#General CCNA
#=====================================================================
#Redurant Internet Connection
# -Single Homed = 1 connection to 1 ISP
# -Dual Homed = 2 connections to 1 ISP
# -Multihomed - 1 connection to each of 2 ISP
# -Dual Multihomed- 2 connections to each of 2 ISP
#=====================================================================
#=====================================================================
#MPLS
#Multi Protocol Label Switching
# CE router - Customer Edge router
# PE router - Provider Edge router
# P router - Provider Core router
# |-Service Provider|
# Office A (CE)===|PE|=====P=====|PE|===(CE) Office B
# |-Service Provider|
#The CE Routers do not use MPLS, it is only used by the PE and P routers
#When using a layer 3 MPLS VPN, the CE and PE routers using OSPF, for example, to share routing information
#When using a layer 2 MPLS VPN, the CE and PE routers do not form peering
# -The ISP`s network is entirely transparent to the CE routers
# -In effect, it is like the two CE routers are directly connected. Their WAN interfaces will be in the same subnet
# -If a routing protocol is used, the two CE routers will peer directly with each other
#=====================================================================
#=====================================================================
#Internet VPNs
#Private WAN services such as leased lines and MPLS provide security because each customers traffic is separated
#by using dedicated physical connections (leased lines) or by MPLS tags. Another way is using VPNs.
#CCNA coves only Site-to-Site using IPsec and Remote-access VPNs using TLS
#Site-to-Site VPN
#There are some limitations to standart IPSec:
# -IPSec doesn`t support broadcast and multicast traffic, only unicast. This means that routing protocolas such as OSPF
can`t be used over the tunnels because they rely on multicast traffic, but this can be solved with "GRE over IPSec"
-Configuring a full-mesh of tunnels between many sites is a labor-intensive task, but this can be solved with Cisco DMVPN
#GRE over IPsec
#Generic Routing Encapsulation creates tunnels like IPSec, however it doesn`t encrypt the original packet, so it is not secure
#However it has the advantage of being able to encapsulate a wide variety of layer 3 protocols as well as broadcast and multicast messages
#To get the flexibility of GRE with the security of IPSec "GRE over IPSec" can be used
#ORIGINAL PACKET+GRE HEADER+IPSec HEADER-->Encrypt-->Encryped {IPSec HEADER and IP HEADER}
#=====================================================================
#=====================================================================
#DMVPN (Dynamic Multipoint VPN) is a Cisco solution. It allows routers to dynamically create a full mesh of IPSec tunnels
#without having to manually configure every single tunnel
$HOW TO, Steps:
# 1. Configure IPSec tunnels to a hub site. (Each router must have a connection with main router)
# 2. The hub (main) router gives each route information about how to form an IPSec tunnel with the other routers
#Remote-Access VPNs
#Remote-access VPNs typacally use TLS (Transport Layer Security)
# -TLS also provides security for HTTPS
# -TLS was formerly known as SSL (Secure Socket Layer) and developed by Netscape, but it was renamed to TLS
# -VPN client software - Cisco AnyConnect (TLS VPN Tunnel)
#=====================================================================
#=====================================================================
#Architectures
# -2-Tier and 3-Tier LAN Architectures
# -Spine-Leaf Architecture (DATA-center)
# -SOHO (Small Office Home Office)
# -STAR Topology
# -Full Mesh
# -Portial Mesh
#2-Tier Campus LAN Desing
# -Access Layer
# -Distribution Layer
#Also called "Collapsed Core" desing because it omits a layer that is found in the 3-Tier design the Core Layer
# Access Layer - usually setup QoS, Port Security, DAI, PoE, etc
# Distribution Layer - usually it is an edge between L2 and L3. WAN, Services etc
#If you have more than 3 distribution layer in a single location - use Core Layer
# Core Layer:
# -Connected Distribution layers together in large LAN networks
# -The focus is a speed (fast transport)
# -CPU-intensive operations such as security, QoS maiking / classification, etc shoukd be avoided at this layer
# -Connections are all layer 3. No spannigt-tree
# -Should maintain connectivity throught the LAN even if device fail
#=====================================================================
# UCS (Unified Computing System)
# Virtualisation types:
# - Type 1 hypervisor (Bare-Metall)
# The type of hypervisor which runs directly on top of the hardware
# VMWare ESXi, MS Hyper-V, QEMU-KVM
# - Type 2 hypervisor (Hosted hypervisor)
The hypervisor runs as a programm on an operating system like a regular computer programm
Oracle Virtual Box, VMWare Workstation etc
# Both types use Virtual switching
# Cloud Services
# - On-premises
# All servers, network devices, and over infrastructure are located on a company property
# All equipment is purchased and owend by the company using it
# The company is responsible for the nexessary space, power, colling and etc
# - Colocation
# Data centers that rent out space for customers to put their infrastructure (servers, network devices)
# - Cloud Services
# To understand what the clous is, lets look at the following outined is SP 800-145
# a) Five essential characteristics
# b) Three service models
# c) Four deployment models
#
# a)
# - On demand self-service #User can choose to start and stop using a service
# - Broad network access #Provide access for IP Phones (ie UISCOM), Think-clients etc
# - Resource pooling #Provide resources when needed
# - Rapid elasticity #Quick Scalability
# - Measured service #Need more resources - pay more, less - less
# b)
# - Sofware as a Service (SaaS) - like Office 365, gmail etc
# - Platform as a Service (PaaS)
# - Infrastructure as a Service (IaaS) -like Amazon EC2
# c)
# - Public cloud like AWS, AZURE, GCP, OCI, IBM cloud, Alibaba cloud
- Prived cloud
- Community cloud
- Hybrid cloud
#=====================================================================