Network & Data Center Management Revision

本文介绍了计算机网络和数据中心管理的基础知识, 较偏重概念和理论讲解, 是本人在UWTSD Network & Data Center Management module的课程总结, 也是考试的复习笔记.

应用层：应用层协议定义的是进程间的交互规则，因为主机间通信的本质是主机上进程的通信（进程即为正在运行的程序）。具体的应用层协议有DNS、HTTP等。应用层数据单位：报文(message)。
运输层：运输层负责为主机进程间的通信提供通用的数据传输服务，目前主要有两种协议：传输控制协议TCP和用户数据报协议UDP，TCP提供面向连接、可靠的数据传输服务，UDP提供无连接的、尽最大努力的数据传输服务。运输层数据单位：TCP为报文段(segment)，UDP为用户数据报。
网络层：网络层负责分组交换网的数据传输服务，使用IP协议。与运输层的不同在于：运输层针对互联网的边缘部分，网络层针对互联网的核心部分，路由器在转发时最高就涉及到网络层，不涉及运输层和应用层。网络层数据单位：IP数据报（就是之前所说的分组）。
数据链路层：数据链路层负责分组交换网中相邻结点的数据传输，与网络层的不同在于：网络层是源结点到目的结点(中间可能有多个结点)，而数据链路层是相邻结点。数据链路层数据单位：帧(framing)。
物理层：负责物理硬件层面的数据传输，物理层数据单位：比特(bit)。
注：数据从上层到下层需要加首部，加上相关控制信息。另外，从网络层->链路层还要加尾部（做差错校验的工作）。

Network Management

Five functional areas of Network Management:

Fault Management
Configuration Management
Security Management
Performance Management
Accounting Management

Fault Management:

detcting faults found on the network, isolating and correcting the faults.
Preemptive approach is better than reducing downtime.
The most widely implemented NM element.

Performance Management

Monitoring performance aspects of the network including:Downtime, Available Bandwidth, Latency and Broadcast storms.
Metrics: Throughput, reponse time, utilization. Maintain them at a certain level, and notify system if level falling.
Steps: gather data->analyze->set threshold->monitor.

Configuration Management

Monitoring network and system configuration, including configuration file, inventory, known naming conventions and so on.
Steps: Create Standards->Implement->Maintain Documentation->Validate & Audit->Review Standards

Accounting Management

Monitoring usage aspects of the network.(Such as: What services are used? When are the services used and who uses them?)
Measuring utilization of all important network resources.

Security Management

Control access to the network resources(only authorized individuals) and monitor security aspects of the network.
Notify administrator if anyone trying to breach security.

Network Management Protocol

SNMP(Simple Network Management Protocol)IMPORTANT
CMIP(Common Management Information Protocol)
RMON(Remote Monitoring)

SNMP

An application-layer protocol that provides a message format for communication between SNMP manager sandagents.And it is part of the TCP/IP protocol suite.
Three parts of SNMP framework.
1.SNMP manager
2.SNMP agent
3.MIB(Management Information Base)

SNMP manager
The system to control and monitor the activities of network hosts.
SNMP agent
The software component within the managed device that maintains the data for the device and reports these data.
The agent and MIB reside on the routing device (router, access server, or switch).
MIB(Management Information Base)
The Management Information Base (MIB) is a virtual information storage area for network management information, which consists of collections of managed objects

SNMPv3

Two main components: SNMPv3 engine and SNMPv3 applications.
SNMPv3 engine: four subcomponents
Dispatcher: handles message sending and receiving.
Message subsystem: handles message processing.
Security subsystem: handles security processing for security model.
Access control subsystem: handles the granting/rejecting of access to specific managed objects.
SNMPv3 applications
Command generators: create SNMP messages.
Command responders: respond to SNMP messages.
Notification originators, send trap or inform messages.
Notification receivers: receive and process trap or inform messages.
Proxy forwarders: forward messages between SNMP entity components.

Network Management Software System

Two major Components: platform and application.

Network Management Platform

Goal: To provide generic functionality for managing a variety of network devices.

Basic features:
Graphical User Interface(GUI)
Network Map(discovers the devices on the network and their connectivity, and present overview of network visually)
Database Management System(DBMS)
Standard Method to Query Devices
Customizable Menu System
Event Log

Network Management Application

Goals
1.Effectively manage a specific set of devices.
2.Avoid functionality overlap with the platform.
3.Integrate with a platform through the API and menu system.
4.Reside on multiple platforms.

IPV4 & IPV6

Issues of IPV4

Internet routing table expansion
Internet core routers require more processing power and overhead.
Lack of true end-to-end model
IPv4 networks typically use NAT as the solution to address depletion.

Features of IPV6

Larger address space
IPv6 addresses are 128 bits, compared to IPv4’s 32 bits.
Elimination of public-to-private NAT
End-to-end communication traceability is possible.
Elimination of broadcast addresses
IPv6 now includes unicast, multicast, and anycast addresses.
Support for mobility and security
Helps ensure compliance with mobile IP and IPsec standards.
Simplified header for improved router efficiency
IPv6 routers no longer perform fragmentation.
A discovery process is used to determine the optimum MTU (maximum transmission Unit) to use during a given session.
Multiple addresses per interface
An IPv6 interface can have multiple addresses.
Stateless autoconfiguration(IMPORTANT)
DHCP is not required because an IPv6 device can automatically assign itself a unique IPv6 link-local address.

IPv6 Address

地址表示法

采用16进制, 16比特为一组, 总共8组(16*8=128)
e.g. 2035:0001:2BC5:0000:0000:087C:0000:000A
省略规则:
1.每组开头的0可以省略
2.当有多个连0时可用“::”代替
e.g. 3FFE:0501:0008:0000:0260:97FF:FE40:EFAB
= 3FFE:501:8::260:97FF:FE40:EFAB

组成部分

IPv6包含两个部分: Subnet Prefix & Interface ID, 且Interface ID通常固定为后64位, 前64位表示一些前缀码和子网号

IPv6 Address types

Three Types: Unicast, Multicast and Anycast
三类IPV6地址
Three destination scopes: Site-local address(deprecated, no longer supported), Link-Local address, Global unicast address.

Link-Local address
Used for trasmitting packets to the interface on the same local link, not routable off the link.
Composed of a link-local prefix of FE80::/10 and a 64-bit interface identifier.

tips: An interface can have multiple IPv6 addresses simultaneously configured and enabled on it.one link-local and one or more global unicast address.
Global Unicast Address
Used to transmit in Internet. Consists of a 48-bit global routing prefix, a 16-bit subnet ID and a 64-bit interface ID.

The prefixes of addresses are from 2000::/3 (001) to E000::/3 (111)
Multicast Address
a replacement for the broadcast address, defined by the prefix FF::/8, an interface can belong to any number of multicast groups.
The second octet of the address contains the prefix and lifetime flags, and the scope of the multicast address.
Solicited-Node Multicast Addresses
defined by FF02::1:FF and is used for Neighbor discovery (ND) process and Stateless address autoconfiguration.

Neighbor Discovery

used to
Determine the local-link address of the neighbor.
Determine the routers on the link and default route.
Actively keep track of neighbor reachability.
four message types
process example
see slides

Stateledss Autoconfiguration(IMPORTANT)

see slides
Dupicate Address Detection(DAD)

IPv4 Header vs IPv6 Header

IPv4和IPv6请求头

Multiple extension headers (called a chain) may be included in an IPv6 packet.
The number of extension headers is not fixed, so the total length of the extension header chain is variable.
Extension headers make the handling of options more efficient.
[More information can be found in slides]
IPv6 extension header

Wireless LANs

Before installing a wireless router, what are some of the management parameters to be considered?

SSID
Unique identifier that wireless clients use to distinguish between multiple wireless networks in the same vicinity.
Password
Required from the wireless client to authenticate to the AP. Sometimes called the security key.
Network mode
Refers to the 802.11a/b/g/n/ac/ad WLAN standards. APs and wireless routers can operate in a mixed mode; i.e., it can simultaneously use multiple standards.
Security mode
Refers to the security parameter settings, such as WEP, WPA, or WPA2.
Channel settings
Refers to the frequency bands used to transmit wireless data. Wireless routers and AP can choose the channel setting or it can be manually set.

When configuring a wireless router, what the Implemetation Plan steps consists of?

Step 1
Start the WLAN implementation process with a single AP and a single wireless client, without enabling wireless security.
Step 2
Verify that the client has received a DHCP IP address and can ping the local, wired default router, and then browse to the external Internet.
Step 3
Configure wireless security using WPA2/WPA Mixed Personal. Never use WEP unless no other options exist.
Step 4
Back up the configuration.

What does the Smart Wi-Fi setteings enable you to do?

Configure the router’s basic settings for the local network.
Diagnose and troubleshoot connectivity issues on the network.
Secure and personalize the wireless network.
Configure the DMZ feature, view connected computers and devices on the network, and set up port forwarding.

Name and explain some of the features of the Smart Wi-Fi Tools.

Device List
Lists who is connected to the WLAN. Personalize device names and icons. Connect devices.
Guest Access
Creates a separate network for up to 50 guests at home while keeping network files safe with the Guest Access Tool.
Parental Controls
Protects kids and family members by restricting access to potentially harmful websites
Media Prioritization
Prioritizes bandwidth to specific devices and applications.
Speed Test
Tests the upload and download speed of the Internet link. Useful for baselining.
USB Storage
Controls access to shared files.

Data Centre Design

Data centres are designed to host critical computing resources in a centralized place.

Multilayer Data Centre Network

Data Centre Network Layers

Aggregation Layer: Multilayer switches, firewalss, load balancers…
Access Layer: Layer2 switch, web and client facing servers…

Three demands of data centre

scalability(fast and seamless growth), flexibility(support of new service without major overhaul), high availability(predictable uptime)

With aid of a diagram explain storage layer and transport layer of the data centre architecture

DC storage and transport layer

Server Farm

There are three types server farm: Internet, Intranet and extranet.

With aid of a diagram explain Internet Server Farm

Users use Internet to access the server farm and rely on the web interface and web browsers.
Two types: Dedicated Internet Server Farm & DMZ Server Farm

Dedicated Internet Server Farm

Built to support large-scale Internet-facing applications that support the core business function
Because of users are located on the Internet and number of likely users is high, Security and scalability are a major concern in this type of server farm.
DMZ Server Farm

Built to support Internet-based applications in addition to Internet access from the enterprise.
DMZ Server Farms locate in the demilitarized zone (DMZ) because they are part of the enterprise network yet are accessible from the Internet.

Intranet Server Farm

Intranet server farms resemble the Internet server farms in their ease of access, yet they are available only to the enterprise’s internal users.
Intranet server farms include most of the enterprise-critical computing resources that support business processes and internal applications.

Draw the topology diagram of extranet server farm

Extranet server farms sit between Internet and intranet server farms, they are accessed only by a selected group of users(e.g. business partners) that are neither Internet- nor intranet-based.
The main purpose for extranets is to improve business-to-business communication by allowing faster exchange of information in a user-friendly and secure environment. This reduces time to market and the cost of conducting business.

Explain the functionality of server clustering

Clustering consists of using multiple-server computers to provide a single application that is virtually running on a single server.
The application runs effectively on multiple servers, but the end user thinks he is accessing a single server.
Clustering provides both load distribution and high availability.

Storage-area network

Explain a Storage-area network

A network whose primary purpose is the transfer of data between computer systems and storage elements and among storage elements.
A SAN is a specialized, high-speed network that attaches servers and storage devices.
Three key benefits: simplification of the infrastructure, information life-cycle management (ILS), and business continuity.

Server Virtualisation

server virtualisation comprises several components working in synergy to deliver a holistic solution.
With reference to this expalin the following:

Type-1 and Type-2 Hypervisiors

Type-1 Hypervisor

Type-1 hypervisors run directly on top of the physical server hardware. Virtual machines run on top, and guest operating systems leverage virtual hardware exposed by the hypervisor.
better performance characteristics
Examples: Microsoft Hyper-V, Vmware ESXi, XenServer, and KVM
Type-2 Hypervisor

Type-2 hypervisors run as an application on top of the server operating system. Type-2 hypervisors coordinate a call to the physical server resources through the host operating system installed on the server. The actual virtual machines run one level higher.
easier implementation and maintenance
Examples: VMware Workstation, VMware Fusion, Oracle VM VirtualBox.

Virtual machines

A virtual machine is a software on top of the hypervisor.
Virtual machines emulate operation of the physical computing environment and rely on the hypervisor for access to the physical server resources.
Guest operating system: The OS run in Virtual machine.
Host operating system: the server operating system runs virtual machine.

Virtual switching

Virtual switches take care of forwarding the network traffic between the virtual machines residing on the same or different physical hosts.
When virtual machines move around the virtualisation layer, virtual switching will also be important to maintain configuration consistency for the virtual machine attachment points.

Management tools

The virtualisation management tool is also referred to as Virtual Machine Manager.
They help create, edit, clone, start, stop, and move virtual machines.
They help view performance characteristics and utilisation of the VMs, they also provide a programmatic way to interact with server virtualisation environment through APIs.

Data Centre Management

Explain the importance of Data Centre Infrastructure Management(DCIM)

The outward expansion and increasing rack density of modern data centre have created serious space and energy consumptions concerns.
So we should consolidate and construct large data centres driven by economy of scale benefits.
Data Centre should be organised and operated to deliver quality of service reliably, securely and economically.
So we need DCIM.

State the domains for Data Centre(DC)

Facilities: Physical space, power and cooling
Networking: Fiber optic and copper cable plants, LANs, SANs and WANs
Systems: Mainframes, servers, virtual servers and storage

Name the Data Centre Management(DCM) components and discuss their functions.

see the last slides

What are the key questions you would ask or the step to take before implemeting and improving a data centre?