Category: Network

Data standardization : Collection info list

Posted on by lechuck park

From ChatGPT with some prompting
Certainly, the image represents the process of collecting data from facilities, demonstrating how different technical components interact.

  • Facility: This indicates the physical equipment or site generating data, likely composed of various sensors and devices.
  • Data Relay Device: It serves as an intermediary, relaying data collected from the facility to the network. It is depicted as being connected to the network via an IP address and port number.
  • TCP/IP Network: The path through which data is transmitted, utilizing the TCP/IP protocol to transfer data. This network manages the flow of data to the data point.
  • Data Point: The location where collected data is processed, where important metrics such as software protocol and data collection rate are set.
  • Network Topology: This represents the physical or logical layout of the network, including performance-related metrics such as the specifications of switches.
  • TCP/IP Layer: Although not explicitly illustrated in the image, the TCP/IP network is intended to be managed as a distinct logical layer. This emphasizes the advantages of managing and optimizing the data transmission process.

The image visually communicates these technical details, providing an overview of how each component is interconnected for the purpose of data collection and transmission.

Hub/Switch/Router

Posted on by lechuck park

From ChatGPT with some prompting
The image appears to be an educational diagram explaining the basic functions and differences between three types of network devices: hubs, switches, and routers. Here’s what the image indicates about each device:

  • Hub: A hub is a simple networking device that broadcasts all incoming data packets to every connected device, regardless of the destination MAC address. It’s depicted as sending the same data to devices A, B, C, and D.
  • Switch: Unlike a hub, a switch is intelligent enough to filter and forward data packets based on their destination MAC addresses. This means it only sends the data to the specific device it is intended for, improving network efficiency and reducing collisions.
  • Router: A router operates at a higher level than switches and hubs. It routes data packets not just based on MAC addresses but also using IP addresses. It can connect multiple networks and manage the data traffic between them using protocols like BGP (Border Gateway Protocol).

The note at the bottom of the image states that the functions of these devices are not completely separated, and higher-level equipment includes the functions of the lower-level equipment. This means routers can perform the functions of switches, which in turn can perform the functions of hubs.

From Gemini with some prompting
The image is a diagram of a network consisting of hubs, switches, and routers. The functions of each device are as follows:

Hub: A hub is a central device that connects network devices. All devices connected to a hub can communicate with each other. When a hub receives a data frame, it transmits it to all ports.

Switch: A switch is similar to a hub, but it only transmits data to the device connected to each port. A switch uses MAC addresses to determine which port to transmit a data frame to.

Router: A router is a device that connects two or more networks. A router uses IP addresses to determine which network to transmit a data packet to.

In the image, each device is connected as follows:

  • Computers A, B, C, D: Each computer is connected to a hub or switch.
  • Hub: The hub is connected to a switch.
  • Switch: The switch is connected to a router.

The image also includes a description of the type of data that each device handles:

  • Hub: The hub transmits all data frames to all ports.
  • Switch: The switch uses MAC addresses to determine which port to transmit a data frame to.
  • Router: The router uses IP addresses to determine which network to transmit a data packet to.

Load balancing with traffic flow

Posted on by lechuck park

From ChatGPT with some prompting

  1. Direct Analysis & Distribution within One Network:
    • This method involves load balancing within a single network using a load balancing switch. The user requests a service via a URL (step 1). The load balancing is handled internally by the switch, which directly analyzes traffic and distributes the load to various servers within the network.
  2. URL Redirection:
    • Here, a user requests a service using a URL (step 1). The network then uses URL redirection to guide the user to the best service URL (step 2), which may involve multiple redirections within one network until the most optimal service endpoint is selected for the user (step 3).
  3. GSLB (Global Server Load Balancing) Control:
    • In this approach, the user starts with a DNS lookup when requesting a service (step 1). The DNS uses the geographic information from the client’s IP to return the best service IP (step 2). The user then requests the service at the given IP address (step 3). This method uses global considerations such as network and service load to balance traffic across multiple networks.
  4. IP Anycast with BGP (Border Gateway Protocol):
    • Users request a service directly using an IP address (step 1). The best service IP is determined via the BGP, which routes traffic based on the shortest available path (step 2). With IP anycast, the user is automatically directed to the nearest or most appropriate service location based on network routing protocols.

Each of these methods is designed to distribute network traffic efficiently. The goal is to ensure service reliability and performance, optimize server use, and improve the overall user experience by reducing latency.

MTU & MSS

Posted on by lechuck park

From Copilot with some prompting
Certainly! Let’s clarify the distinct purposes of MTU (Maximum Transfer Unit) and MSS (Maximum Segment Size):

  1. MTU (Maximum Transfer Unit):
    • Associated with Ethernet, MTU represents the maximum size of an Ethernet frame.
    • When data is transmitted over a network, it is divided into smaller packets (frames). MTU defines the largest size a frame can be.
    • If a frame exceeds the MTU, it will be fragmented by the outgoing network device.
    • MTU optimization aims to efficiently share network bandwidth.
  2. MSS (Maximum Segment Size):
    • Associated with TCP (Transmission Control Protocol), MSS controls the flow of data within a TCP session.
    • It specifies the largest amount of data that can be sent in a single TCP segment.
    • The sender determines how many MSS units are sent at a given time.
    • MSS plays a crucial role in TCP congestion control and affects the TCP window size.

In summary, MTU focuses on frame size in the Ethernet layer, while MSS governs data segmentation and flow control in the TCP layer.

BGP Flow

Posted on by lechuck park

From Gemini with some prompting
Example Presentation Script

  1. BGP Session Overview

Hello everyone. Today, we will delve into the details of the BGP session establishment process. BGP is an internet routing protocol that facilitates the exchange of routing information between different autonomous systems. Establishing a stable BGP session is critical for efficient traffic forwarding across the internet.

  1. TCP Connection Establishment

A BGP session commences with a TCP 3-way handshake on port 179. After establishing a reliable connection, the session proceeds to the Open message exchange phase to negotiate the fundamental parameters for the BGP session.

  1. Open Message Exchange and Keepalive Message Exchange

The Open message exchange establishes BGP parameters such as version, autonomous system number, and Hold Timer. Hold Timer defines the session’s inactivity timeout. Keepalive messages maintain the connection by periodically exchanging messages. If no Keepalive message is received within the Hold Time, the session terminates.

  1. Update Message Transmission and Path Selection

The core of the BGP session lies in the Update message transmission. Update messages contain new, modified, or withdrawn routing information. They include network, next hop, and path attribute information, enabling routing table updates and optimal path selection.

  1. Withdrawal Message and Loop Prevention

Obsolete routing information is announced through Withdrawal messages and subsequently removed from the routing table. AS path information prevents routing loops and allows each AS to control the exchanged routing information.

  1. Conclusion

The BGP session establishment process comprises TCP connection establishment, Open message exchange, Keepalive message exchange, Update message transmission, path selection, Withdrawal message, loop prevention, and policy enforcement. This process ensures a stable BGP session and facilitates efficient routing information exchange.

Load balancing

Posted on by lechuck park

From DALL-E with some prompting

Direct Analysis and Distribution:

Traffic flows directly from a group of users to a group of servers.
This traffic can be distributed based on static information such as TCP/IP headers, user IP/Port, etc., through a “Static hash map.”
Alternatively, “Dynamic Analysis Traffic” can be used to distribute the load based on throughput or service load.
These processes require guidelines on “How to Control” and “How to Analysis.”
Pre-connection Routing Change:

The CDN Load Balance (GLBS) operates differently based on User IP and Request URL.
It controls responses through “nice destination IP return” or “BGP advertisement Routing Control,”
Or distributes traffic through “Response redirect URL.”
All these processes are executed through a Control phase.

Anomaly IP Packet header

Posted on by lechuck park

From Gemini with some prompting
Title: Anomaly Detection (IP Packet Header)

Overview:

The image illustrates the structure of an IP packet header and how to detect anomalous activities based on TCP/IP header information.

Key Elements:

  • IP Address: Identifies the server.
  • TCP/UDP Port: Used to send and receive packets.
  • Service Port Number: Port number used to connect to a specific service.
  • Service Area: IP address range where a specific service is provided.

Indicators of Anomalous Activity:

  • Unknown IP: Packets coming from unknown IP addresses.
  • Foreign IP: Packets coming from overseas IP addresses.
  • Unused Port: Packets sent to unused ports.
  • TCP/UDP Port == 0: Packets with TCP/UDP port number 0.
  • IP/TCP Checksum == 0: Packets with IP/TCP checksum 0.
  • Unused IP Protocol: Packets using unused protocols.
  • Too Large (IP.ttl): Packets with excessively large TTL values.
  • Too Many (TCP Syn): Excessive number of SYN packets.
  • Too Many (IP. fragmented): Excessive number of fragmented packets.