|
|
Scalability
BGP, 213
caching and, 523, 525
configuration management and, 667
fault-tolerant systems, 435, 438
high-availability (HA) systems, 435
Integrated Services (IS), 616
for large-scale internetworks, 58
link-state protocols, 163
multicast, 295
MultiProtocol Label Switching (MPLS), 582
in NonBroadcast MultiAccess (NBMA) networks, 66
OSPF, 202–3
PIM-SM, 281
RIP, 185
VPN, 385–86
VRRP, 451
Scheduling
Class-Based Queuing (CBQ), 497–99
custom queuing, 495–96
FIFO queuing, 493–94
priority queuing, 494–95
techniques, 235, 491–99
Weighted Fair Queuing (WFQ), 496–97
Weighted Round Robin (WRR), 496
See also Traffic engineering
Secure Electronic Transaction (SET), 326, 338
Secure HTTP (S-HTTP), 336
Secure Multipurpose Internet Mail Extensions (S/MIME), 326, 337
Secure Sockets Layer (SSL), 326, 334–36
defined, 334
operation, 334–35
phases, 335–36
security services, 334
sessions, 335
Security, 305–87
AAA services, 328–33
access control, 306
as addressing model guideline, 133
attacks, 307
authentication, 306
confidentiality, 306
cryptography, 320–22
driving forces/issues, 306–16
e-commerce, 377
e-mail protection systems, 348
feature documentation, 14
firewalls, 338–46
functions, 306
integrity, 306
Intrusion Detection Systems (IDSs), 348–49
IPSec, 356–80
LDAP, 130
management, 636
multicast, 295–96
NAT, 137, 327–28
nonrepudiation, 306
PKI, 322–26
policy, 702
protocol-based services, 334–38
RIPv2, 181–82
as risk management, 305
SNMP, 650–52
solutions and features, 318
summary, 386–87
technology and solutions, 319–53
URL protection systems, 347–48
virus protection systems, 346–47
VPNs, 349–56, 380–86
Security Associations (SAs), 358–59
automated negotiation of, 371
bundles, 369–71
components, 359–60
defined, 358
illustrated, 359
initializing, for data transfer, 375
initializing, with IKE, 373–74
iterated tunneling, 370
sequence, 369
transport adjacency, 370
transport mode, 360–61
tunnel mode, 361
See also IPSec
Security policy
components, 316–17
developing, 316–19
implementation, 317–19
legal issues, 319
risk analysis, 317
Segmentation, 429–30
Server mirroring, 399, 440–41
Server Side Include (SSI), 311
Service announcements, 520–21
Service classes, 602–4
controlled load service, 602–3
guaranteed service, 603–4
Service-Level Agreements (SLAs), 551, 559, 565–71, 627–28
challenging, 571
defined, 565
dynamic, 565
end-to-end, 567
guarantees, 566
monitoring, 567–70
packet loss, 566
round-trip latency, 566
static, 565
vendors, 571
See also Quality of Service (QoS)
Service marking, 560–62, 618–19
field definitions, 618–19
simple model, 560–61
Service-Specific Connection-Oriented Protocol (SSCOP), 597
Session Description Protocol (SIP), 298
Session Directory Announcement Protocol (SDAP), 298
Session Layer (OSI reference model), 18
Sessions, 601, 605
Shared memory, 233
Shared-memory fabric, 230
Shortest-distance path, 581
Shortest-widest path, 581
Simple Conference Control Protocol (SCCP), 298
Simple Gateway Management Protocol (SGMP), 637
Simple Key Management Protocol for IP (SKIP), 331
Simple Mail Transfer Protocol (SMTP)
defined, 36
vulnerabilities, 310
Simple Network Management Protocol. See SNMP
Single Loss Expectancy (SLE), 406, 407
Single Point of Failure (SPOF), 393, 403–5
SLA monitoring, 567–70
circuit error rates, 570
circuit stability, 570
data capture/storage, 569
data collection models, 568
diagnostic features, 569
external data feeds, 568
metrics, 569–70
network availability, 570
network latency, 570
predictive features, 568–69
reporting features, 569
throughput, 570
tool features, 568–69
traffic shaping, 569
WAN interfaces, 568
See also Service-Level Agreements (SLAs)
SMDS, 595–96
Smurf, 315
SNMP, 636, 637–55, 707
advantages, 637, 654–55
agent, 644
application-wide type support, 639–40
architecture, 638–44
background, 637–38
defined, 36, 637
disadvantages, 655
GetBulkRequests, 647
GetNextRequests, 647, 648–50
GetRequests, 647
HP++ browser tool, 671
Inform, 647
message structure, 645–46
MIB, 640–44
over UDP, 653
PDU, 646
performance issues, 653–54
porting, 644–45
protocol stack, 645
resilience, 652–55
security, 650–52
service primitives, 646–50
SetRequests, 647
SMI, 638–40
SNMPv1, 648, 650
SNMPv2, 650, 651–52
SNMPv3, 652
support, 638
table traversal, 648–50
transport independence, 644
Trap PDUs, 646
Traps, 647–48
version coexistence, 652
See also Network management
SOCKS, 343–44
defined, 343
operation, 343–44
SOCKSv5, 344
Software compression, 486
Software diagnostic tools, 681–94
dig, 693–94
netstat, 690–91
nslookup, 693–94
ping, 682–87
tcpdump, 691–93
traceroute, 687–90
types of, 681–82
See also Troubleshooting tools
Source domains, 623
Spanning Trees, 579
Sparse distribution model, 255
Sparse-mode PIM (PIM-SM), 278–80
conditions for use, 278
defined, 278
illustrated, 279
operations, 278–80
PM-DM vs., 280
scalability, 281
See also PIM
Split DNS, 119
SSH, 336–37
Stac LZS compression, 485–86
Standalone LDAP (SLDAP), 127
Standalone servers, 706
Standards organization, 15–16
ANSI, 16
ECMA, 16
EIA, 16
IAB, 15–16
IEEE, 16
ISO, 15, 17–19
ITU-T, 16
NBS, 16
Standby modules, 463–64
Star topology, 418–20
fault tolerance improvement, 419–20
illustrated, 419
Stateful firewalls, 344–45
Static Address Translation (SAT), 133–34
Static passwords, 330
Static routing entries, 166
Statistics group, 658–59
Storage Area Networks (SANs), 400
Storage Attached Networks (SANs), 545
Storage optimization, 542–46
disk compression, 542–43
HSM, 543–44
NAS/SAN strategies, 544–46
OSN, 546
Storage Service Providers (SSPs), 400, 546
Structure of Management Information (SMI), 638–40
Basic Encoding Rules (BER), 639
defined, 638
encoding rules, 638
See also SNMP
Subnet broadcast, 65
Subnetting, 137–45
bit-wise, 138
class B example, 141
class C example, 140
defined, 137
VLSM, 138
VLSM with class B example, 141–45
Switches
ATM, 42
benefits, 429–30
defined, 42
LAN, 42, 54
Layer 2, 429
Layer 4, 531
multicast-aware, 248
topological control with, 427
Switching, 52–53
circuit, 52
IP, 557–59
label, 560, 562
packet, 52–53
peripheral, 460
tag, 559
Switching fabric, 230–32
ATM-like, 232
bus, 230
crossbar, 230–31
defined, 230
hybrid media, 231
shared-memory, 230
See also Routers
SYN attack, 314–15
Synchronization, 524
Synchronous traffic, 594
Systems Management Application Entity (SMAE), 663
|
|