This introduction to computer networking document is designed to give necessary skills to configure and implement a TCP/IP computer network for PC technicians.
Table of Contents
- Networking Basics
- Essential Network Devices
- The OSI Model
- TCP/IP Model
- Network Protocols
- Assigning IP Addresses
- Static Addressing
- Dynamic Addressing
- Boot Protocol
- MAC Addresses
- MAC Address Filtering
- Network Address Translation
- Static NAT
- Port Address Translation
- Port Forwarding
- Broadcast Domains
- Collision Domains
- Routing Loops
- Managing TCP/IP
- Routing Tables
- Static Routing
- Dynamic Routing
- Distance-Vector Routing
- Link-State Routing
- Proxy Servers
- Route Availability
- Routing Metrics
- Details On Networking Devices
- Network Communications
- Network Management
- Network Monitoring Tools
- Scanning Tools
- SNMP Network Management
- System Logging
- Environment Monitoring
- Wireless Surveying Tools
- Getting A Baseline For Network
- Network Telemetry Logging
- Analyzing Network Utilization
- Analyzing Network Interface Data
- Configuration Backups
- Managing Configuration Baselines
- Mobile Device Management
- Network Access Control
- Documenting Your Network
- Industrial Networks
- Private Networks
- Reducing Network Congestion
- Cloud Computing
- Elements of Unified Communications
- Basics Of Network Security
- Disaster Recovery For Your Network
- Troubleshooting Computer Networks
- Building Your Homelab
- How To Troubleshoot DNS
Before I go any farther I need to cover a few basics. This will be at a real high level but I will expand this as time goes on. To make a network you need a few pieces of compatible hardware.
- Network Card
- Wireless Networking
The computer can be just about anything from a small netbook to a powerful workstation. Having them roughly the same type will help though. They will all need network cards.
These cards are usually PCI based and do the communications with the network. Computers and workstations can have more than one network card in them now too. Cabling also has several options.
The most common is category-5 cable but category-6 is making headway and superior. Cat-6 cable is more expensive and something to consider. The cables will connect to the router, switch, and end device.
It will not matter if the computer is a Mac, Windows, and Linux machine. They will all have a network card these days where you can plug an ethernet cable into.
Network cards do the communicating with the network. Your cabling plugs into them. There are many standards today which govern their usage.
There are so many because they describe the types of cable used, distances involved and other such things that do not matter to most people.
The most important thing is the speed which is usually of the gigabit variety. There are many reliable vendors today that make network cards.
Many kinds of devices these days can be networked. They include computers, printers, scanners, thermostats, cameras, doorbells, and even sound systems.
Network cards often have indicator lights on them so it is easy to see the status of that particular connection.
Ethernet technology is by far the most prevalent type of cabling in the networking world today. You will actually have a hard time finding anything else.
The main reason for this is cost as equipment and cabling are key factors and the speeds reachable by it. It is a protocol. That means it has the rules that the devices try to follow.
Category 5 cable is the most used cabling because there is so much of it out there. It is good and works with anything. Category 6 cable is what you should buy if you have newer equipment as it is superior to older cable types.
- RJ11 - this is the old telephone connector but is also used for broadband connections.
- RJ45 - this is the connector for Ethernet cabling.
- RJ48 - connector used for T1 and ISDN connections.
- DB-9 - used for RS232 serial connections which is used for management
- DB-25 - older parallel printer type connection.
- BNC - good connector used in both IT and AV industries.
Twisted Pair Cabling
The ISO/IEC 11801 standard governs how twisted pair cabling is used. One type is of course Catergory 5 cabling which can be either 100 mbit Ethernet or 1000mbit Ethernet. You would have to have a compatible network card that used one or both of those speeds.
The current version is category 6 cabling and it is even faster at theoretical speeds of 10 gbit. Twisted pair cabling is then divided up into UTP (unshielded twisted pair) and STP ( shielded twisted pair).
- Unshielded Twisted Pair - made of insulated copper wires that have been twisted around each other to form wire pairs.
- Shielded Twisted Pair - shielded twisted pair cable is used where there is a lot of inteference such as around power wires.
Wireless networking is the other technology used today and it is used by everyone. It exists along and works with Ethernet networks greatly and is a core component of all networks today.
It has standards associated with it also which mostly designate speed differences but also how it works. Examples of standards are a,b, g,n, and the current one today, the AC standard.
AC is currently the fastest of the ones in major use today but there are more improvements and thus more standards out there but they are not in common use yet.
Most people are aware of the common router you can buy at consumer electronics stores. These are actually access points equipped with routing functionality.
They use radio waves to communicate with the network card in your laptop or another access point when you want to extend the distance of your wireless network.
Wireless networks are governed by the IEEE 802.11 standards. Access points are used to provide a hot spot for wireless clients in the vicinity. Wireless networks operate as a hub and spoke topology. They also are shared and use CSMA/CA.
Routers will often have a small built in firewall to help with security. There are numerous types of functionality that can be built into these pieces of equipment. I cover many of these in other articles.
One important thing to remember is that routers are usually at the edge of your network.
Switches are usually connected to the router at some point and help segment your network. You will want this if you have multiple buildings or areas with computing equipment in them.
These can be small 4 port devices to larger 48 port devices. Switches can also be un-managed or managed network devices.
Routers and Access Points
Access points have a limited number of users it can handle. More users connected to an access point means lower performance per user. Access points will do better if they do not have too many channels overlapping.
A characteristic of access points is they use roaming to give a user the best signal possible.
This means as a user moves around then then their device will connect to the closest access point in order that they get the strongest signal possible. To do this effectively the access points must have the same SSID (Service Set Identifier) and authentication information.
If you have a lot of access points in a general area then you will want to use a wireless controller. This controller device can manage multiple access points and make it easier for the admin to know what is happening with the network.
The controller does this by the LWAPP ( Lightweight Access Point Protocol).
A wireless network is often on its own VLAN (Virtual Local Area Network). This helps segment the traffic and keep it from bothering other parts of your network that may be more vital.
A network topology is the physical layout of your network. It is the cables, routers, switches, workstations, and hardware like that.
Cables, for example, are something like category-5 or category-6. Routers are what accepts the signal from your ISP usually. Switches help distribute your network.
They also segment it as well when needed. Workstations are usually your PC's or laptops that you do the work from. There are many different kinds of topologies.
Network engineers have been designing layouts as long as networks have been around. The following is a partial list of the most popular:
This is one main trunk that splits off to each device point. Each device connects to the main trunk. They used to be really popular but not anymore. The trunk was a single point of failure so not good these days.
While it was easy to set up, it became very slow in higher traffic networks. It is a topology where a straight line of cable connects all of your devices. This is how the original Ethernet networks were done in businesses.
The star topology is most often used today. It is also quite simple. Get a router, lots of cable, and any switches that you might need and just connect all of your devices. This is a very flexible set up. It is more expensive with the cost of cabling and extra switches.
One of the great things about this set up is that you can add or remove devices without disrupting your whole network. For example, if a workstation goes down and you have to work on it you can just disconnect and fix it. This will not affect anything else.
Ethernet hubs and switch networks all use a Star topology.
This is very simple. A ring network just forms a loop. Each workstation is connected to 2 others. The last one is connected to the first in this set up. It is easy to figure out where a workstation is messing up at.
The worst thing about this set up is that if one computer goes down then the rest start having problems passing information along the network.
The Ring topology is similar to a bus topology in that there is a single point of failure. This type of network operated by passing a token around the network and only the device with the token can transmit data.
Mesh networking is still used a lot in wireless applications. This set up is going to be more complicated and more expensive. It is more complicated because all of the devices are interconnected.
Settings have to be adjusted on the switch because of this. The switch has to allow for traffic to come from everywhere at once.
It is more expensive because of the cabling mostly. You also have to have a switch capable of this too which may add some cost as well.
Mesh networks are common in WAN's (wide area network). In this topology every device talks to every other device. This is very expensive to implement as the number of connections grow substantially with every new workstation.
This is why partial meshes are used a lot and the full mesh.
Client Server Networks
This is the most common type and what we often associate with a network traditionally. In this type of network the network services are provided by a server or multiple servers. Network services could be:
- active directory
- web page
The server would decide what device or uses gets to access resources.
Peer To Peer Network
There are not really any servers in this kind of network. All the workstations are independent and equal. To get this kind of scenario to work you would have to have an account made for every computer that wanted to access your resources.
Peer to Peer networks are usually small. The reason why they are small is that network resources become very slow in a large network.
As you can see, there are several types of topologies and ways to design networks. Each one will have their advantages and the best situation to use them in.
Networking is not terribly hard to learn. It does take some diligence though. You also have to practice the concepts often. I have just introduced the basics in this guide.
They all build on each other. Networking is very fun though. So later when it gets harder just remember how cool it is to understand how routing and the internet really works!
Essential Network Devices
There are a lot of different kinds of network devices being made right now. They used to be much simpler as well. Now, we see hybrid devices as well as dedicated network devices.
They mix and match functions as needed. There is almost always a device for your needs. The trouble is finding the right one for your network.
I am hoping this article will clear up some of the mystery about the network devices and what they do. If you know the information in my guide then you should be able to make a smart decision when you are ready to make a purchase.
Hubs are examples of simple network devices. For the most part, it is not smart or managed. It is simple a pass-through for data packets. It does provide a means of connecting parts of your network together. This is what it is usually used for. A hub can not send and receive information at the same time like a nice switch can.
In today's networked world, you do not often see plain hubs anymore. A switch or router often does the job of a hub plus its own tasks. Routers have really taken over the roles of older network equipment. It is common to see routers that have firewalls, switching capabilities, and other functions all within a single box.
Where hubs are useful is connecting parts of a network together that do not need any specialized management. There are a few places where this applies in businesses. Most of the time though hubs work well in homes to extend a network for added network devices. Its main advantage is that it will be cheaper than a switch or a router.
A switch is a better device than a hub. While it will be more expensive it also does a lot more and will make your network a little faster. Multiple switches are often used at a single location. The number of switches you have is determined by how large an environment you have.
Large networks will have many network devices like switches and access points for example. Switches can be a 4-port or a 48-port variety. They allow different parts of your network to talk to each other.
A switch can be a simple unmanaged type. This means it will work after hooking it up. Nothing to configure. This is often home networking equipment though and has far fewer features of good managed switches.
Managed switches are very nice network devices. They are often faster and can be configured o work with your network. A big advantage of a managed switch is that they can monitor traffic on your network.
There status can be indicated simple by looking at them using there software. You can also remote into a switch and perform any necessary tasks that you need.
Unlike a hub, switches can inspect network traffic before it sends it on. Packet inspection is what makes these devices really valuable. They only send traffic forward that meets requirements. This makes your network quicker and more reliable.
Most regular switches operate at the second level of the OSI networking model. So they are called level 2 switches. This is the data link layer which pretty much tells you what they are used for.
You can now buy switches that feature some routing capabilities which are level 3. These are hyrbid devices that contain the functionality of both types of devices.
Network switches have a lot of features these days. You can choose based on speeds which are copper or fiber. There is the option of layer 2 or layer 3 switches depending on your network's needs.
Sizes range from 4 to 48 port usually so there is a lot to choose from there. Extra features you should look at are PoE, IPv6, and redundant power supplies.
The most basic function of a router is deciding how and where to send packets of information. It routes information. By routing information a router also connects networks together.
The most common example of this is connecting a Lan with an ISP in order to get outside connectivity to that network and thus get internet access to your Lan. A router is a layer 3 device on the OSI model. This is the networking layer.
It is best to use a hardware router instead of software. This is because physical networking devices will have their own processor and memory so performance will be better.
Network routers also do everything that hubs and switches can do also. This is also why they are generally the most expensive of devices.
Networking routers can also include other great features. A firewall is a very common feature and is a good idea. It will help keep your network safe and working better. Routers will also include VPN's.
This allows offsite connection to your network for those that need it. It is common for businesses to offer this feature to employees. You can control who uses a VPN and what access they have with it. It is quite useful.
A firewall is a hardware or software device that provides security by filtering incoming and outgoing network traffic. The traffic is filtered by a set of rules. These rules can be the default as set by the manufacturer or customized by you in software that acts as a firewall.
There are a few different types of firewalls too. They are packet filtering, stateful, and application firewalls for your network.
Packet filtering firewalls just examine the network packets themselves. They are not very complicated because of this. They do not consider connections as they are unaware of this factor.
Stateful firewalls can see the connection status of packets. This feature makes them much more valuable and flexible for your system. Only after they have analyzed the packets will they then apply firewall rules to them.
Application firewalls do all of this and more. They actually analyze the data that is transmitted. This is key to maintaining the integrity of your network. This data traffic can then be matched to known sources of either good or bad data set up in your rules.
VPN stand for virtual private network. It is a useful way for people to remotely connect to networks that are in another geographic location. They are often physical network devices.
Though similar to a router, it is only for setting up and maintaining VPN's. It will take care of the data and security invovled in users creating their connections. So it sets up VPN tunnels securely and manages all of that for you.
Now a long time ago these VPN concentrators were produced seperately. They were their own physical devices. However, these days the functionality is usually built in to firewalls.
A VPN concentrator, to be clear, is designed for multiple connections occurring from different locations.
A site to site VPN is not the same as a VPN concentrator. It is used for establishing a persistent connection from 1 or 2 locations that never change. An example of this would be two or three offices who want a permanent connection between themselves.
Intrusion Prevention System
IPS stands for Intrusion Prevention System. An intrusion is when someone tries to break into your network. Intruders are often outside your network but unfortunately can also be within your own network. It is always a good idea to watch for this scenario. Its job is to analyze packets and deny them entry if they seem suspicious.
Once an attack has been verified it will then try to log the activity. This is important so the activity can be looked at in detail at a later time. Your IPS will then try to stop the attack. Lastly it will report the attack based on settings you had previously provided.
An IPS can be separate as in software based or it can be part of some firewalls. If you can, it is a good idea to have both a firewall and an IPS. A popular software based IPS is Snort.
It is a good idea to have both on your network because it is an extra layer of defense and works differently than firewalls. This difference is what lets them work well together.
This difference is that a firewall either accepts or blocks traffic depending on the rules you provide. An IPS will examine the traffic once it is inside the network and watches it carefully to make sure it does nothing wrong. If the traffic turns out to be bad then it gets blocked.
How IPS Works
It operates between your network and the internet usually. The most common configuration is to sit directly behind the firewall. It is usually a good first buy for companies because it is better to keep intruders and known sources of evil out of your network as a first step.
After you buy one it is important to adjust it to your network needs. If you do not then you will most likely have a large amount of false positives or you will be letting in all kinds of bad traffic.
Detection methods are usually signature based. This is the easiest way to block known varieties of attacks instead of just one individual attack at a time.
Ideally after it is set up you would want a few false positives but not too many. This is far better then false negatives into your system. If it is tuned in this way it should keep the attacks out while only giving you a few false positives. That is the goal in setting this system up.
Wired and Wireless Access Points
An access point acts as a distribution center to connect wireless network devices. They can be either wired or wireless themselves. Wired access points are connected by cat5 or cat6 cables if they are wired. Once data reaches an access point it will convert this data to either 2.4 or 5 Gig Hz signals.
Another use is to even connect networks to each other but this is not very common. Even more rarely is to bridge wireless and wired connections. They are usually not smart or managed devices. Essentially they are distribution points. They can connect using wireless signals too.
Since they are distribution points it is important to remember that they do not have any security features like a firewall would. If you have need of those features just make sure you shop around enough to find what you need.
Home Use For Access Points
At home it is often convenient to use wireless versions of these access points in order to give you greater coverage. They are easy to install and just connect wirelessly to your existing router. Businesses will often add several of these a larger building.
If your access point is wired then it is operating in full-duplex mode. This means that it can upload and download data simultaneously. Working this way indicates that your connection is faster and more reliable than wireless. It is more reliable because it can detect collisions of packets.
Now if your access point is wireless it is going to be operating in half-duplex mode. This is essentially half of the connection speed of a wired connection. Also there is no collision detection capability in half-duplex mode.
Network Content Filter
Content filtering is the use of certain kinds of software to screen for objectionable content. This is usually in the form of web pages or email. For web pages it is called web filtering. When dealing with email it is often called anti-spam software.
Web filtering is pretty straightforward. When the data for a web site comes in then the web filtering software examines it and decides if it should be displayed or not.
The settings are applied at the router level. From the router all computers that send packets to and from it operate under the settings of the web filtering software.
A good example of web filtering software is OpenDNS. This software is what I use at home. It is free for home use and works very well. It is a very useful network device
Email filtering is similar to web filtering. Your software will examine the incoming email for certain strings of text that identify it as something bad for your environment. This process often works by using rules that you can set up.
There are open source varieties of content filtering as well. These are primarily for Linux/BSD systems. Some of the more popular ones are Untangle and Squid. These allow you to adjust literally every setting.
Considering that, they are for more advanced users who want total control over their environment. They do work well though. Any professional IT person would have no trouble with these.
Network Load Balancers
A Load Balancer does one important thing. It distributes network traffic from one source to several sources to lighten the load on any particular server.
For large websites this is one of the most important network devices that they will have. This is very important among huge workloads and high traffic servers.
Another example of this a high traffic server that runs a popular application. This technique will increase reliability and performance. Clustered servers or standalone servers will work with a Load Balancer.
The Load Balancer sits between the servers and your internet connection. It handles network traffic from there. If any particular server becomes unavailable the Load Balancer will distribute traffic to the other servers seamlessly.
In the same vein, if more resources are added, such as another server, then traffic will automatically get routed to the new server on an equal basis.
This also makes your infrastructure more flexible because you can add or take away servers at any time. The Load Balancer will then re-distribute the network traffic.
Types Of Load Balancers
There are different kinds of Load Balancers. They operate differently based on the needs of your network. Load Balancer Algorithms work in a variety of ways.
- Round Robin - This Algorithm distributes network requests in the order they came.
- Least Connection - This Algorithm looks at the traffic of each server and send its request to the one with the least traffic.
- IP - You can decide where certain IP addresses go from the very start if that is how you want to do it.
They can come in hardware and software versions. There are advantages to each type. Using them helps your reliability too because then you do not have a single pint of failure for your system. This is very important and wise to set up your infrastructure like this.
Hardware Load Balancers will typically work better as long as you have the correct solution in place and have provided for future growth. It has its own processors. They are not very flexible though.
For example, if you outgrow your current piece of hardware then you have to buy another usually.
Software Load Balancers are very flexible. Load Balancers can be run on a local server or a virtual server in the cloud. They are most often quite a bit cheaper than a dedicated hardware version.
However, they are actually installed on the servers and will use the servers processor and memory to operate.
Any network and its associated network devices will have various and specific needs. No network will have the same needs either outside of basic routing, expansion, and security. Otherwise, they will all be a little bit different. Almost all Lans include these network devices.
There are not many of them but every one of them can contain a myriad of features that would make one a great choice for your network or the wrong choice. So it is vitally important that you decide what your network needs before buying anything.
The OSI Model
Most networking professionals are very familiar with the OSI model. They do not have to use it every day but it can be helpful when they have to. When used correctly it can be a type of guide to diagnose problems and understand what is happening with your network.
History Of The OSI Model
The history of the OSI model is based around networking standards. The industry needed to get all of the manufacturers on the same page and and have them all follow the same procedures. The model was created to become the foundation of all the protocols that would become the internet.
So today it explains the protocols that we use every day and general networking. That is how the OSI model works and what it means to us right now.
Layers Of The OSI Model
The OSi model is divided up into 7 different layers. Layers work with each other, especially the ones above and below any particular layer. They are numbered because they represent how physical and hardware oriented each layer is.
The bottom layer is the physical layer that involves actual hardware while the top application layer is the most abstract. Here they are:
- Physical layer
- Data link layer
- Network layer
- Transport layer
- Session layer
- Presentation layer
- Application layer
This is your network's physical attributes. It specifies what kind of networking hardware is used to transmit data and the electrical specifications that are used. Topology is also considered here as networks used to have a definite style to them. Protocols such as USB and Ethernet operate at this layer.
It is the lowest layer of the network. This layer provides electrical and mechanical functionality. It handles the transmission of raw data. This raw data is transmited over the cabling.
Data Link Layer
The purpose of the data link layer is to get data to the physical layer so that data can be sent over the network. One part of the data link layer is the Media Access Control section. This is an address built into every network card.
Network cards are the devices that let you plug a Cat-6 cable into them. The other section of the data link layer is the Logical Link layer. This section is responsible for error control to keep the transmission of data going smoothly.
This is the second layer of the OSI model. It deals with protocols between different network devices.
The network layer does the routing for your network so that data gets to its destination. As in most layers, the protocols associated with that layer provides the way for that layer to work.
These protocols select the path as well that the data will take over the network. Data is grouped into packets before it is sent on its way through your network.
When data is routed through a network it can be done so manually or automatically. If it is done manually it is called static routing and your routing tables are updated by the network administrator.
Now if your routing is done automatically it is called dynamic and it is done through routing protocols. Protocols such as Arp, Rip, and IPsec operate at this level.
The main actions of the network layer is to provide addresses, routing, and piecing together data packets.
The purpose of the transport layer is to provide a way for network information to travel between your network devices. Some error checking is also done here to make sure information is still valid by the time it reaches other devices. There are two main protocols that operate at this layer which are UDP and TCP.
UDP is a connectionless protocol which means that it just sends the information and does not make sure it reaches its destination. TCP is a connection protocol and so it will try to ensure the data goes where it is supposed to.
The transport layer segments data to help with network congestion. TCP operates att his level of the OSI. It is widely used.
The function of the session layer is to control the data between applications over the network. It does this by creating and ending sessions. Sessions help maintain data integrity by isolating the data from other network traffic.
This is another way the session layer controls the information. Protocols that work at this layer are SMB and NFS.
The session layer helps with opening, closing, and managing sessions. Applications and send and requestion session information. This session information allows protocols to operate smoothly.
The purpose of this layer is to convert data to a format that will travel over the network well. Media formats are usually what is handled here by this process. Examples are Jpeg, Mp3, and Tiff files. Since data is handled here, encryption is done at this layer too.
Encryption is the process of making information unreadable to humans. The TLS protocol operates at this layer.
The presentation layer delivers and formats information to applications. This information is then processed or send to a display.
The main function of the application layer is to take requests by humans that are input into applications and make sure that input is sent to the lower levels of the OSI model. Information can also be shown to users by the application layer when the data comes from the lower levels of the model.
This layer does not represent actual applications on your computer but gives them the functionality to pass data on through the network.
The application layer specifies protocols used by clients in a computer network.
While the OSI model is theoretical for the most part, the protocols that it refers to are what gets things done. They enable all of the functionality and make it possible for our network traffic to get where it is supposed to be.
There are many important protocols that the internet and our private networks depend on. DHCP, DNS, SNMP, TCP, and IP are probably the most well known so I will talk about those.
However, there are several more that are just as manadatory for network traffic to use. To understand how the OSI model works, you need to know how these protocols integrate into it.
This is another theory model and is the one I like best. The OSI is too theorized in my opinion. For the PC technician, this is a better representation of what we deal with. It is broken up into:
- Network Access layer
- Internet Layer
- Transport layer
- Application Layer
As common sense would tell you, start with the first layer if you know nothing about the problem. However, if you have connectivity but something isn't working right, then skip the physical connections. After a while, your gut instinct will tell you where to start. I'll just mention the ones that are most relevant.
This is the physical layer and data link stuff. It is called the network access layer. Make sure you have everything connected and link lights on your devices if you have physical access to them. That would be the first thing I checked when diagnosing printer issues. Was there a link light on where the network cable was plugged in? That information tells you where to go to next.
The <ip link show> command from a Linux box will tell you whether a connected device is up and communicating. The <ip> command is a good way to see more detail also. Research it and see what all it can do, you won't be disappointed.
It works with the IP addresses to do communicate and deliver data. We check IP addresses by using the <ip address> command. Also, the <ping> command gives you nice information. Using the two can narrow down or solve many issues. You can also use the <traceroute> command. It gives different information so you should definitely use it to gather more information. It shows you the hops a packet took.
The data link portion handles the local network. The ARP protocol is a big one here and is most relevant to us. It stand for the address resolution protocol. It maps IP addresses to MAC addresses. So, it helps devices on your local network communicate with each other. They would not be able to do so without it.
To find ARP information use the <ip neighbor show> command. This shows the ARP table and its associated entries. Any problems in your network will show a "failed" message.
Host to Host
The internet layer defines the protocols that it uses. It is responsible for communications and the delivery of data. It uses either TCP or UDP protocols.
The TCP protocol is reliable and enables communications between systems. It also controls the flow of data and includes many features built in.
UDP is basically the opposite of TCP. It is leaner and has fewer features. It is good to use if your program does not need TCP's features.
Sometimes there are problems and you need to know what to do. First, applicastions use sockets to cummunicate. A socket is a combination of IP address and a port. If there are issues, you need to see if there are anmy conflicts. Using this command will give you much information: <ss -tunlp4>. This will show any listening conflicts on particular ports.
This layer provides many of the popular protocols we use all the time. These include:
HTPS is the secure version of HTTP. Web traffic uses this as we all know. DNS is the next most used I suppose, which gives name resolution to IP addresses. It makes activities very convenient. SSH is also very popular as it lets you remotely and securely access systems. The other two are still very important but mostly work behind the scenes.
Networking protocols are a set of rules that tell devices how to exchange data in computer networks. There are many categories of protocols. There are application protocols, presentation protocols, session protocols, transport protocols, network, and data link protocols. The most popular ones include:
These cover a wide range of applications and services. You will recognize many of them. They are all useful and vital to most systems.
This stands for dynamic host configuration protocol and it is very important in large business or organizations. This protocol software is set up on a server and it will automatically assign IP addresses to your clients so you do not have to manually enter them in.
These addresses are big blocks of available addresses that DHCP can use. They are known as scopes which is the term that networking people like to use.
Addresses are assigned to client computers from this range of IP's by DHCP and this technique is known as dynamic addressing.
You can also input all of the Ip addresses into computers one at a time and this is known as static addressing. It is ok for like 5 computers but if you have 500 computers in your network then that would be a real pain.
When DHCP gives a computer an IP address it is usually for a finite amount of time. This is the lease of the IP address and it is important to remember because at the end of the lease it will expire and another one will have to be assigned by the DHCP server.
You will get a warning when the lease is close to expiring so you can plan ahead if you need to.
Now lets talk about reservations. DHCP reservations are assigned to network devices when you do not want the IP address to change. This is useful for devices like a printer or network switch.
It is useful because you do not want those types of devices to change their IP address.
DNS is one of those protocols that is just a pleasure to have around. I know most of you will have heard of it and know what it does. However, have any of you really thought about the convenience it offers? I had not either until recently but now I am so glad we have this. So what does it do for the uninformed?
It takes a name that you put in your browser address window and does its magic to make that website appear for you. Specifically it resolves hostnames which are the names of websites. These hostnames and any subdomains within them are called FQDN's which stands for fully qualified domain name.
A great attribute of DNS is that it runs on almost any operating system. Operating systems such as Windows, RHEL, Ubuntu, Suse, BSD, and Solaris will all run DNS and that is a marvelous thing.
For a little perspective, sites and their IP information would have to be manually entered into a text file. This was not a big deal when you only knew of 3-5 internet sites but now will millions hopefully you can see how important DNS is.
Types Of DNS Records
If you have ever operated and run your own website then you know that dealing with DNS records is a part of life. In fact, there are several DNS records that go together to help your website get online. You will just enter this information with your domain host and that should get you going. Some examples of these are:
- Name Server - identifies the name servers that where your information is hosted
- CNAME - this record will give an alias to your hostname
- IPv4 - this is the one that maps a hostname to an address
- Mail Exchange - this tells your email where to go
This protocol is a little more abstract and not as familiar to many people. It is the protocol that enables network management software and stands for simple network management protocol.
Network management software and the analytics associated with it are very popular in recent days. Since it allows you to know what is happening with your network at any given moment, it is extremely useful.
The SNMP software works by having software agents listen for specific events that happen. Once any of these predefined events happen then the agent reports back to the software manager. The agents can monitor about anything but typically it watches switches, routers, servers, and printers.
There is also limited functionality here too as the devices can be controlled to some extent and the network person can perform basic tasks on the devices.
You can also issue commands to the system to get more information at a particular time. The commands are typically simple but they can do a lot by using GEt, Set, and Walk.
This stands for internet protocol and is responsible for moving traffic from one network device to another. It is also a connectionless protocol which means that it just sends the data on to where it is supposed to go. IP does not check to see if the data made it to its destination because it is connectionless.
It works in conjunction with the TCP protocol for more reliability. The IP protocol works at the network layer of the OSI model.
This is the transmission control protocol that makes the IP protocol work better. It works by using sessions and by making sure adequate communication can take place between two clients. TCP is a connection oriented protocol which means that it makes sure all the data reaches its destination.
Error handling is also an important part of what TCP does because it does its best to watch for errors in transmissions. TCP operates at the transport layer of the OSI model.
This stands for user datagram protocol and is very similar to TCP. There are major differences though because UDP is connectionless and does not check to see if its data transmission made it to the end. A nice advantage of UDP is it's efficiency over TCP.
Since it is so much smaller it can run much faster than TCP. When the writers of applications are coding they will sometimes use the UDP protocol if they do not need the extra features of TCP.
This is a very old protocol and has been around for many years. It stands for file transfer protocol and it is used to transfer files between a server and a client. FTP can be used to distribute files to the public, friends, or even to yourself if your in different locations occasionally.
The FTP protocol is still used a lot today and has a large gathering of followers. There are graphical as well as command line applications.
Typical FTP Commands
Here are the most used commands when you use an FTP command line client.
This is a newer and more secure version of FTP. It stands for secure file transfer protocol. One of the reasons it is more secure is that it does encryption as well as not sending information in a readable format. It is also used in a server and client set up.
I have used one of these clients when uploading information to this web server before. Obviously I did not want to use plain FTP over the internet so I went with SFTP. Like FTP, there are many clients and versions of software to choose from.
I am sure by this point you may have had enough of confusing acronyms but there are only a few more and this is one of them. SMTP stands for simple mail transfer protocol and it is responsible for how email is sent between 2 clients.
It is an older protocol but it is still used quite a lot. It uses port 25 by default and can subsequently be used to send and receive mail at the same time.
Now I bet you have heard of this one as it is probably the most well known. It is the hypertext transfer protocol and allows an individual to download information like text and pictures from a web server.
This website is on a computer which has a web server installed on it. The HTTP protocol allows you to see my articles that I write in your web browser. HTTP uses port 80 by default to communicate with web servers.
It is also a connection oriented protocol because when you load a website you want to see everything there.
This stands for hypertext transfer protocol secure and is obviously the secure version of HTTP. The main difference between the two protocols are that HTTPS encrypts its requests to protect information. Most everything now supports HTTPS.
Secure Shell is a very useful tool and is the secure version of telnet. Encrypting your information is one of its important duties. You do not want your log in to travel travel to your server in plain view of everyone because it could get stolen. Many use this to log in their remote servers by using this this method.
Internet Control Message Protocol
Reporting data is what ICMP is all about. In its functional form we are talking about the ping utility. I use this all the time to check the status of computers and printers.
If someone is having trouble getting connectivity then you can use ping to see if it is truly the connection or some application on the computer. Another use is to check if a printer is on a certain IP address. Just ping it to see if it responds.
I know that is a lot of terms and acronyms today but they are fundamental concepts in computing. Networking is a huge topic but it has many areas of interest.
IP addressing is the system that dictates how every device communicates with each other over a private network or the internet as a whole. Every device must have a unique name and be identified thusly so all our computers who to talk to.
Our current system of addressing uses standard IPv4 mostly because that is what people have used for many years. IPv4 is actually divided up into classes depending on the size of the networks and how it is used.
IPv6 is the newest system and it is our insurance for the future because it has a multitude more addresses to use. We have this system because IPv4 is running out of addresses soon and this just can not happen. So IPv6 will prevent any address shortages for a long time by our standards.
All computers or network devices need an IP address if they are to talk over small networks or the internet. Addresses are composed of four sets of numbers and they look like the form of 123.456.789.001. Each position represents and on/off bit which can either 0 or 1. This is just decimal to binary conversion but it is good to know anyway.
IP addresses are divided up into classes so it will make more sense when we see an address. There are class A,B,C in use and two more which are D and E. Those last two classes are reserved and are not actually in use.
The address class tells you which of those bits are used for the network ID and which are used for the host ID. This indirectly tells us how many hosts can be on any one network.
- a network that uses subnetting is considered a classless
- the classful system has several limitations
- many networks still rely on classless addressing and custom subnet masks
- IPv4 identifies a network or subnet and the host
- they are a 32-bit binary number
- represented in dotted decimal notation
- the address is divided up into two parts: a network identifier and the host divided by subnet mask
- each host is required to have a subnet mask when using IPv4
- the subnet mask is used to distinguish the network identifier from the host identifier
- it divides the IPv4 address into those parts
- subnet masks can be notated in dotted decimal or in CIDR notation
- a subnet mask that divides an IPv4 addressin half would be 255.255.0.0
These addresses are organized into classes for ease of distribution.
- They are defined by the number in the first octet and the default subnet mask
- Class-A networks use a 255.0.0.0 subnet mask
- Class-B networks use a 255.255.0.0 subnet mask
- Class-C networks use a 255.255.255.0 subnet mask
Class A Network
Class A networks are extremely large and have the largest number of hosts linked together. A host is a computer or some other type of network device that is on a particular network.
The first octet is for the network ID while the last three octets are for the hosts. This kind of network can have 126 networks on it and each network can have over 16 million hosts on each network. It has a range of 1-126 in the first octet.
Class B Network
These networks are still quite large but represent the mid size networks. They can comprise 16384 networks and 65534 hosts on each network. It has a range of 128-191 in the first octet.
Class C Network
These are for smaller networks whether a home local area network or a small business network. This type of network class allows for around 2 million networks and close to 250 hosts per network. The range for this class is 192-223 in its first octet.
A subnet looks like an IP address because it has the same format. However, the purpose of a subnet is to tell you which parts of the IP address refer to the network address and which parts are the host addresses. The different classes of networks that I just mentioned above each have a certain subnet associated with it.
- A = 255.0.0.0
- B = 255.255.0.0
- C = 255.255.255.0
Subnetting redefines the network portion to lengthen the mask beyond the default classful mask. It extends the network portion and allows one classful network to be repurposed as many classless subnetworks.
Purpose of Subnetting
The very important purpose of subnetting is to create more networks and therefore divide your network and its topologies up into more manageable pieces. For small network or home local area network then this does not apply but for a large network it makes good sense.
The reason it makes good sense is that you can separate your departments by IP address or have a certain IP range for just your printers.
When you have a certain IP range for your HR department then you can keep HR's network traffic on its IP range. This keeps one department's network traffic from impacting another department.
The important thing to remember here is that subnetting increases your network but decreases your available hosts.
This type of network is just as it sounds. It is a public network that anyone can join and use the resources on. An example of a public network is something like a cafe offering free wireless while you drink their coffee. They usually have very limited speed and reliability. There is usually no authentication either.
This is a type of network that does not allow access to just anyone. It will usually use a certain user name and password for each individual that wants to connect to it. However, these networks are usually faster and have more resources. Private IP addresses are provided for internal communication within an organizational environment.
Addresses of Private Networks
All networks have certain ranges within them that are used by only that network. This is called a private range. Public facing routers do not pass on information from private networks so that is why you can not use a private address on the internet. The private addresses must stay within a private network.
- A = 10.0.0.0 to 10.255.255.255
- B = 172.16.0.0 to 172.31.255.255
- C = 192.168.0.0 to 255.255.255.0
This is a lot longer address that offers a lot more IP addresses. It is a 128-bit address and it is written as 32 hexadecimal characters. IPv6 offers support for unicast, multicast, and anycast communication.
- Unicast address is for a single interface
- Multicast address is for a one to many interfaces and uses a larger address range.
- Anycast is also a one to many type of addressing. Multiple devices can share the same address
This generates the host IP addresses internally using stateless address autoconfiguration. It is also used to assign link-local addresses.
- Does not require the host to be aware of its present state to be assigned an IP address by the DHCP server.
- If autoconfiguration is not going to be used then hosts can be assigned an IP address with DHCPv6.
This is just the path from a local network to the rest of the networks in the world, or the internet. From a local area network's perspective it is the IP address of your router. That is the path out to the world from your local clients.
When traffic on a local network is destined to go to another computer on that same network then things are pretty simple.
The traffic goes to where it needs to pretty quickly because all of the computers on the local network are already known to the rest of the computers. Everyone knows everyone in this sense.
However, when traffic needs to leave the local network it has to go through the gateway device. The gateway can be another computer but is usually a local router. The router communicates to other routers depending on where the traffic needs to go.
Your router or gateway knows the routes so that your network traffic can get to the next step in its trip.
If there is no gateway device on your network or it is not configured to let traffic through then all your traffic will stay on your local network.
An example of this is an application I run at home but I want it only on my local network so I do not set up my router to let its traffic go past my router. Since there is no route to go past my network then it will not use my gateway device.
There are different types of addressing and they are unicast, broadcast, and multicast. They serve different purposes depending on the situation.
Assigning IP Addresses
There are two main ways to give your devices an IP address on your network. The first of which is doing it manually and this is called static addressing. Addressing your pc's and printers this way can take a long time so if you do it this way then you have to double check yourself.
There are advantages to doing it this way if you need to because some devices you do not want changing addresses such as printers.
The other way to address your devices is letting DHCP do it and this is called dynamic addressing. DHCP is a protocol I have talked about before and it will run on a server to do the work of assigning IP addresses for you. It is most common to let DHCP handle your computer addressing in this way.
Devices that need their IP addresses entered manually will have some way to input the addresses on a panel like printers do. I have to do this myself as I enter all of the printer IP addresses manually and then keep track of them through documentation. Then when someone needs to print to a certain printer I just look at the documentation if I need to set it up remotely.
Dynamic addressing is when the addresses are assigned and changed as needed. They are handled by the DHCP protocol and it does a great job of it. When a computer's address has been assigned to it, it will be for a certain amount of time and this is called its lease.
Just like when you lease a car it is for a specific time period. IP addressing is done the same way. After this lease runs out DHCP will assign different addresses to devices as they are needed.
Anything that needs to stay the same like switches or printers can also be put on a reservation which is similar to static addressing but within the DHCP sphere.
The BootP protocol was designed for network devices that needed to connect to networks and that did not have internal storage. The BootP application would be run on a server and and devices on the network that needed an IP address would call out to the server to get the correct information. The server uses MAC addresses to authenticate and keep track of the different devices.
An example I see often is printers having BootP in their set up. This is because printers do not usually have hard drives and BootP gives it one way to connect to a TCP/IP network.
The MAC address of a device is the way to uniquely identify any device. Calling it the physical address is also accurate and this is used a lot. It uses a hexadecimal form and contains six different bytes of information in the address part.
An interesting fact is that the first three bytes of the address define the manufacturer of the network card and the last three bytes are given by the manufacturer to identify the network card.
Being hexadecimal in nature the addresses use the numbers 0-9 and the letters a-f in the address.
There is a newer and longer form of the MAC address now and it uses extra bytes and dashes in the address to differentiate it from its older cousin.
- 48-bit long and represented in 12 hexadecimal characters that is hard coded into the network interface when it is made.
- They are completely unique to each network interface.
- The MAC address of a network card operates at the Data link layer of the OSI model.
- They are often called the physical addresses
MAC Address Filtering
This is a simple process of only allowing equipment to join your network if its MAC address has been previously approved by adding them to a list.
- Any MAC address that is not approved will not be added to the ARP table and none of its broadcasts will be sent out to the network at large.
Network Address Translation
This is very important for one reason and that is because there are not enough IP's in the world. NAT allows us to just use one public IP that others can see. There can be many local IP's hiding behind this one public IP and these are the private address ranges that I mentioned earlier.
Your public IP is often a router and it will handle the network address translation protocol for your networking hardware. The router will then keep track of which machine on your network sent information so if information goes back to this machine then the router will make sure any data goes back to this machine. This is basically how network address translation works.
- Router based service which allows a router to change the IP addresses of the packets that they send.
- The private IP address never leaves the private side of the router because it is replaced, via NAT, with a routable public IP address.
- Commonly used to translate private IP addresses to public IP addresses.
Allows a one to one translation of public to private IP addresses to be configured.
- Often used to provide a translation for an internal server that must be reached from the internet.
Port Address Translation
The port address translation protocol allows an administrator to just use one IP address and configure his clients to use certain ports that will allow traffic.
Doing things like this is especially useful if you want to secure your network a little more than usual because it hides so much of your client's information.
- Is a form of dynamic NAT which allows many IP addresses to translate to a single public IP address.
- Maintains separate entries for each of the sessions passing through the router by recording the source and destination ports of the sessions.
- It is extremely popular and is used primarily to provide many workstations the ability to access the internet without each needing their own IP address.
This is also called the destination network address translation protocol. That is a long name but people rely on this every day. This is handled at the router level to change where network packets are sent.
Their IP addresses are changed for the destination and this allows applications to communicate through networks. Gamers use this all the time when they want to play the same games together even though they may not realize it.
A broadcast is a transmission sent from one device which is destined for all other devices in a network.
- They are the area of a network through which a broadcast propagates.
- Subnets can be interconnected by a router.
- The broadcast originating in one subnet is then not propagated into another subnet.
A collision can occur when two different Ethernet devices on a network transmit data simultaneously.
- Collision domains are the portion of a network across which only one frame can exist at one time.
A routing loop can occur when static or dynamic routing is incorrectly configured.
- They can be identified with the traceroute utility.
- If a packet hits the same router more than once, this is a good indication of a routing loop.
- Packets in a routing loop will be forwarded between two or more routers until the TTL expires.
Managing TCP/IP is a straight forward process. Computers and routers deal with the routing tables that specify paths for your network information.
You then just decide what type of routing you want to do and that is either static or dynamic routing. Variations exist as well and those are distance-vector and link-state routing.
Routing tables keep track of the paths for information. Computers and routers look a them and decide which is the fastest route. This helps make the network reliable and as quick as possible.
Your router needs this information to send data through and it can get it by either static or dynamic routing.
- Routers maintain their own routing table.
- These tables contain information about the networks directly attached to the router.
- They also contain entries that inform the router how to get to all subnets or classful networks in a topology.
- Most routers have a default route.
- The default route provides the router with a direction to forward traffic when it has no other information.
- Routers share their routing tables with other routers in the environment.
Static routing is manually entering your network information into your devices. If you have a very large network this can take you lots of time and there are probably better options out there.
Changes to a network also make this more complicated and a headache because you then have to go back and manually update your devices again.
- This type uses a route that a network administrator enters into the router manually.
Dynamic routing has the routers retrieving its own information as it needs and it uses protocols to do it. The routers communicate among themselves to establish the best route for network packets.
Dynamic routing uses the distance-vector and link-state protocols.
- Uses a route that a network routing protocol adjusts automatically for topology and traffic changes.
Routers use this protocol to talk to the routers that are directly connected to it and show each of them its own router information. Routers have worked like this for a very long time. Network information travels from one router to the next like this in a series of hops.
Routers update their routing tables very frequently and in a large network this causes a lot of traffic over time, it can slow down the network, and errors often happen between routers.
Routers that use link-state routing have an entire layout in their memory of routes to send network information to. This is in contrast to distance-vector routing where routers only know about the next hop.
So link-state routing is much quicker and efficient. Updates between routers still happen but do so less frequently because the routers know so much more about the network they are on.
Proxy servers are part of your security plan for your network and often work with your firewall. They send and accept network traffic on behalf of your clients. A proxy server adds more functionality to your network system to help protect it. Adding speed to your network through the process of caching is one of the major benefits of a proxy server.
Everyone wants high availability in their systems. They should always be up.
- A first hop router redundancy protocol can provide redundancy for a default gateway.
- There is Virtual Router Redundancy Protocol
- Also there is Hot Standby Router Protocol
Hop counts is something that we can measure and monitor. This is the number of stops a packet will need to make before it reaches its destination.
- Bandwidth and the maximum size of the data packets that a route can carry.
- There is also the cost and efficiency of the router.
- Latency is also important and this is the time it takes for a data packet to traverse the route to reach its destination
A lot of things happen in order for your network information to get from one network to another. You have different routes and many protocols that can be used depending on the situation.
There is never a shortage of options or acronyms when learning about this either. Understanding subnetting and the routing of traffic are especially important here.
Details On Networking Devices
For those who like to scan articles first, here is a partial list of what I will be talking about today.
- Access Points
- Beginning Configurations
There are many more types of computer networking devices but in this article I wanted to concentrate on the more popular and essential devices that will be in your network.
Then I will end with Vlans and some configurations that you would likely see when first setting up these devices. I would encourage you to obtain one or two of these to play with and get to know for your home lab.
A router will often be the front networking device in your environment. Your ISP will give you internet access and you will usually connect this to your router device.
Their main purpose is to join two different networks together and send traffic through. For example, they will connect to both the Internet and your local network.
They can accept traffic from the Internet and send it to computer networking devices that are located on your network.
It works the other way around too as your network can also send traffic through the router to the Internet too.
Routers can be many different types of devices but usually they will be their own contained device. This device will have networking software with it that will communicate to all other devices within their reach.
They work at the network layer of the OSI model because they mostly deal with IP devices. Once it receives data it can inspect it and then route it to the correct destination.
It determines the proper destination from the header of the network packet. The destination is in the form of an IP address and is associated with another computer networking device.
Learning how a real router works will be important for your career if you work in Information Technology. You will not have to touch a router every day but the concepts will help you support your network and diagnose issues.
You have to understand how routers work and what all your model does to be able to do this.
Once you have a router to play with at home then set up a VPN or a VOIP system to better understand how your router works.
These types of home projects are essential to a deep understanding and they will provide valuable insight into troubleshooting when problems do occur.
A firewall device can be a separate unit or a piece of software inside the router unit. If it is a separate unit then it will be next to the router so the firewall rules can easily be applied to the network traffic.
The firewall for a particular network will control access based on how it is set up. It should have clearly defined rules that allow or disallow based on certain conditions.
Linux and Windows operating systems have software firewalls built right in to them and they allow for configurations that work best for your environment.
They are setup and configured quite differently so whichever you choose to learn just realize that Linux will be the more difficult to learn and configure. It will, however, give you greater control and power over your environment.
They serve different functions and can include many different features depending on the amount of money that was spent.
Stateful inspection firewalls are considered regular firewalls that you usually see. Unified threat management firewalls (UTM) are networking devices that combine many different functions into one unit.
Once you have an Internet connection and it gets through your firewall then it needs to go somewhere. This is what switches are for. They recreate and distribute your signal to other rooms or buildings that your network is in.
They can have 4 ports or even 48 ports so you get the size that you need plus a few just in case. Your computers and printers will now plug into these switches.
Computer networking devices such as computers or printers will connect to a switch through twisted-pair cabling.
Switches can be pretty smart networking devices because they send signals to the correct device instead of to the whole network at once. The destination of the network packets is identified by the MAC address of the device.
The MAC address is included with every networking interface card and that is how devices are located and referenced by switches. This process greatly improves network performance and reliability.
Multilayer switches operate as both a router and a switch. This means that it can talk to devices in its own network and outside networks like the Internet. Layer 2 switches are especially useful because they will send and receive traffic through different networks.
They are essentially bridges because they join two different networks except they still function as a switch otherwise.
A layer 3 switch is also called a multilayer switch and this is the kind of switch that is usually meant when someone references a multilayer switch in their computer networking equipment.
These switches can also be configured so that different ports on the switch can operate at either level 2 or level 3 which is very handy.
Layer 3 switches route traffic between Vlans so if you are using Vlans then you most likely have a layer 3 managed switch.
These computer networking devices usually provide wireless signals to hard to reach areas. They can be either wired or wireless networking devices and they extend a wireless signal so that portable devices can more easily connect to your network.
They send and receive data through an antenna.
The physical area your network covers will determine how many access points that you will need. You just want enough to do the job because too many access points will cause problems in your wireless signal.
This is just as bad as not enough signal so be careful of this when installing your wireless network the first time.
Configuring Networking Devices
Configuring a device means to set it up a certain way. You can choose to have Vlans on your switches, decide what traffic will come through your firewall, and limit your wireless traffic on access points. There is obviously much that can be done and usually the task is not very difficult to implement.
This acronym stands for virtual lans and that can be further broken down into virtual local area networks. It can sure get confusing sometimes. Vlans are like sub-networks because they divide up your physical network.
A Vlan for a certain group makes it appear that group is on their own private network. Another term that is good to describe them is a segmented network and that is their true purpose.
Vlans are based on logical connections since their physical connections can be elsewhere on your network. Connect all of your computer networking devices and then start dividing your infrastructure up in logical units. It will not matter how they are connected at that point.
The information about any particular Vlan is on the switch that it was created on. Its information is held in a database that is contained within the switch.
Purpose of Vlans
Vlans, under the right circumstances, will make your network more secure ad better performing. We have many Vlans dedicated to printers at my day job because their IP address never changes. This keeps printing traffic separate from our Pc traffic.
Printing is usually low priority traffic and does not need to be mixed in with our higher priority traffic with our databases that are doing key functions.
Trunk ports are specialized ports on a switch that is designed to accept traffic from another switch and send it on. It will be a high speed port such as fiber. While a trunk port can take all Vlan traffic, it can be configured to just accept traffic from a particular Vlan only.
For trunking traffic to occur you must enable trunking on the two switches that you want to communicate in this way.
Any port on a switch will be either an access port or a trunk port. This port can't be set to both types at once however.
This lets you decide how to group ports together on a switch. To set this up on a switch you will have to log into its interface and probably go to its security section. You can also delete any settings for grouping your ports together and that just makes your switch more flexible.
Link Aggregation Control Protocol
The main purpose of this protocol is to let physical ports be grouped together in whatever way you want. It can have the effect of helping your bandwidth because ports are grouped.
Determining Vlan Roles
A Vlan can use a protocol, physical port, or a MAC address to group different networking devices. They can work different ways depending on which option you choose. That means there are advantages for each method.
The protocol that you are using at the time will decide the Vlan that will get used. This is set up in advance depending on your needs in the organization.
Physical Port Role
Certain ports can be grouped together on a switch to handle your Vlans. You can divide your switch ports by department or building, whatever makes the most sense in your situation.
This is another way to add computer networking devices to Vlans and it is also commonly used. You can put your accounting department into its own Vlan by adding the MAC addresses of their workstations to its on Vlan.
It will appear to them that they are on their own network and they can also share resources meant just for them.
Enabling Vlans in your network will create a default Vlan. Depending on your network equipment it could be called Vlan 1 or something similar. This is used mainly for communication by the switches.
First of all, the network communications in a business or organization can take on many forms. A business or individual may use part or even all of these types of communications. In conclusion, they each have their use cases and advantages.
- Voice over IP.
- Video broadcasts.
- Collaboration software.
- Quality of Service.
Voice over IP
Voice over IP is used in many if not most business environments today. You can get a lot of cool features with these types of phones and save a ton of money over traditional phone services. Another reason this has become so popular is because it uses the same Ethernet cabling as the rest of our network.
Video of most varieties can also travel over the network, so others can see it. This can be a streaming event like a webinar or just something made locally by a department that needs to be seen by the entire organization.
Surveillance and security cameras are also part of this. They may not get sent out as videos very often but the footage sometimes needs to be seen. Among your typical network communications this is often the most important but also the least used.
Another nice advantage of network services is collaboration software. This can be something that helps with documents or even some sort of chat software like Cisco stuff or Slack.
Quality of Service
Quality of service is essentially several mechanisms working together to guarantee delivery of time sensitive packets. This is important because too much data loss with one of the previously mentioned services will cause it not to work. Furthermore, we need a quality of service that is at least to a certain point so we can do our work.
- Data can be classified by address or application type.
- Once it is classified it can be prioritized by the traffic type that works for your business.
- For example we can make voice traffic a higher priority than other types of traffic.
Virtualization allows you to connect virtual machines and devices to a network in the same way that you connect physical devices. You can connect these virtual machines without using a physical network adapter.
Consequently, this is becoming one of the most important types of network communications as it is becoming central to all that we do.
- This makes it easy to build a complex network.
- No need to invest in a large amount of expensive physical hardware.
- This model supports a high number of virtual networks on just one physical network adapter.
- These networks and network devices will use our current DHCP server.
Virtual machines connect to a network through a computer with a network adapter. It can connect to all computers connected to that network adapter. Without using a network adapter it exists as part of an internal virtual machine network.
This process does require virtual components to function which acts in a similar way to their physical counterparts in a physical network.
Network Virtualization Devices
All your network devices can be virtualized in the right environment. This is helpful because you don't have to buy the actual devices.
- Virtual Switch
A virtual switch allows you to connect virtual servers to separate lans. Since they behave the same as a physical switch a virtual switch allows you to separate traffic for security and quality of service reasons.
- Virtual router
This virtual device will also allow you to route traffic between devices just as a real firewall would.
- Virtual firewall
These filter packets and monitor traffic.
Storage Area Network
This is any high performance network whose primary purpose is to enable storage devices to communicate with computer systems and with each other. This gives us fault tolerance and redundancy with our storage.
- Storage devices provide access to shared block level data storage.
- This is used to make storage devices accessible to servers so that the operating system sees them as locally attached devices.
- The server accesses the storage at the block level.
- The storage appears locally attached like an internal disk.
Fiber channel is often used as the network communications protocol in a storage area network. A storage area network is often made up of multiple fiber channel switches.
Network Attached Storage
This is a file level data storage device. It will not appear as a local storage device.
- It attaches directly to a network much like computers and servers.
- Provides data access and file storage to computer systems on the network.
- Effectively replaces one or more file servers by providing the central storage locations for users data.
- Accessing data storage from network attached storage is done over the IP network using file level protocols.
- The operating system level of the computers and servers do not appear to have the data storage available locally.
- Users have to access data as a file share over the network.
- Creating file shares on the network attached storage devices enables other computer systems to connect to the shares.
In network management there are many details to keep track of. Monitoring is a huge task but it is one that needs to be done thoroughly. There are many ways to do it and tools to use. This guide talks about many of the requirements that you will need to monitor.
Network Monitoring Tools
A packet or protocol analyzer is one of the first tools that we can use to examine a network. They can display, capture, and save packets. This software can read packets intended for other devices. If it is used in promiscuous mode then the packet sniffer is seeing the information pass across a network.
One of the most popular example of protocol analyzers is called Wireshark. It is very popular because it is free and works quite well. It can specify which network interface is to capture packets.
You can operate it in promiscuous mode to see all traffic. The software can define what types of packets are to be captured. Finally, you can tell Wireshark how long a packet capture should run before it terminates the connection.
A port scanner is another type of tool to look at a network. They can examine specific machines to check for open ports. If you see a port scan hitting your server then it often means that someone will try to attack your network.
The person that is doing that is trying to find open ports on your machine. If he can do that then he will then see if you have anything vulnerable.
When analyzing your own network you need to see what machines are generating the most traffic. This will often be a clue as to what machines are compromised if the traffic is a lot more than usual.
However, you will have to do this over a period of time to establish a baseline for traffic so that you know what is out of the ordinary.
Packet flow monitoring gives an overview of the traffic. A flow is the network traffic between two different machines. We want to use this monitoring because it gives us a good idea of the usage on parts of out network.
SNMP Network Management
This is simple network management protocol. It is used for network management and it is very useful. It is the standard for management and it is very popular. SNMP agents are put on all your machines you want to monitor.
This application tool will then occasionally ask the agents on those machines whether everything is working as intended or not. You can configure your application to ask once a minute or once every hour. It will be up to you to decide what is best for your environment.
Common devices that need monitoring are routers, switches, and servers. Keep in mind that you need actual enterprise network gear to has these capabilities. You can not go to your local office store and get a router there that will be able to do this.
Since we know that the management software can ask the agents for information we will need to display that information in a nice way. Messaging can be configured to give us the information that we need.
There are a few different versions of SNMP so use the most current if possible for security purposes.
All modern operating systems have system logging included. We need this on our servers so that we can go back and look at these logs to see what is happening. These can be generic operating system logs, database logs, or various application logs.
It is important to look at them occasionally to make sure nothing is different or weird in your systems. However, they are a great place to start when diagnosing problems.
They can be very resource intensive so monitor that when you can. We use these to see what is happening on any given day or minute of a day.
SYSLOG is important to know about. It is a standard for logging and reporting. It has error codes from 0-7 with 0 being the worst and classified as an emergency. The SYSLOG software functions as a server.
This is nice because applications can send their local logs to this remote server. It will collect and make things easy to analyze.
Monitoring alerts can be sent to anyone that requires it. SMS messaging is often chosen and convenient. This allows administrators to be on call and responsible for their systems.
Conditions need to be monitored in your network closets and server rooms. The rooms do not need to be too hot, cold, or humid. So we need to keep them within a safe operating range.
These locations should be monitored for temperature and humidity. The solution tot his is to add sensors that connect to our network. These sensors should have SNMP and alerts so they can tell the administrator when something is wrong.
Power is another thing that should be monitored. The UPS's should have SNMP as well ti send out alerts if power is failing or conditions that are bad. UPS's can also provide limited power for servers so they can be shut down normally.
However, this only works if we know that power conditions are bad so getting that first alert nice and quick is what matters here.
Wireless Surveying Tools
Another topic that is important these days is WiFi interference. We all have several devices that operate with WiFi that we need to know how to help our signal and make sure that our equipment is operating correctly.
Your work space should be monitored to make sure your wireless signals are getting to all the places they need to. The signals should be strong so users can do what they need to do. It is helpful to make a map for reference using an online drawing tool. Label where the signal is good and also where it is bad.
Elevators and other metal structures are always bad for wireless signals. They can not get through metal so people on the other side could have bad reception.
There are specialized tools that can help us take a site survey. These tools can be software or they can be hand held devices that many vendors make. These are called wireless analyzers. They are used for troubleshooting insecure networks, connectivity, and doing reports on a network.
Getting A Baseline For Network
When we are baselining a network that means we are getting its normal behavior. We want to see the usual traffic and issues on an average day. That way we know when something is out of the ordinary.
This should include knowing our hardware resource utilization of devices like our workstations and laptops. Knowing the bandwidth that our devices use is also very important.
When taking a baseline you should do them at different times of the day. This means that you should measure activity on when the network is slow and also when it should be busy.
Network Telemetry Logging
Every operating system has different telemetry tools available. It is important to use these often know what is happening on key machines. You can analyze traffic going in and out. Seeing what spikes your network traffic is also important.
Analyzing Network Utilization
While we always hope our traffic is moving quickly we sometimes get bottlenecks. It is a component with a lower capacity than the rest of the system. It is what is holding the rest of the system from going faster. In a machine it is often the hard drive that is the slowest part of the system for example. That is a bottleneck.
Bandwidth usage is important for our WAN connections. WAN is of course our wide area network. When WAN traffic is unusually slow we may have configurations issues at our router or gateway.
We should also monitor our storage. SAN's are a popular type of storage for enterprises. A SAN is a storage area network. Tracking the usage of our storage is very important to ensure users have what they need.
CPU and memory usage are other attributes that should be monitored. If there are bottlenecks in any of these areas then we may need to upgrade certain devices or components.
As mentioned above, analyzing our wireless is also a good idea. Most traffic is on the 2.4 GHz section instead of the 5.0 GHz spectrum. There are many channels that can overlap and cause issues if they become too crowded.
Analyzing Network Interface Data
Monitoring interfaces for their link status is helpful. This is communicated back and forth to your software. You can also look at the devices to see the status. For example, printers and workstations have network cards in the back with lights on them to indicate status. This is helpful when troubleshooting issues. SNMP enabled devices will also report when a link is down.
Device and workstation interfaces can be monitored for more than its link status. Over time, errors and dropped packets can mean you have a more serious issue. High usage over time can mean you have driver or software issues.
The interface speed on a device must match the device it is connected to. However, most ethernet devices support a range of speeds and will go back to the speed where everything works.
As your network grows it is important to save the configuration of your devices. This is very helpful when moving them around or replacing them. Most devices can backup their configurations using TFTP or trivial file transfer protocol.
After backing up all your data you need to protect those files. This is called data archiving. It is the storage of data securely off for long periods of time. This data archive should be at another location.
If a natural disaster happens like a tornado then network devices can be brought back to their original state.
Managing Configuration Baselines
Configuration baselines specify a functional state for a device. Baselines are useful in configuration management to establish a configuration state and define a change in configuration. Baselines can be used in auditing to confirm configuration status.
Server machines can be configured to automatically get updates to reach a baseline level. Data center management software can automatically take servers offline, fix any issues, and then bring them back online.
If a device does not meet pre-defined standards then it must be brought to the level where it does. This process can be automate depending on the device and software.
Mobile Device Management
Smart phones and tablets are being used more and more in the workplace. You need a way to manage all these devices when they attach to your network. People are using these devices because they are easy to use and very portable.
I use my smart phone for tracking work orders and many other things when I am not at my desk. They are very useful indeed.
Exchange server can be used to communicate with our phones to give us our corporate email and calendars. Our management software needs to be able to remote wipe devices that might be lost or stolen. This protects our network. Devices should also support encryption.
Mobile devices all need to connect wirelessly. That means our network needs to provide proper signal everywhere its expected. Businesses often incorporate a guest wireless network for this reason.
Network Access Control
A NAC is a network access control. It is a method of ensuring connecting devices meet our network policy. When machines or mobile devices connect to our network we can make sure that it meets certain standards.
A network access control will usually check for antivirus, operating system updates, and make sure the firewall is enabled. NAC's will quarantine systems if they do not meet certain standards.
Documenting Your Network
Documentation is always important. You should document everything you can. Network configuration is especially vital. Configurations of your firewalls and switches should always be done. You should document your server and cable closets. Labeling cables that go into switches is also very useful.
Documenting your IP's is something every network admin should do. This lets you now what is happening and lets you know how to access everything on your network.
Assets should be documented too. Every significant device needs to be on a list somewhere to keep track of what you have. This will let you see if everything has the same patches and operating system.
Asset management software should include ID's, locations, and software versions.
An ICS is an industrial control system. They control industrial systems that are in warehouses or plants. You also see them in energy, power, and water plants. They are often networked but do not provide access to the outside internet.
A common plan for security is to use private addresses on your lan. Everyone does this now and it is common practice. The reason why this helps is that these private addresses are not directly accessible from the internet.
Security for your network should have many layers. Firewalls should be there too obviously. They will filter traffic that comes in. Firewalls should be host based and at the endpoints to cover everything.
Reducing Network Congestion
One way to help with congested network traffic is to segment different parts of your network from the rest of it. For example, if a particular device or server uses a lot of bandwidth then it could be moved over to a separate network segment so that it does not interfere with the rest of the network traffic.
Load balancing can also help with network traffic. This is useful when you have tons of network traffic. I can be used to split loads between servers to help with congestion.
Cloud computing really boils down to a few different concepts and their variations. These few concepts are usually cloud servers that end up running services for businesses or home users. For example, you can pay a monthly fee for a cloud server and install whatever you want on it.
Many people will install an operating system on it and run apps that do whatever you need. The differences in these cloud systems are how much the user has to maintain. Lets get into some specifics.
Software As A Service
A user will consume a service which is often through a web interface. This is a very popular method of delivery because everyone can use a browser. Examples that are often hosted on a cloud server are email, inventory systems, pbx's, and documentation apps.
The user of these apps do not control anything and just use the software they need. There is often a subscription in place that customers will have to pay for in order to use some software. Everything is hosted by the people that sell the subscription.
This software as a service has been around a long time as it can be traced back to the 60's-70's era.
As our technology has advanced and computers have become more ubiquitous, cloud computing has become more popular.
Platform As A Service
This model of cloud consumption allows users to install apps or services onto the hardware and control its network topology to some degree. This could be something that is created by the user, bought through a third party, or something open source and free that was downloaded.
Linux is a popular example here as it is usually installed onto cloud hardware. From there you can host a web server or a database. The user will have control over the application or software he installs but none of the hardware.
Developers have this space in the cloud to create their applications for business or personal use. It was a huge factor in the increase of developer careers.
Infrastructure As A Service
This cloud computing model is where the user has the most control. They can install software and configure it. Storage and networking components are also configurable by the user. They still do not control any of the physical hardware because that will be in a remote location most likely.
One of the great things about this model is that it can scale quickly, up or down. If you write an app that becomes very popular overnight, you can add more resources in just a few minutes in order to maintain functionality for your customers.
The hardware that provides cloud computing to a specific business unit is often considered a Private cloud. This is one or more servers that provide services in one of the categories I talked about above. This Private cloud can provide apps and services.
The hardware can be located on site of your organization or at another location. This is a more secure solution than having your data sit on the internet somewhere as more effort is needed to keep it safe. It can be done but if you have the option this is often the best way.
This is another stack of hardware except it is available for public use. There will be systems and processes set up to allow public consumption of certain services. Email falls into this category as anyone can sign up for a cloud or hosted solution. Once you sign up you can start getting email.
So, a third party person or business can offer their computing power for a subscription. Their platform is open to all and anyone can sign up to use these resources. A public cloud is a good way for business to save money as they will not have to purchase the hardware.
As you can imagine this is a combination of the previous types of Cloud we have discussed. However, to be a hybrid cloud computing model it must allow app to be portable between the different services.
It is most often a mix of private and public models. The applications hosted here are almost always shared. Businesses only pay for the resources they need which is great for both parties.
Ah virtualization, one of my favorite topics. I could write and write about this. It is ever changing and just as important. It is what makes cloud computing possible. When you virtualize, you can do it two different ways. The first way is from within an operating system and this is called a type 2 hypervisor.
This type 2 hypervisor is reliant on the operating system. The other way to virtualize is outside of the operating system which is on the host hardware itself. Other named include bare metal and type 1. Type 1 is superior to type 2 because of performance, reliability, and features.
The drawback is that it takes more knowledge. The host is where a hypervisor runs and the resultant virtual machines you create are called guests.
Virtualization allows you to use your system's resources very efficiently. You can actually get close to to using it all without performance degradation.
Software Defined Networking
Everything we have talked about is software based. Software defined networking is no exception. This software controls every aspect of your network and to a greater degree than would be possible otherwise. Understand that the whole reason you use software defined networking is to make your network more efficient.
This happens by grouping same network functions into some software which makes it easier, quicker, and less error prone to complete.
Storage Area Networks
All computers, services, and clouds need storage. A storage area network is, in simple terms, a network of storage devices. They are considerably expensive and can be hard to maintain. Lets be more precise, however. It is typically high speed storage because you want as little latency as possible.
Storage area networks provide block level storage for it to be available to the systems that need it. The end user will see it as locally attached storage. They will increase your storage speed and application performance if they rely on storage. Fibre channel is used because of its speed.
SCSI devices have been around a long time. I built a computer a long time ago with chained SCSI hard drives together. It was a great technology then and it still is now. Since it has just evolved, iSCSI is the language of storage and is how storage technology communicates with other similar devices.
ISCSI stands for internet small computer systems interface. It is a storage protocol that works in conjunction with TCP/IP. Administrators use it to connect computing devices to network storage. You can use it with a San, Nas and any type of hard drive.
Network Attached Storage
Cloud computing storage does not get more simple than this. If a storage area network is out of your budget then buy or build network attached storage. This can be a simple unit that is bought or it can be an old computer set up for storage with a relevant operating system.
Network attached storage is a file level storage model. Networking it will get the most functionality out of it and will support many devices. You will buy a Nas with a certain amount of storage but increasing storage is as easy as adding a larger drive. A Nas is easy to set up because it will not have a full fledged operating system installed.
Elements of Unified Communications
Unified communications is an important buzzword these days. It can mean several different things. There are some things in common though. Almost all implementations include messaging, VOIP, and some sort of collaboration.
Quality Of Service
Elements Of A System
Benefits of Unified Communications
Basics Of Network Security
The basics of network security encompasses a lot of different areas. It ranges from giving users least privilege access to keeping physical doors locked so only proper people have access. So its the process of protecting the network.
You take precautions to protect the data on your network. The best way to do this is by adding multiple layers of protection. Each layer means it adds a small bit of protection, each in a different way.
One of the easiest ways of protecting the network is using good passwords. What I mean by this is by using long passwords. They do not have to be overly complex. Really, they just need to be long as possible.
Use letters and numbers, but not something that is easily found out. Try for 15-20 charcters if possible. Symbols are nice, but don't do such a complex password that you don't use it correctly. That is the important part.
This is really big. Most vulnerabilities that are exploited are because of outdated software. You should update applications at least once a month, if not more. This gets the latest security fixes for each of these applications. It is vital for network security.
The best way to update is by using a package manager for your operating system. They exist for all operating systems so they should be used. I know they are in Linux, BSD, Mac, and Windows.
This allows you to script updates, which can then be scheduled. When they are scheduled, they happen automatically. You don't have to remember to do them if they are scheduled. This means they will always get done.
I've touched on firewalls before in other articles. They are important enough to mention again. Firewalls can be hardware or software. Hardware versions are more expensive and are for people that don't know how to configure their own software firewall.
Software firewalls can be configured to any degree and have almost unlimited flesibility. The downside is that you have to learn them. However, since they decide who and whats gets into your network at a traffic level, they are networking essentials.
Every operating system has logging capability. These logs show events that happen. It is important to learn how to interpret them. They give clues about potential intrusions and evidence if your network comes under attack. There are even powerful applications that can log even more than a typical operating system.
Most people are familiar with the term anitivirus. They vary from free to very expensive products. Large businesses usually get the expensive products. It is debatable whether every operating system needs antivirus but something minimal won't hurt at least.
Some suites get so involved in your machine they actually have worse effects than the spyware they are supposed to protect from. So keep that in mind.
This stands for virtual private network. It is often used to securely connect to a network from an alternate location. There are other uses but this is one of the most common. It carries encrypted data that is being routed from one network to another. It uses the PPP protocol.
People often use public or home networks to connect back to their office. They use a VPN for this. It is software that establishes a point to point connection in a secure way.
You will need both a client and a server. The client is what you will install on your own machine, like a laptop. The server software will be installed by your administrator and maintained by him. You can use virtually any type of connection for a VPN.
It is good to use VPN’s because they are very cheap. There are many open source solution that are totally free and work very well. Adding users is trivial because often they are using public or home networks.
They are also very easy to use, as its usually a matter of just putting in credentials and hitting connect. So you will rarely need any support for them.
To get everything working properly, the VPN software using a couple different protocols.One is PPTP which stands for point to point tunneling protocol. It is built off PPP and is what created the secure tunnel between the two networks.
The other protocol is L2TP which stands for Layer 2 tunneling Protocol. It delivers the data through the secure tunnel.It does the authentication between both points of the tunnel.
The IP Security protocol provides secure communications between two networks. It consists of two sub-protocols. They are known as Authentication Header and the Encapsulating Security Payload protocols.
Authentication Header provides authentication while Encapsulating Security Payload handles encryption.
An access control can be any of several different ways an administrator can control who gets on the network.
Mandatory access control is probably the most secure mechanism. With this system, administrators can control every aspect of their network and who accesses it. It works by assigning security attributes to every user and object within the network.
If a user tries to access a shared drive, their access is compared to the access level assigned to that shared drive. If it’s the same or higher, then they can see the data.
Discretionary access control is a little different. This can be controlled by the creator of a file. They give permissions to the file which decides on who can access it. It uses an access control list, which is a list of attributes for everything.
Network Access Control
This is another way that network security can be managed. Network access control can restrict access based off of a posture. A posture is your machine’s current state regarding security.
It wants certain attributes and up to date virus definitions for example. A posture assessment is an evaluation done by the network access control.
Remote desktop protocol is a good way access secure resources or machines. It is used on Windows machines. It uses a graphical environment to help users. It uses a client-server architecture.
One machine must have an RDP client while the machine to be accessed will have a RDP server running. It uses the TCP port 3389. It is important to allow use of RDP on the machine you want to access. It should be off by default for security reasons.
Secure shell protocol is another very popular way of accessing remote machines. It is similar to RDP in that respect but done quite differently. It is often used on the command line as it is very flexible. It has every day use on Linux machines because of this.
Windows can also use it with the OpenSSH software now available. It is mostly used to remotely connect to machines and execute any commands that you want. It uses port 22.
If a machine has access to the internet, it will have a network controller. Most machines do obviously. This network controller will have a unique address on that came from the manufacturer. There will be none like it with that address. This lets MAC filtering work.
As an administrator, you can decide what machines can use your network resources or deny certain machines to them. This is an easy way to control who can access your network.
Disaster Recovery For Your Network
The methods of disaster recovery can vary. They are just as important as network security. There are as many types as there are disasters. Consider what would be best or feasible for your business.
Examples of disaster include fire, floods, theft, loss of electricity, and ransomware. When anything like this happens, your first thought should be your data. A loss of your data could be the ending of a business. It is that important.
Backing Up Your Data
The most complete solution is a full backup of all your data. This should be done occasionally if you are able. It includes all your files and settings that will copy over. The biggest issue to doing a full backup is the time it takes.
If you are a gigantic business, it could take ages. The deciding factor is how much data do you have. The traditional method is using tapes. This is because they are the most cost efficient.
Your next option is doing a differential backup. It is a lot faster than a full backup. A differential is also a lot quicker to restore. Both are significant factors in your backup plan.
A differential backup only handle data that has changed since the last full backup. This assumes you do a full backup occasionally. Restoring requires both the full and differential backups.
The other fundamental type of backup is the incremental. They are like a differential. However, they handle data that has changed since the last full or incremental backup. While this can be convenient, restoration times are much longer.
Backup rotations are also an important topic. They are networking essentials. This means rotating through media so you can restore days, weeks, or months in the past. It can be as complicated as you want it.
The most used solution is to use 4 pieces of media for daily backups, 5 different ones for each day of the week, and 3 for monthly backups. You have a lot of options if things go wrong if you do this.
There are many ways to back up your data. If you have small amounts of data, you could put it all in the cloud. There are many places that you can pay to do to this. Security is usually pretty good and you can grow quickly in the right environment.
Direct Attached Storage
Direct attached storage is another strong option depending on your needs. This is easy and inexpensive. However, it is not as secure and it should not include important data. It is also easy to lose these small electronics.
Networked Attached Storage
These devices have gained in popularity over the years. They are easy to use and setup. Security is built in. There are many configurations and sizes to choose from. They are good for the home and some small businesses.
They often include raid and encryption. Price becomes a factor here. These devices can get expensive quickly. Evaluate whether they are a good fit for your organization.
This is the ultimate option. Buy an enterprise server with the same operating system and you will have a great option. You can also use a server for many other things too.
The drawbacks are that it is much more expensive for this kind of hardware and a server requires specialized knowledge to set up and maintain. If you can handle this, a server is the best way to go.
You should have at least some of your backups offsite. It won’t eliminate bad luck, but it will help. Make a labeling system and stick to it. This will make it much easier to find what you need.
If your network is down, you will not want the added stress of having to figure out where a certain tape is. You also need to test your backups occasionally. This needs to be done because you will not understand if backups were successful until you need them.
That is not the time to find out that something failed. Communication is key, so if your unified commuications are down, you have a big problem.
All servers and other important pieces of equipment need to be attached to a UPS. Start with your server and network racks. Everything there is important and should be plugged in to alternate power. This keeps you going if you temporarily lose power.
It also lets you shut down equipment to prevent data corruption. Power suddenly going off is the quickest way to lose your data. Drives dislike losing power, and everything on them can get corrupted in a flash.
Terrible power is also a major factor in protecting your data and equipment. Whether at home or work, low or high power will kill electronics. So it is imperative to have good consistent power coming to your systems.
Examples of bad power include blackouts, spikes, and brownouts. Most of the time you will not even know if you have bad power. It is very common in almost all businesses and home. When your electronics suddenly quit working, it is almost always bad power that killed it instead of the device just failing.
Policies and Procedures
These must be set in place well ahead of any disaster. There should be plans and policies set so you know what to do in any situation. This is collectively called a business continuity plan.
These plans are in place to protect against a system failure. Business plans can be categorized. Processes that must always be up will be the first ones brought back. These are critical business functions.
These are the ones that cost business money by the minute they are down. No one wants that! Network management is key here, everything must be monitored so the health state of your systems is always known.
On the other side of things, businesses will often get SLA’s from their providers. This is a service level agreement. This is what companies pay lots of money for. They are being guaranteed a certain amount of uptime or service from their product.
A company will pay a lot for these. These companies themselves can also have an acceptable use policy. This states what can or can’t be done with company equipment. Since network communications includes so much, you need to specify usage. This is so users won’t abuse equipment or services too much.
Another popular policy is the famous byod, or bring your own device. Companies can state its policy for users that want to use their personal equipment. This is very important as company often ends up on these personal devices.
Troubleshooting Computer Networks
Identifying the problem is the first course of action. Don't take other users words for it either. Network issues often need to be seen first hand. If your new, document everything that you find. This will help you make better decisions.
Documenting issues is also very useful to veterans. You will want to do it for troubleshooting and any disaster recovery that might come up. If you are in a large organization you will not be able to remember everything.
Good knowledge of your operating system is vital here. You need to know the quirks and messages that it will give. Understanding of this information will quickly help you solve your issue much of the time.
Communicating with the user is also very important. You do not want them upset because they are not in the loop. Letting them know, in a general sense, is respectful to them and shows that you are professional in how you handle their problems.
Another good source of information is a network topology map. I won't give any recommendations here but you can do an internet search in your favorite search engine for that term and pick something your comfortable with.
I would start with something opensource and not just free, as you don't want to introduce any other problems into your network.
Once going, this type of software can show you what is connected to your network and other information about all the devices. This is also vital for your network security.
Duplicate the Problem
Duplicating the issue at hand will be one of your first tasks. It can either be you or the user. How often it happens is useful information and will point you in the right direction.
After you have duplicated the issue, see if there are conflicts with other processes running on that system.
Once you see the issue a good first step is just to restart the device. It does not matter whether it is a computer or printer. Sometimes things just go wrong with the software we use and a restart will help things greatly.
Another useful piece of information is whether the problem is affecting only this user or many others at the same time. Problems that affect lots of people at once are often connection issues. So, start by making sure your cabling and ports are in good shape.
Looking for Changes
This is an important detail. Often, things will be working splendidly for a long time, then a program will just stop. This is usually because of a system change.
Since users will not likely have admin credentials, it is often an operating system change. This could be a change by your department or by an update that changed a lot.
Related to this area are your applications. Dramatic slowdowns or unusual behavior could be a sign that something is wrong. This is part of the change I mentioned above.
Your applications could certainly just need updates but you want to gather as much information as possible, keep it organized, and monitor performance. You should have a good idea of how fast applications and their various tasks work.
Testing Your Fix
Once you have figured out something that has changed and that might be the reason for your problem, it is time to test it out. Doing this means on another, if possible, so that you do not cause more damage yourself.
It is even better if you can do it in a virtual machine. By the way, you should always have an up to date virtual machine that is used for testing out issues.
It is a good tool to have. After you test, you can give it some time to make sure there are no unintentional issues that pop up. You will notice I am being overly cautious here and that is for inexperienced staff.
Issues To Look Out For
A long time ago, routing loops used to be a thing. This was the purpose of the spanning tree protocols. They would help prevent and fix these kind of situations. However, if a network was set up right this should not ever be an issue.
These problems included things like switching loops, routing loops and packets that could not find the right route.
Port errors can also be a problem. Since ports can be configured in different ways, sometimes an administrator would forget to allow it to send data through. An example of this is where a port would not let printer traffic through because it was on a separate vlan.
Wrong network settings can also be a cause of problems. This includes subnet masks and gateway addresses. These will be different for each organization so make sure they are correct for your business.
The last one I will mention is dns errors. If this seems to be the case, you can flush the dns settings to see if that helps. That is trivial to look up so I won't go into it here.
There can be many other issues but the above ones I listed are the most common in my experience. they apply to laptops, desktops, and printers.
Documenting What Happened
Whether you fixed it or not, documenting is part of the process. Putting the problem down in words helps you and those who come after you. This can in the form of a wiki, text notes, separate files in a shared drive, or an online editor.
Whichever the case, be consistent and never stop doing it. I have a network essentials document for this purpose myself. You can even put this information into a public repository for your users so they can search and read articles of interest.
It will save you from a few work tickets by doing this.
There are many ways to gather information about a network issue. Here are of the most common.
The ping command from a shell will give you basic connectivity information. It tells if the connection is successful and how long it took.
However, sometimes the issues are intermittent and you need a bit more information from the ping command. That is when you try this.
ping -t 184.108.40.206
This option will ping continuously. This is good when you want to see if your intervals suddenly spike very high and then go back to normal. This can let you know there is indeed an issue to investigate more thoroughly.
This command stands for trace route. It shows you the path a packet took to get to its destination. The destination is the address after the command. It can be an IP address or a dns name.
One thing this does is let you know if it took the correct path to its destination. You should do it occasionally so you know what path it usually takes.
Then, if you are having issues, you will be able to see there is a problem if you are redirected somewhere else before the packet gets home. A packet can be redirected if a router is down somewhere in between, for example.
This is also a very popular command. It pulls the network information where you are at. It will let you know your ip address, subnet, and gateway address. With the /all option, it shows you different adapters you are using and mac addresses. It is a very handy utility.
The first thing you will want to do is check your hardware. This includes your machine, the network cable, and the network port on the wall your connected to. At your machine, make sure the cable is attached firmly and you can see blinking lights at the connector.
Then make sure the cable is still in one piece and not overly twisted somewhere along the way. At the wall port, make sure it also is connected securely into the wall jack.
Next, use the commands I mentioned above. These include ping, tracert, and ipconfig. It is a good idea to use these regularly so you will have a baseline as to what the usual output looks like if you do not already know.
That way, when it is different, you will be able to recognize it. In case you are getting an IP address that starts with 169, that means you are not getting a valid one from your router. If that is the case then try this:
These two lines have solved many network issues. I hope that it will be that simple for you when it happens.
If everything looks normal so far I would then check dns. The easiest way to check this is with the <nslookup> command.
It should be pointing to your dns server. If you get errors here then you have probably identified your problem.
When you have exhausted the previous options and you need to get serious, this is the tool I love. It captures network traffic and allows you to look at the packet details. There are several options that you can use with it. This is a Linux tool but many prefer to work in Linux anyway because of its flexibility.
With the <-D> option, you can see the devices that tcpdump can see. This is helpful and should be one of your first commands when invoking this tool. It also tells you if the device is up and working correctly. This will be obvious from the output.
Another option lets you specify a port. This is helpful because many times you will want to see the traffic associated with that certain port. You can capture email, dns, and web traffic. It just depends on your needs.
Building Your Homelab
I have written about many different topics here. In fact, much of it is theory and helps you to understand how everything is interconnected. However, I always recommend building a lab at home. Being hands-on will help you in ways that reading will not. They are two sides of the same coin, you need to do each.
What do I mean by a homelab? This can be an actual server with a physical switch, workstations talking to each other, or just a virtual environment on one powerful workstation.
Each scenario can teach you a lot. Certain topics can only be experienced by using a certain method. So personal preference will be the guiding factor here. It will be time for a homelab when you want to know the details of particular protocols or other mechanisms.
This is the method I recommend most of the time for those who question what to do. Any decent desktop or laptop will be handle this. The physical hardware you are running this on is called the host. You only need enough resources for one or two virtual machines. You can learn lots this way. A bonus to this kind of scenario is that you can destroy and remake virtual machines in a heartbeat if something goes wrong.
The top choice for Linux machines is KVM. This is virtualization software that is built into Linux. It makes your machine a hypervisor with all the integration built in. If you have used hypervisors on a Windows or Mac machine you will experience how clunky they are. This is because you have to use a third party program to use them. They are not built into your operating system.
If you have to use Windows or the Mac operating system then the usual choices are VirtualBox and VMware. I haven't seen many other options.
One of your first tasks to dive into will be storage across a network. This is very practical as we all have items that use storage. The key attribute you want here is network performance. You will want at least a gigabit network card. A faster moving connection will keep your network from getting congested. The filesystem is also important for storage. ZFS is used by many for this reason as it has many features designed for storage.
A storage server is just a fancy name for a computer. It just has to hold your files and give access to them over the network when they are requested. It is just like Dropbox, except your files are on a remote machine somewhere else. This can be any spare computer that you have but the beefier it is the better performance you will have.
For storage, I would recommend FreeNas to install on your storage server. It is BSD based and sturdy. Many companies do the exact same thing. They sell devices with this pre-loaded so you can setup in your home. You don't need to do this though, you are a PC technician. Install it your self and figure out how it works. That is what we do.
A firewall is an integral piece of your network. It gives your network security and protection from the outside. Firewalls can be physical devices or a program running on an old computer. I recommend building your own on an old desktop. This gives you the chance to understand the inner workings of what they do.
Again, I will make a recommendation because of my past experiences. I would suggest trying and using the pfSense firewall. It has been around a long time, opensource, and has many features. Since it is customizable, there will be lots to learn. You won't regret it though.
It can be installed on a real or virtual machine. There is a package system that lets you add even more to it. You can use the web interface to administer it.
How To Troubleshoot DNS
DNS problems are often cryptic. Many times it is not obvious this is the problem, but this is an important skill to have and resolve.
The DNS(domain name system) has a tree-like structure. At the top there are the main root servers that all other DNS eventually report to. There are many levels, or branches, that communicate until a DNS query is resolved. At the very bottom is your workstation that makes a DNS query.
Browsing The Web
We use DNS when we go to different web sites. This is because we are making a DNS query. This is the same as making a request to your system to send you to a certain web site through your browser. If your system does not know, it will ask the next system higher in the tree. This process goes on until you get to the web site that you requested.
Every computer that uses a browser will have a DNS client. This client, also called a resolver, looks in the addresses that it has record of. It is this process that continues until you get to the web site that you want.
If it is a site you regularly visit, it can be cached and you will get to it slightly quicker than usual. Cached means the information is already stored on your computer. Your computer keeps a record of what you do and stores information for a period of time. This process is called caching and it is very useful.
If a site does not come up, the first thing to do is ping it. So, lets pretend my site did not come up in my browser. The syntax for ping is below:
In my case, I can reach it through the ping utility. This tells me the site is working but it is another issue, such as DNS.
To get more information, which is what we need, use the dig command.
This command gives us a lot of information. If this server is known, it will tell us. However, if we get error codes then we know to look at DNS specifically. It may be fixable from your end but it may not be. There are a lot of variables here so the problem could be several things. These options give you a start and some information.