Computer three-level network technology [knowledge collection] 2022.7.18

foreword

I saw the three-level computer network technology knowledge point of [Very unparalleled personal space in the world-Bilibili], which is combined with video + explanation. After searching for a long time, I couldn’t find the word document in the video. I recognized the screenshot of the video as text by myself . notes!

1. BGP

出现 24 次（共有 29 套题)
①Recite knowledge points

1. BGP is 边界网关协议, 外部and is not, an interior gateway protocol (a protocol used between routers in different autonomous systems (ASs).
2. A BGP speaker uses TCP(not UDP) to exchange routing information with BGP speakers of other autonomous systems.
3. The number of nodes exchanging routing information in the BGP protocol is based on the number of autonomous systems, and the number of nodes exchanging routing information in BGP is not less than the number of autonomous systems
4. BGP uses it 路由向量协议, while RIP uses a distance vector protocol.
5. The BGP speaker notifies neighboring systems through update packets instead of noticfication packets. When update packets are used to update routes, only one route can be added to a message.
6. The open group is used to establish a relationship with another adjacent BGP speaker, and the two BGP speakers need to periodically (not irregularly) exchange keepalive packets to confirm the adjacency relationship between the two parties.
7. The four groups used in the implementation of the BGP routing protocol are 打开( open), 更新( update), 保活( keepalive) and 通知( notification) groups.

** ②List of Exam Questions**

Second, the hub

** ①Recite knowledge points**
高频21次

1. At work 物理层, all nodes connected to a hub share/ 属于(not independently) a collision domain.
2. Only one node can send data at a time, while other nodes are in the state of receiving data (multiple nodes can receive data frames at the same time). When a node connected to a hub sends data, that node executes CSMA/CD(not CA) a medium access control method.
3. A hub in series with a network link can listen for packets on that link.
4. The hub 不是completes data forwarding based on the MAC address/network card address/IP address (based on the MAC address, etc. 网桥或交换机), but the source node uses a pair of sending lines to broadcast the data through the bus inside the hub.
5. Hubs use twisted pair cables to connect workstations.
6. A device that uses Sniffer to capture all communication flows of different ports belonging to the same VLAN on a port of a network device is a hub.
   ②List of Exam Questions
   

3. OSPF

** ①Recite knowledge points**
高频21次

1. OSPF is 内部a gateway protocol that uses the shortest path algorithm 分布式链路状态协议.
2. For a large-scale network, OSPF is used to 划分区域improve the convergence speed of routing updates. Each area has a 32-bit area identifier, routers within the area 不超过200个.
3. The link state database of each router in an OSPF area contains 本区域(not the entire network) topology information, and does not know the network topology of other areas.
4. Link state "metrics" mostly refer to 费用、距离、延时、带宽etc., not paths.
5. This information is flooded to all (not adjacent) routers when a link state changes.
6. What is saved in the link state database is 全网的拓扑结构图not a complete routing table, nor is it only saving the data of the next-hop router.
7. To ensure that the link state database is consistent, OSPF 一段时间refreshes the link state in the database every (indeterminate)

②List of Exam Questions

4. Cyber ​​attacks

①Recite knowledge points

1. SYN Flooding攻击: Use an invalid IP address and use the three-way handshake process of the TCP connection to make the victim host request for an open session until the connection times out. During this period, the victim host will continue to accept such session requests, and eventually stop responding due to resource exhaustion.

2. DDos攻击: Use multiple compromised systems to send a large number of requests to focus on attacking other targets, and the victim device denies service because it cannot handle it.

3. SQL注入攻击: It belongs to exploiting system vulnerabilities, and it is difficult to be blocked by network-based intrusion prevention systems and host-based intrusion prevention systems. Firewalls (network-based protection systems) cannot stop this attack.

4. Land攻击: Send a data packet to a certain device, and set the source IP address and destination address of the data packet as the address of the attack target.

5. 协议欺骗攻击: An attack that steals privileges by forging the IP address of a host. There are the following types: (1) IP spoofing attack. (2) ARP spoofing attack. (3) DNS spoofing attack. (4) Source routing spoofing attack.

6. DNS欺骗攻击: The attacker uses some kind of deception to make the user obtain a wrong IP address when querying the server for domain name resolution, thereby leading the user to a wrong Internet site.

7. IP欺骗攻击: The technology of forging the IP address of a certain host to cheat privileges and then carry out attacks.

8. Cookie篡改攻击: The illegal access to the target site can be realized by tampering with the Cookie, which cannot be blocked by the network-based intrusion prevention system.

9. Smurf攻击: The attacker pretends to be the IP address of the victim host and sends a directed broadcast packet of echorequest to a large network. Many hosts in this network respond, and the victim host will receive an old echo reply message. A network-based intrusion prevention system can block Smurf attacks.

10. Network-based defense systems cannot block it Cookie篡改、DNS欺骗、SQL注入.

11. Both network-based intrusion prevention systems and host-based intrusion prevention systems are difficult to block cross-site scripting attacks and SQL injection attacks.

②List of Exam Questions

5. IPS

①Knowledge points to recite
中频12次IPS (Intrusion Prevention System)

1. Intrusion Prevention System (IPS) integrates firewall technology and intrusion detection technology, works in In-Line (inline) mode, and has sniffing function.

2. IPS is mainly divided into host-based IPS (HIPS), network-based IPS (NIPS) and application IPS (AIPS).

3. HIPS is deployed in the protected host system, which can monitor the system calls of the kernel and block attacks.

4. NIPS is arranged at the exit of the network, generally connected in series between the firewall and the router (connected in series in the protected link). False positives (not false negatives) of attacks by NIPS can cause legitimate communications to be blocked.

AIPS is generally deployed in front of a protected application server.

3. List of exam questions

In the following description about IPS, the error is ().

A. NIPS should be connected in series in the protected link

B. NIPS' false reporting of attacks will result in legitimate communication being blocked

C. HIPS can monitor the system calls of the kernel and block attacks

D. AIPS is generally deployed on the front end of the application server

Answer: B

Analysis: NIPS is arranged at the exit of the network, and is generally connected in series between the firewall and the router. For NIPS, the accuracy and high performance of intrusion detection are critical. False positives of an attack will cause legitimate communications to be blocked, resulting in a denial of service. HIPS is installed on the protected host system to detect and block threats and attacks against the host. It is closely integrated with the operating system kernel, monitors the system calls of the kernel, blocks attacks, and records logs. AIPS is generally deployed at the front end of the application server to ensure the security of the application server, so option B is wrong.

Application Intrusion Prevention System (AIPS) is generally deployed in ( ).

A. Front turbulence of the protected application server

B. In the protected application server

C. Protected application server backend

D. The exit of the network

Answer: A

Analysis: Intrusion prevention systems are mainly divided into three types: host-based intrusion prevention systems, installed in the protected host system, to detect and block threats and attacks against the machine; network-based intrusion prevention systems, arranged at the network exit , generally connected in series between the firewall and the router, and the incoming and outgoing data streams of the network must pass through it: the application intrusion prevention system is generally deployed on the front end of the application server, and it is a high-performance network device that extends the functions of the host-based and intrusion prevention systems to the front of the server superior.

6. RPR

①Recite 5 knowledge points高频20次

1. RPR is used like FDDI 双环结构.

2. Each node in the RPR ring implements SRPa fair algorithm (not DPT, MPLS).

3. In a traditional FDDI ring, after the source node successfully sends a data frame to the destination node, the data frame is recovered from the ring by the source node. But for RPR rings, this data frame is 目的结点recycled from the ring.

4. The RPR ring restricts the transmission of data frames only on the fiber segment between 源节点and .目的节点

5. RPR adopts the design concept of self-healing ring, which can 50msisolate faulty nodes and fiber segments within (not 30ms) time.

6. RPR can assign different priorities to different service data, and is a transmission technology for efficiently transmitting IP packets directly on optical fibers.

7. The maximum length of bare fiber between two RPR nodes can be reached 100公里.

8. Both RPR 外环（顺时针）and 内环（逆时针）can use 统计复用the method to transmit packets and control packets (not frequency division multiplexing).

②List of Exam Questions

In the following description about RPR technology, the correct one is ().

A. The RPR ring can realize self-healing within 30ms

B. In the RPR ring, the data frame successfully sent by the source node to the destination node must be taken back by the source node from the ring

C. The maximum length of bare fiber between two RPR nodes can reach 100 kilometers

D. The inner ring of RPR is used to transmit data packets, and the outer ring is used to transmit control packets

Answer: C

Analysis: Resilient Packet Ring (RPR) adopts the self-healing ring design idea, which can isolate faulty nodes and fiber segments within 50ms, and provide SDH-level fast protection and recovery. RPR restricts the transmission of data frames only on the fiber segment between the source node and the destination node. After the source node successfully sends a data frame, the data frame is retrieved from the ring by the destination node. The maximum length of the bare optical fiber between two RPR nodes can reach 100km. RPR refers to the optical fiber ring in the clockwise transmission direction as the outer ring, and the optical fiber ring in the counterclockwise transmission direction as the inner ring. Both the inner ring and the outer ring can use the method of statistical multiplexing to transmit data packets and control packets. Therefore C is correct.

In the following description about RPR technology, the error is ().

A. RPR can isolate faulty nodes and fiber segments within 50ms

B. The maximum length of bare fiber between two RPR nodes is 10 kilometers

C. Both the inner and outer rings of RPR can transmit data packets and control packets

D. Each node in the RPR ring executes the SRP fair algorithm

Answer: B

Analysis: RPR adopts the design concept of self-healing ring, which can isolate the faulty node and fiber segment within 50ms. Each node in the RPR ring executes the SRP fair algorithm. The maximum length of the optical fiber is 100km, and both the inner and outer rings of the RPR can transmit data packets and control packets. So choose B.

Seven, router technology

1. The packet forwarding capability of a router is related to the number of ports, port speed, packet length, and packet type. (no port type)

2. 丢包率It is one of the performance indicators to measure the router when it is overloaded. (routing table capacity is not)

3. 吞吐量Refers to the packet forwarding capability of the router, including port throughput and overall machine throughput. Backplane capacity determines router throughput. (It is not the throughput that determines the router 背板能力)

4. Traditional routers generally adopt the structure of sharing the backplane, and the structure 高性能路由器generally adopted 交换式.

5. 突发处理能力It is measured by the maximum sending rate at which data packets are sent at the minimum frame interval without causing loss, and 不单单is measured 最小帧间隔值since .

6. Voice and video services require delay and jitter 较高.

7. The main performance of the router 服务质量is in the queue management mechanism, port hardware queue management and supported QoS protocol types. (not packet forwarding efficiency)

8. The router determines the packet forwarding path through the routing table.

9. The router's queue management mechanism refers to the router's queue scheduling algorithm and congestion management mechanism.

2. Typical examples

In the following description about router technical indicators, the wrong one is ( ).

A. The packet forwarding capability of a router is related to the number of ports, port speed, packet length and packet type

B. High-performance routers generally use a shared backplane structure

C. The packet loss rate is one of the indicators to measure the router's overload capacity—

D. The quality of service of the router is mainly manifested in the queue management mechanism and the type of QoS protocol supported

Correct answer: B

Analysis: The packet forwarding capability of a router is related to the number of ports, port speed, packet length, and packet type. The packet loss rate is one of the indicators to measure the overload capacity of the router. The core router adopts a shared backplane structure, and the quality of service of the router is mainly reflected in the queue management mechanism and supported QoS protocol types. Option B is wrong.

In the following descriptions about router technical indicators, the wrong one is ( ).

A. Throughput refers to the packet forwarding capability of the router

B. The backplane capability determines the throughput of the router

C. Voice and video services have high requirements on delay and jitter

D. Burst processing capability is measured by the minimum frame interval value

correct answer: D

Analysis: The burst processing capability is measured by the maximum sending rate at which data packets are sent at the minimum frame interval without causing loss. Option D is wrong.

8. Access technology