1.0 Network Fundamentals.md

1.0 Network Fundamentals

1.1 Explain the role and function of network components

1.1a Routers

Routers connect networks to other networks over the internet. Routers facilitate communication between different networks. Routers connect networks, route data packets between them, enforce security policies, optimize traffic flow, and provide various other critical functions to ensure efficient and reliable communication across interconnected networks.

A router performs its function almost solely at the OSI Layer 3 because the router is used to connect Internet Protocol (IP) networks. Since IP is a protocol that runs at OSI Layer 3 and can operate on multiple Layer 1 and 2 technologies, a router is typically used to connect geographically dispersed parts of a network that use technologies over than Ethernet to connect them. For example...

• Leased Line: dedicated or uncontended fixed-bandwidth connection that offers symmetrical download and upload speeds. Leased line provides exclusive use for a single business
• Frame Relay: packet-switching network protocol that operates at the data link layer 2. It’s designed to connect Local Area Networks (LANs) across Wide Area Networks (WANs).
• Multiprotocol Label Switching (MPLS): routing technique that directs data from one node to the next based on labels. These labels represent established paths between endpoints. Routers also provide the ability to separate IP broadcast domains... important as some protocols use broadcast heavily to communicate with hosts.

On most modern networks, multilayer switches are preferred over routers in LAN situations, and routers are used to connect together devices that don't connect using Ethernet.

Modern routers supports a number of features not limited to OSI Network Layer 3:

• Network Address Translation (NAT)
• Firewalling services
• Access Control Lists (ACL)
• Packet Inspection

1.1.b Layer 2 and Layer 3 Switches

A hub is a simple device that connects together multiple local area network (LAN) devices. The only function of the hub is repeating the electrical signels received on one port, relaying those signals to all other connected ports. Hubs are extinct for the most part in modern networks because they aren't much cheaper than switches. Hubs work at OSI Layer 1.

A bridge is used to connect multiple LAN segments together forming multiple collision domains. A collision happens on an Ethernet network when multiple devices attempt to "speak" at the same time. By separating two or more LAN segments into multiple collision domains, the bridge reduces the number of collisions that could potentially occur on a LAN segment.

A switch connects things like computers, printers, and other devices together through a local network. A switch is a multiport bridge with some additional functionality. The switch almost completely ended the risk of collisions on hub-centered networks. Its primary function is to connect multiple devices within a local area network (LAN) and manage traffic between them.

A few categories of switches include:

• Unmanaged (Layer 2) switch
• Managed (Layer 2) switch
• Managed Layer 3 switch (multilayer switch)

Layer 2 switches primarily operate at the Data Link layer (Layer 2) of the OSI model, focusing on MAC addresses and Ethernet frames. They are essential for LAN connectivity, MAC address learning, and VLAN support.

Unmanaged Layer 2 Switches

• An unmanaged switch provides the functionality of a multiport bridge; each of the switch ports is on its own collision domain. The switch has built-in Spanning Tree Protocol (STP), which provides loop prevention when multiple switches are connected. A switch also keeps an internal database of the known MAC addresses connected to each port.
  • Used to reduce the amount of ethernet frame flooding that occurs when a device is location is unknown.

Managed Layer 2 Switches

• A managed switch provides all functionality of an unmanaged switch, and it can control and configure the behavior of the device. This typically introduces the ability to support virtual LANs (VLANs), which is why almost all organizations deploy managed switches versus their cheaper alternatives.

Layer 3 switches operate at both the Data Link layer (Layer 2) and the Network layer (Layer 3). They provide additional functionality such as IP routing, inter-VLAN routing, and support for routing protocols. Layer 3 switches are more versatile and suitable for larger networks requiring routing capabilities.

Managed Layer 3 Switches (Multilayer Switches)

• This device provides a mix of functionality between a managed layer 2 switch and a router. The amount of router function overlap is highly dependent on the switch model. A multilayer switch provides better performance for LAN routing than almost any standard router on the market because these switches are designed to offload a lot of this functionality onto hardware.

1.1.c Next-generation firewalls and IPS

Next-generation firewalls and Intrusion Prevention Systems (IPS) are critical for modern network security.

The function of a firewall is to protect some portion of a network. Techniques to do this include... access control lists (ACL), stateful packet inspection (SPI), and others. Next-Generation Firewalls (NGFW) include all the functionality of a traditional firewall (ACL, SPI) and add support for built-in intrusion prevention, deep packet inspection, and virtual private networks (VPNs), as well as a much higher level of application awareness.

Content Filters

• Content Filters are used on some networks to control the type of data that is allowed to pass through the network. These devices can scan for and remove content that is not wanted. This functionality is typically built into modern firewalls and some routing platforms.

Intrusion Preventing System (IPS) is focused on detecting and preventing network threats in real-time. It is designed to monitor network traffic and take immediate action to block or mitigate malicious activity.

Host Intrusion Detection/Prevention Systems (HIDS/HIPS) HIDS/HIPS is used to protect a single host from an intrusion attempt. An IDS differs from an IPS in that an IDS only detects that someone is attacking; it doesn't mitigate the attack, whereas an IPS can actively mitigate the attack as it happens.

• Modern versions of these types of software are focused mostly on intrusion prevention, because most modern-day attacks come with little or no warning and require an accelerated response.

Network Intrusion Detection/Prevention Systems (NIDS/NIPS) NIDS/NIPS is different from a HIDS/HIPS system in that it detects or prevents attacks from happening against a group of devices. Similar to their host-based alternatives, NIDS detect attacks as they're happening and report the activity, and NIPS detect and actively take steps to prevent the attack from continuing.

• Can include everything from dynamic creation of ACLS to shutting down offending ports

NGFWs and IPS work together to provide layered security. NGFWs may handle application control, SSL inspection, and basic IPS functions, while dedicated IPS devices can provide deeper inspection and more granular control over network traffic.

Packet Shapers/Policers

• Controls the flow of information into or out of a specific device. The shaping or policing functionality is typically built into routers (some switches) to deal with times when network demand outpaces the ability of a device or its port. In situations of no congestion, the shaping and/or policing functionality is not used. When there is congestion, these features will control how the excessive traffic is handled.

Traffic Shapers utilize congestion functionality built into the used protocols like IP, Frame Relay, and MPLS support marking packets with varying level of priority bits; this marking affects how the traffic is treated when it's being forwarded through the network.

Traffic policers drop any traffic that exceeds a configured threshold.

1.1.d Access points

An access point (AP) is used in wireless Ethernet networks in place of an ethernet switch. Typical APs also provide bridging functionality between wired and wireless ethernet hosts. Access points (APs) enable devices to connect to a network wirelessly, providing mobility and flexibility for users usually in wireless local area networks (WLANs).

Three categories of access points include...

• Consumer APs ("Can be called wireless routers in your home")

  • Consumer APs have a WAN port for connection to an ISP (Internet Service Provider); this is another ethernet port separated in the device's configuration for routing between a local network and remote network (typically Internet). This is often used as a zone separator for the built-in firewall.

• Enterprise Automonous AP

  • Acts as a bridge between the wireless clients on a network and the wired network. These devices may be managed remotely, but the services delivered are all handled with the AP itself.

• Enterprise Lightweight AP

  • Bridges wireless and wired networks, but it is controlled by a remote controller. The lightweight AP is a brainless device without the wireless controller that controls its actions and configuration. The controller can perform load balancing between APs, interference detection and mitigation, and security functionality.

• Wireless Connectivity to devices

• Network Extension: connect to wired network and provide signal to areas where cabling is impractical

• Client Mobility: Users can move around within the coverage area of multiple access points

• Radio Signal Transmission: transmit and receive radio frequency (RF) signals

• Network Bridging: bridge between wireless and wired networks

• SSID (Service Set Identifier) Broadcasting: SSID names identify the wireless network for clients to find and connect

• Authentication & Security: enforce network security to protect against unauthorized access (Wi-Fi Protected Access 2 & WPA3)

• Traffic Management: manage the flow of data between wireless clients and the network

• Quality of Service (QoS) - prioritize types of traffic to ensure critical applications receive sufficient bandwidth and reduce latency

• Mesh Networking: multiple APs form a network of interconnected nodes for dynamic route optimization and redundancy, which enhances coverage and reliability

1.1.e Controllers (Cisco DNA Center and WLC)

Controllers like Cisco DNA Center and Wireless LAN Controllers (WLC) provide centralized control, automation, monitoring, and optimization of network resources.

Cisco DNA Center is a network management and command center for Cisco's Digital Network Architecture (DNA). It provides a comprehensive solution for managing and automating network operations, enhancing visibility, and ensuring network security.

• Network Automation: supports Zero-Touch Provisioning (ZTP) and configuration of new devices
• Policy-based Management: centralized approach for network policies
• Assurance & Analytics: real-time monitoring and analytics for network performance and reliability
• Network Segmentation: supports Software-Defined Access (SD-Access) to enhance security by isolating segments of the network
• Security Integration: integrates with security tools for threat detection and migitation
• Application Visibility & Control: detailed visibility into application performance and user experience
• Simplified Management: unified interface for wired and wireless networks

Wireless LAN Controllers (WLC) are responsible for centralizing the management and control of wireless access points (APs) in a network. They provide a single point of control for all APs, ensuring consistent configuration, security, and performance across the wireless network.

Cisco Wireless Controller (WLC) uses LWAPP (Lightweight Access Point Protocol) to manage multiple access points.

• Centralized Management: manage multiple APs from a single interface
• Dynamic RF Management: automatically adjusting channel assignments and power levels of APs to minimize interference and maximize coverage
• Seamless Routing: client roaming between APs within the same network
• Enhanced Security: enforce security policies across all managed APs
• Quality of Service (QoS): prioritize traffic to ensure critical applications receive the necessary bandwidth and low latency
• Guest Access Management: guest access solutions allowing visitors to connect to the netwrok securely witout accessing sensitive internal resources
• Monitoring & Troubleshooting: real-time monitoring and troubleshooting of wireless network
• Scalability: manage a large numbers of APs making them suitable for enterprise environments

Cisco DNA Center provides a holistic management solution for both wired and wireless networks, focusing on automation, policy-based management, and advanced analytics. WLCs specifically manage wireless networks, providing centralized control over APs and ensuring seamless wireless connectivity and security. Cisco DNA Center can integrate with WLCs to provide a unified management platform for both wired and wireless networks. This integration allows for comprehensive network visibility, policy enforcement, and automation across all network segments.

Load Balancers/Application Delivery Controllers (ADC)

• Load balancing is the practice of distributing network traffic among multiple servers to enhance performance, reliability, and capacity while minimizing latency. Modern load balancers use the term "Application Delivery Controller (ADC)" and they can provide the following functionality...
  • Local and global load balancing
  • Network and device health monitoring
  • TCP multiplexing
  • Support for common network routing protocols
  • Application acceleration
  • Denial-of-service protection
  • Support for virtualization and multi-tenancy

Types of Load Balancing:

• Static: Distributes workloads without considering the current system state
• Dynamic: Adapts based on real-time server performance

1.1.f Endpoints

Endpoints refer to devices that connect to and interact with the network. These devices are critical as they are the primary points of access for users and applications to interact with network services and resources.

• User Interaction: how users interact with the network
• Data Generation & Consumption: produce data that is transmitted across the network and receive data from other network devices
• Network Edge Participation: help to determine the network's edge performance and security
• Communication & Collaboration: between devices
• Application Access: provide access to various apps and services
• Data Input & Output
• Security Enforcement: run security software like antivirus programs, firewalls, and endpoint protection platforms (EPP)
• Device Management & Monitoring: software updates, configuration management, and performance monitoring
• Resource Utilization: utilize resources like bandwidth, storage, and processing power
• Peripheral Connectivity

1.1.g Servers

Servers provide various services and resources to client devices. They are powerful computers designed to manage, store, process, and deliver data to other computers (clients) over a network.

• Centralized Resource Management
• Data Storage & Management
• Application Hosting: allows multiple users to access and use applications simultaneuosly
• Network Control Management: user authentication, network configuration, & resource allocation

Features

• File & Print Services
• Web Hosting
• Database Management
• Email Services
• Application Services
• Authentication & Authorization
• Virtualization
• Backup & Recovery
• Remote Access
• Monitoring & Management

Types of Servers

• Dedicated Servers: dedicated to a single task or service
• Virtual Servers: virtualized instances of servers running on a physical host
• Cloud Servers: accessible over internet
• Blade Servers: modular servers that fit into a chassis

1.1.h PoE

Power over Ethernet (PoE) allows ethernet cables to carry electrical power in addition to data. This innovation simplifies network design and reduces the need for additional power supplies and outlets.

• Simplified Cabling
• Cost Reduction
• Flexibility & Scalability
• Enhanced Network Reliability: can be backed up by uninterruptible power supplies (UPS) ensuring that devices remain operational during outage.

Functions

• Power Delivery: over Cat5e and above
• Data Transmission
• Device Compatibility: APs, IP Cameras, VoIP phones, network switches, IoT devices
• Power Management

1.2 Describe characteristics of network topology architectures

1.2.a Two-tier

Two-tier network topology, also known as collapsed core or distribution-access layer architecture, is a simplifed network design commonly used in smaller to medium-sized networks. This topology has two layers: the access layer and the distribution layer.

• Access Layer: This is the bottom layer of the network where devices such as computers, printers, and IoT devices connect to the network. Access layer switches provide connectivity to these devices
• Distribution Layer: This is the intermediate layer that aggregates traffic from multiple access layer switches before it reaches the core of the network. The distribution layer can handle routing, filtering, and quality of service (QoS) policies.
• Performance: collapsing the core and distribution layers can achieve lower latency and faster data transmission
• Redundancy & Resiliency: link aggregation, spanning tree protocol (STP), and using multiple distribution switches for failover. Three-tier has more redundancy

Advantages:

• Simplified network design.
• Cost-effective for smaller networks.
• Easier to manage and maintain.
• Reduced latency and faster data transmission.

Disadvantages:

• Limited scalability compared to three-tier architectures.
• Less robust redundancy and failover capabilities.
• May not be suitable for very large networks or data centers.

Two-Tier Network Diagram

1.2.b Three-tier

The three-tier network topology, also known as the hierarchical network design, is a well-established and widely used architecture in enterprise networks. It is divided into three distinct layers: the core layer, the distribution layer, and the access layer.

• Access Layer: where end devices connect to the network; provides connectivity for the users
• Distribution Layer: acts as an aggregation point for multiple access layer switches. The distribution layer takes in the data and aggregates it from all the different switches. Provides routing, policy enforcement, and traffic management; used to forward traffic from one local network to another.
• Core Layer: serves as the backbone of the network, providing high-speed, reliable transport of data between distribution layer devices. High performance and low latency

Advantages

• Scalability: The three-tier design allows for easy scaling of the network by adding more access layer switches without affecting the core layer's performance.
• Performance: By separating the core, distribution, and access layers, each layer can be optimized for specific functions, resulting in better overall network performance.
• Manageability: The hierarchical design simplifies network management and troubleshooting. Each layer has well-defined roles and responsibilities.
• Redundancy and Reliability: The design supports high availability through redundancy at each layer. Protocols like HSRP, VRRP, and link aggregation enhance network reliability.
• Security and Policy Enforcement: Security and QoS policies can be implemented at the distribution layer, allowing centralized control over network traffic.
• Flexibility: The three-tier architecture can adapt to various network requirements and can be used in different environments, from small enterprises to large data centers.

Disadvantages

• Cost: Implementing a three-tier topology can be more expensive due to the need for additional hardware, such as core and distribution layer switches.
• Complexity: The design and maintenance of a three-tier network can be more complex compared to simpler topologies like the two-tier or flat network design.

Three-Tier Network Diagram

Cisco Enterprise Architecture

• Enterprise Campus
• Enterprise Edge
• Service Provider Edge
• Remote

Enterprise Campus

• Consists of the entire campus infrastructure
  • Access Layer contains Data Layer 2 and Network Layer 3 switches to provide required port density.
  • VLANs and trunk links to build distribution layer
  • Redundancy to the building distribution switches is important
  • Distribution layer aggregates building access using Layer 3 devices; routing, access control, and QoS is also at distribution layer
  • Core Layer provides high speed interconnectivity between distribution layer modules, data center server farms, and the enterprise edge
    • Server Farm and Data Center Module - area provides high-speed connectivity and protection for servers. Network management systems monitor performance by monitoring device and network availability.
    • Service Module - area provides access to all services, such as IP Telephony services, wireless controller services, and unified services

Enterprise Edge

• Consists of the Internet, VPN, and WAN modules connecting the enterprise with service provider's network
• Extends to remote sites and enables the enterprise to use Internet and partner resources
• Provides QoS, policy reinforcement, service levels, and security

Service Provider Edge

• Provides Internet, Public Switched Telephone Network (PSTN), and WAN services.
• All data that enters or exits the Enterprise Composite Network Model (ECNM) passes through an edge device
• All packets can be examined and a decision made whether the packet should be allowed on the enterprise network
• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) can be configured at the edge to protect against malicious activity

Failure Domains

• area of a network that is impacted when a critical device or network service experiences problems.

1. If the Edge Router fails, it will impact every device connected to it.
2. If S1 fails, it will impact H1, H2, H3, and AP1.
3. If S2 fails, it will impact S3, H4, H5, and H6.
4. If AP1 fails, it will impact H1.
5. If S3 fails, it will impact H5 and H6.

Limiting the size of failure domains

• A failure at the core of the network can have a potentially large impact... it is easiest and usually least expensive to control the size of a failure domain in the distribution layer because it can be contained in a smaller area thus affecting fewer users
• When using Layer 3 devices at the distribution layer, every router functions as a gateway for a limited number of access layer users.

Switch Block Deployment

• Routers or multilayer switches are usually deployed in pairs with access layer switches evenly divided between them
• Each switch block acts independently of the others
• A failure of a signal device does not mean that the network goes down

Scalable Network

1. Use expandable modular equipment or clustered devices that can be easily upgraded to increase capabilities
2. Design a hierarchal network to include modules that can be added, upgraded, and modified as necessary
3. Create an IPv4 or IPv6 address strategy that is hierarchical
4. Choose routers or multilayer switches to limit broadcasts and filter other undesirable traffic; Use layer 3 devices to filter and reduce traffic to network core

Advanced Network Designs include

1. Redundant links between critical devices and between access layer and core layer devices
2. Multiple links between equipment with link aggregation (EtherChannel) or equal-cost load balancing to increase bandwidth; EtherChannel can be used when budget restrictions prohibit purchasing high-speed interfaces and fiber runs
3. Implementing wireless connectivity to allow mobility and expansion
4. Scalable routing protocol and implementing features in routing protocol to isolate routing updates and minimize the size of the routing table

Redundancy

• Redundancy is very important to any enterprise network. One way to achieve redundancy is to install duplicate equipment with failover services for critical devices.

• Because of the operation of switches, redundant paths in a switched ethernet network can cause layer 2 loops. To solve this, we use Spanning Tree Protocol (STP). STP disables a redundant path in a switched network until the path is necessary, so when a failure occurs. STP is an open standard protocol, used in a switched environment to create a loop-free logical topology.

Bandwidth

• Bandwidth demand continues to grow. As traffic from multiple links converges onto a single outgoing link, that link can become a bottleneck.
• Link aggregation allows an administrator to increase the amount of bandwidth between devices by creating one logical link made up of several physical links. EtherChannel is a form of link aggregation in switched networks.
• EtherChannel configuration takes advantage of load balancing between links in the same EtherChannel. Config tasks are done on the EtherChannel Interface to ensure consistency.

Wireless Connectivity

• To communicate wirelessly, end devices require a wireless NIC that incorporates a radio transmitter/receiver and the required software driver to make it operational.
• A wireless router or a wireless access point is required for users to connect.

Routed Network

• Enterprise networks and ISPs often use more advanced protocols like link-state protocols such as Open Shortest Path First (OSPF).
• OSPF routers establish and maintain neighbor adjacency or adjacencies with other connected OSPF routers. Once commenced, an exchange of link-state updates begins. Routers reach a FULL state of adjacency when they have synchronized views on their link-state database. Link-state updates are sent when network changes occur.
• OSPF begin with Area 0 called the backbone area One-Layer

Two-layer / Multiarea OSPF

Enhanced Interior Gateway Routing Protocol (EIGRP)

• Cisco developed EIGRP as a proprietary distance vector routing protocol with enhanced capabilities. Manages routing process using Protocol Dependent Modules (PDM)

1.2.c Spine-leaf

Spine-leaf network topology is a modern and increasingly popular network architecture, especially in data centers. It is designed to overcome the limitations of traditional hierarchical (three-tier) architectures by providing a scalable, high-performance, and low-latency network structure. Spine-leaf is a fully meshed architecture, so the data will take the same number of hops on the network regardless of source and destination.

Components

• Leaf Switches: act as the access layer switches, connecting to the servers, storage devices, and other end devices within the data center. Each leaf switch is connected to every spine switch in the network, ensuring multiple paths for data traffic
• Spine Switches: act as the core layer switches, providing high-speed interconnections between leaf switches. Each spine switch is connected to every leaf switch in the network, ensuring multiple paths for data traffic

Key Characteristics

• Full Mesh Connectivity
• Non-Blocking Architecture: traffic can flow freely between any two points without congestion
• Scalability
• High Availability and Redundancy
• Consistent Latency: equal-length paths between leaf and spine switches ensure latency remains consistent across network
• Simplified Traffic Management: simplifies load balancing
• Ease of Troubleshooting
• Flexibility

Disadvantages

• Cost: Initial setup can be expensive due to the need for multiple high-capacity spine switches and redundant links
• Complexity for Small Deployments: design and configuration may require more advanced network management skills

Note - If speed and latenct are of concern, leaf-spine architectures are proving to be better by allowing the data flows to take shortcuts from where it is to where it is going.

Software-Defined Networks (SDN)

• This is the solution for Spine-leaf networks as STP is the solution for three-tier.
• SDN is a centralized network management platform that allows for streamlined configuration, management, and re-routing of traffic when congestion or link failures occur. It makes a full-mesh topology that intelligently load balances with being simple to configure and manage.
• Achieve the most benefits when deployed in the data center

1.2.d Wide Area Network (WAN)

Wide Area Network (WAN) refers to the design and structure of a network that extends over a large geographical area, connecting multiple smaller local networks (LANs) or metropolitan area networks (MANs). WANs are essential for connecting geographically dispersed locations, such as different cities, countries, or even continents, and are often used by businesses, governments, and educational institutions to ensure seamless communication and data exchange.

Characteristics

• Geographical Coverage: Large scale - can span cities, countries, or even continents; Remote Connectivity - connects remote branches, offices, and locations
• Interconnection of Networks: Connect multiple Local Area Networks (LAN) and communicate like they are on same network
• Transmission Media: use various tranmission such as leased lines, satellite links, fiber optic cables, microwave links, and the internet
• Network Devices: Routers are crucial for directing data between different networks; Modems convert digital data to analog signals for transmission over telephone lines; Switches may be used within segments of a WAN to manage data flow and reduce congestion
• Protocols & Technologies: Common protocols include MPLS (Multiprotocol Label Switching), Frame Relay, ATM (Asynchronous Transfer Mode), and PPP (Point-to-Point Protocol)
• Scalability: Designed to accommodate growth; Flexible topologies
• Redundancy & Reliability: Redundant paths and high availability that enhance fault tolerance
• Security: Encryption used to protect sensitive information over WAN links; Firewalls and VPNs control access to network and communication over channels
• Cost: High initial cost; ongoing costs for operational and maintenance expenses
• Management and Monitoring: centralized management; monitoring tools

Common WAN Topologies Point-to-Point Topology:

• Direct Connection: Direct link between two locations.
• Simple and Efficient: Suitable for straightforward, low-complexity connections.

Hub-and-Spoke Topology:

• Central Hub: Central hub connects to multiple spokes (remote locations).
• Cost-Effective: Reduces the number of required connections but may create a single point of failure at the hub.

Full Mesh Topology:

• Interconnected Nodes: Every site is directly connected to every other site.
• High Redundancy: Offers high redundancy and reliability but can be expensive and complex to manage.

Partial Mesh Topology:

• Selective Connections: Only some sites are interconnected.
• Balanced Approach: Balances redundancy and cost, providing critical connections without full mesh complexity.

1.2.e Small office/home office (SOHO)

Small office/home office (SOHO) network topologies are designed to meet the needs of small businesses and home offices, providing efficient, reliable, and cost-effective networking solutions.

Characteristics

• Simplicity
• Cost-effective
• Limited Scalability: Limited Expansion - SOHO networks are designed to support a smaller number of devices and users; Simple upgrades by adding more devices like switches or expanding wireless coverage
• Connectivity: Combines wired (ethernet) and wireless (Wi-Fi) connections
• Security: Basic security measures - firewalls, encryption (WPA3 for Wi-Fi), and antivirus software
• Network Management: Basic Monitoring and Remote Access
• Performance: Adequate for small scale such as web browsing, email, file sharing, and light video conferencing; uses consumer grade networking equipment

Star Topology:

• Central Hub: All devices are connected to a central hub, usually a router or switch.
• Simplicity and Ease of Troubleshooting: Easy to set up and troubleshoot since each device has a direct connection to the central hub.
• Example: A router in the center with multiple devices (computers, printers, smart devices) connected to it.

Extended Star Topology:

• Multiple Hubs: Extends the basic star topology by adding additional switches or hubs connected to the central router.
• Improved Coverage: Expands network coverage and allows for more devices to be connected.
• Example: A central router connected to a switch in another room, which then connects to additional devices.

Mesh Topology:

• Interconnected Devices: Each device connects to multiple other devices, creating a mesh of connections.
• Redundancy and Reliability: Provides multiple paths for data to travel, increasing redundancy and reliability.
• Example: A Wi-Fi mesh system where multiple access points (APs) are distributed throughout the home or office, all interconnected.

Hybrid Topology:

• Combination of Topologies: Combines elements of star, mesh, and other topologies to meet specific needs.
• Flexibility: Offers flexibility in design to accommodate various devices and connectivity requirements.
• Example: A central router connected to a switch (star topology) with some devices connected wirelessly in a mesh configuration.

1.2.f On-premise and cloud

On-Premise Solutions involve deploying and maintaining all IT infrastructure, software, and data storage within the physical premises of an organization.

Characteristics

• Full Control and Customization
• Dedicated Security and meet regulatory and compliance standards
• Cost: Capital Expenditure - high initial costs duen to purchasing hardware and software; Operational Costs - Ongoing maintenance, energy consumption, and staffing costs
• Performance: Low latency and dependance on internal IT
• Scalability: Limited by hardware and physical constraints of physical space and power availability
• Maintenance: In-house responsibility and downtime management

Cloud solutions involve using computing resources (servers, storage, databases, networking, software) provided by third-party providers over the internet.

Characteristics

• Control: Less direct control over hardware and infrastructure; Managed services - less burden on Internal IT
• Security: Shared responsibility model between cloud provider and customer; Built-in security features from cloud provider
• Cost: Operational expenditure following a pay-as-you-go model; Cost-effective for scaling because no upfront investment in hardware
• Performance: Variable latency based on internet connectivity and cloud provider infrastructure; Global reach - better performance and redundancy
• Scalability: Can scale up or down automatically; no physical constraints of space, power, cooling, etc.
• Maintenance: Provider-handled; high availability

Comparison Summary: Cost:

• On-Premise: High initial capital expenditure, ongoing operational costs.
• Cloud: Lower initial costs, pay-as-you-go operational model.

Control:

• On-Premise: Full control over all aspects of the IT environment.
• Cloud: Limited control, with many aspects managed by the provider.

Security:

• On-Premise: Customizable security measures, easier compliance with specific regulations.
• Cloud: Robust provider security measures, shared responsibility model.

Scalability:

• On-Premise: Limited by physical hardware and space, requires significant investment for scaling.
• Cloud: Easily and rapidly scalable, with no physical constraints.

Maintenance:

• On-Premise: All maintenance handled internally.
• Cloud: Maintenance and updates handled by the provider.

Performance:

• On-Premise: Potentially lower latency, dependent on internal infrastructure quality.
• Cloud: Variable performance, influenced by internet connectivity and provider infrastructure.

1.3 Compare physical interface and cabling types

1.3.a Single-mode fiber, multimode fiber, copper

Single-Mode Fiber (SMF) Physical Interface:

• Connector Types: Common connectors include SC (Subscriber Connector), LC (Lucent Connector), FC (Fiber Connector)
• Core Diameter: 9 microns
• Light Source: Uses a narrow laser beam (typically 1310nm or 1550nm wavelength)
• Bandwidth: Higher bandwidth over longer distances
• Typical Distance: Up to tens of kilometers
• Applications: Used in long-distance telecommunications, WAN connections, and backbone networks

Cabling Types:

• Cable Structure: Single-mode fiber uses a single strand of glass fiber, which allows it to carry a single mode of light
• Jacketing: Typically uses yellow jacketing for easy identification

Multimode Fiber Physical Interface:

• Connector Types: Common connectors include SC, LC, and ST (Straight Tip)
• Core Diameter: 50 or 62.5 microns
• Light Source: Uses LEDs (Light Emitting Diodes) or VCSELs (Vertical-Cavity Surface-Emitting Lasers)
• Bandwidth: Lower bandwidth compared to single-mode fiber
• Typical Distance: Up to several hundred meters, depending on the type (OM1, OM2, OM3, OM4)
• Applications: Used in LAN environments, data centers, and short-distance communications

The primary difference between SMF and MMF is the ability of the fiber to send light for a long distance at high bit rates. In general, MMF supports shorter distances than SMF.

Cabling Types:

• Cable Structure: Multimode fiber contains multiple paths (modes) of light that travel through the core simultaneously
• Jacketing: Often uses orange jacketing, but can vary by manufacturer and specification

Copper Physical Interface:

• Connector Types: Common connectors include RJ45 for Ethernet
• Transmission Medium: Uses electrical signals
• Bandwidth: Typically lower than fiber optics
• Typical Distance: Up to 100 meters for Ethernet (with potential signal degradtion beyond this distance)
• Applications: Used extensively in Ethernet networks, telephony, and electrical wiring

Cabling Types:

• Category 1: Used for telephone communications.

• Category 2: Capable of data transmission speeds of up to 4 Mbps.

• Category 3: Used in 10BASE-T networks. Speeds up to 10 Mbps.

• Category 4: Used in Token Ring networks. Speeds up to 16 Mbps.

• Category 5: Capable of data transmission speeds of up to 100 Mbps.

• Category 5e: Supports speeds of up to 1 Gbps.

• Category 6: Consists of four pairs of 24-gauge copper wires. Speeds up to 1 Gbps.

• Category 6a: Supports speeds up to 10 Gbps.

• Twisted Pair: Commonly used for Ethernet (Ex. Cat5e, Cat6, Cat6a)

  • Cat5E: Supports up to 1 Gbps over distances of up to 100 meters
  • Cat6 and Cat6a: Support Higher speeds (up to 10 Gbps) over the same distance

• Coaxial Cable: Less common in Ethernet but used in cable TV and some specialized networking applications

10 Base-T

• 10 means 10 Mbps
• Base means baseband (1 thing happening at a given time) (Broadband is multiple things happening at same time)
• T means Twisted Pair
• F means Fiber
• 1000 Base-T = Gig Ethernet
  • Multimode = shorter length but more throughput
  • Single-mode = Longer length but less throughput

Unshielded Twisted Pair (UTP) - doe not have an extra coat of metal around it to protect it

• 8 wires, 4 pairs, twisted a certain amount per foot

Shielded Twisted Pair (STP)

GBIC - Gigabit Interface Connector/Converter

SFP - Small Form Pluggable Adaptor

What is the benefit of GBIC versus hard coding interfaces on Cisco Switch?

• Flexibility - manufacturing costs go down and they can swap out hardware quicker without reprogramming

Crossover & Straight Through Cables

• Data Communication Equipment (DCE) - switches, hubs, routers
• Data Terminal Equipment (DTE) - printers, PCs, end devices

Crossover is cable that connects like devices (switch to switch, router to router) Straight Through is cable that connects two different devices (PC to router, router to switch)

Note: Use a crossover cable when you connect two ports in the same layer of the OSI model, such as router to router (Layer 3) or switch to switch (Layer 2). Use a straight-through cable if the two ports are in different layers, such as router to switch (Layer 3 to 2) or PC to switch (Layer 3 to 2). For this rule, treat a PC as a Layer 3 device.

Note - 98% of patch cables are going to be straight through - DCE to DTE or vice versa

1.3.b Connections (Ethernet shared media and point-to-point)

Ethernet Shared Media Physical Interface:

• Connector Types: Typically RJ45 connectors for twisted pair cables
• Transmission Medium: Uses a shared medium such as a coaxial cable or a hub in older Ethernet implementations
• Topology: Typically uses a bus or star-bus hybrid topology
• Bandwidth: Shared among all devices on the network segment
• Collision Domain: Multiple devices share the same collision domain, leading to potential collosions in CSMA/CD (Carrier Sense Multiple Access with Collision Detection) networks

Cabling Types:

• Coaxial Cable: Used in older Ethernet implementations (e.g., 10BASE2 and 10BASE5).
  • 10BASE2 (Thinnet): Thin coaxial cable, terminated with BNC connectors.
  • 10BASE5 (Thicknet): Thick coaxial cable, terminated with vampire taps and N-type connectors.
• Twisted Pair (Modern Implementations): Used in Ethernet networks today, such as in 10BASE-T, 100BASE-TX, 1000BASE-T (Gigabit Ethernet), and beyond.
  • Cat5e, Cat6, Cat6a: Common twisted pair cables with RJ45 connectors.

Applications:

• Legacy Environments: Used in older Ethernet implementations where devices share a common physical medium.
• Ethernet Hubs: Devices connect to a hub, and the hub repeats all received data to all other ports (half-duplex communication).

Ethernet Point-to-Point Physical Interface:

• Connector Types: Typically RJ45 connectors for twisted pair cables or fiber optic connectors (SC, LC) for fiber cables.
• Transmission Medium: Dedicated communication link between two devices
• Topology: Direct connection between two devices (no other devices share the same link)
• Bandwidth: Dedicated bandwidth between the two connected devices
• Collision Domain: Each link is typically full-duplex, avoiding collisions

Cabling Types:

• Twisted Pair (Copper): Used for short to medium distances.
  • RJ45 connectors with various categories like Cat5e, Cat6, Cat6a supporting different speeds (e.g., 10 Mbps, 100 Mbps, 1 Gbps, 10 Gbps).
  • Registered Jack (RJ)
  • RJ45 used for copper
• Fiber Optic: Used for longer distances and higher bandwidth requirements.
  • Connector Types: SC, LC, ST, etc., with single-mode or multimode fibers depending on the distance and bandwidth needs.

Applications:

• Modern Ethernet Networks: Most Ethernet connections in today's networks operate as point-to-point links.
• Switched Ethernet: Devices connect to Ethernet switches, which provide dedicated full-duplex links between devices (replacing hubs in shared media).

*An example of Ethernet Point-to-Point is a homeowner connecting an ethernet Cat5 cable from their router to the other devices in their home.

1.4 Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed)

Collisions

• Definition: Collisions occur when two devices on a shared Ethernet segment attempt to transmit data simultaneously, causing a collision.
• Cause: Collisions can happen in half-duplex Ethernet networks where devices share the same collision domain.
• Impact: Collisions lead to retransmissions, which reduce network efficiency and throughput.
• Indicators:
  • High number of late collisions
  • Increasing number of collisions in show interface output

Carrier Sense Multiple Access/Collision Detect (CSMA/CD)

• Ethernet uses CSMA/CD as its collision detection method for frames transfered on the same medium.

In summary, collisions are a way to distribute the traffic load over time by arbitrating access to the shared medium. Collisions are not bad; they are essential to correct Ethernet operation. Some useful facts:

• The maximum amount of time slots is limited to 1024.
• The maximum amount of retransmissions for the same frame in the collision mechanism is 16. If it fails 16 consecutive times, it is counted as an excessive collision.

Deferred Counter

• Command "Show Interface"
• look for "# deferred"
• The deferred counter counts the number of times the interface has tried to send a frame, but found the carrier busy at the first attempt (Carrier Sense). This does not constitute a problem, and is part of normal Ethernet operation.

Collisions Counter

• Command "Show Interface"
• Look for "# Collisions"
• The collisions counter counts the number of frames for which one or more collisions occurred when the frames were sent.
  • Can be broken down into single collisions or multiple collisions from the "show controller" command

Late Collisions

• When a collision is detected by a station after it has sent the 512th bit of its frame, it is counted as a late collision.
• Command "show interface ethernet [inferface number]"
• Should appear as "# late collision"

Excessive Collisions

• Max # of retries in the backoff algorithm is set to 16.
• After 16 times, it gives up marking it as an excessive collision.
• Command "show controller ethernet [interface number]"
• Should appear as "0 excessive collisions"
• For Cisco Catalyst switches, " %SIBYTE-4-SB_EXCESS_COLL" is displayed for every excessive collision

Errors

• Definition: Errors refer to any issues with data transmission or reception that result in corrupted or lost packets.
• Cause: Errors can occur due to physical layer issues like cable faults, electrocmagnetic interference, or hardware problems.
• Impact: Errors degrade network performance and reliability.
• Indicators:
  • CRC (Cyclic Redundancy Check) errors
  • Input/output errors
  • Frame check sequence (FCS) error

Duplex Mismatch

• Definition: Duplex mismatch occurs when two connected devices have different duplex settings (one device is set to full-duplex while the other is set to half-duplex).
• Causes: Misconfiguration of duplex settings on one or both ends of the link.
• Impact: Leads to collisions and performance degradation, especially in full-duplex devices receiving half-duplex transmissions.
• Indicators:
  • FCS errors
  • Late collisions
  • Slow network performance compared to expected bandwidth

The mostly likely cause for a lot of collisions and runts on the infereface is because of a duplex mismatch. A duplex mismatch will not only cause end user to experience network slowness but also cause many collisions and runts on the switch interface.

• Duplex mismatch is one of the most common causes of bad bulk throughput

Duplex Auto-Negotiation

• When "Fast Ethernet" (100 Mb/s) over twisted pair cable (100BaseT) was introduced, an autonegotiation procedure was added to allow two stations and the ends of an Ethernet cable to agree on the duplex mode. Gigabit Ethernet over twisted pair (1000BaseTX) had speed, duplex, and even "crossed-cable" autonegotiation from the start. Problems

1. Have to remember to configure both ends consistently
2. Hardcoding one side to full duplex when the other does autoconfiguration causes duplex mismatch. Advice - leave auto-negotiation on

• To verify negotiation, use the command "show interfaces interface capabilities"

For Ethernet 1000 Mb Auto-Negotiation, Cisco devices only support Full-Duplex.

Cisco IOS Software

• The switches that run Cisco IOS Software default to auto-negotiation for speed and are set to on for the duplex. Run the show interface interface status command to verify these settings.
• Issue the show interface interface command (without the status keyword) to see the port speed and duplex.

Note - If you hard code the speed on a port, it disables all auto-negotiation functionality on the port for speed and duplex. Note - Duplex cannot be set to half when speed autonegotiation subset contains 1Gbps, 2.5Gbps, 5Gbps, or 10Gbps

Automatic Medium-Dependent Interface Crossover (Auto-MDIX)

• A feature that allows the switch interface to detect the required cable connection type (straight-through or crossover) and automatically configure the connection appropriately. With Auto-MDIX enabled, you can use either type and the interface automatically corrects for any incorrect cabling.

When there are a lot of collisions and cyclic redundancy check (CRC) errors on the interface, there can be several problems

• Bad network cable
• Damaged Media
• Electromagnetic Interfernece (EMI)
  • Problem with the network cable attached to the port or outside interference

Speed Mismatch

• Definition: Speed mismatch occurs when two connected devices operate at different data transmission rates (Ex. one device operates at 100 Mbps while the other operates at 1 Gbps)
• Causes: Configuration mismatch or hardware limitations.
• Impact: Packet loss, errors, and performance issues due to the inability of the slower device to handle incoming data at the faster rate.
• Indicators:
  • Interface flapping (interface goes up and down repeatedly)
  • Performance significantly lower than expected for the configured speed

Full Duplex Transmission

• Full duplex transmission is achieved by setting switch interfaces, router ports, and host NICs to full duplex. Microsegmentation, where each network device has its own dedicated segment to the switch, ensures full duplex will work. The device can send and receive at the same time, effectively doubling the amount of bandwidth between nodes. Three points to remember
  • There are no collisions in full-duplex mode.
  • A dedicated switch port is required for each full-duplex node.
  • The host network card and the switch port must be capable of operating in full-duplex mode. Use Cases:
  • Switched Enternet Networks
  • Telecommunications
  • Wi-Fi
  • Fiber Optic Communication

Note - By enabling Full-Duplex on a port, you are disabling Carrier Sense Multiple Access with Collision Detection (CSMA/CD) on a segment. Replacing a Hub with a switch affects the CSMA/CD behavior because each switch port is a separate collision domain. One device per switch port configured for full-duplex operation elimnates collosions and the need for CSMA/CD.

Half Duplex Transmission

• Half duplex transmission is a mode of communication where data transmission can occur in both directions between two devices, but not simultaneously. Characteristics:
  • Alternating two-way communication
  • Reduced efficiency compared to Full Duplex
  • Potential for Collisions Use Cases:
  • Walkie-Talkies
  • Legacy Ethernet Networks
  • Two-Way Radio Commnication

What command allows you to view the duplex and speed settings configured for a switch port?

• To view the duplex and speed setting configured for a switch port, enter the "show interface interface-id" command as follows:

Show interface command shows the port status is "errDisable". What are the possible causes?

• EtherChannel misconfiguration
• Duplex mismatch
• Bridge protocol data unit (BPDU) port guard has been enabled on the port
• Unidirectional Link Detection (UDLD)
• A native VLAN mismatch

What are the possibilities for this problem?

• The switch port is receiving a lot of collisions. The problem can be duplex mismatch or faulty port, or the distance between the two switches might exceed the cable specifications
  • Note - Duplex mismatch occur when the connecting ends are set to different duplex modes, or when one end's duplex is configured and the other end is set to autonegotiation.

What could be the cause of the problem?

• The switch is receiving a lot of runts. Runts are frames smaller than 64 bytes with a bad frame check sequence (FCS). Bad cabling or inconsistent duplex settings usually cause runts.

1.5 Compare TCP to UDP

1. Connection-Oriented vs. Connectionless

• TCP (Transmission Control Protocol):
  • Connection-Oriented: Establishes a connection before transmitting data.
  • Reliable: Provides error-checking, acknowledgement of data receipt, and retransmission of lost packets.
  • Handshaking: Three-way handshake (SYN, SYN-ACK, ACK) for connection establishment
  • Example Applications: HTTP (web browsing) , FTP (file transfer), SMTP (Simple Mail Transfer Protocol; email)
• UDP (User Datagram Protocol):
  • Connectionless: Does not establish a connection before sending data.
  • Unreliable: No guarantee of delivery, acknowledgement, or error-checking.
  • Fast Transmission: Minimal overhead, suitable for real-time applications.
  • Example Applications: DNS (Domain Name System), DHCP (Dynamic Host Configuration Protocol), VoIP (Voice over IP), streaming media

2. Header Overhead

• TCP: - Header Size: Larger header (20 bytes min) due to additional fields like sequence numbers, acknowledgment numbers, window size, etc. - Overhead: Higher overhead compared to UDP
• UDP:
  • Header Size: Smaller header (8 bytes) with miminal fields (source port, destination port, length, checksum)
  • Efficiency: Lower overhead makes it faster and more efficient for transmitting small amounts of data

3. Reliability & Ordering

• TCP:
  • Reliability: Reliable delivery of data with error detection and correction mechanisms.
  • Sequencing: Ensures data is delivered in order to the application layer.
• UDP:
  • Reliability: No guarantee of delivery or error recovery
  • Ordering: Packets may arrive out of order, and the application layer must handle sequencing if needed.

4. Use Cases

• TCP:
  • Used when reliability and ordered delivery are crucial (Ex. file transfer, web browsing, email)
• UDP:
  • Used when speed and efficiency are more important than reliability (Ex. real-time multimedia applications, online games)
  • Suitable for applications that can tolerate occasional packet loss and do not require retransmission

5. Flow Control & Congestion Control

• TCP:
  • Implements flow control and congestion control algorithms to manage data transmission rates and avoid network congestion
  • Adjusts transmission speed based on network conditions (Ex. TCP sliding window)
• UDP:
  • Does not implement flow or congestion control
  • Applications using UDP must manage these aspects independently

6. Examples

• TCP: HTTP, HTTPS, FTP, SSH, Telnet
• UDP: DNS, DHCP, SNMP, VoIP, streaming media (Ex. UDP-based protocols like RTP for real-time applications)
  • Another example of UDP is a keyboard or controller sending inputs to an online game.

1.6 Configure and verify IPv4 addressing and subnetting

IPv4 Addresses are 32-bit numerical identifiers assigned to devices on a network. They are typically represented in dotted-decimal format (Ex. 192.168.1.1) and are divided into classes:

• Class A: Range from 1.0.0.0 to 126.255.255.255 (8 bits for network, 24 bits for host)
• Class B: Range from 128.0.0.0 to 191.255.255.255 (16 bits for network, 16 bits for host)
• Class C: Range from 192.0.0.0 to 223.255.255.255 (24 bits for network, 8 bits for host)

Network Masks

• A network mask helps you know which portion of the address identifies the network and which portion of the address identifies the node. Class A, B, and C Networks have default masks shown here:

Subnetting: Subnetting involves dividing a larger network into smaller sub-networks (subnets). It helps optimize network performance, manage IP address allocation efficiently, and enhance security. If yo do not subnet, you are only able to use one network from your Class A, B, or C network, which is unrealistic.

1. Determine Requirements:
   • Network Size: Determine the number of subnets and hosts needed for each subnet.
   • IP Address Range: Choose an appropriate IP address range based on the required number of subnets and hosts per subnet.
2. Subnet Mask Calculation
   • Subnet Mask: Defines the network portion and host portion of an IP address.
   • CIDR Notation: Represents subnet masks using the format IP_address/Prefix_Length (Ex. 192.168.1.0/24)
3. IP Address Allocation
   • Assign IP Addressses: Allocate IP addresses to devices within each subnet
   • Reserve IP Addresses: Reserve certain IP addresses for network infrastructure (Ex. routers, servers)
4. Verify IP Address Configuration
   • IP Configuration Commands: Use command-line tools like 'ipconfig' (Windows) or 'ifconfig' (Linux/Unix) to verify IP addresses on devices
   • Subnet Mask Verification: Ensure that subnet masks match the intended network segmentation

1.7 Describe the need for private IPv4 addressing

The RFC 1918 sets aside three blocks of IP addresses for private or internal use:

• Class A Range
• Class B Range
• Class C Range

image

Global addresses must be obtained from a provider or a registry at some expense.

Variable Length Subnet Masks (VLSM)

Routers normally don't spend time surfing the web; therefore, this is only an issue when troubleshooting Internet Control Message Protocol (ICMP) using Simple Network Management Protocol (SNMP).

Discontiguous subnets refer to a situation in a network where subnets of the same major network (or IP address block) are separated by subnets of a different major network. This can create challenges in routing because traditional routing protocols assume that all subnets of a given major network are contiguous and can be summarized into a single route.

Network Address Translation (NAT) is the process of swapping one address for another in the IP Packet Header. NAT is used to allow hosts that are privately addressed using RFC 1918 addresses to access the internet. Port Address Translation (PAT) allows multiple inside addresses to map to the same global address.

1. Limited IPv4 Address Space
   • IPv4 Address Exhaustion: The IPv4 address space is limited to approximately 4.3 billion unique addresses. With the exponential growth of devices connected to the internet, this address space is insufficient to provide a unique public IP address to every device.
   • Conversation of Public Addresses: Private IPv4 addresses help conserve the limited pool of public IPv4 addresses by allowing organizations to use the same private IP address ranges internally.
2. Private IPv4 Address Ranges: Defined by RFC 1918, private IPv4 addresses are not routable on the public internet and are meant for use within private networks. The private IP address ranges are:
   • Class A: 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
   • Class B: 172.16.0.0 to 172.32.255.255 (172.16.0.0/12)
   • Class C: 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)
3. Network Address Translation (NAT)

• Functionality: NAT allows multiple devices on a private network to share a single public IP address for accessing the internet. When a device on a private network needs to communicate with a device on the public internet, NAT translates the private IP address to a public IP address.
• Types of NAT:
  • Static NAT: Maps a single private IP address to a single public IP address
  • Dynamic NAT: Maps a private IP address to a public IP address from a pool of available public addresses
  • Port Address Translation (PAT): Also known as "overloading", maps multiple private IP addresses to a single public IP address by using different ports

4. Benefits of Private IPv4 Addressing:

• Security
  • Isolation: Devices with private IP addresses are not directly reachable from the public internet, providing an additional layer of security
  • Internal Communication: Private IP addresses facilitate secure communication within an organization's internal network
• Address Reusability
  • Local Use: Private IP address ranges can be reused in different private networks without conflict, making them ideal for internal communication
  • Cost Savings: Using private IP addresses reduces the need to purchase additional public IP addresses
• Simplified Network Management
  • Internal Organization: Easier management and organization of internal IP address schemes
  • Subnetting: Facilitates the creation of subnets within an organization, enhancing network performance and efficiency

5. Use Cases:

• Home Networks - use IP addresses to connect devices like computers, smartphones, and smart TVs to the router, which then uses NAT to connect to internet
• Corporate Networks - Businesses use private IP addresses to connect internal devices, servers, and workstations. NAT and firewall technologies help manage traffic between private network and the internet
• Virtual Private Networks (VPNs) - Private IP addresses are used within VPNs to provide secure, remote access to an organization's internal network resources

6. Comparison of Public & Private

• Public IP Addresses: Unique across the entire internet, assigned by Internet Service Providers (ISPs) or regional internet registries
• Private IP Addresses: Not unique across internet, used exclusively within private networks and not routable on the public internet

1.8 Configure and verify IPv6 addressing and prefix

IPv6 addresses are 128-bit identifiers represented in hexadecimal format. They are divided into eight groups of four hexadecimal deigits, separated by colons (Ex. 2001:0db8:85a3:0000:0000:8a2e:0370:7334). Leading zeros in each group can be omitted, and consecutive groups of zeros can be abbreviated with a double colon (::).

IPv6 Address Types (Prefix Examples)

• Global Unicast Address: Similar to public IPv4 addresses, these are globally unique and routable on the internet (Ex. 2001:0db8::/32)
• Link-Local Address: Used for communication within a single network segment (Ex. fe80::/10)
• Unique Local Address (ULA): Used for local communication within a site or organization, similar to private IPv4 addresses (Ex. fc00::/7)

Link Local Address - is not reachable by anybody unless they are in the private network segment Global Unicast Address - can be reached across the internet

Configuring IPv6 Addressing

1. Manual Configuration You can manually assign IPv6 addresses to interfaces on network devices. Here's how to do it on a Cisco router:

2. Stateless Address Autoconfiguration (SLAAC) Devices can automatically configure their own IPv6 addresses based on the network prefix advertised by routers.

3. DHCPv6 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) can be used to assign IPv6 addresses dynamically.

Verifying IPv6 Addressing

1. Check Interface IPv6 Configuration: Use the 'show ipv6 interface' command to verify the IPv6 address configuration on a specific interface.

2. Display IPv6 Routing Table: The 'show ipv6 route' command displays the IPv6 routing table, which includes all known IPv6 routes.

3. Ping IPv6 Addresses: The 'ping' command can be used to test connectivity between devices using their IPv6 addresses.

1.9 Describe IPv6 address types

1.9.a Unicast (global, unique local, and link local)

IPv6 does not have a broadcast address; other options exist like solicited-node multicast address and an all-IPv6 devices multicast address.

IPv4, with its 32-bit address space, provides for 4.29 billion (4,294,967,296) addresses. IPv6, with its 128-bit address space, provides for 340 undecillion addresses, or 340 trillion trillion trillion addresses. That’s 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses—a lot of addresses!

LAN traffic is transmitted one of the following three ways:

• Unicast: Unicasts are the most common type of LAN traffic. A unicast frame is a frame intended for only one host.
• Broadcast: Broadcast frames are intended for all hosts within a broadcast domain. Stations view broadcast frames as public service announcements. All stations receive and process broadcast frames.
• Multicast: Multicasts are traffic in which one transmitter tries to reach only a subset, or group, of the entire segment.

1. Global Unicast Addresses (GUAs) - uniquely identifies an interface on an IPv6 device Global Unicast Addresses are unique IPv6 addresses that are routable on the global internet. They serve a similar purpose to public IPv4 addresses and are used for direct communication between devices across different networks worldwide.

Structure:

• Prefix: The global unicast address typically starts with '2000::/3' (the first three bits are '001')
• Global Routing Prefix: The initial portion of the address assigned by the Internet Assigned Numbers Authority (IANA) or regional registries (Ex. 2001:0db8::/32)
• Subnet ID: Defines a specific subnet within the given network (Ex. 2001:0db8:abcd::/64)
• Interface ID: The remaining portion of the address, often derived from the device's MAC address using EUI-64 format or generated randomly

There are several ways a device can be configured with a GUA:

• Manually configured
• Stateless Address Autoconfiguration
• Stateful DHCPv6

2. Unique Local Addresses (ULAs) Unique Local Addresses in IPv6 are meant for local communication within a site or organization, similar to private IPv4 addresses. They are not routable on the global internet and are used primarily for internal networks.

Structure:

• Prefix: ULAs start with 'fc00::/7', but typically use 'fd00::/8' (the eighth bit is '1').
• Global ID: A 40-bit identifier that ensures uniqueness within an organization
• Subnet ID: Defines specific subnets within the local network
• Interface ID: The remaining portion of the address

Unique Local Address Characteristics:

• Can be used just like global unicast addresses
• Can be used for devices that never need access to or from the global Internet
• Allow sites to be combined or privately interconnected without address conflicts and without requiring addressing renumbering
• Indepedent of any ISP and can be used within a site even without having Internet connectivity

Using NAT with IPv4 is not for security but for IPv4 address depletion.

• Network Address Translation (NAT) - NAT for IPv4 is stateful, which is what deliveries the security part... IPv6 NAT is stateless as well as NPT
• Network Prefix Translation (NPT)
  • Address independence means that a site does not have to renumber its internal addresses if the ISP changes the site's external prefix or if the site changes ISPs and receives a different prefix

Use Cases:

• Internal communications within an organization or site
• Networks that do not require external internet access
• Virtual private networks (VPNs)

3. Link-Local Addresses Link-local addresses are used for communication within a single network segment or link. They are automatically configured on all IPv6-enabled interfaces and are essential for various network functions like neighbor discovery.

Structure:

• Prefix: Link-local addresses start with 'fe80::/10' (the first ten bits are '1111 1110 10')
• Remaining Bits: Set to zero, except for the Interface ID, which is typically derived from the device's MAC address

Note - Using a prefix other than fe80 for a link-local can result in unexpected behaviors

Key Points:

• To be an IPv6-enabled device, a device must have an Ipv6 link-local address.

• Link-local addresses are not routable off the link (IPv6 subnet).

• Link-local addresses only have to bbe unique on the link. Configuration Options:

• Devices dynamically (automatically) create their own link-local IPv6 address upon startup.

• Link-local addresses can be manually configured

• With IPv4, you need an IP address to communicate with a DHCP (Dynamic Host Configuration Protocol) server to ask for one.

  • DHCP for IPv4 uses a Discover message with an IPv4 source address of 0.0.0.0.

• With IPv6, during device startup, the device automatically gives itself a link-local address that is unique on the subnet, and can use it to communicate with any device on the network including an IPv6 router and if necessary a DHCPv6 server.

Key Differences and Usage:

• Global Unicast Addresses: Used for devices needing global reachability on the internet. They are unique across the globe and routable.
• Unique Local Addresses: Used within private networks for internal communication. They are not routable on the global internet but unique within a given local scope.
• Link-Local Addresses: Used for communication within a single network segment. They are automatically assigned and essential for basic network operations.

Loopback Address Loopback Address is another type of unicast address. An IPv6 loopback address is ::1, an all -0s address except for the last bit, which is set to 1. It is equivalent to the IPv4 address block 127.0.0.0/8 most commonly the 127.0.0.1.

• A loopback address is a special IP address used to test the network stack of a device and ensure that the IP software is functioning correctly. It is a critical tool in networking for diagnostic and development purposes.

Loopback characteristics:

• Cannot be assigned to a physical interface
• Packet with a loopback address, source address, or destination address should never be sent beyond the device
• A router can never forward a packet with a destination address that is a loopback address
• The device must drop a packet received on an interface is the destination address is a loopback address

Unspecified Address An unspecified unicast address is an all-0s address and is used as a source address to indicate the absense of an address. It cannot be assigned to an interface.

• An unspecified address can be used as a source address in ICMPv6 Duplicate Address Detection (DAD).
• DAD is a process that a device uses to ensure that its unicast address is unique on the local link (network).
  • It is primarily used in specific scenarios during the initial stages of network communication or when an address is unknown or not yet assigned.
  • A router will never forward a packet that has an unspecified source address.

1.9.b Anycast

Anycast addresses in IPv6 are used to deliver packets to the nearest or most convenient node among a group of potential receivers that share the same address. This is useful for load balancing, redundancy, and optimizing service delivery.

• An IPv6 anycast address is an address that can be assigned to more than one interface (typically different devices).
• Anycast addresses use the same address range as global unicast addresses

Characteristics:

1. One-to-Nearest Communication - The nearest node is typically determined by the routing protocol based on metrics like hop count, latency, or other criteria.
2. Shared Address - Multiple nodes can share the same anycast address. When a packet is sent to an anycast address, it is delivered to the closest node.
3. Routing-Based Delivery - Routing protocols ensure that the packet is delivered to the nearest node in terms of routing cost.

Use Cases:

• DNS Servers, content delivery networks (CDNs), and other services where availability and redundancy are critical

1.9.c Multicast

IPv6 Multicast is a method of sending network traffic to multiple destinations simultaneously. Multicast sends data only to a group of interested receivers. This is useful for applications like streaming media, video conferencing, and other types of group communication.

Characteristics:

1. Multicast Addresses:
   • Start with the prefix 'FF00::/8'. The structure of a multicast address is defined as 'FFxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx', where the first 8 bits are always '1111 1111' to indicate it's a multicast address.
   • Next 4 bits are the "flags" field, and following 4 bits indicate the scope (Ex. link-local, site-local, organization-local, global)
   • Examples of common scopes:
     • FF01:: for node-local scope
     • FF02:: for link-local scope
     • FF05:: for site-local scope
     • FF08:: for organization-local scope
     • FF0E:: for global scope
2. Multicast Groups:
   • A multicast group is a set of receivers that are interested in receiving specific data streams. Devices can join or leave multicast groups dynamically.
   • IPv6 uses the Internet Group Management Protocol (IGMP) to manage membership in multicast groups.
3. Efficient Data Distribution:
   • Multicast is more efficient because data packets are only sent to nodes that are part of the multicast group. This conserves bandwidth and reduces network load.
4. Uses of Multicast:
   • Common applications include live video or audio streaming, IPTV, online gaming, stock ticker services, and real-time data feeds.

• Permanent (0): These addresses, known as predefined multicast addresses, are assigned by IANA and include both well-known and solicited multicast
• Nonpermanent (1): These are "transient" or "dynamically" assigned multicast addresses. They are assigned by multicast applications

Well-know multicast addresses have the prefix ff00::/12. This means that the third hexadecimal digit, the Flag Field, is always set to 0. Some examples of IPv6 well-known multicast addresses include the following:

• ff02::1: All IPv6 devices
• ff02::2: All IPv6 routers
• ff02::5: All OSPFv3 routers
• ff02::a: All EIGRP (IPv6) routers

1.9.d Modified EUI 64

Modified EUI-64 is a method used to create a unique interface identifier (IID) for an IPv6 address based on a device's MAC address. This method ensures that the IID, which forms the last 64 bits of an IPv6 address, is globally unique.

Modified EUI 64 Format

1. Start with the 48-bit MAC Address
   • A MAC address is typically represented as six pairs of hexdecimal digits (Ex. '00:1A:2B:3C:4D:5E')
2. Split the MAC Address
   • Divide the MAC address into two 24-bit halves: '00:1A:2B' and '3C:4D:5E'.
3. Insert the FFFE Hexadecimal Sequence:
   • Insert 'FF:FE' in the middle of the MAC address. This makes the address 64 bits long:
     • '00:1A:2B' becomes '00:1A:2B:FF:FE:3C:4D:5E'
4. Modify the Universal/Local (U/L) Bit:
   • The 7th bit of the first byte in the MAC address is known as the U/L bit. This bit indicates whether the address is universally or locally administered.
   • In the MAC address '00:1A:2B:FF:FE:3C:4D:5E', the first byte 00 in binary is 00000000.
   • Change the 7th bit (the U/L bit) from 0 to 1 to indicate that the address is globally unique. This transforms 00000000 to 00000010, which is 02 in hexadecimal.
   • The final IID is 02:1A:2B:FF:FE:3C:4D:5E.

IPv6 EUI-64 Addressing

IPv6 EUI-64 addressing allows for automatic configuration of an IPv6 address based on the MAC address of a device. The EUI-64 process splits the MAC address into two parts and inserts FFFE in the middle, also inverts the 7th bit of the first byte to form the interface identifier. Here’s how you can configure an IPv6 address using EUI-64 on a network interface.

1. Obtain the MAC Address: Let's assume the MAC address is 00:1A:2B:3C:4D:5E.
2. Split the MAC Address: Split the MAC address into two halves:
   • First half: 00:1A:2B
   • Second half: 3C:4D:5E
3. Insert FFFE: Insert FFFE between the two halves:
   • Resulting EUI-64: 00:1A:2B:FF:FE:3C:4D:5E
4. Invert the 7th Bit: The first byte of the MAC address is 00. Convert this to binary (00000000), invert the 7th bit (00000010), and convert back to hexadecimal (02):
   • Modified EUI-64: 02:1A:2B:FF:FE:3C:4D:5E
5. Combine with IPv6 Prefix: If the IPv6 network prefix is 2001:db8:1:2::/64, combine it with the EUI-64 identifier:
   • Full IPv6 address: 2001:db8:1:2:021a:2bff:fe3c:4d5e

1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux)

Windows

1. Using Command Prompt:

• Open Command Prompt:
  • Press 'Windows + R', type 'cmd', and press 'Enter'.

2. Verify IP Parameters:

• Type 'ipconfig/all' and press 'Enter'.
• This command will display IP configuration information, including IP address, subnet mask, default gateway, and DNS servers

3. Interpret Key Output

• IPv4 Address: The IP address assigned to your machine.
• Subnet Mask: The subnet mask associated with your IP address.
• Default Gateway: The IP address of the router or gateway your computer uses to access other networks.
• DNS Servers: The DNS server addresses your computer uses for domain name resolution.

Mac OS

1. Using Terminal:

• Open Terminal
  • Go to Applications > Utilities > Terminal
  • Or Command + Space and type 'Terminal' then press enter

2. Check IP Configuration with 'ifconfig'
   • Type the command 'ifconfig' and press enter
   • Look for the network interface you are using (EX. 'en0' for Ethernet, 'en1' for Wi-Fi)
   • The IP address will be listed under the 'inet' entry for the interface

Linux

1. Check IP Configuration:
   • Open a terminal
   • Type 'ifconfig' and press enter
   • This command will display all network interfaces and their IP addresses

1.11 Describe wireless principles

1.11.a Nonoverlapping Wi-Fi channels

Nonoverlapping Wi-Fi channels are channels in the Wi-Fi frequency bands that do not interfere with each other, ensuring a cleaner signal and better overall network performance. Nonoverlapping channels reduce interference, especially in environments with multiple Wi-Fi networks.

Importance of Nonoverlapping Channels

• Minimize Interference: Using nonoverlapping channels reduces the chance of interference between Wi-Fi networks, leading to more stable and faster connections.
• Improved Performance: Better channel separation helps maintain high data throughput and reduces packet loss.
• Optimal Network Design: Especially in dense environments (like apartments, offices, or public spaces), planning with nonoverlapping channels ensures better performance for all users.

2.4 GHz Band In the 2.4 GHz band, channels are spaced 5 MHz apart, but each Wi-Fi channel is 20 MHz wide. This overlap can cause interference if adjacent channels are used. There are a limited number of nonoverlapping channels in this band:

Channels 1, 6, and 11: These are the three commonly used nonoverlapping channels in the 2.4 GHz band. Using these channels helps to minimize interference.

Example:

• Channel 1: Center frequency 2.412 GHz
• Channel 6: Center frequency 2.437 GHz
• Channel 11: Center frequency 2.462 GHz

5 GHz Band The 5 GHz band has more channels and less overlap due to the wider frequency range. The channels are typically 20 MHz wide, but can also be bonded to 40 MHz, 80 MHz, or 160 MHz channels for higher throughput. Nonoverlapping channels in the 5 GHz band depend on the width of the channels being used:

• 20 MHz Channels: There are many nonoverlapping channels available in the 5 GHz band. Some common ones are:
  • Channels: 36, 40, 44, 48 (U-NII-1)
  • Channels: 52, 56, 60, 64 (U-NII-2A, DFS channels)
  • Channels: 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140 (U-NII-2C, DFS channels)
  • Channels: 149, 153, 157, 161, 165 (U-NII-3)
• 40 MHz Channels: To avoid overlap, every second channel can be used.
  • Example: 36-40, 44-48
• 80 MHz Channels: Combine four adjacent 20 MHz channels.
  • Example: 36-48, 52-64, 100-112
• 160 MHz Channels: Combine eight adjacent 20 MHz channels.
  • Example: 36-64

6 GHz Band (Wi-Fi 6E) The 6 GHz band is a new addition with Wi-Fi 6E, offering even more nonoverlapping channels. This band has a large amount of spectrum available, reducing the chances of interference significantly. Nonoverlapping channels here include:

• 20 MHz Channels: Numerous nonoverlapping channels are available.
• 40 MHz Channels: Similar approach to the 5 GHz band, every second channel.
• 80 MHz Channels: Multiple nonoverlapping channels.
• 160 MHz Channels: Many nonoverlapping channels due to the wide spectrum.

In the 2.4 GHz band, channels 1, 6, and 11 are commonly used to avoid overlap. The 5 GHz band offers a larger selection of nonoverlapping channels, with more flexibility and higher bandwidth options. The new 6 GHz band introduced with Wi-Fi 6E provides even more channels, reducing interference further and enhancing overall network performance.

1.11.b SSID

Service Set Identifier (SSID) is a unique identifier that distinguishes one wireless network from another.

• SSID is essentially the name of a wireless network. It is case-sensitive, alphanumeric string of up to 32 characters.
• Purpose is to differentiate between multiple wireless networks in a given area. It allows users to select the correct network to join.

Types of Service Sets

1. Basic Service Set (BSS): This is the fundamental building block of an 802.11 wireless LAN. It consists of a single access point (AP) and all associated client devices. Each BSS has a unique identifier called the BSSID, which is typically the MAC address of the AP.
2. Extended Service Set (ESS): An ESS is a collection of two or more BSSs that share the same SSID. This allows for seamless roaming, as client devices can move between different APs within the same ESS without losing connectivity.

1.11.c RF

Radio Frequency (RF) refers to electromagnetic waves typically in the frequency range of 3 kHz to 300 GHz. These waves are used to transmit data through the air over various distances.

• Frequency & Wavelength

  • f = c / lambda
  • c = the speed of light in a vacuum
  • 2.45 GHz = 12.3cm
  • 5.0 GHz = 6cm

• Signal Strength

  • Gain and Amplification
  • Loss and Attenuation

• Wave Propagation

  • Attentuation and Free Space Path Loss
  • Reflection & Absorption RF Mathematics

• dB is a logarithmic ratio of values (voltages, power, gain, losses)

  • We add gains
  • We subtract losses

• dBm is a power measurement relative to 1mW

• dBi is the forward gain of an antenna compared to isotropic antenna

Interference and Signal to Noise Ratio

• Any RF signals other than what we want is interference
• SNR is a ratio
• The signal strength is a result of:
  • Transmit power
  • Receive sensitivity
• Two Levers (important)
  • Increase the signal
  • Or, decrease the noise

Constructive & Destructive Interference

• While the signals of the top two graphs have a higher amplitude, they are out-of-phase with one another causing them to decrease.
• The 2nd and 3rd one are in phase creating a stronger wave

Implicit Transmit Beamforming (ITxBF) is a technique used in wireless communication, particularly in Wi-Fi networks, to improve the performance of data transmission between an access point (AP) and a client device.

• Explicit TxBF: In Explicit TxBF, both the transmitter (AP) and the receiver (client device) support and cooperate in beamforming. This means that the transmitter sends beamforming sounding frames to the receiver to gather channel state information (CSI), allowing the transmitter to adjust its beamforming techniques dynamically.
• Implicit TxBF: In Implicit TxBF, the transmitter (AP) performs beamforming without explicit feedback or support from the receiver (client device). The AP makes assumptions about the optimal beamforming based on the channel conditions and possibly predefined standards or algorithms.

RF Principles

1. Electromagnetic Waves: RF communication relies on electromagnetic waves to carry information. These waves oscillate at specific frequencies and can travel through different media, including air, vacuum, and even some solid materials.
2. Frequency and Wavelength: The frequency of an RF wave is inversely realted to its wavelength. The choice of frequency affects the propagation characteristics of the signal.
3. Amplitude, Frequency, and Phase Modulation: Data can be encoded onto RF waves using different modulation techniques
   • Amplitude Modulation (AM): Varies the amplitude of the carrier wave
   • Frequency Modulation (FM): Varies the frequency of the carrier wave
   • Phase Modulation (PM): Varies the phase of the carrier wave

Digital Modulation Techniques

• Orthogonal Frequency Division Multiplexing (OFDM)
  • Combines modulation and multiplexing techniques to further improve spatial efficiency

Transmit & Receive Diversity

• Transmit Diversity improves signal quality
• N+1 is necessary to effectively deliver on spatial multiplexing benefits
  • This means that one more antenna to deliver the benefits i.e. to deliver 3 spatial streams (ss) you need 4 receive antennas (4x4 MIMO configuration).

Key Components in RF Communication

1. Transmitter: Converts data into an RF signal and transmits it through an antenna.
2. Receiver: Captures the RF signal through an antenna and converts it back into data.
3. Antenna: Essential for both transmission and reception, antennas convert electrical signals into electromagnetic waves and vice versa.

RF Spectrum

• Frequency Bands: The RF spectrum is divided into various frequency bands, each designated for specific types of communication. Some common bands include:
  • Low Frequency (LF): 30 kHz to 300 kHz
  • Medium Frequency (MF): 300 kHz to 3 MHz
  • High Frequency (HF): 3 MHz to 30 MHz
  • Very High Frequency (VHF): 30 MHz to 300 MHz
  • Ultra High Frequency (UHF): 300 MHz to 3 GHz
  • Super High Frequency (SHF): 3 GHz to 30 GHz
  • Extremely High Frequency (EHF): 30 GHz to 300 GHz

2.4 GHz Spectrum - 1, 6, 11

1.11.d Encryption

Encryption is a critical security measure designed to protect data transmitted over wireless networks from unauthorized access and interception.

Types of Wireless Encryption Protocols

1. Wired Equivalent Privacy (WEP):
   • Overview: An older encryption standard designed to provide wireless security comparable to wired networks.
   • Key Size: Typically uses 40-bit or 104-bit keys.
   • Weaknesses: Vulnerable to several security flaws, making it relatively easy to crack with modern tools.
   • Usage: Largely deprecated due to its vulnerabilities.
2. Wi-Fi Protected Access (WPA):
   • Overview: Introduced to address the weaknesses of WEP.
   • Key Size: Uses TKIP (Temporal Key Integrity Protocol) with 128-bit keys.
   • Security: Provides better security than WEP, but still has vulnerabilities, particularly in the TKIP protocol.
   • Usage: Has been replaced by WPA2 in most modern networks.
3. Wi-Fi Protected Access II (WPA2):
   • Overview: The successor to WPA, providing stronger encryption and improved security.
   • Encryption Protocol: Uses AES (Advanced Encryption Standard) with CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol).
   • Key Size: Typically uses 256-bit keys.
   • Security: Considered very secure when properly implemented.
   • Usage: The most common standard for securing Wi-Fi networks.
4. Wi-Fi Protected Access III (WPA3):
   • Overview: The latest Wi-Fi security standard, designed to address vulnerabilities in WPA2 and provide enhanced security features.
   • Encryption Protocol: Uses SAE (Simultaneous Authentication of Equals) for stronger protection against password guessing attacks.
   • Key Size: Uses 192-bit keys for WPA3-Enterprise and 256-bit keys for WPA3-Personal.
   • Security: Provides forward secrecy and protection against offline dictionary attacks.

Encryption Methods

• TKIP: Used in WPA, it provides per-packet key mixing, message integrity checks, and re-keying mechanisms.
• AES-CCMP: Used in WPA2 and WPA3, it provides stronger security features including data confidentiality, authentication, and replay protection.

Wireless LAN Implications, Problems, & Solutions

Security Vulnerabilities

• Network security refers to the protection of information and resources from loss, corruption, and improper use. With WLANs, security vulnerabilities fall into the following areas:
  • Passive Monitoring
  • Unauthorized Access
  • Denial-of-service attacks

Passive Monitoring

• Passive Monitoring happens when a hacker can access the radio signals from company facilities because the radio signals go beyond the limits of the area an organization controls.
• To combat this, organizations implement encryption between all client devices and the access points. Encryption alters the information bits in each frame, based on an encryption key, so that the hacker cannot make sense of the data.
  • A recommended example of this is Wi-Fi Protected Access (WPA)
  • Advanced Encryption Standard (AES)

Unauthorized Access

• If someone can connect to a WLAN, they can potentially access anything on the network.
• One way this can happen is through a man-in-the-middle attack
  • Exploit the TCP/IP Address Resolution Protocol (ARP) functions - can be used to determine the physical address (MAC Address) and ultimately route all of new incoming information to the attackers device

Denial-of-Service Attacks

• An assault that can cripple or disable a WLAN. Wireless networks are extremely vulnerable to DoS attacks (even when using modern security mechanisms), which can cause a WLAN to slow to crawling speeds or even quit working.
• Malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic. The goal is to make the targeted resource unavailable to its intended users.
• One form of DoS is the brute-force method, which can come in two forms:
  • A huge flood of packets that uses up all the network's resources and forces it to shut down
  • A very strong radio signal that totally dominates the airwaves and renders access points and radio cards useless

DoS attacks are not common and are generally implemented over the air, thus disturbing only a small portion of a WLAN.

Types of Interference

• Radio Signal
• Microwave Oven
• Cordless Phone - Direct-Sequence Spread Spectrum (DSSS) or Frequency-Hopping Spread Spectrum (FHSS)
  • The use of 2.4-GHz cordless phones is very common. In this case, consider implementing 802.11ac or the 5-GHz version of 802.11n to avoid interference.
• Bluetooth Interference - uses FHSS to hop over the entire 2.4GHz band
  • Usage will really only affect the network if a company implements a larger-scale bluetooth network i.e. a bunch of bluetooth devices in a hospital enabling mobility for doctors and nurses
  • Proximity of Bluetooth devices to client radios and access points have a tremendous effect on degree of interference
• Neighboring Wireless LAN

Impacts of Multipath Propagation

• Intersymbol Interference (ISI) - the shape of the signal conveys the information being transmitted, so when delays are great enough and data rates are high, it can cause bit errors in the packet

Roaming Issues

• The beneficial aspect of Wi-Fi networks is mobility. A device can seamlessly connect or "roam" to different access points providing seamless connectivity.
  • Dampen the handoff process of access points to avoid skipping between points
  • Be aware this process might not be as seamless as they say

Battery Limitations

• The battery within a device will take a hit when its radio card is trying to locate a suitable network.
• To counter the problem, organizations implement power management techniques in client devices and radios.
  • Without Power Management techniques, devices will remain in receptive state.
  • Doze mode: The doze mode, which is the default state of the product, keeps the radio off most of the time and wakes it up periodically to determine whether any messages await in a special mailbox. This mode alone generally uses approximately 50 percent less battery power.
  • Sleep mode: The sleep mode causes the radio to remain in a transmit-only standby mode. In other words, the radio wakes up and sends information if necessary, but it is not capable of receiving any information.

Interoperability Problems

• To ensure interoperability with WLANs, it is best to implement client radios and access points (if possible) from the same vendor. You can implement multivendor WLANs successfully, but that reduces the WLAN features to the lowest common denominator, which is what the 802.11 standard specifies.

Installation Issues

• In a WLAN installation, predicting the way in which the contour of the building will affect the propagation of radio waves is difficult.
  • Omnidirectional antennas propagate radio waves in all directions if nothing gets in the way.

1.12 Explain virtualization fundamentals (server virtualization, containers, and VRFs)

Hypervisors - you can build a Virtual Machine when you add a hypervisor Manages the resources that is given from the physical hardware to the VM

• Type 1 - installed directly on top of the physical servers - Bare Metal Hypervisors
  • Most secured and lower latency
• Type 2 - Layer of host OS that sits between Host and Hypervisor - Hosted Hypervisors
  • End user virtualization
  • Higher latency

Benefits

• Cost Savings - reduce physical infrastructure footprint (save on your bottom line)
• Agility & Speed - easier than totally provisioning a new environment
• Lowers your downtime - you can move VMs from one physical server to another

Server Virtualization

• Server Virtualization involves dividing a physical server into multiple unique and isolated virtual servers using a software application called a hypervisor. Each virtual server runs its own operating system and applications as if it were a separate physical server.
  • Hypervisor - A software layer that enables virtualization, which sits between hardware and operating system.
  • Type 1 (Bare-Metal) - Runs directly on hardware (ex. VMware ESXi, Microsoft Hyper-V)
  • Type 2 (Hosted) - Runs on top of an existing operating system (ex. VMware Workstation, Oracle VirtualBox)
  • Virtual Machines (VMs) - Instances of virtual servers that run on the hypervisor. Each VM has its own OS, applications, and virtual hardware resources. Use Cases:
    • Consolidating multiple servers onto fewer physical machines
    • Testing and development environments
    • Disaster recovery solutions

Types of Virtualization

• Data Virtualization - provides processing capabilities to bring data in from multiple sources for process and treatment as a single source
• Desktop Virtualization - allows a central administrator to deploy simulated desktop environments to hundreds of physical machines at once
• Server Virtualization - virtualizing a server allows for more specific functions and involves partitioning the physical device so that the components can be used to serve multiple functions
• Operating System Virtualization (happens at the kernel) - allows for the user to deploy multiple operating systems on a single machine
  • Reduces bulk hardware costs
  • Increases security because virtual instances can be monitored and isolated
  • Limits time spent on IT services (i.e. software updates)
• Network Functions Virtualization (NFV) - separates a network's key functions (like directory services, file sharing, and IP configuration) so they can be distributed among environments
  • Once software functions are indepedent of the physical machines, specific functions can be packaged together in a new network and assigned to an environment.
  • Reduces the number of physical components like switches, routers, servers, cables, and hubs

Containers

• Containers are a lightweight form of virtualization that packages an application and its dependencies into a single unit that can run consistently across various computing environments. Unlike VMs, containers share the host operating system's kernel but isolate the application's processes.
  • Container Engine - Software that manages containers (ex. Docker)
  • Images - Read-only templates used to create containers. Contain everything needed to run an application.
  • Containers - Instances created from images. They run isolated processes with their own file system, network, and process space.
  • Orchestration - Tools like Kubernetes manage, scale, and deploy containers in a cluster Use Cases:
    • Microservices architectures
    • Continuous Integration/Continuous Deployment (CI/CD) pipelines
    • Cloud-native applications

Virtual Routing and Forwarding (VRFs)

• VRF is a technology that allows multiple instances of a routing table to coexist within the same router simultaneously. It enables the creation of multiple virtual networks over a single physical network infrastructure, each isolated from the others.
  • VRF Instances - Each VRF instance has its own routing table, enabling separate and isolated networks.
  • Route Distinguisher (RD) - A unique identifier that distinguishes routes in different VRF instances.
  • Route Target (RT) - Used for importing and exporting routes between VRF instances and ensuring proper routing. Use Cases:
    • Multi-tenant environments (ex. ISPs, data centers)
    • Separation of different departments or clients within an organization
    • Secure segmentation of networks for different applications or services

1.13 Describe switching concepts

1.13.a MAC learning and aging

MAC Learning

• MAC learning is the process by which Ethernet swtiches dynamically build and update a table of MAC addresses and their associated ports.
  • Frame Reception - When a switch receives an Ethernet frame on a specific port, it examines the frame's source MAC address.
  • Updating the MAC Address Table
  • Forwarding Decision - If the destination MAC address is found, the switch forwards it to the corresponding port. If not found, the switch floods the frame to all ports except from the sender.

MAC Aging

• MAC aging is the process by which entries in the MAC address table are automatically removed after a period of inactivity. It ensures that the MAC address table remains up-to-date and does not become filled with stale entries.
  • Age Timer - Each entry in the MAC address table has an associated age timer; it is reset every time a frame with the corresponding MAC address is received.
  • Aging Out - If an entry's age timer reaches a predefined threshold (typically 5 minutes by default), the entry is considered stale. The switch removes the stale entry from the table, freeing up sapce for new entries.

Address Resolution Protocol (ARP) Designed to resolve addresses, ARP ties together data link layer 2 and network layer 3 by mapping the layers.

• When you want to connect to a server, a higher-level lookup is performed by the Domain Name System (DNS) resulting in the form of an IP address. Assuming the server is on the local subnet, a second lookup is performed to search for the MAC address of the server, using ARP.
• Even if the server is not local, ARP is still used-though for the default gateway's MAC address, not for the destination server's MAC address. ARP provides a lookup mechanism and table to store information found in the lookups

1.13.b Frame switching

• Frame Switching is a process used by network switches to direct data packets (frames) to their destination within a local area network (LAN). The switch makes forwarding decisions based on the MAC addresses in the frames.
  • MAC Address Table - forwarding table or CAM (Content Addressable Memory)
  • Switch Ports - Physical or virtual interfaces on a switch where devices connect to the network
  • Frame - A unit of data at the data link layer (Layer 2) of the OSI model Process

1. Frame Reception - frame arrives at one of the switch ports.
2. MAC Learning - The switch will add new MAC addresses and updates the ports if a different one is labeled in the table.
3. Destination MAC address lookup - Switch checks the destination MAC address of the incoming frame against its MAC address table.
4. Forwarding Decision
   • Known Destination - Switch only forwards the frame only to the port associated with that MAC address.
   • Unknown Destination - The switch floods the frame to all ports except the one on which it was received. Known as unicast flood.
   • Broadcast Frame - If frame is broadcast, the switch floods it to all ports.
   • Multicast Frame - If frame is multicast, the switch floods it to all ports that are part of the multicast group.
5. Frame Transmission - The frame is transmitted out of the appropriate port(s) based on the forwarding decision.

Transparent Bridging

• Transparent Briding is a process in switching outlined by the IEEE where it is used to forward packets between network segments transparently, meaning the process is invisible to end devices. It is used in ethernet networks Processes in IEEE 802.1d (MAC Bridge standard) are...

1. Learning - The switch records the source MAC address and port it arrived on to learn what devices are reachable.
2. Flooding - If MAC is found in table, bridge forwards to the corresponding port. If not, the bridge floods it out to all ports except the one it came in on to ensure frame reaches its destination.
3. Filtering - The switch will discard the frame when the switch receives a frame and the source and destination hosts reside on the same interface.
4. Forwarding - A switch forwards a frame when the destination address is in the switch’s MAC address table and the source and destination are on different interfaces.
5. Aging - MAC address table removes addresses after a certain amount of time from the latest time stamp when they are not used.

1.13.c Frame flooding

• Frame flooding is a mechanism used by network switches and bridges to handle frames with unknown destinations or special types of frames that need to be delivered to all devices on the network. Key Scenarios

1. Unknown Unicast Frames - When the destination MAC address is not in the table, the switch floods all ports besides the sender.
2. Broadcast Frames - The switch floods broadcast frames to all ports except the senders.
3. Multicast Frames - If the switch does not have specific multicast group information, it may flood multicast frames to ensure they reach all potential group members.

1.13.d MAC address table

• The MAC address table, also known as forwarding table or CAM (Content Addressable Memory), is used to map MAC addresses to specific switch ports, enabling efficient and accurate frame forwarding within a local area network (LAN).

• MAC Address: The unique identifier of a network device.
• Port: The switch port to which the device is connected.
• VLAN: The VLAN ID associated with the MAC address (if VLANs are used).
• Age: The remaining time before the entry expires and is removed from the table.

Open Systems Interconnection (OSI) Model

Physical Layer (Layer 1) - deals with the physical aspects of transmitting data over a physical medium, such as cables, fibers, or wireless signals. It defines characteristics like voltage levels, data rates, physical connectors, and transmission distances. Ex. Network Interface Cards (NICs), hubs, repeaters

Data Link Layer (Layer 2) - handles the reliable transmission of data frames between nodes on a network segment. It provides error detection and manages access to the physical medium and controls data flow. Ex. Switches, bridges

Network Layer (Layer 3) - responsible for routing packets across different networks to their destination based on logical address (IP addresses). It determines the optimal path for data transmission and handles addressing, routing, and traffic control. Ex. Routers, Layer 3 switches

Transport Layer (Layer 4) - ensures reliable and efficient data transfer between end systems. It breaks down large messages into smaller segments, manages acknowledgment and retransmission of lost data, and ensures data integrity. Ex. TCP (Transmission Control Protocol), UDP (User Diagram Protocol)

Session Layer (Layer 5) - establishes, manages, and terminates sessions between applications on different devices. It handles syncronization, checkpointing, and recovery of data exchange sessions. Ex. Session establishment, maintenance, and termination. Ex. Session establishment, maintenance, and termination

Presentation Layer (Layer 6) - ensures that data is presented in a format that the application layer can understand. It handles data compression, encryption, and decryption to provide data security and privacy. Ex. Data encryption, compression, and format conversion

Application Layer (Layer 7) - provides network services directly to end-user applications. It supports communication services for applications like email, web browsing, file transfer, and remote access. Ex. HTTP, FTP, SMTP, SSH

Glossary

• Failover capability - refers to the ability of a device to switch from a nonfunctioning module, service, or device to a functioning one with little or no break in service.
• Failure Domain - the area of a network that is impacted when a critical device or network service experiences problems
• FA - Fast Ethernet 100 Mbps