Python 000 - Intro

I have started learning Python.

Resource:
http://introtopython.org/

Basic Definitions
String - Line of characters treated as text

Integer - Whole number

Float - Number that contains a decimal point

print() - A way to the display the contents of what is in the parentheses

Variables - An object you can designate to represent something else

List - An array of data

Looping - Repeating code in a designated way

Network+ 012 - 2.3 Ethernet Switching Features

2.0 Networking Implementations

2.3 Ethernet Switching Features

vLAN - Logically separated LANs operating through a single switch

Data vLAN - Baseline data flow from a device to a designated vLAN

Voice vLAN - Data tagged with an 802.1Q header separated into a prioritized vLAN

Port Configurations
Port Tagging/IEEE 802.1Q -Trunking, single connection for vLANs within a switch or connecting switches together

    Link Aggregation Control Protocol (LACP) - Multiple interfaces acting as a single big link

Duplex - Data can be sent and received at the same time.

Speed - 10 / 100 / 1000 Mb / 10 Gb ,needs to match on both sides of connection

Flow Control - Non-deterministic, if a switch gets overloaded you need to tell other devices to slow down.

    IEEE 802.3x - Pause frame, method to regulate traffic flow

Port Mirroring - Copies traffic from an interface, used for packet capture, IDS

    Switched Port Analyzer (SPAN) - Mirroring all traffic on a switch to another system.

Port Security - Prevents unauthorized users from connecting to a switch interface, based on source MAC, each port can have a unique configuration. Can be configured with a limit on how many many unique MACs can connect and also can require MAC to be whitelisted, once port security activates it disables the interface.

Jumbo Frames - Increased byte size allowed for frame payloads, increases efficiency, everything must support jumbo frames, not all devices are compatible

Auto-Medium-Dependent Interface Crossover (MDI-X) - Automated capability to use a cable as either a straight-through or crossover cable.

Media Access Control (MAC) Address Tables - A list of MAC addresses and the interfaces they are connected to. Updates regularly

Power over Ethernet (PoE)/(PoE+) - Power provided by Ethernet cable

    IEEE 802.3af-2003 - The original PoE specifications, 15.4 watts DC power

    PoE+, IEEE 802.3at-2009 - Updated PoE specs, 25.5 watts DC power

Spanning Tree Protocol IEEE 802.1D - Switch network protocol with built-in loop protection and fault tolerance.

    STP port states - Initially Blocks forwarding to prevent a loop, Listens and clears the MAC table, Learns a new MAC table while still not forwarding. Once a new MAC table has been established it will start Forwarding data and is fully operational. STP ports can be administratively Disabled, but this will have an impact on how it operates.

        Root Port - Port path from Root.

        Designated Port - Port path back to Root

        Blocked Port - Ports blocked to prevent loops


    Rapid Spanning Tree Protocol (RSTP) 802.1w - Faster convergence than STP, from 30+ to 6 seconds.

Carrier Sense Multiple Access with collision detection (CSMA/CD) - Listens to the network to see if there is availability to send data over the network. If it detects a collision it sends a jam signal which clears everything then tries again.

Address Resolution Protocol (ARP) - Determine a MAC based on an IP address

Neighbor Discovery Protocol - Uses multicast with ICMPv6, replaces ARP. Used in conjunction with SLAAC (Stateless Address Autoconfiguration) and DAD (Duplicate Address Detection).

     Neighbor Solicitation (NS) - Request for MAC based on IPv6 address

    Neighbor Advertisement (NA) - Response to NS request

Network+ 011 - 2.2 Routing Technologies and Bandwidth Management

2.0 Networking Implementations

2.2 Routing Technologies and Bandwidth Management

Routing
Dynamic Routing - Automated routing, listens/sends subnet info with other routers, determines the best path based on the gathered info, fault tolerance built-in to reestablish paths when needed, convergence process is different for every protocol.

Protocols
        Routing Internet Protocol (RIP) - Distance-vector, good for small scale

        Open Shortest Path First (OSPF) - Link-state, good for large scale

        Enhanced Interior Gateway Routing Protocol (EIGRP) - Cisco, Distance-vector

        Border Gateway Protocol (BGP) - Hybrid routing protocol, determines routes based on paths, network policies, or configured rule-sets

Link state vs distance vector vs hybrid
        Distance-vector - Looks for path of fewest hops, little config required/mostly automatic, good for small networks, but doesn’t scale well to large networks.

        Link-state - Info passed between routers is related to current connectivity, considers speed of the connection, large/scalable.

        Hybrid - Uses a combination of link-state and distance-vector protocols, along with configurable rules/policies

Static routing - Pre-designated routes

Default route - When no other routes matches, the traffic goes this way

Administrative distance - Used by router to determine which routing protocol has priority.

Exterior vs Interior - Outside the network vs within a domain

Time to Live - Amount of hops a packet can make before it is dropped.

Bandwidth management
Traffic shaping - Controlling the bandwidth usage/data rates by various applications.

Quality of Service (QoS) - Management of traffic shaping

Network+ 010 - 2.1 Devices, their Features, and their Appropriate Placement

2.0 Networking Implementations

2.1 Devices, their Features, and their Appropriate Placement

Networking Devices
Layer 2 Switch - Forwards based on MAC, connects networks, may provide Power over Ethernet (PoE)

Layer 3 Capable Switch - Includes routing capabilities, multilayer switch

Router - Routes traffic between IP subnets, connects networks

Hub - Multiport repeater, OSI Layer 1, everything is half duplex (send or receive

Access Point - Point of connection to the network, often used for wireless access

Bridge - Connects different physical networks, OSI Layer 2, traffic based on MAC

Wireless LAN Controller - Centralized management of Wireless Access Points (WAP)

Load Balancer - Distribute traffic load across multiple servers, provides fault tolerance, configurable, TCP offload (protocol overhead), SSL offload (encrypting/decrypting), Caching, Prioritization (QoS), Content switching (App-based balancing)

Proxy Server - Sits between the users and the external network, receives the user requests and sends the request on their behalf. Useful for caching info, access control, URL filtering, content scanning. The proxy understands the way the application works (http, ftp).

Cable Modem - Broadband, Data Over Cable Service Interface Specification (DOCSIS), Speeds of 4 Mbits/s - 250 Mbit/s are common, gigabit speeds possible

DSL Modem - Asymmetric Digital Subscriber Line (ADSL), download is faster than upload speeds, uses POTS lines, 52 Mbit/s down, 16 Mbit/s up are common, 10,000 ft limit from central office (CO)

Repeater - Receives a signal, regenerates and resends the signal out, OSI Layer 1

Voice Gateway - Converts between VoIP protocols and PSTN (public switch telephone network) protocols, often built into the VoIP PBX (private branch exchange)

Media Converter - Converts signal to another media and sends it back out

Intrusion Prevention System (IPS) - Stops an intrusion

Intrusion Detection System (IDS) - Alerts if an intrusion is found

Firewall - Filters traffic by port number or application, can encrypt traffic between sites, can act as a router, offers Network Address Translation (NAT) and dynamic routing (BGP), sits and the ingress/egress of a network

VPN Headend - VPN concentrator, purpose built device to provide high speed encryption/decryption through hardware, software-based options available, sometimes built into OS software.


Networked Devices
Voice over Internet Protocol (VoIP) Phone - Desk phone, often powered over ethernet

Printer - Office/networked printer, all-in-one device,

Physical Access Control Devices - Card readers, biometric authentication

Cameras - CCTV, IP addressable, often powered over ethernet

Heating, Ventilation, and Air Conditioning (HVAC) Sensors - Connected through network to allow for centralized control of HVAC systems.

Internet of Things (IoT) - Good idea to segment IoT devices to limit security issues

Refrigerator - Wirelessly connected appliances

Smart Speakers - Bluetooth or otherwise

Smart Thermostats - Connected through an app over the internet

Smart Doorbells - Camera, connected through the internet

Industrial Control Systems (ICS)/Supervisory Control And Data Acquisition (SCADA) - Large scale, multi-site industrial equipment management. Network that manages power generation, refining, manufacturing, etc.

Network+ 009 - 1.8 Cloud Concepts and Connectivity Options

1.0 Networking Fundamentals

1.8 Cloud Concepts and Connectivity Options

Deployment Models
    Public - Anyone connected to the Internet has could have access

    Private - Cloud environment supported by internal resources

    Hybrid - A mix of public and private cloud environments

    Community - A shared cloud environment with pooled resources used by multiple orgs

Service Models
     Software as a Service (SaaS) - Cloud-based software

    Infrastructure as a Service (IaaS) - 3rd party hardware you have contracted to use

    Platform as a Service (PaaS) - Cloud-based software that lets you control and build deployments to fit your needs.

    Desktop as a Service (DaaS) - Virtual desktop infrastructure

Infrastructure as Code (IaC) - Software-Defined Infrastructure

    Automation/orchestration - Container management

Connectivity Options
     Virtual Private Network - Encrypted communication to cloud resources

    Private-direct connection to cloud provider - Private network connecting directly to public cloud environment

Multitenancy - Cloud infrastructure separated and isolated for multiple customers

Elasticity - The ability to scale up and down resources for systems in the cloud

Scalability - Cloud resources are able to be generated at large scale quickly, a built in provisioning system should be used to manage/prevent sprawl.

Security Implications - Security must be built into every step of cloud development

Network+ 008 - 1.7 Network Architecture

1.0 Networking Fundamentals

1.7 Network Architecture

Three-Tiered - network hierarchy

    Core - Location of major servers (web, databases, applications)

    Distribution/Aggregation Layer - Manages communication to end users

    Access/Edge - User level, end-points




Software-Defined Networking - Infrastructure as Code

    Application Layer - Manage/configure the device, IDS, firewalls, load balancing

    Control Layer - Manages the data plane (Infrastructure Layer), routing tables, session tables, NAT tables

    Infrastructure Layer - Data plane, Processes the network frames/packets, Forwarding, Trunking, Encrypting, NAT

    Management Plane - See Application Layer

Spine and Leaf - Each spine switch connects to each leaf switch

    Software-Defined Network - High availability network model

    Top-of-Rack switching - Datacenter rack architecture for high-performance routing

    Backbone - Spine switches



Traffic Flows - Data traffic flows within a data center

    North-South - Traffic to/from an outside device

    East-West - Traffic between devices within the data center.

Branch Office - Remote location, end-point devices, IDF

On-Premises - Data center owned and operated from within.

Colocation - Shared data center

Storage Area Network (SAN) - Block level network storage, efficient read/write, high bandwidth

Connection Types
     Fiber Channel over Ethernet (FCoE) - Usually integrates with FC without additional hardware. Not routable.

    Fiber Channel (FC) - Supports 2, 4, 8, and 16 Gbps rates. Server (initiator) and storage (target) connect to a FC interface.

    Internet Small Computer System Interface (iSCSI) - Created by IBM and Cisco, RFC standard. Sends SCSI commands over an IP network. Routable, managed well in software, drivers available for many operating systems.