Introduction to Cloud Computing introduction of network

1. Network Foundation

1.1 Types of computer networks

The computer network may be divided into a local area network (LAN), a metropolitan area network (MAN) and a wide area network (WAN)
LAN（Local Area Network）

It refers generally to within a few kilometers, some media may be interconnected by a computer, printer, modem or other device set

MAN（Metropolitan Area Network）

MAN coverage for medium size, between the LAN and WAN, usually within a city network connection (distance approximately 10KM)

WAN（Wide Area Network）

Distance distribution, so as to enable access it in a larger geographical area are connected by various

1.2 common network topology

1.3 computer network functions and metrics

1.3.1 The basic functions of the computer network

Resource sharing, distributed processing and load balancing, integrated information service

The main measure of computer networks 1.3.2

(1) Bandwidth

1. Description can be transmitted within a certain time the amount of data from one node to another node
2 generally in bps
e.g. Gigabit Ethernet bandwidth 1000Mbps, Gigabit Ethernet 10000Mbps

(2) delay

The description of the data transfer network from one node to another node time experienced

1.4 OSI reference model hierarchy

1.5 TCP / IP model

2. VLAN technology

2.1 normal network VLAN

Cerebrovascular is as follows:

2.2 cloud network VLAN applications

Business isolation
Can be isolated by dividing different VLAN, different services of

3. Link Aggregation

Link aggregation is multiple physical links to be aggregated together to form a logical link

Advantages: link aggregation may be provide link redundancy, and can increase the bandwidth of the link

3.1 Link Aggregation related concepts

Aggregate interface is a logical interface, LAG is manually configured as the polymerization \ interface created automatically generated

Key operation when the link is polymerization, a control configuration in accordance with some combination of automatic generation of the configuration of the port member

3.2 Link Aggregation mode

(1) Static aggregation

1. The port does not interact with the peer information device
2. The terminal device information Reference port according to
create and delete user commands 3. static aggregation

(2) dynamic aggregation mode

1. LACP is automatically enabled port, interacting with the peer device LACP packets
according to the local device is exchanging information with the peer device port Reference
delete dynamic aggregation and 3. create user commands

3.3 Link Aggregation type

(1) Layer Link Aggregation

1. All member port Ethernet port
2. need to create a VLAN interface allows the transceiver to support aggregate interface layer 3 IP packets
packets 3 aggregate interface supports sending and receiving of carrying VLAN Tag

(2) Layer Link Aggregation

1. The member ports are all Layer 3 Ethernet port
2 aggregation interface supports send and receive IP packet Layer
3 aggregate interface need to create a sub-interface enables aggregate interface supports sending and receiving packets carrying VLAN Tag

3.4 cloud network link aggregation application

4. DNS

4.1 DNS domain name resolution process

4.1.1 DNS domain structure

1.www.baidu.com is a typical domain, prior Http access it will first be converted to a DNS ip address.
2. domain name and directory tree form similar to a tree structure, the far right is the top-level domain, to left lower-level domain name.
3. All domain names are in the root domain root domain is composed of 13 groups of root name servers manage, from A.ROOT-SERVERS.NET to M.ROOT-SERVERS.NET , the root domain server only to deal with some top-level domain DNS resolution request server 13 root domain servers distributed on all continents by interNIC management
at 4. the root domain is a top-level domain (top level domain, TLD), such as generic top-level domain .com , .NET,. gov and the region .cn TLD level to sub-domains, such as cnblogs, baidu, google, .jp etc. in
5 the lowest level of a host name, such as www, mail, ftp, etc.
6. under the root domain TLD the distribution and use by the non-profit Internet Corporation for assigned names and numbers (Internet Corporation for assigned names and numbers , ICNN) management
7. top level domain next level domain name by the domain name authority management area, host name by domain name owners manage their own

4.1.2 Domain Name Process

Host usually recursive query to query the local name server

Local domain name server queries the root name server, usually by iterative query

Local domain name server recursive queries to query the root name servers (using less).

4.2 DNS application in the cloud network

1. Local network users do AD DNS domain name resolution agent, and can achieve the corresponding resolution policy
2. WEB server network publishing utility grid, corresponding to the domain of telecommunications and China Unicom public network address with SANGFOR AD inbound link load function, act as a DNS server, enable intelligent DNS, enabling intelligent DNS resolution, Unicom China Unicom users return address, telecommunications users of telecommunications return address.

5. DHCP

5.1 DHCP address allocation mode

(1) manual assignment

According to demand, the network administrator to bind a fixed IP address for some few specific host (such as DNS servers, printers), its address does not expire

(2) automatic assignment

Some hosts connected to the network to assign IP addresses, the address used by the host long-term

(3) Dynamic Allocation

IP address of the host application most commonly used method. DHCP server assigns an IP address to the client, and provides a lease for this address, if the lease time expires, the client must request an IP address

5.2 cloud network DHCP application

6. Packet Capture

6.1 wireshark capture

Blog link:
https://blog.csdn.net/csdn10086110/article/details/89813817

6.2 linux tcpdump packet capture

6.2.1tcpdump common packet capture parameters

(1) capture options

-c: Specifies the number of packets to crawl. Note that the final package to get so many.
For example, specifying "-c 10" will get 10 packets, but may have been dealt with 100 packets, but only 10 meet the conditions of the package is the package

-i interface: Specifies the tcpdump need to listen to the interface. If you do not specify this option, the system interface from the list of search smallest number already configured interfaces (not including loopback interfaces, loopback interface to crawl using tcpdump -i lo), once the first matching interface is found, search immediately end. You can use 'any' keyword indicates that all network interfaces

-n: Digitally to address explicitly otherwise explicitly to a host name that is not the -n option hostname resolution

-nn: In addition -n role, also appears as the port number, service name or display port

-N: Do not print the domain part of the host. Such as tcpdump will print 'nic' rather than 'nic.ddn.mil'

-P: Specifies grab bag is flowing into or out of the bag. It can be given is "in", "out" and "inout", the default is "inout"

-s only: Set tcpdump fetch packet length len, if not set the default will be 65535 bytes

host xxxx ip address setting packet capture

udp port tcp port filter according to the UDP port to filter packets according to the TCP port of the packet

(2) output options

-e: Each line of output will include the data link layer header information such as source and destination MAC MAC
-q: Fast printout. That is little agreement print-related information, so that the output rows relatively brief
-X: Packet header of the data output, the output will also in hexadecimal and ASCII two ways
-XX: Packet header of the data output, the output will also in hexadecimal and ASCII two ways, in more detail
-v: When the analysis and when printed, generate detailed output
-vv: Generating more detailed output than the -v
arguments -vvv: Generating more detailed output than the -vv

(3) Other Functional Options

-D: List of capture interface can be used. Will list the number and value of the interface name, they can be used after the "-i"

-F: Read from the file capture expressions. If you use this option, the line given in other expressions, the command will fail

-w: The capture data output to a file instead of standard output. It can be used with "-G time" option at the same time so that the output file will automatically switch to another file every time sec. These files can be loaded through the "-r" option for analysis and printing

-r: Read data from a given file in the data packet. And "-" indicates read from standard input

6.3 Mirroring Overview

Mirror Definition: Mirroring is mirrored copy packets ports (the source port) to an observation port (destination port).

The purpose of the mirror: In the process of network maintenance will encounter situations need to acquire and analyze packets, the mirror can be made without affecting the normal processing flow of packets, packets copy of a mirrored port to an observing port, users use data monitoring device to analyze the messages copied to the observation port for network monitoring and troubleshooting.

6.3.1 Basic Concepts

(1) Port Mirroring

Port mirroring port is monitored, from the traffic classification rules match all packets or packets flowing through the mirrored port is copied to observe observation port or port group.

(2) Observation port

Observation port is a port connected to a monitoring device for outputting a mirroring port copied from the packet.

6.3.2 Port Mirroring

Port mirroring refers to the device copies the packets flowing through the mirrored port, and transmits the packet to a specified port for observing and monitoring analysis

Port mirroring divided into three directions:
Inbound: only packets received by the port mirroring.
Outbound: only packets sent by the port mirroring.
Two-way: on the port to receive and send packets are mirrored.

6.3.3 Traffic Mirroring

Traffic mirroring is to copy the mirror port on a particular traffic flow packets to an observing port for analysis and monitoring.

In flow mirroring, port mirroring application traffic policies flow mirroring behavior. If the packet stream classification rules matching mirror port flows, it is copied to an observation port

Mainstream manufacturers mirrored configuration

7. The new network technology

7.1 SDN technology

SDN: Software Defined Network; a network architecture, philosophy, framework

Basic Features

1. separate control plane and forwarding plane
2. The centralized network control
3. Open Programmable Interface

Core Technology

 (1)控制器和北向接口技术 
 a.开放的REST API 
 b.网络设备私有接口
 (2)交换机和南向接口技术
 a.高性能数据转发和多级流表处理 
 b.开放协议的南向接口协议 
 c.OpenFlow、Netconf等

7.2 network virtualization

Network virtualization concepts

Based on the physical network, to create a plurality of virtual networks by tunnel technology, the virtual network logically isolated from each other, but share the same underlying network bearer. Physical network extends to a depth of cloud and virtualization, network resource pooling capability can get rid of the physical limitations of the network

7.2.1 Overlay Network mainstream implementation

In which the advantages of VXLAN

 VXLAN的优势 
1. L2-L4链路层HASH 
2. 对传输层无修改
3. 已经广泛商用，Open vSwitch源码已经支持并在开源系统广泛应用

7.2.2 VXLAN

(1) VXLAN Profile

VXLAN (Virtual eXtensible LAN, scalable virtual local area network) is an IP-based network, using "MAC in UDP" package of L2 VPN.

VXLAN can be based on an existing service provider or enterprise IP networks, interconnected to provide two-story dispersed physical site, and can provide service isolation for different tenants.

VXLAN mainly used in data center networks, campus access network and cloud computing virtual network.

(2) VXLAN Characteristics

1, support a large number of tenants: number of tenants to use 24-bit identifier, it can support up to 24 th (16777216) a VXLAN 2, so that the massive increase in support, to solve the shortage of traditional Layer 2 network VLAN resources.

2, easy to maintain: the formation of large IP network based on the Layer 2 network, so that network deployment and maintenance easier, and can fully utilize existing IP network technology, for example, load balancing of equivalent routes and the like; only the edge of the IP core network VXLAN device needs to be processed, intermediate network devices only forward packets based on IP header to reduce the difficulty and cost of network deployment.

(3) VXLAN network model

The existing technology VXLAN physical networks Underlay Network Layer, in which the construct virtual Layer 2 network, i.e. Overlay network. Overlay network through encapsulation techniques, the use of three Underlay transfer path provided by the network, to achieve span three tenants Layer packets transmitted between different network sites. For tenants, Underlay network is transparent, the same tenants of different sites like working in a local area network.

(4) VXLAN packet encapsulation format

As shown below, VXLAN packet encapsulation format: adding an outer header 8 bytes VXLAN of Layer 2 frames, an 8-byte UDP header and a 20 byte IP header.
Wherein the destination port number of the UDP header VXLAN UDP port number (the default is 4789).

VXLAN head consists of two parts:
1.Flag: "I" bit is 1, represents VXLAN header valid ID VXLAN; 0, indicating an invalid VXLAN ID. Other unused reserved bits set to zero.
2.**VXLAN ID**: VXLAN used to identify a network, a length of 24 bits.

(5) Application in the cloud network VXLAN

Cloud virtual network, the device connected to the distributed network with a virtual machine, the virtual machine is running on a different physical host, the virtual machine visits to forward data via the communication tunnel between the distributed devices VXLAN

7.3 NFV network functions virtualization

NFV (Network Functions Virtualizations) à is a ISG European Telecommunications Standards Institute (ETSI), and in October 2012 by AT & T, BT, DT, Orange and other operators initiated the establishment, there are more than 150 operators, network equipment suppliers, IT equipment suppliers and technology providers to participate

NFV core ideas
1. Use standard servers, virtualization, cloud computing and other IT technology
2. Insert the software, hardware decoupling

== through network virtualization capabilities for device-service; fully virtualized service deployment, making it possible on the fast lines of business; effectively reduce service deployment costs ==