CCNP ENCOR 350-401 Exam Cram Notes

I. Architecture

1. Explain the different design principles used in an enterprise network

1.1. Enterprise network design such as Tier 2, Tier 3, and Fabric Capacity planning.

Spine-leaf:With the increased focus on massive data transfers and instantaneous data travel in the network, the aging three-tier design within a data center is being replaced with what is being called the Leaf-Spine design. It is also referred to as leaf and spine topology, in this design there are switches found at the top of each rack that connect to the servers in the rack,with a server connecting into each switch for redundancy. People refer to this as a top-of-rack (ToR) design because the switches physically reside at the top of the rack.

The Leaf layer consists of access switches that connect to devices like servers, firewalls, load balancers, and edge routers. The Spine layer (made up of switches that perform routing) is the backbone of the network, where every Leaf switch is interconnected with each and every Spine switch.

SOHO: Means small office,home office, and is a small network connecting a user or small handful of users to the internet and office resources such as servers and printers. Usually just one router and a switch, or two, plus a firewall.

3-tier architecture: In this cisco defines 3 layers of hierarchy, the core,distribution, and access each with specific function and it's referred to as a 3-tier network architecture.

2-Tier Architecture:It's also known as collapsed core design because it's only 2 layers. In this the distribution layer is merged with the core layer.

A core is called collapsed when you move the role of the core switches to the distribution switches, merging the core- and distribution layer. We do this by directly connecting the distribution switches to each other, instead of through a core switch.

Common features of most NGFWs:

1. Standard firewall features: These include the traditional (first-generation) firewall functionalities such as stateful port/protocol inspection, Network Address Translation (NAT), and Virtual Private Network (VPN).

2. Application identification and filtering: This is the chief characteristic of NGFWs. This feature identifies and filters traffic based upon the specific applications, rather than just opening ports for all kinds of traffic. This prevents malicious applications and activity from using non-standard ports to avoid the firewall.

3. SSL and SSH inspection: NGFWs can even inspect SSL and SSH encrypted traffic. This feature decrypts traffic, makes sure the applications are allowed, checks other policies, and then re-encrypts the traffic. This provides additional protection from malicious applications and activity that tries to hide itself by using encryption to avoid the firewall.

4. Intrusion prevention: These are more intelligent capabilities and provide deeper traffic inspection to perform intrusion detection and prevention. Some of the NGFWs have built-in IPS functionality so that a stand-alone IPS might not be needed.

5. Directory integration: Most NGFWs include directory support (such as, Active Directory). For instance, they manage authorized applications based upon users and user groups.

6. Malware filtering: NGFWs can also provide reputation-based filtering to block applications that have a bad reputation. This functionality can check for phishing, viruses, and other malware sites and applications

A traditional firewall provides stateful inspection of network traffic. It allows or blocks traffic based on state, port, and protocol, and filters traffic based on administrator-defined rules.

A next-generation firewall (NGFW) does this, and so much more. In addition to access control, NGFWs can block modern threats such as advanced malware and application-layer attacks. According to Gartner's definition, a next-generation firewall must include:

  1. Standard firewall capabilities like stateful inspection

  2. Integrated intrusion prevention

  3. Application awareness and control to see and block risky apps

  4. Threat intelligence sources

  5. Upgrade paths to include future information feeds

  6. Techniques to address evolving security threats

In summary, a next-generation firewall includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.

1.2. High availability techniques such as redundancy, FHRP, and SSO

First-hop router (FHR): A router that is directly attached to the source, also known as a root router. It is responsible for sending register messages to the RP. A Rendezvous Point (RP) is a router in a multicast network domain that acts as a shared root for a multicast shared tree. 

Multicast Routing Information Base (MRIB): A topology table that is also known as the multicast route table (mroute), which derives from the unicast routing table and PIM. MRIB contains the source S,group G, incoming interfaces (IIF), outgoing interfaces (OIFs), and RPF neighbor information for each multicast route as well as other multicast-related information.

Multicast Forwarding Information Base (MFIB): A forwarding table that uses the MRIB to program multicast forwarding information in hardware for faster forwarding.

Last-hop router (LHR): A router that is directly attached to the receivers, also known as a leaf router. It is responsible for sending PIM joins upstream toward the RP or to the source.

Outgoing interface (OIF): Any interface that is used to forward multicast traffic down the tree, also known as the downstream interface.

Previous   Contents   Next

CCNP ENCOR Cram Notes Contents
certexams ad

simulationexams ad