Advanced IP Networking

in #technology7 years ago

For fellow computer nerds like me or for those who wished to gain knowledge about IP networking etc. I took a course in Lynda.com today about it and summarized my points in the notes below. These are very long but I do hope it would benefit anyone who needs refresher or knowledge with regards to it.

The notes are heavily words but I wish I could edit this when I have more time.

Source: https://www.lynda.com/Network-tutorials/CompTIA-Network-Exam-Prep-N10-006-Part-5-Advanced-IP-Networking/411100-2.html

Contents:
Advanced IP Networking

1: Client/server vs. Peer to peer
1.2: virtual private networks (VPNs)
1.3: Introduction to VLANs
1.4: Inter-VLAN routing
1.5: Interfacing with Managed Switches
1.6: Port bonding / Link aggregation
1.7: Port mirroring
1.8: Quality of Service
1.9: IDS vs. IPS

  1. IPv6
    2.1 Advanced IPv6 Addressing
    2.3 IPv6 tunnels

  2. Remote Connectivity
    3.1 telephony technologies
    3.2 Optical carriers
    3.3 Packet switching
    3.4 Connecting with dial-up
    3.5 Digital Subscriber Line (DSL)
    3.6 Connecting to Cable Modems
    3.7 Connecting with Satellites
    3.8 Cellular WAN
    3.9 ISDN and BPL
    3.10 Remote Connectivity

Advanced IP Networking

1: Client/server vs. Peer to peer
novell netware ran on a dedicated server
client computers ran a netware client to access resources on a server
dedicated machine running netware (no other software can be installed) = only a client can access that machine
microsoft LAN manager 1990s = peer to peer = any computer can be a client machine or a server
peer to peer before isn't highly secured and can be easily messed up

win7/8 machines are also peer to peer but they are extremely robust = they have NTFS etc; secured
Modern computers make traditional client/server and peer-to-peer models irrelevant

pretty much everything done on the internet is client/server ; actions on the internet follow the client/server pattern

peer-to-peer tools:
whole bunch of computers that share data
bittorrent is a popular peer-to-peer tool;they share data

review:

  • older client/server networks had dedicated servers and clients
  • in classic peer-to-peer networks, each machine could act as both a client and a server
  • the terms are now used more in the sense of a Web client accessing a Web server

1.2: virtual private networks (VPNs)
objective: compare and contrast the use of networking services and applications

internet = layer 1 connection to your computer

challenges in getting a remote computer to be part of a LAN:

  • the LAN most likely uses private IP addresses
  • a remote computer needs both a public and a private IP addresses

example:
data = 192.168.15.201 and 192.168.15.204 = encapsulate into 202.13.212.44 and 144.22.17.191

a VPN creates a tunnel between a client computer and some endpoint (usually a router)
a VPN tunnel connects a remote computer to an endpoint, usually a router
puts an IP address inside an IP address

type of VPN:
PPTP = very microsoft way of doing VPN
L2TP/IPSec = Cisco type of solutio
SSTP/SSL = hip one we use today
IKEv2 = pure IPSec VPN

  • it has to be the same as the one who set up the other end of the tunnel

authentication:

  • EAP
  • EAP - TTLS = requires certificates
  • EAP - MSCHAP v2 = simple password
  • old school: unencrypted or regular CHAP

there's a lot more to a VPN than just setting up a client
a client-to-site VPN connects a remote computer to a local network
a router can be a VPN concentrator
box / pure VPN concentrator = only role is access a VPN endpoint
router has a setting for VPN pass-through
a VPN concentrator that's not also a router is a VPN endpoint

2 separate networks to be a part of the same network = S2S VPN
A site-to-site VPN connects distant networks into a single network

the type of VPN you will setup will be based on the equipment that you buy:

  • CISCO = L2TP (old) SSL (new)
  • microsoft access tools - PPTP

review:

  • a VPN creates a secure tunnel so a remote machine or a network can be part of a local network
  • a client-to-site VPN connects a remote computer to a local network
  • a site-to-site VPN connects distant networks into a single network

1.3: Introduction to VLANs
objective: given a scenario, configure a switch using proper features

crossover cable = interconnects two switches
laptop connects to switch
Wireless AP connects to switch

problem: people can connect to your network

VLAN = virtual LAN
a VLAN splits one broadcast domain into two or more domains
we use VLANs to segregate the network
separate broadcast domains electronically

2 types of switches:
unmanaged switches = are simple devices that only do switching
managed switches = offer other features, such as VLANs

switches = run at layer 2 ; uses MAC address
managed switches have IP addresses that enable connection and configuration

cisco = CNA cisco network assistant = for CISCO routers/switches

all switches are preset to VLAN1 (default)

fa0 = fast ethernet

administrative mode:
static access = physically assigning what VLAN assign to each port
dynamic access/desirable = trunking
trunk mode =
dynamic desirable mode = basically means if you plug me in to somebody, im gonna listen to what port he plugged me into and i'll act like him
the moment you plug the crossover cable to two switches, they will be trunk ports automatically (as set up in dynamic desirable mode) and the VLANs will work

protocols = VTP virtual trunk protocol =
trunking are ports that send VLAN traffic
trunk ports move traffic from all VLANs between switches

example: you set up VLAN2 for ports 5,6,7,8 = any device you plug in to any of those ports will only listen to the ports where the VLAN is

802.1Q standard for trunking

review:

  • a VLAN splits one broadcast domain into two or more broadcast domains
  • a managed switch that supports VLANs requires configuration
  • trunking enables VLANs to be on more than one switch

1.4: Inter-VLAN routing
objective: explain the basics of routing concepts and protocols

  • you can use a router to connect two VLANs
  • Inter-VLAN routing is a virtualization of the functions of a router
  • higher-end switches offer inter-VLAN routing
  • Inter-VLAN routing acts like one or more virtual routers

review:

  • VLANs create separate broadcast domains
  • connect the broadcast domains with physical routers
  • you can also connect broadcast domains with virtual routers using interVLAN routing

1.5: Interfacing with Managed Switches
objective: given a scenario, configure a switch using proper features

router = layer 3 IP address
switches= layer 2 MAC addresses

managed switches require configuration
you can use switch's IP address to connect to it

console ports allows you to access switches
you can use the console port to connect to and manage a switch or a router (w/o knowing the IP address)
rollover cable = plugs in to the console port
DB9 serial in rollover cable / serial connection (port) = then use putty to connection = serial connection is so slow 9600bod = you can use ethernet instead
telnet = port 23

IOS = powerful operating system for CISCO devices

enable mode = #
show startup-configuration

QoS = priorities between different types of traffic = throttle your bandwidth

monitor setting = port mirroring

spanning tree protocol = (advanced things) prevents bridged loops

SNMP (simple network management protocol) - tool to have an idea of their status; query etc

IGMP (internet group management protocol) - multicast traffic; video conferencing etc

port rate setting - set how fast or percentage of total bandwidth (raw value) on a port
you can slow certain ports down

these are some of the things that you can see in a more powerful switch

review:

  • managed switches require configuration
  • you can connect to a managed switch via an IP address or a console port
  • cisco routers use an operating system called IOS

1.6: Port bonding / Link aggregation
objective: Given a scenario, configure a switch using proper features

example: 2 switches trunked together via one trunk line with a lot of traffic going on in the trunk line

port bonding = link aggregation; port segregation; port trunking etc.
process of taking two ports (or more) working together as a team and will act as one speedy port

first things first = make group first, then assign switchports to group
LACP (link aggregation control protocol) = connect switches from different brands

switch1#config terminal
switch1(config)#interface port-channel 1 = basically we told the switch to make a group (port channel)
switch1(config-if)#switchport mode trunk
switch1(config-if)#int fa0/23
switch1(config-if)#channel-group 1 mode active (passive - passive won't work)
switch1(config-if)#int fa0/24
switch1(config-if)#channel-group 1 mode active
(do it on the same switch on same ports)

then put a crossover cable and open putty to check

switch#how int port-channel 1
BW 200000 Kbit = that means that port channel has 2 100MB connections
port = active
in LACP = you can turn it on as active = i dont care what's happening I'm sending out LACP traffic
passive = I will wait til I hear from a port that is sending me stuff and then I'll start talking
CISCO says set them all up as ACTIVE
active-passive and active-active will work

it is a bad idea to delete the configuration first before pulling out the cable
doing so will create a broadcast storm

review:

  • port bonding links switchports to increase bandwidth
  • use LACP for the trunking protocol
  • set ports to active

1.7: Port mirroring:
objective: Given a scenario, configure a switch using proper features

problem: one of the devices plugged in to the router is giving you a lot of information and running hard and you don't want it running things you don't want to see

what you can do is monitor all IP traffic in and out of the port

switch#conf t
switch(config)#monitor session 1 source interface fa 0/22 (connect a sniffing session; session number example 1 source is the port 22)
switch(config)#monitor session 1 destination interface fa 0/23

port mirroring gives us the ability to remotely monitor the data that's going in and out of a particular source

review:

  • port mirroring enables the traffic flowing through one port to be monitored on another port
  • this feature enables administrators to inspect traffic remotely from a suspect machine
  • port mirroring is configured on a switch by providing a source port and a destination port

1.8: Quality of Service:
objective: identify the basic elements of unified communication technologies

problem: 10mbps UP 50mbps down ISP subs; VOIP dropping and not getting the connection you like
watching a movie = other types of services are having problems

manage the bandwidth in the best possible way

traffic shaping = control traffic based on all kinds of stuff; i.e. based on the type of service that's coming in or out of the system / IP address / MAC address / Port

quality of service = a mechanism by which we can perform traffic shaping

SOHO = small office home office

review:

  • QoS controls help you better manage available bandwidth
  • one type of QoS control is traffic shaping
  • Simple QoS on SOHO routers allows you to set priorities for different protocols

1.9: IDS vs. IPS
objective: explain the functions and applications of various network devices

internet's first line of defense is a firewall; a firewall's main job is to prevent things from the outside world coming into the network

intrusion detection system = can be a computer with specialized IDS software, IDS tends to be inside the network and the job is to watch for anything naughty in the network and it is the IDS' job to let somebody know

active IDS = intrusion prevention now or IPS; an IPS system does the same thing as an IDS. It's looking on the inside of the network for naughtiness. But it does something to stop it.

review:

  • intrusion detection systems detect and report possible attacks to administrators
  • intrusion prevention systems run inline with network and act to stop detected attacks
  • a firewall filters; an IDS notifies and an IPS acts to stop
  1. IPv6 - introduction to IPv6 addressing
    objective: given a scenario, implement and configure the appropriate addressing schema

124.48.6.42 -- this is an IPv4 - 32 bit structure - 4 billion IP addresses

00c9:04d7:0000:f8ff:0000:0000:fe21:67cf = ipv6 = 128 bit address (hexadecimal)

all molecules on earth x seven = ipv6 range

c9:4d7:0:f8ff:0:0:fe21:67cf = shorter version = eight groups separated by seven colons

c9:4d7:0:f8ff::fe21:67cf = shortest

ipv4 loopback address is 127.0.0.1 and in ipv6 it's 0000:0000:0000:0000:0000:0000:0000:0001 or ::1

review:

  • 128bit IPv6 addresses are replacing the 32bit ipv4 addresses
  • know the rules for abbreviating IPv6 addresses
  • the IPv6 loopback address is ::1

2.1 Advanced IPv6 Addressing
objective: given a scenario, implement and configure the appropriate addressing schema

IPv6 addressing you don't need a subnet mask = /64 all the time on ipv6

NICs can use ipv4 and ipv6 --- called a dual stack

fe80 = link local address
last half 64bit = generated mac address or randomly

mac address : 48bits

extended unique identifier (EUI-64) = converting 48bit mac to 64bit

IPv6 address is internet capable addresses

link locals are used to talk within the network

native IPv6

aggregation is a tool in which you can get legitimate IPv6 internet address

DUID = DHCP Unique Identifier = used by the router to get DHCP information

delegated prefix = given by the ISP provider when a router requests for an IPv6 address (unique network ID)
DNS information too (in IPv6)
router advertisement

Example:

review:

  • IPv6 is not yet fully implemented on the internet
  • IPv6 addresses can be assigned automatically or manually
  • internet-capable systems will have both link-local and IPv6 addresses

2.3 IPv6 tunnels
objective: given a scenario, implement and configure the appropriate addressing schema

problem: ISPs doesnt give IPv6 yet (can't do native IPv6 yet)

encapsulate an IPv6 data to IPv4

tunneling basically means to do like a VPN between your system and some system that's connected to the IPv6 internet

Tunnel adapter are built in tools that windows provides to give you a way to try to get to the IPv6 internet.
Toredo and 6TO4
Toredo is a very primitive, very slow, horrible way to connect to the IPv6 internet; pros: free
6TO4 takes IPv6 packets and encapsulates them into IPv4

gogo client - 3rd party tool for IPv6 - gogo6.com
start it up and it will find you a gogo server that will connect you to the IPv6 internet
acts like a VPN and creates a virtual network card
uses your IPv4 connection to make an IPv6 connection

test-ipv6.com
ipv6.google.com

review:

  • today, you need a tunneling protocol to get to the IPv6 internet
  • microsoft provides some tunnels, like toredo and 6to4
  • try the gogo client from www.gogo6.com (obsolete)
  1. Remote Connectivity
    objective: explain the characteristics and benefits of various WAN technologies

the internet was able to expand quickly is because there was already a network in place and that was our long-distance telephone system.

History of telephone system:

before: analog lines are connected via a central office no more than 3miles from each other
then it was replaced by electronic systems which is still analog
if the call is more than 3 miles 2 central offices will connect via trunk lines which is done via Frequency Division Multiplexing (this will allow you to handle more than one call)
multiplexer will split all calls through different frequencies
analog has a problem with long distance

1950s-1970s switched from analog to digital
central office to central office = digital (sampled)
central office to home = analog
8bit samples 8000x per second = 64kbps

time division multiplexing = 64kbps digital connections (DS0 signal) = a DS1 signal is 24 DS0 signals ---> all going down to the same piece of wire
everything happening in little blocks

DS1 is a type of signal and uses a specific cable called T1
so if DS1 has 24 DS0s in it and it's in 64kbps, it pretty much is 1.5megabits per second
T1 runs at 1.5 mbps
Ds1 frames on a T1 system = all copper carriers

T3 runs 28 DS1 simultaneously
E1 and E1 in europe

T carriers are point to point connections = no telephone number associated with them
originally designed to interconnect central offices
overtime it was discovered the these are pretty good ways to haul data as well.

T1 lines looks like shielded twisted pairs (like ethernet)

At each end of a T1 line is a CSU/DSU --- acts as an endpoint
This can be plugged into a router (amongst other stuff you can plug a CSU/DSU into)

BERT test : Whenever you have a problem with a T1 line, you have a BERT test. it is a button in a CSU/DSU and it's a bit error rate test and it's just a quick and dirty way

T1 crossover --- you can take 2 routers that have a built in CSU/DSU and you can literally take one little piece of T1 crossover, plug in in to each one of the CSU/DSUs they can use this as a way to emulate a full blown T1 connection

review:

  • original telephone systems used frequency division multiplexing; today they use time division multiplexing
  • T1 = 24 DS0s = 1.5 Mbps
    T3 = 28 DS1s = 43.2 Mbps
  • E1 and E3 are European carriers

3.2 Optical carriers
objectives: explain the characteristics and benefits of various WAN technologies

very top of the internet = all fiber optic cabling = SONET
SONET signalling contains a particular type of optical carrier, kinda the optical equivalent of T1 called OC lines
the slowest OC line there is, is the OC1, and it runs at 51.85 Mbps

OC3 line runs at 3x OC1 155 megabits per second

STS = simply the framing type

SONET is starting to fade out because of full flown point to point ethernet --- called gigabit or 10gigabit ethernet

DWDM devised by SONET means dense wave division multiplexing
DWDM basically uses multiple light colors for one piece of fiber and can take an existing and multiply it by as much as 150 times
aka SONET on steroids

review:

  • SONET
    OC1 = STS1 = 51.85 Mbps
    OC3 = STS3 = 155.52 Mbps
    OC12 = STS12 = 622.08 Mbps

3.3 Packet switching
Objective: Explain the characteristics and benefits of various WAN technologies

circuit switching back in the day is an analog signal that would travel from one telephone to the next and you literally via hard circuits carrying voltage would have to switch to order to get to the other phones so that they could talk to each other. It's a concept that faded out.

Types of Packet switching

  1. frame relay -- been around since 1980s and its job is to come up with a type of packet switching that didn't care about errors, but is very very quick
  2. ATM -- asynchronous transfer mode -- it is a complete networking solution. It is invented in the 1990s as some kind of do-it-all form of switching technology. Designed to handle voice and data and video and everything. ATM has started to fade away.
  3. MPLS --- designed for IP based networks. It doesn't care if you're sending data over a T1 line, DOCSIS system, over DSL, satellite or ethernet.

ATM frames are 53 bytes long

All these packet switching technologies would eventually fade away because of a world we call "ALL IP". We're getting to a point now where we're having ethernet-based technologies that are so powerful, 10 gigabits per second, single-mode fiber optics they can run for miles where in theory one day, we could see a world where the entire internet is purely Ethernet.

review:

  • know your types of telephony packet switching
  • frame relay, ATM
  • MPLS

3.4 Connecting with dial-up
Objective: Explain the characteristics and benefits of various WAN technologies

Dial up is connecting using your old, plain old telephone service, your POTS, or your publicly switched telephone network (PSTN) to connect to the internet.

External modem >> three connections that are important.

  1. telephone outlet
  2. telephone
  3. serial connection that connects to your computer

then there's an internal modem too that you connect to your RJ11

Dial up uses 64k (granted that it uses the same DS0 64K that our voice uses) but because of overhead and maintenance we can only use about 56K of that 64K to actually transfer data.

Dial up uses PPP (point to point protocol)

review:

  • dial up is slow and is not a good backup
  • you need a modem
  • your ISP will give you a user name and password and dial up uses PPP protocol

3.5 Digital Subscriber Line (DSL)
Objective: Explain the characteristics and benefits of various WAN technologies

first high-speed internet connection
DSL modem --- RJ11 DSL line, the idea behind it is that you could use telephone lines to give us high speed internet.

2 types of DSL:
synchronous = upload and download speed are equal
asynchronous = upload is slower than download
fiber to the premise = VDSL which is an extremely high speed DSL

DSL adds a lot of signal to old school telephone -- so you need a DSL filter

PPPoE = total scam that was designed to force you to sign in because linksys split the DSL to not be a 1 connection only

review:

  • DSL was the first common broadband connection
  • synchronous = upload = download
    asynchronous = upload < download
  • DSL requires filters to use regular telephones

3.6 Connecting to Cable Modems
Objective: Explain the characteristics and benefits of various WAN technologies

cable modem RJ45 that leads to network
cable connection F-type screw connection
USB port for configuration and computer

cable companies doesn't do PPPoE

only downside is that the cable companies doesn't want you to change MAC addresses --- workaround MAC address clone

cable is faster than DSL

review:

  • cable modems come from the cable company
  • cable rarely requires PPPoE
  • cable modems use G-type connectors

3.7 Connecting with Satellites
Objective: Explain the characteristics and benefits of various WAN technologies

one of the problems of DSL or cable modem is that they require you to be at roughly 18000feet of some central office

satellite can do 3mbps synchronous
today's satellites are asynchronous with downloads around 12 mbps uploads around 3mbps
2 RG-6 cable
F-type cable one to transmit one to receive

satellite latency

review:

  • satellite modems enable connecting to the internet through a satellite
  • satellite connections have terrible latency
  • run a RG-6 cable from the dish to the modem

3.8 Cellular WAN
Objective: Explain the characteristics and benefits of various WAN technologies

2 choices on internet connectivity:

  1. Cellular WAN
  2. WiMax
    two fairly similar technologies using both cell towers
  • WiMax is an extension of a wireless networks 802.11 standards
    Wifi is 802.16 standards

cell towers are 35 miles apart

downside: susceptible to where you place it

they also act as a little WiFi network

  • Cellular WANs developed only to carry voice and not data but it has been developed to send data (first generation, second gen, 3G, 4G)

HSPA = single megabit per second range = 3G
improved to HSPA+ = multiple megabit per second range
LTE -- coming predominant 10s of megabits per second range (introduced 2009)

tethering --- taking the signal that's coming in and out of the cellphone and sharing it to other devices

review:

  • WiMax 802.16 standard
  • Cellphones are on many standards known as G-terms
  • HSPA/HSPA+ and LTE

3.9 ISDN and BPL
Objective: Explain the characteristics and benefits of various WAN technologies

ISDN --- Integrated Services Digital Network --- last mile dial up connections / digital and has telephone number associated in it / you can call in between ISDN devices
64k version but most part it ran 128k ; no modems to deal with ; they use a terminal adapter ; ISDN phones is used

BPL --- Broadband over Power Lines ; never been really successful technology; using power lines to power line network to give you internet. Basically both internet and electronic lines are flowing in the same lines. Interference and danger is high

review:

  • ISDN ran at two speeds: 64kbps and 128kbps
  • ISDN has a telephone number
  • BPL uses power lines to move internet data

3.10 Remote Connectivity
Objective: Explain the characteristics and benefits of various WAN technologies

Now, this whole idea of remote desktop was pushed a long, long time ago by a company called Citrix. And Citrix used a standard that they developed, called ICA, to provide, over an IP network, a way to do this type of stuff.

  1. tightVNC port 5900 = Now, this whole idea of remote desktop was pushed a long, long time ago by a company called Citrix. And Citrix used a standard that they developed, called ICA, to provide, over an IP network, a way to do this type of stuff.

  2. Microsoft RDP tools port 3389 (server type and RDP Help / invitation)

review:

  • tightVNC runs on port 5900
  • microsoft RDP runs on port 3389
  • use remote help to control the desktop of the user you are assisting

*Thanks for reading! :) have a good day everyone!

Sort:  

Cool. I love tech stuffs too. Are you planning to earn some CCNA kind of certification? awesome.

Hello Jerome! I took CCNA routing and switching last Nov2014 :)

Wow! It looks like you are already an expert in computer networking. Oh! I was not looking enough it says in your profile you are a computer engineer, Ma'am. cool!