拖图
拖图题
编程
snippet;192.168.5.0,mask 255.255.255.0;number是192.168.5.0;mask是255.255.255.0
snippets;edit-config对config,loopback对name 100,address对primary,mask对255.255.255.0;loopback和100都有两个0;primary后可接address
prefix list;target后接running(跑目标);prefixes接name 100;permit 接10 set local-preference;match 接 ip address prefix-list;target目标running奔跑;prefix前缀name名字;permit允许10;match匹配ip;
code snippet;ios-acl为dst-any,action为ip,protocol为access-list-seq-rule,ios-acl为deny;
Drag and drop the code snippets from the bottom onto the blanks in the code to construct a request that configures adeny rule on an access list
将代码片段从底部拖放到代码中的空白处,构建一个在访问列表上配置一条规则的请求
1:dst-any
2:ip
3:access-list-seq-rule
4:deny
JSON-formatted;File open() changedevices;try:File=open;while True:pass;import json json;exept
An engineer must create a script to append and modify device entries in a JSON-formatted file.The script must work as follows:
- Until interrupted from the keyboard, the script reads in the hostname of a device, its management IP address,operating system type, and CLl remote access protocol.
- After being interrupted, the script displays the entered entries and adds them to the ISON-formatted file, replacing existing entries whose hostname matches.
The contents of the JSON-formatted file are as follows:
Drag and drop the statements onto the blanks within the code to complete the script.Not all options are used.
工程师必须创建一个脚本,在json格式的文件中追加和修改设备条目。脚本的工作原理如下:
- 在键盘中断之前,脚本读取设备的主机名、管理IP地址、操作系统类型和CLl远程访问协议。
- 脚本中断后,显示输入的表项,并将其添加到ison格式的文件中,替换当前匹配主机名的表项。
json格式的文件内容如下:
将语句拖放到代码内的空格中以完成脚本。并非所有选项都被使用。
File open() changedevices;try:File=open;while True:pass;import json json;exept
文件打开 改变设备;试图:文件=打开;当真:通过;导出json json;除外
RESTCONF;natvie/interface/GigabitEthernet/1、HTTP Verb-GET、Headers-Accept;GET是请求方法、属于Verb动词;accept header接收头部;
EEM;event syslog pattern事件syslog模式;show clock | append flash:ConfSave.txt显示时钟|追加flash:ConfSave.txt;
Drag and drop the snippets onto the blanks within the code to create an EEM script that adds an entry to a locally stored text file with a timestamp.when a configuration change is made.Not all options are used.
将代码片段拖放到代码中的空白区域,创建一个EEM脚本,该脚本将一个条目添加到本地存储的带有时间戳的文本文件中。当进行配置更改时。并非所有选项都被使用。
EEM;primary port goes down and also shutdown中primary port=g4/0/9,down,shutdown;
Drag and drop the snippets onto the blanks within the code to construct a script that brings up the failover Ethernet port if the primary port goes down and also shuts down the failover port when the primary returns to service.Not all options are used.
将这些代码片段拖放到代码中的空白处,以构建一个脚本,该脚本在主端口关闭时启动故障转移以太网端口,并在主端口返回服务时关闭故障转移端口。并非所有选项都被使用。
OSPF和EIGRP(OSPF<EIGRP)
OSPF: link、only equal、manual、 simple、 specific part、cost、 process、DSPF
EIGRP:vector、unequal、automatically、complex、anywhere、 metic、ADVR、 DUAL
注意:hello 5中也有link,但是hello 5是EIGRP的,当然同选项也有其他link,干扰项不强;OSPF是noly equal,EIGRP是equal,OSPF是manual,EIGRP是automatical,OSPF是metric一条件,EIGRP是metric多条件,OSPF是no summary,EIGRP是summary,可见,在于equal,manual,metric,summary中,EIGRP比OSPF多,换言之,两个正反选项,强弱选项,EIGRP>OSPF;
OSPF<EIGRP;OSPF有link;EIGRP有alternative和DUAL;
OSPF:quickly computes new path upon link failure在链路故障时快速计算新的路径
EIGRP:
maintains alternative loop-free backup path if available维护可选的无循环备份路径(如果可用)
selects routes using the DUAL algorithm使用DUAL算法选择路由
OSPF<EIGRP;OSPF有link和only equal;EIGRP有vector和uequal;advanced和unequal(高级所以能支持不等成本的)。
OSPF:
link state链路状态
supports only equal cost path load balancing只支持等成本路径负载均衡
EIGRP:
advanced distance vector高级距离矢量协议
supports unequal cost path load balancing支持不等成本路径负载均衡
OSPF<EIGRP;OSPF有link和only equal和link;EIGRP有vector和DUAL和loop。
OSPF:
Link State Protocol链路状态协议
supports only equal multipath load balancing只支持等多路径负载均衡
quickly computes new path upon link failure在链路故障时快速计算新的路径
EIGRP:
Advanced Distance Vector Protocol高级距离向量协议
selects routes using the DUAL algorithm使用DUAL算法选择路由
maintains alternative loop-free backup path if available维护可选的无循环备份路径(如果可用)
OSPF<EIGRP;OSPF有link和manual;EIGRP有automatically;
OSPF:
supports virtual links支持虚连接
requires manual configuration of network summarization需要手动配置网络摘要
EIGRP:
can automatically summarize networks at the boundary能否在边界处自动总结网络
OSPF<EIGRP;OSPF有link和process ID和110;EIGRP有vector和AS和DUAL。
OSPF:
It uses virtual links to connect two parts of a pratitioned backbone through a non-backbone area.它使用虚拟链路,通过一个非骨干区域连接一个专用骨干网的两个部分。
It requires a process ID that is local to the router.它需要路由器本地的进程ID。
The defalut Administrative Distance is equal to 110.默认的管理距离等于110。
EIGRP:
It is an Advanced Distance Vector routing protocol.它是一种高级距离向量路由协议。
It requires an Autonomous System number to create a routing instance for exchanging routing infromation.它需要一个自治系统号来创建路由实例以交换路由信息。
It relies on the Diffused Update Algorithm to calculate the shortest path to ad destination.它依赖于扩散更新算法来计算到达目标的最短路径。
OSPF<EIGRP;OSPF有link和segment和table;EIGRP有vector和unequal和metric多个条件;
OSPF:
link state routing protocol链路状态路由协议
makes it easy to segment the network logically使其易于在逻辑上划分网络
constructs three tables as part ofits operation:neighbor table, topology table, and routing table构造三个表作为其操作的一部分:邻居表、拓扑表和路由表
EIGRP:
supports unequal path load balancing支持非均衡路径负载均衡
distance vector routing protocol距离矢量路由协议
metric based on delay and reliability by default默认情况下,基于延迟和可靠性的度量
OSPF<EIGRP;OSPF有link和interface cost;EIGRP有metic多条件和hello 5【link的反例】;
OSPF:
uses virtual links to link an area that does not have a connection to the backbone使用虚连接将没有连接的区域连接到主干网
cost is based on interface bandwidth开销基于接口带宽
EIGRP:
hello packets are sent by default every 5 seconds on high-bandwith links缺省情况下,在高带宽链路上每5秒发送一次Hello报文
metic is calculated using bandwidth and delay by default默认情况下使用带宽和延迟计算
OSPF<EIGRP;OSPF有link和interface cost;EIGRP有hello 5【link的反例】;
OSPF:
cost is based on interface bandwith
uses virtual links to link an area that does not have a connection to the backbone
OSPF:
成本是基于接口带宽
使用虚连接将没有与骨干网络连接的区域连接起来
EIGRP:
sends hello packets every 5 seconds on high-bandwith links
EIGRP:
在高带宽链路上每5秒发送一次hello报文
OSPF<EIGRP;EIGRP有DUAL和anywhere;OSPF有specific part和area;
OSPF:
summarizes can be created in specific parts of the IGP topology
可以在IGP拓扑的特定部分创建摘要
uses areas to segment a network
使用区域对网络进行分段
EIGRP:
DUAL algorithm
对偶算法
summaries can be created anywhere in the IGP topology
摘要可以在IGP拓扑的任何地方创建
OSPF<EIGRP;EIGRP有DUAL和metric多个条件;OSPF有DSPF和process;
OSPF:
uses Dijkstra’s Shortest Path First algorithm使用Dijkstra最短路径优先算法
uses an election process使用选举过程
EIGRP:
uses Diffused Update Algorithm使用扩散更新算法
uses bandwidth, delay, reliability and load for routing metric使用带宽、延迟、可靠性和负载作为路由度量
OSPF<EIGRP;EIGRP有DUAL和metric多个条件;OSPF有DA和metric一个条件;DA也比DUAL少;
EIGRP:
Dual Diffusing Update algorithm.散更新算法
metrics are bandwidth,delay,reliability,load,and MTU度量包括带宽、延迟、可靠性、负载和MTU
OSPF:
cost-based metric基于成本的度量
Dijiktra algorithm
Dijiktra算法
OSPF<EIGRP;OSPF有interface cost和not summary interface;EIGRP有complex和summary interface;
OSPF:
The path metric is simple and based on interface cost
路径度量很简单,并且基于接口成本
The route summary is not interface based
路由汇总不是基于接口的
EIGRP:
The path metrics are complex
路径度量是复杂的
The summary can be interface based
摘要可以是基于接口的
BGP;bdp接65001、neighbor 192.168.1.1、remote-as 65000、neighbor 192.168.1.1;看图从做左到右,按顺序来填写,注意neighbor是对端的地址;看图你就知道了
LACP-based;第一是physical and data link。第二是add xx to the existing bundle(2a)。第三是bundle 3。第四是network layer;先底层,加bundle,再3 bundle,最后网络层。;五岁三王
setp1:Validate the physical and data link layers of the 10Gbps link
步骤1:验证10Gbps链路的物理层和数据链路层
setp2:Execute the channel-group number mode active command to add the 10Gbps link to the existing bundle
步骤2:使用channel-group number mode active命令将10Gbps链路添加到现有的bundle中
setp3:Execute the lacp min-bundle 3 command to set the minimum number of ports threshold
步骤3:执行lacp min-bundle 3命令设置最小端口数阈值
setp4:Validate the network layer of the 10Gbps link
步骤4:验证10Gbps链路的网络层
不选
execute the channel-group number mode on command to add the 10Gbps link to the existing bundle.
执行channel-group number mode on命令将10Gbps链路添加到现有的bundle中。
execute the channel-group number mode auto command to add the 10Gbps link to the existing bundle.
执行channel-group number mode auto命令将10Gbps链路添加到现有的bundle中。
A network engineer is adding an additional 10Gps link to an exiting 2x10Gps LACP-based LAG to augmentits capacity. Network standards require a bundle interface to be taken out of service if one of its memberlinks goes down, and the new link must be added with minimal impact to the production network. Drag anddrop the tasks that the engineer must perform from the left into the sequence on the right.Not all optionsare used.
一名网络工程师正在向现有的基于2x10Gps lacp的LAG添加额外的10Gps链路,以增加容量。网络标准要求,如果其中一个成员链接出现故障,必须将捆绑包接口从服务中移除,并且必须在对生产网络影响最小的情况下添加新链接。将工程师必须执行的任务从左边拖放到右边的序列中。并不是所有的选项都被使用。
DHCP;1是发现,2是提供,3是请求,4是确认。;联想马路边捡到1块钱(发现),交给jingcha叔叔手里边(提供),有人来认领(请求),叔叔进行身份(确认)。;首字母,dora都让
1:DHCP discover
DHCP发现
2:DHCP offer
DHCP提供
3:DHCP request
DHCP请求
4:DHCP ack
DHCP确认
MAC&TCAM;TCAM>MAC;MAC有2层和MAC;TCAM有routing和store;
Mac Address Table:
used to make Layer 2 forwarding decisions
records MAC address, port of arrival VLAN and time stamp
Mac地址表:
用于做出第2层转发决策
记录MAC地址,到达端口VLAN和时间戳
TCAM Table:
used to build lP routing tables
stores ACL,QoS, and other upper-layer information
TCAM表:
用于构建lP路由表
用于存储ACL、QoS等上层信息
Cloud和On-Premises(On-Premises<Cloud;有-的单词都是Cloud的;scale除了后接require表示否定外,其他都是Cloud的;hardware硬件,security安全,都是On-Premises的;)
Cloud:internet/provider、easy、recovery、low capital、fast upgrade、pay-as-you-go、scalable deployment、on-demand self-service
On-Premises:hardware/own、security、underutill、high capital、slow upgrade、lower reoccurring cost、longer deployment、complex customization
先选Cloud有scale除后接require外,带-单词除up-front,只要记住cloud有strong,high agile,anywhere,contract,shared,cost usage。
| 对比者 | 设备 | 对象 | 资源 | 资本 | 升级 | 成本 | 部署 | 服务 | |
|---|---|---|---|---|---|---|---|---|---|
| On-Premises | hardware/own | security | underutill | high capital | slow upgrade | lower reoccurring cost | longer deployment | complex customization | |
| Cloud | internet/provider | easy | recovery | low capital | fast upgrade | pay-as-you-go | scalable deployment | on-demand self-service |
Cloud>On-Premise;Cloud有easy to scale和bulit-in和strong;On-Premises有hardware,security和undertutilized;先选Cloud有scale除后接require外,带-单词除up-front,只要记住cloud有strong;
On-Premises要有硬件,特殊要求和未充分利用。Cloud公有云要有简单,强大和自动。
On Premises:
customizable hardware, purpose-built systems可定制的硬件,专用的系统
more suitable for companies with specific regulatory or security requirements更适合有特定监管或安全要求的公司
resources can be over or underutilized as requirements vary随着需求的变化,资源可能被过度利用或未充分利用
Cloud:
easy to scale and upgrade易于扩展和升级
requires a strong and stable internet connection需要强大而稳定的互联网连接
built-in, automated data backups and recovery内置,自动数据备份和恢复
Cloud>On-Premise;Cloud有easy to scale和high agile;On-Premise有requires large和high custom;先选Cloud有scale除后接require外,带-单词除up-front,只要记住cloud有high agile;
Cloud:
easy to scale the capacity up and down
highly agile
云:
易于扩大和缩小容量
非常敏捷
On-Premises:
infrastructure requires large and regular investments
highly customizable
本地:
基础设施需要大量定期投资
高度可定制的
Cloud>On-Premise;Cloud有easily scale和anywhere;On-Premise有investment和capacity;先选Cloud有scale除后接require外,带-单词除up-front,只要记住cloud有anywhere;
Cloud
lt enables users to access resources from anywhere
Capacity easily scales up or down
云
它使用户能够从任何地方访问资源
容量很容易增加或减少
On-Premises
lnfrastructure requires large and regular investments
lt requires capacity planning for power and cooling.
本地
基础设施建设需要大量定期投资
这需要电力和冷却的容量规划
Cloud>On-Premise;Cloud有scalable和pay-as-you-go和contract;On-premises有control/security和but;先选Cloud有scale除后接require外,带-单词除up-front,只要记住cloud有contract;
On-premises:
significant initial investment but lower reoccurring costs初期投资可观,但重复成本较低
company has control over the physical security of equipment公司对设备的物理安全有控制
Cloud:
pay-as-you-go model现收现付制
physical location of data can be defined in contract with provider数据的物理位置可以在与提供商的合同中定义
very scalable and fast delivery of changes in scale非常可扩展和快速交付规模上的变化
Cloud>On-Premise;Cloud有scalable和shared;On-Premises有control和longer deployment;先选Cloud有scale除后接require外,带-单词除up-front,只要记住cloud有shared;
On-Prem:
Requires purpose built applications
Complete control and accessibility完全控制和可访问性
Longer deployment cycle更长的部署周期
Cloud:
Shared ownership and accessibility共享所有权和可访问性
Quick and scalable deployment快速、可伸缩的部署
Cloud>On-Premise;Cloud有improve elasticity和provider-managed;On-Premises有control和cost/CapEx;先选Cloud有scale除后接require外,带-单词除up-front;
On-Premises:
This model enables complete control of the servers.该模型支持对服务器的完全控制。
Costs for this model are considered CapEx.该模型的成本被认为是资本支出。
Cloud:
This model improves elasticity of resources.该模型提高了资源的弹性。
This model reduces management overhead by leveraging provider-managed resources.该模型通过利用提供者管理的资源来减少管理开销。
Cloud>On-Premise;Cloud有able to scale和share和正常cost;On-Premise有control和高cost;先选Cloud有scale除后接require外,带-单词除up-front,只要记住cloud有share,cost usage;
Cloud:
costs based on usage.
able to scale rapidly
shared control of resources.
云:
基于使用的成本。
能够快速扩展
共享资源控制。
On-Premise:
complete control of resources
large up-front costs
内部:
资源的完全控制
高额的前期成本
Cloud>On-Premise;On-Premises有【反例】scalability require和haredware;Cloud有on-demand和thrid-party;scalability需要时间和精力=no scalability;先选Cloud有scale除后接require外,带-单词除up-front;
Cloud:
It provides on-demand scalability
Maintenance is handled by a third party.
On-Premise:
It is responsible for hardware maintenance
Scalability requires time and effort.
云:
它提供按需可伸缩性
由第三方维护。
内部:
负责硬件维护
可伸缩性需要时间和精力。
Cloud>On-Premise;Cloud选-的词,其他都归On-Premise;有self-service;On-Premises有complex和long time;先选Cloud有scale除后接require外,带-单词除up-front;
Cloud:
on-demand self-service
按需自助服务
On-Premises:
long implementetion timeframe
较长的实现时间框架
offers complex customization
提供复杂的定制
Cloud>On-Premise;Cloud选-的词,其他都归On-Premise;On-Premise有only和high;Cloud有cost-effective和third-party;一句话有-单词是Cloud;先选Cloud有scale除后接require外,带-单词除up-front;
Cloud:
Remote access must be arranged via third-party solutions.
This model is cost-effective.
云:
远程访问必须通过第三方解决方案安排。
这种模式是划算的。
On-Premise:
Remote access reuqires an Internet connection only.
Thi model is high-mainternance and has high operating costs.
内部:
远程访问只需要Internet连接。
这种模式是高维护和高运营成本。
Cloud>On-Premise;Cloud有provider和fast upgrade和low capital;On-Premises有hardward和slow upgrade和high capital;考一个Cloud与On-Premise的反义,只需要记住一边,比如云是有提供者,快速升级,低支出;
Cloud-Hosted Infrastructure:
provider maintains the infrastructure提供者维护基础设施
low capital expenditure低资本支出
fast upgrade lifecycle快速升级生命周期
On-Premises Infrastructure:
enterprise owns the hardware企业拥有硬件
high capital expenditure高资本支出
slow upgrade lifecycle升级周期慢
CEF
CEF>PS;PS有low switch;CEF有prorietary switch和多operation;
Process Switching:
low switching performance
流程切换:
开关性能低
Cisco Express Forwarding:
proprietary switching mechanism
supports the centrallzed and distributed modes of operation
思科快速转发:
专有切换机制
支持集中式和分布式两种操作方式
CEF>PS;PS有software和forward decison;CEF有hardware和forward table;
Process Switching:
The router processor is involved with every forwarding decsion.
all forwording decisions are made in software.
流程切换:
路由器处理器涉及到每一个转发决策。
所有的决策都是在软件中做出的。
Cisco Express Forwarding:
The forwarding table is created in advance.
All packets are switched using hardware.
思科快速转发:
转发表已提前创建。
所有的包都是通过硬件交换的。
CEF>PS;PS有software和CPU;CEF有high packet;CEF比PS高咯;Process Switching有两个switching;CEF有high。
Process Switching:进程交换
It is referred as “software” switching
它被称为“软件”切换
It uses General Purpose CPU to perform that switching
它使用通用CPU来执行切换
Cisco Express Forwading:思科快速转发:
lt is used when you have to perform in high packet volume
它用于必须在高数据包容量下执行的情况
Chef
Chef>Salt(因为厨师用盐还有其他);Chef有procedural作品和Ruby老语言;Salt有declarative和Python新语言;Ruby比python老;厨师也是比较程序化pro;盐古代是要公告的,才能卖;procedural类似product作品,厨师有作品很正常;declarative类似delete减少salt减少盐;
Chef:
uses Ruby
procedural
厨师 /主厨 /大厨 /总厨
使用Ruby
程序化 /程序性的 /过程式的 /过程化的
SaltStack:
declarative
uses Python
经验 /功能及工作原理介绍
公告的,宣言的;陈述的,叙述的
使用Python
Chef>Salt(因为厨师用盐还有其他);Chef有procedural作品和knife刀;SaltStack有declarative说明和SSH安全传输;
Chef:
procedural
communicates using knife tool
厨师:
程序化 /程序性的 /过程式的 /过程化的
使用刀具通讯
SaltStack:
declarative
communicates through SSH
经验:
公告的,宣言的;陈述的,叙述的
通过SSH通讯
Procedural>Declarative;Declarative只是声明,没有说明实现,Procdural定义了实现程序;Procedural:tool,command;Declarative:syntax,want;
Procedural:
Puppet is a tool that uses this configuration model
This model defines a set of commands that must be executed in a certain order for the system to achieve the desired state.
程序化 /程序性的 /过程式的 /过程化的
Puppet就是使用这个配置模型的工具
该模型定义了一组命令,这些命令必须以一定的顺序执行,系统才能达到所需的状态。
Declarative:
Administrators require deep syntax and context kenowledge for the configured entities.
This model states what is wanted but not how it is achieved.
声明:
管理员需要对配置的实体有深入的语法和上下文知识。
这种模式说明了想要什么,但没有说明如何实现。
agent
agent-base&agentless;安赛波无实物无代理,厨师有实物;puppet木偶有实物有代理,salt有实物,ansible安赛波没实物;Puppet>Ansible,所以Puppet有代理,Ansible无代理;
agent-based:
Puppet、SaltStack
基于代理:
木偶、经验
agentless:
Ansible
无代理的:
安塞波
agent-base&agentless;安赛波无实物,厨师有实物;厨师要基础base;
Agentless:
Ansible
Terraform
无代理的:
安塞波
资源编排
Agent-Based:
Chef
基于代理:
厨师
Puppet>Ansible(两个p>an一个);安赛波无实物无代理和intent-based;puppet木偶有实物有代理和before;Ansible有一个agent和ing;
Puppet:
agent or agentless automation platform
assesses the impact of changes before applied
木偶:
代理或无代理自动化平台
在应用变更之前评估变更的影响
Ansible:
agentless automation platform
provides intent-based networking feedbackloop
Ansible:
无代理自动化平台
提供基于意图的网络反馈循环
Puppet>Ansible(两个p>an一个);安赛波无实物无代理用推push,需要用到手procedural;puppet木偶有实物有代理用pull拉,需要用到口declarative;Ansible有primary/secondary,push;Puppet有multi-master,pull;push和ansible都有s;puppet和pull都有重复的字母;Ansible有an提示primary一级;
Ansible:安塞波
utilizes a push model利用推送模型
primary/secondary architecture一级/二级架构
Puppet:傀儡
utilizes a pull model利用拉模型
multi-master architecture多主架构
Puppet>Ansible(两个p>an一个);安赛波无实物无代理用推push,需要用到手procedural;puppet木偶有实物有代理用pull拉,需要用到口declarative;Ansible有prodect book产品书、Puppety有pull declarative拉起公告;Ansible有play,prode、Puppet有pull和declarative;
Ansible:
uses playbooks使用剧本
procedural程序化 /程序性的 /过程式的 /过程化的【手】
Puppet:木偶
uses a pull model使用拉模型
declarative公告的,宣言的;陈述的,叙述的【口】
LISP
LISP;ITR有site;resolver解析有request请求;server服务有learn学习;proxy代理有LISP to non-LISP;resolver和request都有re;server和learn;ETR与ITR都有receive,ITR有interface,都有i。ETR有site,et和te;解析器resolver解析啥,就是解析request请求、服务器server负责learn、代理proxy负责receive traffic接收流量、receive packet接收包;
LISP map resolver:accepts LISP encapsulated map requests
LISP映射解析器:接受LISP封装的映射请求
LISP map server:learns of EID prefix mapping entries from an ETR
LISP映射服务器:从ETR学习EID前缀映射项
LISP proxy ETR:receives traffic from LISP sites and sends it to non-LISP sites
LISP代理ETR:接收来自LISP站点的流量,并将其发送到非LISP站点
LISP ITR:receives packets from site-facing interfaces
LISP ITR:接收面向站点接口的报文
LISP;ITR对应site;resolver解析有request请求;RLOC对应router;
RLOC:lPv4 or PV6 address of anegress tunnel router that is lnternet facing or network core facing
ITR:encapsulates LlSP packets coming from inside of the LISP site to destinations outside of the site
map resolver:receives map-request messages from lTR and searches for the appropriate ETR by consulting mapping database
map server:none
RLOC:面向internet或面向网络核心的出口隧道路由器的lPv4或PV6地址
ITR:封装来自LISP站点内部到站点外部的LlSP报文
地图解析器:从lTR接收地图请求消息,并通过咨询地图数据库搜索适当的ETR
地图服务器:没有
LISP;ETR有site;server服务有learn学习;EID有endpoint;
EID:IPv4 or IPv6 address of an endpoint within a LISP site
EID: LISP站点中端点的IPv4 或IPv6地址
map server:network infrastructure component that learns of EID-prefix mapping entries from an ETR
映射服务器:从ETR学习eid前缀映射条目的网络基础设施组件
ETR:de-encapsulates LISP packets coming from outside of the LISP site to destinations inside of the site
ETR:将来自LISP站点外部的LISP数据包解封装到站点内部的目的地
QoS
QoS;policing>shaping;policing有dropped和no delay;shaping有buffers和delay;policing有TCP和no。shaping有buffer缓冲器和delay延迟;警察安全不丢失,定型过多延迟又延迟;警察安全无丢失;定型过多延迟又延迟
traffic policing:流量监管
causes TCP retransmissions when traffic is dropped导致TCP重传时流量下降
introduces no delay and jitter引入无延迟和抖动
drops excessive traffic减少过多的流量
警察产生介绍不丢失
traffic shaping:流量定形
buffers excessive traffic缓冲过多的流量
introduces delay and jitter引入延迟和抖动
typically delays,rather than drops traffic通常是延迟,而不是减少交通
定型缓冲介绍电信
QoS;Mark和convey(Mark和information标记信息),Classification和distinguish(Class和type分类类型),shapping和buffer缓冲(shap和rate定型速率),Trust和permits(放行信任);定型过量
applied on traffic to convey Information to a downstream device:Marking
应用于流量,将信息传递给下游设备:做记号
distinguish traffic types:Classification
区分交通类型:分类
process used to buffer traffic that exceeds a predefined rate:shapping
用于缓冲超过预定义速率的流量的进程:定型
permits traffic to pass through the device while retaining DSCP/COS values:Trust
允许流量通过设备,同时保留DSCP/COS值:信任
联想:应用记号,区分类别,定型进程,信任允许
QoS;DSCP有IP,map有scheduler,service;两个mechanism对应两个policy,service有QoS,map有forward;地图有转发;
service policy:mechanism to apply a QoS policy to an interface
policy map:mechansim to create a scheduler for packets prior to forwarding
DSCP:portion of the IP header used to classify packets
service policy:将QoS策略应用到接口上的机制
策略映射:在转发前为数据包创建调度程序
DSCP:IP报头中用于对数据包进行分类的部分
QoS;两个portion对应两个缩写,DSCP有IP,Cos有802.1Q;两个mechanism对应两个policy,service有QoS,map有forward;shaping有delay,policing有limit,
policy map:mechanism to create a scheduler for packets prior to forwarding
service policy:mechanism to apply a QoS policy to an interface
DSCP:portion of the IP header used to classify packets
Cos:portion of the 802.1Q header used to classify packets
shaping:bandwidth management technique which delays datagrams
policing:tool to enforce-rate-limiting on ingress/egress
策略映射:在转发数据包之前为数据包创建调度程序的机制
service policy:将QoS策略应用到接口上的机制
DSCP:IP报头中用于对数据包进行分类的部分
Cos:用于对报文进行分类的802.1Q报头的一部分
整形:延迟数据报的带宽管理技术
监管:对进入/出口执行速率限制的工具
安全
AAA;ACE group,AAA RADIUS,case-sensitive format,if;不要non和没有AAA的ACE;注意四个顺序还有前后顺序要求;ACE group、AAA RADIUS、case-sensitive、if;短A,长A,长local,if如果;
AAA servers of ACE group:ACE集团AAA服务器
AAA servers of AAA RADIUS group:AAA RADIUS组的AAA服务器
local configured username in case-sensitive format:本地配置的用户名,区分大小写
if no method works,then deny login:如果没有有效的方法,则拒绝登录
AAA servers of AAA RADIUS group:AAA RADIUS组的AAA服务器
local configured username in non-case-sensitive format:本地配置的用户名,不区分大小写
local configured username in case-sensitive format:本地配置的用户名,区分大小写
AAA servers of ACE group:ACE集团AAA服务器
tacacs servers of group ACE:tacacs组ACE服务器
if no method works,then deny login:如果没有有效的方法,则拒绝登录
An engineer creates the configuration below. Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used.工程师创建下面的配置。将身份验证方法从左边拖放到右边的优先级顺序中。并非所有选项都被使用。
ACL;先permit靠action drop拒绝;permit、permit、action drop、action forward
Refer to the exhibit.An engineer must deny HTTP traffic from host A to host V while allowing all othercommunication between the hosts , drag and drop the commands into the configuration to achieve theseresults.参考展品。工程师必须拒绝从主机A到主机V的HTTP流量,同时允许主机之间的所有其他通信,将命令拖放到配置中以实现这些结果。
REST API;公共API资源是安全库。HTTP要有用户和密码。API依赖Token。OAuth依赖身份提供者。;secure和public、basic有用户和密码(最基本也要有用户和密码)、token和secret、oauth有autho;
Secure Vault:Public API Resources
安全库:公共API资源
HTTP Basic Authentication:Username and Password in an enciosed string
HTTP基本身份验证:用户名和密码在一个附带的字符串
Token Based Authentication:API Dependent Secret
基于令牌的身份验证:API相关的秘密
OAuth:Authorization through ldentity Provider
OAuth:通过ldentity Provider进行授权
26d04e8c68c624b.png)
无线
wireless elements;gain对increase、radiation对show、beamwidth对measure、polarization对influence;gain increase增益提高;gain和given都有gin;patterns和space都有pas;beamwidth和below都有bew;
gain:the relative increase in signal strength of an antenna in a given direction
增益:天线在给定方向上信号强度的相对增加
radiation patterns:a graph that shows the relative intensity of the signal strength of an antenna within its space
辐射模式:显示天线在其空间内信号强度的相对强度的图形
beamwidth:measures the angle of an antennapattern in which the relative signal strength is half-power below the maximum value
波束宽度:测量天线模式的角度,其中相对信号强度低于最大值的一半功率
polarization:radiated electromagnetic waves that influence the orientation of an antenna within its electromagnetic field
极化:在电磁场范围内影响天线方向的辐射电磁波
应用
CM>Orchestration;CM:mutable,exist;O:immutable,provision;
Configuration Management:
mutable infrastructure、designed to install and manage software on existing servers
Orchestration:
immutable infrastructure、designed to provision the servers
配置管理:可变的基础设施,用于在现有服务器上安装和管理软件
配器法 /编排 /配器 /编配:不可变的基础设施,用于提供服务器
CM>Orchestration;Configuration Management有con提示consistent、有an提示Ansible。Orchestration;CM有ansible安塞波和consistent基础。orchestration有puppet木偶和automation自动化。;CM有an和en(an:ansible;en:enable);o有pp和do。
Configuration Management:配置管理
Ansible is used for this type of technology.Ansible用于这种技术。
This type of technology enables consistent configuration of lnfrastructure resources.这种类型的技术可以实现基础设施资源的一致配置。
Orchestration:编配
Puppet is used for this type of technology.Puppet用于这种类型的技术。
This type of technology provides automation across multiple technologies and domains.这种类型的技术提供了跨多个技术和领域的自动化。
threat defense;watch有analy,ESA有email,AMP有malware,FTD有IDS,Umb有DNS;
AMP4E:provides malware protection on endpoints.
FTD:provides IPS/IDS capabilities.
StealthWatch:performs security analytics by collecting network flows.
ESA:protects against email threat vector.
Umbrelia:provides DNS protection.
AMP4E:提供终端恶意软件保护。
FTD:提供IPS/IDS能力。
StealthWatch:通过收集网络流执行安全分析。
ESA:防范电子邮件威胁向量。
雨伞:提供DNS保护功能。
threat defense;watch有analy,WSA有web,ISE有pxGrid;Web Security Applicance有web;ISE有pxGrid;StealthWatch的watch有analy;
Web Security Appliance:detects suspicious web activity.
StealthWatch:analyzes network behavior and detects anomalies.
Identity Services Engine:uses pxGrid to remediate security threats.
Web安全设备:检测可疑的Web活动。
StealthWatch:分析网络行为,检测异常。
Identity Services Engine:使用pxGrid修复安全威胁。
Cisco DNA Center API;delete对remove。put对应update。get对应extract。post对应create。;put提高就是update升级,get得到extract提取,post工作create创建;post邮寄element元素;put和update的pu和up相反;get和extract的et和ext都有et;
DELETE:remove an element using the API使用API删除一个元素
PUT:update an element更新元素
GET:extract information from the API从API中提取信息
POST:create an element创建一个元素
VSS;2、4500+6500、geograp地理;two,series,separated;两份礼系列
VSS:
combines exactly two devices
恰好结合两个设备
supported on the Cisco 4500 and 6500 series
支持思科4500和6500系列
supports devices that are geographically separated
支持地理位置分离的设备
combines exactly two devices:恰好结合两个设备
supported on Cisco 3750 and 3850 devices:支持思科3750和3850设备
supported on the Cisco 4500 and 6500 series:支持思科4500和6500系列
supports devices that are geographically separated:支持地理位置分离的设备
supports up to nine devices:最多支持9台设备
uses proprietary cabling:使用专用布线
virtual component;DK=disk drive file,X=configuration file,NIC是接口有send,OVA是ova与zip相似;
VMDK:file containing a virtual machine disk drive
VMX:configuration file containing settings for a virtual machine such as guest OS
vNIC:component of a virtual machine responsible for sending packets to a hypervisor
OVA:zip file containing a virtual machine configuration file and a virtual disk
VMDK:虚拟机磁盘驱动器的文件
VMX:包含虚拟机(如客户操作系统)设置的配置文件
vNIC:虚拟机组件,负责向hypervisor发送数据包
OVA:zip文件,包含虚拟机配置文件和虚拟磁盘
PIM Dense Mode;build要source不要share,use要push和prune不要pull;要source-base不要shared;要push不要pull;要stop不要deliver;source、push、prune原退件;use不要pull;build不要share;
PIM Dense Mode:PIM密集模式:
uses a push model to distribute multicast traffic使用推模型分配多播流量
builds source-based distribution trees构建基于源代码的分发树
uses prune mechanisms to stop unwanted multicast traffic使用剪枝机制来停止不需要的多播流量
uses a pull model to distribute multicast traffic.使用拉模型来分配多播流量。
builds shared distribution trees.构建共享分布树。
requires a rendezvous point to deliver multicast traffic.需要一个集合点来传送多播通信。
![[软件工程导论(第六版)]第3章 需求分析(课后习题详解)](https://img-blog.csdnimg.cn/4c778e1d5cb54e648742e2fea5fe8afc.png)
