BUS - All devices are connected to a central cable. Bus networks are relatively inexpensive and easy to install for small networks. Ethernet systems use a bus topology.
RING - All devices are connected to one another in the shape of a closed loop, so that each device is connected directly to two other devices, one on either side of it. Ring topologies are relatively expensive and difficult to install, but they offer high bandwidth and can span large distances.
STAR - All All devices are connected to a central hub. Star networks are relatively easy to install and manage, but bottlenecks can occur because all data must pass through the hub.
MESH - Devices are connected with many redundant interconnections between network nodes. In a true mesh topology every node has a connection to every other node in the network.
TREE TOPOLOGY - A tree topology combines characteristics of linear bus and star topologies. It consists of groups of star-configured workstations connected to a linear bus backbone cable.
Sunday, August 30, 2009
Switch
A switch is a device that channels incoming data from any of multiple input ports to a specific output port. It then takes the data and sends it toward its destination. A switch operates at layer 2 or Data Link layer of the OSI model. At layers 2 it looks at each packet, and from the MAC address it determines which device the data unit is intended for. Then with this information the switch sends data it towards the devide's destination.
Layers 2 switching
- Hardware based bridging
- Wire-speed performance
- Collision domain per port
- Traffic containment based on Mac Address
Issues
- No traffic based on Mac address
- Can’t restrict where traffic can go
- No traffic between VLANs
- Unbounded Broadcast domain
- Servers are not centrally located
Bridges
A Bridge is a device that connects two local-area networks (LANs), or two segments of the same LAN. Unlike a router, bridges are protocol independent. They simply forward packets without analyzing and re-routing messages. Bridging occurs at layer 2 of the OSI model which is the data link layer. This means a bridge cannot read IP addresses, but only the outermost hardware address of a packet.
Hubs
A hub is a basic networking device that connects multiple computers and/or devices together. They work at the physical layer (layer 1) of the OSI model.
Repeaters
Repeaters are used to increase the signal's strength so it can be transmitted and received over a greater distance without a loss in quality. These devices are used with networks to help the lines running between network devices to reach greater distances. Repeaters operate at the first layer of the OSI model which is the physical layer.
Packet switching vs Circuit Switching
There are two ways you can transfer videos:
a)Packet Switching
Where content is streamed through packets.
The transfer rate of data differs depending on your location.
b) Circuit Switching
The transfer of a video is done through a voice path. You cannot store it, or tap it like you can do with packet.
The rate of transfer is constant which is at 64kb.
VTP Modes Summarized
Here is an excellent clip which summarizes the VTP modes which are server, client and transparent.
Sunday, August 16, 2009
PPP, PAP and CHAP
PPP
PPP is common encapsulation type, which supports TCP/IP, AppleTalk and IPX.
It works at the data link layer of the OSI model to encapsulate data over a point-to-point connection.
PPP breaks down into three primary pieces:
NCP (Network Control Protocol)
THE NCP identifies which network layer protocol the data pertains to.
LCP (Link Control Protocol)
Used for establishing, authenticating and maintaining a connection
HDLC Used to encapsulate information
At the Physical layer, the PPP configure a range of interfaces, including:
PPP operates across any DTE/DCE interface (RS-232-C, RS-422, RS-423, or V.35)
PAP and CHAP are authentication methods of PPP.
PAP
Provides a simple method for a remote node to establish its by using a two way handshake.
When the authentication is used to login the information is send as one LCP package. After the authentication is received the server either allows or denies it entry. PAP’s authentication method is vulnerable to eavesdroppers, since they can obtain the password by listening in on the serial line, and by using repeated trial and error attacks.
CHAP
In CHAP authentication , the server sends a randomly generated “challenge” string to the client, along with its hostname. The client uses the hostname to look up the appropriate secret, combines it with the challenge, and encrypts the string using a one-way hashing function. The result is returned to the server along with the client's hostname. The server now performs the same computation, and acknowledges the client if it arrives at the same result.
PPP is common encapsulation type, which supports TCP/IP, AppleTalk and IPX.
It works at the data link layer of the OSI model to encapsulate data over a point-to-point connection.
PPP breaks down into three primary pieces:
NCP (Network Control Protocol)
THE NCP identifies which network layer protocol the data pertains to.
LCP (Link Control Protocol)
Used for establishing, authenticating and maintaining a connection
HDLC Used to encapsulate information
At the Physical layer, the PPP configure a range of interfaces, including:
- Asynchronous serial
- Synchronous serial
- HSSI
- ISDN
PPP operates across any DTE/DCE interface (RS-232-C, RS-422, RS-423, or V.35)
PAP and CHAP are authentication methods of PPP.
PAP
Provides a simple method for a remote node to establish its by using a two way handshake.
When the authentication is used to login the information is send as one LCP package. After the authentication is received the server either allows or denies it entry. PAP’s authentication method is vulnerable to eavesdroppers, since they can obtain the password by listening in on the serial line, and by using repeated trial and error attacks.
CHAP
In CHAP authentication , the server sends a randomly generated “challenge” string to the client, along with its hostname. The client uses the hostname to look up the appropriate secret, combines it with the challenge, and encrypts the string using a one-way hashing function. The result is returned to the server along with the client's hostname. The server now performs the same computation, and acknowledges the client if it arrives at the same result.
Hierarchical Network Design
Hierarchical Network Design
Involves dividing the network into separate layers. This way the network design becomes modular and it improves its performance and scalability. The hierarchical network design is broken down into 3 layers which are access, distribution and core layer.
Access Layer
The access layer purpose is provide a way to connect devices to the network and also control which of these devices should have control on a network. The access layer deals with end devices such PCs, printers, and IP phones to enable them to access the network. It can also include devices such as routers, switches, and hubs and wireless access points.
Distribution Layer
The Distribution Layer deals with the connection point between the core and access layers. It includes LAN-based routers and Layer 3 switches. The layer ensures that packets are properly routed between
Subnets and VLANs.
Core Layer
is the high-speed backbone of the internetwork. This layers main concern is speed. It might also do QoS on if its required on the Network.
There are many benefits associated with Network designs
Scalability
Hierarchical network can be expanded easily
Redundancy
At the core and distribution layers path availability is ensured
Performance
Performance is enhanced since the transmission of data low performing devices is avoided.
Security
Security is improved because of the port security set up at the access level and the policies which are enabled at the distribution level.
Manageability
Consistency between switches at each level management more simple.
Maintainability
The modularity of hierarchical design allows for network to scale without becoming Overly complicated.
Involves dividing the network into separate layers. This way the network design becomes modular and it improves its performance and scalability. The hierarchical network design is broken down into 3 layers which are access, distribution and core layer.
Access Layer
The access layer purpose is provide a way to connect devices to the network and also control which of these devices should have control on a network. The access layer deals with end devices such PCs, printers, and IP phones to enable them to access the network. It can also include devices such as routers, switches, and hubs and wireless access points.
Distribution Layer
The Distribution Layer deals with the connection point between the core and access layers. It includes LAN-based routers and Layer 3 switches. The layer ensures that packets are properly routed between
Subnets and VLANs.
Core Layer
is the high-speed backbone of the internetwork. This layers main concern is speed. It might also do QoS on if its required on the Network.
There are many benefits associated with Network designs
Scalability
Hierarchical network can be expanded easily
Redundancy
At the core and distribution layers path availability is ensured
Performance
Performance is enhanced since the transmission of data low performing devices is avoided.
Security
Security is improved because of the port security set up at the access level and the policies which are enabled at the distribution level.
Manageability
Consistency between switches at each level management more simple.
Maintainability
The modularity of hierarchical design allows for network to scale without becoming Overly complicated.
What is VTP ?
VTP
VTP stands for vlan trunking protocol, and its used to automatically update and configure swtiches on VLAN configuration. VTP maintains a VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs across multiple Cisco switches in a network.
VTP has three modes. These mode are:
1)VTP mode server
2)VTP mode client
3)VTP mode transparent
VTP Mode (server/client/mode)
Server
VTP server transits all configurations to other switches in the network. In this mode you can create, modify, and delete VLANs. Server advertise their VLAN configuration to other switches in the same VTP domain.
Client
VTP mode client cannot create, modify, of delete vlans from the network. You can only receive VLAN information and advertise to others.
Transparent
Transparent is used for local VLAN that other switches do not have access to. The Transparent switches forward VTP advertisements to VTP clients and VTP servers.
Other VTP components
VTP Domain-Consists of one or more interconnected switches. VTP allows you to separate your network into smaller management domains to help reduce VLAN management. On top of that it limits the extent to which configuration changes are propagated in the network if an error occurs.
VTP Advertisements-VTP uses a hierarchy of advertisements to distribute and synchronize VLAN configurations across the network.
VTP Frame
A VTP frame consists of a header field and a message field. The information is inserted into
a header field and an Ethernet frame. The Ethernet frame is then encapsulated as 802.1Q trunk.
In the VTP header field the following information is found
Domain name – identifies the domain in the switch
Version – What VTP are set (ex.. VTP 1, VTP 2, VTP 3
Configuration Revision Number – The current configuration revision number on the swtich.
VTP Pruning
VTP Pruning works by restricting broadcast traffic to only those trunks links that must carry the traffic. Remember, by default, VTP pruning is disabled.
VTP version 2 features support for Token Rig, consistency check, unrecognized TLV support, version-independent and transparent mode.
VTP stands for vlan trunking protocol, and its used to automatically update and configure swtiches on VLAN configuration. VTP maintains a VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs across multiple Cisco switches in a network.
VTP has three modes. These mode are:
1)VTP mode server
2)VTP mode client
3)VTP mode transparent
VTP Mode (server/client/mode)
Server
VTP server transits all configurations to other switches in the network. In this mode you can create, modify, and delete VLANs. Server advertise their VLAN configuration to other switches in the same VTP domain.
Client
VTP mode client cannot create, modify, of delete vlans from the network. You can only receive VLAN information and advertise to others.
Transparent
Transparent is used for local VLAN that other switches do not have access to. The Transparent switches forward VTP advertisements to VTP clients and VTP servers.
Other VTP components
VTP Domain-Consists of one or more interconnected switches. VTP allows you to separate your network into smaller management domains to help reduce VLAN management. On top of that it limits the extent to which configuration changes are propagated in the network if an error occurs.
VTP Advertisements-VTP uses a hierarchy of advertisements to distribute and synchronize VLAN configurations across the network.
VTP Frame
A VTP frame consists of a header field and a message field. The information is inserted into
a header field and an Ethernet frame. The Ethernet frame is then encapsulated as 802.1Q trunk.
In the VTP header field the following information is found
Domain name – identifies the domain in the switch
Version – What VTP are set (ex.. VTP 1, VTP 2, VTP 3
Configuration Revision Number – The current configuration revision number on the swtich.
VTP Pruning
VTP Pruning works by restricting broadcast traffic to only those trunks links that must carry the traffic. Remember, by default, VTP pruning is disabled.
VTP version 2 features support for Token Rig, consistency check, unrecognized TLV support, version-independent and transparent mode.
Switching
Switching
Circuit Switching
Circuit Switching involves three different phases. These phases are known as circuit establishment, data transfer and Circuit disconnect.
Circuit Establishment
The circuit establishment is used to establish an end to end connection before the transfer of data. For the circuits segments there are two option. It can be dedicated link or it can be a shared link.
Data Transfer
Data is transferred from the source to the destination. The data can be either analog or digital, and the connection is a full duplex connection for the two stations that are connected.
Circuit Disconnect
Once the data transfer is complete and the circuit is disconnected which terminates the connection at data transfer.
PSTN and ISDN are two types of circuit-switching technology that may be used to implement a WAN in an enterprise setting.
Circuit Switching
Circuit Switching involves three different phases. These phases are known as circuit establishment, data transfer and Circuit disconnect.
Circuit Establishment
The circuit establishment is used to establish an end to end connection before the transfer of data. For the circuits segments there are two option. It can be dedicated link or it can be a shared link.
Data Transfer
Data is transferred from the source to the destination. The data can be either analog or digital, and the connection is a full duplex connection for the two stations that are connected.
Circuit Disconnect
Once the data transfer is complete and the circuit is disconnected which terminates the connection at data transfer.
PSTN and ISDN are two types of circuit-switching technology that may be used to implement a WAN in an enterprise setting.
Saturday, August 15, 2009
Access Control List
An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols. They provide a powerful way to control traffic into and out of your network. This control can be as simple as permitting or denying network hosts or addresses.
However, ACLs can also be configured to control network traffic based on the TCP port being used. The ACL extracts the information from the packet header, test it against its rules, and make "allow" or "deny" decisions based on:
1.) Source IP address
2.) Destination IP address
3) ICMP message type
The ACL can also extract upper layer information and test it against its rules. Upper layer information includes:
TCP/UDP source port and TCP/UDP destination port
Routers
An ACL is a router configuration script that uses packet filtering to control whether a router permits or denies packets to pass based on criteria found in the packet header. ACLs are also used for selecting types of traffic to be analyzed, forwarded, or processed in other ways. ACLs are among the most commonly used objects in Cisco IOS software.
ACLs perform the following tasks:
Limit network traffic to increase network performance. Any network which uses excessive bandwidth can be controled.
Provide traffic flow control. ACLs can restrict the delivery of routing updates. If updates are not required because of network conditions, bandwidth is preserved.
Provide a basic level of security for network access. ACLs can allow one host to access a part of the network and prevent another host from accessing the same area. For example, access to the Human Resources network can be restricted to select users.
Decide which types of traffic to forward or block at the router interfaces. For example, an ACL can permit e-mail traffic, but block all Telnet traffic.
Control which areas a client can access on a network.
ACLs define the set of rules that give added control for packets that enter inbound interfaces, packets that relay through the router, and packets that exit outbound interfaces of the router.
Configuration
ACLs are configured either to apply to inbound traffic or to apply to outbound traffic.
Inbound ACLs-Incoming packets are processed before they are routed to the outbound interface. An inbound ACL is efficient because it saves the overhead of routing lookups if the packet is discarded. If the packet is permitted by the tests, it is then processed for routing.
Outbound ACLs-Incoming packets are routed to the outbound interface, and then they are processed through the outbound ACL.
ACL statements operate in sequential order. They evaluate packets against the ACL, from the top down, one statement at a time.
There are different types of ACLs - standard, extended, named and numbered.
Standard ACLs
A standard ACL is a sequential collection of permit and deny conditions that apply to IP addresses.
It IP packets are filted based on source address only
ie access-list 10 permit 192.168.30. 0 0.0.0.255
Extended ACLs
Extended ACLs filter IP packets based on several attributes which are:
Source and destination IP address,
Source and destination TCP or UDP ports
Protocol type (IP, ICMP, UDP, TCP or protocol number)
access-list 103 permit tcp 192.168.30.0 0.0.0.255 any eq 80
List of ACL types and their ranges
ACL TYPE Range
Standard IP 1-99
Extended IP 100-199
Standard IPX 800-899
Extend IPX 900-999
SAP IPX 1000-1099
Friday, August 14, 2009
Time Division Multiplexing
TDM was invented so voice traffic that is carried over a medium can be maximized. For multiple signals to share a medium, the medium must be somehow divided. In TDM the users take turns, where each has a turn to have an exclusive use of the medium in a round robin fashion. TDM works under the physical layer, and it divides the bandwidth of a single link by separating channels or time slots. TDM transmits two or more channels over the same link by allocating a different time interval (time slot) for the transmission of each channel. The channels are each given a regular time slot in which they send a PCM signal. TDM increases the capacity of the transmission link by slicing time into smaller intervals so that the link carries the bits from multiple input sources, effectively increasing the number of bits transmitted per second. With TDM, the transmitter and the receiver both know exactly which signal is being sent.
TDM is used for digital signals or analog signals to carry digital data. The Data Rate of the transmission media has to exceeds the data rate of the signals for the TDM system to work. It also uses a frame where numbers of bits and bytes are put together to form one particular unit at in order to send data over.
An example of a technology that uses synchronous TDM is ISDN & SONET
Just like many technology out there TDM has its disadvantage. The disadvantage is that is a lot of bandwidth is wasted the TDM system is used.
Subscribe to:
Posts (Atom)
