today, most networking environments use DNS to resolve the FQDN of internal resources to IP addresses. The problem was that administrators did not want to create DNS records for all the internal systems on the network. The solution was to create a protocol, known as __, that allows the systems to contact the DNS server and create and update their own records.
dynamic DNS
You learned in Chapter 4 about IP addressing and the fact that addressing can be assigned either statically, meaning you manually configure the IP address information on each system, or
dynamically through Dynamic Host Configuration Protocol (DHCP).
It is important to understand for the Network+ certification exam and for the real world the role of a DHCP relay on a network. Remember that DHCP messages are broadcast messages, which normally will not pass through a router. So the problem is if you have an enterprise made up of multiple networks separated by routers, then the DHCP clients on one network cannot be serviced by a DHCP server on another network. A quick solution is to configure a DHCP server on each network to assign IP addresses for that network. But you could also use a DHCP relay. For example, let's assume you have two networks separated by a single router—we'll call them Network A and Network B. Assume that you configure a DHCP server on Network A, but want the clients on Network B to use it as well (because you do not want to manage two DHCP servers). In order for the DHCP clients on Network B to reach the DHCP server, you must configure a DHCP relay on Network B. The DHCP relay is configured to forward all DHCP requests to a DHCP server, so you specify the IP address of the DHCP server on Network A. When a client on Network B sends out a DHCP discover message, the DHCP relay receives the message and then forwards it to the DHCP server that is configured. The DHCP server responds with an IP address to assign to the client. The same feature can be configured on a Cisco router and is known as an IP Helper. To configure the IP Helper feature on a Cisco router to forward traffic to the DHCP server, you can use the following commands: VAN-R1>Enable VAN-R1#config term VAN-R1(config)#interface FastEthernet0/0 VAN-R1(config-if)#ip helper-address global 10.0.0.1 VAN-R1(config-if)#exit VAN-R1(config)#exit Keep in mind that this will
forward all User Datagram Protocol (UDP) traffic to the IP address of 10.0.0.1 and you only want to forward DHCP messages that use UDP 67 and 68. So you will need to disable all forwarding of non-DHCP messages by using the no ip forward-protocol udp <port_number> command, where the port number represents the port number of other UDPs such as TFTP (port 69) and DNS (port 53).
When planning DNS there are a number of things to consider. You need to think about things such as whether you want to configure a primary or secondary DNS zone and what types of DNS records need to be configured. You need to plan other aspects, such as if you are creating an internal DNS solution or a DNS solution for Internet resources. The following is a listing of some key considerations to be aware of: Third-party/cloud-hosted DNS: You need to decide how you are going to host your DNS solution. With internal DNS, you can simply install DNS on one of your servers, but for external DNS on the Internet, you need to decide if you want to put your own server in the DMZ to service the Internet, or do you use a third-party company like __ to host your DNS. You could also look into using a cloud provider to host DNS.
godaddy.com
The first step to configuring NAT on a Windows server is to
have two network cards in the Windows server. One network card connects to the Internet and is known as the public interface, while the other network card connects to the internal LAN and is known as the private interface.
A __ record is known as an A record for IPv4, but is known as an AAAA record for IPv6.
host
Differentiated Services Code Point (DSCP) is a field within the IPv4 and IPv6 header known as the DS field that is designed to
identify the type of traffic that the IP packet is carrying. For example, it can be used to identify voice traffic or streaming audio so that QoS can be provided. DSCP does this by assigning traffic to a class (using the DS field) and then configuring devices to manage or prioritize that traffic based on its class.
it is important to understand that there are different types of DNS records: Start Of Authority (SOA): The SOA record stores the settings for the DNS zone, such as the
increment number, which acts as a version number and increments any time the zone changes. If the secondary DNS server has a different increment number, then the secondary DNS knows that it needs to copy the zone from the primary DNS server to be up to date.
It is important to understand for the Network+ certification exam and for the real world the role of a DHCP relay on a network. Remember that DHCP messages are broadcast messages, which normally will not pass through a router. So the problem is if you have an enterprise made up of multiple networks separated by routers, then the DHCP clients on one network cannot be serviced by a DHCP server on another network. A quick solution is to configure a DHCP server on each network to assign IP addresses for that network. But you could also use a DHCP relay. For example, let's assume you have two networks separated by a single router—we'll call them Network A and Network B. Assume that you configure a DHCP server on Network A, but want the clients on Network B to use it as well (because you do not want to manage two DHCP servers). In order for the DHCP clients on Network B to reach the DHCP server, you must configure a DHCP relay on Network B. The DHCP relay is configured to forward all DHCP requests to a DHCP server, so you specify the IP address of the DHCP server on Network A. When a client on Network B sends out a DHCP discover message, the DHCP relay receives the message and then forwards it to the DHCP server that is configured. The DHCP server responds with an IP address to assign to the client. The same feature can be configured on a Cisco router and is known as an IP Helper. To configure the IP Helper feature on a Cisco router to forward traffic to the DHCP server, you can use the following commands: VAN-R1>Enable VAN-R1#config term VAN-R1(config)#interface FastEthernet0/0 VAN-R1(config-if)#ip helper-address global 10.0.0.1 VAN-R1(config-if)#exit VAN-R1(config)#exit Keep in mind that this will forward all User Datagram Protocol (UDP) traffic to the IP address of 10.0.0.1 and you only want to forward DHCP messages that use UDP 67 and 68. So you will need to disable all forwarding of non-DHCP messages by using the __ command, where the port number represents the port number of other UDPs such as TFTP (port 69) and DNS (port 53).
no ip forward-protocol udp <port_number>
Dynamic DNS solutions are available to the public that you can subscribe to. The benefit of public dynamic DNS solutions is that they can be used to update DNS dynamically for a system that is configured with a dynamic IP address (a DHCP client) from their Internet service provider. If you had a dynamic IP address (which most of us have) and you wanted to host services such as a website, you would constantly have to update the DNS record as your IP address changed daily. With dynamic DNS, an agent is installed on your system or router that is responsible for updating DNS automatically for you! An example of a public dynamic DNS provider is
noip.com
When configuring DHCP you will need to create a DHCP scope, which is a group of addresses, known as a __, that the DHCP server is allowed to give out to clients.
pool
Many products can have port forwarding enabled, with the most common example being the home router or wireless router that connects your home network to the Internet. If you check the configuration of the home router, you will notice a
port-forwarding option that allows you to specify traffic that is forwarded into the network. Linux uses the Destination Network Address Translation (DNAT) feature of IPTables to implement port forwarding.
Port forwarding is the concept of configuring your router or firewall to forward specific packets to systems on the demilitarized zone (DMZ) or the internal network. The benefit of port forwarding is that you typically block packets from the Internet from entering into your network, but when you wish to host your own server, such as a web server or File Transfer Protocol (FTP) server that you can access from the Internet, then you need to configure the router/firewall to forward those specific packets to a specific system on your network while still blocking all other traffic. When configuring port forwarding, you will do so using a __, which allows you to specify which type of traffic you wish to forward by specifying characteristics such as the destination IP address and destination port of the packet.
port-forwarding rule
There are some other real-time services offered by unified communications solutions, such as (2) (describe)
presence information and the ability to multicast the communication. The following outlines these two services: -Presence: Presence information provided by unified communications solutions allows users to see the availability of other users in real time. The benefit of this is that you are not trying to call someone who has their presence set to "Busy" or "Unavailable." -Multicast vs. unicast: With unified communications, telephone systems using VoIP can use unicast communication (one-to-one communication) or multicast communication (one-to-many communication). It is important to properly configure the system for multicast where applicable, as you can conserve network bandwidth. For example, most VoIP communication is unicast, as there is one sender and one receiver, but a feature such as playing music while on hold should be using multicast communication, as that music is being sent to multiple phones at different times.
it is important to understand that there are different types of DNS records: A text record is used to type a text string of information and is used by SPF and DKIM. Both SPF and DKIM are record types used to
prevent spam messages received by a domain. Once you create the SPF or DKIM records in your DNS, other SMTP servers will query for those records to determine who your authorized SMTP servers are. This helps prevent companies from accepting spam messages.
There are two major types of NAT that you should be familiar with for the Network+ certification exam:
static NAT and NAT overloading.
Exam watch: For the Network+ exam, know that a reverse lookup zone is used to convert the IP address to an FQDN. Also know that the zone must be named with
the first three octets of your IP backwards, plus .in-addr.arpa—for example, 11.83.216 .in-addr.arpa.
When you configure your DHCP scope, you will most likely want the DHCP server to give out more than just the IP address and subnet mask. You can configure DHCP scope options, which allow you to specify additional settings such as __(3), which all should be deployed to clients along with the IP address.
the router address, DNS server, and DNS domain name (also known as the DNS suffix)
Looking at Table 9-1 you can see what the NAT table would look like on the device. Notice that the source IP address and original source port address are recorded with each packet being sent. The NAT device also records the destination IP address and the destination port for the request. Finally, the NAT device strips out the source IP address and source port address from the packet header and replaces them with what we will call the
translated IP address and translated port number. Notice that with NAT overloading, the translated IP address is the same for all outbound requests, so the only way the NAT device knows where to send the reply to when it comes back from the destination site is by looking at each message's translated port address. For example, when the NAT device receives a message from the 216.83.11.5 website with a destination port of 50003, it knows to rebuild the reply with 14.0.0.30 as the destination address and 1087 as the destination port (remember that reply messages have the source and destination fields reversed).
When configuring DNS on the network, it is recommended that you have
two DNS servers—a primary DNS server and a secondary DNS server. The primary DNS server has the writable copy of the DNS database, while the secondary DNS server has a read-only copy of the database that it receives from the primary DNS server. The purpose of the secondary DNS server is to hold a copy of your DNS data in case the primary DNS server fails.
