VPNs in Corporate Environments

Questions and Answers

What is one of the main advantages of using VPNs in a corporate environment?

High maintenance requirements

Scalability (correct)

Limited flexibility

Increased hardware cost

What is a significant disadvantage of VPNs that needs to be considered?

They are always cost-effective

Their availability and performance depend on external factors (correct)

They require complex user training

They eliminate the need for any internal security measures

Which application is best described as providing encrypted connections between mobile users and corporate networks?

Remote Access VPNs (correct)

Network Layer Security

Site-to-Site VPNs

Dedicated Internet Access

How do Site-to-Site VPNs benefit companies financially?

By saving hardware and management expenses

Which aspect must VPNs accommodate in their deployment?

Protocols other than IP and current internal network technology

What are the three key elements of a protocol?

Syntax, Semantics, Timing

What protocol is used for reliable connections in data delivery?

TCP (Transmission Control Protocol)

When using a connectionless protocol, which of the following is true?

Data packets may not arrive or may arrive out of sequence.

What distinguishes an always-on host in a client-server architecture?

It has a permanent IP address.

What is a primary advantage of using unreliable connections?

Faster data delivery.

How does TCP ensure reliable data delivery?

Through a process called windowing and sequence numbering.

In the context of client-server architecture, what best describes clients?

They may have dynamic IP addresses.

What is a disadvantage of connectionless service?

It may lead to packet loss during transmission.

Which industry primarily uses a VPN to transfer confidential patient information?

Healthcare

What is one advantage of Classless Inter-domain Routing (CIDR)?

More efficient use of IPv4 address space

Which protocol category is used for routing within an Autonomous System (AS)?

Interior Gateway Protocols (IGP)

Which of the following is NOT a characteristic of dynamic routing protocols?

Require manual configuration for every route

In routing, what does the forwarding table assist the router in determining?

The interface to which a packet should be sent

Which statement correctly describes the role of Static routing?

Requires manual updates to the routing table

What is one potential drawback of Static routing?

High administrative overhead for configuration

What aspect does routing determine in a network?

The correct interface to send a packet based on destination

What is the primary purpose of flow control mechanisms in data transmission?

To inform the sender of the maximum speed for data transmission

What is the first step in the Stop-and-Wait flow control mechanism?

Sender transmits a single packet

What happens in Stop-and-Wait flow control if an acknowledgment is lost?

The sender waits indefinitely for the acknowledgment

In Sliding Window protocol, what does the receiver window represent?

The size of the receiver's buffer currently available

What occurs when the receiver window size is zero in the Sliding Window protocol?

TCP halts further data transmission until the window is non-zero

What is the maximum size of the receiver window in TCP, given its length is 16 bits?

65,535 bytes

How does TCP utilize the receiver window values during transmission?

TCP calculates how much data can be sent without awaiting an acknowledgment

Which problem may arise due to delayed acknowledgment in Stop-and-Wait flow control?

Misinterpretation of received acknowledgments

What is the primary function of BGP?

To exchange routing information between different autonomous systems.

Which feature describes BGP as a path vector protocol?

It sends routes along with routing information.

What must occur for a neighborhood relationship to be established between two BGP routers?

Both routers must send matching configure commands to each other.

What type of protocol is BGP classified as?

Application layer protocol.

Which of the following is NOT a characteristic of BGP?

Operates solely within a single autonomous system.

What does BGP primarily rely on to choose the best route?

The attributes of the path.

Which statement about BGP's operation is correct?

BGP exchanges routing information between multiple autonomous systems.

What kind of updates does BGP support?

Incremental and trigger updates.

What action does an LSR perform first when it receives a packet?

Push a new label

What is the purpose of Forwarding Equivalence Class (FEC) in MPLS?

To assign packets to similar routing paths

What does an LER do with the packet when it enters the network?

It applies a label and assigns it to an LSP

What is a primary benefit of using MPLS regarding traffic management?

Improved performance and reduced latency

Which of the following best describes the use of VPNs in MPLS networks?

They allow full separation and secure communication of traffic

What is an advantage of MPLS being agnostic to transport protocols?

It allows flexibility and compatibility with various protocols

Which factor is vital for implementing QoS in an MPLS network?

Defining tailored Label Switched Paths (LSPs)

What final action does the egress router perform on packets in an MPLS network?

Removes the labels and forwards the original IP packet

Study Notes

Data Communications

• Telecommunication means communication at a distance.
• Data refers to information in any agreed-upon form by the parties creating and using it.
• Data communications involve the exchange of data between two devices through a transmission medium (e.g., wire cable).

Physical Structures

• Type of Connection:
  • Point-to-Point: single transmitter and receiver
  • Multipoint: multiple recipients of single transmission
• Physical Topology:
  • Type of transmission: unicast, multicast, broadcast
  • Connection of devices

Advantages of Mesh Topology

• No data loss
• Reliable
• Secure
• Easy to troubleshoot
• Fast communication

Mesh Topology Description

• Each device is connected to every other device on the network via a dedicated point-to-point link.
• A dedicated link only carries data for the two connected devices.
• The number of links in a mesh topology of 'n' devices is n(n-1)/2.

Network Criteria

• Performance: Depends on network elements, measured in terms of delay and throughput.
• Reliability: Failure rate of network components, measured in terms of availability/robustness.
• Security: Data protection against corruption/loss of data due to errors or malicious users.

Star Topology

• Devices are connected to a central hub.
• If the hub fails, the entire network fails.
• Requires more resources and regular maintenance.
• Not scalable.

Bus Topology

• A single main cable connects all devices.
• Difficult to fault detect, troubleshoot, and not scalable.
• Data collision is an issue.

ISO/OSI Reference Model

• Presentation: allows applications to interpret data meaning, e.g., encryption, compression.
• Session: synchronization, check pointing, recovery of data exchange
• This model is 'missing' from the internet stack.

Internet Protocol Stack

• Application: supporting network applications (e.g., FTP, SMTP, HTTP).
• Transport: process-process data transfer (e.g., TCP, UDP).
• Network: routing of datagrams from source to destination (e.g., IP, routing protocols).
• Link: data transfer between neighboring network elements (e.g., Ethernet, 802.11 (WiFi), PPP).
• Physical: bits "on the wire".

Ring Topology

• Each device is connected to two devices on either side of it.
• A device has two dedicated point-to-point links.
• This topology forms a ring.
• Data is sent in one direction.
• Each device has a repeater.
• If data is for another device, the repeater forwards it until it reaches the intended device.

Protocols

• A protocol is a set of rules governing data communication.
• Key elements include syntax, semantics, and timing.
• Topics covered in this section include Syntax, Semantics, and Timing.

Client-Server Architecture

• Server: Always-on host, with a permanent IP address, often using data centers for scalability.
• Clients: May communicate intermittently, may have dynamic IP addresses and do not communicate directly with each other.

Reliable and Unreliable Connections

• Transport layer uses reliable and unreliable connections to transfer data.
• Reliable connection (TCP) guarantees data delivery but takes more time. TCP uses a three-way handshake, windowing and sequence numbers.
• Unreliable connection (e.g., UDP) delivers data faster but does not guarantee it.

Connectionless Protocol

• In a network system, connectionless service is used to send data from one end to the other without establishing a connection.
• Data packets don't follow a predefined path and can arrive at the receiver in any sequence.
• Examples: UDP, IP protocols.

P2P Architecture

• No always-on server.
• Arbitrary end systems directly communicate.
• Peers request service from other peers, provide service in return.
• Peers bring new service capacity, as well as new service demands.
• Peers are intermittently connected.
• IP addresses change frequently.
• Complex management.

Connection-Oriented Protocol

• A connection-oriented service establishes an end-to-end connection between sender and receiver before delivering data.
• Packets are sent in the same sequence as they were sent.
• Uses handshake approach.
• Example: TCP protocol.

Application Architecture

• N/A (no specific notes for application architecture found in text)

Encapsulation

• Data is encapsulated at different layers of the protocol stack.
• Each layer adds its own header information.

Categories of Networks

• LANs (Local Area Networks): Short distances, designed for local interconnection.
• WANs (Wide Area Networks): Long distances, provide connectivity over large areas.
• MANs (Metropolitan Area Networks): Connectivity over areas such as a city or campus.

Disadvantages of Ring Topology

• A link failure can cause the entire network to fail.
• Data traffic issues due to the ring structure.

Advantages of Star Topology

• Less expensive
• Easier to install
• Cost-effective
• Robust
• Easy to troubleshoot
• Reliable

Bus Topology Description

• A single main cable connects all devices via drop lines.
• A tap connects drop lines to the main cable.
• Limited drop lines and distance due to transmission over a single main cable.

Disadvantages of Mesh Topology

• Tedious and costly to implement due to the high number of wires required.
• Requires many I/O ports per device.
• Scalability is an issue since a device cannot be easily connected with many devices.
• Point-to-point link is difficult for a large number of devices.

Types of Connections (Point-to-Point and Multipoint)

• A detailed description of point-to-point and multipoint connections.

Network Topology

• Geometric representation of computer connections.
• Four main types: mesh, star, bus, ring.

Networks

• A network is a set of devices (nodes) connected by links.
• The links can be cables, air, optical fibers.

Components of a Data Communication System

• Sender
• Receiver
• Message
• Medium
• Protocol

Data Flow (Simplex, Half-Duplex, Full-Duplex)

• Simplex: unidirectional data flow (e.g., radio broadcast).
• Half-Duplex: bidirectional but only one direction at a time (e.g., walkie-talkie).
• Full-Duplex: bidirectional and both directions simultaneously (e.g., telephone).

Flow Control

• Flow control manages the amount of data sent to the receiver.
• It prevents the receiver from being overwhelmed.
• It synchronizes speed between the sender and receiver.

Stop-and-Wait Flow Control

• Simplest form of flow control.
• Receiver indicates readiness to receive data for each packet.
• Operations: Sender transmits a single packet; Receiver transmits an acknowledgment (ACK); and Go to 1.

Disadvantages of Stop-and-Wait Flow Control

• Problems occurring as a result of lost acknowledgements.
• The sender waits an endless time for an acknowledgment.
• Problems occurring as a result of delayed data or acknowledgment

Introduction to Sliding Window

• One of the popular flow control mechanisms in TCP.
• Byte-oriented; variable size.
• Receiver sends a window size to the sender (the size available in the receiver's buffer).

TCP Flow Control

• Two mechanisms built on sliding window: Go-Back-N and Selective Repeat.

Go-Back-N

• Automatic Repeat Request (ARQ) protocol for reliable data transmission.
• Uses sliding window approach.
• If a frame is lost or in error, all frames from that point onward are retransmitted.

Selective Repeat

• Automatic Repeat Request (ARQ) protocol for reliable data transmission.
• Sends a sequence of data frames before needing an acknowledgment (ACK).
• If a frame is lost or in error only retransmits the lost frame.

TCP Congestion Control

• Slow Start
• Congestion Avoidance
• Congestion Detection

Slow Start

• Sender initially sets congestion window size to MSS (Maximum Segment Size, usually 1).
• Increments window by 1 MSS after receiving an ACK.
• Continues exponentially until window reaches a slow start threshold.

Congestion Avoidance

• After slow start threshold is reached, window size is increased linearly.
• Size is incremented by 1 MSS each time an ACK is received.
• Continues until window size equals receiver window size.

Congestion Detection

• Sender detects if a segment is lost, depending on the type of loss.
• Two main detection cases : Detection On Time Out and Detection of Receiving 3 Duplicate ACKs

NAT Protocol

• Allows multiple devices to access the internet through a single public IP address.
• Translates a private IP address into a public IP address.
• Acts as a translator between devices within a local network and external networks.

Types of NAT Translation

• Static NAT: one-to-one translation.
• Dynamic NAT: many-to-one translation.
• PAT (Port Address Translation): one-to-many translation.

Challenges and Limitations of NAT

• End-to-end connectivity
• Application compatibility
• Scalability concerns
• Impact on IPsec VPNs
• NAT logging and troubleshooting

What Is VPN?

• Virtual Private Network (VPN)
• Uses public telecommunication (e.g., the internet) instead of leased lines.
• Became popular for remote employees.
• Includes terminologies to understand how VPNs work.

Virtual Private Networks

• Employees can access the network (intranet) from remote locations.
• Secured networks.
• Uses the internet as the backbone.
• Saves cost.
• Scalable deployment.

Remote Access Virtual Private Network (VPN)

• Diagram of a typical remote access VPN architecture.
• Shows the network components, such as routers, firewalls, and ISPs.

How it Works (VPN)

• Two connections: one to the internet, and one to the VPN.
• Datagrams: contain data, destination, and source information.
• Firewalls:  allow authorized users to pass through the firewalls.
• Protocols: create the VPN tunnels.

VPN Critical Functions

• Authentication: validates data from the sender.
• Access control: limits unauthorized users.
• Confidentiality: prevents data from being read or copied during transport.
• Data integrity: ensures data has not been altered.

Encryption

• Scrambling data before transmitting it on the internet.
• Using public-key encryption techniques.
• Including digital signatures for authentication.

Tunneling

• Virtual point-to-point connection made through a public network.
• Transports encapsulated datagrams.
• Two types of end points: remote access and site-to-site.

Four Protocols Used in VPN

• PPTP (Point-to-Point Tunneling Protocol)
• L2TP (Layer 2 Tunneling Protocol)
• IPsec (Internet Protocol Security)
• SOCKS (not used as much).

VPN Encapsulation of Packets

• Diagram showing how a VPN encapsulates packets for transfer across the internet.
• Shows the different components involved in a VPN, including packets, routers, and internet connectivity.

Types of Implementation (VPN)

• Intranet: within an organization.
• Extranet: outside an organization.
• Remote access: employee to business.

Virtual Private Networks (VPN) - Basic Architecture

• Diagram of the common architecture of VPNs.
• Shows the key components.

Device Types (VPN)

• Hardware: usually a VPN type of router.
• Firewall: more security, but still relatively costly.
• Software: flexible and relatively low cost, but less efficient.

Advantages of VPNs (Cost Savings)

• Eliminate need for expensive long-distance lines.
• Reduce long-distance phone charges for remote access.
• Transfer the support burden to service providers.

Advantages of VPN - Scalability

• Flexibility of growth.
• Efficiency in broadband technology.

Disadvantages of VPNs

• Requires in-depth understanding of public network security issues and proper precautions.
• Availability and performance factors largely outside control.
• VPNs need to accommodate protocols other than IP.

Applications: Site-to-Site VPNs

• Large-scale encryption (multiple fixed sites, like remote offices to central offices).
• Network sends traffic over the branch office internet connection.
• Saves hardware and management expenses.

Applications: Remote Access VPNs

• Encrypted connections between mobile and remote users & corporate networks.
• Enables local calls to ISPs (instead of long-distance).
• Ideal for telecommuters and mobile sales personnel.
• Benefits from broadband connectivity (DSL, cable).

Industries That May Use a VPN

• Healthcare: confidential patient info transfer.
• Manufacturing: allow suppliers to access inventory & clients to purchase online.
• Retail: securely transmit sales data between stores & headquarters.
• Banking/Financial: transfer account info between departments & branches.
• General business: communication between remote employees.

Summary of Network Layer Functions

• Internetworking
• Addressing
• Routing
• Packetizing
• Fragmenting

IP Addresses in a Network

• Every host on the internet requires a unique IP address.
• The IP address uniquely identifies a network interface on a host.
• A host can have many interfaces.
• IP addresses consist of a network portion and a host portion.

IP Address: 32-Bit Binary Number

• 32-bit binary number.
• Divided into 4 octets (8 bits each).
• Has network and host portion.

Classful IP Addressing

• The IP address space is divided into classes (A, B, C).

Limitations of Classful Addressing

• Addresses allocated based on request, not need.
• Limited number of available addresses (2^32).
• Classful octet boundaries are easy to understand but are not efficient for allocation in a finite address space.

Classless Inter-domain Routing (CIDR)

• More efficient use of IPv4 address space.
• Improved route summarization that reduces routing table size.
• Reduces routing update traffic.

The Concept of Routing

• Every IP packet has a source and destination IP address.
• Routers use this information to forward packets.
• Routers use their forwarding tables to decide the best path to the destination.

Scaling Connectivity Requires Routing

• Routing tables can be build dynamically or statically.
• Routers participate to exchange routing information.

Routing - IP Forwarding

• Routers decide the outgoing interface for a packet.
• The forwarding table is populated by the routing processes.
• Forwarding decisions are made based on destination address, class of service, local requirements, etc.

Static Routing

• A manually configured route on a router to reach a specific destination network.
• Useful for smaller networks and hub and spoke networks.
• Useful for connecting to the internet or single-homed networks.

Static Routing Scenarios

• Connecting to the internet (simple default route helps).
• Routing between routers using static routes.

Static Route Configuration

• network-address: Destination network address.
• subnet-mask: Subnet mask of the destination network. Typically used to group/summarize networks.
• ip-address: Next Hop's IP address.
• exit-interface: The outgoing interface on the router to forward to the destination network.

Advantages and Disadvantages of Static Routing

• Advantages:
  • Easy to configure.
  • Doesn't need much resources.
  • Secure (less prone to routing errors than dynamic routing).
• Disadvantages:
  • Manual reconfiguration after network changes.
  • Does not scale well for larger networks.

Characteristics of Dynamic Routing

• Dynamically shares routing information between routers.
• Automatically updates routing tables when topology changes.
• Determines the best path to a destination.

Classifying Routing Protocols

• Dynamic Routing Protocols
  • Interior Gateway Protocols (IGPs)
    • Distance Vector Routing Protocols (e.g., RIPv1, RIPv2, IGRP)
    • Link-State Routing Protocols (e.g., OSPF, IS-IS)
  • Exterior Gateway Protocols (EGPs)
    • Path-Vector Routing Protocols (e.g., BGP)

Autonomous System (AS)

• Collection of networks using the same routing policy.
• Typically under single administrative control.

Definition of Terms (Routing)

• Neighbours: ASs or routers that directly exchange routing information.
• Announce: To send routing information to a neighbor.
• Accept: To receive and use routing information from a neighbor.
• Originate: Insert routing information into external announcements.
• Peers: Routers in neighboring ASs that exchange routing and policy information.

Routing Flow and Packet Flow

• Flow of packet exchange between Autonomous Systems.
• Shows how packet data moves within ASs and across them.

Routing Policy.

• Used to control routing information flow.
• ISP makes decisions on which information to accept from its neighbors.
  • Individual routes
  • Routes originated by specific ASes
  • Routes traversing specific ASes
  • Routes belonging to other groupings.

Routing Policy Example

• An example of using different links for routing traffic to different destinations. Shows how a routing policy can specify how to handle traffic to and from different Autonomous Systems.

Interior Gateway Protocol (IGP)

• Protocol used within an Autonomous System (AS).
• Carries info about the internal infrastructure prefixes.
• Examples: OSPF, ISIS.

Exterior Gateway Protocol (EGP)

• Used to convey routing info between Autonomous Systems (ASs).
• De-coupled from IGPs.
• Example: BGP (Border Gateway Protocol).

IGP versus EGP

• Interior (IGP):
  • Automatic neighbor discovery.
  • Trust relationships between routers.
  • Prefixes to all IGP routers in the AS.
  • Bind routers together in one AS.
• Exterior (EGP):
  • Specifically configured peers.
  • Connecting with outside networks.
  • Administrative boundaries; bind ASs together.

Dynamic Routing Protocol

• Used to automatically provide the best route for a remote network.
• Types: Interior Gateway Protocols (IGPs) and Exterior Gateway Protocols (EGPs).

Dynamic Routing Protocol (Diagram)

• Diagram showing the relationship between routing protocols (EGPs & IGPs) and Autonomous Systems (ASs).

Interior Gateway Protocol (IGP) Types

• Link State (e.g., OSPF, IS-IS)
• Distance Vector (e.g., RIPv1, RIPv2, IGRP)

Distance Vector

• Distributed: Each node shares information with neighbors.
• Iterative: Continues until no more new information is received.
• Asynchronous: Doesn't require all nodes to operate in lock step.
• Describes dynamic algorithm.
• Each router maintains a distance table.

Distance Vector - Key Features

• Knowledge about the whole network; routers share with neighbours.
• Routing only to neighbors.
• Information sharing at regular intervals.

Distance Vector (Diagram)

• Diagram showing data for routers and networks (example).

Distance Vector (Example)

• Example showing how routers exchange information and calculate best paths.

Link State

• Each router shares info about its neighborhood with every other router.
• Data is flooded through the network.
• Routers update when information changes.

Link State - Knowledge about the neighborhood

• Routers don't send whole routing tables, but only info about their directly connected links.

Link State - Flooding

• Routers send copies of network status changes to every other router except its neighbors.

Link State - Information Sharing

• Routers reshare network status changes only when changes occur.

Link State - Initial and Final States

• Initial State: Each router knows the cost/status of its directly connected neighbours.
• Final State: Each router knows the full network topology. Dijkstra's algorithm is used to determine optimal paths.

Routing Information Protocol (RIP) - Description

• RIP is an intra-domain protocol used within an AS.
• Routes packets within a defined area (e.g., within an institution).
• Protocol's structure shows the fields that determine the routing table (including command, version, family, network address, reserved, distance).

RIP - Hop Count

• Router forwards a packet and adds 1 to the hop count.
•  Hop-count determines packet cost/path for destination.

RIP - Message Format

• Command, version, family, network address, all-zeroes, distance.

RIP - How it Works

• RIP selects the route with the fewest hops to reach a destination router.
• It balances load by sending same data packet to all paths containing equal hops.

RIP - Disadvantages

• Route choice strictly based on hop count, ignores bandwidth.
• Slow convergence (time to stabilize after network changes).
• Does not support VLSM (Variable Length Subnet Masking).
• Sends updates every 30 seconds causing considerable network overhead.

RIP - Advantages

• Easy to configure.
• Simple routing algorithm, not complex.
• Low CPU utilization on router due to simplicity.

OSPF

• Open Shortest Path First
• Common intra-domain routing protocol used within an AS.
• Uses link-state routing. All routers know the entire network topology.

OSPF - Routing Goal

• Learns routes using link-state advertisements (LSAs).
• Contains info about every router, subnet, networking info.
• Stored in Link-State Database (LSDB).
• Goal is to have the same info about every router.

OSPF - Areas and Backbone

• Autonomous systems are divided into areas for easy management.
• Backbone area (area 0) connects all other areas.
• Area border routers (ABRs) summarize info within an area and share it with other areas.

OSPF - How it Works

• Step 1: Establish neighbor relationships between routers using hello packets.
• Step 2: Exchange database information using databases-descriptions (LSDBs), link state request, link state updates, and link state acknowledgements.
• Step 3: Use the LSDB to compute the best route via Dijkstra's algorithm in each router.

OSPF - Router ID

• Uniquely identifies each router in the network, typically an IPv4 address.
• Can be set manually or auto-assigned (dynamically assigned by the router).

OSPF - Message Format

• Version (8 bits).
• Type (8 bits) for specifying the type of packet.
• Message (16 bits) defines total length of message (including header).
• Source IP address.
• Area identification.
• Checksum.
• Authentication type.
• Authentication information.

OSPF - Authentication Type

• Two types of authentication (0 & 1).
• 0: no authentication; 1: password-based authentication.

OSPF Packets

• Five different types of packets; including Hello, Database Description (LSDB), Link state request, Link state update and Link state Acknowledgment.

OSPF States

• Down, Init, 2-Way, Exstart, Exchange, Loading, Full..etc (various steps describing an exchange state between neighbor routers)

Border Gateway Protocol (BGP)

• Interdomain routing protocol.
• Path-vector routing.
• Used to exchange routing info among autonomous systems (ASs).
• Implemented on different (and various) networks.

BGP - Autonomous Systems (AS)

• Grouping of networks under common administrative control.
• Each organization likely has one or more AS number assigned to their network.

BGP - Communication between ASes

• Interior Gateway Protocols (IGPs) (e.g., OSPF, RIP, EIGRP.) are used for communication within the same autonomous system.
• Exterior Gateway Protocol (EGP) (e.g., Border Gateway Protocol (BGP)) is used to communicate between different autonomous systems.

BGP Features

• Open standard.
• Exterior Gateway Protocol (EGP).
• Inter-autonomous system routing.
• Supports internet.
• Classless protocol.
• Incremental and trigger updates.
• Path-vector protocol.
• Application-layer protocol.
• uses TCP for reliability.
• Metrics (e.g., weight attribute).

BGP - Configure Neighborhood Relationship

• Neighbor relationships (manually) between BGP routers.
• Configured to establish communication.

BGP - Path Attributes

• Attributes used to choose the best route (based on policies and criteria).

BGP - Neighbors (IBGP and EBGP)

• IBGP (Internal BGP): Neighbors within the same AS.
• EBGP (External BGP): Neighbors in different ASes.

BGP Tables

• Neighbor table: contains configured neighbors.
• BGP forwarding table: Contains all advertised routes.
• IP routing table: Contains the best paths to destinations.

BGP Packets (Open, Update, Keep Alive, Notification)

• Open: establishes neighbor relationship..
• Update: used to announce and withdraw routes.
• Keep Alive: maintains the established relationship; checks if all routers are still up..
• Notificaion: Informs of error conditions.

Multiprotocol Label Switching (MPLS)

• A switching mechanism used for WANs.
• Uses labels (instead of network addresses) for routing traffic.
• Protocol-agnostic.
• Speeds up and shapes traffic across networks, reducing downtime.
• Improves quality of service (QoS) optimization.

History of MPLS

• Developed as an alternative to multi-layer switching and IP over ATM..
• Created standards to help fix issues in internet traffic.
• Improvements made to deal with bandwidth scaling.

MPLS - Components

• Labels: Four-byte 32 bit identifiers that specify packet forwarding paths.
• Label value: 20 bits.
• Experimental bit: 3 bits for experimental purposes.
• Bottom of stack bit: Indicates the bottom of a label stack.
• Time to live bit: 8 bits to help in managing label duration.

MPLS - Operations (Pop, Push, Swap)

• Pop: removes a label from a packet.
• Push: adds a label to a packet.
• Swap: replaces an existing label with a new label.

MPLS Network Traffic Pathway

• Labels applied by ingress routers (LERs).
• Forwarding Class Equivalence (FEC) groups packets with similar characteristics.
• MPLS operates between Layer 2 (data link) and Layer 3(routing).

MPLS Routing Terminology

• Label Edge Routers (LERs): ingress/egress routers.
• Label-Switched Paths (LSPs): pathways for routing.
• Label Switch Routers (LSRs): forward data across labelled pathways.

Benefits of MPLS

• QoS controls
• VPN support (traffic separation, virtual private networks)
• Protocol agnostic routing.
• Reduced latency and improved performance.
• Scalability (provision for bandwidth as needed).
• Security features through proper configuration.

Data Centers

• Physical facilities.
• House computing / storage infrastructure.
• Various networked formats.
• Size: 500-5000 sqm buildings.
• Power: 1 MW to 10-20MW (average 5 MW).

Traditional Data Center Architecture

• Servers mounted on 19” rack cabinets.
• Servers, CPUs, DRAM, Disks.
• Racks are placed in single rows forming corridors between them.

Modern Data Centers

• Indoor/Outdoor Power Generation.
• Electrical room/UPS/Battery room..etc
• Includes various technical aspects such as heat rejection, mechanical room.

Costs for Operating a Data Center

• Typical monthly costs for servers, networking, power distribution/cooling, power, other infrastructure.

Virtualization

• Abstraction of logical resources from underlying physical resources.
• Virtualization software mimics the functions of physical hardware to run multiple virtual machines on a single physical machine.
• Efficiency and Return on Investments improve using virtualization technology.

What is Cloud Computing

• Delivery of computing services (storage, processing power, applications) over the internet.
• Users access resources on-demand without needing physical infrastructure.

Cloud Definition (NIST)

• A model for convenient, on-demand network access to a common pool of configurable computing resources (e.g., networks, servers, storage, applications, and services).
• Minimal effort or service provider interaction.

Cloud Computing Characteristics

• On-Demand Self-Service
• Broad Network Access
• Resource Pooling
• Rapid Elasticity
• Measured Service

Cloud Deployment Models

• Public Cloud: Services shared among the general public (e.g., AWS, Azure).
• Private Cloud: Dedicated infrastructure for a single organization (either on-premises or off-premises).
• Hybrid Cloud: Combines public and private clouds, allowing data and workload flexibility.
• Community Cloud: Infrastructure shared among specific community organizations (e.g., government agencies, educational institutions)..

Cloud Service Models

• Infrastructure as a Service (IaaS): Virtualized computing resources, storage, and networking (e.g. AWS, Google Compute Engine).
• Platform as a Service (PaaS): Platform for developers to build, test, and deploy applications (e.g., Google App Engine, Microsoft Azure).
• Software as a Service (SaaS): Provider-managed software applications accessible through a web interface (e.g., Google Apps, Microsoft Office 365).

Differences between Cloud Service Models

• Comparing the various cloud service models based on what is provided to the users, including responsibilities of the users and providers of different models.

Benefits of Cloud

• Capacity and Scalability
• Reduce Infrastructure Costs
• Refresher infrastructure/aging systems.
• New Opportunities
• Business Continuity
• Increased Collaboration

Common Cloud Computing Use Cases

• Data storage and backup.
• Software development & testing; Rapid implementation
• Web and Mobile Applications; increased accessibility
• Big Data Analytics
• Disaster Recovery

Description

This quiz explores the advantages and disadvantages of using VPNs in corporate settings. It covers how VPNs can benefit financial aspects of companies and essential considerations for their deployment. Test your knowledge about encrypted connections for mobile users and the implications of Site-to-Site VPNs.