Port Roles in RSTP in network security level

 To build a loop-free topology, switches (bridges) determine the root bridge and compute the port roles. To do this, the bridges use special data frames called Bridge Protocol Data Units (BPDUs) that exchange bridge IDs and root path cost information. BPDUs are exchanged regularly, typically at two second intervals, and enable switches to keep track of network topology changes and to start and stop forwarding on ports as required. Hosts should not send BPDUs to the switch ports and to avoid malfunctioning/malicious hosts from doing so, the switch can filter or block BPDUs. If you enable BPDU filtering on a port, BPDUs received on that port are dropped but other network traffic is forwarded as usual.  If you enable BPDU blocking on a port, BPDUs received on that port are dropped and the port is shut down.

Port Roles in RSTP

Root Port (one per bridge): The forwarding port on each bridge which is on the best path to reach the root bridge.

Designated Port: The forwarding port for each LAN segment that leads away from the root bridge.

Alternate Port: An alternative path to the root bridge on a particular LAN segment, which is part of a bridge other than the one that has  a designed port for the LAN segment.  Alternate port is the second best root port.

Backup port: A backup/redundant port for the segment that already has one designated port. This port leads away from the root port.

Disabled: A port which is manually disabled and is not a part of STP.

Port States in RSTP

Discarding: No data is exchanged over the port.

Learning: Frames are not forwarded, but the MAC address table is populated.

Forwarding: Fully functional.

Switches in RSTP expect a BPDU every 2 seconds (hello time) and if they do not receive a BPDU for 6 seconds (3 hello time intervals), it is considered to be a link failure. This is significantly faster than the STP link failure detection time of 20 seconds, dictated by the max age timer. RSTP can actively confirm if a port can safely be transitioned to the forwarding state without having to rely on the timer mechanism. Ports can be configured as edge ports if they are attached to a LAN that has no other bridges connected to it. Such a port can transition directly to the forwarding state, but it loses the edge port status as soon as it receives a BPDU. RSTP achieves rapid transition to the forwarding state on edge ports and point-to-point links (operating in full-duplex mode) but not on shared links (i.e., ports connected to a shared medium, hence operating in. half-duplex mode)

If network connections form loops and STP is disabled, packets are forwarded indefinitely across the switches, causing degradation of network performance. STP supports limited Layer 2 multipathing and can result in sub-optimal utilization of available network links. Therefore, a fabric of switches does not rely only on RSTP within the boundaries of the network. Pluribus Networks recommends the use of RSTP for ad hoc networks that inter-operate in a heterogeneous, multi-vendor switch environment.

More about : computer security engineer



Comments

Post a Comment

Popular posts from this blog

Enabling the Computer Browser service for Windows Server

  You can configure a computer so that it does not send announcements to browsers on the domain. If you do so, you hide the computer from the Browser list, which can help reduce network traffic. Editing the Registry 1. Open the registry editor and go to Microsoft Registry 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters 2.From the Edit menu, choose Add Value and type: Hidden Note: This value is case sensitive and must begin with a capital H. 3.In the Data Type field, choose REG_DWORD and choose OK. 4.In the Data field, type 1 to enable hiding and choose OK. 5.Restart your computer. Using the NET CONFIG SRV command This setting can also be changed using the following command: net config server /hidden:yes|no To hide the computer from the Browser List, type net config server /hidden:yes at the command prompt, and then press ENTER. To unhide the computer from the Browser list, type net config server /hidden:no at the command Find more :  lanmanserver windows
Read more

The Advantages of Authentication

There are numerous advantages of authentication systems which are used to identify the user of a home, ATM or a security clearance computer system. The main purpose of these systems is to validate the user's right to access the system and information, and protect against identity theft and fraud. While there are still drawbacks with some systems, as the business world and the electronic marketplace become more complex, the advantages of authentication are ever more obvious. Password Based Authentication The use of a password and username is the most common form of authentication used and is generally considered the cheapest and most convenient method. This requires the user to provide and remember a key containing a specified amount of alpha and numeric characters in relation to a username or e-mail address which must be correct at each login. Passwords saved on a network can be encrypted to prevent theft by employee or programs designed by hackers. Device Based Authenticatio
Read more

Server Work Queues of networking

  This is something you should only measure on your Terminal Server(s). You should monitor the "current commands" in the Redirector object. If the value is higher than 20 during sustained periods of time then you could have a bottleneck. Server Work Queues The Server Work Queues object should be monitored on the File server. You should monitor the "Available WorkItems" counter. Sustained values smaller than ten mean that the File server is running out of work items. When it does, performance really starts to plummet. Make sure this doesn't happen by upping the MinFreeworkItems value. Server In this object there's a counter called "Work Item Shortages". This value represents the number of times no work items were available or couldn't be allocated to service a file request. Obviously if you see any other value than zero, you need to start worrying. Upping the InitWorkItems or MaxWorkItems could help out here. Again, there's so much more you
Read more