NET 102 - Networking Essentials II
Chapter 16, Network Optimization
This lesson discusses securing networks and making them harder to
attack. Objectives important to this lesson:
- Controlled redundancy
- Ethernet bonding/NIC teaming
- Spanning tree protocol
- Load balancing
- Quality of service
- Traffic/bandwidth/packet shaper
- Multilayer switches
Chapter 16, Network Optimization
tells us in this chapter that some redundancy is a good thing for a network,
partly because components and connections fail. There should be ways to
accommodate failure for that reason alone. There may also be instances
in which we use what seem like redundant components to increase performance
when there is no failure.
bonding is an example of using redundant NICs to increase the performance
of a server by increasing its bandwidth on the network. This is done on
Windows servers, as opposed to Windows workstations, because
Windows server operating systems typically support this technique but
Windows workstation operating systems typically do not. (This observation
will, no doubt, have to be updated in the future.) Linux servers typically
support this technique and call it by this name. Network teaming
is another name for Ethernet bonding, and is more typically found in Windows
implement NIC teaming, first you install two or more NICs in a server,
then connect them either to different switches or to the same
- If using different switches, this is called switch independent
bonding. Only one NIC is typically active at a time in this case,
but the other NIC is in passive mode, ready to take over if the other
NIC, or its switch fail.
- If connecting to the same switch, both NICs must be in Active/Acitve
mode, both processing frames at all times. This increases the server's
bandwidth, but the switch must support this technique for it to work.
lesson also wants us to understand Spanning Tree Protocol. Historically,
this protocol was designed for bridges, but the problem it applies to
occurs on switches as well. The bottom line is that bridges
and switches are (mostly) layer
2 devices. They work with MAC addresses. When there are two (or more)
paths across switches from one segment
to another, and the switches on
those paths both forward packets,
each switch sees the packets forwarded by the other switch, and the devices
get confused about which segment/port the MAC addresses live on. This
Enter the spanning tree protocol, like a hero to solve our problem. The
protocol says that if there are two ways to cross over to another segment,
the devices will determine which device has the best
connection, and use the route across that
device. The process of choosing the best path involves each device sending
information about itself and its connections to every other such device.
This process is carried out every time a new path is added or lost, and
the process of defining the preferred paths is called convergence.
Rapid Spanning Tree Protocol (RSTP) allows devices to reach convergence
in a few hundred milliseconds.
Every port on a switch can be in one of several states. Three are important
to this discussion:
- Discarding - a port in this
state does not learn new MAC addresses or forward frames
- Learning - a port in this
state is learning MAC addresses and associated ports, and is writing
information in the MAC address table of its switch/bridge
- Forwarding - a port in this
state is doing the things in the learning mode, and it is also forwarding
frames based on information in the MAC address table
Spanning tree protocol also causes bridges/switches to elect a root bridge.
Remember that information the bridges/switches send about themselves?
It includes their IDs, composed of their MAC address and a code assigned
by an admin. The bridge with the lowest ID is automatically the root bridge.
Note that the admin can rig the election by assigning a low code to a
favorite bridge. If all codes were the same, the bridge with the lowest
MAC address would be the root bridge.
Another feature of the spanning tree protocol is that it calls for each
device to participate in sharing its information regularly. If a designated
bridge (the one being used for a segment) has failed to communicate recently,
the root bridge can call for a new election, which will result in choosing
a new designated bridge for a segment whose designated bridge has gone
down. In this way, devices sharing redundant paths across a network can
manage the details about those paths by themselve, in most cases.
TestOut also discusses load sharing,
which is sometimes called load balancing.
With regard to networking, you need to know that load sharing splits a
data stream across multiple routes, and reassembles them on the far end.
We expect this to happen for every packet in an IP network, so this should
not be a new concept.
mentions Quality of Service in regard to time sensitive delivery of packets.
The following notes are taken from the NET 226 class, whose text discusses
some methods to meet Quality of Service requirements that your
customer may have.
- IP Precedence and Type of Service - This part is historical,
so bear with it.
The text explains that IP packets have always had bits in their headers
to tag their service types, so some packets could be given precedence
over others. This
link will take you to a page that diagrams the header portion
of several types of packets. The bottom line is that if you used routers
and applications that could handle this data, you could hope to prioritize
packets from applications that needed time sensitive delivery.
Note that the Type of Service field is subdivided into a Precedence
(priority level) field and a Type field. Note also that the value
in the Precedence field lets the router make choices between packets
that are queued for the same interface (port). What does this
mean? That packets queued for different interfaces are not in
competition with each other, which gives us more incentive for a router
to have multiple routes to the same destination, starting with the port
at which a packet leaves the router. This may be more important than
the rest of the details in this part of the discussion, since the author
ends it by telling us that no protocols did a good job of using this
information, and the next discussion is more important.
- IP Differentiated Services Field - The text explains that this
was the next evolution of the Type of Service field in
IP packets. The confusing illustration on page 377 uses two methods
to number the bits in a packet. The lower part of the
illustration numbers them consecutively from the beginning of
the packet. The upper part of the illustration numbers
them from the beginning of the Differentiated Services Codepoint
(DSCP) field. The purpose of this field is the same as it always was,
this is just the newer version of coding it.
- Resource Reservation Protocol (RSVP) - RSVP is not a
very good acronym. It is a protocol that can be used by a host to request
a quality of service from a network. Routers can make this request to
other routers to set up channels of a particular service level. The
text explains that using RSVP is an example of an out of band request
for a service level. Using the bits in the DSCP field to mark packets
for a service level is an example of an in band request for service.
also mentions devices that may be called traffic shapers, bandwidth
shapers, or packet shapers. Their purpose is to be aware of
the current demands on a network, and to take steps to prioritize the
flow of data across it as needed by packets that have priority over other
packets. Methods mentioned include bandwith throttling, to limit
the amount of data that can be pulled from a device, and rate limiting,
to restrict data flows to specific customers. Both methods may be helpful
in managing attacks on a server.
noted above, switches were designed to be ISO-OSI model Layer 2 devices
because they use MAC addresses for their primary duties. TestOut tells
us that switches use hardware circuits to perform these tasks. The circuit
noted in the discussion is called an application-specific integrated
circuit (ASIC). It is described as allowing the switch to operate
at wire-speed, meaning that it allows data to flow where it is needed
as fast as the cable in question will allow, due to this circuit being
used instead of passing packets to the switch's CPU to be examined.
switches, however, can also operate at higher levels in the networking
model. TestOut refers to switches operating on Layers 4 through
7 as content switches, web switches, or application
switches. Their value is that they can perform load balancing, decryption,
and other functions at wire-speed through the use of ASIC functions.
finishes the chapter with a unit on troubleshooting. Note that
the main thing is to be calm and cautious, and to use a specific set of
troubleshooting steps listed in the materiel. Keep in mind the advice
typically given to doctors: first, do no harm. Review the troubleshooting
steps proposed by TestOut and you will see that this is a key principle
in their method.