26 « September « 2008 « Maoels VIP blog

Chapter Eight (smt2)

September 26, 2008

ISP Security

Any active Internet connection for a computer can make that computer a target for malicious activity. Malware, or malicious software such as a computer virus, worm, or spyware, can arrive in an email or be downloaded from a website. Problems that cause large scale failures in service provider networks often originate from unsecured desktop systems at the ISP customer locations.

If the ISP is hosting any web or e-commerce sites, the ISP may have confidential files with financial data or bank account information stored on their servers. The ISP is required to maintain the customer data in a secure way.

ISPs play a big role in helping to protect the home and business users that utilize their services. The security services that they provide also protect the servers that are located at the service provider premise. Service providers are often called upon to help their customers secure their local networks and workstations to reduce the risks of compromise.

There are many actions that can be taken both at the local site and the ISP to secure operating systems, as well any data stored on operating systems, and any data transmitted between computer systems.

If an ISP is providing web hosting or email services for a customer, it is important that the ISP protect that information from malicious attack. This can be complicated because often an ISP will use a single server, or cluster of servers, to maintain data that belongs to more than one customer.

To help prevent attacks on these vulnerabilities, many ISPs provide managed desktop security services for their customers. An important part of an on-site support technician’s job is to implement security best practices on client computers. Some of the security services that an ISP support technician can provide include:

Helping clients to create secure passwords for devices

Securing applications using patch management and software upgrades

Removing unnecessary applications and services that can create vulnerabilities

Ensuring applications and services are available to the users that need them and no one else

Configuring desktop firewalls and virus checking software

Performing security scans on software and services to determine vulnerabilities that the technician must protect from attack

Best Practise For Security

If an ISP is providing web hosting services, or email services for a customer, it is important that the ISP protect that information from malicious attack. This can be complicated because often an ISP will use a single server, or cluster of servers, to maintain data that belongs to more than one customer.

Common data security features and procedures include:

Encrypting data stored on server hard drives

Using permissions to secure access to files and folders

Permit or deny access based on the user account or group membership

If access is permitted, assign various levels of access permissions based on a the user account or on group memberships

When assigning permissions to files and folders, a security best practice is to apply permissions based on the principle of least privilege. This means giving a user access to only those resources that are required for the user to be able do their job. It also means giving the appropriate level of permission, for example read only access or write access. Additional permissions that the user does not require are not required.

Authentication, authorization, and accounting (AAA) is a three-step process used by network administrators to make it difficult for attackers to gain access to a network.

Authentication

Requires users to prove their identity using a username and password. Authentication databases are typically stored on servers called RADIUS or TACACS.

Authorization

Gives a user rights to use specific resources and perform specific tasks.

Accounting

Tracks which applications are used and length of time they are used.

For example, Authentication acknowledges that a user named student exists and is able to log on. Authorization services specify that user student can access host serverXYZ using Telnet. Accounting tracks that user student accessed host serverXYZ using Telnet on a specific day for 15 minutes.

AAA can be used on various types of network connections. AAA requires a database to keep track of user credentials, permissions, and account statistics. Local authentication is the simplest form of AAA and keeps a local database on the gateway router. If an organization has more than a handful of users authenticating with AAA, the organization must use a database on a separate server.

Data Encryption

ISPs must also be concerned with securing data that is transmitted to and from their servers. By default, data sent over the network is unsecured and transmitted in clear text. Unauthorized individuals can intercept unsecured data as it is being transmitted. Capturing data in transit bypasses all file system security that is set on the data. There are methods available to protect against this security issue.

Digital encryption is the process of encrypting all transmitted data between the client and the server. Many of the protocols used to transmit data offer a secure version that uses digital encryption. As a best practice, use the secure version of a protocol whenever the data being exchanged between two computers is confidential.

For example: If a user must submit a username and password to log onto an e-commerce web site, a secure protocol is required. This protects the username and password information from being captured. Another example is any time a user must submit a credit card or bank account information.

When surfing the Internet and viewing publicly accessible web sites, securing the transmitted data is not necessary. Using a secure protocol in this situation can lead to slower response times and additional computational overheads.

There are many network protocols used by applications. Some offer secure versions and some do not.

Web Servers

Web servers use the HTTP protocol by default. This is not a secure protocol. Switching to HTTPS enables the exchange of data to be done securely.

Email Servers

Email servers use several different protocols, including SMTP, POP3 or IMAP. When a user logs on to an email server, POP3 and IMAP require a username and password for authentication. By default, this submission is sent without security and can be captured. POP3 can be secured by using Secure Socket Layer (SSL). SMTP and IMAP can use either SSL or Transport Layer Security (TLS) as a security protocol.

Telnet Servers

Using telnet to remotely log into a Cisco router or Cisco switch creates an unsecure connection. Telnet sends authentication information, as well as any commands a user types across the network in basic clear text. Use SSH to authenticate and work with the router or switch securely.

FTP Server

The FTP protocol is also an unsecure protocol. When logging in to an FTP server, authentication information is sent in clear text. FTP can use SSL to securely exchange authentication and data. Some versions of FTP can also use SSH.

File Servers

File servers can use many different protocols to exchange data, depending on the computer’s operating system. In most cases, file server protocols do not offer a secure version.

Another security protocol exists called IP security (IPSEC). IPSEC is a network layer security protocol that can be used to secure any Application Layer protocol used for communication. This includes file server protocols that do not offer any other security protocol version.

Access List And Port Filtering

In spite of AAA and the use of encryption, there are many different types of attacks that an ISP must protect against. ISPs are especially vulnerable to Denial of Service attacks, because the ISP may host sites for many different registered domain names that may or may not require authentication. Currently there are three key types of denial of service attacks.

DoS

A standard denial-of-service (DoS) attack takes place when a server or service is attacked to prevent legitimate access to that service. Some examples of standard DoS attacks are SYN flood, ping flood, LAND attack, bandwidth consumption attacks, and buffer overflow attacks.

DDoS

A distributed denial-of-service (DDoS) attack occurs when multiple computers are used to attack a specific target. In DDoS attacks, the attacker has access to many compromised computer systems, usually on the Internet. Because of this, the attacker can remotely launch the attack. DDoS attacks are usually the same kinds of attacks as standard DoS attacks, except that DDoS attacks are run from many computer systems simultaneously.

DRDoS

A distributed reflected denial-of-service (DRDoS) attack occurs when an attacker sends a spoofed, or mock, request to many computer systems on the Internet, with the source address modified to be the targeted computer system. The computer systems that receive the request will respond. When the computer systems respond to the request, all of the requests are directed at the target computer system. Due to the reflection of the attack, it is very difficult to determine the originator of the attack.

The ISP must be able to filter out network traffic, such as Denial of Service attacks, that can be harmful to the operation of the ISP network or servers. This can be done using port filtering and access lists to control traffic to servers and networking equipment.

Port Filtering

Port filtering is the ability to control the flow of traffic based on a specific TCP or UDP port. Many server operating systems provide options to restrict access using port filtering. In this way, the server can provide the needed services while still being protected. Port filtering is also used by network routers and switches to help control traffic flow and to secure access to the device.

Access Lists

Access lists are used to define traffic that is permitted or denied through the network based on the source and/or destination IP addresses. Access Lists can also permit or deny traffic on the source and/or destination port of the protocol being used. Administrators create access lists on network devices, such as routers, to control whether or not traffic is forwarded or blocked.

Access lists are only the first line of defense and are not enough to secure a network. Access lists only prevent access to a network; they do not protect the network from all types of malicious attacks.

Firewall

A firewall is network hardware or software that defines what traffic can come into and go out of sections of the network, as well as how traffic is handled.

Access-lists are one of the tools used by firewalls. Using access-lists, the type of traffic that is allowed to pass through the firewall is controlled. In addition, the direction the traffic is allowed to travel is also controlled. In a medium-sized network, the amount of traffic and networking protocols needing to be controlled is quite large and firewall access lists can become very complicated.

Firewalls use access lists to control which traffic is passed or blocked. They are constantly evolving as new capabilities are developed and new threats are discovered.

Different firewalls offer different types of features. For example, a dynamic packet filter firewall or stateful firewall keeps track of the actual communication process occurring between the source and destination devices. It does this by using a state table. Once a communication stream is approved, only traffic that belongs to one of these communication streams is permitted through the firewall. The Cisco IOS Firewall software is embedded in Cisco IOS software and allows the user to turn a router into a network layer firewall with dynamic or stateful inspection.

The more functionality of the firewall, the more time it takes for packets to be processed.

Firewalls can provide perimeter security for the entire network, as well as for internal local network segments, such as server farms.

Within an ISP network or a medium-sized business, firewalls are typically implemented in multiple layers. Traffic that comes in from an untrusted network first encounters a packet filter on the border router. Permitted traffic goes through the border router to an internal firewall to route traffic to a demilitarized zone (DMZ). A DMZ is used to store servers that users from the Internet are allowed to access. Only traffic that is permitted access to these servers is permitted into the DMZ. Firewalls also control what kind of traffic is permitted into the protected, local network itself. The traffic that is allowed into the internal network is usually traffic that is being sent due to a specific request by an internal device. For example, if an internal device requests a web page from an external server, the firewall will permit the web page to enter the internal network.

Some organizations can choose to implement internal firewalls to protect sensitive areas. Internal firewalls are used to restrict access to areas of the network that need to have additional protection. Internal firewalls separate and protect business resources on servers from users inside the organization. Internal firewalls prevent external and internal hackers, as well as unintentional internal attacks and malware.

IDS And IPS

ISPs also have a responsibility to prevent, when possible, intrusions into their networks and the networks of customers who purchase managed services. There are two tools often utilized by ISPs to accomplish this.

An intrusion detection system (IDS) is a software- or hardware-based solution that passively listens to network traffic. Network traffic does not pass through an IDS device. Instead, the IDS device monitors traffic through a network interface. When the IDS detects malicious traffic, it sends an alert to a preconfigured management station.

An intrusion prevention system (IPS) is an active physical device or software feature. Traffic travels in one interface of the IPS and out the other. The IPS examines the actual data packets that are in the network traffic and works in real time to permit or deny packets that want access into the network

IDS and IPS technologies are deployed as sensors. An IDS or an IPS sensor can be any of the following:

A router configured with Cisco IOS version IPS

An appliance (hardware) specifically designed to provide dedicated IDS or IPS services

A network module installed in an adaptive security appliance (ASA), switch, or router

IDS and IPS sensors respond differently to incidences detected on the network, but both have roles within a network.

IDS

IDS solutions are reactive when it comes to detecting intrusions. They detect intrusions based on a signature for network traffic or computer activity. They do not stop the initial traffic from passing through to the destination, but react to the detected activity.

When properly configured, the IDS can block further malicious traffic by actively reconfiguring network devices such as security appliances or routers, in response to malicious traffic detection. It is important to realize that the original malicious traffic has already passed through the network to the intended destination and cannot be blocked. Only subsequent traffic will be blocked. In this regard, IDS devices cannot prevent some intrusions from being successful.

IDS solutions are often used on the untrusted perimeter of a network, outside of the firewall. Here the IDS can analyze the type of traffic that is hitting the firewall and determine how attacks are executed. The firewall can be used to block most malicious traffic. An IDS can also be placed inside the firewall to detect firewall misconfigurations. When the IDS sensor is placed here, any alarms that go off indicate that malicious traffic has been allowed through the firewall. These alarms mean that the firewall has not been configured correctly.

IPS

Unlike IDS solutions, which are reactive, IPS solutions are proactive. They block all suspicious activity in real time. An IPS is able to examine almost the entire data packet from Layer 2 to Layer 7 of the OSI model. When the IPS detects malicious traffic, the IPS can block the malicious traffic immediately. The IPS is then configured to send an alert to a management station about the intrusion. The original and subsequent malicious traffic is blocked as the IPS proactively prevents attacks.

An IPS is an intrusion detection appliance, not software. It is most often placed inside the firewall. This is because the IPS can examine the entire data packet and can therefore be used to protect server applications. The firewall typically does not examine the entire data packet, whereas the IPS does. The firewall will drop most of the packets that are not allowed, but may still allow some malicious packets through. The IPS will have a smaller number of packets to examine, but will examine the entire packet. This allows the IPS to immediately drop new attacks that the firewall cannot stop or could not be configured to stop.

Wireless Security

Some ISPs offer services to create wireless hot spots for customers to log onto Wireless Local Area Network (WLANs). A wireless network is easy to implement, but is vulnerable when not properly configured. Since the wireless signal travels through walls, it can be accessed outside the business premises. The following ways are used to secure a wireless network:

MAC Address Filtering

MAC Address Filtering prevents unwanted computers from connecting to your network by restricting MAC addresses. It is possible however, to clone a MAC address; therefore, other security measures should be implemented along with MAC Address Filtering.

WEP

Wired Equivalent Privacy (WEP) provides data security by encrypting data that is sent between wireless nodes. WEP uses a 64, 128 or 256 bit pre-shared hexadecimal key to encrypt the data. There are many WEP cracking tools available on the Internet. WEP should only be used with older equipment that does not support newer wireless security protocols.

WPA

Wifi Protected Access (WPA) is a newer wireless encryption protocol that uses an improved encryption algorithm called Temporal Key Integrity Protocol (TKIP). TKIP generates a unique key for each client and rotates the security keys at a configurable interval. WPA provides a mechanism for mutual authentication and since both the client and the access point have the key, the key is never transmitted.

WPA2

Wifi Protected Access 2 (WPA2) is a new, improved version of WPA. WPA2 uses the more secure Advanced Encryption Standard (AES) encryption technology.

Host security

Regardless of the layers of defense that exist on the network, all servers are still susceptible to attack if they are not properly secured. ISP servers are especially vulnerable because they are generally accessible from the Internet. New vulnerabilities for servers are discovered every day so it is critical for an ISP to protect its servers from known and unknown vulnerabilities whenever possible. One way they accomplish this is through the use of host-based firewalls.

A host-based firewall is software that runs directly on a host operating system. It protects the host from malicious attacks that might have made it through all other layers of defense. Host-based firewalls control inbound and outbound network traffic. These firewalls allow filtering based on a computer’s IP address and port, therefore offering additional protection over regular port filtering.

Host-based firewalls typically come with predefined rules that block all incoming network traffic. Exceptions are added to the firewall rule set to permit the correct mixture of inbound and outbound network traffic. When enabling host-based firewalls, it is important to balance the need to allow network resources required to complete job tasks, with the need to prevent applications from being left vulnerable to malicious attacks. Many server operating systems are preconfigured with a simple host-based firewall with limited options. More advanced third party packages are available.

ISPs use host-based firewalls to restrict access to the specific services a server offers. By using a host-based firewall, the ISP protects their servers and their customers’ data, by blocking access to the extraneous ports that are available.

ISP servers that utilize host-based firewalls are protected from a variety of different types of attacks and vulnerabilities.

Known Attacks

Host-based firewalls recognize malicious activity based on updatable signatures or patterns. They detect a known attack and block traffic on the port used by the attack.

Exploitable Services

Host-based firewalls protect exploitable services running on servers by preventing access to the ports that the service is using. Some host-based firewalls can also inspect the contents of a packet to see if it contains malicious code. Web and email servers are common targets for service exploits, and can be protected if the host-based firewall is capable of performing packet inspection. This inspection confirms whether or not the packet contains malicious code.

Worms and Viruses

Worms propagate by exploiting vulnerabilities in services and other weaknesses in operating systems. Host-base firewalls prevent worms from gaining access to servers. They can also help prevent the spread of worms and viruses by controlling outbound traffic originating from a server.

Back Doors and Trojans

Back doors or Trojans allow hackers to remotely gain access to servers on a network. The software typically works by sending a message to let the hacker know of a successful infection. It then provides a service that the hacker can use to gain access to the system. Host-based firewalls can prevent a Trojan from sending a message by limiting outbound network access. It can also prevent the attacker from connecting to any services.

In addition to host-based firewalls, Anti-X software can also be installed on the host. Anti-X software is software that protects computer systems from viruses, worms, spyware, malware, phishing, and even spam. Many ISPs offer customers Anti-X software as part of their comprehensive security services. Not all Anti-X software protects against the same threats. The ISP should constantly review what threats the Anti-X software actually protects against and make recommendations based on a threat analysis of the company.

Many Anti-X software packages allow for remote management. This includes a notification system that can alert the administrator or support technician about an infection, via email or pager. Immediate notification to the proper individual can drastically reduce the impact of the infection. Using Anti-x software does not diminish the number of threats to the network but reduces the risk of being infected.

Occasionally infections and attacks will still occur and can be very destructive. It is important to have an incident management process to track all incidences and the corresponding resolutions, to help prevent that infection from re-occurring. Incident management is required by ISP’s that manage and maintain customer data, because the ISP has committed to the protection and the integrity of the data they host for their customers. For example, if the ISP network was the target of a hacker and, as a result, thousands of credit card numbers that were stored in a database that the ISP manages were stolen, the customer would need to be notified so they could notify the card holders.

Service Level Agreement

An ISP and a user typically have a contract known as a service level agreement (SLA). It clearly documents the expectations and obligations of both parties. The parts of a typical SLA include:

Service Description

Costs

Tracking and Reporting

Problem Management

Security

Termination

Penalties for Service Outages

Availability, Performance, and Reliability

The SLA is an important document that clearly outlines the management, monitoring, and maintaining of a network.

Monitoring Network Line Performance

The ISP is responsible for monitoring and checking device connectivity. This would include any equipment that belongs to the ISP, as well as equipment at the customer end that the ISP agreed to monitor in the SLA. Monitoring and configuration can be performed either out-of-band with a direct console connection, or in-band using a network connection.

Out-of-band management is useful in initial configurations, if the device is not accessible via the network, or if a visual inspection of the device is necessary.

Most ISPs are not able to visually inspect or have physical access to all devices. An in-band management tool allows for easier administration because the technician does not require a physical connection. For this reason, in-band management is preferred over out-of-band management for managing servers that are accessible on the network. Additionally, conventional in-band tools can provide more management functionality than may be possible with out-of-band management, such as an overall view of the network design. Traditional in-band management protocols include Telnet, SSH, HTTP, and simple network management protocol (SNMP).

There are many embedded tools, commercial tools, and shareware tools available that utilize these management protocols. For example, HTTP access is through a web browser. Some applications, such as Cisco SDM, use this access for in-band management.

Selecting In-Band And Out-Of-Band Tools

SNMP is a network management protocol that enables network administrators to gather data about the network and corresponding devices. SNMP management system software is available in tools such as CiscoWorks. There are free versions of CiscoWorks available for download on the Internet. SNMP management agent software is often embedded in operating systems on servers, routers, and switches.

SNMP is made up of four main components:

Management station – computer, with the SNMP management application loaded, is used by the administrator to monitor and configure the network.

Management agent – software installed on a device managed by SNMP

Management information base (MIB) – a database that a device keeps about itself concerning network performance parameters

Network management protocol – the communication protocol used between the management station and the management agent.

The management station would contain the SNMP management applications that the administrator uses to configure devices on the network. It would also store data about those devices. The management station collects information by polling the devices. A poll occurs when the management station requests specific information from an agent.

The agent’s task is to report to the management station by responding to the polls. When the management station polls an agent, the agent will call on statistics that have accumulated in the MIB.

Agents can also be configured with traps. A trap is an alarm-triggering event on an agent. Certain areas of the agent are configured with thresholds, or maximums, that must be maintained, such as the amount of traffic that can access a specific port. If the threshold is exceeded, the agent sends an alert message to the management station. This frees the management station from continuously polling network devices.

Management stations and managed devices are identified by a community ID, called a community string, that permits access to the devices.

Storing device logs and reviewing them periodically is an important part of network monitoring. Syslog is the standard for logging system events. Like SNMP, Syslog is an Application Layer protocol that enables devices to send information to a Syslog Daemon that is installed and running on a management station.

A Syslog system is composed of Syslog servers and Syslog clients. These servers accept and process log messages from Syslog clients. Clients are the devices that are monitored. A Syslog client generates and forwards log messages to Syslog servers.

Log messages normally consist of a log message ID, type of message, a time stamp (Date, Time), which device has sent the message, and the message text. Depending on which network equipment is sending the Syslog messages, a Syslog message can contain more items than those listed.

Backup Media

Network management and monitoring helps ISPs and businesses identify and correct network issues. This software can also help to correct the causes of network failures. This includes failures caused by malware and malicious activity, network functionality and other issues such as failed devices.

Regardless of the cause of failure, an ISP that hosts web sites or email for customers must protect the web and email content from being lost. Losing the data stored on a web site could mean hundreds, or even thousands, of man hours recreating the content, not to mention the lost business that will result from the downtime while the content is being recreated.

Losing email messages that were stored on the ISP’s email server could potentially be crippling for a business that relies on the data within the emails. Some businesses are legally required to maintain records of all email correspondence, so losing that email data would not be acceptable.

Data backup is essential. An IT professional’s job is to try to reduce the risks of data loss and provide mechanisms for quick recovery of any data that is lost.

When an ISP needs to backup its data, the cost of a backup solution and its effectiveness must be balanced. The choice of backup media can be complex since there are many factors that affect the choice.

Some of the factors include:

Amount of data

Cost of media

Performance of media

Reliability of media

Ease of offsite storage

There are many types of backup media available, including the use of tape media, optical media, hard disk media, and solid state media.

Tape Media Backup

Tape remains one of the most common types of backup media available. Tapes have large capacities and remain the most cost-effective media on the market. For data volumes in excess of a single tape, tape autoloaders and libraries can swap tapes during the backup procedure, allowing the data to be stored on as many tapes as required. These devices can be expensive and are not typically found in small to medium-sized businesses. However, depending on the volume of data, there may be no alternative other than an autoloader or library.

Tape media is prone to failure, and tape drives require regular cleaning to maintain functionality. Tapes also have a high failure rate as they wear through use. Tapes should only be used for a fixed amount of time before removing them from circulation. Some of the different types of tapes are

Digital data storage (DDS)

Digital audio tape (DAT)

Digital linear tape (DLT)

Linear tape-open (LTO)

These all have different capacities and performance characteristics.

Optical

Optical media is a common choice for smaller amounts of data. CDs have a storage capacity of 700MB, DVDs can support up to 8.5GB on a single-sided dual layer disk, and HD-DVD and Blu-Ray disks can have capacities in excess of 25GB per disk. ISPs may use optical media for transferring web content data to their customers. Customers may also use this media to transfer web site content to the ISP web hosting site. Optical media can easily be accessed by any computer system with a CD or DVD drive built in.

Hard Disk

Hard disk-based backup systems are becoming more and more popular due to the low cost of high capacity drives. However, hard disk-based backup systems make offsite storage difficult. Large disk arrays such as Direct Attached Storage (DAS), Network Attached Storage (NAS), and Storage Area Networks (SANs) are not transportable.

Many implementations of hard disk-based backup systems work in conjunction with tape backup systems for offsite storage. Using both hard disks and tapes in a tiered backup solution can give you a quick restore time with the data available locally on the hard disks, as well as a long term archival solution.

Solid State

Solid state storage refers to all non-volatile storage media that does not have any moving parts. Examples of solid state media range from small postage-stamp sized drives holding 1GB of data, to router-sized packages capable of storing 1000GB (1TB) of data.

Solid state storage is ideal for storage of data when fast storage and retrieval is important. Applications for solid state data storage systems include database acceleration, high definition video access and editing, data retrieval, and SANS. High capacity solid state storage devices can still be extremely expensive, but as the technology matures, the prices will come down.

Methode Of File Backup

Once a backup solution is chosen, a decision must be made on how to perform the backups. There are three methods choose from.

Normal (full)

A normal (or full) backup copies all selected files and marks each file as having been backed up. With normal backups, only the most recent backup is required to restore all files, speeding up and simplifying the restore process. However, since all data is being backed up, a full backup takes the most amount of time.

Differential

A differential backup copies only the files that have been changed since the last full backup. With differential backups, a normal full backup on the first day of the backup cycle is necessary. Only the files that are created or changed since the time of the last full backup are saved. The differential backup process continues until another full backup is run. This reduces the amount of time required to perform the backup. When it is time to restore data, the last normal backup is restored and the latest differential backup restores all changed files since the last full backup.

Incremental

An incremental backup differs from a differential backup on one important point. Whereas a differential backup saves files that were changed since the last full backup, an incremental backup only saves files that were created or changed since the last incremental backup. This means that if an incremental backup is run every day, the backup media would only contain files created or changed on that day. Incremental backups are the quickest backup. However, they take the longest time to restore because the last normal backup and every incremental backup since the last full backup must be restored.

Backup systems require regular maintenance to keep them running properly. Some steps to ensure the successful completion of backup include:

Swap Media

Many backup scenarios require daily swapping of media to maintain a history of backed up data. Data loss could occur if the tape or disk is not swapped daily. Since swapping the tapes is a manual task, it is prone to failure. Users need to use a notification method, such as calendar or task scheduling.

Review Backup Logs

Virtually all backup software produces backup logs. Regularly review backup logs. These logs report on the success of the backup, specifying where the backup failed. Regular monitoring of backup logs allows for quick identification of any backup issues that require attention.

Perform Trial Restores

Monitoring backup logs regularly does not mean that the procedure was successful. To verify that backup data is usable and that the restore procedure works, periodically perform a trial restore of data. This ensures the backup procedures work.

Perform Drive Maintenance

Many backup systems require special hardware to perform the backups. Tape backup systems use a tape backup drive to read and write to the tapes. Tape drives can become dirty from use and can lead to mechanical failure. Perform routine cleaning of the tape drive using designated cleaning tapes. Hard drive-based backup systems can benefit from an occasional defragmentation to improve the overall performance of the system.

Best ractice For Disaster Recovery

Data backup is an important part of any disaster recovery plan. A disaster recovery plan is a comprehensive document that describes how to restore operation quickly and keep a business running during or after a disaster occurs. The objective of the disaster recovery plan is to ensure the business can smoothly adapt to the physical and social changes a disaster causes. The disaster can include anything from natural disasters that affect the network structure to malicious attacks on the network itself.

The disaster recovery plan can include information such as offsite locations where services can be moved, information on switching out network devices and servers, as well as backup connectivity options. It is important when building a disaster recovery plan to fully understand the services that are critical to maintaining operation. Services that might need to be available during a disaster include:

Database

Application servers

System management servers

Web

Data stores

Chapter Seven (smt2)

September 26, 2008

ISP Services

Once the connection is made to the ISP, the business or customer must decide which services they would need from the ISP.

ISPs serve several markets. Individuals in homes make up the consumer market. Large, multi-national companies make up the Enterprise market. In between are smaller markets, such as small to medium-sized businesses, or larger non-profit organizations. Each of these customers have different service requirements.

Escalating customer expectations and increasingly competitive markets are forcing service providers to offer new services. These services enable the ISPs to increase revenue and to differentiate themselves from their competitors.

Email, web hosting, media streaming, IP telephony, and file transfer are key services that ISPs can provide to all customers. These services are important for the ISP consumer market and for the small to medium-sized business that does not have the expertise to maintain their own services.

Many organizations, both large and small, find it expensive to keep up with new technologies, or they simply prefer to devote resources to other parts of the business. ISPs offer managed services that enable these organizations to have access to the leading network technologies and applications without having to make large investments in equipment and support.

When a company subscribes to a managed service, the service provider manages the network equipment and applications according to the terms of a service level agreement (SLA). Some managed services are also hosted, meaning that the service provider hosts the applications in its facility instead of at the customer site.

The following are three scenarios that describe different ISP customer relationships:

Scenario 1: The customer owns and manages all of their own network equipment and services. These customers only need reliable Internet connectivity from the ISP.

Scenario 2: The ISP provides Internet connectivity to the customer, but in this scenario, the ISP also owns and manages the network equipment installed at the customer site. Service provider responsibilities include setting up, maintaining, and administering the equipment for the customer. The customer is responsible for monitoring the status of the network and the applications, and receives regular reports on the performance of the network.

Scenario 3: The customer owns the network equipment, but the applications that the business relies on are hosted by the ISP. In this scenario, the actual servers that run the applications are located at the ISP facility. These servers may be owned by the customer or the ISP, although the ISP maintains both the servers and the applications. Servers are normally kept in server farms in the ISP network operations center (NOC), and will be connected to the ISPs network with a high-speed switch.

Reliability And Availability

Creating new services can be challenging. Not only must ISPs have a strong understanding of what their end customers want, but they must have the ability and the resources to provide them. As business and Internet applications become more complex, an increasing number of ISP customers rely on the services provided or managed by the ISP.

ISPs provide services to customers for a fee and guarantee a level of service in the SLA. To meet this expectation, ISPs service offerings have to be reliable and available.

Reliability

Reliability can be thought of in terms of two measures: mean time between failure (MTBF) and mean time to repair (MTTR). Equipment manufacturers specify MTBF from tests they perform as part of manufacturing. The measure of equipment robustness is fault tolerance, the longer the MTBF, the greater the fault tolerance. The time to repair is established by warranty or service agreements.

When there is an equipment failure, and the network or service becomes unavailable, it impacts the ability of the ISP to meet the terms of the SLA. To prevent this, an ISP may purchase expensive service agreements for critical hardware to ensure rapid manufacturer or vendor response. An ISP may also choose to purchase redundant hardware and keep spare parts onsite.

Availability

Availability is normally measured in the percentage of time that a resource is accessible. A perfect availability percentage would be 100%, meaning that the system is never down or unreachable. Traditionally, telephone services are expected to be available 99.999% of the time. This is called the five-9’s standard of availability. With this standard, only a very small percentage, .001%, of downtime is acceptable. As ISPs offer more critical business services, such as IP telephony, or high volume retail sale transactions, ISP services must meet the higher expectations of their customers. ISPs ensure accessibility by doubling up on network devices and servers using technologies designed for high availability. In redundant configurations, if one device fails, the other one can take over the functions automatically.

Review Of TCP/IP Protocols

Today, ISP customers are using mobile phones as televisions, PCs as telephones, and televisions as interactive gaming stations with a host of different entertainment options. As network services become more advanced, ISPs must accommodate these customer preferences. The development of converged IP networks enables all of these services to be delivered over a common network.

To provide support for the multiple end-user applications that rely on TCP/IP for delivery, it is important for the ISP support personnel to be familiar with the operation of the TCP/IP protocols.

ISP servers need to be able to support multiple applications for many different customers. In order to do this, they must use functions provided by the two TCP/IP transport protocols, TCP and UDP. Common hosted applications, like web serving and email accounts, also depend on underlying TCP/IP protocols to ensure their reliable delivery. In addition, all of the IP services rely on domain name servers, hosted by the ISPs, to provide the link between the IP addressing structure and the URLs that customers used to access them.

Clients and servers use specific IP protocols and standards in the process of exchanging information. The TCP/IP protocols can be represented using a four-layer model. Many of the key services provided to ISP customers depend on protocols that reside at the Application and Transport Layers of the TCP/IP model.

Application Protocols

Application Layer protocols specify the format and control information necessary for many of the common Internet communication functions. Among these TCP/IP protocols are:

Domain Name Service Protocol (DNS) is used to resolve Internet names to IP addresses.

Hypertext Transfer Protocol (HTTP) is used to transfer files that make up the Web pages of the World Wide Web.

Simple Mail Transfer Protocol (SMTP) is used for the transfer of mail messages and attachments.

Telnet, a terminal emulation protocol, is used to provide remote access to servers and networking devices.

File Transfer Protocol (FTP) is used for interactive file transfer between systems.

Transport Layer Protocols

Different types of data can have unique requirements. For some applications, communication segments must arrive in a very specific sequence in order to be processed successfully. In other cases, all of the data must be received for any of it to be of use. Sometimes, an application can tolerate the loss of a small amount of data during transmission over the network.

In today’s converged networks, applications with very different transport needs may be communicating on the same network. Different Transport Layer protocols have different rules to enable devices to handle these diverse data requirements.

Additionally, the lower layers are not aware that there are multiple applications sending data on the network. Their responsibility is to get the data to the device. It is the job of the Transport Layer to deliver the data to the appropriate application.

The two primary Transport Layer protocols are TCP and UDP.

The TCP/IP model and the OSI model have many similarities and differences.

Similarities

Use of layers to visualize the interaction of protocols and services

Comparable Transport and Network Layers

Used in the networking field when referring to protocol interaction

Differences

OSI model breaks the function of the TCP/IP Application Layer into separate distinct layers. The upper three layers of the OSI model specify the same functionality as the Application Layer of the TCP/IP model.

The TCP/IP protocol suite does not specify protocols for the physical network interconnection. The two lower layers of the OSI model are concerned with access to the physical network and the delivery of bits between hosts on a local network.

TCP/IP model is based on actual protocols and standards developed, whereas the OSI model is a theoretical guide for how protocols interact.

TCP

Different applications have different transport needs. There are two TCP/IP protocols at the transport layer, TCP and UDP.

TCP

TCP is a reliable, guaranteed-delivery protocol. TCP specifies the methods hosts use to acknowledge the receipt of packets, and requires the source host to resend packets that are not acknowledged. TCP protocols also govern the exchange of messages between the source and destination hosts to create a communication session. TCP is often compared to a pipeline, or a persistent connection, between hosts. Because of this, TCP is referred to as a connection-oriented protocol.

TCP requires overhead to keep track of the individual conversations between source and destination hosts and to process acknowledgements and retransmissions. In some cases, the delays caused by this overhead cannot be tolerated by the application. These applications are better suited to UDP.

UDP

UDP is a very simple, connectionless protocol. It has the advantage of providing for low overhead data delivery. Because UDP is a “best effort” Transport Layer protocol, UDP datagrams may arrive at the destination out of order, or may even be lost all together. UDP does not provide guaranteed data delivery or flow control. Applications that use UDP can tolerate small amounts of missing data. An example of a UDP application is Internet radio. If a piece of data is not delivered, there may only be a minor effect on the quality of the broadcast.

Applications, such as databases, web pages, and email, need to have all data arrive at the destination in its original condition, in order for the data to be useful. Any missing data can cause the messages to be corrupt or unreadable. These applications are designed to use a Transport Layer protocol that implements reliability. The additional network overhead required to provide this reliability is considered a reasonable cost for successful communication.

The Transport Layer protocol is determined based on the type of application data being sent. For example, an email message requires acknowledged delivery and therefore would use TCP. An email client, using SMTP, sends an email message as a stream of bytes to the Transport Layer. At the Transport Layer, the TCP functionality divides the stream into segments.

Within each segment TCP identifies each byte, or octet, with a sequence number. These segments are passed to the Internetwork Protocol Layer, which places each segment in a packet for transmission. This process is known as encapsulation. At the destination, the process is reversed and the packets are de-encapsulated. The enclosed segments are sent through the TCP process, which converts the segments back to a stream of bytes to be passed to the email server application.

Before a TCP session can be used, the source and destination hosts exchange messages to set up the connection over which data segments can be sent. To do this, the two hosts use a three step process.

In the first step, the source host sends a type of message called a SYN, to begin the TCP session establishment process. The message serves two purposes:

Indicates the intention of the source host to establish a connection with the destination host over which to send the data.

Synchronizes the TCP sequence numbers between the two hosts, so each host can keep track of the segments sent and received during the conversation.

For the second step, the destination host replies to a SYN message with a synchronization acknowledgement, or SYN-ACK message.

In the last step, the sending host receives the SYN-ACK, and it sends an ACK message back to complete the connection setup. Data segments can now be reliably sent.

This SYN, SYN-ACK, ACK activity between the TCP processes on the two hosts is called a three-way handshake.

When a host sends message segments to a destination host using TCP, the TCP process on the source host starts a timer. The timer allows sufficient time for the message to reach the destination host and for an acknowledgement to be returned. If the source host does not receive an acknowledgement from the destination within the allotted time, the timer expires and the source assumes the message is lost. The portion of the message that was not acknowledged is then re-sent.

In addition to acknowledgement and retransmission, TCP also specifies how messages are reassembled at the destination host. Each TCP segment contains a sequence number. At the destination host, the TCP process stores received segments in a TCP buffer. By evaluating the segment sequence numbers, the TCP process can confirm there are no gaps in the received data. When data is received out of order it can also reorder the segments as necessary.

Differences Between TCP And UDP

UDP is a very simple protocol. Because it is not connection-oriented and does not provide the sophisticated retransmission, sequencing, and flow control mechanisms of TCP, UDP has a much lower overhead.

UDP is often referred to as an unreliable delivery protocol; because there is no guarantee that a message has been received by the destination host. This does not mean that applications that use UDP are unreliable. It simply means that these functions are not provided by the Transport Layer protocol and must be implemented elsewhere if required.

Although the total amount of UDP traffic found on a typical network is often relatively low, key Application Layer protocols that use UDP include:

Domain Name System (DNS)

Simple Network Management Protocol (SNMP)

Dynamic Host Configuration Protocol (DHCP)

Routing Information Protocol (RIP)

Trivial File Transfer Protocol (TFTP)

Online games

Supporting Multiple Service

The task of managing multiple simultaneous communication processes is done by the Transport Layer. The TCP and UDP services keep track of the various applications that are communicating over the network. To differentiate the segments and datagrams for each application, both TCP and UDP have header fields that can uniquely identify these applications for data communications purposes.

In the header of each segment or datagram, there is a source and destination port. Port numbers are assigned in various ways, depending on whether the message is a request or a response. When a client application sends a request to a server application, the destination port contained in the header is the port number that is assigned to the application running on the server. For example, when a web browser application makes a request to a web server, the browser uses TCP and port number 80. This is because TCP port 80 is the default port assigned to web-serving applications. Many common applications have default port assignments. Email servers, using SMTP, are usually assigned to TCP port 25.

As segments are received for a specific port, TCP or UDP places the incoming segments in the appropriate queue. For instance, if the application request is for HTTP, the TCP process running on a web server places incoming segments in the web server queue. These segments are then passed up to the HTTP application as quickly as HTTP can accept them.

Segments with port 25 specified will be placed in a separate queue that is directed toward email services. In this manner, Transport Layer protocols enable servers at the ISP to host many different applications and services simultaneously.

In any Internet transaction, there is a source host and a destination host, normally a client and a server. The TCP processes on the sending and receiving hosts are slightly different. Clients are active and request connections, while servers are passive, and listen for and accept connections.

Server processes are usually statically assigned well-known port numbers from 0 to 1023. Well-known port numbers enable a client application to assign the correct destination port when generating a request for services.

Clients also require port numbers to identify the requesting client application. Source ports are dynamically assigned from the port range 1024 to 65535. This port assignment acts like a return address for the requesting application. The Transport Layer keeps track of the source port and the application that initiated the request, so that when a response is returned, it can be forwarded to the correct application.

The combination of the Transport Layer port number and the host’s Network Layer IP address uniquely identifies a particular application process running on an individual host device. This combination is called a socket. A socket pair, consisting of the source and destination IP addresses and port numbers, is also unique and identifies the specific conversation between the two hosts.

A client socket might look like this, with 7151 representing the source port number:

192.168.1.1:7151

The socket on a web server socket might be:

10.10.10.101:80.

Together these two sockets combine to form a socket pair:

192.168.1.1:7151, 10.10.10.101:80.

With the creation of sockets, communication endpoints are known so that data can move from an application on one host to an application on another. Sockets enable multiple processes running on a client to distinguish themselves from each other, and also multiple connections to a server process to be distinguished from each other.

TCP/IP Host Name

Communication between source and destination hosts over the Internet requires a valid IP address for each host. However, numeric IP addresses, especially the hundreds of thousands of addresses assigned to servers available over the Internet, are difficult for humans to remember. Human-readable domain names, like cisco.com, are easier for people to use. Network naming systems are designed to translate human-readable names into the machine-readable IP addresses that can be used to communicate over the network.

Humans use network naming systems every day when surfing the web or sending email messages, and may not even realize it. Naming systems work as a hidden but integral part of network communication. For example, to browse to the Cisco Systems, Inc. website, open a browser and enter http://www.cisco.com in the address field. The www.cisco.com is a network name that is associated with a specific IP address. Typing the server IP address into the browser brings up the same web page.

Network naming systems are a human convenience to help users reach the resource they need without having to remember the complex IP address.

In the early days of the Internet, host names and IP addresses of computers on the network were managed through the use of a single HOSTS file located on a centrally administered server.

The central HOSTS file contained the mapping of host name and IP address for every device connected to the early Internet. Each site could download the HOSTS file and use it to resolve host names on the network. When a hostname was entered, the sending host would check the downloaded HOSTS file to obtain the IP address of the destination device.

At first, the HOSTS file was acceptable for the limited number of computer systems participating in the Internet. As the network grew, so did the number of hosts needing name-to-IP translations. It became impossible to keep the HOSTS files up-to-date. As a result, a new method to resolve host names to IP addresses was developed. The Domain Name System (DNS) was created for domain name to address resolution. DNS uses a distributed set of servers to resolve the names associated with these numbered addresses. The single, centrally administered HOSTS file is no longer needed.

However, the HOSTS file is still used by virtually all computer systems. A local HOSTS file is created when TCP/IP is loaded on a host device. As part of the name resolution process on a computer system, the HOSTS file is scanned even before the more robust DNS service is queried. A local HOSTS file can be used for troubleshooting or to override records found in a DNS server.

DNS

Domain Name Service (DNS) is a hostname resolution system that solves the shortcomings of the HOSTS file. The structure of DNS is hierarchical, with a distributed database of hostname to IP mappings spread across many DNS servers all over the world. This is unlike the HOSTS files, which required all mappings to be maintained on one server.

DNS uses domain names to form the hierarchy. The naming structure is broken down into small, manageable zones. Each DNS server maintains a specific zone database file and is only responsible for managing name-to-IP mappings for that small portion of the entire DNS structure. When a DNS server receives a requests for a name translation that is not within that DNS zone, the DNS server can forwarded the request to another DNS server within the proper zone for translation.

The ability for resolution of the hosts names to be spread across multiple servers makes the DNS system very scalable.

The domain naming system is made up of three components:

Resource Records and Domain Namespace

A resource record is a data record in the DNS zone database file. It is used to identify a type of host, a host’s IP address, or a parameter of the DNS database. The domain namespace refers to the hierarchical naming structure for organizing resource records. The domain namespace is made up of various domains, or groups, and the resource records within each group.

Domain Name Servers

These servers maintain the databases that store resource records and information about the domain namespace structure. DNS servers attempt to resolve client queries using the domain namespace and resource records it maintains in its zone database files. If the name server does not have the requested information in its DNS zone database, the name server uses additional predefined name servers to help resolve the name-to-IP query.

Resolvers

Resolvers are applications or operating system functions that run on DNS clients and DNS servers. When a domain name is used, the Resolver queries the DNS server to translate that name to an IP address. A resolver is loaded on a DNS client, and is used to create the DNS name query that is sent to a DNS server. Resolvers are also loaded on DNS servers. If the DNS server does not have the name-to-IP mapping requested, it will use the resolver to forward the request to another DNS servers.

The Domain Name System uses a hierarchical system to provide name resolution. The hierarchy looks like an inverted tree with the root at the top and branches below.

At the top of the hierarchy, the root servers maintain records about how to reach the top-level domain servers, which in turn have records that point to the secondary level domain servers.

The different top-level domains represent either the type of organization or the country or origin. Examples of top-level domains are:

.au – Australia

.co – Colombia

.com – a business or industry

.jp – Japan

.org – a non-profit organization

After top-level domains are second-level domain names, and below them are other lower-level domains.

The root DNS server may not know exactly where the host H1.cisco.com is located, but it does have a record for the .com top level domain. Likewise, the servers within the .com domain may not have a record for H1.cisco.com either, but they do have a record for the cisco.com domain. The DNS servers within the cisco.com domain do have the record for H1.cisco.com and can resolve the address.

The Domain Name System relies on this hierarchy of decentralized servers to store and maintain these resource records. The resource records contain domain names that the server can resolve, and alternative servers that can also process requests.

The name H1.cisco.com is referred to as a fully qualified domain name (FQDN) or DNS name, because it defines the exact location of the computer within the hierarchical DNS namespace.

DNS Name Resolution

When a host needs to resolve a DNS name, it uses the resolver to contact a DNS server within its domain. The resolver knows the IP address of the DNS server to contact because it is preconfigured as part of the host’s IP configuration.

When the DNS server receives the request from the client resolver, it first checks the local DNS records it has cached in its memory. If it is unable to resolve the IP address locally, the server uses its resolver to forward the request to another preconfigured DNS server. This process continues until the IP address is resolved. The name resolution information is sent back to the original DNS server, which uses the information to respond to the initial query.

During the process of resolving a DNS name, each DNS server caches, or stores, the information it receives as replies to the queries. The cached information enables the DNS server to reply more quickly to subsequent resolver requests because the server first checks the cache records, before querying other DNS servers.

DNS servers only cache information for a limited amount of time. DNS servers should not cache information for too long since hostname records do periodically change. If a DNS server had old information cached, it may give out the wrong IP address for a computer.

In the early implementations of DNS, resource records for hosts were all added and updated manually. However, as networks grew and the number of host records needing to be managed increased, it became very inefficient to maintain the resource records manually. ‘Furthermore, when DHCP is used, the resource records within the DNS zone have to be updated even more frequently. To make updating the DNS zone information easier, the DNS protocol was changed to allow computer systems to update their own record in the DNS zone through dynamic updates.

Dynamic Updates enable DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur. In order to use dynamic update, the DNS server and the DNS clients, or DHCP server, must support the dynamic update feature. Dynamic updates on the DNS served are not enabled by default, and must be explicitly enabled. Most current operating systems support the use of dynamic updates.

DNS servers maintain the zone database for a given portion of the overall DNS hierarchy. Resource records are stored within that DNS zone.

DNS zones can be either Forward lookup, or Reverse lookup zones. They can also be either a primary or a secondary forward or reverse lookup zone. Each zone type has a specific role within the overall DNS infrastructure.

Forward Lookup Zones

A forward lookup zone is a standard DNS zone that resolves fully qualified domain names to IP addresses. This is the zone type that is most commonly found when surfing the Internet. When typing a web site address, such as www.cisco.com, a recursive query is sent to the local DNS server to resolve that name to an IP address so as to connect to the remote web server.

Reverse Lookup Zones

A reverse lookup zone is a special zone type that allows you to resolve an IP address to a fully qualified domain name. Some applications use reverse lookups to identify computer systems who are actively communicating with them. There is an entire reverse lookup DNS hierarchy on the Internet that will enable any publicly registered IP address to be resolved. Many private networks choose to implement their own local reverse lookup zones to help identify computer systems within their network. Reverse lookups on IP addresses can be found using the ping -a <ip address> command.

Provisioning DNS Server

There are several ways to implement DNS solutions.

Using ISP DNS servers

ISPs typically maintain caching-only DNS servers. These servers are configured to forward all name resolution requests to the root servers on the Internet. Results are cached and used to reply to any future requests. Since ISPs typically have many customers, the number of cached DNS lookups is high. The large cache reduces network bandwidth by reducing the frequency that DNS queries that are forwarded to the root servers. Caching-only servers do not maintain any authoritative zone information, meaning that they do not store any name-to-IP mappings directly within their database.

Using Local DNS servers

A business may run its own DNS server. The client computers on that network will be configured to point to the local DNS server rather than the ISP DNS server. The local DNS server may maintain some authoritative entries for that zone, so will have name-to-IP mappings of any host within the zone. Requests that the DNS server receives that it cannot resolve will be forwarded. The cache required on a local server is relatively small, compared to the ISP DNS server, due to the smaller number of requests hitting the local DNS server.

It is possible to configure local DNS servers to forward requests directly to the root DNS server. However, some administrators configure local DNS servers to forward all DNS requests to an upstream DNS server, such as the ISP’s DNS server. That way the local DNS server benefits from the large number of cached DNS entries of the ISP, rather than having to go through the entire lookup process starting from the root server.

Losing access to DNS servers affects the visibility of public resources. If a user types in a domain name that cannot be resolved, they cannot access the resource. For this reason, when an organization registers a domain name on the Internet, a minimum of two DNS servers must be provided with the registration. These servers are the ones that will hold the DNS zone database. Redundant DNS servers ensure that if one fails, the other will still be available for name resolution. This practice provides fault tolerance. While two are required, if hardware resources permit, even more DNS servers within a zone can provide additional protection and organization.

It is also a good idea to make sure that multiple DNS servers that host the zone information are located on different physical networks. For example, the primary DNS zone information can be stored on a DNS server on the local business premises. Usually a customer’s ISP hosts an additional secondary DNS server to ensure fault tolerance.

DNS is a critical network service. As such, DNS servers must be protected through the use of firewalls and other security measures. If DNS fails, other web services are not accessible.

Services

In addition to providing private and business customers with connectivity and DNS services, ISPs provide many business-oriented services to customers. These services are enabled by software installed on servers. Among the different services provided by ISPs are:

email hosting

web site hosting

e-commerce sites

file storage and transfer

message boards and blogs

streaming video and audio services

TCP/IP Application Layer protocols enable many of these ISP services and applications. The most common TCP/IP Application Layer protocols are HTTP, FTP, SMTP, POP3, and IMAP4.

Some customers have greater concern about security, so these Application Layer protocols also include secure versions such as FTPS and HTTPS.

Supporting Http And Https

The Hypertext Transfer Protocol (HTTP), one of the protocols in the TCP/IP suite, was originally developed to enable the retrieval of HTML formatted web pages. It is now used for distributed, collaborative information sharing. The HTTP protocol has evolved through multiple versions. The version currently used by most ISPs to provide web-hosting services is HTTP version 1.1. Unlike earlier versions, this version enables a single web server to host multiple web sites. It also permits persistent connections, so that multiple request and response messages can use the same connection, reducing the time it takes to initiate new TCP sessions.

HTTP specifies a request/response protocol. When a client, typically a web browser, sends a request message to a server, the HTTP protocol defines the message types the client uses to request the web page. The HTTP protocol also defines the message types the server uses to respond.

Although it is remarkably flexible, HTTP is not a secure protocol. The request messages send information to the server in plain text that can be intercepted and read. Similarly, the server responses, typically HTML pages, are also sent unencrypted.

For secure communication across the Internet, the Secure HTTP (HTTPS) protocol is used for accessing or posting web server information. HTTPS can use authentication and encryption to secure data as it travels between the client and server. HTTPS specifies additional rules for passing data between the Application Layer and the Transport Layer.

When contacting an HTTP server to download a web page, a uniform resource locator (URL) is used to locate the server and a specific resource. The URL identifies:

Protocol being used

Domain name of the server needing to be accessed

Location of the resource on the server, such as http://example.com/example1/index.htm

Many web server applications are available that allow for short URLs. Short URLs are popular because they are easier to write down, remember, or share. With a short URL, a default resource page is assumed when a specific URL is typed. When a user types in a shortened URL, like http://example.com, the default page that is sent to the user is actually the http://example.com/example1/index.htm web page.

HTTP supports proxy services. A proxy server allows clients to make indirect network connections to other network services. A proxy is a device in the communications stream that acts as a server to the client and as a client to a server.

The client connects to the proxy server and requests from the proxy a resource on a different server. The proxy connects to the specified server and retrieves the requested resource. It then forwards the resource back to the client.

The proxy server can cache the resulting page or resource for a configurable amount of time. This enables future clients to access the web page quickly, without having to access the actual server where the page is stored. Proxies are used for three reasons:

Speed – caching allows resources requested by one user to be available to subsequent users without having to access the actual server where the page is stored.

Security – proxy servers can be used to intercept computer viruses and other malicious content and prevent them from being forwarded onto clients.

Filtering – proxy servers can view incoming HTTP messages and filter unsuitable and offensive web content.

HTTP sends clear text messages back and forth between a client and a server. These text messages can be easily intercepted and read by unauthorized users. To safeguard data, especially confidential information, some ISPs provide secure web services. To support secure web services ISPs use HTTPS (HTTP over secure sockets layer (SSL)). HTTPS uses the same client request-server response process as HTTP, but the data stream is encrypted with SSL before being transported across the network.

When the HTTP data stream arrives at the server, the TCP layer passes it up to SSL in the server’s Application Layer, where it is decrypted.

The maximum number of simultaneous connections that a server can support for HTTPS is less than that for HTTP. HTTPS creates additional load and processing time on the server due to the encryption and decryption of traffic. To keep server performance up, HTTPS should only be used when necessary, such as when exchanging confidential information.

Supporting FTP

FTP is a connection-oriented protocol that uses TCP to communicate between a client FTP process and an FTP process on a server. FTP implementations include the functions of a protocol interpreter (PI) and a data transfer process (DTP). PI and DTP define two separate processes that work together to transfer files. As a result, FTP requires two connections to exist between the client and server, one to send control information and commands, and a second one for the actual file data transfer.

Protocol Interpreter (PI)

The PI function is the main control connection between the FTP client and the FTP server. It establishes the TCP connection and passes control information to the server. Control information includes things such as commands to navigate through a file hierarchy, as well as renaming or moving files. The control connection, or control stream, stays open until closed by the user. When a user wants to connect to an FTP server:

1. The user-PI sends a connection request to the server-PI on well-known port 21.

2. The server-PI replies and the connection is established.

3. With the TCP control connection open, the server-PI process begins the login sequence.

4. The user enters credentials through the user interface and completes authentication.

5. Now the data transfer process can begin.

Data Transfer Process (DTP)

DTP is a separate data transfer function. This function is enabled only when the user wants to actually transfer files to or from the FTP server. Unlike the PI connection, which remains open, the DTP connection closes automatically when the file transfer is complete.

The two types of data transfer connections supported by FTP are active data connections and passive data connections.

Active Data Connections

In an active data connection, a client initiates a request to the server and opens a port for the expected data. The server then connects to the client on that port and the data transfer begins.

Passive Data Connections

In this instance, the FTP Server opens a random source port (greater than 1023). The server forwards its IP address and this random port to the FTP client over the control stream. The server then waits for a connection from the FTP client in order to begin the data file transfer.

ISPs typically support passive data connections to their FTP servers. Firewalls often do not permit active FTP connections to hosts located on the inside network.

Supproting SMTP, POP3, And IMAP

One of the primary services offered by an ISP is email hosting. Email is a store and forward method of sending, storing, and retrieving electronic messages across a network. Email messages are stored in databases on mail servers. ISPs often maintain mail servers that support many different customer accounts.

Email clients communicate with mail servers in order to send and receive email. Mail servers communicate with other mail servers to transport messages from one domain to another. In other words, an email client does not communicate directly with another email client when sending email. Both clients must rely upon the mail server for transport of the messages. This is true even when both users are in the same domain.

Email clients send messages to the email server configured in the application settings. When the server receives the message, it checks to see if the recipient domain is located on its local database. If it is not, it sends a DNS request to determine the mail server for the destination domain. Once the IP address of the destination mail server is known, the email is sent to the appropriate server.

Email supports three separate protocols for operation: SMTP, POP3, and IMAP4. The Application Layer process that sends mail, either from a client to a server or between servers, implements the SMTP protocol. A client retrieves email using one of two application layer protocols: POP3 or IMAP.

The functions specified by the Simple Mail Transfer Protocol (SMTP) enable the transfer of mail reliably and efficiently. For SMTP applications to do this, two conditions must be met:

The mail message must be formatted properly

SMTP processes must be running on both client and server

SMTP message formats require a message header and a message body. While the message body can contain any amount of text, the message header must have a properly formatted recipient email address and a sender address. Any other header information is optional.

When a client sends email, the client SMTP process connects with a server SMTP process on well-known port 25. Once the connection is made, the client attempts to send mail to the server across the connection. Once the server receives the message, it either places the message in a local account or forwards the message using the same SMTP connection process to another mail server.

The destination email server may not be online, or may be busy, when email messages are sent. Therefore, SMTP provides for the spooling of messages to be sent at a later time. Periodically, the server checks the queue for messages and attempts to send them again. After a predetermined expiration time, if the message is still undelivered, it will be returned to the sender as undeliverable.

One of the required fields in an email message header is the recipient email address. The structure of an email address includes the email account name or an alias, as well as the domain name of the mail server. An example of an email address:

recipient@cisco.com.

The @ symbol separates the account and the domain name of the server.

When a message is sent to recipient@cisco.com, the domain name is sent to the DNS server in order to obtain the IP address of the domain mail server. Mail servers are identified in DNS by an MX record indicator. When the destination mail server receives the message, it stores the message in the appropriate mailbox. The mailbox location is determined based on the account specified in the first part of the email address, in this case, the recipient account. The message will remain in the mailbox until the recipient connects to the server to retrieve the email.

If the mail server receives an email message that references an account that does not exist, the email is returned to the sender as undeliverable.

The Post Office Protocol – Version 3 (POP3) is used to enable a workstation to retrieve mail from a mail server. With POP3, mail is downloaded from the server to the client and then deleted on the server.

The server starts the POP3 service by passively listening on TCP port 110 for client connection requests. When a client wishes to make use of the service, it sends a request to establish a TCP connection with the server. Once the connection is established, the POP3 server sends a greeting. The client and POP3 server then exchange commands and responses until the connection is closed or aborted.

Since email messages are downloaded to the client and removed from the server, this means that there is not a centralized location where email messages are kept. This makes the POP3 protocol undesirable in a centralized backup solution for a small business.

The POP3 protocol is desirable for an ISP since it alleviates the ISP’s responsibility of managing large amounts of storage for their email servers.

Internet Message Access Protocol (IMAP4) is another protocol that describes a method to retrieve email messages. However, unlike POP3, when the user connects to an IMAP-capable server, copies of the messages are downloaded to the client application. The original messages are kept on the server until manually deleted. Users view copies of the messages in their email client software.

Users can create a file hierarchy on the server to organize and store mail. That file structure is duplicated on the email client as well. When a user decides to delete a message, the server synchronizes that action and deletes the message from the server.

For small to medium-sized businesses, there are many advantages to the IMAP protocol. IMAP can lead to long-term storage of email messages on mail servers and allow for centralized backup. It also enables employees to access email messages from multiple locations, using different devices or client software. The mailbox folder structure that a user is used to seeing is available for viewing regardless of how the user accesses the mailbox.

For an ISP, IMAP may not be the protocol of choice. It can be expensive to purchase and maintain the disk space to support the large number of stored emails. Additionally, if customers expect their mailboxes to be backed up routinely, that can further increase the costs to the ISP.

Leave a Comment » | CNAP~sMt~2 | Permalink
Posted by maoels

Chapter Six (smt2)

September 26, 2008

Routing

Routing is the method by which network devices direct messages across networks to arrive at the correct destination.

All routers must make routing decisions. They do this by looking up information stored in their routing tables. Every router contains a table of all locally-connected networks and the interfaces that connect to them. These routing tables also contain information about the routes, or paths, that the router uses to reach other remote networks that are not locally attached.

These routes can be statically assigned to the router by an administrator, or they can be dynamically given to the router by another router via a program called a routing protocol.

Every router uses a routing table to make decisions where to send packets. The routing table contains a set of routes, where each route describes which gateway or interface the router needs to use to reach a specified network.

A route has four main components:

Destination value

Mask

Gateway or interface address

Route cost or metric

To direct a message to the correct destination, the router looks at the destination IP address in the packet and then looks for a matching route in the routing table.

The destination values in a routing table refer to destination network addresses.

In order for the router to determine if it has a route to the destination IP address in its table, it must first find out which bits represent the destination network address.

The router looks up the subnet mask assigned to each potential route in the table. The router applies each subnet mask to the destination IP address in the packet. The resulting network address is then compared to the network address of the route in the table.

If a match is found, the packet is forwarded out the correct interface, or to the appropriate gateway.

When the network address matches more than one route in the routing table, the router uses the route that has the most specific, or longest, network address match from its routing table.

Sometimes there is more than one equal cost route to the same destination network. There are routing protocol rules that determine which route the router will use.

If none of the route entries match, the router directs the message to the gateway specified by the default route if it has been configured.

For a Cisco router, the IOS command show ip route displays the routes in the routing table. There are several types of routes that can appear in the routing table:

Directly-Connected Routes

When the router powers up, the configured interfaces are enabled. As they become operational, the router stores the directly attached local network addresses as connected routes in the routing table. For Cisco routers, these routes are identified in the routing table with the prefix C. These routes are automatically updated whenever the interface is reconfigured or shutdown.

Static Routes

A network administrator can manually configure a static route to a specific network. A static route does not change until the administrator manually reconfigures it. These routes are identified in the routing table with the prefix S.

Dynamically-Updated Routes (Dynamic Routes)

Dynamic routes are automatically created and maintained by routing protocols. Routing protocols are implemented in programs that run on routers and that exchange routing information with other routers in the network. Dynamically-updated routes are identified in the routing table with the prefix that corresponds to the type of routing protocol that created the route, for example R is used for the Routing Information Protocol (RIP).

Default Route

The default route is a type of static route which specifies a gateway to use when the routing table does not contain a path to use to reach the destination network. It is common for default routes to point to the next router in the path to the Internet Service Provider. If a subnet has only one router, then that router is automatically the default gateway, because all network traffic to and from that local network has no option but to travel through that router.

Configuring Static Routes

The steps to configure a static route on a Cisco router are as follows:

1. Connect to the router using a console cable.

2. Open a HyperTerminal window to connect with the first router that you want to configure.

3. Enter privileged mode, by typing enable at the Router1> prompt. Note how the > symbol changes to a # to indicate that privilege mode is operative.

Router1>enable

Router1#

4. Enter global configuration mode.

Router1#config terminal

Router1(config)#

5. Use the ip route IOS command to configure the static route, with the following format:

ip route [destination_network] [subnet_mask] [gateway_address]

For example, to enable Router1 to reach a host on network 192.168.16.0, the administrator configures a static route on Router1 with the following IOS command in the global configuration mode:

Router1(config) #ip route 192.168.16.0 255.255.255.0 192.168.15.1

To enable two-way communication with a host on network 192.168.16.0, the administrator also configures a static route on Router 2.

Since static routes are configured manually, network administrators must add and delete static routes to reflect any changes in network topology. On small networks with few possible changes, static routes require very little maintenance. In a large network, the manual maintenance of routing tables could require significant administrative time. For this reason, larger networks generally use dynamic routing rather than static routes.

Routing Protocols

Routes can change very quickly. Problems with cables and hardware failures can make destinations unreachable through the designated interface. Routers need a way to quickly update routes that does not depend on the administrator to make changes.

Routers use routing protocols to dynamically manage information received from their own interfaces and from other routers. Routing protocols can also be configured to manage manually entered routes.

Dynamic routing makes it possible to avoid the time-consuming and exacting process of configuring static routes. Dynamic routing enables routers to react to changes in the network and to adjust their routing tables accordingly, without the intervention of the network administrator.

A dynamic routing protocol learns all available routes, places the best routes into the routing table, and removes routes when they are no longer valid.

The method that a routing protocol uses to determine the best route to a destination network is called a routing algorithm.

There are two main classes of routing algorithms: distance vector and link state. Each type uses a different method for determining the best route to a destination network.

The routing algorithm is very important to dynamic routing. Whenever the topology of a network changes because of reconfiguration or failure, the routing tables in all the routers must also change to reflect an accurate view of the new topology. When all the routers in a network have updated their tables to reflect the new route, the routers are said to have converged.

In order for two routers to exchange routes, they must be using the same routing protocol and therefore the same routing algorithm.

The distance vector routing algorithm passes periodic copies of a routing table from router to router. These regular updates between routers communicate topology changes.

The distance vector algorithm evaluates the route information it receives from other routers in terms of two basic criteria:

Distance – How far away is the network from this router?

Vector – In what direction should the packet be sent to reach this network?

The distance component of a route is expressed in terms of a route cost, or metric, that can represent:

Number of hops

Administrative cost

Bandwidth

Transmission speed

Likelihood of delays

Reliability

The vector or direction component of a route is the address of the next hop along the path to the network named in the route.

An analogy for distance vectors are the highway signs found at intersections. A sign points toward a destination and indicates the distance that must be traveled to reach that destination. Further down the highway, another sign points toward the same destination, but now the distance remaining to that destination is shorter. As long as the distance is shorter, the traffic is on the best path.

Each router that uses distance vector routing communicates its routing information to its neighbors. Neighbor routers share a directly connected network. The interface that leads to each directly connected network has a distance of 0.

Each router receives a routing table from its directly connected neighbor routers. For example, Router R2 receives information from Router R1. Router R2 adds to the metric, in this case hop count, to show that there is now one more hop to get to the destination network. Then Router R2 sends this new routing table to its neighbors, including Router R3. This same step-by-step process occurs in all directions between neighbor routers.

Eventually, each router learns about other more remote networks based on the information that it receives from its neighbors. Each of the network entries in the routing table has an accumulated distance vector to show how far away that network is in a given direction.

As the distance vector discovery process proceeds, routers discover the best path to destination networks based on the information they receive from each neighbor. The best path is the path with the shortest distance or smallest metric.

Routing table updates also occur when the topology changes, for example, when a new network is added or when a router fails, causing a network to be no longer reachable. As with the network discovery process, topology change updates proceed step-by-step by sending copies of routing tables from router to router.

Common Interior Routing Command

RIP

Routing Information Protocol (RIP) is a distance vector routing protocol that is used in thousands of networks throughout the world.

The key characteristics of RIP include the following:

Initially specified in RFC 1058

Is a distance vector routing protocol

Uses hop count as the metric for path selection

Defines a hop count greater than 15 as an unreachable route

Sends routing table contents every 30 seconds, by default

When a router receives a routing update that includes a new or changed route, the router updates its routing table to reflect this new route. At each router, the hop count value is increased by one. The router uses the local network address of the directly connected router which sent the update as the next hop address.

After updating its routing table, the router immediately begins transmitting routing updates in order to inform other network routers of the change. These updates, called triggered updates, are sent independently of the regularly scheduled updates that RIP routers forward.

The RIP protocol is simple, easy to implement, and is available free of cost with most routers. These advantages make RIP a widely used and popular routing protocol.

However, RIP has several disadvantages:

Allows a maximum of 15 hops, so it can only be used for networks that connect no more than 16 routers in series.

Periodically sends complete copies of the entire routing table to directly connected neighbors. In a large network, this can cause a significant amount of network traffic each time there is an update.

Converges slowly on larger networks, when the network changes.

There are currently two versions of RIP available. These are known as RIPv1 and RIPv2. RIPv2 has many advantages over RIPv1 and is usually used unless the equipment cannot support RIPv2. The most significant difference between RIP version 1 and 2 is that RIPv2 can support classless routing, because it includes the subnet mask information in routing updates. RIPv1 does not send subnet mask information in the updates; therefore it must rely on the classfull default subnet masks.

EIGRP

Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary enhanced distance vector routing protocol. EIGRP was developed to address some of the limitations of other distance vector routing protocols such as RIP. These limitations include the use of the hop count metric and the maximum network size of 15 hops.

Instead of hop count, EIGRP uses a number of metrics, including a configured bandwidth value, and the delay encountered when a packet travels a particular route.

The key characteristics of EIGRP are:

Uses a variety of metrics to calculate the cost of a route

Combines the next hop and metric features of distance vector protocols, with additional database and update features

Has a maximum hop count of 224 hops

Unlike RIP, EIGRP does not rely only on the routing table in the router to hold all of the information it needs to operate. EIGRP creates two additional database tables: the neighbor table and the topology table.

The neighbor table stores data about the neighboring routers that are on directly connected local networks. This neighbor table includes information such as the interface IP addresses, interface type and bandwidth.

EIGRP builds the topology table from each of the advertisements of its neighbors. The topology table contains all of the routes advertised by the neighbor routers. EIGRP depends on a routing algorithm called Diffused Update Algorithm (DUAL) to calculate the shortest path to a destination within a network and to install this route into the routing table. The topology table enables a router running EIGRP to find the best alternate path quickly when a network change occurs. If no alternate route exists in the topology table, EIGRP queries its neighbors to find a new path to the destination.

Unlike RIP, which is limited to small simple networks of less than 15 hops, EIGRP is ideal for larger, more complex networks up to 224 hops in size that require fast convergence.

Routers that use the distance vector routing algorithm have little information about distant networks and none about distant routers. The link-state routing algorithm maintains a full database of distant routers and how they interconnect.

Link-state routing uses the following features:

Routing table – List of the known paths and interfaces

Link-state advertisement (LSA) – Small packet of routing information that is sent between routers. LSAs describe the state of the interfaces (links) of a router, as well as other information, such as the IP address of each link

Topological database – Collection of information gathered from all the LSAs received by the router

SPF (Shortest Path First) algorithm – Calculation performed on the database that results in the SPF tree. The SPF tree is a map of the network as seen from the point of view of the router. The information in this tree is used to build the routing table

When LSAs are received from other routers the SPF algorithm analyzes the information in the database to construct the SPF tree. Based on the SPF tree, the SPF algorithm then calculates the shortest paths to other networks. Each time a new LSA packet causes a change to the link-state database; SPF recalculates the best paths and updates the routing table.

OSPF

Open Shortest Path First (OSPF) is a non-proprietary link-state routing protocol described in RFC 2328. The key characteristics of OSPF are:

Uses the SPF algorithm to calculate the lowest cost to a destination

Sends routing updates only when the topology changes; does not send periodic updates of the entire routing table.

Provides fast convergence

Supports VLSM and discontiguous subnets

Provides route authentication

In OSPF enabled networks, routers send link state advertisements to each other when a change occurs, for example:

A new neighbor is added

A link fails

A link is restored

If the network topology changes, for example if a link goes down or a new router is added, those routers affected by the change send update LSAs to the rest of the network. All routers update their topology databases accordingly, regenerate their SPF trees to find new shortest paths to each network, and update their routing tables with the changed routes.

Routing Within Organization

Choosing one routing protocol over another can be difficult even for expert network designers. The following guidelines may help when designing a network.

Small networks with only one gateway to the Internet can probably use static routes. Such a topology rarely needs dynamic routing.

As an organization grows and adds routers to its network topology, RIPv2 can be used. It is easy to configure and in small networks can work well. When a network begins to exceed 15 routers, RIP is no longer a good choice.

For larger networks, EIGRP and OSPF are common, but there is no simple principle that makes it obvious to choose one over the other. Each network has to be considered independently, and the three main criteria in helping settle on a protocol are:

Ease of management – What information does the protocol keep about itself? What show commands are available?

Ease of configuration – How many commands will the average configuration require? Is it possible to configure several routers in your network with the same configuration?

Efficiency – How much bandwidth does the routing protocol take up while in steady state, and how much could it take up, when converging in response to a major network event?

Configure And Verify RIP

RIP is a popular distance vector protocol supported by most routers. It is an appropriate choice for small networks containing multiple routers. Before configuring RIP on a router, think about the networks a router serves, and the interfaces on the router that connect to these networks.

The figure shows three routers. Each router serves a separate private local network, so there are three LANs. The routers are connected by separate networks as well, so there are a total of six networks shown.

With a topology like this, be careful not to assume that R1 links directly to 10.0.0.0/8 and 172.16.17.0/16. R1 will be able to reach those networks once RIP routing is properly configured.

Before configuring RIP, assign an IP address and enable all the physical interfaces that will participate in routing. On serial links, set the clock rate on the master router. After this is done, configure RIP.

For the most basic RIP configuration, there are three commands to remember:

Router(config)#router rip

Router (config-router)#version 2

Router(config-router)#network [network-number]

Enter the router rip command in global configuration mode to enable RIP on the router. Enter the network command from router configuration mode to tell the router which networks will be part of the RIP routing process. The routing process associates specific interfaces with the network-numbers and begins to send and receive RIP updates on these interfaces.

Once a configuration is done, it is a good idea to compare the running configuration with an accurate topology diagram to verify network numbers and interface IP addresses. This is good practice because, sometimes, it is easy to make a simple data entry error.

There are several ways to verify that RIP is functioning properly in the network.

If the configuration is correct, one way to verify that routing is working properly is to ping devices on remote networks. If a ping is successful, it is likely that routing is working.

Run the IP routing verification commands show ip protocols and show ip route at the CLI command prompt.

The show ip protocols command verifies that RIP routing is configured, that the correct interfaces are sending and receiving RIP updates, and that the router is advertising the correct networks.

The show ip route command shows the routing table, which verifies that routes received by RIP neighbors are installed in the routing table.

The debug ip rip command can be used to observe the networks advertised in the routing updates as they are sent and received. Debug commands display router activity in real time. Because debug activity uses router processor resources, debug should be used with care in a production network, because it can affect network operation.

Atonomous System

Internet routing architecture has evolved over the years into a distributed system of interconnected networks. The Internet is now so vast and involves so many networks that it would be impossible for a single organization to manage all the routing information needed to reach every destination around the world.

Instead, the Internet is divided up into collections of networks called Autonomous Systems (AS) that are independently controlled by different organizations and companies.

An AS is a set of networks controlled by a single administrative authority using the same internal routing policy throughout. Each AS is identified by a unique AS number (ASN). ASNs are controlled and registered on the Internet.

The most common example of an AS is the ISP. Most businesses connect to the Internet through an ISP, and so become part of the routing domain of that ISP. The AS is administered by the ISP and therefore not only includes its own network routes, but also manages the routes to all the business and other customer networks that are connected to it.

The same ASN applies to all network devices within the AS routing domain.

ISP A is an AS whose routing domain includes a local business that directly connects to that ISP for Internet access. That business does not have a separate ASN. Instead it uses the AS number of ISP A (ASN 100) in its routing information.

Also shown is a large global business with corporate offices located in Hong Kong and New York. Because they are located in different countries, each office connects to a different local ISP for Internet access. This means that the business is connected to two ISPs. Which AS does it belong to and which ASN does it use?

Because the company communicates through both ISP B and ISP C, this will cause routing confusion in terms of connectivity. Traffic from the internet does not know which AS to use to reach the large global business. To solve the problem, the business registers as an AS in its own right and is assigned an ASN of 400.

Routing Between Atonoous System

Interior Gateway Protocols (IGP) are used to exchange routing information within an autonomous system or individual organization. The purpose of an interior routing protocol is to find the best path through the internal network. IGPs run on the interior routers, that is, the routers inside an organization. Examples of interior gateway protocols are RIP, EIGRP and OSPF.

By contrast, exterior gateway protocols (EGP) are designed to exchange routing information between different Autonomous Systems. Because each AS is managed by a different administration and may use different interior protocols, networks must use a protocol that can communicate between diverse systems. The EGP serves as a translator for ensuring that external routing information gets successful interpreted inside each AS network.

EGP protocols run on the exterior routers, that is, the routers that are located at the border of an AS. Exterior routers are also called border gateways.

Unlike interior routers, which exchange individual routes with each other using IGPs, exterior routers exchange information about how to reach various networks using exterior protocols. Exterior routing protocols seek to find the best path through the Internet as a sequence of Autonomous Systems.

The most common exterior routing protocol on the Internet today is Border Gateway Protocol (BGP). It is estimated that 95% of Autonomous Systems use BGP. The most current version of BGP is version 4 (BGP-4) for which the latest description is provided in RFC 4271.

Routing Accross The Internet

Each AS is responsible for informing other ASs about which networks they can reach through that AS. ASs exchange this reachability information with each other through exterior routing protocols that run on dedicated routers, called border gateways.

Packets are routed across the Internet in several steps:

1. The source host sends a packet destined for a remote host located in another AS.

2. Since the destination IP address of the packet is not a local network, the interior routers keep passing the packet along their default routes, until eventually it arrives at an exterior router at the edge of the local AS.

3. The exterior router maintains a database for all the Autonomous Systems with which it connects. This reachability database tells the router that the path to the destination network passes through several ASs, and that the next hop on the path is through a directly-connected exterior router on a neighboring AS.

4. The exterior router directs the packet to its next hop on the path, which is the exterior router at the neighboring AS.

5. The packet arrives at the neighboring AS, where the exterior router checks its own reachability database and forwards the packet to the next AS on the path.

6. The process is repeated at each AS until the exterior router at the destination AS recognizes the destination IP address of the packet as an internal network in that AS.

7. The final exterior router then directs the packet to the next hop interior router listed in its routing table. From then on, the packet is treated just like any local packet and is directed through interior routing protocols through a series of internal next hops until it arrives at the destination host.

Exterior Routing Protocols And The ISP

Exterior gateway protocols provide many useful features for ISPs. Not only do exterior protocols allow traffic to be routed across the Internet to remote destinations, but they also provide the method by which ISPs can set and enforce policies and local preferences so that the traffic flow through the ISP is efficient and that none of the internal routes are overloaded with transit traffic.

Business customers insist on reliability for their Internet service, and so ISPs must make sure that the Internet connection for those customers is always available. They do this by providing backup routes and routers in case the regular route fails. During normal conditions, the ISP advertises the regular route to other Autonomous Systems. If that regular route fails, then the ISP sends an exterior protocol update message to advertise the backup route instead.

The flow of messages in the Internet is called traffic. Internet traffic can be categorized in one of two ways:

Local Traffic – Traffic carried within an AS that either originated in that same AS, or is intended to be delivered within that AS. This is like local traffic on a street.

Transit Traffic – Traffic that was generated outside that AS and can travel through the internal AS network in route to be delivered to destinations outside the AS. This is like through traffic on a street.

The flow of traffic between Autonomous Systems is carefully controlled. It is important to be able to limit or even prohibit certain types of messages from going to or from an AS, for security reasons or to prevent overloading.

Many Autonomous Systems are not willing to carry transit traffic. Transit traffic can cause routers to overload and fail, if those routers do not have the capacity to handle large amounts of traffic.

Configurte And Verify BGP

When an ISP puts a border router at a customer location, they usually configure it with a default static route to the ISP. Sometimes, though, an ISP may want the router to be included in its autonomous system and to participate in BGP. In these cases, it is necessary to configure the customer premise router with the commands necessary to enable BGP.

The first step in enabling BGP on a router is to configure the AS number. This step is done with the command:

router bgp [AS number]

The next step is to identify the ISP router that is the BGP neighbor with which the Customer Premise Equipment (CPE) router exchanges information. The command to identify the neighbor router is:

neighbor [IP Address] remote-as [AS number]

When an ISP customer has its own registered IP address block, it may want the routes to some of its internal networks to be known on the Internet. To use BGP to advertise an internal route, a network command is needed. The format of the network command is:

network [network address]

Once all of the customer premise equipment is installed and the routing protocols configured, the customer has both local and Internet connectivity. Now the customer is able to fully participate in other services the ISP may offer.

The IP addresses used for BGP are normally registered, routable addresses which identify unique organizations. In very large organizations private addresses may be used in the BGP process as illustrated. On the Internet, BGP should never be used to advertise a private network address.

Leave a Comment » | CNAP~sMt~2 | Permalink
Posted by maoels

Trik dan Tips Pelayanan Warnet

September 26, 2008

Beberapa hari yang lalu gw pergi ke salah-satu warnet didaerah gw, berhubung penuh gw iseng-iseng ngobrol sama operatornya. Basa-basi gw mulai dengan menanyakan waktu buka warnet, konektifitasnya gimana, alasan nggak pake billing, dsb. Pada obrolan kami ya… gw denger beberapa keluhan dia mengenai warnetnya yang kurang laris, bahkan tiap bulan bukannya untung malah nombokin. Sampe di rumah sambuk nunggu waktu maghrib gw fikirin beberapa alasan warnet bisa laris dan di bawah ini adalah hasil dari buah pemikiran gw mengenai warnnet.

dari segi tempat, pilih lokasi yang cukup luas sehingga membuat para pengunjung dapat duduk dengan tenang bahkan kalau bisa tidur-tiduran.
usahakan jangan membuat pengunjung berposisi duduk di kursi, ternyata posisi lesehan alias tanpa kursi tempat duduk lebih di sukai oleh pengunjung karena dinilai privacy mereka lebih terjaga.
buat setiap satu komputer setidaknya muat untuk 2 orang pengunjung, sehingga bagi pengunjung yang membawa teman dapat bekerja sama dengan tenang tanpa saling sikut berebut tempat depan monitor.
fasilitas IRC Client, hal ini merupakan hal wajib yang ada di warnet. Kenapa? Seperti kita lihat hampir 60-70% pengguna warnet adalah remaja nanggung. Dan notabene remaja nanggung tersebut kalau ke warnet paling Cuma chating, dan salah satu yang di favoritkan adalah IRC Server.
Gunakan OS yang sudah biasa di gunakan oleh pengunjung tentusaja dalam hal ini adalah produk dari Micr*soft Wind*ws. Penggunaan OS lainnya seperti Lin*x, Mac *S, dsb membuat pengunjung belajar dari nol lagi untuk menggunakan fasilitas komputer. Meski pada dasarnya kesemua OS tersebut sudah User friendly tapi orang indonesia paling males untuk capek. Ngerti kan?
jangan pergunakan proxy untuk memblock situs porno, ini sih masalah etika anda. Kalau mau silakan kalau tidak juga ya tidak apa-apa. Situs porno merupakan situs paling dominan yang sering dikunjungi oleh pengguna warnet baik anak-anak maupun orang dewasa.
beri hak akses untuk menyimpan data di flashdisk pengguna tanpa melalui perator, intinya enable kan fungsi port USB pada komputer sehingga pengguna bebas untuk menyimpan data pribadinya tanpa ketahuan operator.
sekedar tambahan, jika anda memiliki warnet namun tetap sepi meski telah melakukan hal-hal diatas anda boleh mencoba sistem bonus, dimana setiap 10 x atau periode tertentu pelanggan datang maka akan mendapatkan bonus. Penilaian kunjungan boleh dengan cap, maupun stiker. Kalau tidak boelh sekedar memberi minuman untuk pengguna yang menggunakan layanan di atas beberpa jam misalkan 2 atau 3 jam.
full music, itu salah satu cara menarik pelanggan. Putar musik-musik yang lagi in pada waktunya. Jangan putar musik jadul maupun musik yang peminatnya tidak banyak.
beri fasilitas headset maupun webcam, tergantung kepercayaan anda terhadap pelanggan.
senyum, satu tidakan kecil yang berarti besar bagi pengunjung. Pengunjung senang dengan pelayanan yang baik. Dengan senyum maka anda akan mendapat nilai positif dari pengunjung.
buku majalah maupun komik di perlukan agar pengunjung yang menunggu giliran menggunakan warnet tidak jenuh ketika menunggu.

Sekian dulu trik dan tips pelayanan warnet dari gw, gw nulis gini karena gw sedih juga dimana beberapa warnet gulungtikar karena kesalahan mereka sendiri. Mungkin beberapa tips di atas ada yang komplain mulai dari security system yang kurang baik, maupun rusaknya peralatan warnet. Okei gw ngerti itu penting juga, tapi itu adalah konsekwensi yang harus diterima anda selaku admin warnet. Lihat saja keuntungan dan pengeluaran anda di awal bulan anda mencoba tips saya. Apakan income lebih tinggi dari pengeluaran. Wallahualam….

5 Comments | TrIcK & TiPs | Permalink
Posted by maoels

	maoels on Sejarah Doraemon
	liew267 on Sejarah Doraemon
	maoels on Sejarah Doraemon
	maoels on Sejarah Doraemon
	maoels on Membuat Portable Software
	maoels on Topologi Jaringan
	maoels on Topologi Jaringan
	maoels on Live Is Gambling
	CuTe AssyIIkk on Topologi Jaringan
	jonni on Membuat Portable Software

Maoels VIP blog

Chapter Eight (smt2)

Chapter Seven (smt2)

Chapter Six (smt2)

Trik dan Tips Pelayanan Warnet

License Agreement

Link's~ku

mY FrIenDs

Categories

Inget Janji Loe!

Jumlah Orang Nyasar

Yang lagi baca

Pemberi Komentar

Asli Indonesia

My Community

Meta

Spam Blocked

September 2008
M	T	W	T	F	S	S
				Oct »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Maoels VIP blog

Chapter Eight (smt2)

Chapter Seven (smt2)

Chapter Six (smt2)

Trik dan Tips Pelayanan Warnet

License Agreement

Link's~ku

mY FrIenDs

Categories

Inget Janji Loe!

Jumlah Orang Nyasar

Yang lagi baca

Pemberi Komentar

Asli Indonesia

My Community

Meta

Category Cloud

Spam Blocked