Please enable JavaScript.

Coggle requires JavaScript to display documents.

Network Designs, CORE, 1.TCP/IP basic knowledge Ethernet | IP | ICMP |…

- - - - TCP Encapsulation
        Data(Application Layer)
        [TCP | Data]Segment (Transport Layer)
        [IP | TCP | Data]PacketDatagram (Network Layer) > Path Discovery (RoutingTable) (Host must have knowledgeof a path to the destination)
        [Ethernet | IP | TCP | Data | FCS] Frame(DataLink Layer)(Destination mac address is the Gateway mac address )ARP cache to discover dataLink Next hop | unkown next hop > ARP request
      - Frame Forwarding
        Data link layer uses CS to detect for existing traffic
        Preambule and SFD used to synchronize with forwarded frame
        SFD StartFrameDelimiter make the recver know what is the start of the frame
      - Frame Processing
        After recving the frame > to Router > Router see the Source Mac Addresss and then the Destination mac address which is matter > compares it with its own interfaces addresses > if its equal the frame is for him | if its not for him > he drops it
        
        Packet Processing
        (Destination IP is checked against the address of the gateway ) after Router accept it > drop the ethernet header " look into IP header > using the destination IP to look into the Routing table for the next hop > before sending to the next hop Router checks the Arp cache for the destination mac address matching the next hop > if it exists then it encapsulate back the packet with ethernet frame to be sent
        if dosent exist a new frame header is constructed following discovery process
        Proceess Repeated for all Hops
      - Frame Decapsulation
        Frame is forwarded with Destination MAC address of Server A
        Server A compares interface MAC to frame destination MAC
        Decapsulation (Stripping Ethernet / IP headers)
        depending on the Destination Port in TCP for example > if its HTTP port > then The TCP header is stripped and forwarded into HTTP process
- - - - Application
        Presentation >> Data
        Session
      - Transport >> header + Data = segment
      - Network > header(ip) + segment = packet
      - Data link >> header(destina+surc) + Data + FCS = frame
      - Physical > signal transmission
    - - Data link layer frames are used to govern transmission over the communications medium.
      - Frame formats
        
        Ethernet ll >
        Field value > 1536
        associated with protocols with type value greater than 1536
        
        D.MAC - 6B
        determines a frame should be processed or discarded upon being recved by an end device
        
        Type - 2B > identify type of protocol > 0x600
        
        0x0800 (2048) > IP
        
        0x0806 (2054) > ARP
        
        Data > 46-1500
        
        FCS
        
        S.MAC - 6B
        
        IEEE802.3
        Field value > 1500
        
        S.MAC
        
        Length
        
        D.MAC
        
        LLC
        
        D.SAP
        
        S.SAP
        
        Control
        
        SNAP
        
        Type > identify type of protocol > 1500 0x05DC
        
        0x03 > STP
        
        Org Code
        
        Data > 38-1492 bytes
        
        FCS
  - - - reference models
        
        Novell > IPX/SPX
        
        TCP/IP + Ethernet
        
        Transport
        
        Network
        
        Application
        
        Ethernet > Network interface
        
        IBM > SNA
        
        OSI
        
        Session Layer
        
        Network layer > packet
        
        Physical layer
        
        Data link layer > frame :
        
        Transport layer > segment
        
        Presentation layer > certain file format
        
        Application
      - Nets
        
        WANs
        
        PPP
        
        HDLC
        
        Ethernet
        
        LANs > IEEE 802
  - - - Unicast frame forwarding
        1 sendor > 1 recver
        D.MAC > even number (8th bit is 0)
      - MultiCast Frame Forwarding
        1 sendor > multi recvers
        D.MAC > odd number (8th bit is 1)
      - Broadcast Frame forwarding
        1 sendor > all recv
        EthernetFrame (FF FF FF...) all 0s
- - - - Half Duplex
        only one side can send data at one time
      - Full Duplex
        both sides can send data at same time
  - - - Ethernet - Twisted pair cable - RJ-45 connection
        The Primary Physical medium used in enterprise Networks
        Standard>PhysicalMedium>Distance
        10Base-T>2 pais of category 3/4/5 twisted pair cables>100m
        100Base-TX>2 pais of category 5 twisted pair cables>100m
        100Base-T>2 pais of category 5e twisted pair cables>100m (can supp Gigabit Ethernet)
        
        STP - Shielded Twisted Pair
        covered by aliminium foil > more robust to the magnetic interference
        
        UTP - Unshielded Twisted Pair
        
        Croise - Crossover
        câble Ethernet utilisé pour connecter directement des périphériques informatiques. Contrairement aux câbles droits, les câbles croisés utilisent deux normes de câblage différentes : une extrémité utilise la norme de câblage T568A et l’autre extrémité utilise la norme de câblage T568B.souvent utilisé pour connecter deux périphériques du même type
        
        normes de cablage
        
        T568A
        
        Green Pair
        
        WhiteOrange
        
        Blue Pair
        
        Orange
        
        Brown Pair
        
        T568B
        
        Orange Pair
        
        White Green
        
        Blue Pair
        
        Green
        
        Brown Pair
        
        Droit - Straight Through
        utilisé dans les réseaux locaux pour connecter un ordinateur à un concentrateur de réseau tel qu’un routeur.
        norme de câblage : les deux extrémités utilisent la norme de câblage T568A ou les deux extrémités utilisent la norme de câblage T568B.
      - Fiber Optic - SC/LC connectors
        Standard > Physical Medium > Distance
        10Base-F>2 strand fiber>2000m
        100Base-FX>2 strand multi-mode fiber>2000m
        (1G)1000Base-LX>Single-mode fiber or multi-mode fiber>316-5000m
        (10G)1000Base-SX>multi-mode fiber>275-550m
      - Coaxial
        Copper Coaxial Cabling commonly used to support users as part of a shared Network
        Standard>Cable>MaxTransmissionDistance
        10Base2>thinCoaxial>185m
        10Base5>thickCoaxial>500m
      - Serial
        Serial represent a legacy form of data transmission
        Standards continue to evolve as in forms such as USB
        Standard>Speed
        RS-232> Standards defince up to 20000bps but can reach 1Mbit/s
        RS-422> 100Kbit/s - 10Mbit/s+
- - - - ICMP (Routing )
        in a scenarion where we have 2 routers > Nets > 2 Gateways
        and one host in iddle >> which of these Routers should the be configured in the Host (host can configure only one gateway address) >> soo we just specify that in the gateway of the host > should match up with one of routers address
        soo if we wana send packet to a host that behind the other Net (That host dont know about) soo it sends its packet to the Gateway (router configured) and the router do the rest of the job sending the packet to the targetted router that it know all about it and the Network behind it >>
        
        NOT BEST SOLUTION >> thats why we have the ICMP protocol
        
        Router configured in our host that know about the other Router >> sends an ICMP message >> ICMP redirect message
        informing our Host that this was the wrong gateway for this Network and specify in it which Gateway we should instead forward to soo that next time it will directly sent to right Gateway
      - ICMP (Diagnostics)
        2 separate messages are used for the request and reply
        ICMP ECHO Request and ICMP ECHO Reply
        when host want to ping another host > it uese ICMP 2 messages for the request and reply (network only forward)
        if there was no ICMP ECHO Reply > then server is down or host not connected
      - ICMP (errors)
        maybe if packet is destroyed when forwarding
        ICMP notifies that packet source of problems with packet forwarding > Uses the Source IP address in the ip Header
        Example > ICMP Destination Unreachable
  - - - Type - 1B
        (0 > no need for code)... formatof a message
        
        0x00> Echo Reply
        0x03> Destination inaccessible
        0x04> Limitation de production a la source
        0x05> Redirecction (changement de route)
        0x08> Echo Request
        0x09> Router Announcement
        0x0a> Router Solicitation
        0x0b> Expired TTL
        0x0c> Prameter problems of packet
        0x0d> Demande d'horodatage
        0x0e> Rep a une Demande d'horodatage
        0x11> Rep a une demende de masque de Sous-Reseau
        0x02> demande de masque de sous-reseau
      - Code - 1B
        more specific message description
      - Checksum - 2B
      - Var Parameters
        Dep on ICMP Type Field
      - Internet Header - 64 bits of org datagram
        Dep on ICMP Type Field
  - - - only uses ECHO request and ECHO reply
      - On VRP platform, -a can be used together with the "ping"
        command to specify the source address of an echo request message
    - - traceroute list all the hops that the packet will pass through
        the work process is based on the TTL value,
        displays hop by hop limit for each set of results
        the packet goes out of the TTL (set it to 1 in case of just 2 routers existing )
        then each router will minus the TTL by one (then TTL on Next Router Will be 0) >> TTL = 0 >> TTL will drop this packet > and send back to the source the ICMP message that packet is dropped
        3 probe packets are sent for each TTL value by default when "tracert" is used to detect the path along which packet is sent from source to destination
- - - - Flags - 3 bits - B1>always 0
        B2(DF) > 0>fragment | 1>do not fragment
        B3(MF) > 0>last fragment | 1>otherFragments
      - Fragment Offset - 1B+5 bits
        fragment position in the original packet (devisible by 8)
      - Identification - 2B (0>65535)
        used by the sender to facilitate the fragments assembling of a packet
      - Total Frame Length > = HeaderLength + Data < MTU
        Data devisible by 8
      - TTL TimeToLive - 1B
      - Reserved + Protocole - 1B
        
        6 > TCP
        
        17 > UDP
        
        1 > ICMP
      - TOS - Type Of Service - 1B
        
        Precedence > packet priority (0>7)
        
        0 > unitilise
        
        T > highThroughPut
        si > ThroughPut must be maxmized
        
        D > Delai > delai de propagation
        si 1 > fault minimiser le delai en passant par n cable sous marine
        
        R > highReliability
        si 1 > routers must favor reliable links
        
        C > transmissionCost
        si 1 > cost must be minimised
      - Checksum - 2B
      - Header Length - 4 bits > ip header length = 20 B
        5 words of 32 bits > 20 B
      - Address IP source - 4B
      - Version - 4 bits > Protocol version
      - Address IP destination - 4B
  - - - Diagnostic > 127.0.0.0-127.255.255.255 loopback address
      - Any Network > 0.0.0.0
      - Network Broadcastst > 255.255.255
    - - A > 10.0.0.0-10.255.255.255
        B > 172.16.0.0-172.31.255.255
        C > 192.168.0.0-192.168.255.255
  - - - Subnet masks destinguish between the binary of values that reporesent each (sub)Networj and those that represent each host.
      - Default Subnet Mask
        A > 255.0.0.0
        B > 255.255.0.0
        C > 255.255.255.0
        D > 255.255.255.0
    - - Subnet (C) > 255.255.255.0
      - Network Address > 192.168.1.0
      - possible host addresses (8bits) > 2^8
        valid host addresses > 2^8 - 2
    - - VLSM case Scenario
        192.168.1.0/24
        1st Net (30 hosts) > 2^5-2 (5bits host)
        255.255.255.(11100000)
        2nd Net (20 hosts) > 2^5-2
        255.255.255.(11100000)
        2nd Net (10 hosts) > 2^4-2
        255.255.255.(11110000)
    - - IP Gateways
        
        computers to communicate within same Net (have same Net part) they only need source and destination in ip address
        if they are not in same Net > source and dest ip + host does not now other comp not in same Net >> soo host search for Gateway (the exit Net of the Net) like door pf separate rooms
        if gateway cannot be found then they cannot communicate
      - IP Fragmentation
        
        in the ip format
        we have the indentification / flags / fragment offfset
        Are Concerned about the IP packet Fragmentation
        identification >> when fragmenting we need it to identify the fragmentation has happened and what is sequence of each fragment
        flags > fragments are from same packet
        fragment offset >> first fragment offset is 0 (1st byte) by how my bytes we offset to get to the current fragment
      - TTL TimeToLive < oncce packet passed number of hps >> TTL reach 0 down from a max value > gets dropped >> prevent Net Loops
        reduced by one each packet pass a hop
      - Protocol
        
        0x06/0x11 > TCP/UDP
        0x01 >> ICMP
- - - - TCP
        Connection is established before data is sent
        TCP ports represent individual services such as those listed above | sourcr port number is randmly chosen | destination port number dependson Application layer protocol
        TCP one transport layer protcol can support multiple application layer protocol > FTP-20/21 HTTP-80 TELNET-23 SMTP-25
        
        Flags
        
        FIN > disconnect the connection
        
        Ack > Confirm How many bytes i have recved
        
        SYN > to synchronize the sequence number and the Window size Btw S and D
        
        RST >disrupt and reset the connection
        
        Ack Number
        
        Window - Recver does not need to confirm each packet > improve speed
        
        Sequence Number
        
        Destiantion Port - 2B
        
        Source Port - 2B
        
        Checksum
        
        Urgent Pointer
        
        Options
        
        Padding
        
        Header Length
        
        Reserved
      - TCP Connection Establichment
        HostA <> ServerA
        a TCP connction is established after a three-way handshake
        a,b are integers
        HostA > senc SYN (seq=a, CTL=SYN)(req to establish connction)
        ServerA > send SYN,Ack (seg=b, ack=a+1,CTL=SYN,ACK) meaning server is saying i have recved data of eg:a=2000 and want data that begins as 2001
        Host A > Send ACK (seq=a+1,ack=b+1,ACL=ACK)
        meaning server is saying i have recved data of b and want data that begins as b+1
        After theese 3 packets >> CONNECTION ESTABLISHED
      - After Connction Establish >> TCP Transmission Process
        Host can send multiple packets at time depending on window size
        lets say windowSize = 3
        Host A > send 1,2,3
        Server > Aknowledge it and demand for next packets that begins at 4
        Host A > send 4,5,6
        When A packet is not recved for example packet 4 > what will we put in the Ack Number > Server Will Still Ack 4
        Server reAck 4
        Host A > reSend 4,5,6
      - TCP Flow Control
      - TCP Connction Termination
        Host A will ensure ACK is received by Server A before closing
        Host A > FIN
        Server A > ACK
        FIN
        Host A > ACK
        Connection Closed
        State of Conneciton in both Sides will be deleted
    - - UDP
        UDP Based data is sent without establishing a connection
        
        UDP Format - 8B
        UDP Acheives minimal overhead for each datagram
        Datagram Delivery is not guarenteed with UDP
        
        Length - 2B > data + headerLength
        
        Checksum - 2B
        
        Destination Port - 2B
        
        Source Port - 2B
        
        UDP Forwarding Behavior
        UDP susceptible to the possiblity of datagram duplication or non-orderly delivery of datagrams
        UDP packets can take diffrent paths than each other packets and recved in nonOrderly way > and it cannot recover from the NonOrderly delivery bicuz it just does not know
        There is no Acks Therfore lost packets are not retransmitted > this hoever is benificial to delay sensitive data
- - - - Hrdware Type - 2B
        indical physical Net Type Concluding the Searched Physical address
        
        0x0001 > Ethernet (10 Mbit/s)
        
        0x0007 > ARCNET
      - Operation Code - 2B
        
        0x0001 > ARP request
        
        0x0002 > ARP reply
        
        0x0003 > RARP request
        
        0x0004 > RARP reply
      - Protocol Length - >1B
        
        0x0004 > ipv4
        
        0x0010 > ipv6
      - Hardware Length - <1B
        physical address length
        
        0x0006 > Ethernet
        
        0x0001 > TokenRing
      - Source Hardware Address - 4B(varies)
      - Protocol Type - 2B > (0x0800 > IP)
      - Source P Address - 4B(varies)
      - Destinnation Hardware Address - 4B(varies)
      - Destination P Address - 4B(varies)
    - - ARP Cache Loockup
        1st Host A will check its Cache
        manually HostA>arp -a
        Internet Address | Phyysical Address | Type
        if there us nothing when the Host A will send the request out
      - ARP Request Process (ARP enc with Layer 2 Frame )
        D.MAC (FF-FF-FF-FF-FF-FF (Broadcast)) | S.MAC | ARP (DestMAC > 00-00-00-00-00-00 () , SourceMAC > HostA, Operation Code > Request)
      - ARP Reply Process
        host recv the basic information and search and its ARP cache to find the right address with the matching MAC address
        D.MAC (HostA ) | S.MAC > (ReqMAC)| ARP (DestMAC > HostA () , SourceMAC, Operation Code > Reply)
        HostA recv the Arp reply and and accept the info and add it to its cache
        in Arp Cache Type >> Dynamic/Static
        Dynamic >> arp cache item learned using the Arp resolution (item will be deleted after a fixed period of time )
        Static >> added manually
      - Proxy ARP
        Host A LANG0/0/0<Proxy-R>G0/0/1LAN Host B
        Proxy ARP enables data link discovery between networks
        Proxy replies with own (G0/0/0) address on behalf of Host B
        ARP request is sent by broadcast which exist only inside one LAN soo the Router will not forward the ARP request > it just drops it >> soo in such scenario we need to give attention to the SubnetMask (when Host A pings Host B it will just regard the NetPart of HostB>10 and think its the same Net > so it just send ARP request in the same Net )
        But in the True Scenarion Host A and B are not in same Net >> Arp Request Cannot cannot Be recved >
        But if This Router > enables Proxy ARP > Router recv ARP request in G0/0/0 if himself dosent have it >> then Releases it to the Net
        HostA > ARP request to HostB passing by RouterProxyARP
        HostB > ARP Reply > RouterRecv Reply and Reply to Host A(but in this Reply its not HostB mac address > its G0/0/0 mac address )
        soo after learning this when sending a packet >> Destination MAC is Router G0/0/0 when Router Recved it >> seees the IP dest address which is actual Host B ip address >> Router forwards it to host B
      - Gratuitous ARP
        its purpose is just to detect if there is a collision in the IP address >> that means > detecting duplicate IPs > there is another deivce using the same ip address in this Net > Change IP address
        Duplicate IP addresses may be assigned in a single IP Net
        ARP can be used to discover IP address conflicts
        A gratuitous ARP packet uses the same format as an ARP request packet
- - - - Users
        192.168.5.152
- - - - sales
        marketing
        
        Computer
        
        Phone
        
        AP
    - - HR
        logistics
- - - - Public
        relations
    - - ICT
    - - Server
        Room
        
        DHCP
        Server
        
        WEB
        Server
        
        EMAIL
        Server
        
        DNS
        Server
- - - - DIST
        MultiLayer2
        
        HR
        logistics
        
        sales
        marketing
      - DIST
        MultiLayer2
        
        Finance
        accounts
        
        Public
        relations
        
        ICT
        
        WRouter
      - Server
      - Server
    - - DNS
        Server
      - DHCP
        Server
      - WEB
        Server
      - EMAIL
        Server
- - - - Consiste à créer des réseaux logiques indépendants dans un réseau physique existant.
      - Aucune modification du câblage n’est nécessaire.
        La prise en charge s’effectue au niveau des switchs.
    - - Segmenter le réseau physiquement en des domaines.
        La solution a consisté à introduire des routeurs entre
        les différents domaines logiques avec pour effet :
      - Pour séparer, sur un réseau global, les rôles de chacun =) Solution classique : utilisation de sous-réseaux différents.
        
        Limiter la propagation de problème de niveau 2 ou 3 sur le réseau.
        
        Limiter les domaines de broadcast.
        
        Limiter « unknown MAC unicast trafic» =) Quand un switch ne connait pas l’adresse MAC d’une destination.
- - - - Chaque trame envoyée sur la liaison est étiquetée afin d’identifier le VLANauquel elle appartient
    - - Les systèmes d’étiquetage les plus courants pour les segments Ethernet
        
        ISL (Inter-Switch Link) :Protocole propriétaire de Cisco
        
        IEEE 802.1Q :Norme IEEE plus particulièrement traitée dans cette section
- - - - VLAN utilisateur
        Les VLAN de données sont utilisés pour diviser un réseau en groupes d’utilisateurs ou de périphériques.
    - - VLAN 1 (Cisco switch)
        Les VLAN de données sont utilisés pour diviser un réseau en groupes d’utilisateurs ou de périphériques. et appartiennent au même domaine de diffusion.
    - - Un réseau local virtuel natif est affecté à un port trunk 802.1Q
        Un VLAN natif sert d’identificateur commun aux extrémités d’une liaison trunk (prend en charge la transmission du trafic associée à plusieurs VLAN.).
    - - Un VLAN de gestion est un réseau local virtuel configuré pour accéder aux fonctionnalités de gestion d’un commutateur.
      - Pour créer le VLAN de gestion, l’interface virtuelle du commutateur (SVI) de ce VLAN se voit attribuer une adresse IP et un masque de sous-réseau, ce qui permet de gérer le commutateur via HTTP, Telnet, SSH ou SNMP.
  - - - Les réseaux VLAN basés sur les adresses MAC permettent de résoudre le problème de changement de port. En effet, dans ce cas, l’appartenance au réseau VLAN dépend de l’adresse MAC du périphérique et non du port de commutation physique. Lorsque le périphérique est retiré pour être connecté à un autre port, son appartenance au réseau VLAN le suit.
    - - Avec les réseaux VLAN basés sur les protocoles, c’est le protocole de couche 3 transporté par la trame qui permet de déterminer l’appartenance aux réseaux VLAN.
    - - L’un des problèmes que posent les réseaux VLAN basés sur les ports est que si le périphérique d’origine est retiré du port pour être remplacé par un autre périphérique, le nouveau périphérique appartiendra au même réseau VLAN que son prédécesseur.
- - - - Chargement de la Configuration
        Recherche de la configuration de démarrage (Start-Up Configuration) et chargement de cette configuration dans la RAM (Running Configuration).
      - Configuration en Mode Setup > si aucun fichier de configuration n’est trouvé
        
        le routeur se met en mode SETUP (mode de configuration à l’aide d’une suite de questions).
    - - sources locales (port Console)
        
        Le port console est indispensable si le routeur n’a pas d’adresse IP de configurée. s’agit d’un port série qui sera relié par un câble série (Roll Over cable),
        
        à un Terminal Asynchrone (écran + clavier)
        
        à un ordinateur utilisant un émulateur de Terminal Asynchrone comme Putty ou HyperTerminal de Microsoft.
      - sources distantes(interfaces LAN/WAN)
        Dès qu’une adresse IP a été configurée sur le routeur, il est possible de configurer ce dernier à distance, à partir d’un hôte IP
        
        terminal virtuel (VTY)
        au moyen d’un ordinateur équipé d’un logiciel émulateur de Terminal comme Putty ou Telnet par exemple.
        
        client HTTP
        au moyen d’un navigateur (http://@IP_du_routeur).
        
        serveur TFTP
        qui permettront de télécharger un fichier de configuration
        sur le routeur.
- - - - Basic
        value range > matching params
        2000-2999 > source ip
      - Advanced
        value range > matching params
        3000-3999 > Source & destination IP protocol , Source & destination port , time range
      - Layer 2 ACL
        value range > matching params
        4000-4999 > MAC adress
- - - - Branch <-GRE Tunnel- Internet-> Router[HQ]
        a GRE Header is inserted into the packet to build a tunnel
        A virtual is built over the physical Network
        when this packet id recved by the renote site > it wil remove the ethernet and added ip header > check the GRE header and then discover what org ip header ip ipx and continue to forward ito the HQ
      - GRE Packet
        
        GRE - added when entring FGRE Tunnel
        
        IP/IPX - org ip packet
        
        IP - new IP header will be the ip of this physical interface
        source and destination of this GRE Tunnel
        
        Paylaod
        
        Data-Link - Ethernet
- - - - Authorization
        hosts [<NAS Router>-<RADIUS/HWTACACS>] <SW>servers
        for authorization we can configure some groups >> Device Groups > Private(Admin) / Public(ADmin) / Public(Staff) >> configuring diffrent servers into diffrent groups of hosts-users and also users to diffrent userGroup based on conditions like priviliege and acess time
      - Accounting
        hosts [<NAS Router>-<RADIUS/HWTACACS>] <SW>servers
        when host connecting to a Net and we wand to account this user by the login time or by the bandwidth(up bw and down dw) or by traffic
        when
      - Authentification
        hosts <NAS Router> <SW>servers
        for the Auth 1st we must have a NAT NetAceessSserver Router on which we can configure usernames and passwords for users (hosts)
        when auth req comes > NAS check the database if the cred match > then access granted
        User access is managed based on an authentification scheme
        Authentification Mode
        None
        Local (auth users locally on the Router we store the cred) /
        RADIUS mode (we will use the remote server to store the credentials )
- - - - Static NAT
        when the router recv the oacket from inside > in the Router we have a map > NAT map > in it we have the record between private IPs and public ones
        one to one mapping of private to public addresses
        limits for need for address management with session is static NAT
      - Dynamic NAT - large number of hosts
        bicuz of the large number of IPs we create an public ip address Group and then is any of the hosts want t osend traffic out in the internet > Router will select one of public addresses from the Group and give it to the host.. same for others
        Private address mapping based on an address resource pool
        Allows users to utilize public addresses based on need
        one to one NAT > Dynamic cannot save any public ip address ressources
- - - - AH-Auth Header
        
        Authentification
        MD5
        SHA-1
        SHA-2
      - ESP
        both Auth And Enc
        
        Encryption
        DES
        3DES
        AES
    - - IPSec Transport Mode
        Encapsulation modes are defined in Sec Association
        Transport Mode Secures only the payload of the packet
        Destination and source are not change dor hidden in IP
        
        AH+ESP
        Auth whole packet
        Enc what ESP Enc
        
        IP
        
        AH
        
        ESP
        
        TCP
        
        Data
        
        ESP Trailer
        
        ESP Auth
        
        AH
        Auth all even the IP header
        
        AH - Auth data and we can know is this data original or has been modiified by some hacker
        
        TCP
        
        IP
        
        Data
        
        ESP
        Enc TCP / Data / ESP Trailer
        Auth from EST to EST Trailer
        ESP cannot Auth IP header
        
        TCP
        
        IP
        
        Data
        
        ESP Trailer
        
        ESP Auth
        
        ESP - Auth + Enc > even if hacker took a look inside its gonna be encrypted
      - IPSec Tunnel Mode
        Tunnel Mode encapsulates packets in a second IP header
        Sec is extended to the inner IP header and packet payload
        we add a new public IP header a second one to help forward the data trough the internet and hide our originaa IP header
        
        ESP
        
        ESP
        
        IP
        TCP
        Data
        ESP Trailer
        ESP Auth
        
        IP
        
        AH
        
        AH
        
        IP - second
        
        IP
        TCP
        Data
        
        AH+ESP
        
        ESP
        
        IP
        
        IP
        TCP
        Data
        ESP Trailer
        ESP Auth
    - - Establish IPSec Proposal (which P to use...)
      - Identify interesting traffic
      - Create IPSec Policy
      - Ensure Reachability
      - Apply Policy to interface
- - - - kscSrv
        10.3.2.50
    - - servInfo
        10.3.3.56
    - - netInfra
        10.3.4.20
  - - - servSecNessus
        10.1.7.22
- - - - 1erEtg
        10.2.1
      - **
      - 2emeEtg
        10.2.2
    - - wifiDirectionNBA
        10.6.3
      - wifiDUANNW
        10.6.2
- - - - vlanMet
        10.100.71.22
      - vlanINfra
        10.100.71.11
    - - vlanInfo
        10.100.4.25
- - - - 192.168.1.128-126-145
- - - - ftpServ
        172.17.13.1
      - delta
        172.17.13.1
- - - - VlanSolutPCI
        10.0.74.212
      - fortiArc
        10.0.74.254
      - GAB
        10.0.74.21
    - - VlanAdmMon
        10.0.73.100
- - - - Le fichier de configuration du switch tel qu’il sera au démarrage (configuration de démarrage, aussi appelée Start-Up Configuration )
    - - Une ou plusieurs versions d’IOS. (La RAM Flash est couramment appelé la FLASH).
    - - Le programme auto-test de mise sous tension (POST = Power-On Self-Test), le programme d’amorçage du switch, tout ou partie du système d’exploitation appelé IOS (Internetworking Operating System).
    - - La configuration active du switch (configuration en cours aussi appelée Running Configuration ou RUN), la table de commutation, les addresses MAC
  - - - Chargement de la configuration
      - Configuration en mode SETUP
        si aucun fichier de configuration n’est trouvé, le switch se met en mode SETUP
- - - - mode interface
        commandes examples > ip address , ipx address1 , encapsulation..
      - mode ligne
      - mode routage
        une commande pour passer a ce mode par exemple > router ospf
  - - - mdp pour acces au mode privilieged (stocke en clair) > Switch(config)# enable-password MotDePasse
      - mdp ( crypte MD5 ) > Switch(config)# enable secret password MotDePasse
      - Par défaut, les mots de passe apparaissent en clair lors de l’affichage du fichier de configuration (startup-config ou running-config). > donc on va active password-encryption pour qu'ile soient chiffres '
        
        enb > Switch(config)# service password-encryption MotDePasse
        
        deb > Switch(config)# no service password-encryption
    - - La connexion au switch s’effectue par le port console en utilisant la ligne associée à ce port ou bien à distance en utilisant les lignes virtuelles VTY
        
        acces par Console
        Switch(config)# line console 0
        Switch(config-line)# password mdp
        Switch(config-line)# login
        
        acces par VTY (switch ayant 0-15 VTYs)
        Switch(config)# line vty 0 15
        Switch(config-line)# password MotDePasse
        Switch(config-line)# login
    - - supp > Switch(config)# no hostname
      - def nom domaine > Switch(config)# ip domain-name Nom-Domain (ensao.ma)
      - def nom de switch > Switch(config)# hostname Nom-Host
      - supp nom de domaine > no ip domain-name
    - - Visualisation
        show interfaces FastEthernet0/1
    - - running-config ( Memoire vive)
        commande le fonctionnement du peripherique
      - startup-configuration ( Memoire NVRAM)
        au demarrage starttup-config est copie de la memoire NVRAM vers la memoire vive et execute comme configuration en cours (fichier running-config)
    - - Une fois qu’un commutateur est configuré avec une adresse IP et une passerelle, il en utilisant l’adresse IP et le port 80, port par défaut pour HTTP
        
        enb > Switch(config)# ip http service
        Switch(config)# ip http port 80
        
        deb > Switch(config)# no ip http service
        Switch(config)# no ip http port 80
- - - - serveur VTP
        VTP server va diffuser la modification vers les autres switchs VTP client.
      - client VTP
  - - - Client VTP
        
        Les clients VTP fonctionnent de la même manière que les serveurs VTP, sauf que vous ne pouvez pas créer, ni modifier, ni supprimer des réseaux locaux virtuels sur un client VTP.
        
        Un client VTP stocke uniquement les informations VLAN pour l’ensemble du domaine pendant que le commutateur est sous tension.
      - Transparent VTP
        
        Les commutateurs transparents transmettent les annonces VTP aux clients et serveurs VTP.
        
        Les commutateurs transparents ne participent pas au protocole VTP
        Les réseaux locaux virtuels créés, renommés ou supprimés sur un commutateur transparent sont uniquement associés à ce commutateur.
      - Serveur VTP
        
        Les serveurs VTP annoncent les paramètres VLAN de domaine VTP aux autres commutateurs compatibles dans le même domaine VTP.
        
        Les serveurs VTP stockent les informations VLAN pour l’ensemble du domaine dans la mémoire vive non volatile.
    - - Le protocole VTP utilise une hiérarchie d’annonces pour distribuer et synchroniser les configurations VLAN sur le réseau.
      - Chaque switch supportant VTP multicaste périodiquement des informations aux autres switchs par leur port trunk.
        Ces informations comprennent le management domain, la version de VTP, les VLANs et leurs configurations.
    - - Tous les commutateurs d’un domaine partagent les détails de configuration VLAN à l’aide d’annonces VTP.
      - Ce domaine doit être identique sur tous les switchs qui devront partager des informations sur les VLANs
- - - - Une connectivité physique implique une connexion physique séparée pour chaque VLAN =) Cela signifie une interface physique distincte pour chaque VLAN
    - - Une connectivité logique implique une connexion unique, ou agrégation, du commutateur au routeur. Cette agrégation peut accepter plusieurs VLAN
- - - - serveur VTP
        VTP server va diffuser la modification vers les autres switchs VTP client.
      - client VTP
  - - - Client VTP
        
        Les clients VTP fonctionnent de la même manière que les serveurs VTP, sauf que vous ne pouvez pas créer, ni modifier, ni supprimer des réseaux locaux virtuels sur un client VTP.
        
        Un client VTP stocke uniquement les informations VLAN pour l’ensemble du domaine pendant que le commutateur est sous tension.
      - Transparent VTP
        
        Les commutateurs transparents transmettent les annonces VTP aux clients et serveurs VTP.
        
        Les commutateurs transparents ne participent pas au protocole VTP
        Les réseaux locaux virtuels créés, renommés ou supprimés sur un commutateur transparent sont uniquement associés à ce commutateur.
      - Serveur VTP
        
        Les serveurs VTP annoncent les paramètres VLAN de domaine VTP aux autres commutateurs compatibles dans le même domaine VTP.
        
        Les serveurs VTP stockent les informations VLAN pour l’ensemble du domaine dans la mémoire vive non volatile.
    - - Le protocole VTP utilise une hiérarchie d’annonces pour distribuer et synchroniser les configurations VLAN sur le réseau.
      - Chaque switch supportant VTP multicaste périodiquement des informations aux autres switchs par leur port trunk.
        Ces informations comprennent le management domain, la version de VTP, les VLANs et leurs configurations.
    - - Tous les commutateurs d’un domaine partagent les détails de configuration VLAN à l’aide d’annonces VTP.
      - Ce domaine doit être identique sur tous les switchs qui devront partager des informations sur les VLANs
- - - - Une connectivité physique implique une connexion physique séparée pour chaque VLAN =) Cela signifie une interface physique distincte pour chaque VLAN
    - - Une connectivité logique implique une connexion unique, ou agrégation, du commutateur au routeur. Cette agrégation peut accepter plusieurs VLAN
- - - - Duplication de trame
        
        la station A envoi une trame vers la station B,
        les 2 switchs A B reçoient la trame sur leur port, extraient
        l’adresse MAC de destination (A / B) et la commute sur le port >> station B reçoit bien les 2 trame de la meme station A
        
        donc la trame sera forgée avec les informations suivantes
        Adresse MAC source : MAC A.
        Adresse MAC destination : MAC B.
        
        duplication de trame
      - Instabilité de la table de commutation MAC.
        
        MAC database instability—Instability in the content of the MAC address table results from copies of the same frame being received on different ports of the switch. Data forwarding can be impaired when the switch consumes the resources that are coping with instability in the MAC address table
      - Tempête de broadcast. > broadcast storm
        
        est une saturation du réseau entraînant son blocage lors de laquelle les messages (trames) transmis en diffusion (souvent des messages d'information, de demande d'information ou d'erreur) donnent lieu à une réponse des hôtes sur le même domaine ...
        
        example > ARP request (2 switchs case )
        
        Le HUB reçoit la trame sur son port =) la duplication de la trame sur tous ses ports.
        La trame sort donc du HUB et se dirige vers le switch du haut >> [ Le switch du bas reçoit la trame sur son port, extrait l’adresse MAC de destination (FF :FF :FF :FF :FF :FF) et la duplique sur tous ses ports car]
        et se dirige vers le switch du bas [meme chose].
        
        Les trames tournent sans arrêt entre les 2 switchs, faisant monter leur CPU à 100% et les font plus ou moins planter (souvent un reboot est necessaire >> Broadcast Storm
- - - - Étape 2 : Désignation des ports racine (RootPort (RP))
      - Étape 3 : Choix (élection) des ports désignés(DesignatedPort (DP))
      - Étape 1 : Désignation (élection) d’un switch racine (Switch ROOT).
- - - - Priorité de pont (2 oct) | L’adresse MAC (6 oct)
        
        utilise dans Les premières versions du protocole STP pour des réseaux n’utilisant pas de réseau local virtuel (VLAN).
        Il existait un seul arbre recouvrant commun sur tous les commutateurs >> l’ID système étendu
        n’était pas obligatoire dans les trames BPDU.
      - Priorité du switch (4 b) | ID système étendu (12 b) | MAC (6 oct)
        
        | Priorité de pont (12 octs) |
        a l'intro des VLANs le protocole 802.1D a été modifié afin
        d’inclure la prise en charge des VLAN, imposant l’intégration d’un ID de VLAN dans la trame BPDU. > Identifier le VLAN de la trame BPDU
        
        Example priorité par défaut (32768) + r l’attribution
        du VLAN 1 >> (32768 + 1) = 32769
    - - En Cas d'Egalite
        
        L’ID de switch est l’adresse MAC affectée à chaque commutateur
        puisque le MAC unique, et on a la garantie qu’un seul switch aura la valeur la plus faible (comparons les MACs a l'egalite)
  - - - Ports désignés (DesignatedPort (DP))
        tous les ports non racine qui sont autorisés à acheminer le trafic sur le réseau.
      - Ports alternatifs et ports de sauvegarde (BlockedPort (BP))
        Des ports alternatifs Sont configurés avec un état de blocage, pour éviter la formation de boucles et sont sélectionnés uniquement sur les liaisons trunk où aucun port de périphérie n’est un port racine.
        Les ports bloqués "blocking" ne reçoivent que les unités BPDU.
      - Ports racine (RootPort (RP))
        ports de commutation les plus proches du pont racine.
      - Ports désactivés :
        un port désactivé est un port de commutation arrêté.
    - - Les autres commutateurs doivent localiser les chemins redondants vers le switch racine et ne laisser accessible qu’un seul de ces chemins (ce qui implique de bloquer tous les autres) en utilisant des unités BPDU.
      - unlike Root Switch Les autres commutateurs vont sélectionner un seul port Root qui aura le chemin le plus court vers le commutateur Root.
      - Tous les ports de commutateur Root sont des ports Designated, autrement dit, ils sont en état « forwarding », il envoient et reçoivent le trafic.
      - Par défaut, le coût du port est basé sur le média ou la bande passante du port
      - Les ports directement connectés au pont racine seront les ports racine. Sinon, le port présentant le coût du chemin racine le plus bas sera le port racine.
- - - - Partie A : Les informations sur les codes des routes
      - Partie B : Les informations sur les routes de table de routage.
        
        c4. joignable par telle prochaine interface.
        
        c5. âge de la route apprise
        
        c3. distance administrative / valeur de la métrique (coût), pour
        le cas de routage statique, le coût (métrique) = 0
        
        définit la préférence d’une source de routage.
        
        La distance administrative est une valeur entière comprise entre 0 et 255. Plus la valeur est faible, plus la source de la route est privilégiée.
        type de p de routage
        
        Connecte > 0
        Statique > 1
        ....
        
        c6. : interface de sortie du routeur.
        
        c2. reseau de destination
        
        c1. type de p de routage < partie A
    - - routes directement connectées.
      - routes non directement connectées.
- - - - Methode1
        
        Pour garantir que le commutateur possède la valeur de priorité de pont la plus basse du réseau
        
        SwitchX(config)# spanning-tree vlan vlan-id root primary
        
        définir un pont racine alternatif
        
        SwitchX(config)# spanning-tree vlan vlan-id root secondary
      - SwitchX(config)# spanning-tree vlan vlan-id priority value
- - - - port alternatif
        RSTP prend en charge un nouveau type de port est le port alternatif en état de mise à l’écart
      - port designe
      - port racine
      - mise à l’écart (discarding)
      - apprentissage ou acheminement.
      - Suivant l’élément connecté à chaque port, deux types de lien peuvent être identifiés :
        
        Point à point
        
        un port fonctionnant en mode bidirectionnel simultané connecte généralement un commutateur à un autre commutateur, et constitue un bon candidat pour une transition rapide vers l’état de réacheminement.
        
        Partagé
        
        un port fonctionnant en mode bidirectionnel non simultané raccorde un commutateur à un concentrateur, pour la connexion de plusieurs périphériques.
- - - - Brodcast Storm
        swtching loops allow for broadcast storms to occur and duplication of frames to be recvied
        for example seding a broadcast to a SWs triangle from SWB for example will cause it to forward that broadcasr on all its interfaces to SWA and SWC which themselfs will forward thoses broadcast to themselfs and to rest of Net
        reapeating again and again >> causing Broadcast Storms that will not stop until all links bandwidth got used up
      - MAC instability
        Recving previously forwaded frames generates false MAC entries and intability within the MAC address table
        for example seding a broadcast to a SWs triangle from SWB for example which will learn the MAC address of that host through its interface > the broacast will make its way through the other SWs all the way back to SWB from another another interface >> casing the SWB to see that prev item MAC address with the 1st interface is wrong soo its deleted and new item is created to the mac address table with last interface and keeps happening on either one of the interfaces each time > keeping the SWB busy deleting and adding
  - - - Selecting the Root
        
        BPDU Bridge Protocol Data Unit
        when selecting the Root Sws need to negotiate each other > for that negotiation information sent is BPDU
        BPDU uses the IEEE 802.3 standard frame type
        
        part 3 > Timer
        BPDU are discarded when Message age exceeds Max age
        
        Max Age > represents the aging timer og BPDU
        MAX AGE is 20 (20secs) > means if the BPDU being forwarded among 20 switches > gets deleted (bigger Sw Nets are not recommanded (7 Net diamter is recommanded ))
        Eg > 2 hops(MAS Age) + 18 secs >> BPDU packet deleted > means it should be recalculated
        MAX Age rep the aging timer if a BPDU
        BPDU are discarded when Message Age Exceeds Max Afe
        
        Message Age (increase +1 each time it pass a switch) .> the aging timer of BPDU
        BPDU are discarded when message Age exceds MAX Age
        as we know the BPDU negotiate with the switches in a BPDU interval of 2 seconds which can be changed
        mwssage Age means > it takes time for each switch to recv the BPDU packet and process amd send it out >> cannot be accurately calculated soo we assign one Second >> for one Hop of the Switch (when the 1st switch send it out(root switch) > MSG AGE is 0 gets increased by 1sec for each switch we pass in the level)
        
        Hello Time
        
        Fwd Delay
        Another Timer is the Forwards delay > when switches calculate which is the best path > and some links sould be blocked > it needs time
        the BPDU sent out and in 2 seconds switches should negotiate
        For example if the root bridge sends out a message > in worst conditions itl take the longest path means the lowest child of the tree > lets say its secong hop after root which means 2sec * 2 = 4secs
        Meaning the calculations of the best path needs time >> the IEEE assigns a value of 15 secs for the best path to be calculated
        Switch should wait 15 secs to forward data >> this Timer we call it forwarding Delay
        
        part 1
        
        PID > ProtoID
        
        PVI > ProtoVersion ID
        
        BPDU Type
        
        Flags
        
        part 2 used to know which path is the best path
        
        Root ID > whhos the root
        
        Bridge ID > which switch is rsending the BPDU
        
        Priority
        
        Mac Address
        
        Port ID > which port is sending BPDU
        
        where the root path cost is equal , > a port identifier is used to determine the active alternate paths to the root
        
        RPC > root path cost > from switch to root
        
        BID Bridge ID (electing the root bridge > best path)
        
        BID are used by the STP to identify who you are (each switch)
        Bridge identifiers are used to elect the root bridge
        bridge priority can be manipulated to force root selection
        
        Mac Address
        
        Priority Value - 0>64535(64k) - 2B
        step value of priority is 4k - not all values can be used
        max used is 61440 | min is 0
        lowset 12bits of 2B cannot be used > always put to 0
        By Default each SW have the Same Pvalue > 32768 (32k)
        Smaller P wins (will be the Root Bridge)
        
        Root Election Process
        
        Switches Powered on and they will negotiate each other with the BPDU and then compare the BID in each other to decide who is the smallest value (compare priority > then mac address)
        Afther this exchanfe switch with smallest value become the Root
        All STP SWs advertise BPDU to peers with self as root
      - calculate the best path to the root
        we know switches calculate best path to root > root selection based on BID (smallest BID wins) then the other non-root switches calclate the best path to the root using some params
        
        Spanning Tree Port Roles
        Spanning tree Supports Designated , root, and alternate(blocked link)port roles
        the Root Path cost enables port to be determined
        
        Root SW have all Designated Ports
        nonRoop Sws have one Root Port to the Root Sw and other are either Designated or Alternate (Port wiith worst Cost should be Bloacket(Alternate))
        
        Path Cost
        Root Path cost is carried in the BPDU and used to determine the shortest path to the root
        path costs depends on the link types (cost of GigabitEthernet is smaller than FastEthernet smallesr than 10Mbips Ethernet)
        
        Root Path Cost vs Path Cost
        RPC root path cost is the path cost from switch itself towards the root(sumary of all the links)
        the path cost is the ccost of one link
        
        Which value should we used > Path Cost Standards
        STP supportts various path cost standards
        the 802.1t is the default standard used ny huawei switches
        Port Speed>802.1D>802.1t>Path Cost Legacy
        10Mbps>99>1999999>1999
        100Mbps>18>199999>199
        1 Gbps>4>20000>20
        10 Gbps>2>2000>2
        
        Port ID - calculate the best path
        Where the Root path cost are equal a port identifier is used to determine the active and alternate path to the root
        Have 2 parts > Priority value | Port Number
        
        assuming we have SW triangle (SWA is root)
        between SWA and SWB we have 2 links > if the 2 links are in forwarding state > then theres a loop > one link must be bloacket
        SWA root > both its interfaces are Designated > one of the 2 should be Bloacked (link are parallel and to the same SWB > soo they have the same root path cost ) >we cannot decide
        in this case we use the Port ID (diffrent ports) > interface 1 wins on interface 2
        
        Priority value - can be changed
        
        Port Nimber
        
        After Root Bridge is selected > all Switches will calculate their own RPC root path cost
        lets say in a triangle Sw Net > we have the SWA as the Root (both ports are designated ports)
        SWB and SWC will calculate the Root path cost and find theit best path to the SWA Root (Root links) > then it should last the link between the 2 SWB and SWC where they will exchange each other lets say RPC are the same > comparing nexr the thrd field in the parameters > the Bridge ID (Priority + MAC Address) smallest wins > lets say SWB wins >> meaning SWB is the designated port > SWC should be blocked
        in a Scenario where SWC conncet 2 link with another SWD > we have BID is the same for SW on all its interfaces including the 2 link with that SWD >> SWC choose the best path using the PortID
        
        Port State Transition
        When SW is calculating which port should be forwarding data , which port should be blocked > we cannot forward data at that time > this is the state of transition in finite state machine
        For each State if somthing gone wrog or the link is pulled off > then interface is down >> getting to the Disabled State
        
        1st > Disabled > interface is down >
        
        1st State > Blocking > will be immediately changed to other state
        
        2nd State > Listening - 15 secs > Switch will send BPDU and recv BPDU
        oin this Time the SW calculate which path is the best path to the root
        it could that this time is suffcient for calculating but IEEE predict that can somthing go wring and 15 secs not enough soo in that case the IEEE add another 15 secs in the Learning State
        
        Leaning State -15secs > waiting for all SWs in the NEt to converge in that time - in this state also no data can be forwarded but if the connected host sends data to the Switch > SW will still learn the Source MAC address and puts into the source MAC address table (Accepting , Dropping but no Forwarding)
        
        1 more item...
      - Root Election Process
        all STP switches advertise BPDU to peers with self as root
        Port Role Establishment Process
        
        the Bridge ID and root Path Cost are used to elect port roles
        
        Port State Transition
        
        Disabled / Blocking / Listening / Learning / Forwarding
        
        Topology change Process (method to solve MAC address table when topology is changing )
        
        topology chanfe notification informs root of the topology change
        Root Fllushes enteries using BPDU with TC bit set
        
        Topology Change MAC Refresh
      - Root Faiiure
        Non Root bridges wait for MAX age before assuming loss of root
        Re-Convergene is then initiated, beginning with root election
        swtches A B C , A is root switch
        Indirect Link Failiure
        SW B begins root election but BPDU is ignored by switch C
        Root BPDU os propagated to SW B after MAX agre Expires
        Direct link Failiure
        
        Switch B detects failiure and switches alternate port to root port
        STP converges after 2x forward delay (30 secs by default)
        
        Topologuy change MAC Instability
        change in the STP topology may invalidate MAC table enteries
        MAC table enteries expire only after 300 secs by default
      - how STP decisions are made for example blocking a link
        idea of STP is to find a tree > spanning tree in the topology (Sws topology)
        most important thing in the tree is the root >
        
        choose a root (switch as a root of the tree)
        
        all the others calculate the best path to the root >> if this path is not the really the best from switch to the root and there is a path better then the path will be blocked
      - After the STP Calculations > Network is Stable and some links are in forwarding state and Some Links are Bloacked > if Some error happens then how will STP react to these conditions
        
        Root Failiure
        if the Root Bridge is down
        Eg>SW triangle
        as we knwo after the STP calculation > only the Root bridge SWA will send out BPDU
        when other Non-Root Bridges SWB/SWC recv the BPDU from the root port > it will forward it for the next switch
        NonRoot Bridger wait for max age before assuming loss of root
        if the root bridge is down > SWB and SWC will wait for the BPDU (it will not be sent to other switches) but just wiat for the MAx Age Byy default > 20 secs
        After 20 secs BPDU timed out then the BPDU is deleted > then SWB and SWC know that the Bridge root is down >> begin to Calculate new STP
        ReConvergence is then initiated, beginning with Root Election
        in the finite state machine the new STP calculation needs 2 ForwardingDelay 2*15secs > 30 secs [Learning State(15) + ListeningState(15)]
        the Total covergence MaxAge(20) + 2*15 >> 50secs
        
        Indirect Link Failiure
        SW Triangle SWA is Root STP calculations has been done SWB has one root link and one Designated link and SWC has one Root link and one Blocked link (not forwarding data) after SWB and SWC have already exchanged each other..
        the link which is down is on SWB but SWC dosent know if somthing wrong happened bicuz the link connceting to SWB is alternate(Bloacked)
        Afther the link on SWC is down > SWB can detect that but not in same way back
        if the root link on SWB is down then SWB will loses the root port > SWB will imediately recalculate the STP / SWB does not know there is another path to the Root Bridge cuz SWC link is bloacked >> SWB will elect itself as the RootBridge > and it sends BPDU packets to the SWC which accept cuz even in bloacked link BPDU packet can be recved but still SWC drop it cuz its not better than the SWA BPDU (lower priority) > SWC wil not respond , but at that time SWB is still waiting for the respond (MAXAGE>20secs) then the SWB will elect the port btw SWC and SWB as the root port (This Convergence need 50 secs)
        
        Direct Link Failiure
        SW Triangle (SWA is the Root (and there is 2 links between SWA and SWB))
        means the Failiure Link is on the Switch that has alternate port
        assuming alternate port is on SWB , in this scenarion we have 2 links between SWA and SWB (root and alternate) (equal links)
        Aftter the calculation the second Second link is Blocked on SWB, then somthing happend and 1st link the forwarding link iis down
        After forwarding link (root) is down > SWB knows that the only root port is lost > So SWB recalculate the STP IMMEDiaTelY(no maxAge waiting) then we find that the 2nd link which blocked is the best path to the root and this calculation also need to pass the finite machine (2 forward delay) 30 seconds
        (SWB detectes failiure and switches alternate port to root port + STP Converges failiure after 2x forward delay (30 secs by default))
        
        Topology Change MAC Instability
        SW Triangle hostB connected to SWB anf hostC connected to SWC
        After the calculations The SWC link btw SWB and SWC is blocked
        the communication between hostA and hostB is made throughout the SWBAC path > SWC MAC Adddress Table >> 2 interfaces with MAC Address towards (>SWA,>SWB)
        the output interface(>towards SWB)> when this link is down < then after the recalculating > the SWC link is up as weve seen in the InDirectLink Failiure Soluution
        the data btw hostA and hostB should now go the way SWBC link but what it seeems that MAC table still point to SWA soo the frame still goes passed SWA soo SWA cannot forward (SWAC link down ) >> frame dropped >> Changes in the STP topology may invalidate MAC table entries
        MAC address table Expiraiton time is 300secs > long time for communication between hostA and hostB to be disruped
        Solution > the idea is to delete the MAC address items immediately after the topology is changed
        
        Topology Change Process
        mechanism > when the topology is changed at a certain SW of the Tree > another Type of BPDU > TCN BPDU > TopologyChangeNotification BPDU
        after ToppChange > SW detects it and sends a TCN BPDU towards the root and when the upper layer SW (in the Tree) gets this information >> it sends a configuration BPDU(with the flag bit that the topology change Aknowledgement >> meaning that this is a notification that tells SW > Topology Changed ) > then SW aknowledge it back and forward that to upper layer SW same thing step by step until we get to Root >> after the root know > in the next long period >> it will send out the Conf BPDU with the (TC TopologyChange bit = 1 ) informing all the SWs back that toplogy changed > MAC address table on SW then cannot be used > MAC Table items must be deleted > new MAC address table should bed learned
        Root Flushes MAC entries using BPDU with TC bit set (inform all SWs MAC address table should be timed out) > items wil be deleted immediately
- - - - RSTP Port Roles
        other than the main 3 ports that were in STP
        
        Roles > Description
        Backup > a backup path to doownstream nodes, where links exist on the same LAN segment as the designated port
        Alternate > an Alternate path to the root bridge that differs from the path provided by the root port of the switch
      - RSTP Edge Ports
        Systems that do not participate in RSTP connect to edge ports
        Edge ports do not recv BPDU and can instantly forward data(dosent take part in STP calculations >> no need to wait 15secs)
      - Port States of RSTP
        State > port Role
        
        Discarding
        Disabled / Alternate / Backup / Root / Designated
        
        Learning
        Root / Designated
        
        Forwarding
        Root / Designated
    - - Unused fields of the STP BPDU are active within RSTP
        New capabilities are introduced as part of RSTP
        f;ags are changed / ...
      - Designated switches generate their own BPDU at Hello Time , regardless of whether an RST BPDU has been recved which diffrent from the STP process
      - RSTP Convergence
        All RSTP enabled switches begin as root and send RST BPDU
        Ports are set to a designated role and a discarding state
      - RST BPDU Proposal
        proposals are sent in RST BPDU during root election
        a switch will ignore a proposal if it has a better bridge ID
      - RSTP sychrronization process
        Upon recving a superior BPDU > Swtch the Current Switch will cease to send RST BPDU cotaining proposals and begin to sychronize
      - RST BPDU Agreement
        once all downStreams non-edge designated ports have been blocked > current switch will send agreement with the RST BPDU
      - RSTP Converged Link
        The downStream port is again unblocked and a new round of sychronization occurs between non-root Switchs
      - Link/Root Failiure
        Loss of upstream RST BPDU signals link/device failiure
        Proposal and agreement based convergence will ensue
      - Topology Change Process
        During the sending of an agreement , addresses are flushed for all ports except the port on which the RST BPDU was received >> for this we neet the TCN Topology change notification informs Nets on topoChanges immediately without having to inform the root
- - - - Manual Mode
        we create a logical interface on the switch from both sides and then put the physical interface into the logical interface on both Sides >> link will work in aggregation mode
        switchs do not send any protocol to negotiate if its working in aggregation mode
        in Manuall mode all links load balance and are forwarding
      - LACP LinkAggregationControlProtocol Mode
        we create a logical interface on the switch from both sides and then put the physical interface into the logical interface on both Sides > interface should be configured in LACP mode
        After its Configured sides will use the LACP to negotiate is the 2 links should be put in the same aggregation Group or not
        Also Provides Backup function > 3 Physical links are put in the logical link but only 2 are working > third put as bacckup
        LACP mode supp backup links for redundancy
- - - - UT Untagged frame
        remove Tag From tagged VLAN Frame
      - TG Tagged Frame
        VLAN tag is inserted to distinguish frames for each VLAN
        carry many Vlans on one EtherFrame
        
        Tag
        
        PCP
        
        DEI
        
        0x8100 > just to know that this is a tag
        
        VLAN ID > what vlan this frame belong to
        
        Type
        
        SMAC
        
        Data
        
        DMAC
        
        FCS
  - - - Trunk uses Tagged Frame
        a trunk represents a backbone for the transmission of VLAN traffic between switches
      - Access uses Untagged frame
    - - Access
        Access portd trmove VLAN tags before forwarding frames
        with exception when frame is a BPDU frame
      - Trunk
        frames carried over a trunk link may be tagged or untagged
        All VLANs must be permitted before being carried over a trunk
      - Hybrid = Trunk + Access
        Hybrid ports are defined as either tagged or untagged
        VLAN communications can be managed on a port by port basis
    - - MAC Based
      - IP Subnet Based
      - Prottocol Based
      - Policy Based
      - Port Based
- - - - Dynamic (users)
      - Auto (management)
      - Manual (Server)
    - - DHCP DISCOVER (host)
      - DHCP OFFER (server)
      - DHCP REQUEST (host)
      - DHCP ACK (server)
- - - - Client
        
        User Protocol Interpreter
        
        Control Connection
        
        User Data Transfer Process (FS)
        
        Data Connection
        
        User Interface
      - Server
        
        Server Protocol Interpreter
        
        Server Data Transfer Process (FS)
      - When the Ftp is Running the Client and server need to establish 2 TCP connections >> Data Connection and Control Connection
        control connection is used to send a command from the client to the server > usees the port 21
        data connection used to send data , file between the client and the server usees TCP port 20
    - - Transmission modes
        
        Binary Mode > files and images
        
        ASCII Mode > send Txt Files
        
        Trasmission modes define the format of data before it is carried between the server and reciver
- - - - Telnet Client
        
        Terminal Driver
        
        Use at Terminal
        
        TCP/IP
        
        TCP Connection port 21
      - Telnet Server
        
        TCP/IP
        
        Pseudo Terminal Driver
        
        Login Shell
- - - - Router ID
        router ID is 32-bit value to uniquely identify each router running the OSPF protocol can be configured manually but if not the OSPF can configure automatically > will choose a router id from the logical interface IP address
        and if we are creating the logical interface >> the OSPF wiil choose the Router ID from the physical interface
  - - - in the Broadcast Net there is many Routers attached to one Net Segment so they can discover each other as neighbors and synchronize LSDBs with each other >>
        each router synchronize LSDB with each other >> causes a lot of traffic soo for ythat The OSPF designs a disignated Router mechanism
        
        Designated Router
        Among all other routers > only one Router will be the Designated Router and all other routers synchronize their LSDBs with The Designated Router(same LSDB)
        
        Backup Designated Router
        if there is only one designated Router and it goes Down << other Routers will not be able to Synchronize
        
        for that we use the Backup Designated Router as backup > then Routers Synchronize with DR if its up and also eith the backup DR
        
        Neighbot States
        Afther Designing the DRand BDR the Neibor have 2 States
        
        Defines form of relationShip Btw Neighbors
        2 Nbors states are possible > Neighbor and Adjaccent
        
        Neighbor State
        2 Routers other than The DR and BDR can see each other
        Attached to the Same Net Seg
        
        Adjacent State
        relation Between DR and dBDR is adjacent
        LSDB is synchronized beetween these 2Routers
        
        RelationShiopp btw the 2 States
        Link State Establishemtn
        State Changes allow for neighbor relationShips to be achieved
        
        Adjacent
        
        ExStart
        
        Exchange
        
        2 more items...
        
        Neighbor
        
        Down
        
        Attempt
        
        1 more item...
        
        init
        
        2 more items...
        
        Neighbor Discoery
        The Hello Protocol is reponsible for neighbor discovery and maintenance for 2 way communication btw neighbors
        
        Designated Router Election
        A Designated Router is Elected based on the priorite value (whos DR and whos BDR)
        in Hello PAcket Priorite field contains priority of each router(bigger value higher priority) 0 means router will neven be elected as DR or BDR >> broadcast Net
        in P2P Net DR will not be elected (P2P ethernet link) and we can change manually the Net Type if we dont need The DR and BDR
        [RT]>interface GigabitEthernet0/0/0
        [interface]>ospf network-type p2p
        
        DataBase Synchronization
        After theDR and BDR is selected (already discovered each oter and dformed a neighbor relationShip)> they will Synchronize the LSDB
        for the P2P Net There is no [roblem concerning This
        When First Sychronizing they send themselves a list LSA in their LSDB
        each Router have an LSA but diffrent
        for that they use a DD(DatabaseDescritption) packet to exchange the list then they know each other from that list << if LSDB has already been the same > they dont need to exchange that list
        
        Neighboring routers form a master/slave relationship
        DB Description packets conatin LSA header information
        
        Establishing Full Adjency
        Missing ir newer instances of LSA are requested using LSR
        the Entire requested LSA is sent as an update
    - - Non Broadcast Multi-Access (NBMA)
        emulated the brodcast Net so the DR will still be chosem but because its not the same as the brodcast the DR selection should be careful
      - Point 2 MultiPoint
        emulated the P2P Net soo no DR will be selected on this NEt Type
  - - - OSPF Areas - Single Area
        a single link state database for the administrative domain
        Any Area bumber can be assigned but area 0 is recommanded
        The value of an area can be from 0.0.0.0 to 255.255.255.255.
        All of the links of the network need to be advertised in Area 0.
      - OSPF Areas - Multi Area
        in the Center of MutiArea Net is the Area 0 > backbone area / other normal areas must connect the backbone Area and exchange routes betwen area 0 and other Areas
        Areas build separate LS databases minimize impact of change
      - OSPF Network Advetisment (Area Config)
        [RT]>ospf 1 router id 1.1.1.1 (1 > process number)
        [RT-ospf]>area 0
        [area0]>network 192.168.1.0 0.0.0.255
        The NEt Command defines the Net to Be Advertised
        Route Advertisments are forwarded based on areas
        Configuraiton validation
        [RT]>display ospf peer
      - OSPF Authentification
        [RT]>interface GigabitEthernet0/0/0
        [interface]>ospf authentication-mode md5 1 passwd
        OSPF supp 2 form of auth, simple pass or crypto auth
        if passsws not the same in the 2 routers > they will not form a neighbor
        Configuration Validations
        [RT]terminal debugging
      - OSPF Silent Interface
        [RT]>ospf
        [ospf]>silent-interface GigabitEthernet0/0/0
        silent-interface command prevents an interface from forming neighbor relationships with peers
        Configuration Validation
        [RT]>display ospf 1 interface GigabitEthernet0/0/0
- - - - Next Header
      - Traffic Class - 8
      - Flow Label - 29
      - Payload Length
      - Hop Limit
      - Source Address - 128
      - Version - 4
      - Destination Address - 128
    - - Fragment
        Fragmentation Extension Header
        not all packets require fragmentation
        
        Reserved
        
        Resv.
        
        0x06(TCP)
        
        Fragment OFfset
        
        M.
        
        Identificcation
  - - - Prefix - network address - 4 octets
      - interface Identifier - host address - 12 octets
    - - Unicast
        Global Routing Prefix - 48 | Subnet ID - 16 | Interface ID - 64
        Global unicast address prefixes are used for public networks
        Prefix ranges are reserved for avarious IP transmission methods
      - Multicast
        11111111 | Flags - 4bits | Scope - 4bits | Group ID - 112bits
        Multicast addresses are distinguished by an FF00::/8 prefix
        Select Multicast address groups are reserved for prtocol use
        Address Range > Desc
        FF02::1 > all nodes addresses (Link Local)
        FF02::2 > All Routers Addresses (Link Local)
      - AnyCast
        means > for some servers theyre providing the same service for having 2 http servers network > we can configure the same unicast address for them
        if a cient wants to access to the servers > they will be accessed the closese server of servers having the same service >> fast connection and saving ressources making the resundancy of the server
        unlike traditional method where we have to change the server ip to the main server ip when when its down
        AnyCast allows multiple instances of a service to be associated with a single address enabling a variety of servicce applications
- - - - LL LinkLayer
        using the LinkLayer Address
      - LLT LinkLayer+Time
        we use the LinkLyer Address and the Time Step to generate the DUID
  - - - Enabilng DHCPv6 Communication
        IPv6 Client <> DHCPv6 server[FF02::1:2, A;; DHCP Relay Agents & Servers]
        Link local addresses are used as source address by clients , DHCP servers reached via the multicast address FF02::1:2
        if the Clinet and DHCP server are not in same Net (not same link) we will need the DHCP relay agent
      - Assigning IPv6 Addressing
        Clinet <> Server
        Discovery of servers and assigning of IPv6 Addresses and configuration parameter relies on a set of 4 params >>
        Clinet >> 1.Solicit(req pv6 address and some params) |
        Server >> 2.Advertise (ipv6 address and some params)
        Clinet >> 3.Request (clinet may recv severale AdvPackets from diffrent servers >> soo it will select the optimal server based on te priority of the server and then it will the multicast the request to tell them which server is the optimal server )
        Server >> 4.Reply >> optimal server will reply to confirm that that ipv6 address is now used by you the client
      - Statful Addressing
        RA contains managed (M) and other (O) configuration flags
        Stateful addressing (DHCPv6) used where flags are set to '1'
        
        if there Router in Net > Clinet Send RS packet >> RT sends back RA packet to provide the prefix for the client
        
        If there is DHCPv6 server in Net so Now Router will send RA that contains the maanged M and other O configurations flags
        
        if (O=1,M=1) > we will use the Stateful addressing >> DHCPv6 server will provide the IPv6 addresss and other params for the client
- - - - ACC
        
        Sws
        
        Sws
        
        |
        
        we need to decide
        
        Sws
        
        Sws
- - - - Sychronous
        in Synchronous Net we have 2 ends > one end is DCE Data CircuitTerminating Equipment and the other end is DTE DataTerminalEquipment
        and we must have a clock for the synchronization betwenn the 2 ends
        in this Net the Data unit will be the frame soo frame can be whatever size it must be // Flags are used to mark the Start and end of 1 Frame
        Frame >> Flag Data Flag
      - ASychronous
        when we send the data > the sending unit is the byte which means every time we can send one byte of data and in these bytes we must mark the start of the byte and the stop >> soo lot of start and stops bits > lot of ports for thiese data >> not very efficient
        1 Byte >> Stop Data Start
    - - Address (link layer address of the frame)
      - Control > type of frame > I Information / S Supervisory / U Unnumbered
      - Flag (start)
      - Information
      - FCS
      - Flag (end)
    - - Components of PPP
        Name > Function
        PPP encapsulation Method > format used when supporting upper layer ps such as IP IPX
        LCP Link Control P > method of establishing configuring and negotiating and testing the data-link connection
        NCP Net Control P > set of Ps for establishing a connction and negotiating params for diffrent Net-layer ps
      - PPP Link Establishemnt Process
        
        Dead
        
        LInk UP >Establish
        using LCP to nego link layer parsms
        such as magic number and auth type
        
        FAIL > Dead
        
        Opened > Athenticat
        
        FAIL > Terminate
        
        SUCCESS/NONE > Network
        using the NCP to negotiate the Net Layer P
        such as IP address
        
        When Closing > Terminate
        
        1 more item...
      - PPP Frame
        
        Address
        
        Control
        
        Protocol
        
        Information
        
        Code
        
        Data
        
        Length
        
        Identifier
        
        FCS
        
        Flag
        
        Flag
      - Packet Type Used in LCP negotiation
        using PacketTypes to Negotiate link layer
        Configure-Request
        Configure-Ack
        Configure-Nck
        Configure-Reject
        Common Link Params of LCP Negotiations
        PArameter (Default)
        MRU Maximum Recieve Unit (1500) > total len of the into and padding field for the ppp frame
        Authentification Protocol (No Auth) > used by the peer
        Magic-Number (Enable) > generated randomly used for link-loop detection
        LCP Link Parameter Negotiation
        successful PPP negotiations result in a Configure-Ack reply to a Configure-Request packet
        Configure-Nak packets are generated where params are recognized but not all are accepted
        Configure-Reject packets are generated where not all params are recognized by the peer
      - PPP Authentification Modes
        
        PAP
        one side Router B is authenticated and the other side Router B is the Authenticator > Router B sends Authentication Request containing username and passwd in plaintect and Router A check and sends Authenticate Ack / if not Nak
        The Password Athentification P relies on the transmission of a passwd over the link for peer authentification
        
        CHAP
        more secure uses 3way handshake
        Router A Authenticator sends the Challenge packet tp Router B > challenge packet dosent contain any passwd > contains a sequence number which Router B will use with its passwork to md5 calculation that will be sent back as reponse to Router A to check the validity of the Encrypted passwd >> success/Failiure
        The Challenge HandShake Authentication Protocol relies on a challenge and challenge response for peer authentication
      - IPCP Address Negotiation
        
        IPCP Static Address Negotiation
        NCP dep on what kind of P is used for ip addressing soo the NCP P will be IPCP p
        soo IPCP will help us to negotiate the IP address of each Router btw each other
        The internet Protocol Control Protocol IPCP is the Network Control P NCP used for establishing and configuring IP
        
        IPCP Dynamic Address Negotiation
        sometimes IPCP can also help us to obtain t he Ip address from the remote site
  - - - PPP Basic Configuraiton
        [RT]>interface Serial 1/0/0
        [RT-Serial1/0/0]>link-protocol ppp (ppp by default)
        [RT-Serial1/0/0]>ip address 10.0.1.1 30 (for the interface)
      - Authentification
        
        Configuring PAP Auth
        Authenticator
        [RT]>aaa
        [RTA-aaa]>local-user userName password cipher passwd
        [RTA-aaa]>local user userName service-type ppp
        [RTA]>interface Serial 1/0/0
        [RTA-Serial1/0/0]>link-protocol ppp
        [RTA-Serial1/0/0]>ppp authentication-mode pap
        [RTA-Serial1/0/0]>ip address 10.1.1.1 30
        Authenticated
        [RTB]>interface Serial 1/0/0
        [RTB-Serial1/0/0]>link-protocol ppp
        [RTB-Serial1/0/0]>ppp pap local-user userName password cipher passwd
        [RTB-Serial1/0/0]>ip address 10.1.1.2 30
        Validation
        [RTB]>debugging ppp pap all
        
        CHAP Authentification
        Authenticator
        [RT]>aaa
        [RTA-aaa]>local-user userName password cipher passwd
        [RTA-aaa]>local user userName service-type ppp
        [RTA]>interface Serial 1/0/0
        [RTA-Serial1/0/0]>link-protocol ppp
        [RTA-Serial1/0/0]>ppp authentication-mode chap
        Authenticated
        [RTB]>interface Serial 1/0/0
        [RTB-Serial1/0/0]>link-protocol ppp
        [RTB-Serial1/0/0]>ppp chap user userName
        [RTB-Serial1/0/0]>ppp chap password cipher passwd
        Validation
        [RTB]>debugging ppp chap all
- - - - Packet
        
        IP
        
        Data
        
        PPP (2 bytes)
        
        TCP
        
        PPPoE (6 bytes)
        
        Ethernet (14 bytes)
        
        FCS (4 bytes)
- - - - MPLS VPN App
        
        basic Concepts and working principle of MPLS
        nowdays bicuz of the performance of the SWs Routers > are very good > we dont Need the MPLS tp help us to speed up the data forwarding / bicuz its same speedeven if we use the IP forwarding
        (CustomersHQ)VPN[CE Router(BranchOfCustomer)]<>(ISP)MPLSDomain[PE and P Routers]<>[CE Router]VPN(CustomersHQ)
        
        so now MPLS will be used in VPN application >MPLS VPN
        in the MPLS Domain > it always be the ISP where we have diffrent customers which have the requirments to communicate with their remote sites through the ISP through the internet soo they will purchase the MPLS from the ISP
        and we can use MPLS VPN to destinguish diffrent enterprises and VPNs
        
        MPLS TE Traffic Engine App
        with this tech we can control the traffic to go to use the diffrent paths , to use diffrent links
        diffrent Routes (for eample using some kind of a certralised Net) Controlled by the TE depending on links bandwidtch and reliability (larger links willl be te primaru links) which will take the bigger perccentage of the traffic > the rest is for secondary links
      - Traditional IP forwarding
        search the IP routing table and use longest mask match to find the destination and to find next hop
        Forward it to the Next hop
        same thigs for next Hops until Final Destination
        performancce of the Physical equipment is limited and IP routing table is very large >> increase the processing time of the pysical Equip
        anf For that we Introdduce the ATM cell Forwarding
      - ATM AsynchronousTransferMode cell Forwarding
        in the ATM table we dont have to care about all the destination Nets cuz packets may want to go different destinations - table dosent have to be maintained
        we just have to maintain the table with the label which helps to go to next hop > reducing the size of the table and very simple forwarding >> speding up data forwarding
      - MPLS Label Forwarding
        host <> MPLSDomain[Routers] <> oterRouters <> Host
        is like putting the IP forwarding and ATM together
        we use label to forward the data and if data have an IP header > well add new header > MPLS Header
        in MPLS Domain we dont have to check the ip header or the routing table to forward the data >> we only need the MPLS Header that contain the labels soo well only to have to search the in the MPLS label table to find the next hop [swap labls <> ingoing label >> associated outgoing label] > and forward the data >>> MPLS Lable Forwarding
        last hop in the MPLS domain >> hop remove the MPLS header and send to destination
    - - MPLS Label Format
        
        Frame Mode MPLS
        MPLS have 2 encapsulation modes
        
        cell mode
        ATM uses the MPLS cell encapsulation mode which is no t involved in this course
        
        Frame mode
        
        in the frame encapsulation mode an MPLS label header is added btw the Layer 2 header and layer 3 header of a packet
        Ethernet and PPP uses the Encapsulation Mode
        
        traditional Layer 2 Frame format
        
        IP Header
        
        Payload
        
        Frame Header
        
        MPLS Frame mode encapsulation
        
        IP Header
        
        MPLS Header - 32 bits
        
        EXP - EXP Use - 3bits
        
        S - Bottom of Stack - 1 bit
        cuz MPLS Supp multiple MPLS headers we need a way to know the Bottom the Stack - 1 for last Header / 0 not yet
        
        TTL - 8 bits
        used to prevent the loop - TimeToLive
        
        LABEL - 20 bits
        
        Frame Header
        
        Payload
        
        MPLS Label Nesting
        
        We know that we can have Multiple MPLS Headers - it supports Netsting
        
        Apps of Label Nesting
        
        2 more items...
      - MPLS Forwarding Process
        
        FEC and NHLFE
        
        FEC - Forwarding Equivalence Class
        set of data flows with certain common characteristics. Theses data flows are processed by LSR in the same way during the following Process
        FEC can be classified based on the address serviceType and QoS. For example, in the traditional IP forwarding that uses the longest matching algo, all packets to the same route are an FEC
        
        NHLFE Next Hop Label Forwarding Entry
        the NHLFE is used for label forwarding
        it contains the following basec info
        next hop of the packet
        how to preform a tag operation (including pushing a new tag popping a tag and swapping the original tag with a new tag)
        the NHLFE may contain other information, such as link layer encapsulation used for sending packets
        Example
        [RT]>display mpls 1sp include 10.2.0.0 24 verbose
        
        MPLS Forwarding
        
        Ingress Forwarding LER - 1st Router
        
        MPLS Forwarding - LSR (middle Routers)
        on the Transit node < the ILM IncomingLabelMap table and NHLFE table are quired to uide MPLS packet forwarding
        
        Egress Forwarding LER - last Router
        on the Egress node > the ILM table is quired to uide MPLS forwarding
      - MPLS control Plane and Forwarding Plane
        
        MPLS Network Model
        IP Net <> MPLSDomain[LR[RouterA] <> LSP / LSR <> LER[RouterD]] <> IP Net
        all Routers inside MPLS Somain are running MPLS PProtocol
        in this Domain we have several roles
        
        LER Label Edge Router
        in this Net we havve 2 LERs > Router A and Router D > they are at the edge of the MPLSDomain
        when we give our ip packet to the MPLS Domain to the LER > The LER oushes a label to this packet and when this ppacket is Forwarded in the MPLS Domain it will always be with a label
        
        LSR Lable Switch Router
        all the other Routers in te mdddle are are LSR Routers
        
        LSP Label Switch Path
        LSP is called a tunnel
        The path from the Source to the destination from RouterA to RouterD LERs > we call it LSP
        
        MPLS control Plane and Forwarding Plane
        
        Control Plane
        
        IP Routing Table
        IP routing table can help us to builf the IP forwarding Table
        we can regard the IP routing table and IP forwarding table as the same thing in diffrent planes
        
        Label Distribution Protocol
        we need to build the Label Forwarding Table
        bicuz in the MPLS Domain we dont wanna use the IP routing table but theLabel Forwarding table to find the Outgoing label for each hop
        
        Routing Prtocol
        help us to calculate Routes and to build the IP routing table
        
        Data/FForwarding Plane
        
        1st hop(or gate) [LER] in the MPLS Domain we recv an Incoming ip packet to (LER)
        Edge Router will recv the IP packet > then well search the IP forwarding table > there will be 2 situations
        
        this IP packet dosent have to go to the MPLS tunnel[LSP] > and it will be traditional IP forwarding NO MPLS SHIT
        
        ip packet needs to o to the tunnel (destination addres is the tunnel) and we have to give to this tunnel > push an mPLS header to this packet > and forward to it
        
        next Hop in the Tunnel Case is the LSR
        LSR recv the incoming labeled packet and then it will search the incoming Label in the label forwarding table nad it will have 2 situations
        
        if the LSR is in the middle of other LSRs > well simply swap outgoing and incoming labels and forward the packet to next hop
        
        LSR is in the edge meaning that its an LER not LSR >> we fing no incoming label matching to the incoming label we need to pop the MPLS header nd then continue to process the IP header and forward this packet outside the tunnel based on the IP routing table
- - - - Problems Faced By RSVP
        RSVP creates an end2end LSP hop by hop based on the CSPF path calculation result. The label is a local label
        HopByHop , traversing nodes maintain the status of the tunnel. Even if SDN is used > the Tunnel Status needs to be maintained
        RSVP TE configuration is complex
        Complex ECMP implementation
        8 Types of RSVP protocol packets occupy nettwork bandwidth and CPU processing
        RSVP is complex in load balanciong and needs to be configred with multiple tunnels which brings huge workload to configs and maintenance
      - Problems Faced By LDP
        we know in MPLS we have several protocols that help us to distribute the labels and LDP is one of them
        LDP depends on IGP and uses local switching to support ECMP(thats based on local label switching to support equal cost mulltiple path)> that means if we wanna run LDP we have to first run IGP protocols such as OSPF or ISIS > they mustve learned the routing table then use LDP to distribute the labels
        Disadvantages >
        LDP has 11 types of protocols packets which greatly increase link bandwidth consumption and device CPU usage
        LDP supports only the shortest IGP path *min cost( for path calculations .TE(TrafficEngineering) is not supported
    - - SR Technology
        
        Incremental SDN Net
        which is this Course Topic > SegRouting
        for this Net the existing Protocols can be expanded to achieve better smooth evolution >> soo we dont need to seperate all the control plane and forwarding planes on the Controller and NetDevice >> Controller can have part of the control planes and also the other parts of the control planes can still be on the Net Device providing the balance between centralized contro and distributed deployments
        for that it uses the Seg routing technology to provide fast interaction between the Net and upper layer applications >>> SR
        
        Revolutonary SDN Net
        Net faults in the can be rectified only when the Controller if faulty / reliability is very poor
        we use the controller as new device to seperate the forwarding plane and the control plane > control plane does not need to work on the Net device | all the control plane is working on the controller and we only need to use the Net device to forward the data and all the tables including the routing table , MPls table
        all tables are calculated and working on the controller requiring very high preformance unlike the NetDevice where we no longer need huge ressources
        But still this kind og the Net is a subVersion of the traditional Nets and not support by equipment vendors and carriers sooo for the reason INcremental SDN Network is created
        
        Traditional Net
        Control Plane + Forwarding Plane
        in Traditional Net > Control Plane and Forwarding Plane are integrated on the Network Devices
        require very high preformance of the Net Device
    - - Control Plane
        
        Routing P Extenscion - ISIS/OSPF/BGP
        
        SDN Controller - BGP_LS/PCEP/NetConf
      - Data-Forwarding Plane
        
        MPLS-SegmentLabel
        
        IPv6 - SRH Extended Header
      - Path Selection
        
        Path Computation - SPT Computation
        
        Explicit Path - Segment List
  - - - Segment
        
        An instruction that a node(Router) executes on an ingress packet
        node>oneRouter is Node | prefix>going to some dest ip > theDestination is a prefix | adjecent>we can regard it as the path
        
        Adjency Segment> Dynamically allocated by source nodes through protocols
        
        Prefix Segment> Manually configured
        
        Node Segment> Manually configured
      - SID
        
        SegID > Seg Routing Defines the destination address Prefix / Node and adjacency on the net as a seg and assigns sed IDs to these destination address prefixes / nodes abd adjencies
      - SR Domain
        
        Segment Routing Domain < indicates the set of SR nodes
      - SRGB
        
        Seg Routing global Block > local tag set reversed for a global segment. im MPLS > SRGB is a set of local labels reserved labels
      - Segmet List
        
        a sort of a set of dsetination prefix SID / node SID and adjacent SID ordered list > used to identify a complete label switching path LSP(Label Switched Path) in the MPLS architecture > segList is encapsulated in the packet header to guide forwarding
- - - - Users
    - - Internet