CCNA Questions

Ques 1:- What is the Difference between Hub and Switch? Ans :HUB 1. Hub is a Layer 1 Device 2. Hub is not more intelligent device 3. Hub does not reads the frame 4. Hub provides the always broadcasting in the network 5. we cannot configure Hub 6. In Hub the rate of data transmission is slow 7. hub is a half duplex device 8. the rate of data transmission is divided in hub 9. hub does not provide packet filtering in the network 10. hub is a single broadcast domain 11. hub is a single collision domain 12. Hub does not create any table SWITCH 1. Generally Switch is a Layer 2/ Layer 3 Device 2. Switch is a more intelligent device 3. Switch reads the frame 4. Switch provides conditional broadcasting in the network 5. we can configure Switch 6. In Switch the rate of data transmission is fast 7. Switch is a full duplex device 8. the rate of data transmission is not divided in Switch 9. Switch provide packet filtering in the network 10. Switch is a single broadcast domain (By default) 11. Switch is a separate collision domain 12. Switch creates a table that Table is called switching table Ques 2:- What is the Between Normal Switch and Manageable Switch? Ans :Normal Switch we cannot configure normal switch that means we cannot create VLAN in this Switch. with the help of this switch we cannot create a separate broadcast domain in the network

Manageable Switch we can configure Manageable switch that means we can create VLAN in this Switch. with the help of this switch we can create a separate broadcast domain in the network Ques 3:- How many types of Switch? Ans :There are two types of switch 1. Normal Switch 2. Manageable Switch Ques 4:- What is the Difference between Switch and Bridge? Ans :Generally Switch and bridge are having the same functionality in the network but there is one major difference between switch and bridge. Bridge maximum 16 ports are available Switch Maximum 100 ports are available

Ques 5:- What is the Function of Router? Ans :Router is a Device that provides the Connectivity between Tow and More Different Network ID. Router is a Layer 3 Device of OSI model.

Ques 6:- What is the function of Layer 2 Switch? Ans :Layer 2 switch provides the connectivity within a single Network ID in the Network. There are two types of Layer 2 Switch

1. Normal Switch 2. Manageable Switch Ques 7:- What is the Function of Layer3 Switch? Ans :Layer 3 Switch provides the connectivity between two or more different Network ID. It is basically use for Inter VLAN Routing in the Network.

Ques 8:- What is the function of Layer 2 Device?

Ans :-

Layer 2 Device provides the connectivity within a single Network ID. As for example 1. Switch 2. Bridge

Ques 9:- What is the function of Layer 3 Device? Ans :Later 3 Device provides the connectivity between two or more different Network ID as for example

1. Router 2. Layer 3 Switch Ques 10:- How many Types of Router are Available in the Network? Ans :There are two types of Router in the Network

1. Fixed Router i.e. 2500 Series 2. Modular Router i.e. 1600, 1700, 2600, 3600, 4500 and above Series Ques 11:- What are the Difference between Fixed Router and Modular Router? Ans :Fixed Router we cannot add additional serial port as well as Ethernet port in this Router i.e. 2500 Series Modular Router we can add additional Serial port as well as Ethernet port in this Router i.e. 1600, 1700, 2600, 3600, 4500 and above Series

Ques 12:- How Many Ports are available on the Router? Ans :1. 2. 3. 4. Generally there are five types of ports are available on the Router Serial PortSerial ports provides The Wan Connectivity Ethernet PortEthernet ports provides the LAN Connectivity Console PortFor Configuration Of Router, Switch, pix BRI/PRI PortISDN Line Is Connected on this port

5. Auxiliary PortRemotely Configuration of Router. Ques 13:- What is Broadcast Domain? Ans :When Ever one Computer Are Sending A Broadcast message in the Network And If Another Computer Receive That Broadcast message, in that Case We Can Say Both Computer Belongs To Single Broadcast Domain. 1. Hub Is a Single Broadcast Domain 2. Switch is a Single Broadcast Domain by Default 3. Router Is a Separate Broadcast Domain 4. Bridge Is a Single broadcast Domain By default.

Ques 14:- What is Collision Domain? Ans :When Ever Two Computer Are Sending a Message to Each Other at a Same Time, Then Collision Will Be Happen, in that case we can Say Both Computer belongs to Single Collision Domain. 1. Hub Is a Single Collision Domain 2. Switch Is a Separate Collision Domain 3. Bridge is A Separate Collision Domain 4. Router Is a Separate Collision Domain

Ques 15:- What is VLAN? Ans :VLAN stands for Virtual Local Area Network it reduce the broadcasting in the network. With The Help Of VLAN We Can Create A Separate Broadcast Domain in The Switch.

Ques 16:- What is Inter VLAN Routing? Ans :Inter VLAN Routing provides the communication between two or more different VLAN in the Network. For Inter VLAN Routing we must have to require layer 3 device in the network.

Ques 17:- What is the function of Spanning Tree Protocol {STP}? Ans :STP Stands for Spanning tree Protocol. It Stops the looping in the network

Ques 18:- What is the function of BPDU {Bridge Protocol Data Unit}? Ans :BPDU Stands for Bridge protocol Data unit. It is basically used in spanning tree operation In the Network. It detects the looping in the Network.

Ques 19:- What is Trunk? Ans :Trunks carry your multiple VLAN traffic in the network. Trunk Are Always configured on fast Ethernet port.

Ques 20:- What is Uplink Port? Ans :Uplink port provides the Connectivity between Two Or more Network Devices in the Network.

Ques 21:- What is Native VLAN? Ans :By default VLAN one are available on the switch and all of ports are member of that VLAN that is called Native VLAN. We cannot Modify or delete native VLAN but we can change the membership of any port in the switch.

Ques 22:- How many types of VLAN? Ans :There are two types of VLAN

1. Static VLAN 2. Dynamic VLAN Ques 23:- What is the difference between Static VLAN and Dynamic VLAN? Ans :Static VLAN In Static VLAN administrator assign the manually membership of any port in any particular VLAN in the switch. Dynamic VLAN Dynamic VLAN basically works on MAC Address Basis in the network. In dynamic VLAN administrator do not assign the manually membership of any port in any particular

VLAN in the switch. For dynamic VLAN we will use VMPS Server. VMPS stands for VLAN Management policy Server. Ques 24:- What is Routing? Ans :Routing route a packet from one network ID to another network ID. Routes are created on router. Layer 3 device provides the routing in the network. As for example layer 3 switch and router.

Ques 25:- What is Routing Table? Ans :Routing Table Are Stored on the Router In the Network. In Routing Table All OF the routes are Available on the Router. When Ever Router Receive Any Packets From one network Then after Router Find Out the destination network in Routing Table Then After, Router Send that packet To Respective Router in the network

Ques 26:- How many methods to create a Route on the Router? Ans :There are two methods to create a route on the router

1. Static routing In a static routing administrator manually create a route on the router it is basically use for smaller size network. 2. Dynamic Routing In dynamic routing we will use some protocol that Protocol is called dynamic routing protocol. Whenever we will enable a routing protocol on the router then after router automatically create a Route. It is basically use for larger size network. Ques 27:- What is the Difference between Static Routing and Default Static Routing? Ans :Static Routing In static routing Administrator manually create A Route on the router. It is basically use for Smaller Size organization in the network.

Default static Routing If only one Existing point is Available on The Router, In That case We Will create A Default static route on the Router. Ques 28:- What is IOS {Internetwork Operating System}? Ans :IOS stands for Inter Network Operating System. IOS works as an interpreter between hardware device and user interface.

Ques 29:- What is Protocol? Ans :Protocol is a set of rules and regulations that provides the communication between two or more different devices in the network.

Ques 30:- How many types of Protocol in the Network? Ans :There are two types of protocol in the network

1. Routing Protocol i.e. RIP, IGRP, EIGRP, OSPF 2. Routed Protocol i.e. TCP/IP, IPX/SPX, Apple Talk Ques 31:- What is the Difference between Routing Protocol and Routed Protocol? Ans :Routing Protocol Routing Protocol is responsible For Sending and Receiving a Route from One Router to another Router in the Network. When Ever We Will Enable a Routing protocol on the router, in That case Router Automatically creates A Route on the router. As for ExampleRIP, IGRP, EIGRP, and OSPF Routed Protocol Routed Protocol is responsible for provides the communication From Source device To Destination Device in the Network. As For ExampleTCP/IP, IPX/SPX, apple talk Ques 32:- What is the difference between Industry standard Routing Protocol and Cisco Standard Routing Protocol?

Ans :-

Except Cisco All of the Company Router Are Only Support Industry Standard Routing protocol. This Company Router Only Support RIP & OSPF Routing protocol in The Network. But Cisco Have developed Own routing protocol that is Called Cisco Standard Routing protocol. IGRP & EIGRP Is the Cisco standard Routing protocol in the network. Cisco Are Talking About My Routing protocol Is More intelligent routing protocol than RIP & OSPF. And he is also talking about If U Will Use my router, My Router Supports All of the routing protocol in the network. Such AsRIP, IGRP, EIGRP, OSPF

Ques 33:- What is AD {Administrative Distance}? Ans :AD stands for Administrative Distance. Administrative Distance defines the intelligence of any dynamic routing protocol in the Network. Lower the AD that is the more intelligent routing protocol. Whenever we will enable two or more dynamic routing protocol on the router then it will be used.

Ques 34:- What is BGP {Border Gateway Protocol}? Ans :BGP stands for Border Gateway Protocol. It provides the communications between two or more different environment in the Network. As for example

1. Provides The Communication Between Two or more different Dynamic routing protocol 2. Provides The Communication Between Two or more different autonomous system number Ques 35:- What is VMPS {VLAN Management Policy Server}? Ans :VMPS stands for VLAN management policy server. It works on MAC address basis. It is basically used in Dynamic VLAN.

Ques 36:- What is Route Bridge?

Ans :-

Route Bridge is a master switch in the network. Every switch is having a one ID number that number is called Bridge ID. Lower the Bridge ID that switch becomes A Route Bridge and rest of the switches are non route bridge In the Network. Route bridge and non route bridge depends on bridge ID. Bridge ID is a combination of priority + MAC Address. This Term is basically used in spanning tree operation in the Network.

Ques 37:- What is Non-Route Bridge? Ans :Non Route Bridge is a secondary switch in the network. Route Bridge is the master switch in the network. This Term is basically used in STP operation In the Network.

Ques 38:- What is Root Port? Ans :It is the port on the non route bridge that is connected to Route Bridge at less port ID. This port is always in forwarding stage. It is also called designated port.

Ques 39:- What is Forwarding Stage? Ans :Every port are having in two stage

1. Forwarding stage in forwarding stage we can send the packet as well as receive the packet through that port. This port is also known as designated port. 2. Blocking stage - in blocking stage we cannot send the packet as well as receive the packet through that port. This port is also known as non designated port. Ques 40:- How many types of Truncking Protocol? Ans :There Are Two Types Of trunking protocol in The Network 1. ISL(inter Switch link) 2. IEEE 802.1Q

Ques 41:- What are Difference between RIP, IGRP, EIGRP and OSPF Routing Protocol? Ans :1. RIP-: RIP Stands For Routing Information protocol It Is a Industry standard Dynamic Routing Protocol IT Is not a More Intelligent Dynamic Routing Protocol It Is Basically Use For Smaller Size Organization It Support Maximum 15 Routers in the Network. 16 Router Is Unreachable It is denoted By R in Routing Table. Its Administrative Distance Is 120. In RIP Routing protocol We Can not create A Separate Administrative boundary in The Network. It Calculate the Metric In Terms Of Hop Count From source Network to destination Network. Lower the Hop count that Is the Best route For That Particular Network. It works on Bellman Ford algorithm RIPV.1 Do Not Support VLSM RIPV.2 Support VLSM 2. IGRP-: IGRP Stands For Interior Gateway Routing protocol It Is a Cisco standard Routing protocol It IS A More Intelligent Routing Protocol Than RIP It Is Basically use For Medium To Larger size organization in The Network It Is denoted by I in Routing Table It supports Maximum 255 routers in The Network Its administrative Distance Is 100 In IGRP Routing protocol We Can Create a separate Administrative Boundary in The Network with the Help Of autonomous System No. It Calculates the Metric in terms Of bandwidth And Delay. It Is Also Called Composite Metric. It works On Bellman ford Algorithm IGRP Do Not Support VLSM

3. EIGRP-: EIGRP Stands For Enhanced Interior Gateway Routing protocol It Is a Cisco standard routing protocol It Is a More Intelligent routing protocol Than RIP And IGRP It Is Basically Use For Medium to Lager Size Organization in the network. It supports Maximum 255 Routers in The Network Its Administrative distance Is 90 It calculates the Metric In Terms Of Bandwidth And delay EIGRP Works on DUAL(Diffusing Update Algorithm) Algorithm EIGRP is denoted by D in Routing Table. EIGRP Supports VLSM EIGRP Creates three table In the Router 1. Neighbor Table 2. Topology Table 3. Routing table 4. OSPF-: OSPF stands For Open shortest path First It Is A Industry standard Routing protocol It supports Unlimited router in the Network It Is Denoted By O in routing Table Its Administrative distance is 110 It Is basically Use For Larger Size Organization in The Network In OSPF Routing protocol We Can Create a separate administrative boundary in the Network through Area No. within The same area all of The routers Are exchanging The Route information From Neighbor router in the network. It Calculates the Metric in terms of Bandwidth OSPF works on DIJKSTRA Algorithm It Is a More Intelligent routing protocol OSPF Supports VLSM

 OSPF Routing protocol Creates three Table in the router 1. Neighbor Table 2. Database table 3. Routing Table Ques 42:- What is CIDR {Classless Inter Domain Routing}? Ans :CIDR Stands for Classless Inter Domain Routing.

Ques 43:- What is VLSM {Variable Length Subnet Mask}? Ans :VLSM stands For Variable Length Subnet Mask. Whenever we are Using Different-different Subnet Mask in entire Organization, that architecture Is Called VLSM.

Ques 44:- What is CLSM {Constant Length Subnet Mask}? Ans :CLSM stands For Constant Length Subnet Mask. Whenever we are Using Same Subnet Mask in entire Organization, that architecture Is Called CLSM.

Ques 45:- What is the function of Console Cable? Ans :With the help of console cable we will configure the router, switch, pix.

Ques 46:- What is the function of Multilayer Switch? Ans :Multilayer switch provides The Different-Different Functionality in the Network. That means that switch provides the Function of Layer2 switch, layer 3 switch And Also Works as a layer 4 Switch in the network

Ques 47:- What is Access List? Ans :Access list provides the Normal security in the network. Access list telling the router that which IP packet will be forwarded and which IP packet will be discarded in the network.

Ques 48:- What is the function of Layer 1 Device?

Ans :-

Layer 1 device provides the communication within the single network ID. As for example Hub, Repeater, Cable, NIC

Ques 49:- What is VTP {VLAN Trunking Protocol}? Ans :VTP Stands For VLAN Trunking Protocol. It is basically used in VLAN Environment. VLAN Trunking protocol provides the Sending and Receiving Multiple VLAN information In the Network.

Ques 50:- How many types of VTP Operation Mode? Ans :There are three types Of VTP operation Mode in the Network 1. VTP Server mode 2. VTP Client Mode 3. VTP Transparent mode BY default all of The Switch Are VTP Server Mode in the Network. Ques 51:- What is the difference between VTP Server Mode, Client Mode and Transparent Mode? Ans :1. VTP Server Mode By default all of the switch are VTP Server Mode. In this Mode We Can Modify the VLAN, that Means We can create a VLAN; Delete a VLAN As Well as Rename a VLAN. 2. VTP Client Mode In this Mode we Can not Modify The VLAN That means We Can Not create a VLAN, Delete a VLAN As well as Rename a VLAN In the Switch. In this Mode Switch Can receive the VLAN Information from Other Switch in The Network.

3. VTP Transparent Mode In this Mode We can Modify the VLAN database that Means we can create a VLAN, Delete a VLAN As Well As rename a VLAN But This switch Can Not

receive The VLAN Information from Other switch as well As this switch Can Not Send the own VLAN information to other Switch in The Network. That means we can say this Switch Is Not participated in the VLAN configuration in the Network Ques 52:- What is Switching Method in the Network? Ans :Switching Method define How the Data is Sending As Well As receiving From one Switch To Another Switch in the Network. There are three types of switching Method in the Network 1. Store-in-Forward 2. Cut-Through 3. Fragment free Ques 53:- What is difference between Store-and-Forward, cut-through, Fragment-Free Method? Ans :1. Store-in-forward 2. Cut-Through 3. Fragment free

Ques 54:- What is CDP {Cisco Discovery Protocol}? Ans :CDP Stands For Cisco discovery protocol. It is a Cisco standard protocol. This Protocol automatically Search the Neighbor devices in the Network.

Ques 55:- How many Types of Memory are available in the Router? Ans :1. 2. 3. 4. There are four types of memory are available in the router Flash Memory DRAM {Dynamic Random Access Memory} NVRAM {Non Volatile Random Access Memory} ROM {Read Only Memory}

Ques 56:- What is the booting Sequence of Router? Ans :There are three steps for booting a router In the Network

1. POST {Power On Self Test} 2. Load IOS {Internetwork Operating System} 3. Load Startup Configuration Ques 57:- What is the difference between RIPv1 and RIPv2? Ans :There is one major difference between RIP v1 and RIP v2. RIP v1 does not support VSLM but RIP v2 support VLSM In the Network.

Ques 58:- What is the difference Classfull Routing and Classless Routing? Ans :When Ever we are talking about Class full Routing, in this Routing We Will use CLSM (Constant Length subnet Mask) in the Network When ever we are talking about Classless routing, in this routing we will Use VLSM (Variable Length Subnet mask) in the Network Ques 59:- What is ASN {Autonomous System Number}? Ans :ASN stands for Autonomous System Number. ASN define the administrative boundary in the network. Within the same autonomous system number all of the routers are exchanging the route information from neighbor router in the network.

Ques 60:- How many types of Cisco Standard Routing Protocol in the Network? Ans :There are two types of Cisco standard routing protocol

1. IGRP {Interior Gateway Routing Protocol} 2. EIGRP {Enhanced Interior Gateway Routing Protocol}

Ques 61:- How many types of Industry Standard Routing Protocol in the Network? Ans :There are two types of Industry Standard Routing Protocol

1. RIP {Routing Information Protocol} 2. OSPF {Open Shortest Path First} Ques 62:- What is the function of Area Number in OSPF Routing Protocol? Ans :Area Number defines the administrative boundary in the network. Within the same area all of the routers are exchanging the route information from neighbor router in the network. Area 0 is called backbone area. In this area all of the routers are called backbone router. Whenever any area wants to communicate with another area that query must be forwarded through area 0. Every area is directly connected to area 0 in the Network.

Ques 63:- What is the function of Loopback Interface in OSPF Routing Protocol? Ans :Loop back interfaces Are Basically Used in OSPF Environment. Loop Back interface IP Address Define the RID Of Any Router in the network. It is basically useful in DR and BDR Selection in the Network.

Ques 64:- What is Update Timer? Ans :Update timer define the interval of Route Update packet from one Router to Another Router in the network.

Ques 65:- What is Hold down Timer? Ans :When Ever Router do not receive A Route Update packet From neighbor router, in that case Router Hold That route in Route table for a particular time, that time Is called Hold Down timer in the network.

Ques 66:- What is Invalid Timer?

Ans :-

This Timer Specify how Long a Router Should Wait before Declaring A Route is Invalid if it does not receive a Specific update About It.

Ques 67:- What is Flush Timer? Ans :After Flush Timer Router Delete a Particular Route from routing Table in the Network.

Ques 68:- What are the Timer of RIP, IGRP, EIGRP and OSPF Routing Protocol? Ans :1. 1. 2. 3. 4. 2. 1. 2. 3. 4. RIP Timer--Update Timer 30 Second Hold down Timer180 Second Invalid Timer180 Second Flush Timer240 Second IGRP Timer Update timer90 Second Hold Down timer280 Second Invalid timer270 Second Flush Timer630 Second

3. EIGRP Timer 4. OSPF time Ques 69:- What is the benefit of Sub netting? Ans :There Are Many benefit Of Sub netting Such As 1. Reduce The Broadcasting In The Network 2. No Loss of host ID 3. Create A Separate broadcast Domain in The Network Ques 70:- What is the benefit of Super netting? Ans :There are many benefit Of Super netting Such as

1. Route Summarization 2. Ques 71:- What is difference between Static NAT, Dynamic NAT and Overloading NAT? Ans :There are three Types of NAT in the Network 1. Static NAT In Static NAT Only One Computer IS Connected To Internet. For That We Define The Mapping Of That Particular Computer in The Network. 2. Dynamic NAT In Dynamic NAT We Define the Pool. In This NAT Only Some Computer Is Connected To Internet At A Same Time.

3. Overloading NAT (PAT) Overloading NAT Is Also Called PAT (port Address Translation). With The Help of PAT All of the Internal User Are connected to internet through Single Public IP Address In the network. In this NAT All User Query Are Differentiate Through port Basis in the network, thats why it is Called PAT. Ques 72:- What is PAT {Port Address Translation}? Ans :Overloading NAT Is Also Known As PAT. PAT stands For Port Address Translation. With The Help of PAT All of the Internal User are connected to internet through single Public IP Address. In PAT all Of the Users Query are Differentiated Through port Basis, thats why it is Called PAT.

Ques 73:- What is the Broadcast MAC Address? Ans :Broad Cast MAC address is-- FF-FF-FF-FF-FF-FF

Ques 74:- What is the Broadcast IP Address? Ans :Broad Cast IP address Is--- 255.255.255.255

Ques 75:- What is function of Telnet Command? Ans :Telnet Command provides the Remotely Configuration of Any Devices in The Network. Such As--Router, Switch, Pix.

Ques 76:- How many types of Access List in the Network? Ans :There are two types of access List in The Network. 1. Number Access List 2. Name Access List Number and Name access List is Again divides in to two parts 1. Standard Access List 2. Extended Access List Ques 77:- What is the difference between Number Access List and Name Access List? Ans :Number access List In this access List we can not edit the existing access List. Name access List In this access List we can edit The Existing access List According to My company requirement.

Ques 78:- What is difference between Standard Access List and Extended Access List? Ans :There are two types Of Number and Name access List in the Network 1. Standard Access ListIn Standard Access List We Will Only Define Source Not a Destination and This Access list Will Be Apply on Always on Destination Location Not a Source Location in The Network. 2. Extended Access Listin Extended Access list We Will Define Source As well as Destination and Also Define the particular services. This Access List Will Be Apply on Source As well As Destination in the Network but Recommendation Is Always Apply on Source location. Ques 79:- What is Wild Card Mask?

Ans :-

Wild Card mask are generally Used in Access list And OSPF routing environment in the Network.

Ques 80:- How many types of ISDN Technologies are available in the Network? Ans :There are two types of technologies are available in the network 1. BRI {Basic Rate Interface} 2. PRI {Primary Rate Interface} Whenever we are talking about BRI technologies, in this technology two B channel and one D channel are available. Whenever we are talking about PRI technologies again PRI are divided into two technologies 1. T1 Technologies 2. EI Technologies Ques 81:- What is the difference between BRI and PRI Technologies? Ans :BRI Stands for Basic rate Interface. When Ever we are talking about BRI, in BRI Maximum 2 B Channel And 1 d Channel Are available in The Network. Per B Channel Speed Is 64 Kbps And per D Channel Speed Is 16 Kbps in the Network. PRI Stands for Primary Rate interface. When Ever we are talking about PRI, in PRI There Are Two Types of Technology Are Available 1. E1 Technology - In E1 Technology Maximum 30 B Channel and 1 d channel are available. Per B Channel Speed is 64 Kbps And per d Channel speed Is 64 kbps in The Network 2. T1 Technology In T1 Technology Maximum 23 B Channel and 1 d channel are available. Per B Channel Speed is 64 Kbps And per d Channel speed Is 64 kbps in The Network Ques 82:- What is function of B Channel in ISDN Technologies? Ans :B Channel provides The Rate Of data Transmission in The Network

Ques 83:- What is the Function of D Channel in ISDN Technologies? Ans :D Channel provides the data signaling in the Network. Connections establish From Source to Destination Computer in the Network Depends on D Channel Speed.

Ques 84:- What is HDLC {High level Data Link Control Protocol}? Ans :HDLC Stands for High Level data Link Control Protocol. This protocol Is Basically Used in leased line In the Network. By default HDLC Protocol is enable on Cisco router.

Ques 85:- What is PPP? Ans :PPP stands for point to Point protocol. It Is an Industry standard Protocol in The World. This protocol Is Basically Used in Internet.

Ques 86:- What is the Difference between ISDN and Frame Relay Technologies? Ans :ISDN Stands for Integrated service Digital Network. Generally ISDN Works on SVC (Switched virtual Circuit) in the Network. In isdn we are Using PPP (point To point Protocol) In the Network Frame relay provides the Point to point connectivity in The Network. Generally this technology works on PVC (Permanent virtual circuit) in the network. In this technology we are using frame-relay protocol in the network. Ques 87:- What is TFTP {Trivial File Transfer Protocol}? Ans :TFTP Stands for Trivial File Transfer Protocol. With the Help of TFTP server we can take the Backup or Restoring of Router, Switch and pix Configuration in the Network

Ques 88:- What is the function of Metric in Dynamic Routing Protocol?

Ans :-

Metric (Cost) are generally used in Routing environment. If More Than one routes are Available for any particular Network in routing Table in That Case Router use The Metric Value. Lower the Metric that Is the Best route for That Particular Network. If the Metric Value is same In that case Router Will Do the Load Balancing in The network

Ques 89:- How many types of Subnet Mask? Ans :There are two types of subnet Mask in the Network 1. Default subnet Mask 2. Customized subnet Mask Ques 90:- What is the difference between Default Subnet Mask and Customize Subnet Mask? Ans :Default subnet Mask It is Generally Used in Class Full IP address In the Network. Customized subnet Mask It is Generally Used in Classless IP address in the Network. When ever we are talking About Sub netting and super netting in That Case we will Use Customized Subnet Mask in The Network. Ques 91:- What is RID {Router Identification No.}? Ans :Every Router are Having a one ID No. That No. Is Called RID (Router Identification No.). Highest IP Address Of any Router Is RID No. Of That Particular Router in the Network.

Ques 92:- What is DR {Designated Router}? Ans :DR stands for designated router. It is Basically Used in OSPF Routing protocol in The Network. DR Are Having Complete Database Information Of entire Topology in the Network.

Ques 93:- What is BDR {Backup Designator Router}?

Ans :-

BDR Stands for Backup designated Routed. It is Basically Used in OSPF routing Protocol in the Network. BDR Stores the Complete Backup Information of Network topology. When DR Will Down in that Case BDR Becomes a DR in the Network

Ques 94:- What is Process ID in OSPF Routing Protocol? Ans :Process Id Is Nothing Just enables The OSPF routing Process in the Network. Process Id Can Be Same or May Be different on all of the Router in the Network

Ques 95:- What is Bridge ID? Ans :Every Switch is having a one Id No. that No IS Called Bridge Id. Bridge Id Is a Combination Of priority + Mac address. Lower The Bridge Id That switch becomes a Route Bridge in the Network. In Lemon Language We Can Say Route Bridge Is a Master switches in The Network. Every Switch are Having a Default priority That Is32768 in the network. We can Change the Switch priority.

Ques 96:- What is DLCI {Data Link Connection Identification Number}? Ans :DLCI stands for data Link Connection Identification Number. It is basically used in frame relay technology in the Network. With The Help of DLCI No. We can create PVC (permanent Virtual Circuit) from source Location to Destination Location in the Network. DLCI No Can be from 16 to 1024 in the network.

Ques 97:- What is CIR {Committed Information Rate}? Ans :CIR Stands For Committed Information Rate. What Ever the Data Transmission rate is committed By Service Provider to Customer, That Is Called CIR (Committed information rate) in the Network. This Term are generally Used In frame-relay technology in the network

Ques 98:- What is PVC {Permanent Virtual Circuit}? Ans :When Ever a Permanent Route Is established Between Source to Destination Computer in the Network, that Is Called PVC

(Permanent Virtual Circuit). In PVC All of The data is Sending from Source Computer to destination Computer through That Route in the Network. Ques 99:- What is SVC {Switched Virtual Circuit}? Ans :When Ever a Permanent Route Is Not established Between Source to Destination Computer in the Network, that Is Called SVC (Switched Virtual Circuit). In SVC All Of The data Are Sending from Source Computer to destination Computer Through May Be a Different Way in the Network.

Ques 100:- What is DE {Discard Eligibility}? Ans :DE Stands For Discard Eligibility. This Term is basically used in frame relay technology in the Network. It provides to stop the congestion in frame relay technology.

Ques 101:- What is FECN {Forward Explicit Congestion Notification}? Ans :FECN stands for forward Explicit Congestion Notification. This Term is basically used in Frame relay technology in The Network. It provides to stop the congestion in frame relay technology.

Ques 102:- What is BECN {Backward Explicit Congestion Notification}? Ans :BECN Stands for Backward Explicit congestion Notification. This Term is basically used in frame-relay technology In the Network. It provides to stop the congestion in frame relay technology.

Ques 103:- What is VTP Pruning? Ans :Ques 104:- What is Split Horizon? Ans :Ques 105:- What is Root Poisoning?

Ans :-

The User-Space VPN and OpenVPN

Understanding the User-Space VPN History, Conceptual Foundations, and Practical Usage By James Yonan

Copyright James Yonan 2003

What is a VPN and how is it different from other security software?

Fundamentally, a VPN is a set of tools which

allow networks at different locations to be securely connected, using a public network as the transport layer. VPNs use cryptography to provide protections against eavesdropping and active attacks. VPNs are most commonly used today for telecommuting and linking branch offices via secure WANs.

The Wide area network before VPNs

Firms would spend thousands of dollars per

month for private, dedicated circuits to link branch offices. The rise of the internet created cheap but insecure bandwidth. The VPN concept was to produce the virtual dedicated circuit, pump it over the internet, and use cryptography to make it secure.

A brief history of VPNs

IPSec was the first major effort to develop a

standard for secure networking. First version in 1995. IPSec, like other early crypto developments, were hamstrung by export controls and insufficient processor power in the routers where they were to be implemented. Some components of IPSec, e.g. IKE are still in development today. Long Development time!

IPSec problems
Slow progress resulted in a splintering of

efforts during the mid-90s SSL was one such offshoot, developed to provide application-level security rather than network level security. Traditional IPSec implementations required a great deal of kernel code, complicating crossplatform porting efforts. IPSec is a complex production with a relatively steep learning curve for new users.

The rise of SSL and user-space VPNs.

IPSecs slow progress and complexity caused

many to turn to other solutions. By contrast, SSL matured quickly, due to heavy usage on the web. SSL runs in user space, simplifying implementation and administration. The so-called SSL VPN is really just a web application that tries to give users the services they need without a full VPN implementation.

Linux and virtual network interfaces

The maturing of the Linux OS by the late 90s

provided an excellent test bed for experimental networking concepts. One such innovation is the tun or tap interface. The first tun driver for linux was written by Maxim Krasnyansky.

What is a tun interface?

A tun interface is a virtual network adapter

that looks like point-to-point network hardware to the OS, such as a T1 line. But instead of pushing bits out a wire, the tun driver pushes them to user space. A user space program can open the tun device just like a file and read and write IP packets from and to it. A tap interface is a similar production, only it emulates ethernet rather than point-to-point.

How is a tun interface used to build a VPN?

Suppose I have a tun interface on machine A,

and another on machine B. I write a simple network application with two threads. Copy bits from tun device -> network socket. Copy bits from network socket -> tun device. If I run this app on machine A and B I will have constructed a very simple VPN minus the security component.

How is a tun interface used to build a VPN (continued)?

From A I can ping the tun device on B, and

from B I can ping the tun device on A. That ping will actually travel over the socket connection, i.e. the ping packet will be encapsulated within a UDP or TCP packet and sent between A and B. The problem with this very simple VPN is its missing the security it is what is known as a cleartext tunnel.

Adding security to the VPN

The simple VPN we have constructed,

tunnels a virtual network interface over a TCP or UDP connection. By forwarding such a TCP connection over a secure port forwarding tool such as SSH, we can build a real VPN.

Problems with using SSH to build a VPN

The previous example has a problem, however. IP is what is known as an unreliable protocol. This is not a value judgment. Rather, it means that IP assumes that packets sent over a physical or virtual network might be lost or corrupted. Protocols in the IP family such as TCP try very hard to work under this assumption.

Reliable and Unreliable protocols

TCP is a reliable application protocol that

utilizes an unreliable transport layer. This means that your web browser (HTTP is a TCP protocol) expects TCP to handle the glitches in the connection between your client and a possibly distant web server. TCP does this by retransmitting packets which are lost due to network congestion. TCP is a reliability bridge between the application and physical network layers.

Encapsulating Protocols
One of the cool things about networking is

that you can take one protocol and encapsulate it into another. Getting back to our simple VPN example, we are encapsulating IP into a TCP port, then using SSH to secure that TCP connection with another remote host. As far as encapsulation is concerned, we are encapsulating IP (which includes TCP and UDP protocols) into TCP.

Encapsulating TCP in TCP the problem

There is a fundamental problem, however, in

this encapsulation graph. TCP is designed to flow over unreliable networks. Pushing TCP into TCP means that we are nesting one reliability layer into another, essentially producing a whole level of redundancy. This redundancy translates into less efficiency and less robustness during congested network conditions.

Fixing the problem

A better solutions is to encapsulate TCP in

UDP. UDP is the unreliable cousin of TCP. It strips out the whole reliability layer of TCP, giving the application the responsibility to sort out problems of dropped packets, or packets arriving in a different order from how they were sent.

Why is UDP better for encapsulating IP?

The fundamental reason is that IP was

designed to flow over wires, fiber, or wireless links which are all unreliable physical media that can suffer from glitches or congestion. Because UDP is itself an unreliable protocol, it gives IP a transmission medium which is as close as possible to its native environment. Encapsulating IP in UDP is the ideal choice.

VPNs and UDP

The modern, portable, easy-to-configure,

user-space VPN has several basic properties. IP packets from tun or tap virtual network adapters are encrypted and encapsulated, onto a UDP connection, and sent to a remote host over the internet. The remote host decrypts, authenticates, and de-encapsulates the IP packets, pumping them into a tun or tap virtual adapter at the other end.

The VPN is invisible to applications tunneling over it.

This user-space VPN model essentially links

a local tun virtual adapter with a remote tun virtual adapter. One can apply routes or firewall rules to tun or tap interfaces in the same way that you can apply them to ethernet interfaces. Applications using a VPN would find them indistinguishable from a wide area network implemented with dedicated circuits.

Enter OpenVPN
There are several Open Source VPNs today

that follow the user-space tun/tap model. OpenVPN, VTun, Tinc, Cipe, and many more are being actively developed today. They stand in contrast to IPSec solutions such as FreeSwan which attack the problem in a very different way.

User-space Tun/Tap vs. IPSec

There is some controversy about which

approach is better. User space is more portable and easier to configure. IPSec is more complex, and offers multivendor and dedicated router support. IPSecs complexity sometimes makes it difficult for vendor As implementation to talk to vendor Bs.

IPSec in a nutshell
IPSec is a complex modification to the IP

stack itself. IPSec examines packets coming out of an IP interface, determines if a security association exists with the destination, and then tries to automatically encrypt packets at one end and decrypt them at the other. The dream of IPSec is that it just works and you never need to know its there (this concept is often referred to as opportunistic encryption).

IPSec limitations
As IPSec evolved, the internet evolved along

with it. The IPv4 address shortage created a profusion of private networks that use NAT to access the internet through a single IP address. The IP address shortage also caused an increase in the use of dynamic IP addresses. IPSec proved somewhat inflexible to these new developments.

IPSec limitations (continued)

Because IPSec considered the source and

destination addresses to be part of the secured payload, it broke interoperability with NAT. Since then, the IPSec standard has tried to evolve around these limitations. IPSec has also been both lauded and criticized for its security. Sometimes such praise/blame emanates from the same individuals! (see next slide)

The Two Minds of IPSec -- N. Ferguson and B. Schneier

We are of two minds about IPsec. On the one hand,

IPsec is far better than any IP security protocol that has come before: Microsoft PPTP, L2TP, etc. On the other hand, we do not believe that it will ever result in a secure operational system. It is far too complex, and the complexity has lead to a large number of ambiguities, contradictions, inefficiencies, and weaknesses. [...] We strongly discourage the use of IPsec in its current form for protection of any kind of valuable information, and hope that future iterations of the design will be improved. However, we even more strongly discourage any current alternatives, and recommend IPsec when the alternative is an insecure network. Such are the realities of the world.

How does a VPN achieve security?

A VPN must protect against passive and

active attacks. A passive attacker is an eavesdropper who has no ability to interrupt or modify the data channel between two parties. Encryption is effective at defeating passive attacks.

Active Attacks
An active attacker has the ability to insert

himself into the communication channel and add, modify, or delete data packets between both parties to the channel. For this reason, such attacks are commonly referred to as Man-in-the-middle attacks.

Active attacks are thwarted through the use of authentication

While many believe that VPN security is all

about encryption, the larger and more difficult problem to solve is the problem of authentication. Authentication in the VPN context involves signing every packet with a secure hash, so that the recipient can prove that it originated from a legitimate source. Both OpenVPN and IPSec use the HMAC construction to authenticate packets.

HMAC isnt a 100% solution against active attacks.

Even after applying HMAC, we are still

vulnerable to two types of active attacks: Replay attacks. Known plaintext attacks.

Replay Attacks
Suppose an attacker was able to tap into his

banks T1 line at 3am when traffic is low. While observing the encrypted bits flowing across the line with a tool such as snort, he logs onto his banks web site and does a number of small wire transfers, observing the encrypted packets flowing over the banks T1 line. He is able, by timing analysis, to gain access to a sample of encrypted packets that represent his money transfers.

Replay attacks, continued

What if he then spams the T1 with a large

number of those sampled packets. He doesnt need to know the encryption algorithm, he only needs to reproduce the packets. If the bank is only using encryption without replay protection, they may find an unexplained deluge of questionable transfers the following morning.

Replay attacks, continued.

The solution to the problem is to embed a

unique ID or timestamp in every packet before it is signed. The receiver needs to keep track of this timestamp, and make sure that it never accepts a packet with the same timestamp twice. Both OpenVPN and IPSec implement replay protection using the Sliding Window Algorithm.

Known plaintext attacks.

Getting back to our bank cracker, suppose

that he makes 5 transfers of differing amounts of money. By analyzing the ciphertext stream over the T1 as his transfers are taking place, he is able to discern the byte offsets in the packets that represent the dollar amount of the transfer, even though the amounts themselves are encrypted gibberish.

Known plaintext attacks (continued).

Suppose the $ amount is a 32 bit integer. He inserts some bogus packets onto the link

with the dollar amount altered. He doesnt know what the final dollar amount will be when it is decrypted but he knows if he tries enough values, some of them will turn out to be large and disruptive.

This would be impossible (I hope) in 2003.

This scenario could not, of course, happen

today. The importance of this kind of thought experiment is to show that encryption, even if it is unbreakable, is not enough to secure against an active attacker. Encryption must be combined with authentication (HMAC), randomized IVs, and replay protection, to protect against the previously discussed attacks.

OpenVPN and Cryptography

Cryptography is an advanced and specialized

field. OpenVPN takes a modular approach to cryptography. Most crypto functions are offloaded to the OpenSSL library. OpenVPN has protection against both passive attacks and known types of active attacks.

OpenVPN and keying

OpenVPN tries to supply the best of both

worlds when it comes to keying. Static, pre-shared keys are provided for ease of configuration. Full RSA PKI, through the OpenSSL library, is provided for full certificate and private key operation. SSL/TLS can be used for initial authentication and symmetric key exchange.

Authentication only leads into a bigger problem key management.

The HMAC construction is a strong and

elegant contribution from the cryptography community but it still needs a shared secret key to exist at both ends of the secure connection. How do two parties bootstrap their key exchange process in a way that protects against the exchange being hijacked by an attacker?

Enter public key cryptography.

In the September, 1977 issue of The Scientific

American, Ronald L. Rivest, Adi Shamir and Leonard M. Adleman introduced to the world their RSA cipher, applicable to public key cryptography and digital signatures. The authors offered to send their full report to anyone who sent them self-addressed stamped envelopes, and the ensuing international response was so overwhelming the NSA balked at the idea of such widespread distribution of cryptography source code. When no response was made by the NSA as to the legal basis of their request, distribution recommenced, and the algorithm was published in The Communications of the ACM the following year.

Public Key cryptography is really about the problem of authentication

Since long before the age of computers,

cryptography was practiced between individuals who possessed a shared key. The innovation of Public Key cryptography was to show how individuals could communicate securely without needing a preexisting secure medium over which to share their keys.

Public Key technology solves the key sharing problem.

Public key cryptography solves the problem

of providing the secure medium over which the initial shared secret key can be exchanged. The real encryption still occurs with a shared, symmetrical key. The public key process only gives us a means of sharing this key electronically over an insecure medium.

Public key cryptography.

Public key cryptography allows you to

generate a public and private key pair. The private key never leaves your hard drive. The public key is published far and wide. To communicate with someone, you only need their public key. But once content has been encrypted with a public key, only the private key can decrypt it.

Public key cryptography and authentication.

Public key cryptography as described thus far

still has a missing link. How do you know that the person on the other end of the communication channel is who they say they are? They can present their public key, but that proves nothing about their identity.

Enter the Certificate.

Public key cryptography and RSA pioneered the

concept of secure signatures. I can sign a file with my private key. I can publish my public key. Anyone who receives the file can verify that it was signed by my public key. The mathematics of the algorithm behind digital signatures ensures that it would be infeasible to forge a signature without having the correct private key.

The Certificate Authority.

The certificate authority (CA) is the final

result in a long linkage of developments in applied cryptography that attempt to solve the problem of authentication. The CA has a super-secret key that they keep under armed guard. They have a team of investigators who verify the identity of clients. They then sign the keys of clients with their super secret key.

CAs Continued
The CAs public key becomes a public

commodity, embedded in applications and operating systems. The CAs root certificate forms a the root of a chain of public keys which can be used to verify the indentity of any of the CAs clients. The CA solves the problem of authentication by trusted referral. CAs are the basis of authentication on the secure web.

Cryptography conclusion
While OpenVPN draws heavily on the

cryptography-related developments of IPSec, there are details about any encrypted communication session which cannot be hidden. Traffic Analysis is one type of attack that no internet-based, modern cryptosystem can protect against. But when considering the needs of most VPN users, the modern crypto technology proves more than sufficient.

OpenVPN Features
OpenVPN tries to take advantage of all the

capabilities which are possible to a user space VPN. Portability. Familiar daemon-style usage. No kernel modifications required. State-of-the-art cryptography layer provided by the OpenSSL library.

OpenVPN Features, continued.

Very comfortable with dynamic addresses or

NAT. Supports most operating systems in the known computing universe, including Linux, Windows, Mac OS X, the three BSDs, and Solaris.

OpenVPNs 3 tier security model

One of the maxims of computer security is

that complexity is the enemy of security One way of reducing the impact of software complexity on overall software security is to force incoming network traffic to pass through a kind of security gateway that is a much simpler piece of code than the applications behind it A prime example of this is the firewall.

OpenVPNs 3 tier security model (continued)

The key is to reduce the number of lines of

code which can be touched by unauthenticated packets. These fewer lines of code can then be more rigorously scrutinized for vulnerabilities. OpenVPN expands on the concept of a firewall, using the tls-auth option to subject incoming packets to a preliminary digital signature test before they are passed on to the actual SSL/TLS code.

OpenVPNs 3 tier security model (continued)

Tier 1 Use HMAC-based tls-auth option to

prevent an attacker from injecting packets into the SSL/TLS subsystem. Tier 2 Use SSL/TLS for bidirectional client/server authentication. Tier 3 Downgrade OpenVPN daemons privilege level using --user/--group to help contain a successful code injection exploit.

VPNs and Networking

As much (or more) can be written about the

topic of VPNs and networking as can be written about VPNs and cryptography. 95% of the tech support problems that people have with VPNs are with the networking and firewall layers, not the cryptography layer. The two major techniques for VPN networking are routing and bridging.

Bridging vs. Routing in the VPN context

Bridging is a technique for creating a virtual,

wide-area ethernet LAN, running on a single subnet. Routing solves the problem of a wide area VPN by using separate subnets and setting up routes between them.

Bridging Advantages
Broadcasts traverse the VPN -- this allows

software that depends on LAN broadcasts such as Windows NetBIOS file sharing and network neighborhood browsing to work. No route statements to configure. Works with any protocol that can function over ethernet, including IPv4, IPv6, Netware IPX, AppleTalk, etc. Relatively easy-to-configure solution for road warriors.

Bridging Disadvantages
Less efficient than routing, and does not

scale well.

Routing Advantages
Efficiency and scalability. Allows better tuning of MTU for efficiency.

Routing Disadvantages
On Windows, clients must use a WINS server

(such as samba) to allow cross-VPN network browsing to work. Routes must be set up linking each subnet. Software that depends on broadcasts will not "see" machines on the other side of the VPN. Works only with IPv4 in general, and IPv6 in some special cases.

The nuts and bolt of bridging (1)

Suppose you want to create a secure ethernet bridge

that serves multiple mobile clients, using Linux as the server. First generate a bunch of persistent tap virtual ethernet interfaces on your server, using openvpn mktun. Then use the brctl tool to bridge them together with your real ethernet adapter.

The nuts and bolt of bridging (2)

When clients connect to the server, the tap

virtual ethernet interface at their end can be assigned an IP address from the actual subnet of the physical ethernet LAN connected to the server. So I could have a subnet 10.4.7.0 netmask 255.255.255.0 which is a bridged ethernet. 10.4.7.5 could be a machine in Moscow, Idaho. 10.4.7.6 could be a machine in Moscow, Russia.

VPNs and firewalling

The modern user-space VPN presents virtual

tun and tap interfaces as VPN endpoints. Suppose you have a vpn network device called tun0 You can apply the same kinds of firewall rules to tun0 as you could to eth0 or any other networking device.

VPNs and firewalling (continued).

One of the more troublesome security issues

of VPNs is the way that they create trusted relationships between different networks. This can be bad, as in the case where a worm or virus infects someones home machine, then jumps across the VPN to corporate headquarters. Firewall rules applied to the VPN itself can create a trust relationship between two networks that is more than untrusted but less than fully trusted.

Future directions -- OpenVPN 2.0

In OpenVPN 1.x, a single openvpn daemon

can support a single tunnel over a single tun/tap interface, using a single UDP or TCP port for daemon-to-daemon communication. This model offers maximum flexibility, as the configuration for each tunnel can be customized. The weakness in this model is that it is hard to set up an OpenVPN configuration that handles connections from a large number of dynamic clients.

Future directions -- OpenVPN 2.0 (continued)

OpenVPN 2.0 (currently in beta) solves this

problem by allowing an arbitrarily large number of UDP clients to connect to a single openvpn daemon, which itself uses one tun/tap interface and one UDP port number.

Conclusion
VPNs tie together concepts from cryptography,

networking, and firewalls. VPNs can be used as building blocks to construct anything from a small secure telecommuting solution, to a large-scale secure WAN. The user-space VPN is an elegant solution to the VPN problem in a modular package. VPNs still have a long way to evolve before they are as easy-to-configure as other networking subsystems, such as IP.

OVERVIEW
What is RAID? Benefits of RAID Concepts of RAID RAID Levels

CPEG323

RAID AND ITS BENEFITS

What is RAID?
RAID (redundant array of independent disks; originally redundant array of inexpensive disks) is a way of storing the same data in different places (thus, redundantly) on multiple hard disks.

Benefits OF RAID
Improved Performance High Availability Fault Tolerance

CPEG323

RAID CONCEPTS

STRIPING MIRRORING PARITY

CPEG323

RAID Concepts(Striping)

CPEG323

Raid Concepts (Mirroring)

All data in the system is written simultaneously to two hard disks instead of one; thus the "mirror" concept . 100% data redundancy which provides full protection against the failure of either of the disks containing the duplicated data.

CPEG323

RAID Concepts(Parity)

Parity is redundancy information calculated from the actual data values.

take "N" pieces of data, and from them, compute an extra piece of data. Take the "N+1" pieces of data and store them on "N+1" drives. If you lose any one of the "N+1" pieces of data, you can recreate it from the "N" that remain, regardless of which piece is lost. The parity calculation is typically performed using a logical operation called "exclusive OR" or "XOR".

CPEG323

RAID LEVELS

CPEG323

RAID: Level 0 (No Redundancy; Striping)

Multiple smaller disks as opposed to one big disk

Spreading the blocks over multiple disks striping means that multiple blocks can be accessed in parallel increasing the performance .
A 3 disk system gives 3 times the throughput of a 1 disk system
CPEG323 8

RAID: Level 0 (No Redundancy; Striping)

No redundancy, so what if one disk fails?

Failure of one or more disks results in data loss.

RECOMMENDED APPLICATIONS

Video Production and Editing Image Editing Any application requiring high bandwidth

CPEG323

RAID: Level 1 (Redundancy via Mirroring)

Uses twice as many disks as RAID 0 (e.g., 8 smaller disks with second set of 4 duplicating the first set) so there are always two copies of the data
# redundant disks = # of data disks so twice the cost of one big disk

CPEG323

10

RAID: Level 1 (Redundancy via Mirroring)

What if one disk fails?

If a disk fails, the system just goes to the mirror for the data

Recommended Application

Accounting Payroll Financial Any application requiring very high availability

11

CPEG323

RAID: Level 2 (Redundancy via ECC)

blk1,b0 blk1,b1 blk1,b2 blk1,b3
Checks 4,5,6,7 Checks 2,3,6,7 Checks 1,3,5,7

1
3

0
5

1
6

0 0
7

1
4

0
2 ECC disks

1
1

ECC disks 4 and 2 point to either data disk 6 or 7, but ECC disk 1 says disk 7 is okay, so disk 6 must be in error

ECC disks contain the parity of data on a set of distinct overlapping disks

# redundant disks = log (total # of data disks) so almost twice the cost of one big disk
- writes require computing parity to write to the ECC disks - reads require reading ECC disk and confirming parity

Can tolerate limited disk failure, since the data can be reconstructed
12

CPEG323

RAID: Level 3 (Bit-Interleaved Parity)

blk1,b0 blk1,b1 blk1,b2 blk1,b3

0
(odd) bit parity disk

On RAID 3 systems, data blocks are subdivided (striped) and written in parallel on two or more drives. An additional drive stores parity information. You need at least 3 disks for a RAID 3 array.

writes require writing the new data to the data disk as well as computing the parity, meaning reading the other disks, so that the parity disk can be updated

Can tolerate limited disk failure, since the data can be reconstructed
reads require reading all the operational data disks as well as the parity disk to calculate the missing data that was stored on the failed disk

CPEG323

13

RAID: Level 3 (Bit-Interleaved Parity)

blk1,b0 blk1,b1 blk1,b2 blk1,b3

1 disk fails

1
(odd) bit parity disk

On RAID 3 systems, data blocks are subdivided (striped) and written in parallel on two or more drives. An additional drive stores parity information. You need at least 3 disks for a RAID 3 array.
writes require writing the new data to the data disk as well as computing the parity, meaning reading the other disks, so that the parity disk can be updated

Can tolerate limited disk failure, since the data can be reconstructed
reads require reading all the operational data disks as well as the parity disk to calculate the missing data that was stored on the failed disk

CPEG323

14

RAID: Level 3 (Bit-Interleaved Parity)

Recommended Applications

Video Production and live streaming Image Editing Video Editing Any application requiring high throughput

CPEG323

15

RAID: Level 4 (Block-Interleaved Parity)

RAID 4 improves performance by striping data across many disks in blocks, and provides fault tolerance through a dedicated parity disk.
16

CPEG323

RAID: Level 4 (Block-Interleaved Parity)

It is like RAID 3 except that it uses blocks instead of bytes for striping
Supports small reads and small writes (reads and writes that go to just one (or a few) data disk)
by watching which bits change when writing new information, need only to change the corresponding bits on the parity disk the parity disk must be updated on every write, so it is a bottleneck for back-to-back writes

Can tolerate limited disk failure, since the data can be reconstructed

CPEG323

17

Small Writes

RAID 3 small writes

New D1 data D1 D2 D3 D1 D2 D3 D4 P D4 P

3 reads and 2 writes involving all the disks

RAID 4 small writes

New D1 data D1 D2 D3 D4 P

2 reads and 2 writes involving just two disks

CPEG323

D1 D2 D3 D4 P
18

RAID: Level 5 (Distributed Block-Interleaved Parity)

Parity is distributed across the disks

Supports small reads and small writes (reads and writes that go to just one (or a few) data disk) Allows multiple simultaneous writes as long as the accompanying parity blocks are not located on the same disk

Can tolerate limited disk failure, since the data can be reconstructed
19

CPEG323

RAID: Level 5 (Distributed Block-Interleaved Parity)

Recommended Applications

File and Application servers Database servers Web, E-mail, and News servers Intranet servers Most versatile RAID level

CPEG323

20

Distributing Parity Blocks

RAID 4
1 5 9 13 2 6 10 14 3 7 11 15 4 8 12 16 P0 P1 P2 P3 1 5 9 13 2 6 10 P3

RAID 5
3 7 P2 14 4 P1 11 15 P0 8 12 16

By distributing parity blocks to all disks, some small writes can be performed in parallel
21

CPEG323

Raid : Level 6

RAID level 6 is an evolution of RAID 5. RAID 6 uses double parity for additional fault tolerance.

Like in RAID 5, data is striped at a block level across the disk sets while parity information is generated and written across the array. Now it's possible for more than one drive to fail simultaneously, and the RAID will still CPEG323 22 operate.

RAID: Level 6

Advantages

Perfect solution for mission critical applications as it can sustain multiple drive failures .

Disadvantages

Uses 2 drives for parity

Recommended Applications Database server Mail server Web server Intranet server Transaction processing

CPEG323

23

RAID: Level 0+1 (Striping with Mirroring)

blk1 blk2 blk3 blk4 blk1 blk2 blk3 blk4

redundant (check) data

Combines the best of RAID 0 and RAID 1, data is striped across four disks and mirrored to four disks

Four times the throughput (due to striping)

# redundant disks = # of data disks so twice the cost of one big disk
writes have to be made to both sets of disks, so writes would be only 1/2 the performance of RAID 0

CPEG323

24

RAID: Level 0+1 (Striping with Mirroring)

What if one disk fails?

If a disk fails, the system just goes to the mirror for the data

Recommended Applications

Imaging applications General fileserver

CPEG323

25

RAID: Level 1+0 (Mirroring with Striping)

RAID Level 10 provides very high performance and redundancy. Data is simultaneously mirrored and striped. Can under circumstances support multiple drive failures.
26

CPEG323

THANK YOU Queries?

CPEG323

27