Tải bản đầy đủ - 0trang
4 Using FreeNX to Run Linux from Solaris, Mac OS X, or Linux
NSS—Name Service Switch
A part of many Unix and related systems that defines how lookups for information
relating to the environment of the machine are made. By default, most lookups
for names such as user passwords, groups, hosts, and so on are done via files
such as /etc/passwd or /etc/hosts. The Name Service Switch allows lookups using
other databases to discover the same information, and defines the order in
which those databases are accessed. It is through configuration of this switch
that a Linux system can be used on a Windows domain, with the Winbind NSS
module providing users and groups from a Windows domain.
NTP—Network Time Protocol
A protocol designed to allow computers on a network to synchronize their
clocks, taking into account the variable latency on a packet switched network.
Using NTP, it’s possible for all computers on a network (like the Internet) to
have clocks synchronized to within hundredths of a second. This is required for
some network activities, such as Kerberos authentication, which in part relies
upon accurate timestamps.
Null modem cable
A cable that allows a PC to connect directly to another PC via serial ports. Similar to a normal modem cable (except where receive/transmit lines would go
straight through to transmit/receive pins on the modem), a Null modem cable
swaps the lines inside the cable, allowing the two PCs to communicate using the
same serial connection software and serial ports used to connect to a modem.
NVRAM—Non-Volatile Random Access Memory
Unlike the normal RAM inside a PC, NVRAM doesn’t lose its contents when
power is removed. Various forms of NVRAM generally come with disadvantages compared to normal RAM—it’s often slower, requires more power to read,
and many times more to write, and may wear out with the masses of writing that
normal RAM requires. Different forms of NVRAM are most often used to store
some settings within a device, where only occasional writes are required, but it
can also serve as a silent replacement for a small hard drive. Flash memory is the
most well-known form of NVRAM.
Within the context of SNMP, a unique identifier referring to an object within a
Management Information Base (MIB) used to store information and settings
related to a network device. The OID is represented as a string of numbers separated by dots, and refers to an object’s position in the tree structure of the MIB.
For example, 220.127.116.11 would be a sibling of 18.104.22.1680, and both are children of
1.3.4. The object and the information it contains can be anything relevant to the
device’s operation, from the name of the device to the speed of fans, memory
usage, bandwidth usage, or the number of hamster wheels in use.
OSPF—Open Shortest Path First
A link-state routing protocol, implemented by routers to dynamically adjust
routing to changing network conditions. An OSPF router multicasts information to other routers when changes have occurred around its network, as well as
routine updates every 30 minutes. From this information, each individual OSPF
router builds a link-state database that contains a representation of the entire
topology of the network in tree form, with the router itself at the root. When a
router needs to forward a packet, it can use its copy of the link-state database to
calculate the best path from the root (itself) to the destination on the tree, using
a path cost as its routing metric (as opposed to RIP’s hop count). In a practical
sense, path cost is mainly determined by link speed over a given route, so a
packet is forwarded toward the fastest of multiple routes. As a network grows
larger, routers will spend more time and bandwidth talking to each other, which
consumes valuable bandwidth just keeping the network together. OSPF
addresses this issue by allowing the division of a network into areas. Areas must
all be connected to a common backbone, and the routers inside each area only
need to contain the topology for that area, with border routers communicating
between different areas. (See also RIP.)
Filtering by the attributes of a packet entering a device or network. Attributes
may include the source or destination address for the device, the port, connection type, elements of the data payload, or any other number of detectable
attributes of the packet.
A packet switched network breaks information to be transmitted into discrete
packets, each of which is sent over a shared network used by multiple machines
or users. Each individual packet contains information pertaining to its source
and destination, and does not require a dedicated path to reach its destination;
indeed, packets may travel between the same source and destination using different paths. Multiple users may transmit packets over the same connection at the
same time, independently of one another. (Contrast with Circuit switching.)
PAM—Pluggable Authentication Modules
A system whereby applications that require authentication can use many kinds
of authentication, all using the same API. An application only needs to know it is
using PAM, and the relevant modules provide one of many kinds of authentication, transparently.
Appendix B: Glossary of Networking Terms
PBX—Private Branch eXchange
A PBX was originally a private telephone exchange that handled a business’ own
internal telephone requirements, so that an entire building’s internal phone calls
wouldn’t need to use the costly public phone network. Now, a PBX is any system that handles in-house telephony, from manual exchanges to VOIP systems
that route telephony over IP networks.
PCI—Peripheral Component Interconnect
The PCI Standard defines a 32- or 64-bit parallel bus for connecting devices to a
computer motherboard. Peripherals connected via a PCI bus vary widely, including graphics cards, network cards, modems, disk controllers, and other I/O
devices. The original PCI bus specification consisted of a 33 MHz 32-bit bus,
and has been revised multiple times, culminating in PCI-X running up to 533
MHz with 64-bit signalling. PCIe (also called PCI Express) is a far faster interface that is physically and electrically very different to PCI, but retains software
compatibility; i.e., an operating system written to talk to PCI devices won’t be
confused when it finds it’s running on a PCIe system.
PDC—Primary Domain Controller
A server catering to Windows NT style domains that can give a user access to
multiple resources on a network with the use of one login. NT Server domains
have one Primary Domain Controller, and optionally multiple Backup Domain
Controllers. While the Primary Domain Controller contains the database of
accounts and privileges in a read/write form, each Backup Domain Controller
gets a full backup of the database, but is read-only. If needed, a PDC can be
removed and a BDC can be promoted to PDC. Under Linux, Samba can perform as a PDC. (Contrast to Active Directory, which supersedes NT-style
PKI—Public Key Infrastructure
A system that handles the work of creating public-key certificates containing
identities tied to public keys and signed by a certificate authority (CA). The PKI
can publish the public-key certificates to those who wish to communicate with
the keys’ owners, and verify that a certificate containing some public key and
identity is genuine, so the public key can be trusted to belong to the owner
In its most common form, PPP is used to provide an OSI layer 2 (data link)
between two nodes over a serial modem connection to allow TCP/IP to function
and give a computer Internet access. Defined within PPP’s specification is Link
Control Protocol (LCP), which automatically configures the interfaces at each
end of the PPP connection. PPP is also used as part of PPP over Ethernet (PPPoE)
for some ADSL connections, and PPP over ATM (PPPoA) for some ADSL and
Cable Internet connections.
PPTP—Point-to-Point Tunneling Protocol
A protocol used to create a VPN over an IP-based network such as the Internet.
Network protocols on the original networks are sent over a regular PPP session
using a Generic Routing Encapsulation (GRE) tunnel. A PPTP VPN can be
encrypted using Microsoft Point to Point Encryption (MPPE), but the implementation isn’t particularly secure in comparison to the SSL-based OpenVPN.
QoS—Quality of Service
Any system whereby packets zipping around your network are handled in different ways according to their importance and need. Applications sending/receiving
data don’t all require the same performance from the network; VoIP may have
strict requirements for low delay, high quality video may need consistent high
throughput, an SSH session may require little bandwidth but must be highly
responsive, and network warnings to on-call admins (you really do want to
know when your most critical servers have something to complain about) absolutely must get through.
RAS/RRAS—Remote Access Service, Routing & Remote Access Service
RAS is Windows NT’s Remote Access Service, which allows the sharing of network services over a dial-up connection. A remote user would dial in to a server,
and then have the same access to the server’s network as if they were connected
to it physically.
RRAS is the equivalent to RAS in Windows 2000 Server and above, which not
only provides dial-up remote access, but also a VPN server, IP Routing, and
RDP—Remote Desktop Protocol
The protocol used by client software to connect to a remote Windows computer
running Microsoft Terminal Services, and to use that computer as if it were the
local machine. Currently, the server software only runs on Windows, but clients
are available for other operating systems, including Linux, Mac OS X, BSDs, and
Solaris. RDP not only allows the remote machine to display graphics on the local
screen, but applications on the remote can play audio and use serial ports, parallel ports, and printers on the local device.
Not all Windows computers can run an RDP service; notable exceptions are
Windows XP Home Edition and Windows Vista Home Basic or Home Premium.
Appendix B: Glossary of Networking Terms
RFC—Request For Comments
Documents containing standards, technical, and organizational information
about the Internet. An individual RFC is not necessarily a standard or even a
proposed standard, but may be published to provide information about how
other standards work in practice when applied to the Internet, to provide information on de facto adopted standards, or to convey new concepts related to the
Internet. RFCs are serialized, and referred to by number; for example, RFC 4406
is a document covering an experimental protocol for email authentication.
Anyone may publish a document to the Internet Engineering Task Force for inclusion as a possible RFC. The official source for RFCs is http://www.rfc-editor.org/.
RIP—Routing Information Protocol
A method by which routers within a network are able to adapt to changing
network conditions (such as a downed router or suddenly congested links) by
communicating to other routers. About every 30 seconds, a RIP-enabled router
multicasts its routing table to any other connected routers, and can be triggered
to do the same on certain events for quick response to sudden changes. As a
distance-vector routing protocol, RIP uses the hop count of a destination to
detect the most desirable path to route packets, but limits the number of hops to
15 to prevent routing loops. This creates a limit to the size of a network that can
be supported by RIP, as anything more than 15 hops away appears not to exist
to RIP routers. RIP benefits from simple configuration and low processing
requirements, so for a relatively small LAN, RIP may be ideal. (See also OSPF.)
IP Routing is the process of path selection for packets traveling through an IPbased network. Compared to bridging, which automatically discovers the route
that network traffic takes between multiple network segments, and does so via
OSI Layer 2 (the data link layer), routing relies upon a coordinated OSI Layer 3
(network layer) network, and uses the IP addresses of packets to decide where to
forward them. Routing is usually controlled by pre-constructed routing tables
that define where a packet should go. Each router only needs to know where a
packet should be sent on its next hop, and doesn’t know nor care what happens
afterward; the next hop plus one is the responsibility of the next router, and so
on through the network until a packet reaches its destination.
SBC—Single Board Computer
A computer where everything needed to function is on a single board (mostly). A
desktop computer can require a whole load of different boards and accessories
to make it work. There’s the motherboard, some RAM modules, a hard drive, a
graphics card, a keyboard, and a mouse—and that’s just for a basic system
without including extra storage, exotic graphics setups, extra USB ports, or
specialized sound and media cards. On the other hand are the single board computers with much more modest hardware. A fanless basic processor, RAM, flash
RAM storage, multiple networking ports, and serial connections all on the one
board is the norm. There may be some basic expansion available, but it’s not
necessary for most operations. The idea is that many specialized repetitive tasks
like routing, firewalls, and some services can be handled by computers at about
the speed of an early Pentium, and that’s where these boards fit. Just cram it in a
box, add power and an operating system to its flash RAM, and you’re on your
Any PC, laptop, or PDA that controls another machine via the serial port. Some
folks think that only a real hardware serial terminal, like a Wyse terminal, can be
called a console. Using an old PC for a serial console is a nice way to get a few
more years’ life out of an old machine.
SIP—Session Initiation Protocol
The SIP protocol is probably the most popular VoIP protocol in use now. Commercial VoIP providers like Vonage use SIP. SIP is not a multimedia protocol
itself, but rather carries any type of audio or video stream, and it creates, modifies, and terminates sessions between at least two endpoints.
SLA—Service Level Agreement
A formal agreement that defines the level of service to be expected from a provider of those services. For example, with an Internet connection, an SLA may
define the percentage of time a connection remains open and fully usable, the
average time before the helpdesk answers their phones, or the average time taken
for problems to be fixed. An SLA can also lay out billing reductions for the client or penalties for the provider if they fail to honor the level of service
A Smurf attack is a form of Denial of Service attack that exploits the response of
computers on a network to a broadcast ICMP echo request (a ping). The basic
element of a Smurf attack is a single ICMP echo request carrying a faked source
IP address, sent to a broadcast address. The routing device that receives the echo
request then broadcasts the single request to all IP addresses covered by that
broadcast address, and each one sends back an ICMP echo response directed to
the faked source IP address. In this way, a single ping request from somewhere
on the Internet can generate a much larger ping response to the faked source
address (the victim). Floods of such pings can multiply the response hundredsfold, and overwhelm the network connection or computer at the faked source IP.
SNMP—Simple Network Management Protocol
SNMP consists of managers (stations that oversee devices on a network) and
agents (inside a network device itself) communicating through a simple language. Using SNMP, a manager is able to read information from an agent, or
Appendix B: Glossary of Networking Terms
read and write information depending on the permissions it has to that agent.
Information within agents is stored by objects within a Management Information Base (MIB), and those objects may contain a wide range of information
about a device such as settings, usage statistics, performance data, or physical
properties (e.g., temperature or fan speed).
SOHO—Small Office/Home Office
A term applying to a small business with up to about 10 users. Computing
equipment labeled SOHO may be designed with some features typically for business use, but not necessarily capable of handling the requirements of large
organizations with hundreds of users.
A package for Red Hat-based Linux systems that contains source code and a
spec file that lets the rpm utility compile and build an RPM package. The resulting RPM package can then be installed and managed like any other RPM.
A protocol that allows the opening of a secure, encrypted channel between two
computers with secure authentication. SSH is most often used to provide a
secure shell to log in to a remote machine, but also supports file transfers, TCP,
and X11 tunneling.
SSL/TLS—Secure Sockets Layer/Transport Layer Security
SSL and TLS are similar, related protocols for providing secure data transmission and authentication over networks, including the Internet. SSL was originally
developed by Netscape in 1994, and was revised to become SSL 3.0 in 1996,
which became the base of TLS. TLS 1.1 is the current version of the protocol. An
SSL/TLS connection is started by a client requesting a secure connection to a
server. The client and server decide on the strongest cipher and hash function
they both share, and the server presents a digital certificate that can be checked
by the client with the issuing certificate authority. Within the server’s certificate
is its public key, which the client uses to encrypt a random number to send to
the server. If the connection is genuine, the server is able to decrypt the message
and the server and client now have a matching secret random number that can
be used to generate keys for data transfer. Now that this handshaking is
complete, the server and client may communicate over a secure connection. The
client may also present a digital certificate as part of the handshaking process, so
that the server, too, can verify the client’s identity.
State (packet filtering)
Filtering on the known state of a packet, identified by previous network activity.
A single packet coming from a random machine on the Internet may be dropped
by a firewall, or it may be accepted, depending on the known state. For example, a machine behind a firewall may request a web page from a web server. The
web server then sends a response back, and the firewall allows the response
because it knows a machine requested information from that server. The same
response from the web server would be denied if there had been no original
request passing through the firewall. While there was not necessarily any information within the packet that defined whether it was a valid response to be
passed through, its state was derived by the firewall through previous activity
between the two hosts.
A Static address is one meant to be matched to a particular computer, so that it
always has the same address. Necessary when you have a server on a network,
and must know a permanent IP address in order to use it. (Contrast with a
In the context of an IP-based network, a subnet is a group of related IP addresses
all beginning with the same binary network part, and ending in a unique binary
sequence identifying the host within the subnet. An example might be the IP
address 192.168.100.12 with subnet mask of 255.255.255.0. The first 24 bits of
the address, shown by bits in the subnet mask, reveal which part is the network
address (192.168.100.0), with the last 8 bits correspond to the hosts part (12 in
this case). The entire subnet thus spans the address range 192.168.100.0 to
192.168.100.255. Dividing a network into subnets in this hierarchical sense
keeps routing easy, as the IP addresses within a subnet can all be derived from
the network address.
At first glance, a switch may look very similar to a hub, but it will act far more
intelligently. Switches take note of the addresses of connected computers in
order to send only data to the correct machine. For example, a packet arrives in
a port on a switch, and is destined for one particular machine connected via
another port. The switch has previously paid attention to which machines are
connected to which port, and forwards the packet out only to the correct
machine. An unmanaged switch has no configuration options, and simply connects to multiple network computers. A managed switch can be configured for
various network fine tuning, such as limiting speed on certain ports, QoS, SNMP
reporting/control, link aggregation, and so on. (Contrast with Hub.)
Part of opening a new TCP connection. When a client wishes to connect to a
server on the Internet, it first sends a SYN packet to the server. The server
responds back with a SYN-ACK (an acknowledgment), and the client returns a
SYN-ACK-ACK (another acknowledgment). Both acknowledgments together
indicate that the server can talk to the client, the client can talk to the server, and
a TCP connection is now open for use between the two hosts.
Appendix B: Glossary of Networking Terms
TCAM—Ternary Content Addressable Memory
Unlike normal RAM in a computer where data is stored in many addresses and
the RAM can only be queried for the contents at a given address, Content
Addressable Memory (CAM) works in the other direction. CAM is provided
with content, then searches its memory in order to return a list of addresses
where the content was found. With RAM, a search requires software to repeatedly read from a memory address, compare the contents of memory to the
content being searched for, then move on to the next address, repeating until the
area of RAM to be searched is exhausted. With CAM, content can be provided,
and the list of addresses containing that content is returned in one operation,
which provides a phenomenal speedup for searching the contents of memory.
Ternary Content Addressable Memory takes this a step further. With normal
CAM, the stored data is only in the form of bits—a word at an address may be
10011101, but TCAM may contain a third state of “don’t care” or “X” in memory—so a word at an address could be 10011X01, which would match the
search for 10011101 and 10011001. CAM and TCAM are often used in switches
and routers to store MAC lookup tables and routing tables, respectively. A
router may have a network address in memory, and when a packet arrives to be
routed, its destination IP address can be searched for in TCAM, which will
instantly return the address of a routing table entry for its destination address,
stored with only the network part of the destination network as 1 or 0, and host
part as X. CAM and TCAM are far more complex, expensive, and power-hungry
memory-wise than normal RAM, but are necessary for applications like routing
where a search through a routing table must be done thousands or millions of
times per second.
TCP—Transmission Control Protocol
One of the central protocols essential to the function of the Internet, TCP allows
applications to create connections that, once established, the applications can
stream data across. TCP stacks in an operating system do the hard work of splitting the stream of data into segments with a sequence number, and sending
them out over an IP-based network. At the remote end, the TCP stack acknowledges packets that have been received (so that missing packets can be resent)
and reassembles received packets in the correct order to provide an in-order data
stream to the remote application.
TLS/SSL—Transport Layer Security/Secure Sockets Layer