Chapter 01: Network Fundamentals
In computer networks, the term network refers to the interconnection of devices such as computers, laptops, IoTs, servers, routers and much more. This network of devices is capable of sharing the information among each other and offers different services over the network. Evolution of computer networks has raised the demand of network engineers to install, configure, operate and troubleshoot the small personal area network to large scale enterprise networks. Typical Networking Fundamentals topics include WAN technologies, basic security and wireless concepts, routing and switching fundamentals, and configuring simple networks.
In this chapter, we will discuss role and function of network component, network characteristics of network topology architectures, TCP and UDP network protocols, wireless principles, virtualization fundamentals (virtual machines), switching concepts and their categories. This chapter also examines the limitations of IPv4 and describes how IPv6 resolves these issues while offering other advantages as well. The rationale of IPv6 and concerns regarding IPv4 address depletion. This chapter presents a brief history of both IPv4 and IPv6 addressing and address types. It also includes the representation of IPv6 addresses, along with the IPv6 header.
A network is the set of interconnected devices sharing the resources. A computer network allows different computers/devices to connect to one another and share resources. The integrant of network architecture consists of numerous devices that perform a definite function or set of functions in a network. It is essential to understand the purpose of each device so that an individual would be familiar with the functionalities of the devices that are used in the network. In this section, we will cover these requirements.
Network topology demonstrate the relationship between, various elements of networks. Network topology can be categorized as physical or logical topology. Physical topology shows the physical network infrastructure whereas logical topology shows the logical overview of the network. Network topology boils down to two basic elements: nodes and links. Nodes represent any number of possible network devices, such as routers, switches, servers, phones, cameras, or laptops. The topological structure of a network consists of nodes and links that are connected physically or logically.
In the case of bus topology, all devices share single communication line or cable. Bus topologies may have issues when multiple hosts send data at the same time. Therefore, bus topology either uses CSMA/CD technology or recognizes one host as the Bus Master to solve this issue. It is one of the simplest forms of networking where a failure of a device does not affect the other devices. But then again, failure of the shared communication line can make all other devices stop functioning.
Figure 1-01: Bus Topology
In ring topology, each host machine connects to exactly two other machines, creating a circular network structure. When one host tries to communicate or send a message to a host which is not adjacent to it, the data travels through all intermediate hosts. To connect one more host in the existing structure, the administrator may need only one more extra cable.
Figure 1-02: Ring Topology
The advantage of the star topology is that there is a central device that serves as the mediator for every station and the station seems to be indirectly connected to each other. The disadvantage is that it is too costly and is hub or central device dependent.
The following figure illustrates the topology used in star topology:
Figure 1-03: Star Topology
If you observe, you will see that each computer is interconnected to every other computer. That is the simplest way to explain Mesh though there are some theoretical background that we can dig deeper with Mesh like Reed’s law, flooding and routing, it is important for us to know the disadvantages of Mesh are difficult installation and expensive cabling. On the other hand, it is good when it comes to providing security. Privacy and troubleshooting would be easy.
The following figure shows mesh topology structure:
Figure 1-04: Mesh Topology
Hybrid topology is a mixture of more than one topology, which may include mesh topology, start topology ring topology, etc. The disadvantage of one topology may offset by the advantage of the other one. Thus, the reason of making hybrid topology is to eliminate the shortcoming of the network.
Figure 1-05: Hybrid Topology
Routers are used to connect networks. A router receives a packet and observes the destination IP address information to determine which network the packet needs to reach, then sends the packet out of the corresponding interface.
Routers are network devices that accurately route information about the network by inspecting information as it reaches, the router can decide the destination address for the information; then, by using tables of defined routes, the router determines the best way for the data to continue its journey. Unlike bridges and switches that use the hardware-configured MAC address to determine the destination of the data, routers use the software-configured network address to make decisions. This approach makes routers more functional than bridges or switches, and it also makes them more complex because they have to work harder to determine the information.
Figure 1-06: Router
- Routers work on Internet Protocol (IP) specifically on the logical address also known as IP address
- Routers perform actions on the layer 3, i.e., Network Layer of the OSI model
- They route traffic from one network to the desired destination network
- As described, a router is an intelligent device that either first finds out the network or the traffic that relates to their network
- After deciding, the router forwards the traffic to the required destination
- Routers provide interfaces for different physical network connections such as copper cables, optic fiber, or wireless transmission
- The Network Administrator can configure the routing table manually as well as dynamically
- Routers learn its routing table by using static and dynamic routing protocols
- Multiple routers are used in interconnected networks
- Dynamic exchange of information about the destination is made possible by the dynamic routing protocol; the administrator will have to advertise routing path manually for static networks
Open System Interconnect (OSI) model is a reference model for describing and explaining network communications, the terms Layers 2 & 3 are adopted from it. The OSI model has seven layers that include: application layer, presentation layer, session layer, transport layer, network layer, data link layer and physical layer, amid which network layer is on Layer 3 and data link layer is on Layer 2.
Figure 1-07: OSI Model
Layer 2 switches provides direct data transmission between two devices within a LAN. A Layer 2 switch purpose is to keep a table of Media Access Control (MAC) addresses. The data frames are switched through MAC addresses individually inside the LAN and will not be identified outside it. A Layer 2 switch can allocate VLANs to specific switch ports, which in turn are in dissimilar layer 3 subnets. So the communication with other VLANs or LANs desires the purpose or function of Layer 3.
Figure 1-08: Layer 2 & Layer 3 Switches
Difference between Layer 2 and Layer 3 Switches
The basic difference between Layer 2 and Layer 3 is the routing function. A Layer 2 switch mechanism works only on MAC addresses and does not concern IP addresses or any items of higher layers. A Layer 3 switch can perform all the task that a Layer 2 switch can. Furthermore, it can do dynamic routing and static routing. This means, a Layer 3 switch has both MAC address table and IP routing table, and handles intra-VLAN communication and packets routing between distinct VLANs as well. A switch that adds merely static routing is known as a Layer 2+ or Layer 3 Lite. Other than routing packets, Layer 3 switches similarly include some functions that need the capability to understand the IP address information of data that is coming to the switch, such as tagging VLAN traffic depending on IP addresses instead of manually configuring a port. Layer 3 switches are more reliable from security and power perspective.
Which Device Do You Need?
With the emergence of Layer 3 switches, deciding when to use a Layer 2 switch and when to use a Layer 3 switch, choosing a Layer 3 switch for routing or choosing a router, and similar predicaments are troubling many people. Which device is the better one according your needs?
Figure 1-09: Layer 2 Switch, Layer 3 Switch and Router
When lingering between Layer 2 and Layer 3 switches, you should think about where it will be used. If you have a pure Layer 2 domain, you can simply go for Layer 2 switch; if you need to do inter-VLAN routing, then you need a Layer 3 switch. A pure Layer 2 domain is where the hosts are connected, so it will work fine there. This is usually called access layer in a network topology. If it is required for the switch to aggregate multiple access switches and do inter-VLAN routing, then a Layer 3 switch will be needed. This is known as distribution layer in network topology.
Since both the Layer 3 switch and the router have routing functions, which one is better? Actually, it is less a question of which is better for routing, as both are useful in particular applications. If you want to do multiple switching and inter-VLAN routing, and need no further routing to the Internet Service Provider (ISP)/WAN, then you can go well with a Layer 3 switch. Otherwise, you should go for a router with more Layer 3 features.
Layer 2 Switch
Layer 3 Switch
Table 1-01: Layer 2 & Layer 3 Switches
Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks. According to Gartner, Inc.’s definition, a next-generation firewall must include:
● Standard firewall capabilities like stateful inspection
● Integrated intrusion prevention
● Application awareness and control to see and block risky apps
● Upgraded paths to include future information feeds
● Techniques to address evolving security threats
Figure 1-10: Firewall
Traditional Firewall Vs. Next Generation Firewalls
As their names suggest, next generation firewalls are a more advanced version of the traditional firewall, and they offer the same benefits. Like regular firewalls, NGFWs use both static and dynamic packet filtering and VPN support to ensure that all connections between the network, internet, and firewall are valid and secure. Both firewall types should also be able to translate network and port addresses in order to map IPs.
There are also fundamental differences between the and next generation firewalls. The most obvious difference between the two is an NGFW’s ability to filter packets based on applications. These firewalls have extensive control and visibility of applications that it is able to identify using analysis and signature matching. They can use whitelists or a signature-based IPS to distinguish between safe applications and unwanted ones, which are then identified using SSL decryption. Unlike most traditional firewalls, NGFWs also include a path through which future updates will be received.
Importance of Next Generation Firewalls
Installing a firewall is necessary requirement for any business. In today’s environment, having a next generation firewall is a mandatory part of network. Threats to personal devices and larger networks are changing every day. With the flexibility of a NGFW, it protects devices and companies from a much broader spectrum of intrusions. Although these firewalls are not the right solution for every business, security professionals should carefully consider the benefits that NGFWs can provide, as it has a very large upside.
Firepower announced its Next-Generation Firewall (NGFW) that combines IPS threat prevention, integrated application control and firewall capabilities in a high-performance security appliance.
- NGFWs are able to from entering a network
- They are better equipped to address Advanced Persistent Threats (APTs)
- NGFWs can be a low-cost option for companies looking to improve their basic security because they can incorporate the work of antiviruses, firewalls, and other security applications into one solution
- NGFWs being more intelligent and with deeper traffic inspection, they may also be able to perform intrusion detection and prevention. Some next-gen firewalls might include enough IPS functionality that a stand-alone IPS might not be needed
- NGFWs can also provide reputation-based filtering to block applications that have a bad reputation. This can possibly check phishing, virus, and other malware sites and applications
- They can identify and filter traffic based upon the specific applications, rather than just opening ports for any and all traffic. This prevents malicious applications and activity from using non-standard ports to evade the firewall
An access point is a device that offers network connectivity to the large number of endpoints. Wireless access point typically connects to a wired router, switch, or WLC to provide wireless connectivity. For example, if you want to enable Wi-Fi access in your company’s reception area but do not have a router within range, you can install an access point near the front desk and run an Ethernet cable through the ceiling back to the server room.