Chapter 10 Network Segmentation and Virtualization
DHCP relay agent
a DHCP configuration that provides DHCP service to multiple VLANs. this receives a DHCP-related message, then creates its own message to send the specified DHCP traffic beyond the broadcast domain
tag
a VLAN identifier added to a frame's header according to the specifications in the 802.1Q stnadard
network controller
a central console that manages virtual devices, services, and appliances.
wireless controller
a central management console for all of the APs on a network
bridge ID
a combination of a 2-byte priority field and a bridge's MAC address, used in STP to select a root bridge
VLAN pooling
a feature on wireless controllers that groups multiple VLANs into a single VLAN group, or pool, and then dynamically assigns wireless clients to each successive VLAN in the pool
ANDing
a logical process of combining bits. In this process, a bit with a value of 1 combined with another bit having a value of 1 results in a 1. A bit with a value of 0 combined with any other bit (either 0 or 1) results in a 0.
virtual switch
a logically defined device that operates at the Data Link layer to pass frames between nodes
vNIC
a logically defined network interface associated with a virtual machine
virtual terminal
a machine at the technician's location that provides for remote configuration of a switch
host
a physical computer being used for virtualization
virtual bridge
a port on a virtual switch. Can connect vNICs with a network, whether virtual or physical
default VLAN
a preconfigured VLAN on a switch that includes all of the switch's ports and cannot be renamed or deleted. The switch might be preconfigured with other VLANs as well, depending on the device and manufacturer
Control and Provisioning of Wireless Access Points
a proprietary protocol created by Cisco to replace LWAPP. Both LWAPP and this protocol make centralized wireless management possible, and both direct all wireless frames to the wireless controller by adding extra headers to the frames
OpenFlow
a protocol that serves as a common language in SDN to bridge the gap between virtualized service applications and a network's physical devices, ensuring that applications make decisions rather than the device themselves operating independently from the virtualized services
thick AP
a self-contained access point that can do its job without relying on a higher-level management device
CIDR notation
a shorthand method for denoting the distinction between network and host bits in an IP address. also called slash notation.
thin AP
a simple access point that must be configured from the wireless controller's console in order to function
stack master
a single switch that hosts the VLAN database for all switches on a network
BPDU guard
a software configuration on a switch's access ports that blocks certain types of BPDUs from being sent or received by the devices, such as workstations and servers, connected to these ports. Is necessary because network hosts should not be considered as possible paths to other destinations.
BPDU filter
a software configuration that can be used to disable STP on specific ports, such as the port leading to the network's demarc. Prevents access to network links that should not be considered when plotting STP paths to other destinations.
Virtual Router Redundancy Protocol
a standard that assigns a virtual IP address to a group of routers. At first, messages routed to the virtual IP address are handled by the master router. If the master router fails, backup routers stand in line to take over responsibility for the virtual IP address.
route aggregation
a supernet configuration implemented for the purpose of reducing the number of routing table entries by combining several entries, one for each network, into one entry that represents multiple networks.
out-of-band management
a switch management option that provides on-site infrastructure access when the network is down or complete remote access in cases of connectivity failures on the network, such as via a cellular signal, in order to interface with a switch
in-band management
a switch management option, such as Telnet, that uses the existing network and its protocols to interface with a switch
managed switch
a switch that can be configured via a command-line interface and sometimes can be configured in groups. Usually, they are assigned their own IP addresses. VLANs can only be implemented through these.
unmanaged switch
a switch that provides plug-and-play simplicity with minimal configuration options and has no IP address assigned to it. Inexpensive, but it's capabilities are limited.
Spanning Tree Protocol
a switching protocol defined in IEEE 802.1D. Operates in the Data Link layer to prevent traffic loops by calculating paths that avoid potential loops and by artificially blocking links that would complete a loop. Can also recalculate its paths when changes are made to the network.
host-only mode
a type of network connection in which VMs on a host can exchange data with each other and with their host, but they cannot communicate with any nodes beyond the host. In other words, the vNICs never receive or transmit data via the host machine's physical NIC
bridged mode
a type of network connection in which a vNIC accesses a physical network using the host machine's NIC. In other words, the virtual interface and the physical interface are bridged. The vNIC, however, obtains its own IP address, default gateway, and subnet mask information from the physical LAN's DHCP server.
NAT mode
a type of network connection in which a vNIC relies on the host machine to act as a NAT device. In other words, the VM contains IP addressing information from its host, rather than a server or router on the physical network. To accomplish this, the virtualization software acts as a DHCP server.
Bridge Protocol Data Unit
a type of network message that transmits STP information between switches
VMware
a vendor that supplies the most popular types of workstation and server virtualization software. Used casually, this term may also refer to the virtualization of software distributed by the company.
guest
a virtual machine being ran on a physical computer
VirtualBox
a virtualization software distributed by the company Oracle
Lightweight Access Point Protocol
a wireless protocol created by Cisco that makes centralized wireless management possible. Directs all wireless frames to the wireless controller by adding extra headers to the frames. But, it is also considered a lightweight protocol because the headers are relatively small.
management console
a workstation, such as a laptop, that is connected to a switch's console port and allows for changes to be made to a switch's configurations
virtual IP address
an IP address that can be shared by a group of routers
Classless Interdomain Routing
an IP addressing and subnetting method in which network and host information is manipulated without adhering to the limitations imposed by traditional network class distinctions. Also known as supernetting. Older routing protocols, such as RIP, are not capable of interpreting these addressing schemes.
classful addressing
an IP addressing convention that adheres to network class distinctions, in which the first 8 bits of a Class A address, the first 16 bits of a Class B address, and the first 24 bits of a Class C address are used for network information
VLAN hopping
an attack in which the attacker generates transmissions that appear, to the switch, to belong to a protected VLAN
virtual appliance
an image that includes the appropriate operating system, software, hardware specifications, and application configuration necessary for a prepackaged solution to run on a machine
KVM
an open source virtualization package designed for use with Linux systems
native VLAN
an untagged VLAN on a switch that will automatically receive all untagged frames. Options for these VLANs vary according to the switch manufacturer and model.
Multiple Spanning Tree Protocol
as described in IEEE's 802.1s standard, a version of the Spanning Tree Protocol that can detect and correct for network changes much more quickly.
Rapid Spanning Tree Protocol
as described in IEEE's 802.1w standard, a version of the Spanning Tree Protocol that can detect and correct for network changes much more quickly.
Shortest Path Bridging
as described in IEEE's standard 802.1aq, a descendent of the Spanning Tree Protocol that can detect and correct for network changes much more quickly. different because it keeps all potential paths active while managing the flow of data across those paths to prevent loops.
Hot Standby Router Protocol
cisco's proprietary standard, similar to VRRP, that assigns a virtual IP address to a group of routers. At first, messages routed to the virtual IP address are handled by the active router. If the active router fails, standby routers stand in line to take over responsibility for the virtual IP address
supernet
in IPv4, a type of subnet that is created by moving the subnet boundary to the left instead of the right and using bits that normally would be reserved for network information instead of using bits reserved for host information
magic number
in the context of calculating subnets, the difference between 256 and the interesting octet (any octet in the subnet whose value is something other than 0 or 255). Can also be calculated by raising 2 to the power of the number of bits in the host portion of the subnet mask using the formula 2^h. Can be used to calculate the network IDs in all the subnets of the larger network
security association identifier
part of a VLAN configuration that indicates to other connectivity devices which VLAN a transmission belongs to.
802.1s
the IEEE standard that describes MSTP, which evolved from STP.
802.1w
the IEEE standard that describes RSTP, which evolved from STP.
802.1aq
the IEEE standard that describes SPB and that evolved from STP.
802.1D
the IEEE standard that describes, among other things, bridging and STP.
802.1Q
the IEEE standard that specifies how VLAN and trunking information appears in frames and how switches and bridges interpret that information
data plane
the actual contact made between physical devices and data transmissions as messages travel a network
trunking
the aggregation of multiple logical connections in one physical connection between connectivity devices. In the case of VLANs, allows two switches to manage and exchange data between multiple VLANs.
virtualization
the emulation of all or part of a computer or network
CIDR block
the forward slash and number of bits used in CIDR notation
trunk port
the interface on a switch capable of managing traffic from multiple VLANs.
access port
the interface on a switch used for an end node. Devices connected to these are unaware of VLAN information.
network ID
the network portion of an IPv4 address
root port
the port on a bridge that is closest to the root bridge. This is the only port that can forward frames toward the root bridge.
designated port
the port on a segment that provides the shortest path to a specific destination. Only this port on a segment can transmit network traffic because STP disables links that are not part of the shortest path.
route prefix
the prefix in an IPv6 address that identifies a route. Because these prefixes vary in length, slash notation is used to define them. For example, the prefix 2608:FE10::/32 includes all subnets whose prefixes begin with 2608:FE10, and, consequently, all interfaces whose IP addresses begin with 2608:FE10
control plane
the process of decision making, such as routing, blocking, and forwarding, that is performed by protocols
root bridge
the single bridge on a network selected by STP to provide the basis for all subsequent path calculations. Also called the master bridge.
hypervisor
the software that allows a user to define VMs and manages resource allocation and sharing among them. Also called a virtual machine manager.
prefix mask
the usually optional slash notation at the end of an IPv6 address that indicates the number of bits used by the network prefix.
software defined networking
the virtualization of network services in which a network controller manages these services instead of the services being directly managed by the hardware devices involved
Transparent Interconnection of Lots of Links
A multipath, link-state protocol (using IS-IS) developed by the IETF and designed to replace STP.
VLAN trunking protocol
Cisco's protocol for exchanging VLAN information over trunks. allows one switch on a network to centrally manage all VLANS.
Hyper-V
Microsoft's virtualization software package. Was first available with Windows Server 2008, and is now available in some 64-bit versions of Windows 8.1 as well.
supernet mask
a 32-bit number that, when combined with a device's IPv4 address, indicates the kind of supernet to which the device belongs. Moves the network prefix to the left, thereby taking up fewer digits than the related classful network prefix.