-
ICMP
- Internet Control Message Protocol
- Used for administrative requests such as ping, time to live. Used for communication rather than raw data.
-
GRE
- Generic Routing Encapsulation
- A tunnel between two endpoints. Two endpoints appear to be directly connected to each other. No built in encryption.
-
VPN
Virtual Private Networks. Encrypted data traversing a public network. A concentrator can encrypt/decrypt the data and is usually built into a firewall.
-
IPSec
Internet Protocol Security. Security for OSI Layer 3. Authentication and encryption for every packet. Confidentiality and integrity with anti replay.
- The frame becomes
-
Authentication Header
Used for IP Sec. Adds the AH to the packet header. MD5, SHA-1, SHA-2 are common.
- The frame becomes
- New IP Header | AH Header | IP Header | Data
-
ESP
Encapsulation Security Payload. Encrypts the packet. MD5, SHA-1, SHA-2 for hash, and 3DES or AES for encryption. Adds a header, a trailer, and an Integrity check value.
- The frame becomes
- New IP Header | ESP Header | IP Header | Data | ESP Trailer | Integrity Check Value
-
The frame for Transport Mode and Tunnel Mode
-
DHCP Steps
Step 1: Sam sends a multicast message everywhere.
- Step 2: Offer
- The DHCP server broadcasts the IP address to every unit.
- Step 3: Request
- The host acknowledges that they want to use that IP address.
- Step 4 Acknowledgement:
- The DHCP server will send out an acknowledgement message. You now have an IP. Note that broadcasts address can’t transverse routers.
-
DHCP Relay / IP Helper
A router can be configured to act as a relay to get to a DHCP server outside of the LAN.
-
DHCP Scope
The range of IP addresses that the DHCP server can choose from.
-
DHCP Pools
A grouping of IP addresses, each subnet has its own scope.
-
DHCP Dynamic assignment
DHCP server assigns an IP from the pool of addresses, then it is reclaimed after the lease period runs out.
-
DHCP automatic assignment
DHCP server keeps a list of past assignments. You’ll get the same IP address.
-
DHCP Static assignment / Address Reservation
An IP address is assigned to a MAC address of a device. It will keep the same IP address.
-
DHCP T1 Timer
Checks in with the lending DHCP server to renew the IP address, usually around 50 percent of the lease time.
-
DHCP T2 Timer
IF the original DHCP server is down, it will try to rebind with any of the other DHCP servers. Around 87.5% of the time.
-
Domain Name System
Translates human readable addresses into computer readable IP addresses.
-
-
Recursive DNS query
When looking for a website the resolver(requester) contacts the local name server, which may contact the root server, or contact the .com name server. Then it will find the actual Name server. The results are cached on the local name server. The local name server does most of the work.
-
Iterative DNS query
The resolver is looking for a website and they connect to all the servers themselves. Local cache is updated.
-
Authoritative DNS server
DNS server is the authority for the zone.
-
Non-authoritative
Does not contain the zone source files. Probably cached information.
-
DNS authority TTL
Time to live. The authoritative server will specify how long the cache is valid.
-
DNS Lookup
We provide the DNS server with an FQDN (Fully qualified Domain Name) and it provides us with an IP address.
-
Reverse DNS
Provide an IP address and it provides us with an FQDN.
-
SOA
- Start of Authority
- Described the DNS zone details. Name of zone, serial number, refresh, retry, expiry timeframes, caching duration/TTL.
-
AAAA / A
Address records define the IP address of a host. This is the most popular query. Called A for IPv4 or AAAA for IPv6. We give the name of the site, and it gives up an IP address.
-
CNAME
Canonical name records. A name is an alias of another canonical name. Example www.techtarget.com becomes techtarget.com.
-
Service records SRV
Finds a specific service such as windows domain, instant messaging, VOIP.
-
Mail Exchanger Record MX
Determines the host name for the mail server. Is not an IP address but a name.
-
Name server records NS
List the name servers for a domain.
-
Pointer record PTR
The reverse of an A or AAAA record. Takes an IP address and gives us a name.
-
Text Records TXT
Human readable text information. Useful public information.
-
SPF Protocol
Sender Policy Framework. A type of TXT record to prevent mail spoofing. Mail servers check incoming mail to make sure it really did come from an authorized host.
-
DKIM
Domain Keys Identified Mail record. Digitally sign your outgoing mail. Validated by the mail server, not usually seen by the end user. Puts your public key into the DKIM TXT record.
-
Zone transfers
Replicates a DNS database. The primary zone server is synchronized to secondary servers. Triggered by a serial number change on the primary server. Does post a security risk.
-
NTP
Network Time Protocol. Every device has its own clock. NTP synchronizes all devices on the network.
-
NTP Server
Listens on udp/123, responds to time requests from NTP clients.
-
NTP Client
Requests time updates from NTP servers.
-
NTP Client and Server
Device requests time updates from an NTP Server. Responds to Time requests from NTP clients.
-
NTP stratum layers
Your distance from the original reference clock is a stratum.
-
Stratum 0
Atomic clock / GPS Clock. Most accurate.
-
Stratum 1
Synchronized to stratum 0 servers. Primary time servers. Continues to Stratum 2 and beyond for additional relays.
-
Three-tier architecture
- Core is the center of the network such as webservers, databases, and applications. Many people need access to this. City Office.
- Distribution
- Midpoint between the core and the users, communication between access switches, manages a path to the end users. Like a Highway.
- Access
- Where users connect. End stations and printers. Local grocery or neighborhood.
-
SDN
Software defined networking. The virtualization of networking hardware. Data, control, and management are the planes of operation. Important for cloud based architectures.
- The infrastructure layer / data plane processes network frames and packets. Handles forwarding, trunking, encrypting, and NAT (Network address translation). Network traffic.
- Control layer / control plane m
- anages the actions of the data plane, Routing tables, session tables, NAT tables, dynamic routing protocol updates. Dynamic routing protocols.
Application layer / management plane configures and manages the devices. SSH, SNMP, API.
-
Spine and leaf architecture
Also referred to as top of rack switching.
-
Traffic flows
- Where traffic starts and ends.
- East-West traffic are devices within the same data center. North-South traffic is ingress/egress to an outside device.
-
SAN
Storage Area Networks. Looks and feels like a local storage device. Block level access you only have to change the block of a file instead of overwriting the whole file. Efficient reading and writing. Requires a lot of bandwidth.
-
Fiber Channel FC
Up to 16 gigabit rates over fiber and copper.
-
Fiber Channel over Ethernet FCOE
Uses fiber channel over an Ethernet network. Integrates with existing fiber channel infrastructure. Not routable.
-
iSCSI
Internet small computer systems interface. Sends SCSI commands over an IP network.
|
|
