Print

Course Transcript

CompTIA Network+ N10-006: Network Architecture Part 1

Network Devices

Network Services

Configuring Network Services

WAN Technologies

Network Cabling

Network Topologies

Practice: Basic Concepts of CompTIA Network+ 2014

Course Introduction

Learning Objective

After completing this topic, you should be able to

1. Introduction to the course

Networks are the basic interconnections for all computers. From home computer systems to multinational businesses to the Internet. I am David Bigger your Network Plus instructor and in this course I will describe the concepts of network architecture. I will also explain the basics of configuring network services. So let's get started.

Back to top

Network Repeaters, Switches, and Routers

Learning Objective

After completing this topic, you should be able to

1. Exploring network repeaters

Repeaters, switches, and routers are devices on our networks that allow us to help pass traffic more efficiently. Without these devices we wouldn't be able to have longer cable runs, have efficient local area networks, or talk to other computers and servers outside of our own network. The first of our network devices that we're going to talk about are going to be repeaters – what they do is they receive a signal and will repeat it along a cable. So you can see from our graphic here, we have a server in blue and when the information comes in to this Ethernet hub, which is shown in the middle there, the blue box with the double-headed arrow, it will actually repeat the signal out all active interfaces and, in this case, we have four clients off of this one Ethernet hub. This is going to make up One Collision Domain because everybody has access to this information at the same time so that's what's going to make up our One Collision Domain – so that hub repeats a signal again to all open or all active ports. Now if we want to get a little bit better with it, we have something that's known as a switch. Now this is a Layer 2 device and what this is going to do is, it's going to send signals to a specific port by learning MAC addresses of those devices that are off of that switch or that Layer 2 device.

[Heading: Repeaters In the diagram, an Ethernet Hub is depicted in blue with a double-pointed arrow pointing to four PCs that are linked via ports to the switch. There is also a server linked to the switch. Below the bottom-most port is the description: "One Collision Domain." Heading: Switches: In the diagram, a Layer 2 Switch is depicted in blue with double-pointed arrows pointing to four PCs that are linked via ports to the switch. There is also a server linked to the switch. Below the bottom-most port is the description: "Each port is its own Collision Domain."]

So you can see here at our graphic, we have a switch in the middle there with the four arrows pointing at opposite directions. So if the server in blue there was to send information to the switch and it was destined for the computer at the bottom of our graphic, the other three would not get that information like they do with the hub graphic that we saw a little bit earlier because now that switch knows where that specific port is and it says, "hey, this information is destined for this computer so I'm not going to send it to the other three computers." This is going to increase our available bandwidth because now the information is flowing to one specific computer instead of all computers on all active ports on that device or this Layer 2 switch. So each port is in its own Collision Domain now, which again is in comparison to the hub which everybody was in their own Collision Domain. Now a Layer 2 switch will support VLANs, those Virtual Local Area Networks. It will also support Power over Ethernets so we can put in, say a wireless device in there, so we wouldn't have to hang dedicated power in the ceiling and it also has STP, which is Spanning Tree Protocol, which is there to prevent loops and a switch loop will bring down a network faster than anything I've ever seen.

Then another network device we need to talk about would be a Layer 3 device or a router. Now a router sends packets to different ports based on the IP address so it will look at the destination IP address, look in its routing table and say, "oh, you're destined for this network over here on the right or you're destined for this network over here on the left." So you can see from our graphic, we have a router up there and it's connecting to Local Area Networks. The one on the left, we have our Layer 1 device or that hub over there and then on the right network, we have our switch or that Layer 2 device so we have two separate LANs that need to be able to communicate so they're going to go through a router or a Layer 3 device which is going to work off IP addresses. And then finally, we have what's known as a multilayer switch – this is a Layer 2 and a Layer 3 device, so you can see from the graphic here, we have Network A on the far left and Network B on the far right and we have a multilayer switch there which as you would probably guess, multilayer meaning multiple layers, this one will work with Layer 2 or with those MAC addresses and at Layer 3, with those IP addresses.

[Heading: Router. In the diagram, a network is represented in a hierarchical manner with a Router at the top. The router is connected to both a Hub and a Switch nested below it, respectively. The Hub and the Switch are each connected to three client PCs, respectively. Heading: Multilayer Switches. In the diagram, two network segments – Network A and Network B – are connected via a MultiLayer Switch. Each network segment has its own switch, client PCs, and server.]

Back to top

Firewalls and Content Filters

Learning Objective

After completing this topic, you should be able to

1. Exploring firewalls and content filters

Everybody likes to feel secure and safe when you're surfing the Internet or when you're on a Local Area Network or when you're on the Wide Area Network or the Intranet so that's where firewalls are going to come into play. Now there are hardware or software that allows or denies a connection based on rules that you, as a system administrator, are going to set up. Now packet filters use rules based on the IP address, either the source and the destination, and the port or the door of how they're getting in and out of your computer or in and out of that server. And then we also have stateful filters for those firewalls and what those do is maintain session state information. Every time you go out on the Internet or every time you connect to a server, you establish what is known as a session. If you initiate that session from inside of your network, that firewall is going to learn about that session so when the server tries to send that information back, even though that port may be blocked, you have established that session – now you are in a stateful state between the server and the client so it will allow that information to come back through – so that's where our stateful filters come into play and no…again they maintain that session state information which is good because now that information coming back in that you've requested is not going to be blocked.

[Heading: Firewalls Firewalls are hardware or software that allows or denies a connection based on rules. Packet filters use rules based on IP and port, and Stateful filters maintain session state information.]

So a little bit more about those hardware firewalls – they are a dedicated piece of network hardware, they are a network appliance, that's probably a new term for you, so it is a dedicated piece of equipment that we're going to put on our network usually somewhere around the boundary of our network and what this is going to do is protect our whole entire network and not necessarily individual host or individual computers. So we place this between our network and the untrusted area or an untrusted area, which is more than likely going to be the Internet because while the Internet is very untrusted – even though we have rules and regulations and procedures and standards and so on and so forth, it's very untrusted because there's not one entity that will just – it secures the Internet, it's totally untrusted. Now hardware firewalls will block on port and IP address rules, like we mentioned just a minute ago, that you're going to set up as a system administrator. So you can say this specific IP or this range of IP or this whole subnet is blocked from coming into our network, or this port. You can say port 20 and 21's blocked so we are denying all FTP traffic to come inside of our network and likewise, we can block it going out as well to help prevent that spillage.

[Heading: Hardware Firewalls: Hardware is a specialized network appliance, placed between a network and untrusted area. Port and IP address rules, and can act un various roles.]

Now hardware firewall can also act in various roles – not only can it be a hardware firewall, it can be a VPN concentrator, it could be a content filter, it could be a honeypot, it could be various things depending on your budget and your hardware requirements for your network. Now we also have software firewalls and these usually run on a host. We'll put this on a computer somewhere – it's software that we will install on a computer and that's all that computer is really going to do if we want to protect, say a LAN. Or if we want to put it on individual hosts, we can put host software-based firewalls on every host in our network and do what's known as defense-in-depth and not only could we have a hardware firewall on our network, we could have the software firewalls on each individual host. These are good for your small office or your home computers, wherever you may have them, because small offices – usually, you know, five to ten computers – not a big deal to install that on individual computers compared to say thousands or tens of thousands in an enterprise environment.

[Heading: Software Firewalls. Software firewalls usually run on the host and are port based. Can have control of Internet access per application, and can be compromised from the OS.]

Software firewalls are also port based, again those are those doors coming in and out of your computer so you can block off certain doors or certain ways of getting into your system. They also control the Internet access per application so you can say "this application can get Internet access, whereas this one may not, " so you can block off all gaming applications per se in your office so you know your employees are not playing games while they are in the office or doing what they're supposed to be doing. Now one thing though with the software firewall is it can be compromised from the OS or the operating system because if the operating system gets compromised, well it controls everything, so it can compromise the firewall and then you're losing some of that security. And then we have content filters and they can be part of a firewall or a totally separate device if they wanted to. What they do is they check the contents of a packet and allow or deny that traffic from coming in or going out of your network. These operate at the application layers, which are the higher level layers up there with Layer 7. Now these rules can be based on URL or e-mail contents or, say web contents, for that matter.

[Heading: Content Filters. Content filters can be part of a firewall or a separate device, and they check the contents of packets and allow or deny. They operate at application layers, and rules can be based on URL or e-mail contents, etc.]

Back to top

Intrusion Detection and Prevention

Learning Objective

After completing this topic, you should be able to

1. Using intrusion detection systems

Another way we can help protect ourselves or protect our network is using a network device called an intrusion detection system or an IDS. So an IDS examines network traffic in comparison against signatures for known attacks, a lot like antivirus. We know that a specific piece of software looks like this so we're looking for that signature. We know that that's an attack so what an IDS does, it sees that traffic coming in and it will compare that against a known signature or the digital signature, the digital footprint of what that looks like and say, "oh, this is bad or oh, this is okay, this is good." It works off sensors so those sensors will look at those devices – that information will come through that device, a sensor will pick it up, it will examine it, compare it against a signature, and tell us if it's good or bad. Now if an IDS sensor detects an attack, what they can do is communicate warnings to network management consoles, they can send an e-mail, they can send you a text message nowadays, and let the system administrator or network administrator or security professional know what's going on so they can take preventative steps or come in and take a – you know, mitigate the problem so they can stop that attack or stop the malicious information from coming into the network.

[Heading: Intrusion Detection Systems. An example of a network diagram displays. The network is composed of a router that is connected to a switch. The Switch, in turn, is connected to a sensor. The Sensor is connected to a client PC and the switch, in turn, is connected to a laptop and a router.]

Now something else that we can put in place instead of an IDS, is an IPS – an intrusion prevention system. Now a network IPS signature, just like an IDS, is a set of rules used to detect intrusive activity, or that bad stuff coming into our network. Those sensors can scan network packets using existing signatures, just like an IDS, to detect for known attacks but now they respond with a predefined action. So if they pick up malicious activity, not only can they tell a network administrator or the system administrator or IT professional that, "hey, something's going wrong," now they can actually respond and they can say, "move that traffic off," they can redirect that traffic to, say a honeypot, or they could completely close off that port. So now that traffic is coming in that specific door or that specific port on our network, we can close that off and we can actually stop that attack from happening anymore until that system administrator can get in there and put in a patch or get in and mitigate the problem or put some type of control in place to stop that attack from happening.

[Heading: Intrusion Prevention Systems. The Sensor is highlighted.]

Now the IDS does have some advantages. The big one – it does not disrupt packet flow, what it does is actually works with copies of packets as they come into our network so it's not really pulling that packet, say off of the road, and stopping that information and getting in there and looking and saying, "oh you're good or bad" and then passing it on, it actually makes a copy of it so the original one goes on. Again this is – it works like this because it doesn't stop that traffic, right, we can't take preventative steps with an IDS, we're just looking at the bad things, and we can give a notice, we can send an IM or a text message or an e-mail or something to a network management station saying, "hey, something bad is happening." Now this is typically a little bit easier, simpler to configure than an IPS, an IDS is not that bad to set up, again it's only going to send you messages but it's not really going to take those preventative steps like an IPS.

[Heading: IDS Advantages. IDS does not disrupt packet flow – works with copies of packets, and it is typically simpler to configure than IPS.]

So those IPS advantages – it responds immediately, it does not allow any malicious traffic to pass if we have it set up that way. Now don't think just because you put an IPS out there, it's just going to stop everything and be the know-all be-all for your network traffic, it doesn't quite work like that but it does respond immediately and if you have it set up properly, you can stop traffic from coming in, like I said, you could block off those ports or you could redirect that traffic to, say a honeypot or a honeynet, and make that traffic go somewhere else. Now it does proactively work with other network devices to stop those attacks, which is outstanding because it can work in conjunction with your firewall and give you again that defense in depth, another layer of protection for your network.

[Heading: IPS Advantages. IPS responds immediately – does not allow any malicious traffic to pass, and proactively works with other network devices to stop attacks.]

Back to top

Load Balancing and Traffic Shaping

Learning Objective

After completing this topic, you should be able to

1. Balancing loads and shaping traffic

Now a lot of times, companies will have more than one connection out to the Internet or more than one wide area connection out to say a branch office or another department somewhere not local to them. So what they use is what's called a load balancer – now this is a network device to balance traffic across those WAN links or those wide area network links. It's used for bandwidth aggregation, meaning we're going to bring that connections in and combine it, maybe we've got two 1 meg connections and if we aggregate that together, we can make it look like it's one 2 meg connection and have more bandwidth this way by bringing more connections in. This will also give us some link redundancy because if link 1 is a 5 meg connection and link 2 is a 5 meg connection, and let's say one of them goes down, we still have that redundancy. We haven't lost our connection to our other branch offices or our other department or another office somewhere else in another region.

[Heading: Load Balancers. It is a network device used to balance traffic across WAN links, and used for bandwidth aggregation and link redundancy. It can also be used to balance traffic across a server farm.]

We can also use this to balance traffic across a server farm. So perhaps we've got some web servers there with some SQL server backends, we can use a load balancer on the front of that web server farm to balance that traffic across the different servers so we're not taxing out that one web server all the time, it's not handling all those requests from the Internet, we can spread the love around a little bit and balance out those requests to two servers or three servers or five servers or ten, however many you may have in your server farm. Now these load balancers, they can operate at Layer 4, that transport layer or at Layer 7, up at that application layer, and they do this by algorithms and there's a few that we need to be familiar with. The first one being the round robin or the weighted round robin, which means again the kind of spread the love around – round robin says, "okay, packet 1 you go to the left, packet 2 you go to the right," let's say we just have two connections here. So it will say, "you go here and you go here, the next one will go to the left, the fourth one will go to the right, the fifth one goes to the left" – so there…it's a one for one.

[Heading: Load Balancer Operation. It can operate at Layer four or Level seven. Load balancing algorithms include – Round robin / weighted round robin, Least connections, and Least response time.]

Now if we had right weighted round robin, we could say, "alright two packets for every one packet goes to this link," so we could say, "packets 1 and 2 go to the left, packet 3 to the right, 4 and 5 to the left, 6 to the right." We also have least connections algorithm, which is going to look and say, "well, we've got ten connections off this link and we've got nine connections over here so we're going to go that direction." We also have the least response time – so that algorithm will look at the connections and say, "well, right now, link number 2 is faster than link number 1 so I will use this link," and vice versa. It might look at link 1 or link 3 or link 5, we don't just have to have two, I'm just using two for an example but we could have many of these aggregated links coming into our load balancer and any of these algorithms would work on that load balancer looking at multiple links, again, if we had more than just the two.

[Heading: Load Balancer Operation. It can operate at Layer four or Level seven. Load balancing algorithms include – Round robin / weighted round robin, Least connections, and Least response time.]

Now something else we need to talk about is the traffic shaping and package shaping because sometimes we want to delay some of that traffic on a network and it's going to help improve performance for other traffic. Now this is used for latency-sensitive applications or bandwidth-limited links so you need to think of things like Voice over IP. Those are latency-sensitive applications, we don't like those delays in our Voice over IP so we could shape that traffic or shape those packets and allow those voice packets to move ahead faster say than regular TCP or UDP packets where it's just regular data. Now those packet shapers, they can be dedicated network devices or we can actually put these on our wide area connections, our WAN routers. Now these dedicated devices, what they do is, they reorder the WAN queues according to traffic shaping profiles that you're going to set up as a system administrator. Again, those profiles might be for data traffic or for that VoIP traffic, like I mentioned a little earlier.

[Heading: Traffic Shaping / Packet Shaping. Delaying some traffic on a network to improve the performance of other traffic. It is used for latency sensitive applications and/or bandwidth limited links. Heading: Packet Shapers. Packet shapers can be dedicated network devices or WAN routers. The dedicated devices reorder WAN queues according to traffic shaping profiles.]

Back to top

Access and Remote Access Devices

Learning Objective

After completing this topic, you should be able to

1. Using access points, modems, and VPNs

They're everywhere nowadays – we have tablets, we have mobile devices, we have our laptops and we connect those to wireless access points. Now those wireless APs or access points is the point at which that WiFi device, like your tablet, your phone, your laptop – those devices attach to the actual wired network or the infrastructure inside say, a campus at a college or your home network or your business network. Now these products range from SOHO or small office/home office home routers/access points like an all-in-one device, all the way up to industrial AP devices – where not only could it be the access point, those all-in-one devices could also be like a router providing DHCP services, which is going to give you your IP addresses for all those WiFi devices, again like your tablets, your mobile devices, your phones, your laptops. It will actually give them information about your networks, those are going to be those all-in-one devices.

[Heading: Wireless Access Point. A Wireless AP is the point at which devices attach to the wired network. Products range from SOHO home router/AP all-in-one devices, to industrial AP devices. one 802.11AP can typically handle about 30 clients.]

Now one 802.11 access point can typically handle about 30 clients, it really depends. The industrial AP devices can handle a little bit more of those concurrent connections, where some of the lower end SOHO home routers that you might get at the local, you know, store down the road, they might not be able to handle quite as much, they're a lot better than they used to be because now we have, you know, gaming devices, and everybody in the house has phones and tablets and laptops and we have more and more clients for these WiFi devices – we need to get on to our network so they're actually getting a little bit better. Now another device we need to talk about is the analog modems. Now what the analog modem does is it uses the PSTN or that public switched telephone network or POTS, the plain old telephone system, to transmit a digital signal over analog lines, those old telephone lines that most people aren't even familiar with these days. I know if I went to my son and told him something about a modem, he would have no idea what's going on and he's nine years old. He just knows – get on the Internet – but these are the way we used to do things, you know, the old dial-up systems that we had where the modem would scream at you inside of the computer. We were using this public switched telephone network or this PSTN.

[Heading: Wireless Access Point. One 802.11 Access Point, or AP, is able to accommodate 30 clients at one time. Heading: Analog Modems. A diagrams illustrates the way in which signals are transmitted over analog lines. The diagram consists of a Residence, or house, which has a phone, a wireless router, and a PC that are all interconnected to resemble a home network. The home network, in turn, is connected to a Demarc device within a local loop that is connected to the Public Switched Telephone Network (PSTN) and Central Office (CO).]

Now it's not widely used anymore because it's, well frankly, it's slow. We want to go as fast as possible. I remember when I got my first 56k modem, I thought I was screaming because it was an improvement from my 14.4k that I used to have but now if you talk about a 56k link, you know, your telephone goes faster than that over the cellular connection anymore so it's not really widely used anymore due to those bandwidth limitations. You're not going to do any online gaming, you're not going to do any streaming or anything with that. Now we also have access concentrators and what these are used for is to aggregate those remote connections. Now we use these from those modem connections and they – and largely replaced now by VPN concentrators, those virtual private network concentrators I mentioned a little bit earlier.

[Heading: Access Concentrator. Access concentrators are used to aggregate remote connections. They're typically used for modem connections, and largely replaced now by VPN concentrators.]

Those VPN concentrators, what they do is they aggregate or bring in tunneled IPsec or IP security connections into that local area network or to that LAN. So we might have a bunch of road warriors out there, salesmen for our company, and they need to tunnel back, they need to VPN back to the headquarters. So what we can do is aggregate all those connections – maybe we have 50 road warriors out there and they're trying to tie back to get to their e-mail or a shared server or whatever it is back to the headquarters so we will take all those connections into one aggregated tunnel connection in our VPN concentrator, bring all that together and it can handle a lot more concurrent connections say than just a regular VPN server which might be able to handle only 10 or 15. A VPN concentrator can handle up to thousands of connections for that aggregated tunnel coming back into our local area network.

Back to top

VPN Topologies

Learning Objective

After completing this topic, you should be able to

1. Understanding usage scenarios for VPNs

VPNs or virtual private networks allows people to use the public Internet as a road for their private traffic. This allows users and businesses to take advantage of the existing infrastructure without dedicated or leased lines. Well, the first of these networking services or applications we need to talk about are called VPNs or virtual private networks. Now what these virtual private networks do is, they provide secure connectivity across an unsecured network domain, like the Internet, and they do this by using encryption, like IPsec, for example, to encrypt that connection across the untrusted Internet because, like we mentioned earlier, the Internet is not regulated as far as one entity is in charge of – this is what we're going to use, you can't do this, you can't do that. There's rules and regulations but that doesn't mean you have to follow them necessarily on the ungoverned Internet. So we can have these virtual private networks for using for a…like a traveling user, you know, those road warriors, or salesmen out there. We can have a home worker teleworking or they can tie back to the central site. We can have site-to-site remote offices or extranet business partners and all of these connections can come back to our central site through, again, that unsecured network, like the Internet.

[Heading: VPNs. Virtual Private Networks provide secure connectivity across unsecured network domains – such as the Internet – through encryption. A diagram displays, consisting of a Home Teleworker and a Traveling User who both connect to the Internet. The Traveling User connects via POP, whereas the Home Teleworkers connects via DSL cable. Both users connect to an Extranet Business Partner, a Central Site, and a Site-to-Site Remote Office, respectively.]

Now those site-to-site VPNs that I mentioned just a second ago, they actually tunnel data between local area networks over that untrusted connection through the Internet. So you can see from our graphic, we have a remote site in the green area over there that's actually tunneling through the Internet back to our central site and we have an intranet down there on the bottom left hand of our graphic, again tunneling through the Internet, the untrusted Internet, up to our central site and when they do that, it makes those intranets or that remote site think, "hey, I'm on the local area network of the central site so we can have this site-to-site VPN tunnel between our two local area networks through this untrusted Internet." And this is a huge cost savings to businesses, by the way, because now they don't have to have those dedicated links or those dedicated lines to that specific remote site or to an extranet business-to-business business partner that we might have out there. We can use the existing infrastructure of the Internet and use a VPN tunnel to kind of make our way through the Internet in a secure fashion.

[Heading: Site-to-Site VPNs. Site-to-site VPNs tunnel data between LANs over the Internet. A diagram of a site-to-site VPn displays. It consists of an Intranet, a Remote Site client PC, and a Business-to-Business Extranet that all connect to the Internet and to a Central Site. The client PC and Intranet users both connect via POP and DSL cable through one or more routers. The Remote Site user, Intranet, as well as the Business-to-Business Extranet connect to the Internet and to the Central Site via a Perimeter Router that has a switch or a router or an inward-facing firewall configured.]

Now one thing we need to keep in mind is that a concentrator is going to be required in each site, so it aggregates that information, those connections coming into the central site and brings them into one area where that – those connections are concentrated in that VPN concentrator and again, where we can also have more than just a few, you know, dozen connections we can, you know, depending on the VPN concentrator, we can support up to tens of thousands connections if we needed to. We also have what's known as a host-to-site VPN. We saw that on the earlier graphic just a little bit but host-to-site VPNs are used for remote access. I use them all the time if I'm staying in a hotel and I need to tie back to my home network, if I need to get something off a file share that I might have on my home network so I can use a host-to-site VPNs to give me that remote access. I would be the host somewhere on a, in a remote location and the site would be my home office, here where all my infrastructure is and all my files are.

[Heading: Site-to-Site VPNs. A concentrator is required at each site for site-to-site VPNs. Heading: Host-to-Site VPNs. Host-to-site VPNs are used for user remote access. A host-to-site VPN diagram displays. It consists of a Remote-access Client, a Telecommuter, and a Mobile user who all respectively connect to the Internet via POP and DSL Cable. The users connect to a Central Site that has an external-facing router configured, as well as an internal switch, router, gateway, concentrator, or firewall.]

So the client will use a piece of software and it could be built into the operating system – Windows 7, Windows 8, they do have some VPN type software and protocols built into them but you can get other pieces of software to do that. So it could be possibly built into the operating system. Now the site is going to have some type of VPN gateway or it could have a VPN concentrator, again depending on how many connections you have coming in to the actual site. And then we have host-to-host VPNs – these tunnel traffics from, what you might think, one host to another. Now VPN client software is going to be used to handle these host-to-host connections.

[Heading: Host-to-Site VPNs. The client uses a piece of software – possibly built onto the OS – and the site has a VPN gateway/concentrator. Heading: Host-to-Host VPNs. Host-to-host VPNs tunnel traffic from one host to another. VPN client software must handle host-to-host connections.]

Back to top

VPN Protocols

Learning Objective

After completing this topic, you should be able to

1. Common VPN frameworks and protocols

Now in order for our VPNs to work properly, we have to have something in place – a protocol. So we need to discuss some of those. First one is, take a look at IPsec. And IPsec uses three main protocols to create a security framework for us to actually use IPsec for our VPNs. First off being the Internet Key Exchange, the IKE. That provides a framework for negotiation of the security parameters and it is responsible for the establishment of raw authenticated keys between the two endpoints. Next we have the Encapsulating Security Payload, the ESP, and that provides a framework for encrypting, authenticating, and securing of our data. And then we have the Authentication Header, the AH. That also provides a framework for authenticating and securing of our data. Now IPsec is an IETF, which stands for the Internet Engineering Task Force. It is part of that standard that employs the cryptographic mechanisms on the network layer so that means we have authentication of every IP packet since we're working at that network layer. We also have verification of data integrity for each packet that's coming across. We have confidentiality of the packet payload as well.

[Heading: VPN Protocols – IPsec. IPsec uses three main protocols to create a security framework. The first is Internet Key Exchange (IKE), which provides a framework for the negotiation of security parameters. The second one is the establishment of authenticated keys –Encapsulating Security Payload (ESP) – which provides a framework for encrypting, authenticating, and securing of data. Thirdly, the Authentication Header (AH) - provides a framework for authenticating and securing of data. Ipsec is an IETF standard that employs cryptographic mechanisms on the network layer, through - authentication of every IP packet, verification of data integrity for each packet, and confidentiality of packet payload.]

Now we don't always have to use IPsec for our VPN protocols. We can have a browser-based full-network SSL VPN access. As you can see with the graphic here, instead of using an IPsec tunnel now, it's going through the Internet, we're using an SSL, a Secure Socket Layer. We have that VPN tunnel now, tying back to our SSL VPN gateway at our home office or our branch office, excuse me, our headquarters or wherever we are trying to get that remote access. We also have another one called PPTP. Now PPTP provides VPN access for those remote clients. PPTP standing for Point-to-Point Tunneling Protocol. So remote clients can access the corporate network across the Internet securely using this PPTP, again, as our virtual private networks come across that untrusted Internet. Now we can configure PPTP filtering on a network adaptor so that only those packets are going to be permitted.

[Heading: VPN Protocols - SSL. Browser-based full network SSL VPN access. A diagram depicts a network in which a user connects to an SSL VPN – that has a firewall or gateway configured – via an SSL VPN tunnel over the Internet to access workplace resources. Heading: VPN Protocols – PPTP. PPTP provides VPN access for remote clients, and remote clients can aces the corporate network across the Internet securely using PPTP. You can configure PPTP filtering on a network adapter so that only PPTP packets are permitted.]

Now this operates across a point-to-point protocol connection but is tunneled through the PPP. Now the data is encrypted and encapsulated inside of those PPP packets. And then finally, the last VPN protocol we need to discuss is GRE, the Generic Routing Encapsulation. This is used in conjunction with PPTP, or more commonly IPsec, to create that virtual private network or that VPN tunnel that we need. Now this is a Cisco protocol for encapsulating traffic, usually in point-to-point links.

[Heading: VPN Protocols – PPTP. Operates across PPP connections, whereby data is encrypted and encapsulated inside PPP packets. Heading: VPN Protocols - GRE. Used in conjunction with PPTP or IPsec to create VPNs. It is a Cisco protocol for encapsulating traffic in point to point links.]

Back to top

Remote Access Servers

Learning Objective

After completing this topic, you should be able to

1. Managing remote access servers

We can have all these remote connections and that's great. We can get in from, you know, if we're on the road or site-to-site VPNs but who's going to control all that. Well that's where these AAA services come in, these AAA services. They provide authentication, authorization, and accounting for our remote connections, where we're coming into the cloud, those VPN connections. RADIUS, TACACS+, and Cerberus are all AAA services that we need to be familiar with. And you can see in the graphic here, we've got asynchronous dial-in connections coming through the cloud so, yeah, well there's our dial-in connections to that network access server and then we can either talk to that RADIUS server, that TACACS server, or that Cerberus server, for that matter, and they could give us that authorization, they could authenticate our username and password or whatever credentials we gave them, authorize us to get in, and get to where we need to get to for that remote connection. Now that Remote Authentication Dial-In User Service or RADIUS, that is an 802.1x standards-based AAA protocol for remote connections.

[Heading: AAA Services. AAA service provide authentication, authorization and accounting. RADIUS, TACACS+ and Kerberos are AAA services. An AAA Services diagram displays. It consists of three client PCs that use Async Dial-in to connect to a series of Network Access Servers via a Telco Cloud. The network access servers are: a Kerberos Server with IP address 10.6.101.101, a RADIUS server with IP address 10.1.1.3, a second RADIUS server with IP address 10.1.1.5, and a TACACS+ server with IP address 10.6.101.101. Heading: Remote Authentication Dial In User Service (RADIUS)  RADIUS is an 802.1x standards based AAA protocol for remote connections.]

It's pretty widely used for VPNs, those virtual private networks. It's used a lot for access points and other remote access-type security scenarios where we might want to get in, and let's say, we could use a RADIUS server for getting into our switches. Instead of having the accounts right on the switches, we could tie it to a RADIUS server to give network administrators or network engineers permissions to actually remote into a switch, a managed switch, and configure VLAN or setup for security or whatever the case may be. But we can use RADIUS servers for that purpose, it's very popular. The other one we need to talk about is the TACACS+. That is the Terminal Access Controller Access Control System. Again, another mouthful there, but this is something that Cisco developed as an open standard for AAA services. Now RADIUS only encrypts the passwords. The usernames and everything, they're all sent in cleartext when it comes with RADIUS but TACACS+ actually encrypts all the information between the client and the server.

[Heading: Remote Authentication Dial In User Service (RADIUS).  It is very widely used for VPNs, access points and other remote access type security scenarios. Heading: TACACS+. Cisco developed open standards for AAA services. RADIUS only encrypts passwords, usernames etc if they are cleartext. TACACS+ encrypts all information between client and server.]

Some other differences between TACACS+ and RADIUS is that TACACS actually uses TCP as its protocol while RADIUS uses UDP. TCP, being connection oriented, gives us a little bit better connectivity using TACACS+. TACACS+ also gives us a little bit better protocol support and it totally separates the AAA services when it comes to these remote connections. RADIUS, on the other hand, actually combines the authentication and authorization portion of our AAA. Now these remote access services – that was originally a Microsoft term for the remote dial-in capabilities of the NT Server, Windows NT Server, back in the day. It uses PPP and a modem or some type of WAN connection to bring in that information or to establish that remote connection. Nowadays though, RAS really refers to any remote access connectivity, including those VPNs, those virtual private networks that we've been talking about.

[Heading: Remote Access Service. Originally a Microsoft term for the remote dial-in capabilities of Windows NT Server. It uses PPP and a modem or WAN connection. RAS now refers to any remote access connectivity, including VPNs.]

Back to top

Web Services

Learning Objective

After completing this topic, you should be able to

1. Deploying and using web services

Now you've probably heard of the term "the cloud…my data's in the cloud…everything is in the cloud." Well, what makes up this cloud, what, you know, organizes this cloud? What's in this cloud is web services. Now these are standards, based off software components that interoperate over the web. And there's a company or organization, the W3C, that defines these standards for the software components that we find out in the cloud or on the Internet, and W3C – that is the World Wide Web Consortium that defines those standards. Now these applications or applications that we need, they can be built up out of these web service components that you're going to find on the Internet or, as the buzzword many more, is the cloud. Now we do have some rules that we have to follow, these protocols that these web services need to follow so we're going to use HTTP for the transport of these files, of this data back and forth, in and out of the cloud, that Hypertext Transfer Protocol. We've got XML and SOAP for data exchange, which is actually going to be how the data's exchanged between the client and the server or the services that are in the cloud. So XML, that's that Extensible Markup Language, and SOAP, that's that Simple Object Access Protocol. We're going to use these two guys for the data exchange.

[Heading: Web Services. Standards based software components that interoperate over the web. The W3C defines standards. Applications can be built up out of web service components. Heading: Web Service Protocols. These are HTTP for transport, as well as XML and SOAP for data exchange, and UDDI for discovery.]

And then we have UDDI for the discovery, that's that Universal Description, Discovery, and Integration. Now these web service applications…we can design these applications with reusable components. That way you don't have to reinvent the wheel all the time. Or say you create a web application out there and you stick it in the cloud and you have a login component to this application. Well, pretty much down the road, you need to create another application, this one also needs some type of logon mechanism or a logon component so you can actually go back to your original design, your original application development that you have out there in the cloud and use that same login component or use that same component to tie into a database backend or the same component to pull information out of a directory services so that we can have these reusable components or these reusable modules so we don't have to continually reinvent the wheel. These applications are also used for interoperability, which means we can connect existing components on different platforms, which is outstanding because now we don't have to design applications for a Mac and we don't have to design applications for a Linux box or for a Windows box or for a tablet platform or for a mobile phone.

[Heading: Web Service Applications. Web Services enable application design with reusable components. They are also used for interoperability - connecting existing components on different platforms.]

These web services applications – we can design one application, put in some parameters, maybe for different browsers but not necessarily different platforms, and everybody can get that information now. So if they're looking at it on your smartphone, you get that information. If you're looking at it on your 24-inch screen desktop in your office, you're going to get that same information. If, you know, your desktop is a Mac and your phone is an Android-based device, or whatever the case may be, you're still going to get that same information because of that interoperability. Now how do we do that? Well, the client requirements are pretty simple, you have a standard browser and some type of Internet connection. You have to be able to get out to the Internet, you have to get to the cloud, obviously, to get that information out of the cloud and you just need some type of standard browser. I don't know that any one is the best, there's a few popular ones out there, but just somehow to get on the Internet, your Internet connection, and to browse that information out in the cloud. And you're going to go out door 80 – that's HTTP port 80, which is going to be the door or the way into the server on the backend and then back into your computer so you're going to go through door 80, port 80 on the server, to get that information out of the cloud.

[Heading: Web Services Client. The client requirements are a standard browser and Internet connection to go through HTTP port 80.]

Back to top

Voice Networks

Learning Objective

After completing this topic, you should be able to

1. Understanding converged networks

There was a time when we didn't have all these networking equipment, we didn't have laptops and home networks and everybody had computers everywhere and tablets and mobile phones, we had a phone in your house and you had an analog phone line coming in. And then, the Internet started to take off and everybody's like "oh, how can we get on the Internet." So then we had what was known as Dial-up services. So what we were trying to do then is take that existing infrastructure we had for our analog phones and we started putting data on those phone lines with our Dial-up connections, with our 14.4 Modems or 28.8 Modems or 56K Modems and then things got faster and we have got newer technologies. So now, we have got analog phone lines for our existing phones, but now we have got these new cables, these new data cables, that provide faster links for us and then eventually we said, "hey, why don't we get rid of these analog lines, start making everything digital", so now we have gone all the way from just these analog phone lines where we were trying to put data on there and now we are putting the phone analog digital signals, the older signals on our computer medium, these network cables. So this is the convergence of communications medium on to one medium known as Unified Communications.

[Heading: Unified Communications.]

So we went from the older technologies of trying to put data on voice and now we are putting the voice, just as an example, on our data lines. We can have video, it could be instant messaging or voice like we said, we can put all of that on our IP network now and they don't have to have these analog lines for voice or a dedicated line for our video or a dedicated line for instant messaging. We have unified all this together into one happy network. Now a little bit about that Voice Over IP is the telephone calls are actually routed over the IP network. Again, we don't have to have those dedicated phone lines, any analog lines or dedicated digital lines for our Voice Over IP. We can put those on the existing IP network. Now the dedicated phones and servers is what's going to make this seamless.

[Heading: Unified Communications. The convergence of communications media into one medium (network). This includes IM, voice, video, e-mail etc – all on an IP network. Heading: Voice over IP. Telephone calls are routed over the IP network. Dedicated phones and servers make this seamless communication.]

We can also have additional services that could be available to help with availability, any directory services that we might have. So the Voice Over IP can actually tie back to our directories, we could get a little picture on our phone, we could get information about office location and so on and so forth right there on our phones. In this Voice Over IP, routing over the IP network is a cool little thing.
I was on a cruise, I don't know a while back, and my son was really small and we took him to the day care where they handed me this cordless phone and I noticed it was a VOIP phone, it actually worked off the WiFi on the cruise ship. So wherever I was if something, you know, if my son was unhappy or I needed to come in and get him or whatever the case may be, they could call me wherever I was on the cruise ship because it was working over the IP network inside of the boat on their wireless network and then in that way I could come back and take care of whatever the problem was, but that was a wireless device on the IP network, but it was Voice Over IP.

[Heading: Voice over IP. Additional services may be available – including availability, directories etc.]

Back to top

Network Controllers

Learning Objective

After completing this topic, you should be able to

1. Using NICs and controllers

So we have all these devices that we need to get on the "Internet". We need to get our laptop, out desktop, our Tablets, our mobile phones, all these devices that we might have, we need to get them on our network. Be it our home network or business network, we will get them out to the Internet so we can get into the infamous Cloud. So how are we going to do that? What is going to allow our devices to get on to the Internet? Well, we are going to have something in there called a Network Interface Card or a NIC, so PCs connect to a switch or hub or a wireless router through these NICs, these Network Interface Cards and you can see the graphic here. This Network Interface Card actually has three different interfaces that we can use for three different types of networks. The one on the far right there, it looks like a little cylinder, that's called a BNC connector and there's tons of different names for BNC connectors, they call it the Bayonet Neill-Concelman after the inventors, I heard it called British Naval Connector so different names for this BNC, but it is Bravo November Charlie type connector. And then in the middle there, we have got one that looks kind of flat, it has got a little hole in it, that's known as our AUI, an Attachment Unit Interface.

[Heading: PC Network Interface Card. PCs connect to a switch via a NIC. A NIC can be wired or wireleless. An example of a Network Interface Card displays.]

Now you don't necessarily hooked a cable directly up to this, what you have to have is a transceiver that actually plugs on to that and it will click on to those little clips you see rounded up on the edges there and then you can actually call it a cable or connect transceiver be it some type of like phone cable or a traditional network cable. And then on the far left we have the one that probably everybody is most familiar with, looks like the one where you can plug in a larger of those phone jacks, that's where RJ45 connectors is going to snap inside of there and get us on to that network. Now those network interfaces can be wired like the card that we see here or it can be wireless which could be built into your laptop or built into your device or you can go to the store and you can get those USB devices that clip into the side of your laptop or the back of your desktop computer and allow you to get on a wireless network as well.

Now network devices all require at least one interface, so if we want them to get on to the network or get them on to the Internet, they are going to have to have at least one interface. Now it could be hardwired or it could be modular. Hardwired meaning it's right inside or right on the mother board of that system, the laptop, the desktop, whatever it may be. Most computers, I think I can safely say that, most computers nowadays are hardwired. I remember my first computer did not have a Network Interface Card in it, didn't even have a Modem in it. I had to go buy these separately, which was a little module that popped inside of my computer so then it allowed it to at that time to get on the Internet with my Dial-up Modem because it was modular, I could take it in or out or move it around as well. Now these modular interfaces enable easy switching, so we can either have a LAN or WAN connections on a router for example. So if we have a router in there, they have modules on that you can slide in or out, that allow different types of connections to get on a LAN, so you can have an RJ45 connections in there or those BNC connections or you can have WAN connections on those routers as well because it's modular you can slide in or out so we can have those WAN connections like to get out to a frame relay or ATM for example.

[Network Device Interface Network devices all require at least one interface. This could be hardwired or modular. Modular interfaces enable easy switching – e.g. LAN and WAN connections on a router.]

Back to top

Configuring DHCP

Learning Objective

After completing this topic, you should be able to

1. Configuring basic DHCP services

So let's take a look at configuring DHCP.What we want to do here is jump into Server Manager. I'm on a Server 2012, Microsoft Windows Server 2012 system here, with datacenter. And you can see over here from the Server Manager Dashboard I already have DHCP installed. I've already installed this role on the server so now what we want to do, according to the objectives, is to jump in there and configure this server. So what I'm going to do is come up here to Tools on the top right and I'm going to come down here to DHCP. Now if you have not installed the DHCP role, this won't be here so we need to make sure you do that first. So go ahead and click on this, I'm going to maximize this out for us.So here we can see our DHCP – this is our MMC snap-in, that Microsoft Management Console. I'm going to move this over just a little bit here and let's expand this down. And we're going to work with IPv4 right now. So what we want to do is add a scope first; that's going to be the first thing we have to do. And we know that scope is a definition of ranges of IP addresses that we can use…it's a definition we're going to set up saying, alright everybody in our organization, our infrastructure, can use this range or this scope of IP addresses for their IP addresses

[In Microsoft Windows Server 2012, the Server Manager application displays on the Dashboard page. The left-side pane include the options: Dashboard, Local Server, All Servers, DHCP, and File and Storage Services. The page lists four steps. Number one – which is currently selected – is Configure this local server, two is Add roles and features, three is Add other servers to manage, and four is Create a server group. The presenter selects Tools – DHCP. A DHCP window opens, which the presenter maximizes.]

Because it's going to give them out dynamically.So what I want to do, I just simply right-clicked on IPv4, I'm going to scroll down here to New Scope and go ahead and left-click. And then we're going to get our New Scope Wizard to pop up and we're going to step through these questions and set up our new scope. So first we have to give it a name. So I'm just going to name it, I don't know, Scope1 and a little description, Our Scope. I'll go ahead and hit Next. And again you can put anything in there you want.Here's one very important part. This is your IP address range; these are going to be the IP addresses that you're going to give out dynamically compared to statically, right. Static addresses – that's where you go in and you hand jam those into the computers and they're set, they are hardcoded, if you will, into that system. This is going to be that dynamic pool of addresses that our systems, our workstations, our laptops…they can pool from this pool of addresses. So what we want to do is set up the scope here, set up that range.
So normally these are private IP addresses because we are behind, you know, our firewall; this is an internal address space. So I'm going to use the address space of the 10 in that Class A network. So I'm just going to say 10.10.10.1 has to be our starting address because zero is the actual network address.

[The presenter then points out the Microsoft Management Console (MMC). This is listed under the heading DHCP, as the expandable srv40235 node – in the first column on the left. The presenter expands MMCsrv40235  and selects IPV4. A message appears in the middle column titled: Add a Scope, and gives a definition and instructions about how to set one up. In the New Scope Wizard dialog box headed Scope Name, the presenter types Scope 1 into the name field and Our Scope into the Description field, and clicks Next. In the next dialog box – headed IP Address Range – the presenter enters the following information in Configuration Settings for DHCP Server: Start IP Address – 10.10.10.1, End IP Address – 10.10.10.254.]

And then the end address, I'm going to say 10.10.10.254 and we're…we're only going to work with, you know, a…a /24. Right now it says the length is 8 – that's how many network bits we have and you can see our subnet mask is 255.0.0.0. I'm going to actually change this to 24 to change our subnet mask. So that means we're only going to be working in this fourth octet right here. So we're only going to have 256 total addresses to work with, 254 are going to be usable. So I'm going to go ahead and hit Next.And here's it saying or asking us, do we want to add any exclusions to that range? And that means, you know, we defined a range of 10.10.10.1 up to 254. But let's say 1 through 5 is our server farm. Well we're going to assign those IP addresses statically; we don't want our servers getting dynamic IP addresses. It doesn't work very well that way. So we can say, let's exclude 10.10.10.1 through 10.10.10.5 because those five IP addresses are going to be for our server farm. So I'm going to go ahead and say Add and it's going to exclude those. So any time a client comes up on the network and it's asking for an address, would the DHCP offer messages? It will not offer 1 through 5 now. It will start with number 6 and go all the way up to 254.

[Below this in Configuration Settings that Propagate to DHCP Client, the value eight automatically appears in the Length text box, and 255.0.0.0 in the Subnet Mask. The presenter changes the Length from eight to 24 – which changes the Subnet Mask to 255.255.255.0.  He then clicks Next.]

We can go ahead and hit Next.And now this is our Lease Duration. How long are they going to keep those IP addresses? I've seen leases all the way up to 365 days, where they just let them keep it all year; I've seen leases daily, every other day, a few hours. It depends on your organization, it depends on your policies and procedures. Right now it's set at 8 days, let's just set that to 1 and we'll go ahead and hit Next. Now we can configure our options and we do want to do this right now because what we want to do is give it the default gateway. We want to set the DNS servers and the WINS settings for this specific scope, which is good for us because what that means is, not only is the client going to dynamically get an IP address, now they're also going to get the default gateway, they're also going to get DNS information, they can also get WINS information all from that DHCP offer package that comes from the server. So we don't have to hand jam in those settings as well, we can have all that sent across.So let's go ahead and hit Next. And then here is our Default Gateway. So to add an IP address for the router used by clients, enter the…whatever the gateway is. I'm going to make one up because I don't know what this one is, sitting on…this server sitting on. So I'm going to say, 10.10…let's do…10, dot, 254.

[The next dialog box is Add Exclusions and Delay . In the Start IP address text box he types 10.10.10.1. In the End IP address text box he types 10.10.10.5, and then clicks Next. This IP address now appears under the Excluded address range. Next is the Lease Duration dialog box. The presenter changes the duration for scope leases from eight days to one day. He then clicks Next.]

And say Add and obviously we would know what our IP gateway is…our IP address for our default gateway. But in this case, well I guess I could come down here and we could look down here at PowerShell. So let's type ipconfig, space, slash, all and we can actually get our gateway…right here. 10.40.2.1 is the actual gateway for the…what this server is sitting on, but that's a different subnet that what we're working with. So we'll just stick with what we have right now; it will work just fine. And we'll go ahead and say our domain name…our DNS server…so you can say, your parent domain could be, you know, something .COM, something .NET – you don't have to put anything in there if you don't want to.You can also put the server name for your DNS down here. This is the important part. So let's say it's DNS number 1 and we could resolve that but it's not going to work right now because there is no DNS role set up on this server right now. So we can go ahead and give it an IP address as well. You can see it has 8.8.8.8 stuck in there; it actually got that from the ipconfig settings, I believe, earlier. But we can force it to use another DNS server. So let's say we had a DNS server in our network. So we can say that was…well our server farm was 10.10.10.1 through 5. Let's say the DNS server is number 3.

[Still in the New Scope Wizard – in the dialog box titled Configure DHCP Options – the radio button for 'Yes, I want to configure these options now' is selected. The presenter clicks Next and the Router (Default Gateway)dialog box displays. In the text box he enters the IP for clients – 10.10.11.254 – and clicks Add. The address now appears in the blank box below the text box.]

And we can say, Add. And it's going to validate this. Now this is probably going to come back false because we don't have that DNS Server service running on 10.10.10.3. That does not exist, but I want to go ahead and show you this because this validation is…is important because if they can't find…if you know that is your DNS Server IP address and it will not find it, then you have a network type error – we need to go resolve that. So it says, do you still want to add it? Sure why not. It's not going to work but we got it stuck in there.So let's hit Next and now we can put in our WINS server. We don't have any WINS servers, it's going to be the same thing that we got for the DNS. We just put our IP address in there: 10.10.10…let's give him number 3 because he's running WINS too and hit Next. And it says, Do you want to activate this scope now? So as soon as we do that, any clients that come on inside of that subnet, that 10.10.10.1 through 10.10.10.254, they're going to send out a broadcast message and they're going to talk to that scope, they're going to talk to that DHCP server, and they're going to get an IP address from that scope and be good to go. So we can hit Next and then Finish and now we are all activated. You can see our scope right here, here's our address pools that we said, these are the IP addresses that are excluded. So you know, excluded from distribution so that means again, they're not going to be getting any IP addresses out.Here's our leases. We don't have any leases at this time.

[the presenter navigates to the Administrator: Windows PowerShell command console.In the Command Prompt window, the prompt is currently PS C:\Users\Administrator>.  At the prompt, the presenter enters the command: ipconfig/all  This returns four headings including Windows IP Configuration,and Ethernet adapter Ethernet, under which we see the listing Subnet Mask – with our value of 255.255.255.0. The presenter returns to the New Scope wizard and clicks Next again, and the Domain Name and DNS Servers dialog box displays. There are three main fields with text boxes – Parent domain, Server Name, and IP address. He leaves Parent domain blank, and types DNS1 into Server name. There is a text box below the one for the IP address, without a heading or field attached to it. It does however have a Resolve button on the left of it. The presenter types the IP address 10 10.10.3 into the text box and clicks the Add button.]

Any reservations that we wanted to give somebody a reservation, where they said, that IP address belongs to…whatever…this server, that…that gateway, that…that host, okay, we can put reservations in there as well.So you can see, setting up a scope in DHCP – not that big a deal in Server 2012. We went through address pools, leases, reservations, and we…we saw how to accomplish all that and then once we get some client set up, those start talking to this DHCP server and they will start getting those dynamic addresses.Since we saw DHCP in action, there's a couple little things I want to touch on just to make sure that we're hitting all the objectives correctly. First one I want to talk about is DHCP Relay. Now we know when a client comes up on a subnet or in an infrastructure anywhere, there is no information…that client, it doesn't have an IP address. It doesn't have any information that it has to communicate with any other devices on the network. So in networks with more than one subnet, this DHCP or…getting this DHCP information is going to be somewhat of a challenge.Now with the DHCP Relay, however, this allows us to communicate over different subnets. We know when a client comes up, it sends out that broadcast and says, hey, Mr. DHCP Server, I need some IP information, can you please help me out?

[A pop-up box titled DNS validation displays, checking if the DNS Server service is running on the given IP address. An error message displays – The IP Address 10.10.10.3 is not a valid DNS address, do you still want to add it? The presenter clicks Yes, is back at Domain Name and DNS Servers dialog box, and clicks Next. Then on to the WINS Servers dialog box, which has the same format as the DNS Server dialog box in the earlier example. The presenter types 10.10.10. 3 into the IP Address text box, clicks Add, and then Next. The final step in the New Scope Wizard is Activate Scope. On the dialog box there are two radio buttons, alongside two options. The 'Yes, I want to activate the scope now' option is selected. He then clicks Next, and the Completing the New Scope Wizard dialog box appears, informing us that it has been successfully completed. The presenter clicks Finish, and the DHCP window in the Server Manager displays once again.]

Well if there's no DHCP server on that subnet, that client's not going to get a response, it's not going to get any information because we know those routers, they don't pass broadcast traffic by default.So we can set up a DHCP Relay, say, on a router so it can combine or kind of cross that traffic between each subnet. So we can have that relay…that DHCP Relay agent allowing those subnets to communicate. So that client will come up and it will say, hey, Mr. DHCP Server, I need somebody. Well if there's not a DHCP server, the relay agent takes over and then it will start communicating with that DHCP server for us.
So now instead of sending broadcast traffic, that agent can send unicast traffic. Remember that's a one-to-one communication to wherever the DHCP server is. It's probably, again, on a different subnet; that's why we're putting these DHCP Relays in place. So that relay can take that traffic, kind of work on our behalf and say, okay, hold on just a second, let me pass this on over here to the DHCP server, the DHCP server will talk back to that relay agent for the information and for the client, and then the relay agent will go ahead and push it off to the client.Now one other thing I want to talk about is IP Helper. Now IP Helper is an API and this is to help modify our network settings and we do this programmatically. It helps our developers when they're doing their programming to get in there and modify any network data according to whatever they need for their particular program.Now some of these developers, they…they…they have applications like routing protocols and SNMP that Simple Network Management Protocol, where developers can get in and use IP Helper inside of their programs, inside of their applications, if they need to modify those networks settings say, for SNMP.

Back to top

Configuring DNS

Learning Objective

After completing this topic, you should be able to

1. Configuring a Windows DNS Server

Now let's set up some DNS. What we want to do is actually get into our DNS, which we know as the Domain Naming Service or Domain Name Server or System. It depends on how you look it up. But anyway, it's taking our fully qualified domain names and translating it to an IP. But it does so much more that people don't really associate DNS with – we're going to go through that. We're going to configure that, right now. So we already have DNS installed. So again, I'm going to come up here while I'm in Server Manager. Come up here to Tools and I'm going to come right down here to DNS and go ahead and left-click, and that brings up my DNS Manager. I'm going to maximize it, so we can take a good look here. So we're taking a look here at DNS Manager. Here is our server, over here to the far left and I'm going to hit this little arrow to expand down. We have Forward Lookup Zones, Reverse Lookup Zones, some trust pointers, Conditional Forwarders and our Global Logs. What we're going to take a focus on right now is the Forward and Reverse Lookup Zones. Right now, we don't have anything in there. So we don't have anything configured as you can see. "Add a New Zone", "Add a New Zone", it's not configured. We're running the service, but we're not really doing anything right now. So couple of different ways we can do this. We can do it through a wizard, couple of different wizards actually. But we can do it one way that I call manually, which we could actually just come right here to where it says, Forward Lookup Zones, I could right-click, and say, New Zone. And it's going to step me through another wizard,

[In Microsoft Windows Server 2012, the Server Manager application displays on the Dashboard page. The left-side pane include the options: Dashboard, Local Server, All Servers, DHCP, and File and Storage Services. The page lists four steps. Number one – which is currently selected – is Configure this local server, two is Add roles and features, three is Add other servers to manage, and four is Create a server group. The presenter selects Tools- DNS. The DNS Manager window opens, which he maximizes. In the main frame of the page – under the heading Name, – there is a list containing selectable options. This includes four folders – Forward Lookup Zones, Reverse Lookup Zones Trust Points, and Conditional Forwarders. Following these are the list items – Global Logs, Root Hints, and Forwarders. On the left hand side there is a column containing DNS and listed below that is SRV40235. He clicks the drop-down arrow next to SRV40235, and the same selectable options – excluding the last two – are displayed, each with their own expandable list arrow. For the purpose of the demonstration, the presenter selects each folder individually and an error message displays in the main frame.]

or I could do both at one time if I wanted to. I want to say both, I mean the Forward and Reverse Lookup Zones. So I'm going to go ahead and hit Cancel here and I'm going to show you how to do this. We have to come right up here on our server name, SRV40235 in this case, we're going to right-click and I'm going to say, Configure a DNS Server from here. Now this wizard is going to open, I'm going to move it over here in the middle for us. Now this wizard is going to open up and it says we're going to configure it. So I'm going to go ahead and hit Next. This is what the first question that we need to pay attention to, because we're going to select this configuration action. So it's asking us, do we want to create a Forward Lookup Zone, do a Forward and Reverse Lookup Zone or just root hints? Now so what's the difference, you might be asking? Well, that Forward Lookup Zone is taking those fully qualified domain names, and translating it to an IP, because we as humans we understand something.com, something.net, .org, whatever the case may be. Computers understand IP addresses, so they have to take our human form of words and convert that over to an IP address, so they can do the routing. Now a Reverse Lookup Zone is just the opposite. We could present it with an IP address and it will resolve the fully qualified domain name. That is a point of record. Those are in that Reverse Lookup Zones.

[The presenter right-clicks Forward Lookup Zones, and the New Zone Wizard displays. He then clicks Close and selects the server.The Configure a DNS Server Wizard displays three options with radio buttons. These are: Create a forward lookup zone, Create forward and reverse lookup zones, and Configure root hints only.]

We want to go ahead and do both. It says it's recommended for larger networks and that is true. Every time I have set up a DNS server for a client though, I have always done Reverse Lookup Zones that always helps in the searches. So I'm going to say, Create forward and reverse lookup zones, I'm going to go ahead and hit Next. And it says, do you want to go ahead and do this? Sure I do, so we're going to hit Next. Here, we have to decide if we're going to do a Primary zone, a Secondary zone, or a Stub zone. Now a Primary zone says you are responsible for this area, this zone inside of your domain namespace. A Secondary zone is just a copy of that, it's kind of like the backup of the Primary zone. The Secondary zone never gets updated, it only gets its information from the original Primary zone. And then we have a Stub zone, which is not really an authoritative server. It kind of sits on the end of our network, maybe like a branch office. There is only one way in or out as far as the network infrastructure is concerned. And still that Stub zone will actually sit out on our branch office, and it will be responsible for that area, but if doesn't know the answer, it will just go ahead and forward it to the next DNS server in our infrastructure down the line, probably one that holds the Primary zone. So in this case, the first one we put up, we need to do a Primary zone. So we're going to go ahead and hit Next.

[He selects the second option and confirms his choice in the next dialog box. The New Zone Wizard also displays three options with radio buttons. These are: Primary zone, Secondary zone and Stub zone. He selects Primary zone, and clicks Next.]

It says, what is the zone name? So I'm going to just say, I don't' know, MyDomain.com, go ahead and hit Next. And it says, do you want to create new file? Yes, I do. Now dynamic updates, this is an another important part, because it really will hit home when it comes to security. We do not want to allow dynamic updates. Dynamic updates, they allow client computers to actually just register, and dynamically update the records in DNS whenever there is a change. We don't want just anybody plugging into our network, and allowing information to be propagated into DNS or have them pull DNS information out. Because if somebody can get on our network and they get automatically added to DNS, they're going to get some information back. We don't want them to get that information, because they're going to have subnet and information. They're going to have Active Directory information. They're going to have all kinds of information about our infrastructure, that we really don't want them to have. So I would not allow dynamic updates. So we'll go ahead and hit Next. And it says, do we want to do the Reverse Lookup Zone, now? Sure, we do, let's go ahead and do that. Again, another Primary zone, same rules apply. We're going to do IP version 4, right now, so go ahead and hit Next.

[In the following page of the Wizard, he types MyDomain.com into the Zone Name text box, and clicks Next. On the Zone File page of the Wizard, the Create a new file with this file name: option is selected, and it is specified as MyDomain.com.dns. The presenter clicks Next, and the Dynamic Update page of the Wizard displays. It gives two main options – Allow both nonsecure and secure dynamic updates is the first one. The second option – which is selected – is Do not allow dynamic updates. Next – in the Reverse Lookup Zone page of the Wizard – the presenter selects Yes, create a reverse lookup zone now option, and clicks Next. On the next two pages of the Wizard, he again selects the Primary zone type, and the IPV4 Reverse Lookup Name.]

Here is what's asking for our Network ID and if you remember we did the 10.10.10.0 network. So what I'm going to type in here is the 10.10.10 and leave it at that, because it won't actually let me type over here anyway, because it knows this is the Network ID. So the reverse lookup is going to be this "10.10.10.in-addr.arpa". This is the Reverse Lookup Zone naming convention, right here. So let's go ahead and actually you'll see this created as a file name, right here. So yes, we want that created right here, go ahead and hit Next. Again, we don't want to allow dynamic updates, we'll go ahead and hit Next. Now this is forwarders. So a forwarder is, if I don't know the answer, should I forward your request to somebody else, maybe they do. You know that your DNS does not know how to get to somethingsomething.com. So it needs to find an answer for you, because, well, it's responsible for you. Sometimes it doesn't know the answer. So it can either go to the root servers of DNS out on the Internet or we could forward it down the line. Either way you want to do it, we're not going to forward anything right now. We could, if we wanted to come up here, if we had another DNS server, maybe sitting in the DMZ where it has more public information. We could forward our information to the DMZ that way. We'll go ahead and hit Next. It's looking for those root hints, so it knows how to get out to those root servers, and Finish.

[On the Reverse Lookup Zone Name page of the Wizard, the presenter types the related Network ID 10.10.10 into the text box. Below this – in the Reverse lookup zone name text box – is: 10. 10. 10.in-addr.arpa. On the page of the Wizard, Create a new file with this file name: is selected, and the file name is specified as 10.10.10.in-addr.arpa.dns. On the Forwarders page of the Wizard, the presenter explains how to specify certain IP addresses – if the DNS were to forward a query. He selects the option to not use forwarders, and clicks Next. A Search pop-up box headed Searching for Root Hints displays. The final page of the Wizard for the setup process displays – Completing the Configure a DNS Server Wizard – and the presenter clicks Finish.]

And let's now expand this out. And now, you can see we have our Forward Lookup Zones here and we have our Reverse Lookup Zones. Now one other thing we need to talk about these Forward Lookup Zones, before we conclude this video is, what I want to do is right-click right here on the MyDomain.com, and you can see we have a new host, an A or AAAA record, a quad A is what they call that. And then we have the CNAME or Canonical Name. I can never say that correctly, I'll just call it CNAME. I'm glad they abbreviated it for me, but this is an alias. And then another one we need to be familiar with is an MX record, that is a mail exchanger record. What we can actually do is manually, let's go up here to New Host. We can manually put in information in DNS. So we could say what is the name of the new host. Well, this is Computer1 and its IP address is going to be 10.10.10.25. We can also create in that associated pointer record at the exact same time. So then not only can we update our Forward Lookup Zones, we can check this box and we can actually update our Reverse Lookup Zone at the exact same time, which is outstanding, because well, we're killing two birds with one stone here. So we'll go ahead and say add a host, and it says it was successfully created, outstanding. Now we're ready to create another one. We don't need to do that right now, so I'm going to go ahead and say, Done.

[The presenter returns to the DNS Manager in Windows Server. He expands the Forward Lookup Zones folder, and the sub-folder MyDomain.com displays. He repeats this action with Reverse Lookup Zones, and it now contains the sub-folder  10.10.10.in-addr.arpa. The presenter right-clicks MyDomain.com, and selects New Host (A or AAAA). The New Host dialog box opens, ands the presenter populates the given fields: Name – Computer One, Fully qualified domain name (FQDN) – Computer One.MyDomain.com, and the IP address – 10.10.10.25. He then checks the Create associated pointer (PTR) record checkbox, clicks Add Host, and a message confirming the successful creation of the DNS displays. The presenter then clicks OK, and when a subsequent New Host Dialog box displays, he clicks Done.]

Here is that new host record. Remember, when we talked about that dynamic updates, without dynamic updates or without being tied to some type of Active Directory, since it is a Windows Server, we would put these in manually. Now being tied to Active Directory we can actually integrate DNS with Active Directory. And when Active Directory gets a new computer added, it will update DNS automatically, but it's very secure, because it uses DNS security when it does that. So it's a little different if you've heard about that, but this is manually adding one. And again, we can come in and add a new alias. So if we wanted like, right now we're known as "MyDomain.com", but if I wanted somebody to type in just domain.com, they could use that to type that stuff in. So it's known as an alias, I'm not going to put one those in right now. And then we can also do a MX record, a mail exchanger. So we can actually point to where the Exchange Server is, or the mail exchanger record will point to that server. So now the host on our network, they ask DNS, they say, "Hey, I need to get to the Exchange Server". DNS says, "Okay, you're giving me this name that's the IP address over there, there you go". So it could go find it over there.

[The presenter returns to the Windows Server DNS Manager window, and the new host Computer One is now listed along with the other two. For the purpose of this demonstration, the presenter briefly demonstrates how to add a New Alias (CNAME), and a New Mail Exchanger (MX) by selecting New Host (A or AAAA), New Alias (CNAME), or New Mail Exchanger (MX) from the right-click menu, respectively.]

So that's how we could get in and add an alias, an A record. One thing we didn't talk about: that quad A record. That is the same thing as an A record, a host record except it's for IP version 6. So if you think about it, it kind of make sense an A record is 32 bits, a quad A is a 128 bits times 4, we've got four As. So that's a host record for the IP version 6. So we went over the Forward Lookup Zones, how to create that, how to create those Reverse Lookup Zones, stepping through that wizard, and then few of those records to get it started in the DNS Manager.

Back to top

Proxy Servers

Learning Objective

After completing this topic, you should be able to

1. Working with proxy servers

You know we all want to be protected on our networks; we want our networks to operate fast and efficient. And we want to go as quickly as possible, but we also want that security and usually when you implement more security, you get less usability. Sometimes you may not have the knowhow, the budget to implement full fledged security on your network, maybe you can't set up a hardware or, you know, a network firewall, but there are things out there that we can put in place and we can also use in conjunction with our firewalls to give us that de-fencing depth. What I am referring to is called a proxy server and what a proxy does; it accesses a server on behalf of a client. Now this is important because this enabling caching, filtering and a sense of security for our clients in our network. So you can see from the graphic there at the bottom, we are over here at the far right on our little green computer and we send a request. It's going to go to that dedicated proxy server there and it's an Application Layer Filter Proxy for HTTP, it means it's going to filter out any information plus it's going to access that web server on the far left, on our behalf. So you can see the number 2 there, it's a repackaged request from us originally, the web server is going to respond because that's its job, but it's not going to respond directly to us, it's actually going to respond to the proxy, the proxy is going to look at that information and say ''oh that came from this computer over here'' so then it will repackage that response and go ahead and send it to us.

[Heading: Proxy Servers. Proxy Servers are able to access a server on behalf of a client, and they enable caching, filtering and, security. A diagram of a network that uses a dedicated proxy server displays. It depicts the different stages involved in a networking service which allows these different elements – Proxies, Clients, and Servers – to send and receive information safely and securely. The stages are given as numbered actions together with arrows that depict the flow of information. Stage one is the Request, stage two is the Repackaged Request sent by the proxy server, stage three is the response returned from the Web server, and stage four is the Repackaged response returned to the client. Elements that restrict the client from communicating directly with the Web Server include a Router and a Firewall.]

The web server has no idea where the original request came from. All that it sees is that proxy server. Now that Content Caching that the proxy server allows us is very nice because what it can do is actually speed up our searches. So we have all of our users over here in our branch office at our graphic, at the bottom there. So all of our users are at our branch office on the far left, they can actually request the same information to that server on the far right, they are going to go through the Internet or our Intranet, but let's say user 1 there at the top, they request something from a web page or some type of application, that content engine there can actually cache that information. So if user number 2 asks for that same information, it doesn't have to go all the way out of our networks through the Internet, all the way over to the server and come all the way back. It can go to that content engine where that information has been cached and get that information right there. We used to use this at an elementary school where I worked at because the students would be searching for the same things all the time in the computer labs or in the classrooms so we put this proxy server in place to speed up those searches, speed up that data access and then back then you also had to pay for your bandwidth usually in, you know, if you went over a little bit then bandwidth's not as expensive now as it used to be so we tried to keep those bandwidth cost down as well.

[Heading: Content Caching. Proxy servers can also be caching servers, and dedicated caching devices also exist. A diagram depicts the way in which information is requested by and returned to three users within a branch office – from an Origin server. This information may have to travel via the Internet or intranet, as well as via two routers and two switches. The proxy server in this example is the Content Engine, which serves as a storage vault for frequently requested information. This is situated on the side closest to the users, below the router. Therefore, if the required information is available in the Content Engine, the request can be re-routed and will not have to go through unnecessary processes.]

Now we can also have dedicated caching devices, they can exist and that's all they do, they just cache that information and that's all they do. We can also have a proxy content filtering and security. So instead of just caching that information, they can look at that data coming back through and actually filter out some of that content. Now that makes perfect sense since all HTTP requests are going to go through the proxy in the first place so we set that proxy on the edge of our network, all the requests are going to go through that proxy, the web server on the distant end is going to see that that request came from the proxy, it's going to get it back to that proxy and then a proxy will repackage that and give it to the originator. Now in content filtering we use this as well in our elementary school I mentioned just a second ago because again we didn't want elementary kids looking at questionable content so we put in some content filtering in there so they couldn't get to adult web sites, you know, malware web sites and so on and so forth. Now the proxy might be the only device allowed to connect through the firewall which gives us that sense of security. So that means that the clients cannot directly connect to external networks or on the Internet so the computers or the bad guys out on the Internet can't necessarily see where that information is coming from on the inside of our network, all they see is that one proxy server which gives us a sense of security.

[Heading: Proxy Content Filtering and Security. Proxy servers can also perform content filtering. This makes sense, as HTTP requests all go through the proxy. The proxy might be the only device allowed to connect through the firewall. This means that clients cannot directly connect external networks or the Internet.]

Back to top

Network Address Translation

Learning Objective

After completing this topic, you should be able to

1. Reviewing usage scenarios for NAT

You know not everybody has a public IP address coming into their home network or their small business network necessarily or maybe they don't pay for static public IP address and believe it or not, we are actually out of IP Version 4 addresses now so they don't, they say we don't have any more to give out or to sell. So they come up with mechanisms to help us alleviate some of this pressure off of this public IP address base we have. And what they came up with was network address translation and what network address translation does it refers to an IP gateways translating private network addresses that are going to be on the inside into valid Internet addresses which are the addresses on the outside. So if you look at our graphic here, you can see on the right hand side, we have a bunch of systems over there and we have got different implementations of NAT, we have a many to one or one to one and then we have a no translation, but obviously there is no NAT going on there, but the systems on the right hand side are our private or inside of our network where we may have private IP address spaces.

[Heading: Network Address Translation. Network address translation (NAT) refers to an IP gateway's translating private network addresses into valid Internet addresses. A diagram displays the differences in NAT between different network configurations – Many to one, One to one, and No Translation. All configurations connect to the Internet via a router that performs NAT. The many-to-one network is private and has access to a public network, the one-to-one network is private but needs public visibility, and the network that uses no translation is entirely public.]

Then on the left hand side of that NAT line that red dotted line we have there on our graphic is the Internet. That's where our public or Internet addresses are going to be because public IP addresses are routable so they can be on the Internet. These private IP addresses, they are not routable so they have to stay inside of your SOHO network or your home network or whatever the case may be. So let's take a look at some of these implementations of NAT, the first one we need to talk about is Port Address Translation or PAT. Now what this is, is you get one public IP address, this is what you use in your house right now and well I'm pretty safe to say that's what most people use in their homes right now, if you have some type of ISP provider giving you your Internet at your house. You know depending on what region of the world you live in we all had different ISPs, but you will have one public IP address coming in from the Internet so if you looked at our graphic here, we have our Internet Cloud to the right and that red line represents our connection to the ISP for example. We have one public IP address, you can see they are both the same 217.2.2.1, but now we have got something appended there at the end. Like the top one has the 2048 and the bottom one has the 2056, those are actually port addresses or port numbers now that are going to be associated with the port numbers on the inside.

[Heading: Port Address Translation Port Address Translation, or PAT, extends NAT from "1 to 1" to "many to 1" by associating the source port with each flow. A diagram depicts a client and server that are both connecting to the Internet via a NAT router. In this example there is the added process of Port Address Translation, or PAT, to connect to the Internet. NAT translates the source address, or SA, of a device within the network to a public source address. The Server and the Client's Inside Local IP Addresses are: Server 10.1.1.1:1024, and Client 10.1.1.2:1506 – and their Inside Global IP Addresses are: Server 217.2.2.1:2048, and Client 217.2.2.1:2056.]

So we have our NAT router there, that red circle with the four arrows on it, that's what's doing our NAT translation, our port address translation. You can see on the inside though we still have our separate private IP addresses with the ports appended to those as well. So the NAT translation router will actually say, "okay, 10.1.1.2 port 2040 1024 is going to be associated with 217.2.2.1 port 2048. So that traffic is going to go out to the Internet, but once it comes back, it will say, "oh, 2048 that's associated with 10.1.1.2 and it will route it properly on the inside or our network. So we have one public IP address, but we can have many devices on the inside, so this is usually known to as an all to one or many to one. Then we also have a static NAT, we might hear it as a SNAT, which is a one to one translation. The only thing this is really good for is to hide your clients on the inside of your private network because the 10.1.1.2 there is going to map to 217.2.2.2 every time and 10.1.1.1 is going to map to 217.2.2.1 every time.

[Heading: Source or Static NAT NAT translates the source address of a device inside a network to a public source address ("SA" in the figure). The Inside Local IP Addresses for the Server and Client have now changed to: Server 10.1.1.1, and Client 10.1.1.2 – and their Inside Global IP Addresses are: Server 217.2.2.1 and Client  217.2.2.2.]

Only thing this really does is like I said protects our clients on the inside, you are still going to have to purchase as many public IP addresses as you have clients on the inside. So if you have a large enterprise with 5000—10,000 computers this can get extremely expensive. So what they came up with was dynamic NET. So DNET keeps that one to one mappings like SNAT or static NAT, but the mappings can change over time because what actually happens, you know, we don't want to pay for 10,000 IP addresses, we will pay for 5000 and the first 5000 clients that come up, they will get those 5000 IP addresses, go check their e-mail or do whatever they need to do and then they will return that IP address to a pool so 5001 if they need to get on now they can grab an IP address out of that pool and get on to the Internet. This is not really feasible in today's networks because we are constantly online with VPNs, checking the Internet, Facebook, stocks, everything out there. So this is not really feasible, PAT is the probably most popular implementation of NAT that I can think of.

[Heading: Dynamic NAT. DNAT keeps one-to-one mappings – like static NAT – but the mappings can change over time.DNAT is used in larger networks where a pool of public IPs are available.]

Back to top

Port Forwarding

Learning Objective

After completing this topic, you should be able to

1. Using port forwarding in NAT scenarios

All right, so just like we mentioned with the NAT, we don't always have a public IP address coming into our network. It might stop at our router, it might stop at our modem, at our gateway, but that public IP doesn't come all the way inside. So we're using private IP addresses, but what if I wanted to say, host a website inside of my network, or my private network, or a gaming server, or an e-mail server, or whatever the case may be? I would have to set up what's known as port forwarding. Now what Port forwarding does is, it enables a service running on the private network to be Internet accessible, meaning people on the Internet out in the cloud can actually come into my network, and use my services – like a web server, or a gaming server, e-mail server, FTP server. Now those external connections, what they do is, they go to the gateway and the port number of that service. So if I had a public IP address of 216.6.9.20.1, it would come in, hit the port number – so if I have web services say, running on my internal network, it would hit Port 80.

[Heading: Port Forwarding. Port forwarding enables a service running on the private network to be Internet accessible. External connections go to the gateway, and the port number of the service. The gateway forwards those requests to the relevant server.]

Then I would set up port forwarding in my router, and say anything that hits 20.1 Port 80 go to this private IP address, so that I would have a private IP address on my web server somewhere inside of my network like, I don't know, 10.1.1.10. So anything that's destined for Port 80, the router is going to forward that traffic to 10.1.1.10. That web server can handle that request, and then go ahead and give that information out to the client. So the gateway is going to forward those requests to the relevant server – like my web server I just talked about, the 10.1.1.10 – inside of my network. Now a typical application is web server running on Port 80, like we just talked about. But other applications, like FTP servers running on Port 20 and 21, or Secure Shell (the SSH) on Port 22, can also be applications that we can be running out there for port forwarding.

[Heading: Port forwarding Applications. A typical application is a web server running on port 80. Other applications include FTP servers, and Secure Shell (SSH).]

Now many home and those small office home office routers will allow port forwarding to take place. I know in my home network here, I can have web server or a game server inside of my network, and I can set up port forwarding. My son asks me to do that all the time with his Minecraft. I got to, you know, his friends want to come in and play on his Minecraft server, so we have to set up port forwarding, and I have to turn that on so his friends can come to our public IP address, hit that port forwarding on the router, and then it will route it to his computer in his bedroom. So what that means is we can host those Internet services inside of our home, or that SOHO network. Like that e-mail server, or the web server that we want to, you know, have our web services, and we don't want to pay a hosting company to do that. Or – and again – we could have FTP; if you're a road warrior, and you want to store your data back at your home office, you could turn on port forwarding, hit your FTP server on the inside of your network, store all that data off, and you're good to go.

[Heading: SOHO Router Port Forwarding. Many home or SOHO routers allow port forwarding. This means that you can host Internet services from inside the home, or SOHO network.]

Back to top

Frame Relay and ATM

Learning Objective

After completing this topic, you should be able to

1. Understanding Frame Relay protocols

A cost effective and fairly reliable WAN technology is Frame Relay and ATM or Asynchronous Transfer Mode. Businesses like using Frame Relay and ATM for their WANs because it saves on dedicated link cost between branch offices and headquarters. Now in our organization, we might have like a headquarter somewhere in a central location, we might have different branch sites, or may just have a lot of branch sites that we want to get connected, but we don't want to use dedicated links, or VPNs, or anything of that sort. So what WAN technology can we use? Well, Frame Relay is a really good idea to use as it's very cost effective. It is a Layer 2 WAN technology on that Wide Area Network – or you can also look at it as a Layer 2 encapsulation protocol. Now these sites; they're connected in a network of virtual circuits. So again, we don't have any of those dedicated links, or paying for a dedicated line to our branch office. We're going to connect these with virtual circuits. So again, that means no dedicated links, and all these sites are going to connect to a Frame Relay switch. And this Frame Relay switch is going to be out in the cloud. So when we send data to another branch office, it's going to get routed through the cloud, or through that Frame Relay switch, to the appropriate location.

[Heading: Frame Relay. This is an example of Layer 2 WAN Technology. Sites are connected in a network of Virtual Circuits (VCs).]

Now Layer 2 addressing uses what's known as DLCI, or Data Link Connection Identifier. And this is what's actually going to identify how that information is going to get from one end of the connection to the other, through the Frame Relay cloud. Now the good thing with Frame Relay is, we can use different vendor routers, on each end of the connection, pretty easily with Frame Relay, because it's not any vendor proprietary or specific. Also, when we think about Frame Relay, we need to think about packet switching. Now in comparison to Frame Relay, we have something known as ATM – and no, not where you go get money out of the bank, or from a little machine – but this is from…called Asynchronous Transfer Mode. Now again, this is a Layer 2 technology, or a Layer 2 WAN technology. It is a little bit older than Frame Relay. It's not quite as widely used by the smaller companies. The higher end ISPs still use ATM compared to Frame Relay, just because it is a little faster, which you're going to see here in just a second. Now ATM uses a cell size of 53 bytes. It's actually 48 bytes, but we got a little bit of overhead there – about 5 bytes of overhead that we have to accompany for.

[Heading: Frame Relay. Layer 2 addressing is DLCI. Heading: Asynchronous Transfer Mode (ATM). This is an example of Layer 2 WAN Technology.]

So those uses those fixed cell size of those 53 bytes. It also uses TDM in virtual circuits to provide that guaranteed bandwidth. Now that TDM is Time Division Multiplexing, and that's what's going to help us provide that guaranteed bandwidth of those 53 bytes, of that fixed cell size. Now it uses Virtual Path Identifier and Virtual Circuit Identifiers for those addressings. Now those Virtual Circuit Identifiers; what that does, it identifies a frame between two switches, so it can identify what that information is. Now that Virtual Path Identifier, or that VPI, indicates where the cell should be routed. Now when you think of ATM, you need to think of cell switching. Remember, Frame Relay, we're thinking of packet switching. ATM, we need to think of cell switching.

[Heading: Asynchronous Transfer Mode (ATM). It uses fixed cell size, TDM, and Virtual Circuits – to provide guaranteed bandwidth. It uses a Virtual Path Identifier, or Virtual Circuit Identifier (VPI/VCI) for addressing.]

Now here's the typical bandwidth of those two different technologies – WAN technologies – we just got through talking about; Frame Relay and ATM. You can see Frame Relay has a typical bandwidth – network bandwidth of 56K, up to 1.544 megabits per second. Not superfast in today's world or technology, but it's still very reliable. It is cheaper than ATM, and it's on as a as-needed basis. You'll set up an agreement with the ISP, or the Frame Relay provider, and say I want 1.544 megabytes all the time. But sometimes you can actually go over whatever your Service Level Agreement says, if you have a burst of data you need to get through there. So not always a bad idea. And you can see ATM – 155 megabits, all the way up to 622 megabits per second.

[Heading: Typical bandwidth. A table displays on the page, which consists of two columns, and three rows. The first column's  heading is WAN Communication Type. In the two  rows below this – are connection types Frame Relay. and ATM. The second column's heading is Typical Network Bandwidth. The first row contains 56 kbps – 1.544 Mbps, and the second contains 155 Mbps – 622 Mbps.]

Back to top

Leased Lines

Learning Objective

After completing this topic, you should be able to

1. Exploring digital transmission systems

So we have that dedicated link, we have some leased lines, what can we do with that? Well, leased lines are good when we want to be the ones that use all that bandwidth; when we want to be the ones that have control over that; when we don't want anybody else out there on the Internet, or outside of our network, on our medium – we want that dedicated only our link between our two branch offices, or let's say our branch and our headquarters. So what is a dedicated circuit between two different locations that we might have in our organization? Now the bandwidth is available. All of it's available between those two points, meaning nobody else is on that link. That's just ours. That belongs to our enterprise. That belongs to our company or organization. Nobody outside of our network is going to be able to get on that. Now it has some Layer 2 protocols that include HDLC, or High Level Datalink Control, and PPP. Now HDLC is Cisco proprietary, meaning we have to have Cisco equipment on each end in order for that Layer 2 protocols to work properly. We can't have HDLC on one side, and PPP on the other. It just won't work – they're not talking the same language.

[Heading: Leased Lines. These are dedicated circuits between two locations. Bandwidth is all available between those points. Layer 2 protocols include HDLC and Point-to-Point Protocol, or PPP.]

Now PPP, on the other hand, is an open source, so we can use whatever routers we want to. We could still have our Cisco routers and use PPP, if we wanted to. Or we could have a Cisco router on one end, and a Juniper router on the other, and use PPP, and those two routers will talk just fine. So no problem there because – again – it's open source. PPP standing for Point-to-Point Protocol. Now those leased lines we can have, we can have something known as a T1 or an E1. Now these are digital circuits that use multiplexing. And multiplexing is taking those digital data streams, and combining it into one signal over the shared medium or, in this case, these dedicated or these leased lines, known as a T1 or E1, in this case. Now a T1 contains 24 of these 64 kilobit per second channels, which is going to give us a total of around 1.544 megabits, which is decent speed, but it's not fast by any means this day and age, with the technology that we have. We also have an E1 that contains 32 64 kilobit per second channels, which equals about 2.048 megabits per second. A little bit faster, but still, we're not reaching the high end at what we can do with our WAN technology nowadays.

[Heading: T1 or E1. T1s or E1s are digital circuits that use multiplexing.T1 contains 24 64 Kbps channels – which is equal to 1.544 Mbps. E1 contains 32 64 Kbps channels – which is equal to 2.048 Mbps.]

Now a T1 is mostly used in North America and Japan, where an E1 is going to be used elsewhere. I've always heard E1 as Europe 1, usually where they use the metric system, where the metric system is more widely used, because we don't use it as commonly in North America. But E1 is where you would probably see the metric system used more prevalent than in North America. Now we have something also knows as a T3, or an E3. Now a T3 is 28 of those T1 connections that we just talked about, or 44.7 megabits per second. You might also hear this known as a 45 megabit pipe – that's kind of some common terminology out there in the field or in the shops – instead of just saying I've got 44.7 megabits, they say I got a 45 megabit pipe, which everybody understands that that's a T3 line. You can also have an E3 line, which is 16 of those E1s, which is a little bit slower than the T3 because this is 34.4 megabits per second.

[Heading: T1 or E1. T1 is mostly used in North American and Japan, while E1 is used elsewhere in the world. Heading: T3 / E3. T3 = 28 x T1 = 44.7 Mbps E3 = 16 x E1s = 34.4 Mbps]

And then we get to the really fast guys. We have something known as Optical Carriers, or OC levels. Now these are in SONET optical networks. Now the standard transmission rates are given as multiples of an OC-1. So you can see from the chart there, on the right hand side, everything starts as an OC-1, and then that's 51.84 megabits, so that's some pretty decent speed. And then we go to OC-3, which is three times an OC-1, so we've got 155. Then we have an OC-12, which is 12 times an OC-1, so you got 622. And you can get some serious speeds out of these optical carrier links, you know, OC-48, OC-192, we're talking 10 gigabits per second. That's Internet backbone speeds that we're talking about here. So some serious speeds with these optical carrier links, compared to the T3s and, obviously, the T1 links that we just talked about.

[Heading: OCx. Optical Carrier (OC) Levels in SONET optical networks. Standard transmission rates given as a multiple of OC-1. A table containing two columns and eight rows displays. The column headings are Optical Carrier Level, and Bandwidth. An OC level of OC-1 uses a bandwidth of 51.84 Mbps, OC-3 uses 155.52 Mbps, OC-12 uses 622.08 Mbps, OC-24 uses 1.244 Gbps, OC-48 uses 2.488 Gbps, OC-192 uses 9.953 Gbps, OC-256 uses 13.271 Gbps, and OC-768 uses a bandwidth of 39.812 Gbps.]

Back to top

Fiber WAN Technologies

Learning Objective

After completing this topic, you should be able to

1. Exploring fiber WAN protocols

Now SONET network is another network that you need to be familiar with, with the exam objectives for this network plus. Now SONET – standing for Synchronous Optical Network – is a high speed WAN technology, which uses those fiber optics for transport – meaning you might have a SONET Ring, as you can see from the graphic here, that connects different sites. Now these different sites can be wherever. They can be your branch offices, they can be different headquarters, they can be different divisions that you have. But you can have this in a Synchronous Optical Network, or the SONET, which is extremely high speeds. Now SONET is a Layer 1 technology, and it could be a Layer 2 technology using Ethernet, or that Asynchronous Transfer Mode, or the ATM. Now what makes the SONET so fast is that the bandwidth is – at any of those optical carrier links or those OC levels – usually around a 155 megabits per second up to 10 gigabits per second; and that is some serious bandwidth. I mean, we're really moving a lot of traffic here.

[Heading: SONET. A Synchronous Optical Network (SONET) is a high-speed WAN technology which uses fiber optics for transport. SONET is a layer 1 technology – Layer 2 could be Ethernet or ATM. Bandwidth is any OC level but usually 155 Mbps – 10Gbps. A diagram depicts an example SONET Ring. The network consists of Sites A, B, C, and D that are interconnected with fiber optics.]

Now those 10 gigabits that probably, I guess I could safely say that, probably not going to be in any type of enterprise that we may be involved with; we're talking ISP levels here, we're talking large, large corporations, you might see this commonly in a Metropolitan Area Network. However, SONETs can be point to point, but they're usually in some type of Ring technology. Ring technologies are very expensive, they are very fast, they're not prone to any type of routing loops, or networking type loops because of the Ring technology that's built in for the SONET. They're usually in dual rings as well, so they have some built in redundancy, some built in fault tolerance. And – like I said – they're common in those Metropolitan Area Networks, or those MANs, where they can set that up around a city. I know the city I used to live in was a smaller city, I think it has about 80,000 people in it, but they built a Metropolitan Area Network that went around city so, you know, citizens there could connect to the Metropolitan Area Network, and get on the Internet that way. It was kind of like an ISP for the city that they were providing. But they built this on a 10 gigabit ring and it was very, very nice, and it was very stable. All the citizens really enjoyed it. They really liked it, because it was another technology that they had available to them to get on the Internet, and get that access.

[Heading: SONET. SONET can be point-to-point, but is usually in a ring topology. SONET is a Common Metropolitan Area network (MAN) technology.]

Now we need to be familiar with Dense Wavelength Division Multiplexing, or DWDM. Now this also uses fiber for extremely fast transport, because DWDM supports multiplexing up to 32 signals per fiber. Now that Dense Wavelength Division Multiplexing; what that is, is a technology that puts data, puts it together from different sources, together on that fiber – or that optical fiber link that we might have. Each signal is going to be carried at the same time on its own separate light wavelength. That's how we can get so many signals per fiber. You might think "well, we can only put one line down a piece of fiber, or one signal". Actually, we can go up to 32 separate wavelength signals per fiber, using this Dense Wavelength Division Multiplexing.

[Heading: DWDM. Dense wavelength division multiplexing (DWDM) also uses fiber for fast transport. DWDM supports multiplexing of up to 32 signals per fiber.]

And then we also have CWDM, which is Coarse Wavelength Division Multiplexing, and this multiplexes up to 8 channels. Now we use CWDM in shorter runs. It is a little cheaper, and the equipment is a little more compact than compared to the DWDM – that Dense Wavelength Division Multiplexing. That's why we're going to use this in shorter runs. And because it is a little cheaper, we could use these between say, shorter runs between buildings, instead of using that Dense Wavelength Division Multiplexing, because we might not have to move as much data between those two buildings. And those are, typically, going to be shorter runs say, if we're on a campus of a university or whatever, we could use this CWDM compared to the Dense Wavelength Division Multiplexing, or the DWDM.

[Heading: CWDM. Coarse wavelength division multiplexing systems can multiplex up to 8 channels. CWDM is used in shorter runs, but is cheaper and the equipment more compact.]

Back to top

Consumer and SOHO WAN Technologies

Learning Objective

After completing this topic, you should be able to

1. Exploring SOHO WAN protocols

So do you remember back in the day when we had the little guy that would scream at us, and try to run across the screen, and your computer just made that awful screeching noise? Alright, that was that dial-up connection that we used to have. Now historically, dial-up was the main way to access the Internet from our small office/home office, or from our homes, our houses. Right, we always had that one little box – you either had an external modem that sit on top of your computer, had lots of little lights on it, looked really technical, but it's really not that technical. Or you had an internal modem, or you had one of those modular modems where you snapped it into your computer, right, and it dialed out, went out – as you can see from the graphic here – to that Demarc point. Then it went out to the local loop, and eventually got to that PSTN – that Public Switched Telephone Network – and then they routed wherever that information was going, and got you your Internet connection back, and that information came back across through your phone line. Now we couldn't be on the phone at the same time as you were on the computer, and call waiting wouldn't work right, and dial-up was just a real headache. But it was really cool, because it gave us a way to get on the Internet. It's what got everything that's going on today, got it started.

[Heading: Dial-up. Historically, dial-up was the main way to access the Internet from SOHO or residential networks. Modems run up to 56 Kbps and make an analog call per connection. A diagram displays, consisting of a Residence or house, which has a phone, a wireless router, and a PC that are all interconnected to resemble a home network. The home network, in turn, is connected to a Demarc device within a local loop that is connected to the Public Switched Telephone Network (PSTN) and Central Office (CO).]

Now those modems, they can run up to 56 Kbps, and make an analog call per connection. So again, you have to dial out to that Public Switched Telephone Network to actually get on the Internet. So we had to actually make that call, and then whenever I was on the road, you had to make sure that you had a local number, because if you kept your own number in there and you called it, then you had long distance charges. And if you forgot to change the number, that was so expensive, because it was an actual analog call. Then things got a little bit better. We got what was known as an ISDN, the Integrated Services Digital Network. It actually predates the Internet on its usage, but not necessarily for home users or those small office/home offices. Now there's a couple of channels that are associated with ISDN that we need to be familiar with. And that's the B channel, or the Bravo channel, and the D channel. So those multiple barrel…bearer channels, excuse me, are those B channels. They provide data at 64 Kbps. Now a single dedicated channel, or that D channel, as it's used for the signaling inside that ISDN link, or that Integrated Services Digital Network link.

[Heading: ISDN. Integrated Services Digital Network (ISDN) predates the Internet. Multiple Bearer channels (B channels) provide data at 64 Kbps. A single Dedicated channel (D channel) is used for signaling. T1 and E1 connections can be created by using multiple B channels.]

Now we can also have T1 and E1 connections. Can be created by using these multiple B channels. Remember, those T1 connections are multiple 64 Kb connections, just as like the E1s are. So we can use these 64 Kb connections, these ISDNs, multiple of these B channels to create those T1s and E1 links. Now for the home user, it got a little bit better after dial-up. We had what was known as DSL, or that Digital Subscriber Line. And it has a couple of different variants that you need to be familiar with. Now the home broadband connections are typically ADSL – that's one of the variants – with download speeds up to 24 Mbps for that ADSL2+. Now ADSL is Asymmetric Digital Subscriber Line. Then we have SDSL, which is a little bit slower, but the download and upload speeds are going to be equal. Now SDSL – that's Symmetric Digital Subscriber Line. And then we have VDSL. That's capable of supporting connections up to a 100 Mb, and now we're talking some serious speeds for our small office/home office or residential, you know, establish our homes, I should say.

[Heading: DSL. Digital Subscriber Line (DSL) has several variants Home broadband connections are typically ADSL with download speeds up to 24 Mbps for ADSL2+. SDSL is much slower, but download and upload speeds are equal. VDSL is capable of supporting connections up to 100 Mbps.]

Now VDSL is very high bit rate, digital subscriber line. So if you see anything on the exam asking about ADSL, SDSL, VDSL, something to that effect – which one is the fastest, well that's going to be our VDSL, because that's very high bit rate digital subscriber line. You might also see it as VHDSL. And then, lastly, we have Cable Broadband. Now cable is a broadband connection type delivered over the same wire as your cable TV, or could be your cable TV. I can't assume everybody has got cable TV, because of all the satellite providers that we have nowadays, but it's the same wire that collects cable that's built in, pretty much, in the new homes nowadays. Or you could have it right into your home.

[Heading: DSL. Integrated Services Digital Network (ISDN) predates the Internet. Multiple Bearer channels (B channels) provide data at 64 Kbps. A single Dedicated channel (D channel) is used for signaling. T1 and E1 connections can be created by using multiple B channels.]

Now the bandwidth can run up to 400 Mb in some countries, and in some are faster, some are slower, it just depends on your country. It depends on the age of the wire that may already be in place, the infrastructure that is already out there, so it varies. But the cable broadband comes into your home, and that's going to go to a cable modem. And then it's going to get distributed out usually, you know, the modems they have nowadays have routers built into them. It can be wireless, or you could connect your own wireless router, or you could connect straight up to that modem, and get that signal into your small office/home office or your home. Now those connection standards, they're specified in Data Over Cable Service Interface Specifications, or that DOCSIS standards. So these guys are going to take care of those connection standards for our cable broadband.

[Heading: Cable Broadband. Integrated Services Digital Network (ISDN) predates the Internet. Multiple Bearer channels (B channels) provide data at 64 Kbps. A single Dedicated channel (D channel) is used for signaling. T1 and E1 connections can be created by using multiple B channels.]

Back to top

Wireless WAN

Learning Objective

After completing this topic, you should be able to

1. Describing wireless WAN technologies

What if we live in a rural area, you know, out there in the country, way out from the city, and we can't get that broadband connection? We can't get that dedicated link or DSL connection? And we really don't want to use dial-up, because, well, dial-up is, well it's slow. You know, it's just painful to download anything. We want something a little bit faster. What can we use? Well we can use satellite communications now, for our small office/home office, or for our homes. It's not necessarily dedicated to enterprises anymore, or Fortune 500 companies, or those bigger organizations right, or the United States government, or anything like that. We have now providers that have satellite communications. So satellites can be used for that WAN or Internet connectivity, where those other technologies just aren't available. You know, we can't run broadband out to the country, it's just not available right now. It's not cost effective for those ISPs to run cabling out there for one customer, because they're going to spend more on the infrastructure than they're ever going to get a return on their investment.

[Heading: Satellite. Satellite can be used for WAN / Internet connectivity where other technologies are not available. Given the distances involved, delays can be an issue. For example, a satellite can be as far as 22,300 miles above the equator.]

Now given those distances involved with satellite communications, delays can be an issue, because we're talking about a piece of equipment that's 20 something thousand miles up in space, you know. That's a long distance for data to travel – and it's got to go up, and it's got to come all the way back. So it's making a round trip, and we're about 40,000 miles – depending on where the satellite is – and which kind of satellite you're connecting to, and so on, and so forth. But it's a lot further away than a dial-up connection, or a broadband connection. So that satellite communication; good for where technologies are not available, such as way out in the country, but delay can be an issue. So it's not great for say, video conferencing, Voice Over IP, things like that. General surfing, paying your bills online, not too bad.

Another option we can have is cellular. Now these technologies were originally designed for cellular phones, but can be used for Internet connectivity. You see those WiFi hotspots all the time you can get from different, you know, providers. You can get those hotspots – they go out for cellular phones, but now you can connect them to your laptops, or your tablets, or whatever you need to get connectivity for. And it uses the cellular wavelengths – the cellular technology – to actually get you online, just like your cell phone does when you're, you know, you're surfing on your smartphone or your tablet. Your laptop can do the same exact thing. Now GSM was the original standard, which was later expanded to include GPRS and EDGE technologies. Now that GSM is the Global System for Mobile communications – that's what that stands for. GPRS is the General Packet Radio Service, and that's a packet switching technology that enables data transfers actually through the cellular networks. And then we have the EDGE, which is the Enhanced Date Rates for that GSM evolution. That's what those acronyms stand for. You probably want to be familiar with those.

[Heading: Cellular. Technologies originally designed for cellular phones can be used for connectivity. GSM was the original standard later expanded to include GPRS and EDGE.]

Then we have the third generation, or 3G, that got really popular a few years back. That provides up to 337 Megabits with HSPA, which is the High Speed Packet Access. And then now we have the fourth generation, or that 4G, you know. We have those technologies like the LTE, the long-term evolution, and now those are available as well, and they're extremely fast. My phone has LTE, and it's almost as fast as my broadband connection that I have in my actual house. And then we have WiMAX. Now WiMAX is the worldwide interoperability for microwave access. Yes, it is a mouthful. So we just say WiMAX. That's the standard for providing radio-based broadband Internet. Now it can be fixed or mobile in any given area.

[Heading: Cellular. Third generation (or 3G) provides up to 337Mbps with HSPA+. Fourth generation (4G) technologies such as LTE are also now available.]

Now WiMAX has the potential to do what our broadband Internet access…it has the potential to do to the broadband Internet access, kind of like, what cell phones did to our standard phones in our homes. I know I've not had a phone in my house, a dedicated line, a plug up, actually have to pick it up, push button phone in my house for years because, well, I have cell phone, my wife has cell phone, we all have cell phones. And that's what we use now. We don't have that. They think WiMAX is going to have that potential to do that to the broadband Internet access, that the cable that's coming into your wire. Now I can't say that's going to happen, but the potential is there, right? You can get Internet access just about anywhere you go with WiMAX, because it's radio-based. It's going to be through the air, it's kind of like just wireless everywhere, if you will. But it does have the potential to affect that broadband Internet access, that cable coming into your house, just like cell phones did to the regular phones that we used to have in our homes.

[Heading: WiMAX. Worldwide Interoperability for Microwave Access (WiMAX) is a standard for providing radio based broadband Internet. It can be fixed or mobile in a given area.]

Back to top

WAN Switching

Learning Objective

After completing this topic, you should be able to

1. Exploring WAN switching technologies

Now with our WAN technologies, we have different types of networks that we need to be familiar with for this exam. First one being the Circuit Switched Networks. You need to think of them like on demand connections, like a phone call, right. That phone's not always connected. You have to pick it up, create the connection – that virtual connection – and then you can pass data, or talk to the other end. It's on demand. You just don't pick up the phone and the other end's there, automatically. On normal phones, like what we use today, you pick up the phone, you dial, you create that connection. Now when two stations communicate, a circuit is going to be created between them, that virtual circuit, like I said. Then when the communication is terminated, that connection is removed. That's not always there. That's why they could call it a virtual circuit, because well, it's there one minute and then it's gone. The circuit is not always up. Now in comparison to the Circuit Switched Networks, we have Packed Switched Networks.

[Heading: Circuit Switched Networks. Circuit switched networks use an on-demand connection like a phone call. When two stations communicate, a circuit is created between them. When the communication is terminated the connection is removed.]

Now there's no dedicated circuits created for these Packet Switched Networks. Stations are networking in a mesh. Now what that means is that we have everybody, kind of, interconnected. So it looks like a mesh of wires. So that information flows through the mesh, and it bounces off different stations, or different networking devices, to get to where it needs to go. So that message gets broken into small data packets that seek out the most efficient route – as different circuits, or stations, or devices become available. So in a Packet Switched Network, each packet may actually go a different route. Now how does it know where to go? Well, it's going to look in the header. The header address is going to tell these stations, or these devices, where to go, and describe the sequence, so it can be reassembled on the other end. So that data is split into packets and routed, based on the destination IP address, on where it's supposed to be going. And again, that information is in the header of that data packet.

[Heading: Packet Switched Networks. No dedicated circuits are created. Stations are networking in a mesh. Data is split into packets and routed based on destination.]

Then we have PPP, or Point-to-Point Protocol. Now this is a Layer 2 protocol used in point-to-point connections. And you can see the graphic there; we have two routers – that's what the blue circles with the arrows represent there – and those are point to point connections. Now this uses a Link Control Protocol to transport the upper layers. So LCP, you'll need to be familiar with that. LCP also provides a number of other things, like loop detection, so it can help with our routing loops. That way, the information is going to get there. If it detects a routing loop, it will close off that connection, so we don't have that looping in our routes. It can also help with error detection. You can have built in authentication into PPP, as well. And then you can also have aggregation of Virtual Multilink Interfaces. So you can combine those interfaces together. You can aggregate them. That's what aggregation means, it brings those connections together.

[Heading: PPP. PPP is a layer 2 protocol used in point-to-point connections. It uses Link Control Protocol (LCP) to transport upper layer protocols. LCP also provides loop detection, error detection, authentication, and aggregation using a Virtual Multilink Interface.]

And then a newer technology that's come, well, it hasn't come out here lately, but it's been out for a while, but it's going to…this is the next greatest thing, I think, that's coming out is MPLS, or Multiprotocol Label Switching. This is going to enable more efficient routing that's based on labels. It's faster than traditional Packet Switching or Cell Switching, because it has that label on there. It can look at that label and header faster, and route that traffic. It can switch it over faster, and get to the destination a little bit quicker. MPLS also allows for simpler QoS, which is that Quality of Service, and VPN implementation, and can route traffic from different protocols. So MPLS tags out the top, but it can have different protocols below it, like Novell protocols, or you know, IPX/SPX for example, or AppleTalk protocols. It can route that information for us, and it doesn't necessarily have to be just TCP, UDP, or IP type traffic.

[Heading: MPLS. Multiprotocol Label Switching (MPLS) enables more efficient routing based on labels. MPLS allows for simpler QoS and VPN implementation and can route traffic from different protocols. A diagram depicts two sites, Site A and Site B, that are interconnected using MPLS. In this example, various LSR and ELSR routers are interconnected to form the service provider's MPLS cloud. Each site has a CPE router that is facing outward.]

And then finally, we have our Metro Ethernet. This is a Metropolitan Area Network, or a MAN, based on a Ethernet layer, which is a Layer 2 protocol. It's a little bit cheaper than SONET, due to the ubiquity of the Ethernet. Ethernet is very widely available, a lot of people work with it, you probably have it in your home. I know I have it in my house, I have Ethernet cables all over the place. So it's very widely available. It also interfaces very easily with customer networks, because like I said, everybody is very familiar with Ethernet, as far as the way it behaves. They're also very familiar with the Layer 1 of Ethernet, with our, you know…they're so familiar with it, they call it Ethernet cables, but it's actually, you know that UDP…excuse me, not UDP protocol, but that unshielded twisted pair, or the UTP and the shielded twisted pair, or the STP cabling with the RJ45 connectors on the end. That's what everybody is used to. They usually just call that Ethernet cable. So it interfaces very well with the customer networks, this Metro Ethernet. And one thing you need to keep in mind here, it is cheaper than the SONET, but not quite as fast.

[Heading: Metro Ethernet. A metropolitan area network (MAN) based on Ethernet layer 2 protocol. Cheaper than SONET/SDH due to the ubiquity of Ethernet. Also interfaces easily with customer networks.]

Back to top

Copper Network Connectors

Learning Objective

After completing this topic, you should be able to

1. Copper network cable connectors

The types of connections and wiring that we have used for years utilize copper as the conductor. Some of the most common cable types today like Cat 5 or Cat 6 use copper connectors for passing out electronic traffic between networks and those devices. We know working with cabling, we're going to have to have some type of connector or connection at the end of that cable. If we're trying to plug it into a jack or we're trying to plug it into a patch panel, somewhere on a com closet or connect it to a device, a printer, a computer, a laptop, whatever the case may be. We know we're going to have some type of connector, or registered jack connection on our shielded twisted pair or unshielded twisted pair. Now the earlier ones was an RJ11. Now this is that standard telephone connector that you're probably very familiar with. We also use this for broadband using our DSL, that digital subscriber line. So that signal actually comes in over the cable and then we have that connector on the end. And it's important to have that connector, because you just can't have frayed wires hanging about there. So we have to have that connector that brings that in, and allows us to actually connect it to a device, in this case a modem, or a computer, or something that can use that signal that's coming through the wire.

[Heading: Registered Jack Connectors. RJ11 is a standard telephone connector, also used for home broadband over DSL. RJ45 is the connector for Ethernet over twisted pair cabling. RJ48 is used for T1 and ISDN connections over twisted pair cabling.]

Then we kind of graduated up a little bit, I guess you could say, because now we have RJ45. This is the connecter for Ethernet over a twisted pair cabling. So you can see the graphic there on the right. We have an RJ11 at the top. We have four different cables coming through there. And on that RJ45, we actually have eight cables coming through there, or four pairs of cabling coming through that wire. It allows us to get a little bit faster speeds, carry a little bit more data. Then we also have an RJ48. Now this is used for our T1s and our ISDN connections over again the twisted pair cabling. Then we also have some D-subminiature connectors. Now a DB-9 or a DE-9, these are typically used for those RS232 serial connections. Now you probably never heard it as RS232, that's in the standard from IEEE, we just call those serial connections. We also use these in our token ring networks. Now you probably see these connected to like older mice. I don't know how long you've been around in IT, but the older mice had these type of serial connections. I've seen these type of serial connections here lately on connections between say PCs, work stations or servers and like a UPS. So that way the server can actually monitor the UPS.

[Heading: Coaxial Connectors. BNC is a type of bayonet connector used in the original coaxial Ethernet networks – "Thin Ethernet". F-connectors are sometimes used on cable broadband equipment, as well as over the air and cable TV signals.]

We also have a DB25. Now this is similarly used for serial ports, but was also the main parallel printer port on PCs. This one was a little fatter. If you look at the graphic there on the right, that's the DB-9. The DB-25 was actually probably, I am going to say about three times wider than that, a few more ports, and it was traditionally, like we said used for printer-type connections. We also have some coax connectors. Now BNC coax connector that is a type of bayonet connector, which you push in and give it a quarter turn there. This was used in the original Ethernet networks where you might have heard Thinnet or Thin Ethernet. The cabling is actually what we use now in our cable TVs in our homes, its grand, that's actually what the Thinnet was a lot like. We also have F-connectors and they're sometimes used on this broadband, cable broadband equipment, as well as using like I said over the air and cable TV signals.

[Heading: D-subminiature connectors. DB-9 or DE-9 is typically used for RS232 serial connections. It was also used in token ring networks. DB-25 is similarly be used for serial ports, but was also the main parallel printer port on PCs. DB-9 or DE-9 is typically used for RS232 serial connections. It was also used in token ring networks.]

And then we have our couplers. Now BNC couplers, they are used to extend those Ethernet cable runs, and the T-pieces connect cables to different workstations. We know we can only run cable so far, so you might have to couple the BNC connectors together, or maybe we've made a couple short wires. And we need to extend it out just a little bit more, so we can put one of these couplers in there between our BNC cables and couple those up, and now we extend it out our range of that piece of wire there. We also have UTP couplers. Now they have two RJ45 sockets and they actually join those together. So you'll have two female ends in there and you'll connect those RJ45s in between. Again, maybe you have two 20-foot cables that you've made previously for our earlier project, and now you need to at least 30 feet. So we can use this coupler to couple those together instead of making a whole another cable.

[Heading: Couplers. BNC Couplers are used to extend thin Ethernet cable runs and T-pieces connect cable to workstations. UTP couplers have 2 RJ45 sockets to join two twisted pair cables. Heading: Punchdown Blocks A 66 block connects wires in a telephony system for structured cabling. 110 blocks have largely replaced 66 blocks, and typically support faster cabling (Cat 5 and up).]

Back to top

Copper Network Cables

Learning Objective

After completing this topic, you should be able to

1. Using copper network cables

Now in the network world, there's plenty of cabling that's available to us. The one that we need to be most familiar with, and the one that's most prevalent out there anymore were, you can get it an any department store or you can get it at some hardware stores now, it is Twisted Pair Cabling. Now the ISO/IEC 11801 standard defines performance categories for our twisted pair network cables. Now ISO is the International Organization for Standardization, and the IEC is the International Electrotechnical Commission. Those are some guys that sit around and think up all the standards and these guidelines, that we need to follow for networking and for electricity, our electricians out there and they define all these standards, but they came up with this 11801 standard for our twisted pair network cables. One being Category 3, or you might hear it referred to as Cat 3. That was widely used for our older networks, our 10 Mbit Ethernet networks, a 10Base T, and we also used it for telephone wiring inside of our buildings.

[Heading: Twisted Pair Cabling. The ISO/IEC 11801 standard defines performance categories of twisted pair network cables. Category 3 (Cat 3) was widely used for 10 Mbit Ethernet (10Base T) and telephone wiring.]

Then we got a little bit better and we came up with Category 5 or Cat 5. Now that's used in a 100Mbit Ethernet. And then we had Cat 5e that could actually support 1Gbit Ethernet. So now, we are getting just faster and faster. So with Cat 3 10 Mbit, we get ten times faster than that, and then we got ten times faster than that with Category 5e. And that e, by the way, stands for enhanced. Now we got Cat 6 or Category 6 that can run 10Gbit Ethernet at a reduced length. You got to cut that down a little bit, we know that Ethernet can only be ran about 300 feet, 325 feet, somewhere around there or a 100 meters. So it can do 10Gbit, but you got to cut that down a little bit. Then Cat 6a that can run 10Gbit at the full 100 meters. So now we are pushing some serious bandwidth through these copper cables, through these twisted pair network cables. So specifically what kind of cables do we need to talk about? Well, we need to be familiar with STP and UTP. So this twisted pair cabling is made of insulated copper wires, that have been twisted around each other to form these wire pairs.

[Heading: Twisted Pair Cabling. Cat 5 is used in 100Mbit Ethernet and Cat 5e in 1Gbit Ethernet. Cat 6 can run 10Gbit Ethernet at reduced length, and Cat 6a can run 10Gbit at 100 meters. Heading: STP and UTP. Twisted pair cabling is made of insulated copper wires that have been twisted around each other to form wire pairs. Twisted pair cabling is divided into two categories: Unshielded Twisted Pair (UTP) and Shielded Twisted Pair (STP). The shielded twisted pair cable is used where there is significant EMI and the cable has grounding capabilities.]

So if you look at the graphic on the far right-hand side there, the top one being UTP, that's Unshielded Twisted Pair and then STP is the Shielded Twisted Pair down there at the bottom. But they both have the cables, the copper wires that had been twisted around each other. We've got four pairs or eight cables, all together eight wires I should say, inside of that sheath that's wrapped around those little copper wires. And you can see how they're twisted around each other, and that's to help with the EMI, the Electromagnetic Interference, in any crosstalk. And, the tighter that twist is, the better it's going to be. Now like I said, we've had this divided up into two categories. We have UTP (Unshielded Twisted Pair), you need to be familiar with that, and STP (Shielded Twisted Pair). Now the Shielded Twisted Pair cable is used where there is a lot more EMI, maybe you are going to run it over, around some fluorescent lighting or whatever the case may be. And you can also use STP, has grounding capabilities with it as well, because if you look at the graphic there, the black wire at the bottom the STP, you can actually see a little silver sheath coming out that the UTP does not have. That is the shielding that goes around that wires. Now STP is more expensive than UTP. UTP you can get just about anywhere, it's a little easier to work with, because it doesn't have that shielding. Like I said, it's a little cheaper, because it doesn't have that shielding as well.

So what happens if we need to run that cabling through, I don't know, the ceilings or if there are some riser walls to get to that another floor. Well, that's where plenum cables are going to come in. So we have plenum cable and we have non-plenum cable. If you go to the store and you buy some cable, that's probably going to be non-plenum cable, because you can get 5e or 6, well 3, 5, 5e, 6 can come in plenum or non-plenum coatings. Now why do we need them? Well, building codes, well first off, we need to check the building codes to see what type of coding should be used. Now plenum is rated for open air, ceiling, or floor for fire purposes, because that PVC, what it can do is emits toxic fumes if it were to catch on fire. So you have to put special cable in these open air areas like drop ceilings, the risers between floors because if they were to catch fire, the fumes can actually disseminate throughout the whole building and cause a lot more issues. So we have to use plenum rated cabling, so it doesn't catch it. It has a higher burn threshold and it doesn't emit these toxic fumes, which would cause problems throughout the rest of the building.

[Heading: Plenum. You have a choice between plenum versus Non-Plenum Cable. Category 3,5,5e and 6 cable can come in plenum or non plenum coatings. Building codes need to be check to see which type of coating should be used. Plenum is rated for an open air ceiling or floor for the fire purposes. PVC or ploy vinyl chloride emits toxic fumes if it were to catch on fire.]

Now we also have crossover and rollover cables. Now standard UTP cables or that unshielded twisted pair cables are wired pin 1 to 1, 2 to 2, 3 to 3, 4 to 4 and we said we have eight different pairs in there, but we also need to know about a crossover cable. Now crossover cables have pins 2 and 3 crossed, so that send goes to receive, so the 2 who are on one end will be 3 on the other, and 3 on one end will be 2 on the other. So those are crossover cables. We use those between like devices. We also have rollover cables and these are used for Cisco device console port, so we can actually get in and talk to a router and configure that router or configure a switch. And then finally, we have coax cables. Now they are rarely used in networking anymore as far as inside the building, but you might use coax cables to get information to your building. Now RG-58 was widely used in thin Ethernet, and you need to know that has an impedance of 50 or 52 ohms, and then RG-59 has an impedance of 70 ohms. Where RG-6, which we now use in our cable television, has an impedance of 75 ohms.

[Heading: Crossover and Rollover Cables. Standard UTP cables are wired pin 1 to 1, pin 2 to 2 etc. Crossover cables have pins 2 and 3 crossed, so that send goes to receive. Rollover cables are used for Cisco device console ports. A diagram depicts the ordering of wires in a rollover cable. On one end, the wire one through eight are: striped blue, solid blue, solid green, solid brown, striped brown, striped green, solid orange, and striped orange. On the crossed end the colors one through eight are reversed as follows: striped orange, solid orange, striped green, striped brown, solid brown, solid green, solid blue, and striped blue. Pin one on one end becomes pin eight on the other. Pin two becomes pin seven, etc. Heading: Coaxial Cables. Coaxial cables are rarely used in networking anymore. RG-58 was widely used in thin Ethernet and has an impedance of 50 or 52 ohms. RG-59 has an impedance of 70 ohms. RG-6 is used in cable television and has an impedance of 75 ohms.]

Back to top

Fiber Network Connectors

Learning Objective

After completing this topic, you should be able to

1. Fiber network cable connector types

When we're working with fiber, we're going to have to have some type of connector on the end of that piece of glass, or piece of plastic that's coming through. It's not like, you know these unshielded twisted pair where we can pull back the sheath, take the twisted pair if we had to, if we didn't have any connectors and actually twist those wires together, because there is electrical signals flowing through there. Well, with our fiber, we know we are using some type of light or laser. We can't just point it out there and hope that it works. We're going to have to have some type of connector. So those fiber connectors are required at all termination points of our fiber cabling, regardless if we are using multimode fiber or single mode. Now there are over 100 connector types, and each has a couple of different characteristic values that we need to be familiar with. The first one being the return loss or the reflection. Now that's the loss of power in the signal, that's going to be returned back in that fiber optic cable. The other one you need to be familiar with is attenuation or insertion loss. Now that's the loss of power in the signal that actually makes it to the other end.

[Heading: Fiber Connectors. Fiber connectors are required at all termination points of fiber cabling. There are over 100 connector types and each has two characteristic values: return loss or reflection, and attenuation or insertion loss.]

Some different connectors that we need to go over is, there is a handful here, but ST being the first one or Straight Tip connectors. Now these have that bayonet fitting where you push it in and give it that little quarter turn. These are typically used for single-mode connections. They are not very difficult to work with. You just have to be careful, because well, it does have a little bit of a tip sticking out there, and if you get a little bit too rough with it you can break that off. We also have FC or Fiber Channel connectors. Now these actually have a screw fitting. A little more difficult to work with, and because of that they are actually becoming a little less common out there in the field. Then we have the LC and SC. Now the LC or Lucent Connector, and the SC, the Subscriber Connector, they actually snap in. These always made me nervous when I was working with them, because when you are working with fiber, you don't want to hear anything snap. And the first time I pushed it in real good there, and it snapped over, because it has a square-looking sleeve that slides back and forth, just a little bit over the end there. So you're pushing your fiber into the connector, and then you snap that sleeve over to hold it in place and it just made me nervous. And taking it off makes you nervous too, because if you don't take it straight off you might break that off.

[Heading: ST and FC connectors. ST or Straight Tip connectors have a bayonet fitting and are typically used for single mode connections. FC or Fiber Channel connectors have a screw fitting and are becoming less common. Heading: LC and SC. LC or Lucent Connector, and SC or Subscriber Connector. Both snap in.]

Now LC connectors are little more compact than the SC, and that should give us a higher-density type connection, where we could actually get more fiber in there. And then now, we've graduated to a newer technology, an MT-RJ or Mechanical Transfer Registered Jack. Now this is a small form factor connector and actually two fibers are terminated in one connector. Now these are cheaper and smaller than the SC connectors and in my opinion, I think this is going to make fiber to the desktop more of a reality in businesses. Some businesses have it and that should be the ultimate goal. We want to get as fast as possible instead of just using fiber to connect buildings or connect runs. We want to get fiber all the way to the desktop. We can get 10 gig speeds, 100 gig speeds all the way to the desktop. So it would be fantastic. And then we have fiber couplers. Unlike those copper couplers, these fiber ones they can have one or more inputs, and they can have one or more outputs as well. So it just doesn't come in one direction and go out the other end we could actually like we said, have more outputs. Now one thing is we cannot combine inputs of the same wavelength, though we all have to be on the same wavelength when we're using that coupler. And inputs of different wavelengths can actually be multiplexed or separated out.

[Heading: LC and SC. LC connectors are more compact, enabling higher density connections. Heading: MT-RJ. MT-RJ or Mechanical Transfer Registered Jack is a small form factor connector. Two fibers are terminated in one connector. Heading: Fiber Couplers. Unlike copper couplers, fiber couplers can have one or more inputs and one or more outputs. You cannot combine inputs of the same wavelength. Inputs of different wavelengths can be multiplexed or separated.]

Back to top

Fiber Network Cables

Learning Objective

After completing this topic, you should be able to

1. Exploring fiber network cable types

When working with fiber, there's a couple of different types of fiber we need to be familiar with Single Mode Fiber and Multimode Fiber. Now the Single Mode Fiber could be abbreviated SMF. Now this has a very small core of about 9 microns. Now that's about the size of a human hair, that's pretty small to work with. We have blown it up quite a bit here on this graphic, but if you were to actually hold up and peel back the sheath and the protective layers of that core, that middle part of that fiber, you would see how small it is and it is kind of difficult to work with. Now being so small, light travels down the cable in one ray, because that's all we can fit inside of that tiny little core that's going down that cable. Now this is very optimal for fast transmissions and for longer runs compared to say, the Multimode Fiber, which we are getting ready to talk about. So Single Mode Fiber has very small core. So what you need to know, 9 microns, we have one ray, hence the name single mode. And it's very good for very fast transmissions and for longer runs. You wouldn't traditionally use this between say building runs, you are going to run this back to your ISP or your ISP is going to run it to you.

[Heading: Single Mode Fiber. Single Mode Fiber (SMF) has a very small core of about 9 microns. Light travels down the cable in one ray. It's optimal for very fast transmissions.]

Now we also have Multimode Fiber or MMF as you may see it abbreviated. Now this has a core of 62.5 microns, quite a bit larger than that Single Mode Fiber we talked about. So this way, the light travels down the core in many rays, instead of just one or the single, we have multi meaning many. So now, we have many rays of light in this one core, so we can pass more traffic this way. But it's not as good for longer runs, because, well, we have more attenuation with this because of the many different rays inside there. So this is good for building to building runs, shorter runs that we need to pass more traffic through. Now this works with LED light sources of different wavelengths, which allows us to fit many of those rays in there, because you are talking on different wavelengths, they are not going to cross over each other inside of that core, inside of that piece of glass, as it's traveling down the light path.

[Heading: Multimode Fiber. Multimode Fiber (MMF) typically has a 62.5 micron core. Light travels down the core in many rays. Works with LED light sources of different wavelengths.]

And then we need to talk about some Fiber Connectors. Because, you know, we can't run a piece of fiber forever, we have to connect them together somehow. So these fiber cables must make some type of physical contact when they are joined together. It's not like a typical copper cable where you can put them together and twist it together, and the electrical signals just, they're touching so they keep going on. It's a little bit different with Fiber Connectors, because you actually have to put the ends together. So if you were to like hold up your index fingers and push the tips together, that's what we have to do with a piece of fiber. And you have to get it just about perfect for that light to not leave, because like if you think about your index fingers together, if you slid them apart a little bit and you pictured light coming through. Well, now that light's not going to hit the other tip of your finger, it's going to shoot off into space somewhere and we're going to lose that data.

[Heading: Fiber Connectors. Fiber cables must make physical contact when joined.]

Now there's different types of finishes that are put on the fiber cable. You need to be familiar with APC, which is angled polished connection, and UPC, which is ultra polished connection. Now the APC connectors, they are traditionally green where a UPC connectors are usually, have some type of blue coloring on the connector boot on the end of it. Now the APC is polished at an 8 degree angle as you might think it's angled, so one side would be angled the other side would be angled. So when you put that together, the angles match up to make it flush connection. And then we have those UPC connectors and they're polished at a 0 degree angle, so they are actually flat against each other.

[Heading: Fiber Connectors. Different types of finish are put on the fiber including: APC – angled polished connection UPC – ultra polished connection]

Back to top

Fiber Media Converters

Learning Objective

After completing this topic, you should be able to

1. Using media converters in fiber networks

Now a lot of the time, we have fiber running from building to building, or campus to campus, and we have all these high speed connections going everywhere, but we don't necessarily have fiber running to the desktop. That's a key term you want to keep in your mind, because that's coming. We call it fiber to the desktop, because we don't necessarily have fiber to the desktop in everywhere, or in very few locations do they actually have fiber to the desktop – which means they have fiber, actual fiber, running straight to the desktop, connected to the back of your PC – compared to the Cat 5 cable, or the Cat 6 cable that you might have right now. So how do we deal with that? Right, we do have fiber between buildings, and we have one for these long runs. But how do we get that signal to our PCs? How do we get that signal to our wireless routers, our devices in our homes where we don't have fiber? Well, we can use what's known as a Fiber Media Convertor. What that does is, it converts dissimilar network types, where at least one of them is going to be fiber, obviously, because you're going to have fiber coming into one end, and you want to convert it to something else. Now they're useful in taking advantage of long fiber runs in a pretty simple way, because we had these long fiber runs, like I said, running to the building, and we want to convert them over to something that we can use.

[Heading: Fiber Media Converters. Fiber media converters connect dissimilar network types at least one of which is fiber. They are useful in taking advantage of long fiber runs in a simple way. These can be simple standalone devices or a high port density chassis.]

Now these standalone or, excuse me, these media convertors can be standalone devices, with little bitty boxes that you can set pretty much anywhere, or high port density chassis, which take in lots of information, and lots of…they aggregate down these links into our usable network. So we can have fiber to Ethernet, a pretty popular one. So the fiber media convertors are available for 10, 100, or 1000 megabit, and faster, Ethernet standards. So what they can do is, they can convert from a single mode fiber, or that multi-mode fiber, and then actually convert it over to Ethernet, which means now we can put in our Cat 5 cable. We can run it all over our buildings. We can – you know, if we have the plenum cables – we can run it in the open air spaces, and things like that. So now it's usable. More usable for us, because we converted over to that twisted pair that we're more familiar with. We can also have fiber to coax. Now what they're going to do is take that fiber connection, and convert it over to coaxial cable.

[Heading: Fiber to Ethernet. Fiber media converters are available for 10, 100 1000 Mbit and faster Ethernet standards. They can convert from single mode or multimode. Heading: Fiber to Coaxial. Media converters are also available for coaxial to fiber.]

Now one use is in distributing fiber broadband via cable TV, for really long runs. So let's say we have an, I don't know, TV station, wherever we may be, or we're doing some type of broadcasting, and we're going to have this coax cables in our building, because that's what's connected to our cameras. That's what's connected to our televisions, our monitors. But we want to distribute this out. We can put it out on a fiber broadband, and get it down the road faster. Put it out on a single mode fiber and really get some high speed going on there. It's good for video teleconferencing, it's good for live streaming, and things like that. And then, we also have fiber to fiber media convertors. So what we can do is link single mode and multi-mode fiber together. Now what this is used for is done to optimize the cost, or for any distance considerations because, let's say we have multimode running out, but we know that single mode fiber can go further. So we can actually convert that multimode fiber over to a single mode, and then we can get a lot better distance out of the fiber.

[Heading: Fiber to Coaxial. One use is in distributing fiber broadband via cable TV coaxial last mile connections. Heading:Fiber to Fiber. Media converters can also link single mode and multimode fiber together. This can be done to optimize cost or for distance considerations.]

Back to top

Network Cabling Tools

Learning Objective

After completing this topic, you should be able to

1. Tools for working with network cabling

So you decided to get some unshielded twisted pair cable. You bought some connectors, you're going to make your own home network, you're going to get in there and design it out, and pin it out, and do all this cool stuff that a network administrator or a network engineer will do. And you want to run your own network, and be proud of what you do. Well, there are some tools that you're going to have to have, in order to get this accomplished. One of them being some crimpers, and punchdown tools. Now cable crimpers are used to connect that twisted pair cabling, that UTP, into that RJ45 plug. So once you get them pinned out correctly – and what I mean by that is get the colors in the right order, get the pins one through eight in the right order – you're going to slide those into that RJ45 plug, and you're going to use those crimpers to crimp down that RJ45 plug, that end, onto that cabling. Now in order to get that done, we're going to have some crimping tools to strip and cut that twisted pair cabling. So these could be all in one tools, because it could be just a crimper, or you could have a crimper with the stripping device on there. And it could have a cutter on there as well. Now let's say you are going to get real fancy with it in your house, and you're going to have some punchdown blocks. Those 66, or 110 blocks for your patch panels, or have it mounted on your wall. You're going to need that punch down tool, because that's going to be used to connect those twisted pair cables right into those blocks.

[Heading: Crimpers and punchdown tools. Cable crimpers are used to connect twisted pair cabling into the RJ45 plug. Crimping tools often strip and cut twisted pair cabling. Punchdown tools are used to connect twisted pair cable into a 66 or 110 block.]

So you'll line up your wires, you'll use your punchdown tool – like the graphic that we have on the right hand side – and punch. You actually align that wire up on top of that piece of metal. You're going to put your punchdown tool right over the top of that wire, and you're going to push in. And you're going to hear a pop, and it's actually going to punch that inside of that metal connector to make that connection. Now some other tools you might need are some wire strippers, and some cutters. So those wire strippers are used to cut back the outer sheath, and expose those inner wires, those copper wires. You know, hopefully so we can use them for crimping, where we can put on that RJ45 connection. Or like we mentioned just a second ago, use those in that punchdown block for our patch panels, or for our 66 blocks. You're probably going to need some wire cutters, some snips, or some diagonal pliers for cutting that copper wire to length, as well. You're just not going to have it out there and guess. You might have a little extra after you do your run. So you're going to need some wire cutters to cut that off, to get the correct length. And then use your wire strippers to cut back that sheath, and either put on that RJ45 connector, or put it in that punchdown block, and punch it down with that punchdown tool.

[Heading: Wire Strippers and Cutters. Wire strippers are used to cut back the outer sheath and expose the inner wires possibly for crimping or punchdown. Wire cutters, snips, or diagonal pliers are used for cutting copper wire to length.]

Now let's say you're getting really fancy, and you want to use fiber. I suggest, or recommend, you take some type of class before you jump into that. But a tool you might have is an OTDR, an Optical Time Domain Reflectometer. It's used to characterize and find faults in fiber cabling. So that'll actually tell you if there's a break in the cable, and where it is. It does this by sending and measuring signals. You know, any damage to the cables can be located along that run by sending and measuring those signals. So it will tell you where the damage is, and how far it is, by measuring those signals of how far – it knows how fast light travels, so it can say I got this far, and it didn't get any return. So it can give you a really good idea of where that damage is, using that OTDR. That's going to be an important one for you to remember for the exam. And then finally, we have some cable certifiers. This might be another tool you have in your engineer bag. Now these cable certifiers can be used to test network cabling that's already in place. What they can do is give a quantitative measure of the cable performance. And some of them, some higher end, more expensive ones, can even measure traffic that's on the actual wire.

[Heading: OTDR. Optical Time Domain Reflectometer is used to characterize and find faults in fiber cabling. By sending and measuring signals damage to cables can be located along the run. Heading:Cable Certifiers. Cable certifiers can be used to test network cabling in place. They can give a quantitative measure of cable performance, and some even measure traffic on the wire.]

Back to top

Bus and Ring Networks

Learning Objective

After completing this topic, you should be able to

1. Bus and ring network topologies

One of the earliest types of networks built was a Bus Topology. These topologies were used in small networks like LANs. Ring Topologies are great for the lack of collisions but are very costly when it comes to implementing them. They are utilized now in WAN type topologies because of their cost and specialized equipment. Lets take a closer look. So in the early days of networking we would take a cable, run it straight down, say the edge of a building, or straight down the middle of a big room – up in the ceiling. And it would just be one straight line. And we would put what was called a Terminator on the end. And then, depending on the cable you used, we could put T-connectors in there, or Vampire taps, or something of that nature to tap into that cable that we ran down the middle of the building, or middle of that room. Or we could do it down the edge. But it would be just a straight line wire that ran down the building. What we were putting in was a Bus Topology. That's where one, where a straight line connects all those devices. We had to have that there to connect our computers in our offices, and we would use Vampire taps like I said, or T-connectors to tap in to that straight line.

[Heading: Bus Topology. A bus topology is one where a straight line connects all devices. The original Ethernet networks were bus networks.]

Now the original Ethernet networks were bus networks, or used this Bus Topology. Now there's a couple of different challenges to Bus Topologies. One, being the fact that all the devices contend for the same shared segment, because with that one wire that's known as a segment, everybody was on there at one time. The more people you got on that segment, the worse the chatter became, the more network collisions you would have, less data would be passed because, you know, when there's a collision the network shuts down for a second. Also, if a computer was taken off the network incorrectly, somebody unplugged it, or a cable got cut, the whole network came down because it was not terminated properly. So we would have signal bounce back and that would bring the whole network down. So there was quite a few challenges with Bus Topology, that's not quite widely used nowadays, but still one we need to know about. Another one is a Ring Topology. Now it's similar to a Bus Topology in that there's just this one single segment, but it forms a ring. There's the start point and the end point are the same place. Now typically a token is passed around the network, and only one device with that token can transmit.

[Heading: Bus Topology. One challenge of bus topologies is the fact that all devices contend for the same shared segment. Heading: Ring Topology. A ring topology is similar to a bus in that there is a single segment.]

So what does that mean for us as end users? It means, there's no collisions. Because now the only person that can talk, is the person with the hall pass if you will. Or the token in this case. So if you have the token you can send data with that token. Every device on the network will look at the token and say, oh, that's not destined for me, and go ahead and pass it on. And then once the person receives the data, it will pass the token on to the next one, and if they have something to send, then they can, and it will keep going around and around the ring. Now usually Token Ring and these FDDI, use these ring topologies as their… for their infrastructure. Again, we talked about rings, that's Token Rings, is going to use that Token Ring. Now these are very expensive. Ring Topologies are usually in like a SONET-type scenario. So you know, we're talking about Metropolitan Area Network, those MANs or ISP-type stuff. You wouldn't set this up in your house. Token Ring and FDDI is very expensive to set up. The equipment is very expensive so, this is not something you use in your houses. This is not something in your small office, home office. We're talking large enterprises here, or big industries, it's going to use this type of topology.

[Heading: Ring Topology. Typically a token is passed around the network and only the device with the token can transmit. Token Ring and FDDI use ring topologies.]

Back to top

Mesh and Star networks

Learning Objective

After completing this topic, you should be able to

1. Mesh and star network topologies

Now a very popular topology, or technology, or infrastructure – however you want to look at it – is known as a Star Topology. Very, very popular in small office, home office. Very popular in homes in general because of its ease of use. The way it's set up, you know, it's very easy to go out and get one of these hubs, or these central devices. It's very easy to go get one of these switches for a central device. So an Ethernet hub and switch-based networks use this Star Topology. You probably have this set up in your house. I know this is exactly the way I have my house set up. I have a Star Topology because I've got multiple computers off a router, or a switch, and then my wireless router as well coming off. Now the good thing about switches over hubs, is those hubs still suffer from that single segment. So it's going to act like, exactly like a Bus Topology. Even though we have a hub in there, physically it's a Star. Logically though – the way it behaves – is going to be just like a Bus Topology. So everybody's in the same collision domain again. So if the computer on the left was talking at the exact same time the computer on the right was, we would have a collision. Neither one of the computers would be able to pass any information, even if they were talking to different people.

[Heading: Star Topology. Ethernet hub- and switch-based networks use a star topology. Hubs still suffer from a single segment, but switches divide segments.]

Let's say the computer on the left there on our graphic, was talking to the server. And the computer on the right was talking to the Printer. If they tried to communicate at the exact same time, they would have a collision. Because even though they're talking to different devices, that hub is a layer one device. It just repeats the signals out all known ports. Well, there's four ports known. It's not going to repeat it to where it learned it from, so it's going to push it out to the other three, and that's coming from the computer on the left, and the computer on the right. As soon as that happens, like I said, we're going to have a collision, and the network's not going to work very efficiently. But a switch on the other hand, will divide those segments. So we're able to put every device off a port on a switch, in a separate collision domain. So that means the computer on the left there can talk to the server at the exact same time the computer on the right can talk to that Shared Printer down at the bottom in our graphic, and we would not have any collisions. This makes switches very efficient. Now the one downside for this Star Topology would be that central device, because what happens if it goes out? Well, then our whole network comes down. But this is still a lot more efficient, a lot better than the older Bus Topologies.

Now another topology that's pretty popular, not as popular because of the expenses, is a Mesh. Now a Mesh is pretty common in WAN topologies, and as you can see from the graphic there, we have a Full Mesh. We don't have a central device in the middle somewhere where everybody's talking to that. Everybody's talking to everybody else. We have lots of redundancy in here. Now in a Full Mesh each node has a dedicated connection to every other connection, or every other device I should say. And that gives us that redundancy, that gives us that fault tolerance. Now this can be pretty expensive as you would think the number of connections dramatically increases with the number of nodes. We've only got four nodes here, and we've got what? One, two, three, four, five, six connections. If we added another node, and another node, and another node. What if we had a 100? Could you imagine how expensive it would be? Because you're going to have to have 99 network cards in each device, because you've got to talk to the other 99 devices on your network to make this a true Full Mesh. Now Meshes are used for that reason, because of how expensive it is, and it might not even be feasible to have that many connections to every other device out there on your network.

[Heading: Mesh Topologies. Mesh is a common WAN topology. In a full mesh, each node has a dedicated connection to every other. This can be expensive as the number of connections dramatically increases with the number of nodes. Partial meshes are used for this reason.]

So we could have a Hybrid Mesh, right? You can see from that graphic, we don't have a Full Mesh there, it's a Hybrid. You know, the top two routers and the bottom-right router, they're all kind of connected. But the bottom-left router, he's kind of off by himself. He's not, he doesn't have a connection to everybody else, he just has one. So a Hybrid Mesh is used to reduce the number of connections in that Full Mesh like we just saw. Now a Hybrid Mesh has a central node connected to other nodes in a point-to-multipoint configuration. So the bottom-left router there has a point-to-point connection up to the top-left. But that top-left router actually has a point-to-multipoint, because he can get to the other three routers wherever he needs to go. Now that way links are added whenever traffic dictates, or when we need to add more routers, or more devices into our network.

[Heading: Hybrid Mesh. A hybrid mesh is used to reduce the number of connections in a mesh. A hybrid mesh has a central node connected to other nodes in a point-to-multipoint configuration. Links are then added where traffic dictates.]

Back to top

Point-to-Point and Point-to-Multipoint Networks

Learning Objective

After completing this topic, you should be able to

1. Point-to-point and point-to-multipoint

What if we just wanted to connect two branch offices or connect our headquarters to a branch office? We could use something called Point-to-Point Topology which, by looking at the graphic, is pretty simple. You have one point on the left and one point on the right – in this case we have two routers – and we are connecting those in a point-to-point. The traffic can only go in one direction, so if the router on our left hand side wanted to talk to the router on the right, it only has one connection to get there, it's a point-to-point. Kind of like if you think of a tin can, two tin cans on a string. If you pulled it tight and you screamed into one can, it only goes in one direction. So point-to-point connections are the simplest WAN connections. They are pretty simple to configure on the routers, they are simple to set up because well, you have only got two points – only got two end connections you have to connect. You don't have to do anything in the middle – you don't have to have a Frame Relay Switch, or any type of dedicated equipment in between. In that case, you could simply set up two routers with a serial cable and have a WAN connection, a Point-to-Point WAN connection. Now they are typically going to be used to join a branch office like I said, to a headquarters, or we could join two branch offices wherever we need that point–to-point connection.

[Heading: Point-to-Point Topology. Point-to-point connections are the simplest WAN connections. They would typically be used to join a branch office to HQ. An example of point-to-point topology displays. It uses an IP wan to connect one network endpoint to another.]

Now taking that one step further, we can do what's called a Point-to-Multipoint connection because that is going to expand on that Point-to-Point Topology. Now these make sense with the main office and smaller offices with a little bit of traffic between the smaller offices. So what we can do is let's say the router on the left hand side there in our graphic is our headquarters, we could have three branch offices represented by the three routers in our graphic on the far right. So you can see we have the point which is the router to the far left, and then multipoint connections which would be the three branch offices. Now if those branch offices needed to talk to one another, however, they still have to come back to the headquarters, get that one point – because it's going to be directing traffic – and then route it back out to get to the other branch office that it needs to communicate with for whatever reason, if it's sharing a file, or it needs to send a message. So this is point-to-multipoint – kind of expands on that point-to-point, still pretty popular. This is used a lot, you could use this with your Microwave type connections and, you know, regular fiber connections as well, but again you have one point that kind of directs traffic – in this case to the far left – and it would direct traffic for the other three guys, even if they need to talk amongst each other.

[Heading: Point-to-Multipoint Topology. Point-to-multipoint connection expand on the point-to-point topology. They make sense with a main office and smaller offices with little traffic between the smaller offices. An example of point-to-multipoint topology displays. It uses an IP wan to connect one network endpoint to a network that has several endpoints.]

Back to top

Client-Server and Peer-to-Peer Networks

Learning Objective

After completing this topic, you should be able to

1. Client-server and peer-to-peer networks

Two popular network configurations we need to be familiar with are Client Server Networks and Peer-to-Peer Networks. Now these Client Server Networks – several network services are going to be provided by dedicated server computers. If you look at the graphic here, we've got one server computer up there at the top in the blue, and we've got a couple of clients, and then a Shared Printer down there at the bottom. Now that dedicated server computer could be like Active Directory, could be printing of our web resources if we needed it that way. It could be e-mail, it could be anything that we need it to be to direct traffic. So if computer A there – let's say it's computer A on the left – wants to talk to computer B on the far right, there's a fileshare somewhere on computer B. Computer A would actually have to ask the server first for permission. The server would authenticate and then authorize that computer to actually get to the other computer. So he's directing traffic for the rest of the network. So on a Client Server Network, we have one computer that's "the boss" if you will. He's in charge of directing the traffic, saying who can do what and when. For this case, he could also say, who has permissions to that Shared Printer. So if those clients want to print to that Shared Printer, they might have to ask the server first and say, hey, you know I'd like to print, do I have permission to do that?

[Heading: Client Server Networks. In a client-server network, several network services are provided by dedicated server computers. An example might be printing of web resources.]

So in a Client Server Network, we do have one server, or at least one server, one computer that's in charge of the network, and in charge of what goes on in that network. Now that's in comparison to a Peer-to-Peer Network. In Peer-to-Peer Networks there's not really any servers. There's no one computer that's in charge. If you think of your peers, your peers at work, you're equals right? Well, in a peer-to-peer network, everybody's equal. In our graphic here, we've got our switch in the middle, and we've got our four clients, and a Shared Printer. Well there's nobody really in charge. If the computer on the top, let's say that's computer A, wants to talk to computer B which is on the let's say, off the right there. Computer A would have to give computer B permissions on its own computer locally. It would have to create an account. Same thing with computer C down there, and let's say C's at the very bottom, and D's over to the left. If everybody wanted to share with everybody else, we would actually have to create accounts on every other computer, for every other computer, that we want to give access to our resources locally.

[Heading: Client Server Networks. In a client-server network, several network services are provided by dedicated server computers. An example might be printing of web resources.]

Now with a couple of computers, it's not a big deal, with Peer-to-Peer Networks. But when you start getting to 50s and 100s of computers, that can be a pretty big deal. So clients can actually provide services like printing. In this case, in our graphic, that computer D there on the left-hand side has a Shared Printer with it, so it can give the other three computers access to that Shared Printer, but locally. There's no one server saying, yes you're authenticated to go use that printer. That one computer has to give everybody else permission to use that Shared Printer because it's connected directly to that computer. Now if we wanted to share resources, like I mentioned earlier, we would have to give permissions to every other computer on our computer locally, such as create an account, or share an account, or whatever the case may be, to allow them to get into our computer. So what we need to take from this Peer-to-Peer Networks, there 's not one computer that's in charge, that's doing the authentication and authorization for resources on our network. Where all peers were all equals so there again, there's not one computer that's in charge of directing traffic on our network.

Back to top

Exercise: Basic Concepts of CompTIA Network+ 2014

Learning Objective

After completing this topic, you should be able to

1. Exercise overview

Now let's take a few minutes to try this exercise.

In this exercise, you're required to understand the basic concepts of network architecture, including: network devices, services, models, cabling, topologies and WAN technologies, and to recognize the basics of configuring network services.

2. Network architecture and services basics

Question

Which network device uses rules based on IP and port addresses?

Options:

  1. Packet filters
  2. Content filters
  3. Stateful filters
  4. Software firewalls

Answer

Option 1: Correct. Packet filters use rules that are based on IP and port addresses of the source or destination.

Option 2: Incorrect. Content filters can be part of a firewall or a separate device that checks the contents of packets and allows or denies transmission. They operate at the application level. Rules set up can be based on UPL or e-mail contents etc.

Option 3: Incorrect. Stateful filters maintain session state information. If a session is initiated from inside the network then the firewall will learn about that session so when the server tries to send that information back, even though that port may be blocked a stateful state between the server and the established.This allows information that the user has requested to not be blocked.

Option 4: Correct. A software firewall can have rules based upon IP and port addresses. This then allows it to filter packets by IP of the source and destination and a TCP / UDP port.

Correct answer(s):

1. Packet filters
4. Software firewalls

Question

What is a feature of a VPN network?

Options:

  1. Uses encryption for protection
  2. Aggregates bandwidth
  3. Identifies attack signatures
  4. Uses a one to one connection for security

Answer

Option 1: Correct. Virtual Private Networks provide secure connectivity across unsecure network domains such as the Internet through encryption.

Option 2: Incorrect. This is a feature of the Load Balancers. Load Balancers balance network traffic using various algorithms, such as weighted round robin, least connections and least response time. Load balances can operate on the transport layer, layer 4 and also on the application layer, layer 7.

Option 3: Incorrect. This is a feature of the Intrusion Detection and Intruder Prevention Systems. Signatures of attacks are compares against known signatures to prevent alert and/or stop attacks.

Option 4: Incorrect. Depending on the Virtual Private Network concentrator up to tens of thousands of connections may be supported.

Correct answer(s):

1. Uses encryption for protection

Question

Which is a feature of the proxy server?

Options:

  1. Can act as a caching mechanism
  2. Clients can connect directly to the Internet
  3. Allows a direct link between client and web server
  4. Masks the user's passwords

Answer

Option 1: Correct. Content can be cached so that if future users request the same information then it will not have to be drawn from the Internet or origin server, rather it will be accessed in the local network from a Content Engine.

Option 2: Incorrect. The proxy server is often the only device allowed to connect through the firewall and so clients cannot directly connect to external networks or the Internet.

Option 3: Incorrect. The proxy server actually accesses a web server on behalf of the client making the request and so masks the identity of the client. This adds an additional layer of security.

Option 4: Incorrect. This is a feature of the TACACS+ and RADIUS protocols. One of the proxy server's main functions is to cache content.

Correct answer(s):

1. Can act as a caching mechanism

Question

What is a feature of a T1 leased line?

Options:

  1. Uses multiplexing
  2. Mostly used in Europe
  3. Maximum speed is 2.048 Mbps
  4. It is a SONET optical network

Answer

Option 1: Correct. T1/E1 leased lines are digital circuits that use multiplexing. Multiplexing combines digital data streams into one signal over the shared medium, in this case the dedicated T1/E1 leased lines.

Option 2: Incorrect. T1 is mostly used in the United States and Japan, whereas the E1 is used in Europe.

Option 3: Incorrect. The T1 dedicated line contains 24.64 Kbps channels totaling 1.544 Mbps. The E1 line contains 32.64 Kbps channels totaling 2.048 Mbps.

Option 4: Incorrect. SONET optical networks are a different class of high bandwidth lines that range in speeds from 51.84 Mbps to 39.812 Gbps.

Correct answer(s):

1. Uses multiplexing

Question

Which tool is to connect twisted pair cabling into the RJ45 plug?

Options:

  1. Cable crimpers
  2. Wire strippers
  3. Punchdown tools
  4. OTDR

Answer

Option 1: Correct. Cable crimpers are used to connect twisted pair cabling into the RJ45 plug.

Option 2: Incorrect. Wire strippers are used to cut back the outer sheath and expose the inner wires possibly for crimping or punchdown.

Option 3: Incorrect. Punchdown tools are used to connect twisted pair cables into a 66 or 110 block.

Option 4: Incorrect. The Optical Time Domain Reflectometer is used to find faults or damage in fiber cabling by sending and measuring signals through the optical cable.

Correct answer(s):

1. Cable crimpers

Question

Which network topology is completely disrupted when a key central device stops operating?

Options:

  1. Star topology
  2. Mesh topology
  3. Hybrid Mesh topology
  4. Peer-to-peer networks

Answer

Option 1: Correct. The Star topology has a number of nodes or devices connected to a central device that allows them to communicate with each other. If this central device stops working then the whole network will come down.

Option 2: Incorrect. A Mesh topology does not have a central device linking all devices on the network together. Each node, or device, has a dedicated connection to every other device. It is commonly used for Wide Area Networks and can be very costly if a high number of nodes exist. There network is not dependent on a central device making all connections as a Star topology would depend on.

Option 3: Incorrect. This is a similar topology to the Mesh topology with the only difference that not all nodes, or devices, are interconnected to each other. Some nodes may be connected to a node that has multi-connections. If the multi-connected node goes down then it will only disrupt the single point-to-point connection nodes to it and note the entire network as would occur in the Star topology.

Option 4: Incorrect. Peer-to-peer servers are networks that do not rely on a central server to operate, all peers on the network are responsible for authentication and authorization for resources. If any node stops operating the network will remain intact.

Correct answer(s):

1. Star topology

Back to top