TCP vs.

UDP
By Erik Rodriguez

This article describes how TCP and UDP work, the difference between the two, and why
you would choose one over the other.

Overview

TCP (Transmission Control Protocol) is the most commonly used protocol on the Internet. The
reason for this is because TCP offers error correction. When the TCP protocol is used there is a
"guaranteed delivery." This is due largely in part to a method called "flow control." Flow control
determines when data needs to be re-sent, and stops the flow of data until previous packets are
successfully transferred. This works because if a packet of data is sent, a collision may occur. When
this happens, the client re-requests the packet from the server until the whole packet is complete
and is identical to its original.

UDP (User Datagram Protocol) is anther commonly used protocol on the Internet. However, UDP is
never used to send important data such as webpages, database information, etc; UDP is commonly
used for streaming audio and video. Streaming media such as Windows Media audio files (.WMA) ,
Real Player (.RM), and others use UDP because it offers speed! The reason UDP is faster than TCP is
because there is no form of flow control or error correction. The data sent over the Internet is
affected by collisions, and errors will be present. Remember that UDP is only concerned with speed.
This is the main reason why streaming media is not high quality.

On the contrary, UDP has been implemented among some trojan horse viruses. Hackers develop
scripts and trojans to run over UDP in order to mask their activities. UDP packets are also used in
DoS (Denial of Service) attacks. It is important to know the difference between TCP port 80 and
UDP port 80. If you don't know what ports are go here.
Frame Structure

As data moves along a network, various attributes are added to the file to create a frame. This
process is called encapsulation. There are different methods of encapsulation depending on which
protocol and topology are being used. As a result, the frame structure of these packets differ as
well. The images below show both the TCP and UDP frame structures.

TCP FRAME STRUCTURE

UDP FRAME STRUCTURE

The payload field contains the actually data. Notice that TCP has a more complex frame structure.
This is largely due to the fact the TCP is a connection-oriented protocol. The extra fields are need to
ensure the "guaranteed delivery" offered by TCP.
 IP Ports
By Erik Rodriguez

This article describes ports, how they are used, and how they work.

Ports were developed so that computers could accept data from multiple sources over the same IP
address. Think if it like this; Your TV service is the Internet, and the ports are you channels. You
have many forms of entertainment, news, and information available through many different
channels. Think about this, lets say that MTV is channel 35 on your TV. The same is true for web
servers that run on port 80. Every port has a special purpose just as each channel serves a different
television program. While you only have 1 cable TV subscription, you can still receive multiple
channels.

Two main types of ports: TCP and UDP. TCP stands for Transmission Control Protocol. UDP stands for
User Data Protocol. Some programs on your computer will use TCP ports to communication and
other may use UDP. It is important to know the difference between how the two operation. See TCP
vs. UDP for an explanation with pictures!

There are 65,535 TCP and UDP ports available to transmit data with. Ports 0-1023 are reserved for
common use. These ports are assigned by the IANA (Internet Assigned Numbering Authority). This
means, that every port from 0-1023 will be the same on every system. For example, let's say a
server in New York is using port 80, and so is a server Texas. Because port 80 falls in the range of
reserved ports, we know both servers are using port 80 for HTTP connections. Viewing a list of
known ports can help you determine which type of connections are present on your machine. To see
a list of commonly used port numbers and descriptions click here. For more information see the
netstat article. You can view the RFC on ports (RFC 1700) here.

Servers, or any machine for that matter "listen" on certain ports. For example, a server running
web, FTP, and Telnet services will listen on a port for each. The act of listening simply means the
machine is waiting for another device to connect to it. See the illustration below:

You can see how the server is listening for 3 ports over a single IP address (192.168.0.15). You
should also know that it is possible for multiple devices to connect to a single port. Meaning, a
telnet server may accept over 100 simultaneous connections to port 23.
 Basic Networking Topology
By Erik Rodriguez

This article describes common topologies used for networking. These are a very basic examples, and
large networks often use a combination of two or more topologies.

Introduction

The term "topology" is used to describe the infrastructure of a network. It is a basic map or scheme
of how the network is constructed. Viewing the topology of a network is a lot like looking at the map
of city. You can see the central points or landmarks. Popular points of the cities are usually
surrounded by a dense population of residents. The same is true for computer networks. The
popular points (usually servers) are surrounded by residents (client machines) that connect to the
server.

If you read a networking book about topology, they will probably cover the physical types of
topologies like star, ring, bus, and mesh. While these were all commonly used topologies at one
point in time, star is the primary topology used today. The others may be used in special
circumstances or to connect a large group of routers. For example, the Internet backbones use a
combination of ring and mesh topologies for a self-healing and reliable network.

Within a LAN, there are two main types of structures used within topologies. Server-based networks
are the most common among businesses and large organizations. Peer-to-Peer (p2p) are popular
among Internet networks and file sharing services. The tables below outline the pro's and con's of
each.

Server-Based Networks

Pro's
Easily managed security
policy
Files are centrally located
Files are easy to backup
Con's
Files are not accessible if the server goes down
Hackers target the server as a central point to gain full access of a
network
Network servers can be expensive

The idea of this is to store files on a server. All other machines (clients) on a network access files
from the server. Using a server-based network is also used because it is an efficient way to offer
other services to clients such as firewall protection, DHCP, etc. For more information on servers see
network and Internet servers.

Peer-to-Peer Networks

Pro's Con's
No server needed, equipment is cheap Security Policy can be hard to control
Network traffic is distributed among clients Backup is challenging
Files are scattered across different machines
Topology Structures

The diagrams below show star, ring, and mesh topologies. I will not cover bus topology because it is
VERY rarely used. Remember that large networks often use a combination of these topologies
depending on certain needs or projects. Peer-to-Peer has become popular among file sharing
networks like Edonkey and WinMX. It is also used with BitTorrent.

The server-based network using a star topology is the most common. As you can see, the server
has a high speed connection to a switch that feeds the client machines. Servers are designed to
accommodate high traffic loads from clients. Although it is not shown in the diagram, servers are
always protected using a firewall.

In a peer-to-peer (p2p) network, all files are shared among existing machine. There is no server, so
all machines must sustain traffic loads from other clients. Bottle necking and network saturation are
common problems among p2p networks. This is often helped with the use of software that offers
bandwidth throttling to control the amount of bandwidth in and out of each machine.
As you can see in the mesh network, each machine has multiple connections with other machines.
This is commonly used in large networks connect routers using the BGP protocol. Using a mesh
topology increases the uptime of the network because every machine has another path for data if
one or even two links goes down. This type of network is expensive and certain devices are not
capable of this type of topology.

The ring topology is also commonly used to connect routers. Unlike the star, mesh, or p2p networks
data is sent around the ring in a "round-robin" fashion. Rings can be configured in several different
modes. While some rings only provide 1 physical wire connecting all machines, other rings can be
configured with multiple wires to provide alternate paths in the event one wire goes down. This is
called "self-healing" and is used in SONET networks.
 Firewalls
By Erik Rodriguez

This article describes two different types of firewalls. Configuration and implementation are also
discussed.

What is a Firewall?

A firewall is a system designed to prevent unauthorized access to or from a private network.

Firewalls are now widely used because of the vast amount of broadband connections present. They
provide a first line of defense for your computer or network. If it succeeds in keeping the bad guys
out, while still letting you happily use your network, it's a good firewall¹. Every corporate network
has at least one firewall in use. Firewalls come in all shapes and sizes. Most computers are shipped
from the factory with some type of firewall software or may use the default firewall built into XP.

Types of Firewalls

There are two main types of firewalls: hardware and software. High Level Hardware firewalls are
very expensive and are not practical for the home user. However, low-end routers that perform NAT
act as a hardware firewall. Cheaper broadband routers such as Linksys, Belkin, D-Link, etc provide
this functionality. In a corporate environment, very expensive devices such as the Cisco PIX,
Symantec firewall, and Sonicwall are commonly used hardware solutions. Hardware firewalls are
better solutions for networks with a large amount of clients.

Software firewalls are practical for home users because they are nothing more than a program that
runs with your operating system. These programs are usually inexpensive, free, or come built into
the operating system. They are many different types of firewalls available with many different
options.

Hardware vs. Software

Generally speaking, hardware firewalls perform better than software firewalls for several reasons.
First, a hardware firewall is "dedicated" to inspecting traffic. Unlike a software firewall, it does not
compete for CPU time or RAM. The main downside to a hardware solution is cost and configuration.
High-end devices like Cisco's PIX firewall can be tricky to configure. Software firewalls are easy to
install and generally easy to configure. If you are on a network with other clients that you do not
know, such as a dorm or apartment with shared Internet access, a software firewall is a must!
Remember that if your router performs NAT, it only protects you from Internet traffic. You are still
vulnerable to attacks from within your LAN. Hackers often target routers to gain access to other
devices or machines on a network.

Examples

Let us say Susan has a DSL connection at home. From there she does her banking, stock trading,
and other private communication. A firewall is important because it would block connection attempts
by a hacker. If a hacker has Susan's IP address, he can establish a remote connection. If a
successful connection is made, it is possible for that hacker to intercept passwords or other data
that endangers Susan's online identity. Are you wondering if a firewall is for you? I'd say "Better
Safe Than Sorry." You wouldn't want to own a store in a dangerous neighborhood without a burglar
alarm. Below are diagrams of how a firewalls can be deployed in a network:

Simple NAT Firewall

Legend
The diagram above illustrates the firewall protection provided by NAT. While 3 machines are
attached to the router, the Internet/WAN link thinks only 1 device is present. This protects all 3
machines by limiting access to IP addresses and ports from the Internet/WAN connection. For more
details on this see the article on NAT.
 Dedicated Firewall Device

The diagram above illustrates how a dedicated firewall device is used. Notice that the firewall
protects the router, servers, and network users. This is a common approach used when are large
number of users need to access the Internet. NAT is not meant for large networks. Using a
dedicated firewall device in a high-traffic environment does not negatively impact network
performance like a software firewall or low-end NAT device.
 Telnet
By Erik Rodriguez

This article describes what telnet is and what it is used for.

The telnet service gives users the ability to access a host and perform tasks as if they were working
locally. Users can access a host anywhere in the world using a telnet client. All windows operating
systems have a built-in client. You can access telnet by typing "telnet" in the run box.
Telnet connects to a host using port 23. It is also used by hackers to gain access to routers, servers,
and other network devices. Telnet isn't used as often on servers now because the communcation
between the host and client is not secure. Most network devices still use telnet (routers, switches,
and hubs) but most servers are now using SSH. Telnet can be used to "hop" through multiple
devices. See Telnet Hacking.
 Routers, Switches, and Hubs
By Erik Rodriguez

This article is all about routers, switches, and hubs. It explains what they do, how they different
from each other, and why you would use one over the other.

Introduction

Before the year 2000, the majority of the public had no idea what any of these devices were. Since
the introduction of broadband Internet connections, these devices have gained popularity. While
they all perform different tasks, each device plays an important role in networking. In the duration
of this article, I will discuss each device individually. Then, I will discuss any similarities and
differences between each device.

Hubs

The network hub has been around for ages. These devices are sometimes referred to as repeaters.
A hub sees information in the form of bits. Using a hub is now the cheapest way to connect devices.
Hubs work by broadcasting network traffic across all ports. For example, an 8 port hub will
broadcast data across all 8 ports even though the data is meant to travel between two devices. For
this reason, hubs incur an increased amount of collisions. A collision is simply the results of two
devices (computers) trying to broadcast simultaneously. Collisions are a normal part of network
traffic. Ethernet itself is a collision based technology. The image below shows a simple network hub.

Switches

Switches have become more complex with increased popularity of high-speed networks. They can
range in price for around $30 to well in the $1000s. However, in recent years the prices of switches
has dramatically decreased. Switches perform the same functionality of hubs, except they only send
data to intended ports. Unlike a hub, a switch will not broadcast data across the entire switch. As a
result, switches will not suffer from a high rate of collisions. High-end switches offer advanced
functionality such as VLAN management. Complex networks will use several layers of switches of
pass along large amounts of network traffic. The image below shows a simple network switch.
Notice that it is similar in appearance to the hub above. Physically, the switch is a little taller and
deeper. These switches usually contain 1 or more cooling fans and can be quite loud.
 Routers

Routers are the smartest of the 3 devices. They make intelligent decisions on how to route traffic.
Routing protocols are composed of different algorithms that direct the way routers move traffic.
These devices can range from around $30 to well in the $1,000,000s. The Internet itself uses
complex routers fed by fiber optics to connect cities and countries together. Routers play the most
important role in operating a network. They are the most dynamic of all 3 devices mentioned in this
article. They can work with or act as firewalls. The image below shows a low-end Cisco router:

Switch vs. Hub

Think of it like this, a hub is like getting spam. You have an address, but the spammers don't know
you personally, they just know you exist and send you mail regardless. On the other hand, legit mail
is sent by someone that intends to send you an important piece of information. Think of the post
office as a switch. All the mail is sent through them. They sort it based on name and address, then
it's delivered. Make Sense?
 DSL Connections - Digital Subscriber Line
This article describes types, uses, and configurations of DSL connections.

DSL stands for Digital Subscriber Line. There are several different types of DSL, and they may not
be available in all areas. Basically, your phone company determines what types are available.

History of DSL

The history of DSL is rather interesting. Initially, DSL was developed in the early 1990's by U.S.
Incumbent Local Exchange Carriers. The original purpose for DSL was to deliver video over existing
copper lines. NOTE: The copper lines that run from the phone company to residential or commercial
areas are sometimes called the "local loops." In the early years of DSL, the economic benefit was
not present. However, two key events raised the bar and, in turn, created a viable market for DSL.
The first incident was the "dot com" boom of the mid 1990's. The second event was the enactment
of the Telecommunications Act of 1996.

The main step for the construction and infrastructure to support DSL technology was support by
competitive local exchange carriers (CLECs). The competitive market of broadband was expanding
and cable companies were gathering a large share of the market. Cable has always had a larger
market share and is not losing ground to DSL because of the increasing number of cellular
telephones. Consumers are canceling their land lines and using cell phones for long distance.

Future of DSL

By 2005, Yankee Group predicts that DSL will have 10.5 million U.S. subscribers. While cable will
have15.7 million U.S. subscribers. However, statistics provided by DSL Forum state that by 2005,
there will be approximately 55 million DSL subscribers worldwide.

On a more personal note, I spoke with a Telco engineer who had 33 years of experience in the
telecommunications field. He claimed that with the innovation of wireless networks, DSL will be an
obsolete technology in the years to come. From my experience, cable connections seem to be more
consistent than DSL connections. The physical infrastructure of DSL has more factors to affect its
speed and overall QoS (Quality of Service). Shown below is a table of various "flavors" of DSL.
Remember that these figures are VERY rough estimates of real-time performance.

DSL Type Speed

ADSL (Asymmetric) 64 Kbps-1.54 Kbps Upload
256 Kbps-9 Mbps Download
G.lite 512 Kbps Upload
1.5 Mbps Download
HDSL 1.544 Mbps or 2.048 Mbps
(High Bit-Rate) (Upload and Download)
SDSL 1.5 Mbps
(Single Line) (Upload and Download)
VDSL 13-52 Mbps Download
(Very High Bit-Rate) 2.3 Mbps Upload
DSL Infrastructure

These figures indicate maximum speeds. In most cases, unless you are neighbors with the phone
company, you won't get anything close to these speeds. ADSL is the most common among home
users today. The other types are geared towards businesses or other large campuses. HDSL is most
like a T1 line. It can be integrated with phone systems and offers a higher level of bandwidth. SDSL
is aimed at users that need symmetric transmissions such as video conferencing. VDSL can be very
expensive.

Also, as I mentioned above, the physical infrastructure of DSL uses existing copper wire or "local
loop." Often, the limitations of DSL for your area depend on how far away you are from a DSLAM.
DSL range cannot be extended using repeaters like T1 lines or packet-based networks because
even though DSL travels over the same physical wire as regular telephone conversations, data is
sent over ultra-high frequencies that span above the audible spectrum of a human ear. It would be
very expensive to design a repeater that would boost only those frequencies (not to mention that
each ISP may be using a different range of frequencies).

Running a Server

Running a server over DSL can go either way. If your DSL connection is static, it makes your life a
whole lot easier. Bandwidth may vary, but I have known of people having good results with their
web/FTP servers. If your provider uses PPPoE, setting up out-bound services can be difficult. It most
cases, your ISP will take certain measures to stop people from running servers. These measures can
include port filtering (blocking out-bound port 80 to prevent web servers), stateful packet
inspection, or bandwidth monitoring. Every ISP has a monthly bandwidth quota, and most of them
also invoke a daily quota. Stateful packet inspection is used so that a port is not completely closed.
Traffic is "inspected" coming in and out of your connection to determine if it is communicating with a
server.

DSL vs. Cable

From my experience, I would choose cable. Although DSL providers claim you get a "dedicated"
bandwidth, I have seen better speeds from cable. Business class DSL performs significantly better
than standard ADSL. NOTE: The telephone company will try to BS you and claim that business class
DSL requires them to install special equipment. That is a lie; the only difference between standard
and business service is a setting in the computer at the central office. I guess that is how they
justify charging almost double the price. The main advantage of cable is coverage. Nearly everyone
can get cable unless you are in a very remote or rural area. In such a case, DSL would also be
unavailable, and you would be stuck using satellite. I place an emphasis on the word "stuck."
 Intranets
This article describes how intranets work and their common uses.

Intranets are widely used across the world as means of sharing information among employees in
businesses and/or development teams. Basically, an Intranet is a website running inside a
company's LAN or WAN. They can be setup many different ways according to individual needs and
budgets. The image below shows a diagram of a simple Intranet.

As you can see the entire LAN is behind a firewall. A dedicated server is provided to run the
Intranet. You might wonder why there is a mainframe server in the diagram? More technical
organizations may integrate the Intranet with data from a mainframe server. While the two
machines are not directly associated with each other, authenticated users may poses the ability to
search a mainframe server using the company Intranet. These diagrams use industry standard
schematic symbols.

Extending an Intranet

If a company wants to connect to a partnering company's intranet, it is called an extranet. In order

to connect two or more networks a VPN must be used to provide proper security. The diagram below
shows the basic structure of an extranet.
Although both LANs are connected to each other using an ordinary Internet connection, the Intranet
is not visible to other Internet users. These LANs are using a VPN connection to communication
together such as PPTP. These is much cheaper than leasing a dedicated line from the phone
company or other service provider.

RFC - Request for Comments

This article describes what an RFC is, how they work, and why they are used.

RFC stands for Request For Comments. The main purpose of the RFC is to propose new Internet
standards. These standards are tested specifications that are used by the Internet. So-called
"Internet Authorities" decide when a draft is ready to become a published RFC. See the diagram
below:

This diagram represents the levels of progression as an RFC becomes a standard. Starting from an
Internet Draft, which is a preliminary idea, the concept is researched and tested. The first phase, a
Proposed Standard, is reached when the concept is deemed an interest to the Internet community.
Next, if the concept passes enough testing, it is promoted to a Draft Standard. Upon further testing,
the Draft Standard can become an Internet Standard. If at any point in the progression a concept
fails, it is classified as Historic. Historic drafts are kept for future reference and documentation.
There are cases where RFCs can be classified as experimental or informational. You can search a
database of all RFCs here. However, there are cases in which certain things will never become actual
Internet Standards, but will be still widely accepted and used by the Internet community.

A Look at Common Routing Protocols

By Erik Rodriguez

This article describes the common interior protocols used by routers. This includes low and high-end
routers.

For information on the hardware based portion of routers click here. The interior protocols are used
more commonly than the exteriors. Exterior protocols are used mostly by an ISP for backbone
connectivity and MAN (metropolitan area network) connections. Do not confuse the two terms
"routing protocol" and "routed protocol." They are two different concepts. The list below shows 3
classes of routing protocols:

Interior Protocols Classes

Distance Vector
Link State
Hybrid

Distance Vector

The distance vector class of routing determines the direction (vector) and distance used to send
data over a network. These types of protocols share routing tables with neighboring routers to
reflect the topology and status of the network. This method saves system resources on the router
because it only broadcasts a portion of the routing table. This is done using complicated algorithms.
Distance vector algorithms are also known as the Bellman-Ford algorithms. Distance Vector
Protocols include IGRP and RIP. The way I explain distance vector routing is using a highway
intersection. Signs point toward a destination and show the distance to the destination. As you
driver further, another sign shows the destination, but now the distance to the destination is shorter.
If the distance continues to get shorter, you know you're taking the right "route" or path to the
destination.

o IGRP (Interior Gateway Routing Protocol)

Developed by Cisco, IGRP uses several methods to determine the correct route for traffic. These
methods are combined to create something called a "metric." Metrics are sets of numbers based on
network delay, bandwidth, reliability, and load. It is not uncommon for a router to hold several
metrics. The router can determine which metric to use based on the traffic it needs to route. IGRP is
commonly used in medium sized networks.

o RIP (Routing Information Protocol)

RIP is similar to IGRP in some ways. It is supported by low-end routers (linksys, D-link, belkin, etc.)
commonly used for broadband connections. RIP uses the same method as IGRP, meaning it sends
broadcasts of its routing table to neighboring devices. This is done quite often (the default is every
30 seconds). This protocol also uses metrics. However, its metric values are calculated using only
the "hop count." RIP will route data based upon the lowest hop count regardless of bandwidth
limitations. If a hop count is greater than 15, the data is discarded. This becomes inefficient in large
networks that use multiple routers. RIP is a good protocol for small networks.

RIP comes in version 1 and version 2. Version 2 is completely backward-compatible with version 1.
There are numerous improvements in version 2 including added security, larger packet capability,
optional multi-casting, and most importantly support for VLSM. RIP version 2 is now considered the
standard and is currently used more than RIP version 1.

Link State

The link-state approach, also known as the Dijkstras algorithm or as "shortest path first" (SPF) are
better for large networks. They are "smarter" than distance vector protocols because they maintain
a complex database of the network topology and status. This is accomplished using "link state
advertisements" (LSA). LSAs are used to "map" out the network. The router uses this map to
determine the shortest path for data destinations. The problem with this is that every time a
configuration in the network changes, LSAs are broadcasted to and from all routers on the network.
This causes a spike in router CPU usage, memory, and network bandwidth.

o OSPF (Open Shortest Path First)

Standard protocol supported by high-end routers, OSPF is mostly used in large networks. It is
commonly known as the "standard link state protocol." The main problem arises from LSA
broadcasts that "flood" the network. Advanced DoS attacks can target internal routers using the
OSPF protocol to constantly send requests to routers forcing them to consume large amounts of
network bandwidth.

Hybrid

Also called "balanced hybrids," these protocols use a combination of distance vector and link state
properties to function. The idea of developing this type of protocol was to solve to solve the
problems encountered with the other two protocols.

o EIGRP (Enhanced Interior Gateway Protocol)

Developed by Cisco, EIGRP uses distance vector and link state methods to determine the best path
for routing data. It calculates the SPF, uses load balancing, and uses an altered form of LSA
broadcasts. Broadcasts are conducted every 90 seconds or whenever the network topology changes.
The SPF is calculated using the Diffused Update Algorithm (DUAL).
 Network Backups
By Erik Rodriguez

This article describes the reasoning and methods used for network backups.

What are Backups?

Backups are like insurance; you pay for it even though you hope to never need it.¹ Performing
backups on a network can be costly. The ability to backup and restore data can save an organization
an enormous amount of time and money. Choosing a good backup and restore solution is just as
important as choosing the right equipment for your network. If your backup and restore solution
isn't going to work with your current equipment, why waste the money? For purposes of this article,
it is assumed you are saving critical data to 1 or more servers.

Types of Backups

There are two main types of backups: complete and incremental. Each type takes a certain level of
planning to run effectively. The next two sections will explain the methods and equipment needed
for each type of backup and restore solution. Remember that in a corporate environment, you
should have both types of backup plans present. Using only a complete backup or only an
incremental backup is asking for trouble.

Complete Backup and Restore

A complete backup and restore solution is needed for the following reasons:

• Hardware Failure - Server or hard drive ceases to function.

• System Migration - Switching server platforms permanent or temporarily.
• Archive - Data needs to archived for historical or legal purposes.

There are several problems associated with complete backups:

• Expensive Hardware - The extra server or backup hardware (NAS or SAN) is expensive.
• Excessive Load on Servers - While a complete backup is running, servers may become
slow or even un-responsive.
• Complicated Restore Plan - Executing a complete restore may require a complex re-
configuration of a server or network devices.

Choosing complete backup hardware can be challenging. This will depend on the requirements of
each organization. Things to consider when purchasing backup hardware are:

• Amount of Data - How much data do you need to backup? For example, 30 GB or 3 TB?
• Schedule of Backups - How often do you run complete backups? For example, every 2
weeks or every 2 months?
• Accessibility - Do you need the backups readily available? For example, running on a
ghost server or compressed tape backups?
 • Off-site Backup - Do you need to store your data at an off-site location? For example,
remote FTP server or safety deposit box?

Incremental Backup and Restore

An Incremental backup and restore solution is needed for the following reasons:

• Accidental File Deletion - It will happen, end users will accidentally or intentionally delete
files.
• System Migration - Switching server platforms permanently or temporarily.

There are several problems associated with incremental backups:

• Network Status - Incremental backups stored on a network are dependent on the

network's status for restore capability.
• Schedule Planning - Scheduling these types of backups is tricky.

Choosing backup hardware can be challenging. This will depend on the requirements of each
organization. Things to consider when purchasing backup hardware are:

• Growing Data - Incremental backups grow. Choose backup media accordingly.

• Off-site Backup - This may or may not be an option depending on bandwidth limitations
and the amount of data that needs to be backed up.

Available Hardware Solutions

There are numerous types of hardware associated with backups. Backups can be performed with the
following types of equipment:

• Extra Servers - Dedicated backup servers can be used for complete or incremental backups.
• SAN or NAS - Storage area networks or network attached storage offer speed and
convenience for complete or incremental backups.
• Tape Drives - High capacity tapes are available, but are slow and generally only used for
complete backups.
• DVD/CD - DVD/CD solutions are cheap and easy ways to create both complete or
incremental backups.
• Off-site - Colocated servers can be used to backup data to a remote machine. This is
generally an expensive solution.
• Zip Disk - Zip disks are durable and reliable. They work well for small backups, complete or
incremental.

Scheduling Backups

Scheduling backups is important. While the scheduling is usually dependent on the type of
organization, complete backups should be done during "non-peak" hours. Automating complete
backups every Monday night is a good way to backup your data while not placing extra load on an
active server. It also reduces the chance of a user changing a file before or after the backup is
complete. System administrators should check with managers and users to evaluate the scheduling.
With everyone's input, an optimal time can be arranged for routine backups.

Restoring Backups
Always test your restore system! This should be done initially and also routinely. There is nothing
worse than executing a restore and realizing something went wrong and the data cannot be
recovered. Restores should also be automated to reduce the chance of humor error.¹ Remember
that nobody wants to resort to backups, but in the event data is lost, be sure that a restore can be
done quickly and effectively.

Backup Storage

Physical storage is often something that gets overlooked. Why spend all the money on complex
hardware and software if it is not protected from fire or theft? Complete backups should be stored
off-site. Storing backup media in a remote office or safty deposit box is best. At least, make sure
they are protected in a fire-proof box or safe. This is where colocated off-site solutions really shine.
If your organization has a server colocated in a data center, it is most-likely protected by a complex
fire suppression system.

Conclusion

Organizations should create a backup policy if they do not already have one. Spend the proper
amount of time planning for backups. Remember, you're always better safe, than sorry! Statistics
show, only 7% of companies with serious data loss are in business after 5 years.²

SONET Networks
By Erik Rodriguez

This article describes the operation and configuration of SONET networks. It also describes where
they are used, how they are implemented, and what purpose they serve.

What is SONET?

SONET (Synchronous Optical Network) is a standard for multiplexing data. It is used primary for
backbones composed of fiber optics. SONET performs a complicated timing and multiplexing
scheme. It uses certain signaling levels called "Synchronous Transport Signals" or STS. Each STS
level corresponds to a specification of "Optical Carriers." Due to it's complexity, the equipment
needed to operate a SONET networks is extremely expensive. SONET networks powers some of the
worlds most important networks (telephone and Internet). For that reason, SONET is designed to
run at 99.999% uptime. This is also known as "the 5 nines" of availability.

Optical Carriers

Optical Carriers are only used in very large networks such as Internet Backbones, Metropolitan Area
Networks (MANs) ,and large Universities. As I mentioned above, the OC specification is determined
by the STS level. The STS level is the rate at which SONET can multiplex multiple sources of data to
a single fiber optic line. OC specifications are measured in multiples of 3, with a base of 1. See the
table below:

STS Level OC Specification Data Rate (Mbps)

 1 OC-1 51.84
3 OC-3 155.52
9 OC-9 466.56
12 OC-12 622.08
18 OC-18 933.12
24 OC-24 1244.16
36 OC-36 1866.23
48 OC-48 2488.32
96 OC-96 4976.64
192 OC-192 9953.28

Bandwidth Breakdown

To understand how the speed (in Mbps) is accomplished, you must understand the frame structure
of SONET. Each frame contains a number of control bits plus the payload. For example, STS-1
supports 8000 frames per second. Each frame is broken into 6480 bits (810 bytes). See the image
below:

8000 frames/sec * 6480 bits/frame = 51,840,00 bits per second = 51.84 Mbps.

OC Usage

As I mentioned before, optical carriers are only used for extremely high speed applications. Telco
companies use SONET for telephone networks and their own rings. The University of Florida is
connected by multiple OC-3 links at the standard STS-3 signal yielding 155.52 Mbps. Most large
universities are connected with high speed OC links because of the on-going Internet 2 project.
Local telephone companies may have central offices connected with links that range from OC-3 to
OC-48. While OC-48 is extremely robust connection, telco companies are using these links for a
combination of voice and data. These high speed OC links help carry long-distance telephone calls
and relay other high speed data connections such as DS-3 lines. Until recently, OC-192 was just a
concept and was not actually used. With support from carrier-grade producers such as Cisco, Nortel,
and Juniper, we are now starting to see active OC-192 links. However, they are only deployed within
networks and are not actively connecting different providers.

SONET Topology

SONET uses a variation of the ring and mesh topology. This is done because it is the most efficient
way to inter-connect all the major nodes in a backbone. However, these topologies are used
dynamically depending on the traffic of certain nodes. For example, The mid-west states have a
somewhat simple setup with few major nodes and cross links. However, The MAEE (Metropolitan
Area Exchange East) in Washington, D.C. would have a very complicated setup because of the
enormous amount of traffic. Rings are used provide speed and redundancy. SONET uses the
external protocol known as Border Gateway Protocol (BGP). Depending on the situation, multiple
versions can be used (BGP4, EBGP, etc). Remember that BGP is only used to for WANs and is not
used to route a LAN. The image below shows the basic composition of a SONET ring.

Notice the points of presence (PoP) arranged in a ring configuration. The red and green arrows
represent 2 separate fiber optic paths. Two cable paths are used to provide a backup in the event
that one becomes unavailable. This method is called Automatic Protection Switching (APS). It is part
of the reason for the excellent uptime provided by SONET rings. This is also referred to as "self-
healing." The fiber optic cables used are very thick with a protective covering called "armor" to
prevent accidental cable breaks and even from rodents chewing on it. However, in the event of an
accident or natural disaster (usually an earthquake), the second cable path will automatically accept
the load from the crippled line. The primary line (drawn in green) always flows in a clockwise
direction. The secondary line (drawn in red) flows counter-clockwise. There are many different types
of ring configurations. Others configurations can use two fiber lines simultaneously for load
balancing, one line to send and the other line to receive, etc. High traffic rings may even use dozens
of lines to provide a combination of the above configurations.

Redundancy
It does happen. A portion of the fiber paths in a ring become un-responsive. What happens then?
This is when the ring configuration shows its valuable. The equipment used within a SONET network
is designed to create a loop to automatically repair itself. See the diagram below:

Notice the cable break in the upper left portion of the ring, the routers, and green arrows showing
the path of data. The first and last router attached to the broken cable create a loop that allows
data to continue along the ring. The large green arrows show the original path traveled along the
ring. The smaller green arrows show the modified path as a result of the cable break.

The Big Picture

How do all these networks connect? This depends on location, size, and usage. Some SONET
networks connect regional or national ISPs. Different ring configurations and speeds are designed by
network engineers and city planners. The digram below is an example of a large metropolitan area
network connecting to a major backbone provider.