ITP 357 Final Exam Review PDF
Document Details
Uploaded by RockStarHydrangea5467
USC
Tags
Summary
This document provides an overview of networking concepts and topics. It covers topics such as ARP, routing, multicast, and default gateways, along with related terms and concepts.
Full Transcript
Final Exam Quizlet: https://quizlet.com/857883074/itp-357-final-exam-flash-cards/# Midterm Exam Quizlet: Lecture 7 ARP ARP = address resolution protocol Broadcast = set packet’s destination MAC address to all f’s to make it go to everyone on purpose Flooding = switch receives a packet for a MAC it...
Final Exam Quizlet: https://quizlet.com/857883074/itp-357-final-exam-flash-cards/# Midterm Exam Quizlet: Lecture 7 ARP ARP = address resolution protocol Broadcast = set packet’s destination MAC address to all f’s to make it go to everyone on purpose Flooding = switch receives a packet for a MAC it doesn’t know so it sends it to everyone and keeps track of the response (to add this to their own MAC table) ARP Request - Who has the MAC address for IP x.x.x.x? - Give source MAC address - Broadcast this message to everyone (f) - The switch then sends this out to all interfaces – someone will respond with the MAC address and then the information will be stored ARP Poisoning/Spoofing - Wrong person can reply to WHO HAS request, easy to abuse because there is no way to check/validate Multicast Traffic Special IP address only goes out to certain groups of machines, these machines can subscribe to the traffic for a certain multicast stream, the switch will keep track of the members. This is used in wireless audio/video streaming, security cameras, and digital signage. Default Gateway By using our subnet mask and ip address when sending traffic, we can logically determine what’s in our local network and what’s in the outside world. The default gateway is routing traffic in and out of our local subnet to everything else (private subnets, the internet, etc). The default gateway is a router, the router’s ip address is a default gateway. Hosts/other network devices will use that ip address as their default gateway so they have a way to forward traffic to that ip to reach things they know aren’t on their own subnet. Routing Intro Switches operate on layer 2 so they can see MAC addresses, but ip addresses are on layer 3 so they can’t send traffic between different networks. Routing is the process where a packet gets from one location to another across different networks. To route a packet you need to know 1) destination address and 2) which interface to send the traffic out of. How it works - Router receives a packet via a default gateway address via some interface (called ingress interface) - It will look up the destination ip address and compare that against its routing table - Based on the lookup result, the router sends the packet to a specific egress interface 2 processes involved: 1) Path finding/determination – how do you best get from point A to B 2) Packet switching/forwarding – the process of sending actual data from A to B Time to Live Value Each time a packet passes through a router, its TTL value decreases by 1 in order to prevent routing loops from happening. By default this value usually starts at 128. Static Routing Path with hops. Routing Tables Routers keep an internal database called a routing table or routing information base (RIB) that tells the device how to analyze and forward packets. The RIB associates destination networks with a specific interface to forward the traffic off to, and will often include a default interface. These tables are often very dynamic. Lecture 8 Static Routing Review Steps involved in ARP request: 1) broadcast (f) ARP packet to ask for MAC address of some IP address and gives own MAC address to reply to, 2) destination device replies with IP and MAC, 3) source grabs MAC address and puts it in a table Security Risks: Spoofing – wrong person can reply to WHO HAS request Default Gateway: routes traffic in and out of our local subnet to everything else – default gateway is a router’s ip address which other devices use as their default gateway so they have a way of forwarding traffic to that ip address to reach things they know aren’t in their own subnet. Multicast Traffic: train lines – machines can subscribe to traffic or special ip addresses and the switch keeps track of that 2 Key Functions of Routing: 1) path finding/determination and 2) packet switching/forwarding Where is routing information stored: RIB (routing information base) is an internal database in the router that tells the device how to analyze and forward packets Default Routes These are the route of last resort, similar to a default gateway (if you don’t know where to send a packet – ie the destination isn’t in the routing table) send it here Use Cases: small networks, network that do not change much Dynamic Routing Dynamic routing is the most common protocol in use today in modern enterprise networks – routes can be learned through the network and exchanged between routers (scaling issues are mostly resolved) Routers can take their static routes and replicate them across a network to every route. “Learned routes” = routes that are exchanged via dynamic routing. This “broadcasting” of routes is called route advertisement. Administrative Distance Administrative distance fixes the issue of multiple static routes to the same destination (unpredictability with packets arriving out of order due to varying number of hops, etc). Administrative distance is the priority of a route, the lowest admin distance path is used by default. Issues and Solutions Basic dynamic routing isn’t much better than static routes in many aspects. To address this, we “grade” each possible route by the number of hops it has to take to get to its destination and then add this information to our route list. If there are multiple routes to the same destination, we will want to use the one that has fewer hops than another. Grade is referred to as the metric. Metric Measurement We can use hop count, bandwidth/connection type, and other stuff to grade various paths. How do we prioritize these different metrics? Something can be a few more hops away but has a substantially faster connection type to get there… Generally we are just measuring the cost of a path. Global and Local Routing Protocols Routing within an organization is different from routing across the entire internet. Within a company, there may be various interior gateway protocols in use to route traffic. On the outside across the internet we use exterior gateway protocols. Interior Dynamic Routing Protocols IGP (interior gateway protocol) protocols come in two primary types: link-state based and distance-vector based. 1) Link-State Based a) Sends information about all links (interfaces) to everyone on a network b) Knows all paths by default c) Ex: OSPF (open shortest path first), ISIS 2) Distance-Vector Based a) Uses algorithms to calculate and periodically broadcast route information around a network b) “Routing by rumor” c) Ex: RIP, IGRP, EIGRP Preventing Routing Loops Technologies to prevent loops in complex networks: - Maximum hop count - Split-horizon prevents re-advertising learned networks if a router already has them associated with a specific interface (don’t advertise a route back to where it was learned from) - Others: holddown timers, triggered updates Spanning Tree Spanning Tree Protocol (STP) is a layer 2 protocol which prevents loops when there are redundant paths in a network. It works by setting interfaces in either a forwarding or blocking state. How it works: 1) All connected switches elect a single root switch a) This is based on either manually set priority or a calculation done on their MAC address (lowest value wins in hex) 2) Each switch calculates a root interface which is the one nearest to the root switch. That is set to the forwarding state. 3) Other interfaces that lead to the root switch are set to a blocking state and will not forward data. BPDU (bridge protocol data units) are pieces of data that transmit STP information among switches. STP generally has an extremely high convergency time. This is the amount of time it can take to recompute a root and then share this information (can sometimes be hours in poorly designed networks). RSTP and other more modern enhancements to STP can help with this, as can good network design. Not all Dynamic Protocols are Equal You can mix and match different protocols. Routers will assign a default admin distance to each protocol to prioritize its route advertisements: - Direct connect = 0 - Static = 1 - EIGRP = 90 - OSPF = 110 - RIP (v1 and v2) = 120 - EIGRP = 170 Each protocol uses a different metric for calculating cost - Direct connect N/A - Static N/A - EIGRP = bandwidth and delay (can also factor reliability, load, and MTU size) - OSPF = cost (as measure of bandwidth – 10^8/link bandwidth) - RIP (V1 and v2) = hop count (number of routers a packet passes through to reach destination) RIP v1 and v2 Routing Information Protocol (RIP) v2 works by having routers broadcast out their entire routing table every 30 seconds to all interfaces. They send them via multicast to 244.0.0.9 (machines must subscribe to this ip). There is an authentication mechanism available. RIPv1 uses Bellman-Ford Algorithm to count the number of hops/routers to a destination network. It chooses a path with the fewest hops and the max hop count is 15. Internet/Global/Exterior Routing Protocols Across the internet, providers need a way to route traffic to other ISPs and onto their final destinations. For this, we use the Border Gateway Protocol (BGP). Path-vector based. Lecture 9 OSPF Open Shortest Path First is a link-state based routing protocol based on Dijkstra’s algorithm. It is one of the most popular routing protocols in use today (developed in 1988 as an open standard). Unlike RIP, it does not send out periodic routing table updates. OSPF is much more scalable, especially since RIP has a low total maximum hop count. Why OSPF? - No hop-count limitation - Rapid convergence - Classless (allows the use of VLSM) - Password authentication - Advanced path selection capabilities - Tagging of external routes - Better use of bandwidth via multicasts and periodic routing updates - Allows networks to be divided into smaller logical areas for efficiency - Uses multicast addresses for efficient and reliable routing update processes - Uses equal-cost load balancing over multiple paths for efficient bandwidth usage - Supports MD5 authentication for secure route exchange - No split horizon issues How does it work? - It is based on the concept of neighbor routers establishing relationships with another before exchanging routing information - Routers send and exchange information in HELLO packets to their neighbors to learn who is around them - Subnet, hello + dead intervals, area info, +more HELLO information The key thing to remember is that the data being exchanged over the same interface has to match on each router. - Subnet is 10.100.1.0/24 - HELLO interval is 10 seconds - Dead interval is 100 seconds (hello and dead must be the same for all routers on the network) - Area ID # is 5 How does it work? - Routers first send our hello messages to each other on interfaces that are enabled for it. They learn about their neighbors and tell them it’s OSPF. - Routers agree on certain parameters defined in HELLO protocol data - Network information is then exchanged about link-states and link-state advertisements - LSAs are packets that contain information about neighbors and path costs How does it maintain itself? - After exchanging routes - Routers only send out updates when there is a change in the network - They’ll also only send it to the affected route (this helps improve bandwidth by not sending all info again) - Routers keep link-state information in a special table called the link-state database - They can then run SPF algorithms on the database to calculate the best path and then place that in the actual routing table/RIB OSPF Terms Router ID - Used to identify each router among neighbors - Can be manually set, loopback IP, or highest IP on an active interface - Looks like an IP but it’s not Neighbor state - A value that routers keep on their neighbors to denote the status of their communication - Different stages a router goes through when establishing and maintaining a connection with another router on the same network - States: init, 2-way, full Area ID - A group of routers divided into a subdomain based on a numeric ID - 32-bit ID that looks like an IP address - Area 0 and 0.0.0.0 are the same thing (backbone) - Every router in an area shared the same link-state information OSPF Cost OSPF calculates the cost of a link with its own custom formula: 10^8 / bandwidth of the link Bandwidth is either configured or the default bandwidth of the link Shortest Path First Also called Dijkstra’s algorithm. In the contest of OSPF routing, this process takes the link-state database information (links, cost, etc) and calculates the best path from itself to any destination network that it knows about - This information is then used to compute the routing table on each router - Very holistic process: takes into account link state (working connections), cost (bandwidth), subnets - Security is part of the mix too EIGRP Enhanced Interior Gateway Routing Protocol – Similar to RIP (router information protocol) - Distance-vector based, this means that we are exchanging information about the routes that all routers know about (instead of their individual link states) It is a cisco-proprietary protocol (becoming less popular) Similarly to OSPF, EIGRP keeps three sets of information: 1) Route information (computed from the two database below, except with DUAL instead of SPF) 2) Neighbor information 3) Topology information DUAL in EIGRP Diffusion Update Algorithm (DUAL) is the algorithm used by EIGRP for best path calculation. It determines the best cost by its own custom metric by combining four primary values: - Calculated (reliability, load) - Configured (bandwidth, delay) Two outputs: 1) Successor route – the best 2) Feasible successor – the second-best Feasible route replaces the successor whenever something happens to the successor route How EIGRP Works 1. Send HELLO data to find neighbors and build neighbor tables a. Every 5 seconds by default over RTP (reliable transit protocol), as well as with acknowledgements at each of the steps below 2. Neighbors will exchange topology (route) information 3. DUAL algorithm is run against topology table to populate routing table for each router 4. Bad routes will trigger a query to other routers to ask if they have a better/working path a. This is both a question to see if they have a better path and a notification to tell them it can’t reach that path b. If the route comes back, it will also tell the others Lecture 10 Switch Review Basic Network Switch Functions Based on what we’ve learned so far, switches are: - Examining MAC addresses and forwarding or blocking traffic - Learning and storing MAC addresses - Preventing loops in a network - This is all called the data plane (or forwarding plane) They are also a faster process than routing Switching Drawbacks By default, anything that you plug into a switch can talk to anything else on that switch. You are still operating at Layer 2 here (no IP addressing). The entire switch also acts as one broadcast domain. When traffic goes out to all ports and many things are plugged in, the switch can get “noisy” really quickly, especially if it is high density (has many ports). That is not very efficient. VLANs Virtual Local Area Networks allow you to take a single switch but make it behave as if it was multiple, independent switches. Every VLAN behaves as its own broadcast domain and can have its own Layer 3 IP subnet. Previously we could only do many of these functions at the routing layer. Benefits of VLANs VLANs allow you to increase the number of broadcast domains while reducing their size. - Provides many of the same effects that routers have - Less expensive than multiple routers and easy to administer They also provide substantially enhanced security. - No device in any VLAN can communicate with a device in any other VLAN until you deliberately give it a way for it to do so. VLANs use technology and protocols that are universally recognized across the industry. - They aren’t vendor specific or proprietary Their flexibility allows for devices and users to become much more mobile. - Simplifies moving users and their devices - Simplifies repurposing network ports and wiring through simple configurations How Are VLANs Programmed? On a VLAN-enabled switch, there are two types of ports: 1) Access ports a) This is where end-user devices plug in (computers, laptops, servers, etc) b) By default, anything that plugs into a VLAN-enabled switch is treated by the switch as being on an access port 2) Trunk Ports VLAN IDs To identify a VLAN, we can assign it an ID number - Typical VLAN numbers are from 1 to 4096 - VLAN 1 is typically the default/untagged VLAN - VLANs 2-1001 are standard, 1002-1005 are reserved, and 1006-4096 are considered extended (but their use is similar) - The assignment of these numbers is up to the network administrator Each VLAN ID should correspond with a matching IP subnet - Communication between two VLANs requires a Layer 3 device (router) VLAN Assignment VLANs can be assigned in two ways: 1) Statically – a network administrator manually sets the VLAN ID for a specific network port 2) Dynamically – assigned based on a characteristic of the device or the user that is connecting a) Can be based on their username, an attribute on their account, their device’s MAC address or security posture b) ie: set student devices on one VLAN and faculty devices on another so that they cannot talk to each other c) This is often done with third-party protocols such as RADIUS and technologies such as VMPS (VLAN Management Policy Server) VLAN Tagging In-Depth At their core, VLAN segmentation works by tagging frames as they travel between switches. When they enter a destination VLAN, the switch untags the frame and passes it along. When they leave a destination VLAN, the switch tags the frame and passes it along. This is fundamental to how access ports work. - The goal is that the host does not know which VLAN it is on Enter = untag Leave = tag Tagging Protocols: 1) 802.1q a) Multi-platform, IEEE defined standard b) In use in most enterprise networks today c) Uses 1,522-byte “baby giant” frames i) 1,500+ bytes is generally considered a jumbo frame 2) Cisco ISL a) Inter-switch link b) Cisco-only and not interoperable VLAN Trunking How do we connect multiple switches to one another and make them aware of each other’s VLAN information? Trunk Ports! A trunk link/port is a special connection that can carry the traffic of multiple VLANs from one switch to another. Can be used to connect a switch and a router, a switch and a server, or multiple switches to one another. By default, traffic from all/any VLAN is allowed on a trunk port. You can specify which VLANs are permitted (or not) to carry traffic over a particular trunk link. Trunk ports typically have to be built on a high speed link. Inter-VLAN Routing If we need to connect multiple VLANs to one another on the same switch, the traffic still has to leave the switch and get forwarded by a router. This is because the switch is still Layer 2 and does not handle IP addresses. Method 1: Router on a stick We can run one trunk port to a router with a high-speed link and have that router forward and route traffic between the various VLANs of our switch. Method 2: Layer 3 switches We take some functionality of a router and bake that into our switch. The switch can now handle its VLAN segmentation duties and functions as well as basic traffic routing between those VLANs. - A lot more common than you may think - Layer 3 switches need a default gateway IP, but it lives on the Layer 3 switch (this is often called a switched virtual interface (SVI) Other VLAN Protocols and Technology Dynamic Trunking Protocol (DTP) Layer 2 protocol used for negotiating trunk links between Cisco devices. It is Cisco proprietary but can work with 802.1q or ISL. It is used for establishing basic VLAN information, but does not carry data or VLAN-specific information like IDs. VLAN Trunking Protocol (VTP) Handles most other aspects of VLAN management on a network (still Cisco-proprietary). Establishes a single switch as being in charge of VLAN information on a domain (a domain is defined as a group of switches with the same VTP domain name set by a network administrator). It exchanges actual VLAN ID and parameter information - Substantially improve manageability and consistency of VLAN information across a network. VTP has had multiple versions over the years - IEEE open equivalent standard is GVRRP or MVRP Version 3, the latest, has many benefits: - Enhanced security/authentication - Extended VLAN range support - Private VLAN support (device isolation) - Supports primary and secondary servers (switches) - Pruning technology conserves bandwidth VTP Modes Switches can perform one of three functions based on their VTP mode: 1) Server mode a) In charge of VTP and VLAN information b) Changes replicate to all other switches c) Not recommended to have more than one of these 2) Client mode a) Gets VLAN information from a switch in server mode b) Cannot modify information 3) Transparent mode a) Forwards changes to other clients but does not process them itself b) Switch does its own thing Other VLAN Information Management protocol traffic is carried over VLAN 1 - This includes discovery information, port aggregation protocol, dynamic trunk protocol, VLAN trunking protocol Native VLAN can also be changed to any valid VLAN number but it must match across switches VLAN Implementation The organization of VLANs is often very dependent on business needs. VLANs can look different based on whether they are in a datacenter or in a building with end-users. In addition to IP subnets, VLANs are usually paired with other IP services on a network: - DHCP for assigning IP addresses within subnets - Firewalls for segmenting and filtering traffic Lecture 11 DHCP Dynamic Host configuration Protocol is used to automatically assign IP address information to hosts. Used in almost every large network today to: - Reduce the burden on network engineers - Speed up device connections and the configuration process - Reduce configuration mistakes DHCP helps us manage these on a network: - IP address assignments - Subnet masks - Default gateways - DNS server information - Other specific parameters via DHCP options DHCP Options DHCP can also specify additional information to a host on a network in a set of data fields called DHCP options. - These are usually in addition to the attributes previously discussed - Each option has a numeric options value and a value - Ex: option 15 (DNS suffix), 42 (network time protocol server address), 44 (Windows internet name server address) Different vendors can also use their own DHCP option values to configure things like VoIP phones How DHCP Works If set to use a dynamic address, a host will send a broadcast message asking for IP information. All DHCP servers on a subnet will hear this and respond with the appropriate information based on their configuration. - This communication takes place over UDP ports 67 and 68 In detail: 1. Client sends a DHCPDISCOVER message to 255.255.255.255 2. A DHCP server hears this and responds with a DHCPOFFER message that contains basic network configuration information based on its IP address pool a. This contains the IP information in addition to a lease time which specifies how long the client should consider that information valid 3. Client sends back a DHCPREQUEST message indicating the acceptance of the information 4. Server responds back with a final DHCPACK acknowledgement handshake message Other messages: - DHCPDECLINE – used when the client has an issue with the IP Address it was told to use by the server (such as it being in use) - DHCPRELEASE – Used by the client when it tells the server it’s done with the IP address it was using - DHCPNAK – sent by the DHCP server when it can’t give out an IP address to the client (the DHCP IP address pool could be full) DHCP Address Pools DHCP servers need to be configured with information on how to distribute IP addresses. This often corresponds to specific VLANs and subnets. The server is responsible for keeping a database of who has what IP address and for how long (they use a device’s MAC address as the identifier). DHCP IP pools also define things such as DHCP options and excluded addresses (like the gateway). DHCP In Use DHCP can be built into a router or another network device. It can also run on a standalone host or server(s). - In enterprise networks, running on a standalone host/server is more common with IPAM (IP address management) software like Windows Server, Infoblox, or BlueCat On Cisco routers, it can be configured on a specific interface to be both a client or server. DHCP Helpers/Forwarders Most routers don’t forward broadcast traffic by default. DHCP is an example of when you would want broadcast traffic forwarded so that DHCP requests can reach a DHCP server on another subnet. This is where the function of DHCP helpers/forwarders come in – they are pre-made configurations that allow DHCP broadcast traffic to get forwarded to another subnet. These “IP helpers” also open up 8 other common UDP ports that DHCP often depends on and/or works with: time 37, TACACS 49, DNS 53, etc DHCP Security Like many other protocols, DHCP is not inherently secure - You can have rogue DHCP servers on a network (no default auth between clients requesting addresses and the servers that give them) You can also have attacks against DHCP servers themselves, such as DHCP starvation attacks - Send massive volumes of DISCOVER packets to a DHCP without intending to use the IPs you get in order to deplete the pool and deny service to other users DNS Domain Name System is the technology that converts IP addresses into hostnames and vice versa. It operates on UDP port 53. DNS usually has its own dedicated server infrastructure that is often integrated with DHCP - In consumer/home environments this is usually handled by your ISP - In business/enterprise environments this is usually on servers the business hosts Cloud and privacy focused DNS services have become popular over the last several years. (CloudFlare, Google Public DNS) Key DNS Terms DNS servers return a specific type of record when a client asks for information. DNS servers usually keep this information in a zone file. Most common record types: - A returns an IP address from a name - CNAME usually returns a hostname from another name - PTR returns a name from an IP address - MX is used for email routing - TXT stores text information DNS forwarder: where a DNS server goes when it doesn’t know the answer to a client’s query Common DNS Tools and Commands dig - Cross-platform - Much more advanced nslookup - Simple - Windows Online tools: mxtoolbox DNS Hierarchies 1. Top-Level Domain:.com,.net,.org a. Delegated to specific companies (Verisign, Educause, GoDaddy, governments) by ICANN to run. When you buy a domain, this is who you are paying. 2. Second-Level Domain: USC.edu, GOOGLE.com, NEOPETS.com a. These are obtained via a domain registrar b. DNS records are delegated by the TLD registrar to the owner/buyer 3. Third-Level Domain: PRESIDENT.usc.edu, MAIL.google.com, APP.clubpenguin.com a. Sometimes called a subdomain b. Managed and controlled by the owner of the second level domain with DNS software or a DNS provider DNS Security DNS has historically not been very secure for many reasons - Amplification attacks can manipulate the return address on a DNS request and have it amplified to a destination other than the sender - DNS as a vector for attack - Attacks on DNS itself can redirect a victim to a site other than what they were intending to visit - DNSSEC was developed to help prevent against this; introduced key and chain-based signing to authenticate DNS responses DNS as a threat vector Attacks can also take place against the world’s 13 root nameservers (.com,.net, etc) or against DNS servers hosted by large corporations (MS, Google, AWS) - These servers are considered global critical infrastructure - They are the main authority for hundreds of TLDs DNS as a source of threat intel DNS can be a very valuable source for information on what’s going on within your network, including malicious activity - Can be used to determine which apps people are using - Can be used to tell if computers on a network are phoning home to malicious or known command and control hostnames - Can be used as a pathway for exfiltrating data from a network NTP Network Time Protocol is a standardized network protocol for sharing accurate clock/time information. - Operates on UDP port 123 - Can forward/sync with an upstream clock, similar to a DNS forwarder - Common NTP servers: time.windows.com, time.apple.com, pool.ntp.org, time.nist.gov A lot of math is involved in ensuring extremely high levels of accuracy for NTP clients, including accounting for delays in packet travel time. - Important for security and having accurate logs of what may be happening on a network NTP defines various levels of accuracy - These are called stratum - Stratum 0 is an atomic clock - Stratum 1 is within a few microseconds of accuracy to a Stratum 0 device - Stratum 2 and 3’s synchronize to the level one lower than them Syslog Syslog is a protocol that allows for central management, collection, and acceptance of log messages across many different types of network and infrastructure devices - It uses UDP port 514 A syslog server receives and stores these messages for potential later use in instances such as troubleshooting or security investigations Syslog servers can connect or be a part of much larger enterprise installations of event management software, but syslog along is rather basic SNMP (simple network management protocol) is a different variation of syslog also used for network monitoring Port Channel A port channel is a virtual interface that combines several physical interfaces together to bundle their total bandwidth and provide physical cable redundancy. They are often only used in enterprise settings to do things such as bundle multiple high-speed fiber interfaces together. Port channel is the Cisco-proprietary term, Link Aggregation Control Protocol (LACP/802.3ad) is the IEEE industry-wide standard/technology for the same thing - Some vendors also call this or its variations a LAG/MLAG Functionality Port channels provide both increased redundancy (in case a single physical link fails) as well as increased bandwidth (since each device views all members of the port channel as a collective single logical interface) Can have a port channel with two to eight interfaces Both interfaces must be set to the exact same specifications QoS – Quality of Service Many different types of traffic on a standard enterprise network. Some types of traffic are very latency-sensitive and will cause users or applications noticeable problems if they are even slightly slower than normal (video streaming, online gaming) Types of Delays - Code delay is encoding and decoding time for a specific media, such as a phone call (fixed) - Packetization delay is the amount of time it takes to assemble our individual packets with data (varies) - Queueing delay is the amount of time that packets wait after assembly to go on a network (varies) - Serialization delay is the amount of time that packets wait after queuing to get onto the physical wire itself (fixed) - Propagation delay is the amount of time it takes for the electrical signals to traverse the wire (variable) - De-jitter delay is the time it takes to unscramble packets at their destination by removing jitter (fixed) Resources Needed for Transmission Certain types of applications often need to meet certain network thresholds to function correctly. Common metrics include: - Bandwidth – total connection capacity - Latency – actual measurable time of data transmission - Jitter – ordered arrival of packets - Loss – how many packets don’t arrive QoS This introduces the ability to tell network devices to prioritize certain types of traffic. For QoS traffic to work, it has to be tagged in a specific way and then a specific policy has to be applied to it to tell the device how to handle it. QoS can be applied in an integrated format where end to end QoS is applied, or differentiated which may lead to uneven QoS application. Common QoS Policy/Queue Types - FIFO - First in first out - Standard on most networks without QoS (not a form of QoS by itself) - Whichever traffic arrives first gets sent out first - Weighted Fair Queue - Classifies traffic but all classes essentially get an equal priority when being handled - Good for balancing traffic but not necessarily prioritizing it - Class-Based Weighted Fair Queue - Breaks up traffic by priority and then guarantees a percentage of traffic for a certain type of queue that you define - Low-Latency Queueing - Defines specific queues to have the highest priority and lowest latency - Best of latency/delay-sensitive traffic like VoIP - Allows thresholds to be set based on interface bandwidth or set amounts of bandwidth Lecture 12 HSRP – Hot Standby Router Protocol HSRP brings redundancy to the default gateways inside of networks by giving multiple physical devices the capability to serve as the default gateway if one fails. HSRP is the Cisco-proprietary version of VRRP (this technology is very popular today) Multiple devices may share a single Virtual IP address (VIP) but only one device “owns” it at any given time - Each device has a priority; when another device detects that the primary one is down, it takes over ownership of that VIP - The devices exchange messages with each other periodically to see if their partner device is alive - There is also a virtual MAC address that floats between each device NAT – Network Address Translation NAT is the technology that serves as the bridge between publicly addressed IP networks and privately addressed IP networks - It allows private (internal) IP addresses to be translated into addresses that are routable on the internet - It is not a Cisco-proprietary technology; it is in use on almost every big and small network today Why NAT? It helps prevent the depletion of public IP addresses. It prevents hosts inside the LAN from advertising their IP addresses on the open internet. You only need a single valid IP address to perform NAT. You can also perform other functions to help alleviate issues when IP ranges overlap. - Destination NAT (DNAT) but rarely used Types of NAT: Source NATing Types: - Static NAT (1 private IP to 1 public IP) - Dynamic NAT (many private IPs to many public IPs) - PAT (port address translation)/NAT Overload (many private IPs to 1 public IP) Static NAT Allows you to map one private IP to one public IP - Commonly used in home networks or small businesses along with port forwarding technology - Allows you to use your one public IP address to access a single internal service or system Dynamic NAT - Allows you to map many private IPs to many public IPs - The public IPs you define are called a NAT pool - Used at USC and other large corporations/enterprises - When you access the internet from USC, your connection exits via the 68.181.17.0/24 NAT pool Dynamic NAT with Overload - Allows you to map many private IPs to one public IP - Also called port address translation - Used in home networks across the world today and is the most common type of NAT in use How does NAT work? 1. Static NAT works by keeping configuration information on which public IPs match to which private IPs a. It then adjusts packet source/destination information to make sure publicly routable packets reach their destination on the private network 2. Dynamic NAT behaves differently since the router needs to know how to return network traffic to one of many internal devices Dynamic NAT Terminology Inside Local - The addresses assigned to a host inside the network - Most likely a private address that is not routable Inside Global - Routable IP address assigned by the ISP - Represents one or more hosts on the LAN to the outside world Outside Local - The address of an outside host as it appears to the internal network (LAN) Outside Global - An outside address assigned to a host by the admin - A publicly routable address Dynamic NAT Behavior Dynamic NAT creates a data table within the router performing the translation. For every connection translation that takes place with NAT, the router “borrows” a very high port number between 49k - 65k (isn’t enough on some networks). By default, entries within this table expire after 24 hours in most network devices. Enterprise Wireless Network Infrastructure Typical characteristics of a home wireless network: - Single SSID - Single access point - Basic security (usually WPA2 or WPA3 with a pre-shared key for all users) - Flat network structure with single VLAN/no VLAN for all of the users - Small geographic area Enterprise: - Multiple SSIDs which map to multiple VLANs - Many access points - Advanced security with wireless intrusion prevention/detection (usually WPA2 or 3 but with enterprise auth) - Large geographic area - High bandwidth demands Challenges of Scaling Wireless APs - Devices must be able to roam seamlessly across geographic areas (buildings, floors) with consistent performance) - Need configurations to match across all access points - Need consistent security settings and enforcement across all access points (detect rogue APs, centralized authentication) Wireless LAN Controllers Typical non-enterprise wireless access points are “thick” and “autonomous”. The configuration and processing power needed to make them work takes place on the devices themselves. Wireless LAN controllers offload this processing capability and these features to a dedicated device within the network – the access points then become “thin” Wireless LAN Controller Technology Creates VPN (GRE) tunnels from APs to the controller Needs other services: DHCP, RADIUS/TACACS/LDAP Allows many benefits: - Benefits coverage because of nonconflicting channels - Improved roaming across geographical areas - Can selectively broadcast SSIDs to specific APs - Can give client devices IP address from the same large pool - Significantly enhanced security from rogue APs
