WEBVTT

00:00.000 --> 00:03.000
>> With our next section,
Network Connectivity Devices,

00:03.000 --> 00:05.280
we're going to talk about
devices that help us join

00:05.280 --> 00:08.205
systems together so that
way we can communicate.

00:08.205 --> 00:10.320
I'm going to start
out with hubs.

00:10.320 --> 00:11.790
I'm going to start
out the way things

00:11.790 --> 00:13.515
used to be because
I really do think

00:13.515 --> 00:15.090
it helps us understand
the benefit of

00:15.090 --> 00:17.010
the devices that
we're using today.

00:17.010 --> 00:19.140
Up at the top where
you see layer 1

00:19.140 --> 00:21.540
that refers back
to the OSI model.

00:21.540 --> 00:24.690
The first device we're going
to talk about is a hub.

00:24.690 --> 00:27.360
When I came into computing
back in the '90s,

00:27.360 --> 00:29.280
hubs were very popular.

00:29.280 --> 00:31.020
They were a good,
quick, easy way to

00:31.020 --> 00:33.480
connect a bunch of
computers, and that was it.

00:33.480 --> 00:35.790
That was the benefit,
that they were cheap and

00:35.790 --> 00:38.235
easy and they would
provide connectivity.

00:38.235 --> 00:40.145
As a matter of fact,
when I came in,

00:40.145 --> 00:41.660
the hubs weren't even powered.

00:41.660 --> 00:43.250
They were just metal
racks that you've plugged

00:43.250 --> 00:45.635
into to provide a
conduit for the signal.

00:45.635 --> 00:49.565
Obviously, the hub doesn't
have any intelligence.

00:49.565 --> 00:52.285
It doesn't direct traffic
or segment the network.

00:52.285 --> 00:54.090
Hubs simply sends all the data

00:54.090 --> 00:55.830
out all the ports all the time.

00:55.830 --> 00:59.135
If computer A has data
to send to computer B,

00:59.135 --> 01:00.670
that traffic goes
out all the ports

01:00.670 --> 01:02.735
so it's available to
computer C and D,

01:02.735 --> 01:03.980
and J and K, and

01:03.980 --> 01:05.270
any other devices that might be

01:05.270 --> 01:06.844
>> plugged into the network.

01:06.844 --> 01:08.435
>> If you can think about that.

01:08.435 --> 01:10.325
If I had a sniffer
plugged into a hub,

01:10.325 --> 01:12.230
that would just be a
bonus because I would

01:12.230 --> 01:14.315
have access to everything
on the network.

01:14.315 --> 01:16.895
That's one of the many reasons
we don't use hubs today.

01:16.895 --> 01:18.980
Because from a
security perspective,

01:18.980 --> 01:20.710
that can be very dangerous.

01:20.710 --> 01:22.550
One thing I'll mention
is that when the data

01:22.550 --> 01:24.440
goes out all parts to all hosts,

01:24.440 --> 01:26.540
the network card
examines the data frame,

01:26.540 --> 01:28.430
and what it's looking
for is a destination

01:28.430 --> 01:30.925
MAC address that is its own.

01:30.925 --> 01:32.870
When B looks at data,

01:32.870 --> 01:35.270
it looks at the MAC
address and says, oh,

01:35.270 --> 01:37.415
that's for me and pulls
it off the network,

01:37.415 --> 01:40.100
or that isn't for me
and leaves it alone.

01:40.100 --> 01:43.775
All a sniffer does examine
all packets the same way,

01:43.775 --> 01:45.365
all frames the same way,

01:45.365 --> 01:48.335
but its interface is in a
mode called promiscuous mode,

01:48.335 --> 01:49.730
which means the
sniffer doesn't care

01:49.730 --> 01:51.365
who the MAC address is for,

01:51.365 --> 01:53.780
and it doesn't care about
destination address.

01:53.780 --> 01:55.820
The sniffer simply
pulls all traffic off

01:55.820 --> 01:59.100
the network regardless
of the destination.

01:59.530 --> 02:01.820
Promiscuous mode
sounds like it should

02:01.820 --> 02:03.170
be a lot more fun than that.

02:03.170 --> 02:05.210
But all it means is the
network card is going to

02:05.210 --> 02:08.250
pull traffic regardless
of the destination.

02:09.530 --> 02:12.200
With the security
issues of hubs and

02:12.200 --> 02:14.450
all data out all the
ports all the time,

02:14.450 --> 02:17.825
there's no directory in traffic
or help for collisions.

02:17.825 --> 02:20.435
In a hub environment, we
have a lot of collisions.

02:20.435 --> 02:22.070
We have all data
going out of all

02:22.070 --> 02:23.529
>> the ports to everybody.

02:23.529 --> 02:26.225
>> We have what's referred to
as one big collision domain.

02:26.225 --> 02:28.400
A switch is going to fix that

02:28.400 --> 02:29.630
>> problem for us because one

02:29.630 --> 02:30.950
>> of the first
things it does is

02:30.950 --> 02:34.020
isolate traffic in the
collision domains.

02:35.510 --> 02:39.410
Each port on a switch is
its own collision domain.

02:39.410 --> 02:41.030
If we go back to the hub,

02:41.030 --> 02:42.665
every host in this illustration

02:42.665 --> 02:44.465
is part of the same
collision domain,

02:44.465 --> 02:45.710
which means they're
all competing

02:45.710 --> 02:47.134
>> for time on the cable.

02:47.134 --> 02:49.685
>> When we replace
those hubs as switches,

02:49.685 --> 02:51.800
each host has its own
collision domain.

02:51.800 --> 02:54.020
Which basically means
computer A is just

02:54.020 --> 02:56.330
competing with itself
per time on the cable.

02:56.330 --> 02:58.520
We've all eliminated
the collisions in

02:58.520 --> 03:01.900
our ethernet network just
by bringing switches in.

03:01.900 --> 03:04.730
Another thing that a
switch does that helps

03:04.730 --> 03:07.160
us out a lot is direct traffic.

03:07.160 --> 03:09.680
A switch learns the
network over time and

03:09.680 --> 03:12.865
learns which hosts out which
part using MAC addresses.

03:12.865 --> 03:15.499
If you remember our
OSI model discussion,

03:15.499 --> 03:17.750
we said switches were
layer two devices.

03:17.750 --> 03:19.820
MAC addressing is layer two.

03:19.820 --> 03:22.805
The switch uses a MAC
address, sends out the data,

03:22.805 --> 03:24.440
and learns that
the data is picked

03:24.440 --> 03:26.530
up on port 3 by computer B.

03:26.530 --> 03:28.670
It takes B's MAC address and

03:28.670 --> 03:31.130
loads it into a table
called the CAM table.

03:31.130 --> 03:32.960
Ultimately, it keeps track of

03:32.960 --> 03:35.075
MAC addresses and
their matched port.

03:35.075 --> 03:37.370
Like a police officer
at a busy intersection

03:37.370 --> 03:38.450
directing traffic out of

03:38.450 --> 03:41.190
the appropriate port
when power is out.

03:41.230 --> 03:43.910
If you think about
that, going back to

03:43.910 --> 03:46.130
our discussion about having
a sniffer plugged in,

03:46.130 --> 03:48.260
if we plug a sniffer
into port 2,

03:48.260 --> 03:50.090
no traffic's going to
be directed to port

03:50.090 --> 03:53.095
2 because nobody is sending
traffic to the sniffer.

03:53.095 --> 03:55.220
One of the ways that
we mitigate against

03:55.220 --> 03:57.500
sniffing the network
is to use switches.

03:57.500 --> 03:59.720
However, sometimes
a network admin

03:59.720 --> 04:01.525
wants to sniff
their own network.

04:01.525 --> 04:04.370
You want to see what type
of traffic is going around,

04:04.370 --> 04:06.740
what's being sent with
passwords in plain text,

04:06.740 --> 04:09.185
or how much broadcast
traffic there is.

04:09.185 --> 04:12.380
In that case, I plug a
sniffer into the switch and

04:12.380 --> 04:16.300
enable administrative
mode called port SPAN.

04:16.300 --> 04:20.240
What port SPAN allows is all
traffic to be mirrored out

04:20.240 --> 04:22.130
that particular port
so I can inspect

04:22.130 --> 04:24.875
it. We've got our switches.

04:24.875 --> 04:27.290
Down at the bottom, I
have a little asterisk

04:27.290 --> 04:29.110
that I mentioned, bridges.

04:29.110 --> 04:31.575
Bridges were
predecessor switches.

04:31.575 --> 04:33.975
Bridges are also
layer two devices.

04:33.975 --> 04:35.660
They were used to
connect to things like

04:35.660 --> 04:37.850
token ring network to
an ethernet network,

04:37.850 --> 04:39.290
but they still
provided the use of

04:39.290 --> 04:41.435
isolation and collision domains.

04:41.435 --> 04:43.280
They're the precursor to what we

04:43.280 --> 04:44.950
have today and what
we know today.

04:44.950 --> 04:47.540
Switches. When we had

04:47.540 --> 04:49.340
our nice little
environment with switches,

04:49.340 --> 04:50.900
one problem we didn't solve was

04:50.900 --> 04:53.495
broadcast traffic.
Here's a network.

04:53.495 --> 04:55.475
Let's say I have
the salespeople.

04:55.475 --> 04:57.725
The salespeople are
over here to the left,

04:57.725 --> 04:59.440
they're computer J and K.

04:59.440 --> 05:01.520
The salespeople
have an application

05:01.520 --> 05:03.355
that generates a
lot of broadcast.

05:03.355 --> 05:05.480
If we go back to
the previous slide,

05:05.480 --> 05:08.120
any system that has a
broadcast in this environment,

05:08.120 --> 05:10.685
that broadcast goes to
the entire network.

05:10.685 --> 05:12.440
That's what a broadcast does,

05:12.440 --> 05:15.310
goes out to everybody
on the entire network.

05:15.310 --> 05:17.285
In our illustration here,

05:17.285 --> 05:19.070
I only have two
computers that need that

05:19.070 --> 05:21.019
broadcasts from the
sales application.

05:21.019 --> 05:24.400
But it's going to everybody,
too much traffic.

05:24.400 --> 05:26.975
The more broadcasts
that people don't need,

05:26.975 --> 05:28.910
the more the network
gets bogged down.

05:28.910 --> 05:30.260
A router can be brought in to

05:30.260 --> 05:32.064
>> isolate broadcast traffic.

05:32.064 --> 05:34.640
>> Maybe I want the sales
network subnetted from

05:34.640 --> 05:37.280
the rest of the network to
control broadcast traffic.

05:37.280 --> 05:38.720
In the middle, I have a group of

05:38.720 --> 05:40.790
computers from the
Human Resources Group.

05:40.790 --> 05:42.695
They have very sensitive data.

05:42.695 --> 05:44.240
I want to segment that network

05:44.240 --> 05:45.805
so I can apply some security.

05:45.805 --> 05:47.650
Maybe enforced IP set,

05:47.650 --> 05:50.090
maybe be very strict
on who accesses

05:50.090 --> 05:52.280
those network
systems so I create

05:52.280 --> 05:55.855
a segment for them and
they're on their own subnet.

05:55.855 --> 05:58.400
Then with VOIP. Quality of

05:58.400 --> 06:00.365
service is really
important for VOIP.

06:00.365 --> 06:02.780
By that being able to prioritize

06:02.780 --> 06:04.280
traffics that the VOIP network

06:04.280 --> 06:06.355
gets all the bandwidth
that it needs.

06:06.355 --> 06:08.240
That'll be another
reason to subnet

06:08.240 --> 06:10.325
a network, quality of service.

06:10.325 --> 06:12.740
Basically, what I
needed to do is subnet

06:12.740 --> 06:15.920
my network out based on
either broadcast traffic,

06:15.920 --> 06:18.200
security needs,
quality of service,

06:18.200 --> 06:20.920
or maybe just based on
logical connectivity.

06:20.920 --> 06:23.750
It makes sense to group a
certain group of computers in

06:23.750 --> 06:26.945
the same network just based
on access and location.

06:26.945 --> 06:29.390
A router can do those
services for me.

06:29.390 --> 06:31.990
A router is a layer
three device.

06:31.990 --> 06:34.160
Not only can it
segment the network

06:34.160 --> 06:35.270
into different subnets,

06:35.270 --> 06:37.790
but the different subnets
can communicate it.

06:37.790 --> 06:40.505
Even though this illustration
looks and works great,

06:40.505 --> 06:42.775
the problem is that
routers are expensive.

06:42.775 --> 06:44.780
I don't necessarily
mean when you look at

06:44.780 --> 06:45.950
your receipt is going to be that

06:45.950 --> 06:47.315
much higher than a switch,

06:47.315 --> 06:50.150
but with a switch, you're
going to get lots of ports.

06:50.150 --> 06:51.695
When you purchase a router,

06:51.695 --> 06:54.170
you're going to
get one land port.

06:54.170 --> 06:56.645
The routers are primarily
used today to get off

06:56.645 --> 07:00.215
your local area network so
you get a single LAN port.

07:00.215 --> 07:02.690
We've got to find a
way to do is that we

07:02.690 --> 07:05.195
have to have in this picture,
but make it cheaper.

07:05.195 --> 07:07.920
That's what's coming up next.