JSON Web Token (JWT) Tutorial

August 12th, 2020 in ENCOR Knowledge

As you know, the World Wide Web we know today is based on HTTP (which includes both HTTP and HTTPS). If you are reading this tutorial then surely you had to access to networktut.com via HTTP. But HTTP is a stateless protocol so if you logged in then visiting another page on the same site, you would be forced to log in again since HTTP does not save your login status. In order to solve this problem, there are two popular ways to help keep the information you provided for later use: Session-based authentication (sometime called Cookie-based authentication) and Token-based authentication. In this tutorial we will learn both and the difference between them.

READ MORE…

NetFlow Tutorial

July 17th, 2020 in ENCOR Knowledge

One of the most important tasks of a network administrator is to monitor the health of our networks, learn how our bandwidth is being used, what applications are consuming it, when it needs upgrade… Although monitoring protocols like SNMP and SPAN (port mirroring) can help us answer some questions but they are not enough to give us an insightful view of our networks. Luckily we have another amazing tool: NetFlow!

NetFlow is a networking analysis protocol that gives the ability to collect detailed information about network traffic as it flows through a router interface. NetFlow helps network administrators answers the questions of who (users), what (application), when (time of day), where (source and destination IP addresses) and how network traffic is flowing.

Let’s take an example! In the topology below, when traffic from Network 1, 2, 3… passes through the interfaces of a NetFlow enabled device, relevant information is captured and stored in the NetFlow cache. NetFlow collects IP traffic information as records and sends them to a NetFlow collector for traffic flow analysis.

NetFlow_example.jpg

READ MORE…

VXLAN Tutorial

June 11th, 2020 in ENCOR Knowledge

With the rapid growth of networking nowadays, traditional VLANs have to face some challenges. There are four main disadvantages of traditional VLANs:

+ The number of VLANs is small. A traditional VLAN ID is only 12-bit in length so it only provides 4096 VLANs. This number of VLANs is maybe enough in the old days but nowadays it is not, especially for service providers. Suppose each normal customer requires 10 VLANs then a service provider only has enough VLAN to divide for about 400 customers. If a large customer like a bank comes to you, he may require a few hundreds of VLANs. The lack of VLAN is same as the lack of IPv4 addressing space we are facing nowadays.

+ Spanning-tree blocks redundant ports to avoid loops. Another problem of traditional VLAN is it works purely on Layer 2 switch, which comes with Spanning-tree protocol (STP). STP helps block redundant links to prevent loops but they may be the links we have to hire, which cost money. Blocking them means we cannot fully use what we paid for.

+ Another problem is about limited MAC address table space. Nowadays with virtualization, each switchport may connect to a physical server which includes multiple virtual hosts inside. In other words, each physical server may contains many (virtual) MAC addresses. The burden of storing MAC addresses is not on the access-layer switches but on the distribution-layer switches as they have to remember all the MAC addresses that are stored on their connected access-layer switches.

+ The last problem we want to mention here is related to the mobility of virtualization. A key benefit of virtualization is the ability to move virtual machines (VMs) among data center servers while they are running. But to support this feature, VMs must remain in their native subnet. This guarantees network connectivity between the source and destination VM.

VXLAN_Virtualization_Benefit.jpg

READ MORE…

OSPF LSA Types Tutorial

April 27th, 2020 in ENCOR Knowledge

OSPF uses Link State Advertisement (LSA) to build up Link State Database (LSDB) so understanding how LSA works is the key point to grasp how OSPF operates.

OSPF_LSAs_Types.jpg

Quick review
In the topology above:
+ R3 and R4 only belong to Area 1. R1 only belongs to Area 0. R6 and R7 only belong to Area 2. These are known as Internal Routers.
+ R2 belongs to both Area 0 and Area 1. R5 belongs to both Area 0 and Area 2. These routers are known as Area Border Routers (ABRs).
+ Area 0 is known as Backbone Area. Every router which has an interface in Area 0 can be considered a Backbone Router. All other areas must have a connection to Area 0 (except using virtual-link). Without Area 0, routers can only function within that area.
+ When a change occurs in the network topology, the router experiencing the change creates a link-state advertisement (LSA) concerning that link.

OSPF has 11 LSA Types from 1 to 11 but some of them are not used like Type 6 (Multicast LSA), 8 (used for BGP), 9, 10, 11 (Opaque LSAs). In this tutorial we will learn more about other LSA Types (types 1 to 5 and 7).

READ MORE…

PPP over Ethernet (PPPoE) Tutorial

February 29th, 2020 in ENCOR Knowledge

PPPoE stands for Point-to-Point Protocol over Ethernet. It is a means of establishing a point-to-point communications channel over an Ethernet network. But why do we need PPPoE? To understand the reason of PPPoE, we need to understand about Ethernet and PPP.

As we know, Ethernet is not a point-to-point but a multipoint technology (even when two devices are connected back to back). Ethernet is designed to allow multiple devices to share a common medium, called a “broadcast domain”.

While Ethernet is dominating at customer sides, Internet Service Provider (ISP) still like PPP because of authentication (PPP supports CHAP), accounting (checking customer’s bill), link management (ISP can use PPP to assign a public IP address for customer).

However, Ethernet and PPP do not support each other natively. To utilize the benefits of both Ethernet and PPP, a protocol was created: PPPoE, which allows computers to connect to an ISP via a Digital Subscriber Line (DSL) modem.

 

PPPoE_Connection.jpg

READ MORE…