8/18/2019 CBT_N10-006

1/403

Welcome to Network+ N10-006

00:00:00

Welcome my friend to CompTIA's Network Pl s N10-006! "et's #et st$rted! I w$nted to t$ke $ fewmoments in t%is introd ction to c%$t wit% yo & to tell yo $ o t %ow e(cited I $m $ o t )oinin# yo

in t%is )o rney to t%e world of Network Pl s! Now& I re$li*e t%$t not e ery ody comes from t%es$me $ck#ro nd!

00:00:1,

We %$ e different le els of e(periences $nd different e(pertise! And re#$rdless of t%e re$son t%$tyo w$nt to m$ster t%is content-- m$y e it's $ )o promotion& or yo w$nt to fill in some of t%e #$ps!

e#$rdless of t%e re$son& I $m s per e(cited $ o t lo#ic$lly t$kin# yo step- y-step t%ro #% t%eentire process!

00:00:./

And $ll it's #oin# to t$ke is like 10 to 1 min tes $ d$y! And I # $r$ntee yo we're #oin# to %$ e f nin e ery sin#le N ##et! o I'm keepin# t%is intro re$lly& re$lly s%ort! And we c$n st$rt t%e tr$inin#wit% t%e ery ne(t N ##et! I %ope t%is %$s een inform$ti e for yo & $nd I'd like to t%$nk yo for

iewin#!

2escri e o ters $nd witc%es

00:00:00

As $ res lt of yo r $nd my time to#et%er& in t%is N ##et& we'll e $ le to descri e e($ctly w%$t $

l$yer 3 switc% does for $ li in# $s well $s $ l$yer . IP / ro ter! "et's e#in! I'd like yo to im$#inet%e l$st time t%$t yo were sin# $ comp tin# reso rce-- for e($mple& $ t$ let& $ p%one& $ comp ter!

00:00:1,

And ery likely& t%e c%$nces $re yo 're doin# it ri#%t now $s we t$lk to#et%er in t%is N ##et! Andw%en we oil it $ll down& t%e w%ole #ist of network or networks is to s%$re reso rces from differentde ices! And in #ener$l terms& $ de ice t%$t is pro idin# reso rces or pro idin# t%e content isreferred to $s $ ser er!

00:00:.,

o for e($mple& $ we ser er co ld ser e p we content& $n em$il ser er co ld pro ide em$ilcontent& $nd so fort%! And t%$t client piece wo ld e t%e f nction t%$t's recei in# t%$t content! 4ore($mple& $ rowser like C%rome or 4irefo( or Internet 5(plorer is pro idin# t%e client f nction $swe connect p to we ser ers w%o $re pro idin# t%e content!

00:00: ,

And if yo & like me& w%en we're le$rnin# somet%in# new& if we %$ e words or terms t%$t $re str$n#eto s& sometimes t%$t's $ $rrier to #ettin# p$st it! o w%$t I w$nt to do wit% yo in t%is N ##et ist$lk $ o t some of t%e common de ices t%$t we're ery likely to see $ll t%e time in comp ternetworks tod$y $nd ) st t$lk wit% yo one on one $ o t t%e n$mes of t%ese de ices $nd w%$t t%eydo for s in t%e network!

8/18/2019 CBT_N10-006

2/403

00:01:30

o let's st$rt off wit% t%e definition of network! W%en yo see t%e term network& w%$t I wo ldlo e yo to t%ink $ o t w%en yo %e$r t%e word network is t%ink $ o t street& ec$ se yo $nd I$re ot% f$mili$r wit% w%$t $ street is! 4or e($mple& yo r $ddress for t%e pl$ce yo li e is erylikely on $ street!

00:01:.6

And ot%er people w%o li e on t%$t s$me street wit% yo $lso %$ e t%$t street $s p$rt of t%eir $ddress!o in o r topolo#y %ere& we %$ e o ter 1& t%is little %ockey p ck-lookin# sym ol! 5 eryt%in# o er

%ere co ld e considered $s one network or one street!

00:01: 3

And t%$t wo ld incl de t%is "in ( comp ter& t%e Windows comp ter& t%is # y o er %ere too& t%isprinter& t%is ser er& $nd $ny ot%er de ices t%$t m$y e on t%$t common network! Now I'd like yo to

t%ink for $ moment $ o t t%e street t%$t yo c rrently li e on!

00:03:0

T%ink $ o t t%e n$me of t%$t street! And %$ in# $ n$me is $ ery common t%in# for $ street to %$ e!o ) st like $ street& $ network is $lso #oin# to %$ e $ n$me! And for ri#%t now& let's c$ll t%is

network& t%is street o er %ere t%$t $ll t%ese de ices $re on& let's c$ll t%$t treet N m er A! And let's$lso&

00:03:31

for t%e p rpose of disc ssion& let's c$ll t%is little street ri#%t %ere etween t%is ro ter $nd t%isfirew$ll& let's c$ll t%$t treet N m er 7! And p %ere we %$ e $ switc% $nd some p lic-f$cin#ser ers! And t%$t's ) st $ f$ncy w$y of s$yin# we %$ e some ser ers t%$t c$n e $ccessed from t%einternet!

00:03:.8

And let's s$y t%is is Network N m er C! And t%en o er %ere we'll p t Network N m er 2! And t%isnetwork etween t%is ro ter $nd t%is r$nc% office& we'll %$ e t%$t $s Network 5! And t%e network

etween t%is ro ter $nd t%e internet ser ice pro ider& we'll #o $%e$d $nd c$ll t%$t Network 4!

00:03: 3

o w%$t we're lookin# $t ri#%t %ere is $ collection of networks! And e$c% one of t%em %$s $ differentn$me& ery m c% like e$c% street %$s $ different n$me of t%e street& 5lm treet ers s 1st treet $ndso fort%! o now %ere's t%e wrinkle! "et's s$y we %$ e $ ser like 7o & w%o's sittin# $t t%isComp ter N m er 3 ri#%t %ere& $ Windows comp ter! And 7o w$nts to #o o t $nd connect to t%einternet!

00:0.:13

Well& $ny time t%$t 7o w$nts to comm nic$te wit% $ ser er t%$t's not on its loc$l network-- so7o 's on t%e loc$l network& A& $nd %e w$nts to #et o t to t%e internet& w%ic% is some differentnetwork! 7o is #oin# to need $ little %elp! And %e's #oin# to #et t%$t %elp from $ de ice c$lled $

8/18/2019 CBT_N10-006

3/403

8/18/2019 CBT_N10-006

4/403

loc$l street& we $re #oin# to %$ e to se t%e ser ices of $n IP ro ter& w%ic% c$n do t%$t forw$rdin#for s etween IP networks! And ec$ se IP $ddresses $re $ssoci$ted wit% l$yer t%ree-- t%$t's t%ecomp$rtment& if yo will& t%$t t%ey li e in-- we'll often %e$r $ ro ter referred to $s $ l$yer . de ice!T%e ne(t estion mi#%t e& well& w%$t if we're not tryin# to comm nic$te o tside of o r own loc$lstreet= o ri#%t %ere we %$ e treet A! And w%$t

00:06:1,

if Comp ter 1 $nd Comp ter 3 w$nt to t$lk directly to e$c% ot%er= Well& one of t%e $spects t%$t'str e on $n et%ernet network-- $nd t%$t's t%e most pop l$r tec%nolo#y we're sin# for %i#%-speedloc$l $re$ networks! And t%$t $cronym is "AN& w%ic% st$nds for loc$l $re$ network!

00:06:.,

T%e concept of "AN simply represents $ #ro p of de ices& or networks e en& t%$t $re in f$irly closepro(imity to e$c% ot%er $nd forw$rd tr$ffic $t ery %i#% r$tes of speed! And t%$t co ld e 10 million

its per second& w%ic% is often referred to $s et%ernet 100 million its per second& referred to $s 100me#$ its per second& w%ic% is $lso referred to $s 4$st 5t%ernet!

00:06: 9

o I'll l$ el t%ese $s 5t%ernet $nd 4$st 5t%ernet! We %$ e 1&000 me#$ its per second& w%ic% isreferred to $s #i#$ it et%ernet! And t%en we $lso %$ e 10-#i# $nd eyond $s well! o $ck %ere inNetwork A& if Comp ter 1 w$nts to t$lk to Comp ter 3& e$c% of t%ese comp ters in Network A %$s$n IP $ddress!

00:08:16

Now& p$rt of t%$t IP $ddress #i es me t%$t common street n$me-- for e($mple& A! And t%enindi id $lly t%ese comp ters will %$ e indi id $l $nd ni e IP %ost $ddresses! o m$y eComp ter 1 is $t !101 $nd Comp ter 3 is $t !103& $s $n e($mple! And for ri#%t now& we're simplyc$llin# t%is common network se#ment Network A for simplicity!

00:08:.9

And one t%in# I w$nt to s%$re wit% yo $ o t et%ernet networks is t%$t t%e network interf$ce c$rds--t%$t's t%e little network $d$pters t%$t e$c% of t%e comp ters %$s-- $nd t%e $cronym for t%$t is NIC&for network interf$ce c$rd! o t%$t's one of t%e n$mes we mi#%t refer to t%$t little $d$pter t%$tconnects t%ese comp ters to t%e network-- network interf$ce c$rd& or $d$pter& network $d$pter!

00:0,:0.

And t%ese network $d$pters %$ e t%eir own p%ysic$l $ddress t%$t's een rned in to t%ose $d$pters!4or e($mple& Comp ter 1& on its network interf$ce c$rd& let's s$y it %$s t%e $ddress of cc& ) st $s $ne($mple! And let's s$y t%$t Comp ter 3 %$s $n $ddress of dd! o t%ese $re p%ysic$l $ddresses t%$t$re rned in& if yo will& to t%e network $d$pters from t%e m$n f$ct rer!

00:0,:3.

And from t%e c$te#ory perspecti e& if we looked $t w%ere t%ese $ddresses li e $nd w%ere t%ey'rec$te#ori*ed& t%ey $re considered to e $t l$yer 3! And t%e $ct $l f$ncy n$me t%$t t%ey're #i en is $>AC-- >-A-C& pper c$se! >AC& it st$nds for medi$ $ccess control $ddress!

8/18/2019 CBT_N10-006

5/403

00:0,:/1

o on t%$t NIC& it's #ot $ medi$ $ccess control $ddress! ?owe er& it's often referred to y $ co ple ofdifferent terms! We co ld c$ll it $ >AC $ddress on et%ernet& or we co ld c$ll it $ p%ysic$l $ddress!And ec$ se t%is is $lso $ssoci$ted wit% t%is little comp$rtment c$lled l$yer 3& it's often referred to$s $ l$yer 3 $ddress! o $s $ ick re iew& t%ese two comp ters %$ e $ network interf$ce c$rd!

00:09:0,

;n e$c% of t%ose network interf$ce c$rds& t%ere's $ rned-in l$yer 3 or p%ysic$l $ddress& w%ic% c$n$lso e referred to $s $ medi$ $ccess control or >AC $ddress& t%$t t%ey c$n se $s t%ey send $ndrecei e d$t$ wit% ot%er de ices on t%is s$me loc$l network!

00:09:33

Now I'd like yo to im$#ine t%$t Comp ter 1 w$nts to comm nic$te directly wit% Comp ter 3! Andot% of t%ese de ices $re p%ysic$lly connected o er w%$t's c$lled $ switc%! Comp ter 1 is connected

to witc% N m er 1! Comp ter 3 is connected to witc% N m er 3! And t%ere's $ c$ le t%$t'sinterconnectin# witc% 1 $nd witc% 3 to#et%er! o $#$in& e eryt%in# o er %ere on t%is left-%$ndside for t%e moment is p$rt of one network!

00:09:/6

Now& foc sin# ) st for $ moment on l$yer 3& if Comp ter 1 is sendin# inform$tion into t%e switc%w%ic% is me$nt to e recei ed y Comp ter 3& t%e estion I %$ e for yo is t%is! 2o we w$nt t%$tinform$tion to e sent o t to t%e printer= ; t to t%is de ice c$lled t%e $ccess point= 2o we w$nt itsent o t to t%e ro ter= 2o we w$nt it sent o t to t%e ser er= ;r-- $nd t%is is t%e winnin# $nswer& y

t%e w$y-- do we w$nt it sent ) st o t to Comp ter N m er 3= W%o's t%e intended recipient of t%isinform$tion= And t%e $nswer is& well& if it w$s em$il& AC $ddress li es off of t%is specific port! T%e s$me t%in# wo ld %$ppen wit% Comp ter 3!Comp ter 3 wo ld e sendin# fr$mes into t%e switc%! And t%e switc% wo ld look $t t%e so rce>AC $ddress!

00:11:08

8/18/2019 CBT_N10-006

6/403

And t%e switc% wo ld t%en le$rn dyn$mic$lly t%$t Comp ter 3's >AC $ddress is re$c%$ le off oft%is port! And t%$t s$me lo#ic %$ppens o er t%is interconnection etween t%e two switc%es $s well!Now& o r end res lt& w%ic% is w%$t we're $fter %ere& is t%$t $ switc% does not ot%er $nd w$stee ery ody's time y forw$rdin# d$t$ t%$t's not needed y t%ose ot%er de ices!

00:11:36

o if Comp ter 1 sends $ fr$me of d$t$ into t%e switc%& t%e switc% is #oin# to know& o%& t%is isdestined for Comp ter 3! T%en witc% 1 will forw$rd it down t%e interconnection etween witc% 1$nd witc% 3! And witc% 3 will forw$rd it ) st directly o t to t%e port w%ere Comp ter 3 is! And itwon't ot%er $ny of t%e ot%er ports y sendin# it t%$t inform$tion t%$t w$sn't intended for t%oseot%er ports!

00:11:/8

o we co ld s$y t%$t $ l$yer 3 switc%& w%ic% is de$lin# wit% >AC $ddresses& w%ic% $re $lsosometimes c$lled p%ysic$l $ddresses $nd@or $lso c$lled l$yer 3 $ddresses on $n et%ernet network& weco ld s$y t%$t $ l$yer 3 switc% is m$kin# forw$rdin# decisions $sed on t%$t l$yer 3 inform$tion& int%e c$se of Comp ter 1 $nd Comp ter 3& only forw$rdin# $ fr$me of d$t$ w%ere it needs to #o $ndnot sendin# it e eryw%ere else!

00:13:1/

o if we do $ little comp$rison %ere etween switc%es $nd ro ters-- so %ere o r de ice is #oin# to e$ l$yer 3 switc%! T%e l$yer 3 switc% is m$kin# forw$rdin# decisions $sed on l$yer 3 $ddresses! And%ere is w%$t I'd like yo to do ri#%t now! ;n et%ernet& I'd like yo to #i e me $ co ple of terms t%$twe refer to w%en t$lkin# $ o t t%ese l$yer 3 $ddresses on et%ernet! C$n yo remem er t%e n$mes=And I'll #i e yo $ moment ri#%t now to t%ink $ o t t%e l$yer 3 $ddresses $nd t%e n$mes for t%ose$ddresses!

00:13:/3

?B>>IN D5;PA 2EF T?5>5 >B ICG 4$de o t t%e Deop$rdyF m sic! ;

8/18/2019 CBT_N10-006

7/403

And since we're r nnin# o t of IP / $ddresses& we $re ein# p s%ed& $s $ pl$net& slowly tow$rds t%ese of IP 6 ec$ se t%ere's more IP 6 $ddresses $ $il$ le! o t%e l$yer 3 switc% m$kes forw$rdin#

decisions $sed on l$yer 3 $ddresses! A l$yer . ro ter is m$kin# forw$rdin# decisions $sed on IPnetwork $ddresses!

00:1/:09

And I' e #ot one more estion for yo ! W%$t if someone m$de $ o( like t%is& $nd t%ey %$d littleports so we co ld connect into it& $nd t%is m$#ic$l o( w$s $ le to do l$yer . ro tin# $sed on IPnetworks $nd forw$rdin# $sed on IP $ddresses $s well $s doin# l$yer 3 forw$rdin# $sed on >AC$ddresses= W%$t kind of $ n$me wo ld we #i e to t%is m$#ic$l o(= And I %$ e $ propos$l!

00:1/:./

I propose t%$t we #i e t%is o( t%$t c$n do l$yer 3 forw$rdin# $s well $s l$yer . forw$rdin#& Ipropose we c$ll it $ m lti-l$yer o(! Now& t%e term m lti-l$yer o( doesn't so nd t%$t #l$moro s&so I s ppose we c$n eit%er c$ll it m lti-l$yer switc%@ro ter& w%ic% wo ld e liter$lly w%$t it is!

00:1/: 6

?owe er& %ere's w%$t t%e ind stry c$lls t%is o( w%ic% %$s t%ose fe$t res inte#r$ted! T%ey simplyc$ll it $ m lti-l$yer switc% ec$ se it c$n do t%e work $t l$yer 3 $sed on >AC $ddresses $nd it c$ndo t%e work $t l$yer . $sed on IP $ddresses! In t%is N ##et& we' e identified t%e $sic f nctions of$ l$yer 3 switc%-- t%$t's t%ese # ys ri#%t %ere-- $s well $s $ l$yer . ro ter& wit% t%e l$yer 3 switc%m$kin# forw$rdin# decisions $sed on l$yer 3 inform$tion s c% $s >AC $ddresses& $nd $ ro term$kin# forw$rdin# decisions $sed on IP inform$tion& s c% $s IP network $ddresses!

00:1 :3,And we' e $lso come p wit% $ term t%$t we c$n se for $ sin#le o( t%$t %$s t%e $ ility to do l$yer3 switc%in# $nd l$yer . ro tin#& $nd we're c$llin# it $ m lti-l$yer switc%! o %ere's o r $ction itemsfor t%is N ##et! Two t%in#s-- n m er one& I'd like yo to te$c% some ody $ o t l$yer 3 switc%es$nd IP l$yer t%ree ro ters $nd w%$t t%ey do!

00:1 :/,

Now& yo mi#%t t%ink& well&

8/18/2019 CBT_N10-006

8/403

And one of t%e $m$*in# t%in#s t%ey %$d w$s t%is c$t$p lt! T%ey %$d t%is % #e c$t$p lt& $nd t%eywere doin# demonstr$tions! o t%ey lo$din# p t%e c$t$p lt $nd firin# it& $nd w%$te er t%ey s%ot int%e $ir& of co rse& comes $ck down d e to #r$ ity! And n eknownst to me& $s we $re w$lkin# pt%ere $s $ f$mily tow$rds t%is c$t$p lt& t%ey were ) st l$ nc%in# somet%in# $s we were w$lkin# pto it!

00:00:/3

And $s I s$w t%is o )ect p in t%e $ir $nd t%en comin# down& I t%o #%t it w$s comin# ri#%t down $tmy kids! And so w%$t is $ f$t%er to do& ri#%t= I ) st r n $t t%e kids& owl t%em o er to #et t%em o tof t%e w$y $nd to protect t%em wit% my own life if necess$ry!

00:00: ,

Now $s it t rns o t& it w$s $ pine cone! T%$t re$lly wo ldn't %$ e done $ w%ole nc% of d$m$#e!And secondly& it didn't e en drop w%ere t%ey were! 7 t my kids $nd my wife& to t%is d$y& %$ e $re$lly #ood l$ #% $ o t it e ery time t%ey t%ink $ o t d$d tryin# to protect t%e f$mily!

00:01:13

In o r %i#% speed networks tod$y& we $lso %$ e de ices t%$t $re o t t%ere to ote n ote protectt%e f$mily! And one of t%ese de ices is known $s $ firew$ll! Now if yo ' e e er seen NA CA or$ny kind of c$r r$ce& yo 're pro $ ly $lso $w$re t%$t t%e dri er sits in one p$rt of t%e c$r w%ile t%een#ine is in $ different p$rt of t%e c$r& $nd t%en t%ere's $ firew$ll etween t%em!

00:01:..

And t%$t's t%ere to protect t%e dri er in one p$rt of t%e c$r from t%e en#ine in t%e ot%er p$rt of t%ec$r in t%e e ent t%$t t%ere's $ fire! And so t%is icon ri#%t %ere represents $ firew$ll! And one of t%ew$ys I like to t%ink of $ firew$ll is y t%inkin# of N$ncy e$#$n's policy re#$rdin# dr #s& $nd t%$tw$s& ) st s$y no!

00:01: /

A firew$ll's $ttit de re#$rdin# tr$ffic t%$t is tryin# to come in from t%e o tside is& #ener$llyspe$kin#& $ policy of no& me$nin#& no& tr$ffic c$nnot come in from t%e o tside! Now we mi#%t m$kesome e(ceptions for t%$t #ener$l r le! 4or e($mple& if we %$ e $ co ple of p lic f$cin# weser ers ri#%t %ere& we mi#%t poke $ co ple of %oles inside t%is firew$ll to $llow tr$ffic ) stspecific$lly for t%ose ser ices on t%ose ser ers& so t%$t Do%n& or Dill& or some ot%er ser on t%einternet co ld #et $ccess to t%ose reso rces on t%ose ser ers!

00:03:3/

7 t t%$t's it! And we're #oin# to limit it down to t%e ery minim m& t%e r le of le$st pri ile#e t%$t'sre ired for t%ose sers to #et w%$t t%ey need from t%ese ser ers! Anot%er ery common pr$ctice isto c%op p o r network se#ments into $re$s! 4or e($mple& t%is $re$ %ere e%ind t%e firew$ll& wem$y consider t%is t%e inside!

00:03:/.

And if t%ere's m ltiple networks %ere& t%ose wo ld e t%e inside networks! And t%en t%is $re$& w%erewe %$ e some ser ers w%ic% we e(pect t%e p lic from t%e o tside to e $ le to re$c%& we m$y c$ll

8/18/2019 CBT_N10-006

9/403

t%$t t%e 2>H& w%ic% is $n $cronym t%$t st$nds for t%e 2emilit$ri*ed Hone!

00:03: 9

o t%ese reso rces $ren't sittin# on t%e inside! And networks t%$t lie o tside of o r control orper%$ps $re ntr sted& we often refer to-- from $ sec rity perspecti e $nd from $ firew$ll

perspecti e-- we consider t%em to e t%e o tside! o we co ld %$ e $n inside *one& if yo will& $2>H& $nd $n o tside!

00:0.:18

And t%e internet& from most c stomers' perspecti es& is $ sol tely representin# t%e o tsidenetworks& t%e le$st tr sted or ntr sted networks t%$t t%ey need to e especi$lly c$ref l $ o t!Anot%er i# trend t%$t's %$ppenin# wit% firew$lls is somet%in# c$lled BT>& w%ic% st$nds forBnified T%re$t >$n$#ement!

00:0.:.8

And I'm #oin# to #i e $ s%o t o t to two of my f$ orite endors for nified t%re$t m$n$#ement& $ndt%ose $re P$lo Alto $nd C%eckpoint! T%ey ot% do $n $ sol tely f$ lo s )o $t w%$t t%ey'redesi#ned to do! And wit% nified t%re$t m$n$#ement& we c$n e lookin# for $ lot of t%in#s!

00:0.: 3

4or e($mple& we w$nt to e $w$re $nd stop $ny time person$lly identifi$ le inform$tion& or PII&t%in#s like oci$l ec rity n m ers& indi id $l's $nk c$rd inform$tion-- we wo ld like to m$kes re we see t%$t $nd stop it efore t%$t inform$tion is le$ked o t into t%e internet or to ot%er

ntr sted networks!

00:0/:10

o $ nified t%re$t m$n$#ement system wo ld %$ e t%e $ ility to identify t%$t type of tr$ffic $ndstop it efore it #ets o t! And t%$t's $lso $ form of 2"P& w%ic% st$nds for 2$t$ "oss Pre ention! Wec$n $lso set p c$te#ories for we sites t%$t we don't w$nt o r sers to #o to!

00:0/:36

4or e($mple& I t%ink one t%$t we c$n $ll $#ree on wo ld e %$te we sites! We s%o ld ne er $llowo r c stomers to e #oin# to %$te- $sed we sites! o we c$n set p $ c$te#ory on o r nified t%re$t

m$n$#ement system so t%$t if sers $ttempt to #o to $ %$te- $sed we site& it c$n e pre ented $lon#wit% $ little mess$#e indic$tin# to t%$t ser& %ey& y t%e w$y& o r $ccept$ le se policy for t%enetwork is t%$t yo 're not $llowed to #o to t%ese types of we sites!

00:0/: 0

o we're simply #oin# to s$y %ere& no %$te! We $lso m$y ery well %$ e some policies in pl$ce t%$tpre ent o r sers from #oin# to t%e opposite of %$te& lo e& $nd some lo e respecti e we sites $swell! It $ll depends on o r corpor$te policy! 7 t $ $re minim m& t%e #o$l of t%e firew$ll is topre ent or stop cert$in types of tr$ffic from one network to $not%er& w%et%er it's $n o t o nd

re est or $n in o nd re est!00:0 :1

8/18/2019 CBT_N10-006

10/403

And #ener$lly& it's stoppin# indi id $ls on less tr sted networks& like t%e o tside& from #ettin# in!?owe er& it c$n $lso e sed& $s we demonstr$ted& to pre ent some types of tr$ffic from #oin# o t$s well! And #ener$lly spe$kin#& firew$lls $re pretty to #% de ices!

00:0 :39

T%ey c$n t$ke $ e$tin#& so t%$t w%en t%ey're connected to networks s c% $s t%e internet& w%ic% m$y%$ e t%o s$nds or % ndreds of t%o s$nds of $tt$cks ein# $ttempted $t o r network& t%$t firew$llneeds to %$ e t%e stren#t% $nd ro stness to %$ndle it $ll $nd not #o elly p in $ fl$me of smoke

ec$ se it w$s o erlo$ded tryin# to defend t%e network!

00:0 :/8

o I'd like yo im$#ine t%is firew$ll is s$yin#& yes& for specific tr$ffic from t%e internet if it's #oin#to t%e we ser ices on one of t%ese two we ser ers! And $s sers st$rt to se t%ese we ser ers& t%epop l$rity of o r we ser ers #row! o we do is we $dd some more ser ers& so m$y e we %$ e si(we ser ers $ll connected to t%is switc% on t%is 2>H portion of o r network!

00:06:10

;ne of t%e c%$llen#es we %$ e is if we %$ e t%o s$nds of sers on t%e internet w%o $re $ccessin#t%ese we sites& $nd for o r e($mple& let's s$y t%$t $ll of t%ese ser ers %$ e t%e e($ct s$me contenton t%em& %ow do we m$ke s re t%$t we %$ e $ nice& e en $l$nce of lo$d $cross $ll t%ese ser ers=4or e($mple& we do not w$nt to %$ e t%is # y pe##ed $t 100 tili*$tion $nd %$ e t%is # y o er%ere sittin# $ro nd $t 3 ! T%is % #e im $l$nce etween t%e tili*$tion etween ser er one $ndser er si( is likely to c$ se some pro lems ec$ se c stomers connected to ser er one m$y #et $

ery slow response or m$y e e en some timeo ts w%ile sers connected to ser er si( $re likely to%$ e $ #ood response!

00:06:/8

o it wo ld e etter if we %$d& for e($mple& $ 30 lo$d $cross $ll t%e ser ers to #i e $ll of o rc stomers #re$t responses! Well& one w$y of $ccomplis%in# t%$t& to %elp distri te t%e lo$d moree enly $cross t%eir ser ers& is to se $ lo$d $l$ncer! Now to implement $ lo$d $l$ncer& we'd w$ntto #o $%e$d $nd t$ke one!

00:08:0

We co ld lo#ic$lly p t in o r network etween t%e firew$ll $nd t%e ser ers t%$t we %$ e! "et's s$ywe %$ e si( ser ers to pl$y wit%! T%ey $ll %$ e t%e s$me we content on t%em! And t%is de iceco ld e eit%er $ p%ysic$l de ice or $ irt $li*ed de ice! o t%is is o r "7& s%ort for "o$d 7$l$ncer!

00:08:31

And two ery pop l$r fl$ ors of lo$d $l$ncers t%$t $re o t t%ere tod$y incl de 4 & w%ic% is notonly t%e n$me of t%eir comp$ny& t it $lso %$ppens to e $ key $lmost e ery ody's key o$rd! o 4m$kes $ prod ct for lo$d $l$ncin#! And $not%er ery pop l$r lo$d $l$ncin# de ice is c$lled t%eNet c$ler!

00:08:.,

And t%e Net c$ler is m$de y $ comp$ny c$lled Citri(! o w%$t we co ld do-- on t%is lo$d $l$ncer&

8/18/2019 CBT_N10-006

11/403

we'd %$ e some type of $ irt $l ser er t%$t represents $cme!com! o let's s$y t%is iswww!$cme!com& $nd w%ene er sers on t%e internet #o to www!$cme!com& t%ose p$ckets $re ro tedto t%is lo$d $l$ncer!

00:08: ,

And t%en on t%e lo$d $l$ncer& we c$n set p t%e lo$d distri tion met%od! We co ld s$y ro ndro in! 4or e($mple& wit% ro nd ro in& if we %$ e ser one t%$t m$kes $ re est to $cme!com forwe ser ices& t%$t re est is $lloc$ted to ser er one! If we %$ e re est n m er two from $not%er

ser t%$t #oes to $cme!com& t%$t re est #oes o er to ser er n m er two!

00:0,:18

And re est n m er t%ree t%$t #oes to $cme!com& t%$t one is pro(ied o er to ser er n m er t%ree$nd so fort%! And t%$t wo ld e $n e($mple of ro nd ro in lo$d $l$ncin#! And t%ere's lots ofdifferent mec%$nisms we co ld %$ e t%is lo$d $l$ncer se to determine w%ic% ser er to send t%ere est to!

00:0,:..

It co ld e on t%e le$st n m er of connections& $nd t%ere's do*ens of ot%er $ri$ les t%$t we c$n se$s well! 7 t t%e o er$ll #o$l is to %$ e one nified front t%$t t%e internet sees $nd t%en e%ind t%$t&m ltiple ser ers w%ere we c$n lo$d $l$nce $cross t%ose ser ers!

00:0,:/,

And t%$t %elps s to m$(imi*e t%e reso rces! Inste$d of %$ in# one ser er t%$t's $t 100 tili*$tion$nd fi e ser ers t%$t $re $t 0 tili*$tion& it wo ld e m c% etter to %$ e $ll of t%ese ser ers $t18 -- we'll do some ro ndin# t%ere! 18 e$c%& we're #oin# to %$ e $ m c% etter res lt for o rc stomer $s $ res lt of doin# t%is lo$d $l$ncin# $cross m ltiple identic$l reso rces!

00:09:11

In t%is N ##et& we' e descri ed t%e f nctions of $ firew$ll $s well $s $ lo$d $l$ncer in $ comp ternetwork! I %$ e %$d $ lot of f n in t%is N ##et! I'm #l$d t%$t yo )oined me for it! I %ope t%is %$s

een inform$ti e for yo & $nd I'd like to t%$nk yo for iewin#!

2escri e I2 & IP & $nd ?I2

00:00:00

In t%is N ##er yo $nd I #et to disc ss $nd descri e %ow we c$n inte#r$te intr sion detection $nd orpre ention into o r d$t$ network! "et's e#in! T%ere $re lots of potenti$l $tt$cks t%$t mi#%t ecomin# into o r network! 4or e($mple& on o r firew$ll& if we %$d permitted ) st t%e minim mre irements to $llow t%e ser 7o on t%e internet to $ccess one of o r we ser ers& is it possi let%$t in 7o 's comm nic$tion wit% t%ose we ser ers& %e co ld e sendin# m$licio s content orm$licio s re ests= And t%e $nswer is $ sol tely yes!

00:00:..

And t%e follow p estion& wo ld we w$nt to know t%$t t%$t w$s %$ppenin#& $nd wo ld we w$nt toprotect o r we ser er $#$inst t%$t m$licio s $tt$ck or m$licio s tr$ffic t%$t 7o & t%e $tt$cker& is

8/18/2019 CBT_N10-006

12/403

sendin#= And I t%ink in most c$ses t%e $nswer is yes! Now& endors %$ e come p wit% some re$lly$m$*in# sol tions to %elp s identify $nd pre ent t%ose $tt$cks from #ettin# t%ro #% o r network&$nd one ide$ w$s t%is!

00:00:

4or e($mple& we co ld t$ke one of t%ese switc% ports %ere on t%e switc%& connect $n I2 system toit& w%ic% is $n $cronym for Intr sion 2etection ystem& $nd t%en we co ld tr$in t%is switc% to t$ke$ll t%e tr$ffic $nd replic$te it& or copy it o er to t%$t port!

00:01:11

o now& in effect& t%is intr sion detection system #ets to see $ll t%$t tr$ffic t%$t is #oin# to t%e weser ers! And t%en t%is intr sion detection system c$n se $ $riety of met%ods to identify w%et%er ornot t%e tr$ffic t%$t's #oin# to t%ose we ser ers is m$licio s!

00:01:3

4or e($mple& one of t%e met%ods is to se si#n$t res! And t%ese si#n$t res $re lookin# for tellt$lesi#ns of specific $tt$cks! o if endor E %$s 3&000 si#n$t res& t%ose si#n$t res c$n e sed tocomp$re t%e tr$ffic $#$inst in lookin# for $n $tt$ck! We $lso mi#%t %$ e $n intr sion detectionsystem lookin# for $nom$lies& $nd t%ose $nom$lies co ld e $sed on w%$t t%e norm$l tr$ffic-- fore($mple& %ow m c% $ntity $nd w%$t types $re norm$lly present-- $nd t%en $ll of $ s dden t%ere's$ flood w%ic% does not m$tc% t%e $seline& or $n $nom$ly co ld e $sed on t%e protocol itself!

00:01: 8

4or e($mple& m$y e it's $n ?TTP re est #oin# p to t%is we ser er-- y t%e w$y& ?TTP is t%el$n# $#e of lo e w%en $ we rowser is t$lkin# to $ we ser er! And m$y e one of t%e re ests t%$tis ein# m$de isn't $ $lid ?TTP re est! And it co ld e t%e $tt$cker tryin# to m$nip l$te or t$ke$d $nt$#e of %ow t%e protocol is s pposed to work y sendin# in $ o# s comm$nd!

00:03:1,

o $n intr sion detection system we %$ e t%e $ ility $sed on t%e met%ods implemented y t%eendor for detectin# t%ose intr sions& $nd t%en sendin# p red fl$#s! Now& t%e pro lem wit% $n

intr sion detection system is t%$t y itself it doesn't stop t%e $tt$ck from %$ppenin#!

00:03:./It simply $lerts s to t%e f$ct t%$t t%ere is $n $tt$ck& $nd one of t%e re$sons is t%$t t%is intr siondetection system& once it's seen t%e tr$ffic& t%$t tr$ffic is $lre$dy on its w$y to t%e ser er! T%e ide$ isit's ) st #ettin# copies of it! o t%e $cronym for $ network $sed intr sion detection system is simplyI2 !

00:03: 1

And t%en some ody re$lly sm$rt in t%e J2 dep$rtment s$id& yo know w%$t= "et's do somet%in#more t%$n ) st $lert to t%e f$ct t%$t t%ere's $n $tt$ck %$ppenin#! "et's #o $%e$d $nd pre ent it from

#ettin# to its fin$l destin$tion! And t%$t's c$lled network $sed intr sion pre ention system& or IP !00:0.:08

8/18/2019 CBT_N10-006

13/403

And t%ere's m$ny w$ys t%is co ld e implemented! ;ne w$y wo ld e to disconnect t%e firew$llfrom t%e switc%! o t%is c$ le %ere we'd %$ e #o o er to o r IP de ice& $nd t%is IP de ice co ld

e eit%er $ p%ysic$l $ppli$nce& or it co ld e $ irt $l de ice r nnin# in $ irt $li*ed en ironment!

00:0.:3.

And t%is IP de ice wo ld %$ e two interf$ces! Anot%er interf$ce wo ld #o p %ere $s well! o now$ll t%e tr$ffic etween t%e firew$ll $nd t%e switc% %$s to #o t%ro #% t%e IP ! o we co ld se t%es$me met%ods for detectin# t%e $tt$ck& w%et%er it's si#n$t re $sed& $nom$ly& protocol iol$tion& etceter$!

00:0.:/0

7 t t%is time if t%e IP sees t%e $tt$ck& it c$n s$y& w$it $ second& I t%ink t%$t's $ $d ide$! I'm notlettin# t%ose p$ckets contin e $nd m$ke it $ll t%e w$y p to t%e ser er! o effecti ely we're stoppin#t%e $tt$ck ri#%t %ere $t t%e IP $ppli$nce& $nd not $llowin# t%e $tt$ck to #et to t%e ser er-- %ence t%econcept of intr sion pre ention system!

00:0.: ,

We're pre entin# t%e $tt$ck from m$kin# it $ll t%e w$y to its t$r#et! Now& I'd like yo $nd I to p t ono r e(ec ti e %$ts for $ moment $nd im$#ine t%$t yo $nd I own t%is comp$ny& $nd we'reresponsi le for it! Now& if some endor c$me in $nd s$id& %ey& we'd like to #i e yo $n intr sionpre ention system& $nd it's free& w%$t wo ld we s$y= Well& first of $ll we'd w$nt to m$ke s re itworks $nd we're not ein# $tt$cked y t%$t de ice& t secondly& if it doesn't cost s $ny money&$ sol tely!

00:0/:3.We'd $lw$ys w$nt t%$t! 7 t of co rse t%e re$lity $nd t%e c%$llen#e is t%$t $ de ice is #oin# to costmoney! In f$ct& $ network $sed intr sion detection system& or $n intr sion pre ention system&dependin# on %ow it's implemented& co ld e in t%e tens of t%o s$nds of doll$rs!

00:0/:.8

?owe er& in o r en ironment let's s$y we %$ e one we ser er-- let's s$y it's ser er n m er one& $ndwe only re$lly need to protect t%$t one ser er! We don't need to protect $n entire network of de ices&

) st one ser er! >$y e we decide to do t%e intr sion detection sl$s% pre ention in softw$re r nnin#on t%$t ser er!

00:0/: /

And so if we %$ e softw$re t%$t is $ctin# $s intr sion pre ention or intr sion detection r nnin# on ) st t%$t ser er& we refer to t%$t $s $ %ost $sed intr sion detection sl$s% pre ention system& $nd t%e$cronym is ?I2 ! o it re$lly s%o ld e ?I2P & t %ow t%e %eck $re yo #oin# to prono nce t%$t=

o $n intr sion detection sl$s% pre ention system t%$t r ns $s softw$re on $ critic$l reso rce like $ser er is referred to $s ?I2 -- ?ost 7$sed Intr sion 2etection ystem!

00:0 :3/

And if we t$ke t%is concept of intr sion detection sl$s% pre ention one step f rt%er& w%y notinte#r$te it in de ices t%$t $re $lre$dy in o r network= 4or e($mple& m$y e we'd inte#r$te t%e

8/18/2019 CBT_N10-006

14/403

intr sion detection sl$s% pre ention system into $n e(istin# ro ter& $nd m$ny endors %$ e t%$tf nction$lity!

00:0 :.9

;r e en etter yet& w%y not inte#r$te t%$t f nction of t%e I2 @IP & dependin# on w%ic% w$y we

w$nt to #o& inside of o r nified t%re$t m$n$#ement system! 4or e($mple& P$lo Alto $nd C%eckpointot% %$ e t%ose fe$t res t%$t yo c$n p rc%$se $s inte#r$ted components of t%eir firew$ll systems!

00:0 :

And from $n e$rlier N ##et we disc ssed t%$t BT> st$nds for Bnified T%re$t >$n$#ement& $nd it's$ re$lly cool term t%$t's sed to identify $ firew$ll t%$t %$s $ o$tlo$d of ser ices! 4or e($mple&

esides ) st filterin# of tr$ffic& we co ld $lso $dd on top of t%$t intr sion pre ention or detectionser ices $s p$rt of t%$t s$me de ice on o r network!

00:06:1

In t%is N ##et we %$ e identified t%e p rpose of $n intr sion detection or pre ention system& $nd%ow it co ld e implemented in o r network! I $ppreci$te yo )oinin# me for t%is N ##et! I %opet%is %$s een inform$ti e for yo & $nd I'd like to t%$nk yo for iewin#!

2escri e >odems& ? s& $nd KPN Concentr$tors

00:00:00

In t%is N ##et& yo $nd I #et to t$ke $ look $t $ co ple older tec%nolo#ies t%$t we won't see toom c% $nymore in c rrent networks& $s well $s $ newer one wit% KPN concentr$tors! "et's e#in!

7$ck in t%e 19,0s& w%en I first e#$n my networkin# c$reer& t%e internet& it still e(isted& t it w$snot%in# like it is tod$y!

00:00:18

It w$sn't re$lly $ $il$ le to e ery ody $ck in t%e ',0s! o we %$ e $ ser like 7o & w%o norm$llysits $t t%is comp ter $nd t%en $ccesses t%e file ser er $s $ reso rce %ere! If 7o #oes %ome $nd now%e's sittin# $t %is %o se-- so t%is is 7o 's %o se-- %ow c$n 7o #et $ccess to t%ose s$me reso rceswit%o t %$ in# to dri e in= And one of t%e $nswers $ck in t%ose e$rly d$ys w$s to se $not%erclo d& e(cept t%is clo d w$s c$lled t%e P TN& w%ic% st$nds for t%e P lic witc%ed Telep%one

Network!00:00:/,

o 7o 's %o se %$d $ telep%one line! And t%is w$s $n $n$lo# circ it to t%$t p%one! o 7o picks pt%e p%one! T%ere's di$l tone! And it's $n $n$lo# si#n$l from %is p%one $nd from %is %o se to t%e ed#eof t%e network! Well& nfort n$tely& 7o 's comp ter is not $n $n$lo# de ice!

00:01:0/

It's di#it$l! o %ow in t%e world do we #et $ di#it$l de ice to comm nic$te $cross $n $n$lo#network= And t%e $nswer is we need to #et $ tr$nsl$tor! And t%$t tr$nsl$tor %$s $ n$me c$lled $modem! And modem itself is $ s%ortc t of two different words-- of mod l$tor $nd demod l$tor !

00:01:31

8/18/2019 CBT_N10-006

15/403

?owe er& yo $nd I c$n ) st t%ink of $ modem $s $ tr$nsl$tor etween di#it$l $nd $n$lo#& twodifferent types of si#n$lin#! o 7o 's PC wo ld %$ e $ c$ le t%$t connected to t%e modem! Andt%ere wo ld e $not%er connection on $ modem for t%e p%one connector!

00:01:./

And t%$t's %ow 7o co ld connect %is comp ter to t%e p lic switc%ed telep%one network! And ofco rse& t%e %e$d $rter site wo ld %$ e $not%er little modem %ere& or it co ld e $ $nk of modemsoftentimes t%$t wo ld e inte#r$ted into $ line c$rd on t%is ro ter!

00:01:/8

And t%en t%is ro ter co ld e referred to $s $ Network Access er er& or NA for s%ort! ometimesit's $lso referred to $s NA2 for Network Access 2e ice! It simply me$ns t%$t w%en 7o w$nts toconnect to t%e corpor$te network& %is PC connects to $n $n$lo# modem& w%ic% $llows $ circ it$cross t%e p lic switc%ed telep%one network to connect to t%e modem $nd network $ccess ser er&$nd #i e %im $ccess into t%e network!

00:03:10

o $n $n$lo# modem is somet%in# t%$t I %$ en't person$lly sed in pro $ ly o er $ dec$de!?owe er& $s $ $ck p sol tion or $n $ltern$te met%od to re$c% o r #e$r t%$t we need to m$n$#e& westill m$y %$ e some $n$lo# modems in pl$ce tod$y! 7 t if t%ey're t%ere& t%ey're r$rely sed!

00:03:3

And t%e so nd t%$t $n $n$lo# modem m$kes $s it's ne#oti$tin# $nd est$ lis%in# $ connection so ndsomet%in# like t%is! ;BN2 ;4 >;25> 2IA"IN G And on yo r sm$rtp%one& if yo c rrently

se t%$t $s t%e rin# tone for yo r sm$rtp%one-- rot%er& it's me-- ec$ se I t%ink t%$t is re$lly& re$llyf n!

00:03: 6

Anot%er t%row $ck to $ different time is t%e % ! And nfort n$tely& % is not $n $cronym for$nyt%in#! It's ) st $ word-- % ! And one of t%e t%in#s $ o t % s is t%$t t%ey look $ lot likeswitc%es! o for e($mple& if we were to repl$ce t%ese l$ els wit% % -- % 1 $nd % 3-- $nd wec%$n#ed t%e icon on t%e top to represent $ % & to t%e end sers on t%is network t%$t isn't ery sy&t%ey m$y not notice t%e difference!

00:0.:3.

?owe er& e%ind t%e co ers& t%e det$ils of t%e % is si#nific$ntly different! In o r e$rlier N ##etwe took $ look $t switc%es $nd %ow switc%es m$ke forw$rdin# decisions $sed on l$yer-3$ddresses& s c% $s >$c $ddresses on $n et%ernet network! Well& $ % is not t%$t sm$rt!

00:0.:.9

It's not $s sm$rt $s $ switc%! And it doesn't %$ e $ny cl e t%$t t%ere's $ny s c% t%in# $s $ l$yer-3$ddress! o t%e % & if we're #oin# to comp$rtment$li*e its f nction$lity& it is considered $ l$yer-1

de ice& ec$ se $ll t%e % does it recei es its in on $ port $nd it simply repe$ts t%em on t%e ot%erports!

8/18/2019 CBT_N10-006

16/403

00:0/:00

o in o r topolo#y %ere& if t%ese two de ices were % s& $nd comp ter 1 sends inform$tion o t intot%e network& t%e % is somet%in# I c$n send it e eryw%ere-- I'll send it to t%e printer& I'll send it tot%e $ccess point& I'll send it to t%e ro ter& I'll send it down to % 3& I'll send it o t to t%e intern$lser er& $nd I'll send it o t to t%e comp ter!

00:0/:16

And nfort n$tely& if t%$t mess$#e w$s only for one de ice& $ll t%e ot%er de ices %$d to w$ste $ littleit of time $nd lookin# $t t%ose si#n$ls t%$t were comin# in! And $not%er mmer $ o t $ % is

t%$t only one de ice c$n comm nic$te on t%e network $t $ny #i en time if we're sin# $ % !

00:0/:.3

And t%e re$son for t%$t is ec$ se t%e si#n$l is sent e eryw%ere! In $ switc%ed en ironment& w%erewe %$ e t%ese si#n$ls ein# sent from one port to $not%er specific port& it's possi le to %$ e m ltiple

comm nic$tions %$ppenin# sim lt$neo sly! ?owe er& in $ % & it's one person only #ettin# to t$lk $t$ny #i en time!

00:0/: 0

o $ % is $ l$yer-1 de ice! It kind of p%ysic$lly looks like $ switc%& ec$ se it %$s ports like $switc%& t it $cts $nd smells like $ d m repe$ter! T%$t's ec$ se $t l$yer 1 it's ) st repe$tin#w%$te er it %e$rs come in on one port& it repe$ts t%ose si#n$ls on e ery ot%er port!

00:0 :08

o for t%ose re$sons& we r$rely& if e er& se % s in o r prod ction networks! Inste$d& we se $l$yer-3 de ice c$lled $ switc% t%$t's more intelli#ent! Now& in t%e 31st cent ry& if we %$ e $ ser like7o w%o is norm$lly sin# t%is comp ter %ere& t %$ppens to %$ e #one %ome some e enin# or is%ome for t%e weekend& $nd now %e's $t %is %o se& it's ery likely t%$t 7o 's %o se is connected tot%e internet!

00:0 :.1

And t%$t co ld e t%ro #% c$ le modem o r 2 "& or some ot%er %i#%-speed mec%$nism! And tod$yit's ery likely t%$t if 7o needs $ccess to t%e corpor$te reso rces& for e($mple& t%is intern$l ser er&

it's ery nlikely t%$t 7o 's #oin# to se $n $n$lo# modem to connect w%en %e %$s %i#%-speedinternet connecti ity $lre$dy in pl$ce!

00:0 :/9

Now& %ere's t%e c%$llen#e! 5 en t%o #% Acme Incorpor$ted is connected $t $ %i#% speed to t%einternet& $nd so is 7o & we don't w$nt to send tr$ffic o er t%e internet n$ked& me$nin# pl$in te(t& notencrypted& ec$ se if we do& indi id $ls or entities on t%e internet m$y e$ esdrop on o r tr$ffic $ndsee confidenti$l inform$tion t%ey s%o ldn't %$ e $ccess to& s c% $s o r sern$mes $nd p$sswords!

00:06:09

o to sol e t%$t& we're #oin# to se somet%in# c$lled $ KPN! And KPN st$nds for irt $l pri $tenetwork! And irt $l pri $te networks tod$y $re #oin# to se one of two tec%nolo#ies to implement

8/18/2019 CBT_N10-006

17/403

t%eir sec rity! ;ne is c$lled IPsec& w%ic% st$nds for IP sec rity!

00:06:38

And t%e ot%er is c$lled "& w%ic% e%ind t%e scenes $ct $lly m$y e sin# somet%in# c$lledtr$nsport l$yer sec rity! And t%e det$ils e%ind t%ese protocols t%$t $re sed $s p$rt of $ irt $l

pri $te network we'll s$ e for $not%er N ##et! And $s 7o ilds $ irt $l pri $te network from %isPC $t %is %o se o er to t%e corpor$te reso rces& t%$t KPN t nnel %$s to termin$te or end $t somepoint!

00:06:/,

And one of o r options is to se $ KPN concentr$tor& w%ic% is $ de ice t%$t we co ld implement!And it's ery likely #oin# to e on o r 2>H of o r network! And t%en w%en 7o ilds t%oseconnections& we co ld termin$te to t%$t KPN concentr$tor& so t%$t w$y ot%er employees like "ois$nd $lly& $nd

8/18/2019 CBT_N10-006

18/403

wit% $n$lo# modems& ildin# connections o er t%e p lic switc%ed telep%one network to #et$ccess to corpor$te reso rces! And tod$y& we're #oin# to see ery little& if $ny& $n$lo# modems!

00:09:03

7 t inste$d& we'll see %i#%-speed connecti ity to t%e internet $nd t%en sin# t%e tec%nolo#ies of

IPsec or " to ild irt $l pri $te networks o er t%e internet to o r corpor$te loc$tions for t%eenefit of t%e confidenti$lity t%$t t%$t KPN rin#s for s& $s we send o r tr$ffic o er t%e p lic

internet!

00:09:30

In t%is N ##et& we' e disc ssed $ co ple of old tec%nolo#ies& incl din# $n$lo# modems $nd % s&w%ic% we don't se too m c% $nymore& $s well $s $ more c rrent implement$tion of remote $ccess!And t%$t is y sin# some type of $ KPN concentr$tor to termin$te o r remote $ccess& KPNsessions& comin# in from t%e internet!

2escri e P$cket %$pers& Content 4ilters& $nd APs

00:00:01

In t%is N ##et& we #et to disc ss p$cket s%$pin#& content filterin#& $nd t%e role t%e $ccess pointpl$ys in o r networks tod$y! "et's e#in! I %$d $ friend once tell me t%$t t%e %$rder %e worked $ndt%e more prep$red %e w$s& t%e l ckier %e w$s& w%ic% tr$nsl$tes into& if yo 're prep$red $nd yo work%$rd& it's ery likely t%$t etter t%in#s $re #oin# to %$ppen to yo t%$n if yo didn't work %$rd $nddidn't prep$re!

00:00:3

And I'd like to $pply t%$t concept to t%is link ri#%t %ere in o r network& w%ic% is connectin# o ter3 from o r corpor$te %e$d $rters o er to $ r$nc% office! T%ey' e #ot $ sm$ll ro ter o er t%ere!And for t%is link& t%is looks like kind of $ li#%tnin# olt!

00:00:.,

T%is is $ represent$tion of $ Wide Are$ Network connection! >$y e "$s Ke#$s is w%ere o r%e$d $rters is& $nd m$y e t%is r$nc% office is in eno& Ne $d$! o $ Wide Are$ Network pro iderw%o %$s t%$t connecti ity is rentin# to s or le$sin# to s t%$t Wide Are$ Network ser ice!

00:00: 6

And t%$t's often referred to $s WAN& Wide Are$ Network! eo#r$p%ic$lly sep$r$te loc$tions $res $lly connected $t moder$tely slow speeds! o o er %ere $t AC>5 on t%e left& we %$ e $ "oc$l

Are$ Network& or $ com in$tion of "oc$l Are$ Networks t%$t $re connected to#et%er!

00:01:11

And t%en $t t%e r$nc% office& t%ey' e #ot $ "oc$l Are$ Network o t %ere! And we %$ e $ Wide Are$Network connection t%$t's connectin# t%em to#et%er! e#$rdin# prep$rin#& w%$t if t%is circ it wewere le$sin# from t%e Wide Are$ Network ser ice pro ider& w%$t if it w$s only 3 6 kilo its persecond=-- w%ic% y tod$y's st$nd$rds is pretty slow!

00:01:.3

8/18/2019 CBT_N10-006

19/403

And wit% t%is slow circ it in pl$ce& w%$t if we %$ e $ w%ole nc% of tr$ffic $ll $t once t%$t needs to#o $cross t%e circ it= >$y e we %$ e some ody in t%is r$nc% office t%$t %$s $n IP- $sedtelep%one! And t%is ser o er %ere $t t%e r$nc% office wit% t%eir IP telep%one is %$ in# $con ers$tion wit% t%is ser!

00:01:/8

And t%is ser o er %ere on Comp ter 1 is r nnin# some softw$re on t%eir comp ter t%$t $llows t%$tser to se Koice o er IP! And t%e $cronym of KoIP for Koice o er IP& is t%e concept of sin# oice

c$lls t settin# t%e d$t$ o er o r d$t$ networks! o $ck to o r scen$rio& we' e #ot t%is oice c$llt%$t's %$ppenin#!

00:03:06

"et's s$y we %$ e $not%er ser! "et's s$y it's "ois %ere! And let's s$y t%$t "ois is sendin# $ % #e filetr$nsfer etween %er comp ter $nd some ser er t%$t's o er %ere in t%e r$nc% office! And m$y ewe're sin# 4TP& w%ic% is t%e n$me of $ protocol for 4ile Tr$nsfer Protocol t%$t c$n e sed to mo efiles!

00:03:33

And we %$ e $not%er ser %ere in t%e r$nc% office! "et's s$y it's $lly& w%o w$nts to send $ print )o o er to t%e network printer $t t%e corpor$te offices! o we %$ e $ telep%one c$ll! We %$ e $ filetr$nsfer! We %$ e $ print )o ! And nfort n$tely& if t%is link is 3 6 kilo its per second& it m$y orm$y not e $ le to %$ndle $ll of t%$t tr$ffic $t once!

00:03:/3

o %ow do we de$l wit% t%$t= Well& t%e secret is to pl$n $%e$d! And w%$t we co ld do is we co ldset p some type of $ p$cket-s%$pin# met%odolo#y! o t%is m$y e referred to $s $ p$ck$#e s%$peror $ tr$ffic s%$per! And effecti ely w%$t it does& it pre-decides on %ow we're #oin# to tre$t t%is linkin t%e e ent we %$ e con#estion $nd we c$n't send e eryt%in# $ll $t once!

00:0.:01

o we co ld prioriti*e o r $pplic$tions! 4or e($mple& for Koice o er IP& w%$t %$ppens if we del$y ordrop Koice o er IP tr$ffic etween t%e two sers %$ in# t%e oice c$ll= T%e $nswer is& if we dropeno #% of t%ose p$ckets or we del$y t%em si#nific$ntly& t%e oice $pplic$tion will not work!

00:0.:19

o I wo ld consider t%e Koice o er IP $ pretty %i#% priority! Now& re#$rdin# t%e file tr$nsferprotocol& w%$t %$ppens if t%e file tr$nsfer protocol #ets del$yed $ few milliseconds or few seconds=As lon# $s t%e p$ckets $ll #et t%ere& is $nyone re$lly #oin# to notice or c$re= T%e $nswer is pro $ lynot!

00:0.:.8

And t%e s$me t%in# to e tr e for $ print )o t%$t's %$ppenin# o er t%e network! 4or e($mple& if

$lly sends $ print )o o er to t%is printer& $lly is not e en in t%$t room! o t%$t print )o co ld edel$yed& $nd no one wo ld know or c$re t%$t it #ot del$yed y $ few seconds!

8/18/2019 CBT_N10-006

20/403

00:0.: 3

o y sin# $ tr$ffic s%$per or $ p$ck$#e s%$per& t%ey're ot% synonymo s! We co ld c$te#ori*e o rtr$ffic $s f$r $s %i#% priority $nd t%en per%$ps medi m priority! And if we %$d some tr$ffic t%$t we$ sol tely did not c$re $ o t& we co ld cl$ssify t%$t $s $ low priority!

00:0/:08And t%en on t%is link& w%en p s% comes to s%o e& sin# o r tr$ffic s%$pin# we c$n #i e $ little itmore $ndwidt% to t%e Koice o er IP& $ little less $ndwidt% for 4TP $nd print )o s& wit% t%e #o$l

ein# t%$t t%e $pplic$tions t%$t need t%$t re$l-time $ndwidt% c$n #et it $nd t%e $pplic$tions t%$t c$ns r i e $ few seconds or $ few moments of del$y ery likely won't e en know t%$t it %$ppened!

00:0/:3,

o p$cket s%$pin# $nd tr$ffic s%$pin# $nswers t%e estion of& w%$t do we do w%en t%ere's noteno #% $ndwidt%& $nd %ow do we %$ndle t%$t= And $not%er term t%$t we often se for c$te#ori*in#

tr$ffic $nd t%en prioriti*in# cert$in tr$ffic o er ot%er types of tr$ffic in t%e e ent of con#estion isL $lity of er ice!

00:0/:/

o w%$te er we see t%e term Lo or p$cket s%$pin# or tr$ffic s%$pin#& I'd like yo to t%ink of nf$irtre$tment! We're tre$tin# some tr$ffic etter t%$n ot%ers in t%e e ent of con#estion w%en it %$ppenson t%e networks! And most of t%e time& t%e con#estion t%$t %$ppens is #oin# to e %$ppenin# on t%eslowest links t%$t $re fo nd in o r infr$str ct re!

00:0 :0.

In t%is c$se& it's o r WAN link etween t%e Acme "oc$l Are$ Network $nd t%e r$nc% office "oc$lAre$ Network! And t%$t p$ck$#e s%$per f nction$lity& t%$t co ld e eit%er inte#r$ted into t%ero ters& or we mi#%t %$ e sep$r$te de ices $t e$c% end t%$t $re m$n$#in# $nd controllin# t%e p$ckets%$pin# t%$t's ein# done $cross t%$t seri$l link!

00:0 :33

In o r N ##et on t%e firew$ll& we to c%ed on se er$l t%in#s t%$t firew$ll c$n do& incl din# stoppin#tr$ffic& for e($mple stoppin# tr$ffic t%$t's comin# in from t%e o tside t%$t s%o ldn't e $llowed in& $s

well $s stoppin# cert$in types of tr$ffic from #oin# o t& incl din# person$lly identifi$ leinform$tion s c% $s soci$l sec rity n m ers!

00:0 :/0

We $lso mentioned t%$t we co ld do content filterin# so t%$t if $ ser w$s tryin# to #o to $ we sitet%$t's not $llowed y policy& we c$n #o $%e$d $nd stop t%$t re est from e er m$kin# it to t%eo tside world! And I don't know if I mentioned it or not& t%e $ct $l term for doin# t%$t filterin#&

$sed on t%e type of we site or B " we're tryin# to #o to& t%$t is referred to $s content filterin#!

00:06:00

And I w$nted to m$ke s re t%$t yo $nd I %$d t$lked $ o t t%$t l$ el of content filterin# in$ssoci$tion wit% t%e f nction of stoppin# $ ser from #oin# to $ specific type of we site $sed on

8/18/2019 CBT_N10-006

21/403

policy $t o r comp$ny! o t%e content filter wo ld e $ tec%nic$l control t%$t we c$n implement toenforce o r comp$ny policy!

00:06:1,

W%$t I'd $lso like to point o t is t%$t if we $re sin# $ content filter& it co ld e $ network de ice& $n

$ppli$nce! o for e($mple& we pl$ce t%$t in o r network! o %ere's o r content filter ri#%t %ere! Andif we %$d $ firew$ll t%$t co ldn't do t%e content filterin# itself& we co ld tr$in t%e firew$ll to #o$%e$d $nd redirect tr$ffic down to t%e content filter!

00:06:.6

T%e content filter co ld rero te it $ck p to t%e firew$ll in t%e e ent it w$s $ccept$ le tr$ffic! If itw$sn't $ccept$ le& me$nin# it w$s denied y t%e policy set p in t%e content filter& t%e content filterco ld #o $%e$d $nd stop t%e tr$ffic ri#%t t%ere $nd pre ent t%em from #oin# o t to t%$t site& w%ic% ispro%i ited t%ro #% comp$ny policy!

00:06: /

;ne of t%e re$lly $m$*in# $d $ncements in t%e l$st dec$de or so is wireless wit% Wi-4i! I me$n& we%$ e rest$ r$nts wit% free Wi-4i! >ost %omes %$ e Wi-4i! >ost sinesses %$ e Wi-4i! And t%e

enefit is we c$n t$ke $ comp ter like t%is # y ri#%t %ere t%$t %$s $ ilt-in network interf$ce c$rdt%$t's sin# Wi-4i si#n$ls& w%ic% is ) st r$dio fre ency& to connect to t%e network!

00:08:16

It's ery& ery con enient! Eo don't %$ e to %$ e $ p%ysic$l wire pl ##in# s into $ switc%!?owe er& it is import$nt to know w%$t de ice on t%e network is sendin# $nd recei in# t%$t Wi-4it%$t $llows t%is c stomer to connect! And t%e $nswer to t%$t is somet%in# c$lled $n $ccess point!

00:08:.1

T%e $cronym for $n $ccess point is simply AP! And $n $ccess point wo ld #ener$lly connect into $switc%! o t%ere's $ wired connection from t%e switc% to t%e $ccess point! And t%e $ccess point isresponsi le for t%e sendin# $nd recei in# of t%ese r$dio fre encies so t%$t de ices like Comp ter .c$n $ssoci$te wit% $n $ccess point& $ t%entic$te& $nd #et connecti ity into t%e network!

00:08: .

And t%ese $ccess points %$ e lots of different fl$ ors! T%ey %$ e some t%$t foc s t%e direction oft%e r$dio fre ency si#n$l in $ cert$in direction! T%$t wo ld e $n e($mple of $ nidirection$l$ntenn$! And t%ey %$ e some t%$t simply em$n$te t%e si#n$l in $ll directions $ro nd t%em!

00:0,:0,

And t%$t wo ld e $n e($mple of $n omnidirection$l $ntenn$! And we'll co er more w%en we t$lk$ o t specific N ##ets on wireless! And in $ %ome network& it's ery likely t%$t if yo %$ e $ ro ter&t%ere's ery likely t%e $ccess point& t%e Wi-4i c$p$ ility t%$t's inte#r$ted into t%$t %ome ro ter!

00:0,:3.

o for $ %ome ro ter& it mi#%t look like t%is! We mi#%t %$ e $ connection t%$t's l$ eled WAN orInternet! T%$t's t%e one we pl # in to o r internet ser ice pro ider's #e$r! T%$t m$y e 2 "& or it

8/18/2019 CBT_N10-006

22/403

m$y e c$ le modem t%$t #oes off to t%e internet ser ice pro ider in t%e clo d& t%e internet!

00:0,:.,

And #ener$lly& t%ey %$ e fo r "oc$l Are$ Network ports! T%ese wo ld $ll e for connectin# de icesinside yo r %ome! And t%ese $re simply "$yer 3 switc% ports! o $s yo connect de ices to t%ese

ports& let's s$y we %$ e PC 1& 3& .& $nd /& e$c% of t%ese fo r comp ters %$s t%eir own >$c $ddress!00:0,: 6

T%$t's t%e "$yer 3 $ddress! And wit% t%e "$yer 3 switc%& if PC 1 $nd PC . $re comm nic$tin# wit%e$c% ot%er& $ "$yer 3 switc% only forw$rds t%ose fr$mes of d$t$ to t%e ports t%$t need t%$tinform$tion! Now $t t%e s$me time& t%is o( is $lso doin# ro tin#!

00:09:10

o it's $lso $ctin# $s $ "$yer . ro ter! 7ec$ se it's ro tin# etween t%is intern$l network w%ere yo rfo r comp ters $re $nd t%e Wide Are$ Network& or t%e WAN connection& or t%e internet connection&t%$t #oes off to t%e ser ice pro ider $nd le$ds tow$rds t%e internet!

00:09:3.

And t%e w$y we #ot st$rted on t%is w%ole disc ssion w$s t%e f$ct t%$t t%is $ccess point co ld einte#r$ted into t%is ro ter! o wit% $ntenn$e t%$t co ld e eit%er intern$l to t%is o( or e(tern$l&t%ere m$y e two& t%ere m$y e t%ree& t%ere m$y e fo r! It depends on t%e model!

00:09:.,

T%$t wo ld e $ddin# t%e $ddition$l Wi-4i c$p$ ility so t%$t inside yo r %ome yo %$ e de ices& for

e($mple 2e ice N m er & w%ic% is wireless& w%ic% wo ld now %$ e $ccess to yo r "oc$l Are$Network! 7 t inste$d of %$ in# to se $ c$ le& it's connectin# to t%e $ccess point t%$t's inte#r$ted $sp$rt of yo r %ome ro ter!

00:09: /

And for t%e ro tin# p$rt& t%ese fo r ports $nd t%is $ccess point %ere& t%ese wo ld $ll e& for e($mple&Network & ) st to l$ el it $s $n IP network! And t%en t%is port wo ld le$d off to $ differentnetwork& incl din# t%e internet! o t%e "$yer . ro tin# is done etween yo r intern$l network $t%ome $nd t%e Wide Are$ Network& or t%e internet connection& t%$t's ein# pro ided from yo r

ser ice pro ider!

00:10:1

o for e($mple& m$y e t%is is Network ? o er %ere! And t%e "$yer . ro tin# is doin# ro tin# $sedon IP $ddresses etween two IP networks! In t%is N ##et& we' e disc ssed t%e f nction of t%ree$ddition$l components in o r network& incl din# $ p$cket s%$per& content filter& $nd $n $ccess point!

2?CP Concepts

00:00:00

In t%is N ##et& yo $nd I #et to look $t t%e concepts e%ind dyn$mic %ost confi# r$tion protocol!"et's e#in! I'd like yo to im$#ine t%$t yo $nd I $re t%e network $dministr$tors $nd desi#ners of

8/18/2019 CBT_N10-006

23/403

t%is network! And w%$t yo $nd I %$ e decided is t%$t t%is network o er %ere-- t%e left-- we're #oin#to n$me it t%e 10!1!0!0 network& $nd we'll m$ke t%is $ 16- it network! Now we're #oin# to %$ e $dedic$ted set of N ##ets ) st for IP $ddressin#!

00:00:36

4or now& I'd like t%e first two n m ers %ere-- t%e 10 $nd t%e 1 in t%is e($mple-- represent t%e streetn$me& $lso known $s t%e network n m er& for o r network! o t%is network is #oin# to %$ e t%en$me of 10!1! Now one of o r c%$llen#es in t%is network is t%$t e ery de ice is #oin# to e on t%e10!1 network-- t%$t's not so to #%& t e$c% of t%ese de ices $lso needs to %$ e its own ni e %ostidentifier or %ost $ddress!

00:00: 0

And t%e %ost $ddress I'll %$ e ri#%t %ere in #reen $nd in o r network it's #oin# to e t%ese l$st twon m ers& 0!0! o m$y e t%is comp ter's #oin# to se 0!100! And m$y e comp ter 3 is #oin# to se0!101! And t%$t printer is #oin# to se 0!103! Now if yo $nd I went in $nd we m$n $lly %$d toimplement e$c% of t%ese IP $ddresses on e$c% of t%ese de ices& t%$t's referred to $s st$ticconfi# r$tion of IP $ddresses w%ere we m$n $lly do it in $ st$tic f$s%ion on e$c% $nd e ery de ice!

00:01:33

And we m$y se st$tic in $ prod ction en ironment on critic$l de ices! 4or e($mple& on $ ser erw%ere we $lw$ys w$nt it to %$ e t%e s$me e($ct IP $ddress! ;r $ ro ter interf$ce& w%ere we w$ntedto %$ e t%e e($ct s$me IP $ddress e ery sin#le time! ?owe er& for ot%er de ices like comp ter 1 $ndcomp ter 3-- if we w$nt to optimi*e yo r $nd my time $s we #i e IP $ddresses to t%ese de ices--inste$d of confi# rin# t%e comp ter st$tic$lly& we c$n se 2?CP& w%ic% st$nds for t%e 2yn$mic?ost Confi# r$tion Protocol!

00:01: 0

It's $ w$y we c$n $ tom$te t%e $ssi#nment of IP $ddresses to de ices on o r network! And t%e $sicconcept of 2?CP is done etween $ client! A client is $ de ice t%$t wo ld like to #et $n IP $ddress!And $ 2?CP ser er-- t%$t's $ de ice t%$t knows $ o t $ pool of IP $ddresses t%$t it c$n %$nd o t$nd is willin# to do so!

00:03:13

And %ere's t%e pl$y- y-pl$y! T%e client& w%en it w$nts $n IP $ddress& iss es $ disco er mess$#e! Andeffecti ely& t%e disco er is s$yin#& %ey& I'm lookin# for some %elp! I need $ 2?CP ser er w%o co ldpossi ly $ssi#n me $n IP $ddress! And t%e 2?CP ser er& if it %e$rs t%$t mess$#e& is #oin# torespond& $nd it's #oin# to respond wit% $n offer!

00:03:.1

And in t%$t offer& it's #oin# to s$y& %ey& I' e #ot $ e$ tif l IP $ddress! I t%ink yo 'll like it! It's yo rsfor t%e t$kin#! To w%ic% t%e client c$n s$y& #re$t& I'll t$ke it! And t%$t's c$lled $ re est! And t%ent%ere's $ fin$l mess$#e t%$t's sent from t%e ser er $ck to t%e client& $nd it's c$lled $n

$cknowled#ment!

00:03:/9

8/18/2019 CBT_N10-006

24/403

I'll p t A-C-< for s%ort for $cknowled#ement! And in t%$t $cknowled#ement& is ) st #oin# toconfirm t%e det$ils! 4or e($mple& t%is is t%e IP $ddress yo 're #oin# to se $s well $s $ddition$loptions t%$t t%e 2?CP ser er c$n pro ide to t%$t client! And $ #re$t w$y to remem er t%is $ck-$nd-fort% for 2?CP etween t%e client t%e ser er is to $ c%ildren's c$rtoon c$lled 2or$ t%e

5(plor$ !

00:0.:11

It doesn't e en r%yme& t it doesn't m$tter to m c%! 2-;- -A& w%ic% st$nds for disco er& offer&re est& $nd $cknowled#e in t%$t order! Now& to set t%is p& we need to identify $ de ice on o rnetwork t%$t will $ct $s $ 2?CP ser er! Now we co ld %$ e t%e ro ter if t%e ro ter s pports t%$tf nction!

00:0.:39

We co ld $dd t%is 2?CP ser ice on t%e ro ter itself! ;r& we co ld %$ e it done on $ ser er! 4ore($mple& $ Windows ser er is ery $ le to e $ 2?CP ser er $s well! o it ) st depends in o rnetwork w%$t we %$ e $ $il$ le to e $ctin# $s $ 2?CP ser er $nd w%ere we w$nt to en$ le it!

00:0.:/6

o w%$te er de ice we c%oose se $s $ 2?CP ser er& w%et%er it's $ ro ter or $n intern$l ser er&we're #oin# to identify on t%$t 2?CP ser er $ pool of $ddresses! o in t%is c$se& it wo ld e on t%e10!1!0!0 network! And m$y e o r p ll $ddresses will e from 0!300 t%ro #% 0!33 ! o $#$in %ere&t%e 10!1 represents t%e network portion& $nd t%e 0!300 t%ro #% 0!33 will e o r indi id $l %ost$ddresses t%$t we're %$ndin# o t to 2?CP clients!

00:0/:1And t%ere's $ f$ncy n$me for t%$t pool& $nd t%ey c$ll it $ scope! o if we see t%e concept of scope&simply t%ink of t%$t $s $ r$n#e of 2?CP $ddresses t%$t $ 2?CP ser er is willin# to %$nd o t topeople t%$t $sk for it! Now if we do %$ e $ client& let's s$y comp ter 1 ecomes $ 2?CP client& $ndit sends o t $ disco er& $nd t%ere's $n offer& $nd t%e re est& $nd t%e $cknowled#ement!

00:0/:.6

?ow lon# e($ctly does comp ter 1 #et to keep $nd se t%$t IP $ddress= And t%e $nswer is it dependson t%e le$se! 4or e($mple& $ 2?CP ser er co ld s$y& ;

8/18/2019 CBT_N10-006

25/403

incl ded some 2?CP options! And options c$n e ery %$ndy for $ client!

00:0 :3

4or e($mple& in t%is network& comp ter 1 needs to know $ o t t%e IP $ddress of its def$ lt #$tew$yt%$t it c$n se if it e er %opes to #et off of t%e loc$l network! o one of t%e pre $lent options t%$t

we'll often see inside of $ 2?CP offer& $s well $s t%e $cknowled#ement& is t%e option of $ def$ lt#$tew$y for t%$t client to se!

00:0 :/.

Anot%er ery import$nt $spect wo ld e $ 2N ser er! 2N st$nds for dom$in n$me system! We'll%$ e $ sep$r$te N ##et ) st on t%$t! And $ 2N ser er #i es $ client t%e $ ility to tr$nsl$te t%en$me& like www!c tn ##ets!com& to $n IP $ddress& w%ic% is critic$l for IP comm nic$tions to work!

00:06:03

o two e($mples of options inside of $ 2?CP mess$#e wo ld incl de $ 2N ser er $nd $ def$ lt#$tew$y for t%e client to se! And t%ere m$y e sit $tions w%ere we w$nt o r client to e $ 2?CPclient& t we don't w$nt t%$t client to #et $ r$ndom IP $ddress!

00:06:18

Inste$d& we c$n set p $ reser $tion $nd we're $ll f$mili$r wit% reser $tions! If we %$ e $ reser $tion$t $ rest$ r$nt& we s%ow p $nd oom& t%ey t$ke s to t%e t$ le! Well& in 2?CP& t%e reser $tion isn't

) st # $r$nteein# $ t$ le! It's $lso # $r$nteein# $n e($ct t$ le e ery time for $ client!

00:06:..

o if comp ter 1 %$d $ reser $tion for t%e IP $ddress of 0!306& t%e 2?CP ser er-- w%en $ssi#nin#$n IP $ddress to t%$t comp ter-- wo ld $ssi#n t%$t specific IP $ddress d e to its reser $tion! Nowone of t%e c%$llen#es t%$t we're #oin# to %$ e in o r networks is t%$t m$y e we don't %$ e $ 2?CPser er directly connected to e ery network!

00:06: 3

And m$y e we don't w$nt o r ro ters w%o $re connected to e ery network to $ct $s 2?CP ser ers!Is t%ere $ w$y t%$t we c$n %$ e one centr$li*ed 2?CP ser er= 4or e($mple& o er %ere e t%e 2?CPser er for m ltiple different networks& $nd t%e $nswer is yes! And we do it wit% $ little fe$t re c$lled

IP %elper or IP rel$y& $nd it works like t%is!

00:08:13

;n o r 2?CP ser er& we cre$te m ltiple scopes! o we %$ e $ scope for s net A $nd s net 7 $nds net C! And for e$c% of t%ese scopes& we' e $lso identified options& s c% $s 2N ser ers $nddef$ lt #$tew$ys! And t%en we $sk t%is ro ter t%ro #% confi# r$tion to e $ #ood ddy& $nd $nytime it sees $ 2?CP disco er p$cket& to #o $%e$d $nd wr$p it p $nd s%ip it p to t%e 2?CP ser er!

00:08:.

At w%ic% point t%e 2?CP ser er will look $t t%$t p$cket $nd determine& o%& t%is c$me from t%isspecific s net! "et's s$y it's s net A& for e($mple! T%e 2?CP ser er will see t%$t it %$s $ scope fors net A& $nd it will offer $n IP $ddress from t%$t pool $ck to t%e IP %elper f nction!

8/18/2019 CBT_N10-006

26/403

00:08: 0

In t%is c$se& t%e ro ter sin# t%e IP %elper! At w%ic% point& t%e ro ter wo ld m$ke t%e offer $ck tot%e client! o it's like 2; A %$ppenin# twice! o %ere we %$ e t%e client& %ere we %$ e t%e rel$y&$nd %ere we %$ e t%e ser er& $nd I'll o( t%e client $s well o er %ere!

00:0,:0o t%e client does $ disco er t%$t's forw$rded to t%e ser er! T%en t%ere's t%e offer t%$t comes $ck

t%is w$y& t%en t%e re est& $nd t%en t%e $cknowled#ement! And yo mi#%t t%ink& well&

8/18/2019 CBT_N10-006

27/403

00:01:16

It w$nts s to #i e $ friendly n$me to t%is scope! We'll c$ll t%is NetPl s 10!1 ec$ se t%$t's t%enetwork it's #oin# to represent! We'll click on Ne(t! It's now $skin# s for t%e st$rtin# $ddress! olet's #i e it 10!1!0! And let's #i e it 33 ! And for $n endin# $ddress& let's se 10!1!0!3 0 ) st $s $ne($mple!

00:01:.

o %opef lly& we're not #oin# to %$ e $ w%ole nc% of de ices in t%$t network t%$t need IP$ddresses ec$ se wit% t%is scope we're not m$kin# $ % #e $mo nt of IP $ddresses $ $il$ le! 33t%ro #% 3 0 is 36 indi id $l IP $ddresses t%$t we're willin# to %$nd o t!

00:01:/9

And for t%e len#t%& %ere it's $skin# re#$rdin# t%e len#t% of o r network! I'm #oin# to p t in $ 16- itlen#t%& w%ic% in dotted decim$l represents 3 !3 ! And we're #oin# to %$ e $ sep$r$te N ##et ) st

on IP $ddressin# $nd s nettin#! 7 t for now& ple$se note t%$t t%is me$ns t%$t t%e first %$lfrepresents t%e network $nd t%e $ck %$lf represents t%e $ct $l %ost I2 or %ost n m er on t%$tnetwork!

00:03:11

And we'll click on Ne(t! It's $skin# s if we w$nt to e(cl de $ny specific IP $ddresses in t%$t r$n#e!And in o r e($mple& I'm not #oin# to e(cl de $ny specific IP $ddresses! It's $skin# s ne(t& %owlon# do we w$nt t%e le$se to e= 7y def$ lt& it's s$yin#& %ey& let's #i e t%ose IP $ddresses o t for ,d$ys! And for o r l$ en ironment& I'm #oin# to c%$n#e t%$t to 0 d$ys $nd / %o rs! And t%$t'll e o r

le$se d r$tion for t%ese IP $ddresses w%en t%ey're %$nded o t!00:03:.8

Ne(t& it's s$yin#& %ey& do yo w$nt to confi# re some re$lly cool 2?CP options t%$t yo 're #oin# to%$nd o t $lon# wit% t%ese IP $ddresses& like 2N ser ers $nd def$ lt #$tew$ys= And I'm #oin# tos$y& yo etc%$! "et's click on Ne(t! It's $skin# for t%e def$ lt #$tew$y t%$t t%ese clients s%o ld

sed!

00:03: 1

"et's t$ke $ look $t o r topolo#y ) st for $ moment! If t%is is #oin# to e t%e 10!1 network ri#%t %ere&we pro $ ly w$nt $ll t%ese de ices& if t%ey need to se $ def$ lt #$tew$y& to se ro ter 1! Andc rrently& ro ter 1 is $t t%e IP $ddress of 0!1! o t%e f ll $ddress of ro ter 1 for t%is interf$ce .@0 is10!1!0!1! o I'm #oin# to specify in t%e 2?CP option t%$t we're now confi# rin# on t%is ser er&we're #oin# to specify t%$t t%e def$ lt #$tew$y we're #oin# to %$nd o t is 10!1!0!1! o $ck $t t%eWindows 3013 2?CP er er >$n$#er& let's p t in t%e def$ lt #$tew$y $s 10!1!0!1! And we'll clickon Add!

00:0.:..

And t%en we'll click on Ne(t! It's now $skin# $ o t 2N ! W%$t 2N ser er do we w$nt to %$ndo t= 2N is 2om$in N$me ystem& $nd it's t%e m$#ic y w%ic% $ comp ter c$n determine t%e IP$ddress from $ n$me! o for e($mple& w%en 7o #oes to #oo#le!com& $ 2N ser er is sed so t%$t

8/18/2019 CBT_N10-006

28/403

7o 's c$n fi# re o t w%$t t%e IP $ddress is $ssoci$ted wit% #oo#le!com!

00:0.:

o t%is Windows er er& y def$ lt& is p ttin# in its own IP $ddress on $ different network! I'm#oin# to remo e t%$t! And I'm #oin# to $dd in ,!,!,!,! And click on Add! And t%$t is t%e IP $ddress

of $ p lic 2N ser er from oo#le! And w%$t t%e 2?CP >$n$#er ) st did& it went o t $ndc%ecked $nd erified t%$t 2N is workin# $nd r nnin# on t%$t system!

00:0/:1/

And $s $ res lt of t%$t testin# s ccessf l& it $llowed me to $dd it $s $n option! o we'll click on Ne(tto contin e! It's now $skin# $ o t Net7I; n$me resol tion! A lon#& lon# time $#o& in $ #$l$(y f$r$w$y we sed Net7I; n$me resol tion! We don't need it in o r network ec$ se e eryt%in#'s#oin# to e resol $ le i$ 2N !

00:0/:./

7 t if yo need WIN & Windows Internet N$me er ice& yo co ld incl de t%$t option $s well ri#%t%ere! We'll click on Ne(t! And do yo w$nt to $cti $te t%e scope now= And we c$n click on Ees to#o $%e$d $nd $cti $te t%$t scope! And t%en we'll click on 4inis%!

00:0/:/6

o now we %$ e t%is scope& t%is pool of $ddresses t%$t we c$n %$nd o t from t%is 2?CP ser er! Andif we w$nted to delete or dis$ le t%e scope& we co ld ri#%t click! And we co ld de$cti $te it ordelete it! And w%$t I'd like to do is ec$ se I'm #oin# to set p 2?CP $#$in on $not%er de ice& Idon't w$nt to %$ e two 2?CP ser ers competin# to %$nd o t IP $ddresses!

00:0 :0

o on t%is Windows 3013 ser er& I $m $ct $lly #oin# to de$cti $te t%is scope! And I'll click on Eesto confirm! o t%e scope for t%e 10!1 network is no lon#er $cti e ri#%t now on t%is 2?CP ser er! owe cre$ted $ scope %ere on t%is ser er! We de$cti $ted it ec$ se I w$nt to s%$re wit% yo %ow wec$n confi# re 2?CP ser ices on $ ro ter!

00:0 :36

4or o r e($mple& ro ter 1 will e r nnin# Cisco's I; ersion 1 !( softw$re! o we're now sittin# $t

t%e comm$nd line for t%e Cisco I; ro ter c$lled ro ter 1! And we're #oin# to #o into confi# r$tionmode y typin# in t%e comm$nd confi# re sp$ce termin$l!

00:0 :/1

And t%$t #i es s t%e $ ility to st$rt confi# rin# t%e det$ils re#$rdin# t%is ro ter! T%e first t%in# I'dlike to do is cre$te $ scope! Now& t%ey don't c$ll it $ scope in $ Cisco ro ter! T%ey c$ll it $ pool! T%esynt$( is IP 2?CP pool! And we're #oin# to n$me it!

00:0 : /

We'll c$ll o rs ;B -2?CP- C;P5& ) st to m$ke s re we're cle$r w%$t t%is is! T%en for t%is scope&we're #oin# to specify w%$t network r$n#e we're #oin# to %$nd o t IP $ddresses from wit% t%esynt$( network 10!1!0!0 sp$ce 3 !3 !0!0! And for t%e time ein#& ple$se ) st know t%$t t%e

8/18/2019 CBT_N10-006

29/403

3 !3 !0!0 me$ns t%$t t%e first %$lf of t%e IP $ddress represents t%e network $nd t%e $ck %$lf is#oin# to represent t%e %ost $ddressin# for t%$t network!

00:06:33

ort of like $ street n$me on t%e left $nd $ %o se n m er on t%e ri#%t! If we're #oin# to %$nd o t $

def$ lt ro ter to t%ese 2?CP clients& t%e synt$( on t%e Cisco I; ro ter is def$ lt-ro ter! And t%ent%e IP $ddress of t%e ro ter t%ey s%o ld se& t%e client s%o ld se& $s $ def$ lt #$tew$y!

00:06:.9

And t%e concept of $ #$tew$y $nd ro ter $re irt $lly synonymo s! If we w$nt to tr$in o r 2?CPclients re#$rdin# $ 2N ser er t%$t t%ose 2?CP clients c$n se& t%e synt$( on $n I; ro ter wo ld

e dns-ser er $nd t%e IP $ddress of t%e 2N ser er we w$nt t%ose clients to se!

00:06: 6

In t%is c$se& we're sin# ,!,!,!, w%ic% is $ 2N ser er pro ided y oo#le! Now c rrently& we'resittin# in t%is 2?CP pool confi# r$tion mode! If we type in e(it& t%$t'll t$ke s $ck o t to t%e#lo $l confi# r$tion on t%is Cisco ro ter! And if we w$nted to e(cl de $ddresses $nd tell t%is ro ternot to %$nd o t-- for e($mple& t%e 0!1 t%ro #% 0!99& we co ld do t%$t wit% t%e comm$nd ip d%cpe(cl ded-$ddress& t%e st$rt r$n#e of 10!1!0!1 $nd t%e end r$n#e of 10!1!0!99! o t%$t $sic$lly tellst%is ro ter& ple$se don't %$nd o t $ny of t%ose IP $ddresses!

00:08:.1

t$rt somew%ere $ o e t%$t! Now& t%ose comm$nds t%$t we entered $re $li e $nd $cti e! ?owe er&if we w$nt t%ose s$me comm$nds to e $ro nd w%en we re oot t%is ro ter& we need to $lso s$ et%ose c%$n#es to t%e st$rt p confi# r$tion on t%is ro ter! And t%e synt$( for t%$t is copy r nnin#-confi# sp$ce st$rt p-confi#!

00:08:/9

And t%$t w$y t%e ne(t time we re oot& t%ose c%$n#es will still e t%ere on t%is ro ter! Ne(t& let's #oto t%e client t%$t will e t%e 2?CP client! And let's do two t%in#s! "et's t$ke $ look first $t %ow toconfi# re $ st$tic IP $ddress& incl din# det$ils s c% $s t%e def$ lt #$tew$y $nd 2N ser ers t%$t t%iscomp ter s%o ld se!

00:0,:06And t%en we'll t$ke $ look $t %ow we c$n se 2?CP to do dyn$mic $ssi#nment of $n IP $ddress tot%is comp ter! o c rrently we're $t t%e desktop of comp ter 3! Now in order to #et to t%e controlp$nel for t%e network $ttri tes& t%ere's lots of w$ys of doin# it!

00:0,:31

We c$n click on t%e Windows icon! And we c$n type in control $nd #o to Control P$nel t%$t w$y!And t%en from Control P$nel& t%ere's different iews t%$t we c$n se! 7 t if we #o down to Network$nd %$rin# Center $nd t%en C%$n#e Ad$pter ettin#s& t%$t's one w$y of #ettin# to t%e properties of

t%e network $d$pter for t%is Windows comp ter!00:0,:.9

8/18/2019 CBT_N10-006

30/403

8/18/2019 CBT_N10-006

31/403

for s!

00:11:3/

N m er one& it %elps s to confirm t%$t t%e 2N is workin#! 7ec$ se we s$id #oo#le!com& yet we're$ct $lly #oin# o t to 80!1,6!10!36! And ec$ se we #ot t%e tr$ffic t%ere $nd $ck& it $lso implies

t%$t o r def$ lt #$tew$y is workin#! And so sin# pin# to pin# $ n$me is $ #re$t w$y of erifyin#se er$l $spect of o r IP confi# r$tion wit% one simple pin# comm$nd!

00:11:/,

o ne(t& let's do t%is! "et's #o $%e$d $nd minimi*e t%is comm$nd prompt for $ moment! "et's #o$ck to t%e properties of 5t%ernet0! We'll ri#%t click! 4rom t%e drop down& we'll select Properties!

And let's #o down to IP ersion / ri#%t %ere! And let's c%$n#e t%e properties so t%$t we're sin#dyn$mic %ost confi# r$tion protocol $s $ client inste$d of %$ in# $ st$tic$lly confi# red IP $ddressdef$ lt #$tew$y $nd 2N !

00:13:10

o to confi# re it for 2?CP& we're #oin# to click t%e r$dio ttons for o t$in IP $ddress$ tom$tic$lly $nd o t$in 2N ser er $ tom$tic$lly! And we'll click on ;

00:13:/.

o to erify w%et%er or not t%is is c rrently workin#& let's #o $ck to o r comm$nd prompt! Andwe're #oin# to se comm$nd ipconfi#! Press 5nter! And t%e comm$nd ipconfi# on $ Windowscomp ter will s%ow s t%e IP $ddress t%$t we c rrently %$ e-- 10!1!0!100! It looks like t%e first IP$ddress from t%e pool on t%e 2?CP ser er& t%e ro ter!

00:1.:03

It $lso %$s o r def$ lt #$tew$y of 10!1!0!1! And if we se t%e Bp Arrow key $nd se ipconfi#sp$ce @$ll& t%$t will s%ow s $ddition$l inform$tion $ o e $nd eyond t%e $sics! o t%e comm$ndon t%e Windows comp ter IP confi# sp$ce @$ll s%ows s t%e IP $ddress!

00:1.:19

It $lso s%ows s det$ils re#$rdin# t%e le$se-- w%en it w$s o t$ined $nd w%en it's #ood till! ?ere's t%edef$ lt #$tew$y! T%ere's t%e 2?CP ser er! And %ere's t%e 2N ser er t%$t w$s %$nded to s! Andwe le$rned $ o t t%$t IP $ddress& $nd t%e le$se time& $nd t%e 2N ser er& $nd t%e def$ lt #$tew$y$ll from t%e 2?CP ser er!

00:1.:.8

Now& w%$t I %$ e not yet told yo & t I'm s%$rin# wit% yo now is t%e f$ct t%$t I %$ e c$pt red t%e

8/18/2019 CBT_N10-006

32/403

tr$ffic on t%is network link etween t%e switc%es $nd t%e ro ter for t%e intention of sin# somet%in#c$lled $ protocol $n$ly*er so we c$n see t%e det$ils of w%$t's re$lly %$ppenin# on t%e network!

00:1.: 3

And t%e protocol $n$ly*er we're #oin# to se to look $t t%is c$pt re tr$ffic is c$lled Wires%$rk! o

let's t$ke $ look $t t%e tr$ffic t%$t %$ppened on t%$t network se#ment t%ro #% t%e eyes of t%eprotocol $n$ly*er c$lled Wires%$rk! o %ere's w%$t I w$nt to s%$re wit% yo !

00:1/:0

I %$ e done $ filter foc sin# on 2?CP! I'd like yo to notice t%ere's $ 2?CP disco er! And t%$t'sfrom o r Windows , client s$yin#& %ey& I need to find t%e 2?CP ser er! T%ere's $n offer t%$t w$ssent from t%e ro ter $ctin# $s $ 2?CP ser er! Inside t%$t offer& if we t$ke $ look $t it $nd we open

p t%e p$ylo$d for t%$t p$cket& yo c$n notice %ere in t%is offer it's offerin# t%e IP $ddress of10!1!0!100& w%ic% is t%e IP $ddress t%$t in t%e ne(t p$cket& t%e re est& t%e client s$id& t%$t so nds#re$t!

00:1/:.

I'll t$ke it! And t%$t w$s followed p y $n $cknowled#ement from t%e 2?CP ser er! And if we #odown to t%$t $cknowled#ement $nd scroll p ) st $ little it& yo 'll notice t%$t in t%is$cknowled#ement& it's confirmin# some of t%e options! 4or e($mple& we %$ e t%e def$ lt #$tew$yof 10!1!0!1! We %$ e t%e dom$in n$me ser er $t ,!,!,!,! It's $lso incl din# inform$tion re#$rdin# t%ele$se time& w%ic% on $ Cisco ro ter is $ one-d$y le$se y def$ lt w%en t%e ro ter is $ctin# $s $2?CP ser er!

00:1 :0.o $s yo contin e in yo r st dies& if yo 're e(cited $nd w$nt to le$rn more $ o t Wires%$rk $nd

protocol $n$lysis& I' e #ot se er$l co rses ri#%t %ere $t C7T N ##ets t%$t re$lly di e into protocol$n$lysis! ;ne of t%em is t%e CCNA %$nds-on l$ s t%ro #% t%e eyes of Wires%$rk $nd N .! Andt%ere's $not%er co rse ) st on Wires%$rk!

00:1 :31

o I'm pointin# o t t%ose co rses to yo now& so t%$t yo know t%$t t%ey e(ist $s reso rces w%enyo 're re$dy to st$rt st dyin# protocol $n$lysis sin# Wires%$rk& w%ic% y t%e w$y is $ l$st! In t%isN ##et& we' e disc ssed $nd demonstr$ted %ow to set p $ 2?CP ser er on $ Windows pl$tform $swell $s $ Cisco I; ro ter!

00:1 :.9

We $lso took $ look on t%e client side $t %ow to st$tic$lly confi# re IP $ddresses $s well $s tr$in $client to e $ 2?CP client! I %$ e %$d $ lot of f n in t%is N ##et! I'm so #l$d t%$t yo )oined me forit! I %ope t%is %$s een inform$ti e for yo & $nd I'd like to t%$nk yo for iewin#!

2N Concepts

00:00:00In t%is N ##et& yo $nd I #et to disc ss 2N concepts& w%ic% is t%e m$#ic e%ind %ow $ friendly

8/18/2019 CBT_N10-006

33/403

n$me& like oo#le!com& e tr$nsl$ted into $n IP $ddress! "et's e#in! I'd like yo im$#ine o r ser7o sittin# $t %is comp ter! ?e ) st powered it on! ?e's #ot $n IP $ddress& co rtesy of 2?CP&2yn$mic ?ost Confi# r$tion Protocol!

00:00:31

?e $lso knows $ o t $ def$ lt #$tew$y t%$t %e c$n se! And %e's $lso een #i en $ 2N ser er!Now& t%e re$son t%$t 2N ser er is so critic$l for 7o 's comp ter to e $w$re of is ec$ se w%en7o #oes to www!#oo#le!com& from $n IP network perspecti e& no one knows w%$t's #oin# on&

ec$ se www!#oo#le!com

00:00:/3

is $ n$me of $ we ser er! And in order to #et to t%$t we ser er& we need to forw$rd t%$t tr$ffic& ort%e ro ters need to forw$rd t%$t tr$ffic& to t%e ri#%t IP network! And t%$t's w%ere 2N comes intopl$y! W%$t wo ld %$ppen is 7o 's comp ter& w%en %e types in www!#oo#le!com& in t%e $ck#ro nd&

00:00: 9

7o 's comp ter wo ld m$ke $ 2N re est! T%$t's for 2om$in N$me ystem! T%e $cronym $lsoco ld e sed for 2om$in N$me er er or 2om$in N$me er ice! In $ny e ent& %is comp term$kes $ 2N re est! And t%$t re est is #oin# o t to $ 2N ser er! And t%e re est is #oin# tos$y& 2e$r >r! 2N ser er&

00:01:1,

I need to #et to www!#oo#le!com! Co ld yo ple$se tell me w%$t t%e IP $ddress is for oo#le!com&so I c$n send $ p$cket to t%$t ser er= And t%e ser er& if it c$n reply& will #o $%e$d $nd respond $ckto t%$t client-- in t%is c$se& t%$t's 7o 's comp ter-- wit% t%e $nswer!

00:01:./

;%& t%$t's $t 80!30!.0!(! I'm ) st m$kin# p t%ose n m ers for $ moment! And $s yo c$n im$#ine&t%ere's millions $nd millions $nd millions of n$mes o t t%ere on t%e internet! ?ow do we keep tr$ckof it $ll= Well& we don't ) st %$ e one 2N ser er! T%ere's t%o s$nds $nd t%o s$nds of 2N ser ers!

00:01: 1

And in t%e $ck#ro nd& t%ey're $ll workin# to#et%er for t%$t n$me resol tion! o if t%is ser er didn't

know $ o t t%e $nswer to oo#le!com& it co ld #o $%e$d $nd refer p to $not%er 2N ser er to $skt%$t s$me inform$tion! o if t%is 2N ser er tells t%$t 2N ser er& t%is one c$n c$c%e it $nd t%en fort%e inform$tion $ck to 7o !

00:03:09

And t%$t w$y& if t%is ser er %$s to $nswer t%$t s$me estion o er $nd o er $nd o er $#$in& itdoesn't %$ e to m$ke $ re est e ery sin#le time to $not%er 2N ser er to le$rn t%$t inform$tion! o$ c$c%e is $ pl$ce w%ere we c$n store-- s $lly tempor$rily-- inform$tion t%$t we' e recei ed!

00:03:3.

o $ 2N ser er m$y c$c%e 2N inform$tion it le$rned from $not%er ser er! And& $s t%$t $nswer#oes $ck to 7o 's m$c%ine& 7o 's m$c%ine is $lso #oin# to c$c%e t%$t inform$tion! And t%e enefit

8/18/2019 CBT_N10-006

34/403

of t%$t is t%$t if 7o needs to #o to t%$t s$me destin$tion o er $nd o er $#$in& %e doesn't %$ e tocontin e m$kin# 2N re ests o er $nd o er $nd o er!

00:03:/0

o in t%is e($mple& 7o 's comp ter is $ 2N client! And t%is ser er p %ere is $ 2N ser er! And if

we l$ el t%ese ser ers $s er er ;ne $nd er er Two& we co ld $lso s$y t%$t er er ;ne w$s $client to er er Two& ec$ se er er Two w$s pro idin# t%e inform$tion t%$t er er ;ne needed!

00:03: ,

And #ener$lly spe$kin#& in $ client-ser er model& t%e entity t%$t's m$kin# t%e re est is consideredto e t%e client! And t%e entity t%$t's pro idin# t%e inform$tion is considered to e t%e ser er! Now&in life& one of t%e common& respectf l t%in#s to do is if some ody $sks for $n $pple& yo #i e t%em$n $pple!

00:0.:1/

If t%ey $sk for $n or$n#e& yo #i e t%em $n or$n#e! Well& in 2N & we c$n %elp $ccommod$te t%$t y%$ in# different record types inside of 2N ! And $lt%o #% t%ere $re do*ens $nd do*ens $nd do*ensof record types& t%ere's fi e t%$t I w$nt to s%$re wit% yo ri#%t now!

00:0.:3,

;ne is $n A record! And A st$nds for $n $ddress record! And $n A record is referrin# to $ record forIP / $ddress! o for e($mple& if 7o 's comp ter is r nnin# IP / $nd %e m$kes $ re est o t to t%e2N ser er& $nd s$ys %ey& I wo ld like t%e A record for t%e ser er www!#oo#le!com&

00:0.:/9t%e ser er s%o ld respond $ck wit% $n IP / $ddress! W%ic% m$y look like 83!1!6!/ or some ot%erIP / $ddress t%$t's ein# $nswered or ret rned to 7o & t%e client! Now& $not%er record type t%$t's in2N or c$n e in 2N is $ $dr ple A record type! And yo mi#%t t%ink& wow& t%$t looks like it'sfo r times $s lon# $s $n A record!

00:0/:13

And yo know w%$t= It is! o $n $ record for $n IP / $ddress is .3 its in len#t%! And $ it is $sin#le position t%ey c$n eit%er e on or off& like $ li#%t switc%! o for now& yo c$n t%ink of it $s .3

li#%t witc%es lon#! And $ $d A record wit% fo r As is $n IP ersion 6 $ddress record!

00:0/:.

An IP 6 is 13, its in len#t%! o if 7o 's comp ter %$d een r nnin# IP 6& $nd 7o 's comp term$de $ 2N re est lookin# for t%e $d A record for www!#oo#le!com& t%e response $ck fromt%e 2N ser er wo ld e e(pected to e $n IP 6 $nswer& w%ic% is 13, its in len#t%! ;r r$t%er&t%$t's t%e len#t% of $n IP 6 $ddress! Anot%er ery common record type inside of 2N is $n >Mrecord& w%ic% st$nds for m$il e(c%$n#e& spelled >-A-I-"!

00:0 :10

And t%$t type of record wo ld e sed& for e($mple& y em$il ser ers& ) st tryin# to forw$rd em$ilmess$#es to $not%er em$il ser er in $ different dom$in! T%e CNA>5 record st$nds for c$nonic$l

8/18/2019 CBT_N10-006

35/403

n$me! And y sin# $ CNA>5& $nd we c$n do $n $li$s from one n$me to $not%er!

00:0 :3,

o for e($mple& if we were se$rc%in# for www! $!com& $nd t%ere w$s $ CNA>5 record t%eret%$t s$id& o%& w%$t yo re$lly w$nt is www! $1!com& t%$t wo ld e $n e($mple of $ CNA>5

record! T%$t& of co rse 7o & $t t%is comp ter& wo ld contin e t%e resol tion of www! $-1!comto $n IP $ddress!

00:0 : 1

And t%e l$st one I w$nt to s%$re wit% yo %ere is $ pointer record! And it's c$lled $ pointer recordec$ se it $ct $lly points to $ n$me! Now& most of t%e time& we're sin# 2N to resol e $ n$me&

like www!C7TN ##ets!com to $n IP $ddress! ?owe er& if we w$nt to flip t%$t& if we %$ e $n IP$ddress $nd we st$rt t%ere& $nd we s$y& w%$t is t%e dom$in n$me $ssoci$ted wit% t%is IP $ddress=T%$t's w%en t%e pointer record is sed!

00:06:1,

o we co ld s$y& for e($mple& %ey& t%is $ddress of ,!,!,!,-- w%$t dom$in is t%$t $ssoci$ted wit%=And t%e pointer record wo ld point to $ n$me! And t%$t wo ld e one of oo#le's ser ers! o w%enyo see pointer records& t%ink re erse look ps-- %$ in# $n IP $ddress $lre$dy $nd w$ntin# to knowt%e n$me e%ind it!

00:06:.6

In l$r#e or#$ni*$tions& it's ery likely t%$t comp$nies $re #oin# to %$ e t%eir own intern$l dom$inn$me system ser er! o w%en 2?CP $ddresses $nd options $re %$nded o t& s c% $s w%ic% 2Nser er to se& t%e comp ters c$n e told to se t%e 2N ser er t%$t's loc$l to t%eir comp$ny!

00:06: 1

T%en t%e c%$llen#e is& %ow does o r intern$l 2N ser er know $ o t t%e rest of t%e world= onorm$lly w%$t we'll %$ e is we'll %$ e $ ser ice pro ider 2N ser er o t %ere on t%e internet! Ando r loc$l 2N ser er will work in con) nction wit% t%e internet ser ice pro ider's 2N ser er!

00:08:0

And t%$t 2N ser er c$n t%en work wit% $ddition$l 2N ser ers $s needed for resol tion of

e eryt%in# on t%e internet t%$t's in 2N ! o 7o m$kes $ re est to t%is 2N ser er! T%is 2Nser er doesn't know! It m$kes $ re est to $not%er 2N ser er! T%$t $nswer comes $ck to o r loc$l2N ser er!

00:08:33

And t%e loc$l 2N ser er feeds t%e $nswer $ck to 7o & re#$rdin# %ey& #oo#le!com is $t t%$t t%is$ddress! And it c$n keep t%$t in t%e c$c%e on t%$t loc$l 2N ser er& so t%$t f t re re ests& for $period of time& c$n e $nswered loc$lly from t%e ser er wit%o t m$kin# $ddition$l re ests!

00:08:.8

Now& one of o r c%$llen#es is t%is! If we %$ e $ co ple of ser ers $t o r loc$tion! "et's s$y t%eir weser ers& $nd we're $cme!com! And let's s$y t%ese ser ers $re ein# lo$d $l$nced& $nd we're c$llin#

8/18/2019 CBT_N10-006

36/403

t%em www!$cme!com! ; r intention is t%$t w%en Dill& o t %ere on t%e internet& types inwww!$cme!com& 2N is #oin#

00:08: 6

to resol e t%$t to $n IP $ddress t%$t is re$c%$ le ri#%t %ere! o it m$y e www!$cme!com #oes to o r

lo$d $l$ncer de ice! Per%$ps we %it 4 or Net c$ler t%$t %$s t%$t IP $ddress $ssoci$ted wit%www!$cme!com! And t%en o r lo$d $l$ncer c$n t%en lo$d $l$nce etween t%e two identic$lser ers t%$t $re sittin# on o r 2>H!

00:0,:18

o workin# wit% $ ser ice pro ider& we'd %$ e to& first of $ll& m$ke s re we #ot t%e dom$in$cme!com re#istered to s! And t%en we'd w$nt to m$ke s re t%ere's $n A record for www!$cme!cominside of 2N ! o ) st $s $n e($mple& t%is w$s 3.!1!3! ! W%en Dill does %er 2N re est to %er2N ser er& s$yin#& w%$t is t%e IP $ddress of www!$cme!com=

00:0,:/1

T%e response $ck to s%o ld Dill s%o ld e 3.!1!3! ! And t%en Dill wo ld forw$rd %er tr$ffic to %erdef$ lt #$tew$y! It wo ld e ro ted p to t%is lo$d $l$ncer& $nd t%en lo$d $l$nced $cross t%oseser ers! o we c$n see t%$t %$ in# $ 2N entry t%$t points to t%e IP $ddress for w%ere o r de ices$re is re$lly %elpf l& ec$ se people c$n se n$mes inste$d of memori*in# IP $ddresses!

00:09:03

o w%$t $ o t t%is scen$rio= "et's s$y we %$ e $ ser w%o's connected to t%e internet! ?ere's %is%ome! o t%is is $ %ome ser! And for t%$t connection to t%e internet& t%is %ome ser co ld e sin#2 " or $ c$ le modem! And for t%e p rpose of t%is disc ssion& let's s$y t%is ser's een $ssi#ned $dyn$mic$lly $ssi#ned IP $ddress!

00:09:1,

"et's s$y t%$t $ddress is /3!1!.!9! o on t%e internet& t%$t's w%ere t%is %o se co ld e fo nd $t t%is IP$ddress! Well& t%e ser $t t%is %ome %$s inst$lled $ c$mer$! And t%e re$son %e inst$lled t%e c$mer$ is

ec$ se %e w$nted to keep $n eye on %is do# w%ile %e w$s $w$y!

00:09:.

o for e($mple& if %e's $t work& %e'd w$nt t%e $ ility to #o $%e$d $nd connect to t%e c$mer$ o er t%einternet $nd see %is do#! Now& to m$ke t%$t f nction& t%eir m$y e $ little it of work t%$t t%e ser%$s to do %ere on t%eir ro ter $nd firew$ll to let t%e correct ports $nd correct tr$ffic t%ro #%!

00:09:/9

7 t t%e pro lem I w$nt to $ddress ri#%t now is t%is IP $ddress! T%is IP $ddress is dyn$mic$lly$ssi#ned from t%e ser ice pro ider! W%$t if c%$n#es= W%$t if it c%$n#es from /3!1!.!9 to /3!1!.!11!And t%en w%en 7o 's $t work& %e tries to connect to t%e old $ddress $nd it's not workin#!

00:10:0,

?e doesn't know w%y! And t%e re$son is t%$t t%e IP $ddress %$s c%$n#ed $nd %e's not $w$re of it! oto %elp $ddress t%$t& w%$t we %$ e is $ fe$t re c$lled dyn$mic 2N ! And t%e re$son it's c$lled

8/18/2019 CBT_N10-006

37/403

8/18/2019 CBT_N10-006

38/403

on $n intern$l Windows 3013 ser er! T%en we'll t$ke $ look $t 7o 's comp ter& w%ic% is comp tern m er 3 %ere& $nd we'll erify on 7o 's comp ter sin# IP confi#!

00:00: 1

And we'll erify w%et%er or not it %$s $ 2N ser er t%$t it c$n se! And I'd $lso like to s%ow yo

some re$lly sweet tools wit% IP confi# w%ere we c$n $ct $lly see t%e 2N c$c%e on t%e loc$lcomp ter re#$rdin# n$mes it's pre io sly resol ed! And& if we're tro les%ootin#& %ow we c$n $lso

se IP confi# to cle$r on 7o 's comp ter t%$t 2N c$c%ed inform$tion!

00:01:1.

o we're sittin# in $ Windows 3013! And we' e #ot er er >$n$#er r nnin# from %ere! If we w$ntto confi# re 2N & we c$n #ot to Tools& $nd t%en& from t%e drop down& #o down to 2N ! And from%ere& if we w$nted to cre$te s