Concepts & Characteristics of Networking
APIPA
Automatic Private IP Addressing (APIPA) Another range of Private IP Addresses 169.254.0.0 to 169.254.255.255 (Class B Size Private IP Range) Implemented when your network environment uses Dynamic Host Configuration Protocol (DHCP) to automatically assign IP addresses. If your system cannot communicate to the DHCP server, it will default to assign itself this address. This allows for other systems in the network also unable to communicate to DHCP to get an address in the same range to at least communicate to each other.
IEEE 802.11
Specification for wireless communications
Three types of transmission
1. Unicast 2. Broadcast 3. Multicast
PAT Advantages
1. Used to conserve IP addresses 2. Private IP addresses are not exposed to public networks 3.Limits attacks origination from the public network because intruders can't launch targeted attacks against specific private addresses.
Loopback Address Range
127.0.0.0 to 127.255.255.255 Every address in between this range is not used in standard IP addressing in a functioning network. You can use ping command to perform your own tests. As long as you receive a reply, TCP/IP is installed correctly.
Common Default Gateway IP Addresses
192.168.0.1 192.168.1.1 192.168.0.254 10.0.0.1 Typically utilizes first available address within a subnet.
Private IP Addresses
The number of publicly available IPv4 addresses is coming close to if not already at its limit in terms of the number of globally unique addresses. This problem is alleviated by the introduction of PRIVATE IP addresses.
IPv6 - Router Advertisement
1. Allows client systems to recognize that a router is out there 2. Sent out to configure interface for IPv6 devices including lifetime information, default device information, flags to determine auto configuration Compare to IPv4 where a client would have to use DHCP to inform a client of their IP address, subnet mask, and default gateway. IPv6 does not need to that. With router advertisement, client systems can know where the nearest router is now and configure the defualt gateway on their own. aka Neighbor Discovery
Collision Domain
1. Any network segment where a collision can happen ex: Typically Ethernet networks 2. Consists of devices connected to a shared media--A collision can occur between any number of devices any time ex: Ethernet hubs
DHCP Process
1. CLIENT operating system is configured to request an IP address automatically *Sends out DHCPDISCOVER packet* looking for DHCP servers. 2. DHCP SERVER will hear this rquest and respond with an offer 3. CLIENT will see the offer and request to use the offered IP address 4. SERVER acknowledges the request, verifies no other system is using the offered address and provides assignment of the address ALL 4 OF THESE STEPS ARE ALL BROADCAST. Why? Because the requesting client system did not originally have an IP address until it receives the DHCP acknowledgement.
VIPA Benefits
1. Consolidates resources (One network interface perhosted application or service) 2. Improve redundancy (Provides alternative failover options on machine) 3. Virtually unlimited mobility (Allows application to be moved anywhere without changing addresses)
NAT Disadvantages
1. Consumes processor and memory resources since it has to remember ALL the requests that came in from the internal environment that needed to be forwarded out and that returning packets get sent to the correct systems 2. Can cause IPv4 communication delays 3. Loss of end-device IP traceability 4. Not compatible with some technologies or network applications
PAT Disadvantages
1. More complicated in larger networks particularly with remote logins 2. Limited internal table on the router/device which may result in running out of unused ports or losing track of connections More robust routers support more rules, and better maintenance and tracking of these connectons.
NDP Message Types
1. Neighbor advertisement 2. Neighbor solicitiation 3. Router advertisement Though highly unlikely, if two systems happen to initialize with the same address, one of them will reinitialize with a new address
Port Forwarding - Common Uses
1. Online gaming servers 2. Peer-to-peer downloading 3. Voice over IP type applications (ex. Skype, Viber, ooVoo)
DHCP Reservation
1. Permanent IP address assignment (IP address within a scope) 2. Typical reservation -Reservation name -IP address MAC Address -Description States that this MAC address will always receive this IP address. It is then reserved and no other client will get that address. However, certain network adapters are external and can be connected to a different machine, giving the same MAC which in turn will receive the same IP address.
NAT Advantages
1. Prevents depletion of IPv4 addresses 2. Provides additional layer of security 3. Increased flexibility when connecting to public internet 4. Use private IPv4 addressing system
Reserved Addresses
1. Private IP Addresses 10.0.0.0 -10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 2. Loopback IP Addresses (Diagnostic) 127.0.0.0 - 127.255.255.255 3. APIPA Addresses (Diagnostic) 169.254.0.0 - 169.254.255.255
DHCP Benefits
1. Reliable IP address configuration -Minimizes configuration errors -Typographical errors -Duplicate address conflicts 2. Reduces network administration -Centrally manage and automate assignment of IP addresses on a network -No longer keep a record of assigned IP addresses
Distance-vector Routing Protocols
1. Routing Information Protocol 2. EIGRP
Static IP Disadvantages
1. Security (A server with an address that stays the same for a long time can allow a malicious user to have more time to figure out which system to target) 2. Manual Configuration (Prone to mistakes and duplicates) 3. Additional DHCP server configuration (must ensure DHCP pool does not included addresses that have been assigned statically)
Static IP Advantages
1. Stability 2. Preferred address for servers 3. Remote access 4. Reduced down time (ex. If the DHCP server goes down, you can end up with clients that are unable to get an address aka communicate)
DMZ Setup
1. The Internet 2. Firewall (which only allows the ports to communicate with certain systems in the DMZ (Buffer zone) 3. DMZ (In here are systems that require exposure to the Internet. But you don't want to risk somebody hitting those DMZ systems and use it to attack internal systems) 4. Firewall (Another firewall that only allows the appropriate ports from the DMZ to the internal network) 5. Internal Network
Segmentation - MAC Address Table
A MAC Address Table is a fundamental component of the switch. A switch can build address tables using MAC source address of frames it receives. Hubs do NOT have this ability. Switches can use these tables to determine to forward traffic to a LAN. Every system that communicates through the switch, knows that System X, is physically connected to Port X, and that's its MAC address so when anything comes in for that system, it knows it should send it out over that port instead of every port.
Default Gateway
A gateway is a network device that allows computers to access other networks. Without a gateway, computers are isolated from the outside. It is not 100% necessary for internal communications.
Server Cluster
A group of servers that all perform the same function Example: A database that is critical to your environment should never go down. If there is only one server for that database and it goes down, you no longer have a database. Multiple servers to host the database allow you to maintain it redundantly. If one server goes down, there is another copy of the database on another server. In this case, you need ONE single IP address to be able to reach any of the servers hosting the database, especially in the case that one goes down. The whole cluster has this Virtual IP address. Each server will technically still have its own individual IP address but for the client, only the singular Virtual IP will matter, and the request is simply routed to whichever server can handle the request.
Routers & Default Gateways
A router is typically used as the default gateway. However, it is possible to simply use a computer with two network adapters to act as the default gateway. Example: One adapter is connected to a local subnet while the other is connected to an outside network. Summary: A router is the official DEVICE, while a computer can still act as a gateway.
Loopback Address
A special IP address designed for the loopback interface of a machine: Always 127.0.0.1 Every device using TCP/IP ver 4 has this address assigned to it by nature. It is called Loopback because a packet destined for this address is just a diagnostic address that allows you to determine if TCP/IP is correctly installed/bound itself to your network adapter. No hardware is associated to the loopback interface, it is not physically connected to a network It is used to test IP software with no concern for corrupted drivers or hardware.
ACL uses
ACLs enable basic security for a network, and though they are not as secure as firewalls they are another layer of protection. You can restrict updates from network peers by explicitly stating that any given router should only accept updates from specific routers. ACLs ultimately help you to define the overall flow of traffic in your network environment
Reserved Addresses Purpose
Also known as the Private IP addresses These are implemented in internal LAN. Private addresses mean they are never used in the public internet. These addresses are used INSIDE your routers without affecting the public Internet. Class A - Large Class B - Mid-size network Class C - Fairly small network environments.
ACL's
Access Control Lists
Segmentation - ARP Table
Address Resolution Protocol (ARP) is the protocol used to map IP addresses to physical machine addresses (MAC addresses) since switches understand MAC but all communications are using an IP address. ARP tables can be used to maintain a record of MAC addresses and corresponding IP addresses. Since IP addresses can be changed, the ARP table also needs to be updated from time to time. The protocol rules support address conversion in both directions. (If it sees the IP, it can map it to the MAC and vice versa).
Routing Protocols
Allows routers to communicate with each other with respect to the routes they handle. They are not transport protocols like TCP or UDP. They are not concerned with moving data packets around. More importantly, routing protocols are more concerned with informing each other about routes that it knows. This information can be passed on from router to router so when you start getting into very large routing environments, any given router does not need to know the entire path to any given destination.
Hybrid Routing Protocol
Boarder Gateway Protocol (BGP) 1. Manages how packets are routed across the internet (uses routing and reachability information) 2. Directs packets between autonomous systems (AS) aka routing environments managed by a specific organization. 3. Commonly used to connect AS to other autonomous systems (WAN to WAN)
Link-state Routing Protocols
These protocols are aware of the conditions of the route. ex: If there is a traffic jam down the line, OSPF can route around it. 1. OSPF
DHCP Servers
These servers allocate IP addresses from a pool of available IP addresses for a network and are allocated for a certain amount of time (ex. leased) (This pool of addresses is determined by the administrator)
CSMA/CA
Carrier Sense Multiple Access / Collision Avoidance It detects and avoids collisions on a network It "senses" or listens for collisions prior to transmitting data and informs other devices not to broadcast. It sends out dummy packets and if it does not collide then it can assume to send out the real data. However, this can impact network traffic.
CSMA/CD
Carrier Sense Multiple Access/Collision Detection (protocol) Carrier = Physical Media Multiple Access = We have multiple systems trying to access it. It determines how network devices respond when simultaneous requests are made on the same data channel It is used to monitor traffic amongst devices on a network so if a collision occurs, the devices will attempt to retransmit after a random time interval
Private IP Address ranges
Class A 10.0.0.0 - 10.255.255.255 Class B 172.16.0.0 - 172.31.255.255 Class C 192.168.0.0 - 192.168.255.255
Default Subnet Masks
Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.255.0
Performance Concepts - CoS
Class of Service Groups similar types of traffic on a network to manage traffic: -Email -Video streams -Voice streams -File transfers (ex. large documents) When it sees those similar types of communications, it groups them into these classifications to try to maintain and manage each one more effectively as a separate type of class. Unlike QoS, it does not offer a guaranteed level of service--only a "best effort" in terms of bandwidth and delivery time. Main class of service technologies: -802.1p layer 2 tagging -Type of Service (ToS) -Differentiated Services (DiffServ)
Boardcast Domain
Consists of all devices receiving a broadcast packet which can originate from any device. Considerations: 1. Larger number of broadcasts can -Reduce available bandwidth -Impact processing power of computers You want as few broadcasts as possible but recognizing the boundaries of a broadcast domain can help reduce overall number. Processing Power Impact: When a system does not need to pay attention to that broadcast must stop any current tasks just to examine the packet, be unconcerned, and discard it.
Segmentation - Switching Loops
When a switch has cleared its MAC table for any reason, and unaware of which systems are connected to which ports, and multiple switches are connected to each other redundantly for fault tolerance--when one switch goes down or a MAC table cleared, a workstation attempting to connect to a server, it would usually pass it out through the appropriate switch based on its table. Without the table or without being able to see the entry for the server, it has to send the request out to every port to ask the other switches if they have entries for the file server. If they don't have entries, they will send it out to every port with the exception of the source port. So now every switch is hearing the request for the server but nobody has it in its table and it just keeps bouncing around the switches. This can be prevented with the Spanning Tree Protocol
Segmentation
Keeping traffic as isolated as possible
IPv6 - Dual Stack
When both IPv4 and IPv6 protocols can be used at the same time. Network devices such as routers and switches support both IPv4 and IPv6 Whenever IPv6 communication is possible it becomes the preferred protocol VoIP Video Conferencing Real Time Communication
IP Configuration
When configuring any system with its IP configuration, You MUST supply: 1. IP Address 2. Subnet mask And for EXTERNAL communications to be available as well the DEFAULT GATEWAY must also be configured.
Collision
When every system receives all packets if they end up on the shared media at the same time, the packets will collide with each other and destroy the other. These are electrical signals so they will interfere with each other to the point where they are just no longer recognizable.
Broadcast
When the source sends out to every destination within the same network, specifically the same subnet ex: When a system initializes and request an IP address from a DHCP server, the Dynamic Host Configuration Protocol, as long as there is a DHCP server in that subnet, the DHCP server will hear the broadcast even while every other system hears the broadcast but only the DHCP server will respond back to the source.
Unicast
When there is a specific address/destination to which your packets are sent and that specific destination will respond back to you. It is possible to send MULTIPLE unicast transmissions but they are all separate and distinct from each other. ex. Print Jobs It is considered the quietest network transmission type because all other systems do not hear unicast conversations
Network Address Translation (NAT)
NAT Used by network devices to assign a public address to a device within a private network (ROUTER) -Limits number of public IP addresses used by an organization or company ex. A router will have a public IP address that faces the internet while having an internal IP address that internal devices will see as their default gateway. Problem: Every packet sent by every system using TCP/IP includes the destination address, and the source address which is used as the return address for the other system. ex. If you are trying to get to a web page, the Web server needs to know where to send packets back. It will never send packets to a private IP address. This is where Network Address Translation steps in and converts the source private IP address as it goes through the router, and turns it into a public IP address which is entirely visible to the web server and the router on the other side. BUT, it is now the source router's job to remember which original IP address it came from.
OSPF
Open Shortest Patch First (OSPF) 1. Router protocol used to determine best path for packets 2. Replacement for RIP 3. When a router learns of a network change, it multicasts the information to all other OSPF hosts on the network (which updates the neighboring routing table information)
Hubs
Operates at the lowest layer of OSI (Physical) because these devices do not know anything about any kind of addressing. Anything that goes into one physical port of a hub comes out every other port.
Public IP Address
PUBLIC IP address is assigned by an internet service provider for use by a home or business PUBLIC IP addresses differentiate devices connected to the public internet and are GLOBALLY UNIQUE. Examples: 1. Web servers 2. DNS servers 3. Network routers Web servers are a perfect example because if a website was needed to be accessed, it needs to be available to the general public--everyone should be able to access the server by having a unique address and be able to be distinguishable from another web server.
Broadcast Domain Boundary
Routers are inherently programmed to discard broadcast packets because if they allow it through the router to the next network, the packet can theoretically go forever through network to network and to the internet.
RIP
Routing Information Protocol (RIP) Distance-vector Routing Protocol 1. Distance vector routing protocol used in networks worldwide (considers how many routers have to be crossed to get from source to destination to determine what is the best path/shortest path) 2. Defines how routers share routing information amongst networks 3. Routers maintain a routing table which lists all destinations which that particular router can send the packet. 4. A distance vector algorithm determines which path is best to get to its destination 5. Open standard and easy to implement
Segmentation - Tagging Ports
Defined by IEEE 802.1Q Used when multiple VLANS exist per port. Tags are used as VLAN identifiers to direct traffic to appropriate VLAN Ex: If behind a port, there are several other switches with several VLANS defined, you need a way to identify that this packet is destined for VLAN1, and the other is for VLAN2. It is not required when a VLAN segmented network consists of only a single switch, only when there are multiple switches with multiple VLANS.
DMZ
Demilitarized Zone Also known as a perimeter network and is the process of using firewalls which only allow the appropriate ports to be open to communicate with the appropriate types of systems. It creates a buffer zone where systems that need to be exposed can be, but doesn't expose the rest of the entire internal network. We use two firewalls to separate those systems and allow them to access the Internet while still providing a certain amount of protection for the internal network.
Spanning Tree Protocol
Detects switching loops and can stop it.
Performance Concepts - DiffServ
Differentiated Services Protocol used to specify and control network traffic by class Based on classification, certain traffic gets certain precedence ex. Voice traffic may get precedence because it required uninterrupted flow of data. -Depends on complex policy and rule statements when forwarding network packets -Avoids simple priority tagging
Difference between Distance & Link State
Distance: RIP Link: OSPF RIP only examines the number of hops across a router while OSPF will consider the state of the link (it might not be the SHORTEST path, but it will find the best OPEN path)
DHCP
Dynamic Host Configuration Protocol A Client/Server protocol used to provide IP hosts with an IP address as well as subnet mask and default gateway
DHCP server failover mechanism
Enables automatic assignment of IP addresses when the DHCP service becomes unavailable (APIPA) Allows communication of other nodes on the same LAN using an address in the APIPA range Range: 169.254.0.1 - 169.254.255.255 When the DHCP server, or connection to the DHCP server is restored, the APIPA address is released.
EIGRP
Enhanced Interior Gateway Routing Protocol (EIGRP) Distance-vector Routing Protocol 1. Enables routers to exchange information more efficiently 2. Routers maintain a copy of neighboring routing tables. for additional redundancy. Newer protocols send only changes made in neighboring routing tables
Trunking
Extends VLANs because most environments can't get by with just a single switch. The location of the systems behind each separate switch does not affect their ability to be in the same VLAN. The TRUNK builds a logical connection between the two VLANs and allows systems on different sides of switches to be in the same VLAN. You can have multiple switches with multiple VLANS configured with trunks in between them to still allow membership in almost any VLAN regardless of which physical switch they are connected to.
Port Address Translation (PAT)
Extension of NAT also known as "Port Forwarding" Enables multiple network devices to be mapped to a single IP address That public IP address is then added a colon, and the specific port number to distinguish the device or ultimate destination Example: Device IP: 10.0.0.1 Singular IP shared with other devices: 129.1.2.3 Result: 129.1.2.3:1001 The router can then be configured to send packets to the device with IP 10.0.0.1
ACL - External & Internal Router
External routers are often more flexible because you can't always be sure who is going to be accessing your systems while Internal routers contain more restrictive ACLs This protects internal networks from outside threats Commonly configured using explicit PERMIT or DENY statements
Performance Concepts
For managing network traffic 1. Traffic shaping 2. Quality of Service (QoS) 3. Diffserv 4. Class of Service (CoS)
Multicast
When a source sends to multiple destinations, but not everyone. Defined by the administrator, you can send to a single address that includes all the destinations that have been added to that multicast group to receive those packets. Example: When deploying operating systems to a specific group of systems
Static IP Addressing
IP address assigned to a host that was manually configured (as opposed to assigned via DHCP) This address does NOT change (it remains "static") Common uses: -DNS servers -Network printers -Websites
Port Forwarding Example
In Port Forwarding, you set up rules that are more based on the application and their protocols Example: A web server's PUBLIC IP address is 216.69.20.1 When a web browser is being used, port 80 (HTTP) will be used Traffic destined for port 80 will automatically be forwarded to the server's private IP address (ex. 10.1.1.10) Summary: Using the correct APPLICATION to get to the correct SERVICE
IPv6
Internet Protocol version 6 1. An upgrade over IPv4 and actually has been the default protocol in Windows systems since Windows Vista 2. IP addresses are lengthened to accomodate future growth of the internet (32 to 128 bits) and rectifies impending shortage of IP addresses for IPv4 Features: -Dual stack -Router advertisement -Neighbor discovery
What is an ACL?
It determins who/what can use a particular resource such as a network interface.
Port Forwarding
Method used to make a device on a private network accessible to devices on the Internet--especially behind a router.
Port Forwarding vs. Port Address Translation
Mostly defined by the applications used Remote desktop to establish a connection through a server requires explicitly stating the particular port to get to the particular system.
NDP
Neighbor Discovery Protocol
NAT vs PAT
Network Address Translation Port Address Translation Allow easier access from private addresses to the public internet and vice versa.
Switch
Networking device that filters and forwards packets between LAN segments or any hosts. Switches operate at the Data Link Layer therefore aware of MAC addresses. So when you connect a system to the switch and a packet flows through, it records the MAC address and now knows that system is physically connected to that port. Once every system communicates through the switch, it knows every system by its address.
Router
Networking devices that forwards packets between networks. It is not concerned with directly connecting hosts to each other, only networks.
IPv6 - Neighbor Discovery
Performs task such as: -Router discovery -Duplicate address detection -Prefix discovery -Stateless address auto configuration When you turn your system on and it realizes that IPv6 is available, it initializes its own address, router and prefix discovery = stateless address configuration
Port Forwarding - Home/SOHO Routers
Port Forwarding service is actually a service supported by fairly low level routers such as Home or SOHO routers (Small Office/Home Office) These allow port forwarding so you can host these type of common internet services: FTP, Email server, Web server (or more within your limit). You may only be able to configure five or ten rules but you can still support these services and not worry about having to explicitly state the correct type of port as long as it used the associated application for that service.
Performance Concepts - QoS
Quality of Service Measurement of overall performance for networks (Transmission rates, Error rates) Can improve traffic shaping: -Packet prioritization -Queuing -Application classification
ACLs are used by...
Routers (& some switches) to restrict data flow to and from network interfaces Network interfaces are configured to use ACLs to analyze data as it arrivces at the interface Data is compared to the criteria specified in the ACL and traffic is then PERMITTED if conditions are met or DENIED if conditions are not met.
Load Balanced Web Servers
Similar to server clusters but it is utilized more for performance reasons rather than ensuring availability. Clusters allow for a copy to always be available and only one server handles ALL requests until it goes down before another server can take over. Meanwhile load-balancing allows for implementation of multiple servers that will all service the requests at the same time. A load-balance configuration means you have multiple servers (3 to 10) that will handle all requests in a distributed fashion to balance the load across them all. VIPA allows you to use one singular IP addresses across multiple ACTUAL interfaces.
Segmentation - Port Mirroring
Switch ports can be configured to mirror traffic between ports. Its not so much used for segmentation but it does duplicate the trffic coming across any given port. It tracks source and destination addresses but it's used to capture the traffic between devices while mirroring only frames containing SID/DID (Source ID/Destination ID) Typically used for troubleshooting scenarios (akadetect missing frames) This allows you to create a mirrored network which counts as segmentation but all it does is capture packets for analysis during troubleshooting.
Switches and Collisions
Switches can stop collisions because they are able to understand addresses. A switch has the capability to make a virtual connection between two systems by knowing their addresses. A switch is aware of the MAC address.
Hub
Used to connect systems within a LAN, or different segments of a Local Area Network It resides in the Physical Layer of the OSI and therefore unaware of any kind of addressing scheme. Anything that goes into one port of a hub, comes out every other port
Subnet Mask
Used to determine what subnet an IP address belongs to IP Address consists of Network Address, and Host Address Default Subnet Masks Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.255.0 Analogy: House number is your IP address. It uniquely identifies YOUR house on THAT street. The street the house is on would be the network address.
Performance Concepts - Traffic/Packet Shaping
Used to regulate network data transfers Ensures certain level of Performance and Quality of Service Prioritizes traffic streams by delaying packets deemed less important Example uses: -Time sensitive data (ex. Voip) -Business related traffic (files vs print jobs) -Internet service providers: a. Traffic is shaped for an independent reseller b. Throttling bandwidth for certain applications c. Two tiered internet (Regular vs Premium subscriptions)
VIPA
Virtual IP Addresses An IP Address that doesn't correspond to a physical network interface Common uses: 1. Servers in a cluster 2. Load-balanced web servers
VLAN
Virtual Local Area Network Example: 2 vlans, 3 devices each, 6 total, 1 switch. All of these devices are connected to the same physical switch but we can use software configuration within the switch to isolate the systems from each other. Systems in each VLAN thinks it has its own dedicated switch therefore most of the traffic occurring between those systems stays within that VLAN. If it has to cross over to the other VLAN it can.
ACL approaches
You can place ACLs on external routers to filter traffic from less desirable networks especially perhaps those that use vulnerable protocols. Example: DMZ (Demilitarized Buffer Zone which is implemented by using two separate network devices to separate traffic between the internal organization and the external LAN aka INTERNET) The exterior/external router proves access to outside network connections
