Week 6 ITM301 PDF

Managed Switches An unmanaged switch provides plug-and-play capability with minimal configuration options It has no IP addressed assigned to it Managed switches can be configured via a command-line interface or a web-based management GUI Switches are layer 2 devices, however the following higher-layer switches also exist: Layer 3 switch is capable of interpreting layer 3 data and works like a router Layer 4 switch is capable of interpreting layer 4 data Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Switch Path Management (1 of 3) Redundancy allows data the option of traveling through more than one switch toward its destination and makes your network less vulnerable to hardware malfunctions A potential problem with having multiple paths through a network has to do with traffic loops STP (Spanning Tree Protocol) prevents traffic loops, also called switching loops, by calculating paths that avoid potential loops and by artificially blocking the links that would complete a loop STP can also adapt to changes in the network STP chooses the most efficient paths and calls these the least cost path Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Switch Path Management (2 of 3) Figure 7-4 DP indicates downstream designated ports, and RP indicates upstream root ports Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Switch Path Management (3 of 3) STP information is transmitted between switches via BPDUs (Bridge Protocol Data Units) Some security precautions that must be configured on STP-enabled interfaces include: BPDU guard BPDU filter Root guard Newer technologies to improve or replace STP include the following: RSTP (Rapid Spanning Tree Protocol) TRILL (Transparent Interconnection of Lots and Links) SPB (Shortest Path Bridging) Some switch manufacturers have designed proprietary versions of STP optimized to work most efficiently on their equipment Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Switch Port Security Unused physical and virtual ports on switches and other network devices should be disabled until needed You can do this on Cisco, Huawei, and Arista routers and switches with the shutdown command (the no shutdown command on Cisco or Arista devices enables them again) Another Cisco command to secure switch access ports is switchport port-security This is a MAC filtering function that protects against MAC flooding This type of switch port security is only one layer of defense Security should always be implemented in layers, which is a strategy called defense in depth Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Hierarchical Design (1 of 4) A load balancer helps to evenly distribute traffic to each device in a cluster so every device carries a portion of the load Cisco and other manufacturers have developed a hierarchical design for switches on a network called a three-tiered architecture The access layer, or edge layer, consists of workgroup switches connected directly to hosts The distribution layer, or aggregation layer, is a highly redundant mesh of connections between multilayer switches or routers The core layer consists of highly efficient multilayer switches or routers that support the network’s backbone traffic The flow of traffic between peers within a network segment is called east-west traffic Traffic that must leave the local segment to reach its destination is called north-south traffic Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Hierarchical Design (2 of 4) Figure 7-5 In a three-tiered architecture, switches at each layer are optimized to perform different functions Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Hierarchical Design (3 of 4) As newer technologies such as virtualization, SDN, and cloud computing became more popular, east-west traffic began experiencing latency A new hierarchical design was needed to better optimize east-west traffic Newer networks collapse the core and distribution layers into one layer called the spine Spine switches on the backbone connect in a mesh topology with all leaf switches but not with each other This design is called a spine-and leaf architecture and offers the following advantages: Improved redundancy and scalability Decreased latency Increased performance and security Reduced expense Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Hierarchical Design (4 of 4) Figure 7-8 Two architecture layers provide more efficient access between any two network resources Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Software-Designed Networking (SDN) (1 of 2) SDN (software-defined network) is a centralized approach to networking An SDN controller integrates all of the network’s virtual and physical devices into one cohesive system SDN relies on a form of abstraction called disaggregation SDN abstracts the functions of network devices into different layers, or planes: Infrastructure plane (also called data plane) – this plane is made up of the physical or virtual devices that receive and send network messages Control plane – this plane handles the decision-making processes Application plane – the SDN controller communications with network applications using APIs Management plane – this plane could be considered a part of the control plane Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Software-Designed Networking (SDN) (2 of 2) Figure 7-11 Each plane has its own functions and methods of communication Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Storage Area Network (SAN) (1 of 3) A SAN (storage area network) is a network of storage devices that communicate directly with each other and with other portions of the network SAN devices contain multiple storage drives and are designed to make data available to a network of servers To maximize throughput, SANs rely on one of these networking technologies: FC (Fibre Channel) is a storage networking architecture that runs separately from Ethernet networks to maximize speed of data storage and access FCoE (Fibre Channel over Ethernet) allows FC to travel over Ethernet hardware and connections iSCSI (Internet SCSI) is a transport layer protocol that runs on top of TCP to allow fast transmissions over LANs, WANs, and the Internet IB (InfiniBand) requires specialized hardware Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Storage Area Network (SAN) (2 of 3) Figure 7-13 A Fibre Channel SAN connected to an Ethernet LAN Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Storage Area Network (SAN) (3 of 3) Figure 7-15 A SAN using FCoE to connect to a LAN Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Knowledge Check Activity 7-1 Which SAN connection technology can run over ordinary Ethernet NICs without any special equipment? a. FC b. iSCSI c. SATA d. IB Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Knowledge Check Activity 7-1: Answer Which SAN connection technology can run over ordinary Ethernet NICs without any special equipment? Answer: b. iSCSI iSCSI (Internet SCSI) can work on a twisted-pair Ethernet network with ordinary Ethernet NICs. FC requires special hardware. SATA cables connect a computer’s hard drive to its motherboard. IB, like FC, requires specialized hardware. Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Virtual Architecture (1 of 3) Virtualization is a virtual, or logical, version of something rather than the actual, or physical, version A host is a physical computer “hosting” a virtual machine A guest is each virtual machine A hypervisor creates and manages a VM It also manages resource allocation and sharing between a host and any of its guest VMs There are two types of hypervisors: Type 1 – installs on a computer before any OS and is called a bare-metal hypervisor Type 2 – installs in a host OS as an application and is called a hosted hypervisor Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Virtual Architecture (2 of 3) Figure 7-17 Type 1 and Type 2 hypervisors Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Virtual Architecture (3 of 3) A VM’s software and hardware characteristics are assigned when it is created in they hypervisor You can customize the VM with the following: A guest OS Amount of memory Hard disk size Processor type and other options Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Network Connection Types (1 of 6) Every VM has its own vNIC (virtual NIC) that can connect the VM to other machines It operates at the Data Link layer Each VM can have several vNICs The maximum number depends on the limits imposed by the hypervisor When a VM’s vNIC is selected the hypervisor creates a connection between that VM and the host The connection might be called a bridge or switch (vSwitch) One host can support multiple virtual switches which are controlled by the hypervisor The way a vNIC is configured determines whether the VM is joined to a virtual network or attempts to join the physical LAN the host machine is connected to Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Network Connection Types (2 of 6) Figure 7-21 Virtual servers on a single host connect with a virtual switch Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Network Connection Types (3 of 6) Bridged Mode In bridged mode, a vNIC accesses physical network using host machine’s NIC It obtains own IP address, default gateway, and subnet mask from a DHCP server on the physical LAN The VM appears to other nodes as just another client or server on the network NAT Mode In NAT mode, a vNIC relies on host machine to act as NAT device It obtains IP addressing information from host The hypervisor acts as a DHCP server This type of connection is appropriate for VMs that do not need to be accessed at a known address by other network nodes Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Network Connection Types (4 of 6) Figure 7-23 This vNIC accesses the physical network directly in bridged mode Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Network Connection Types (5 of 6) Host-only Mode In host-only mode, VMs on one host can exchange data with each other and the host They cannot communicate with nodes beyond the host The vNICs never receive or transmit data with host’s physical NIC Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Network Connection Types (6 of 6) Figure 7-27 vNICs in a host-only network can only talk to other VMs running on that host Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Pros and Cons of Virtualization Advantages of virtualization include the following: Efficient use of resources Cost and energy savings Fault and threat isolation Simple backups, recovery, and replication Disadvantages of virtualization include the following: Compromised performance Increased complexity Increased licensing costs Single point of failure Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. NFV (Network Functions Virtualization) NFV (Network Functions Virtualization) is the process of merging physical and virtual network architecture Provides flexible, cost-saving options for many types of network devices Options for virtualizing network devices include the following: Virtual firewall – install a firewall’s OS in a VM on an inexpensive server Virtual router – install a router VM on a server instead of purchasing an expensive hardware router Advantages of virtualizing network functions: Virtual devices can be quickly and sometimes automatically migrated (moved) from one server to another in the event of hardware failure of maintenance Resources are utilized more efficiently Services can be easily scaled to meet the changing needs of a network Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue