|
|
AAA security services, 328–33
accounting, 329
authentication, 328–29
authorization, 329
biometrics, 331–32
CHAP, 330–31
defined, 328
Kerberos, 333
model, 328–30
PAP, 330
RADIUS, 332
SKIP, 331
static/aging passwords, 330
TACACS, 332–33
token cards, 331
See also Security
Abstract Syntax Notation One (ASN.1), 665
Acceptance test, 14
Access control, 306
Access Control Lists (ACLs), 577
Access routers, 226
Accounting
as AAA security service, 329
defined, 329
management, 636
Active Directory Services (ADS), 130
Adaptive Source Routing, 41
Addresses
anycast, 77
broadcast, 64–66
CIDR, 72
IPv4, 60–64
loopback, 77
MAC, 19, 31, 241, 443
mapping to Ethernet, 67–68
multicast, 77
multicast group, 66–68
NAT, 135
registered private, 73–74
unicast, 77
unspecified, 77
Addressing, 19–20
design techniques, 131–50
efficiency, 133
hierarchical, 148–50
IP, 59–82
Layer 1, 19
Layer 2, 20
Layer 3, 20
Layer 4, 20
legal, 132
meaning and consistency, 132–33
model guidelines, 132–33
private intranet, 73–74
router, 219–22
security, 133
Address mapping, 82–105
Address Resolution Protocol (ARP), 31, 83–88
cache, 83–84, 87, 170
defined, 83
Gratuitous, 91
header, 84
identification, 85
implementation, 84, 87
load sharing, 510
load-sharing proxies, 454, 510
on mixed-media LANs, 86–87
on NBMAs, 87
Proxy, 88–90
request example, 85–86
Reverse (RARP), 90–91
synchronization, 87–88
table size, 87
VRRP and, 448
Adjacencies, 198–201
on NBMA, 200–201
packet distribution, 200
states, 198–99
trace of neighbors forming, 199
See also OSPF
Admission control, 556, 596
IEEE 802.1p and, 590
IS, 599
RSVP, 625
Advanced diagnostic tools, 694–98
edit, playback, simulation, 697
high-speed, real-time capture, 698
protocol analyzers, 694–96
real-time capture, 697–98
trace format export/import, 698
See also Troubleshooting tools
Aging passwords, 330
Alarm group, 660
American National Standards Institute (ANSI), 16
Annual Loss Expectancy (ALE), 406–7
analysis, 407
defined, 406
Anycast addresses, 77
AppleTalk
broadcasts, 478
Chooser, 478
multicasts, 477–78
Application Layer
OSI reference model, 17
TCP/IP protocol suite, 27
Application models, 434–35
Application optimization, 519–35
caching techniques, 522–35
proxy services, 520–22
use of multicasts, 519
wide area tuning issues, 520
Applications, 20–24
in client/server model, 22–23
CMIP, 662–63
computing models, 21–24
in distributed model, 23–24
IPSec, 376–77
MBone, 286–87
PKI, 326
router, 224–26
TCP/IP, 34–37
types of, 20
vulnerability, 308–12
Architectural model (internetwork), 156–57
Area Border Routers (ABRs), 195, 196
Areas, 195–96
defined, 195
nonstub, 196
not so totally stubby, 195–96
partitioning advantages, 196
stub, 195
totally stubby, 195
See also OSPF
ASCII, 698
Asynchronous traffic, 594
ATM, 597–98
IEEE 802.1p with, 626
layer, 597
service categories, 597
SSCOP, 597
switches, 42
ATM-like fabrics, 232
Attacks
Christmas tree, 316
classifying, 307
Denial of Service (DOS), 307
impersonation, 307
IP spoofing, 314
land, 315
Man-In-The-Middle, 307
password/key guessing, 307
ping of death, 315
ping sweep, 315
Smurf, 315
SYN, 314–15
teardrop, 315–16
virus, 307
well-known, 313–16
WinNuke, 316
See also Security
Attack trees, 317
defined, 317
illustrated, 318
Authentication
in AAA security services model, 328–29
defined, 306
Authentication Header (AH), 362–65
defined, 362
header fields, 364–65
header format, 364–65
processing, 363
services, 362
See also IPSec
Authorization, 329
Autocratic model, 518
Autonomous System (AS), 157, 207
inter, routing, 210
intra, routing, 210
pass-through, routing, 210
Autonomous System Border Routers (ASBRs), 194, 197
Autonomous System Numbers (ASN), 81–82
administration, 81
defined, 81
possible, 81
representation, 82
requirement criteria, 82
Availability
analysis, 410–16
application models and, 434–36
component-level, 456–64
components, 412
for discrete systems, 413
for networked systems, 414–16
as percentage of uptime, 411
quantifying, 410–13, 414–16
values, 411
|
|