Technical Interview Questions and answer Networking Defined OSI model?
? The 'Open Systems Interconnection Basic Reference Model' (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design. It was developed as part of the Open Systems Interconnection (OSI) initiative. In its most basic form, it divides network architecture into seven layers which, from top to bottom, are the Application, Presentation, Session, Transport, Network, Data-Link, and Physical Layers. It is therefore often referred to as the OSI Seven Layer Model. 1 The Physical Layer defines the electrical and physical specifications for devices. In particular, it defines the relationship between a device and a physical medium. This includes the layout of pins, voltages, cable specifications, Hubs, repeaters, network adapters and more. 2. The Data Link Layer provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the Physical Layer. 3. The Network Layer provides the functional and procedural means of transferring variable length data sequences from a source to a destination via one or more networks. to performs network routing functions, and might also perform fragmentation and reassembly, and report delivery errors. Routers operate at this layersending data throughout the extended network and making the Internet possible. 4. The Transport Layer provides transparent transfer of data between end users, providing reliable data transfer services to the upper layers. The Transport Layer controls the reliability of a given link through flow control, segmentation/de-segmentation, and error control. Layer 4 protocol is the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). 5 The Session Layer Controls the dialogues/connections (sessions) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full- duplex, half-duplex or simplex operation, and establishes checkpointing, adjournment, termination, and restart procedures. 6. The Presentation Layer establishes a context between Application Layer entities, in which the higher-layer entities can use different syntax and semantics, as long as the Presentation Service understands both and the mapping between them. The presentation service data units are then encapsulated into Session Protocol Data Units, and moved down the stack. 7. The application layer is the OSI layer closest to the end user, which means that both the OSI application layer and the user interact directly with the software application. This layer interacts with software applications that implement a communicating component. Application layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication. Application layer protocols Telnet, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP). What is TCP/IP and Explain some TCP /IP Protocol? What is TCP/IP? TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP. TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination. Each gateway computer on the network checks this address to see where to forward the message. Even though some packets from the same message are routed differently than others, they'll be reassembled at the destination.
TCP/IP uses the client/server model of communication in which a computer user (a client) requests and is provided a service (such as sending a Web page) by another computer (a server) in the network. TCP/IP communication is primarily point-to-point, meaning each communication is from one point (or host computer) in the network to another point or host computer. TCP/IP and the higher-level applications that use it are collectively said to be "stateless" because each client request is considered a new request unrelated to any previous one (unlike ordinary phone conversations that require a dedicated connection for the call duration). Being stateless frees network paths so that everyone can use them continuously. (Note that the TCP layer itself is not stateless as far as any one message is concerned. Its connection remains in place until all packets in a message have been received.) Many Internet users are familiar with the even higher layer application protocols that use TCP/IP to get to the Internet. These include the World Wide Web's Hypertext Transfer Protocol (HTTP), the File Transfer Protocol (FTP), Telnet (Telnet) which lets you logon to remote computers, and the Simple Mail Transfer Protocol (SMTP). These and other protocols are often packaged together with TCP/IP as a "suite." Personal computer users with an analog phone modem connection to the Internet usually get to the Internet through the Serial Line Internet Protocol (SLIP) or the Point-to-Point Protocol (PPP). These protocols encapsulate the IP packets so that they can be sent over the dial-up phone connection to an access provider's modem. What is an IP address? Every device connected to the public Internet is assigned a unique number known as an Internet Protocol (IP) address. IP addresses consist of four numbers separated by periods (also called a 'dotted-quad') and look something like 127.0.0.1.In computer networking, an Internet Protocol (IP) address consists of a numerical identification (logical address) that network management assigns to devices participating in a computer network utilizing the Internet Protocol for communication between its nodes. Although computers store IP addresses as binary numbers, they often display them in more human-readable notations, such as 192.168.100.1 (for IPv4), and 2001:db8:0:1234:0:567:1:1 (for IPv6). The role of the IP address has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there." What is a subnet? A sub network, or subnet, is a portion of the network's computers and network devices that have a common, designated IP address routing prefix (cf. Classless Inter-Domain Routing, CIDR). What is subnet Mask? A subnet (short for "sub network") is an identifiably separate part of an organization's network. Typically, a subnet may represent all the machines at one geographic location, in one building, or on the same local area network (LAN). Having an organization's network divided into subnets allows it to be connected to the Internet with a single shared network address. Without subnets, an organization could get multiple connections to the Internet, one for each of its physically separate sub networks, but this would require an unnecessary use of the limited number of network numbers the Internet has to assign. It would also require that Internet routing tables on gateways outside the organization would need to know about and have to manage routing that could and should be handled within an organization. What is ARP? What is ARP Cache Poisoning? Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network. For example, in IP Version 4, the most common level of IP in use today, an address is 32 bits long. In an Ethernet local area network, however, addresses for attached devices are 48 bits long. (The physical machine address is also known as a Media Access Control or MAC address.) A table, usually called the ARP cache, is used to maintain a correlation between each MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. How ARP Works? When an incoming packet destined for a host machine on a particular local area network arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC address that matches the IP address. The ARP program looks in the ARP cache and, if it finds the address, provides it so that the packet can be converted to the right packet length and format and sent to the
machine. If no entry is found for the IP address, ARP broadcasts a request packet in a special format to all the machines on the LAN to see if one machine knows that it has that IP address associated with it. A machine that recognizes the IP address as its own returns a reply so indicating. ARP updates the ARP cache for future reference and then sends the packet to the MAC address that replied. RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway servers Address Resolution Protocol (ARP) table or cache. A network administrator creates a table in a local area network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use. What is a default gateway? What happens if I don't have one? A gateway is a routing device that knows how to pass traffic between different subnets and networks. A computer will know some routes (a route is the address of each node a packet must go through on the Internet to reach a specific destination), but not the routes to every address on the Internet. It won't even know all the routes on the nearest subnets. A gateway will not have this information either, but will at least know the addresses of other gateways it can hand the traffic off to. Your default gateway is on the same subnet as your computer, and is the gateway your computer relies on when it doesn't know how to route traffic. The default gateway is typically very similar to your IP address, in that many of the numbers may be the same. However, the default gateway is not your IP address. To see what default gateway you are using, follow the steps below for your operating system. What is APIPA? Windows 98, 98 SE, Me, and 2000 have an Automatic Private IP Addressing (APIPA) feature that will automatically assign an Internet Protocol address to a computer on which it installed. This occurs when the TCP/IP protocol is installed, set to obtain its IP address automatically from a Dynamic Host Configuration Protocol server, and when there is no DHCP server present or the DHCP server is not available. The Internet Assigned Numbers Authority (IANA) has reserved private IP addresses in the range of 169.254.0.0 -169.254.255.255 for Automatic Private IP Addressing. What are router interfaces? What types can they be? The interfaces on a router provide network connectivity to the router. The console and auxiliary ports are used for managing the router. Routers also have ports for LAN and WAN connectivity. The AUI port is used to provide LAN connectivity The LAN interfaces usually include Ethernet, Fast Ethernet, Fiber Distributed Data Interface (FDDI), or Token Ring. Some higher-end routers have separate interfaces for ATM (Asynchronous Transfer Mode) as well Synchronous and Asynchronous serial interfaces are used for WAN connectivity. ISDN (Integrated Services Digital Network) interfaces are used to provide the ISDN connectivity. Using ISDN, you can transmit both voice and data. Bas Topology Ethernet is one of the earliest LAN technologies. An Ethernet LAN typically uses special grades of twisted pair cabling. Ethernet networks can also use coaxial cable, but this cable medium is becoming less common. The most commonly installed Ethernet systems are called 10BaseT. The router provides the interfaces for twisted pair cables. A converter can be attached to the AUI port of a router to connect to a 10base2, 10baseT, or 10base5 LAN interface. Ethernet and Token Ring use MAC addressing (physical addressing). The Ethernet interfaces on the router are E0, E1, E2, and so on. E stands for Ethernet, and the number that follows represent s the port number. These interfaces provide connectivity to an Ethernet LAN. In a non-modular Cisco router, the Ethernet ports are named as above, but in modular routers they are named as E0/1, where E stands for Ethernet, 0 stands for slot number, and 1 stands for port number in that slot. Token Ring Topology Token Ring is the second most widely used LAN technology after Ethernet, where all computers are connected in a logical ring topology. Physically, each host attaches to an MSAU (Multistation Access Unit) in a star configuration. MSAUs can be chained
together to maintain the logical ring topology. An empty frame called a token is passed around the network. A device on the network can transmit data only when the empty token reaches the device. This eliminates collisions on a Token Ring network. Token Ring uses MAC addresses just like any other LAN technology. The Token Ring interfaces on a non-modular router are To0, To1, and To2 and so on. To stands for Token Ring and the number following To signifies the port number. In a modular router, To will be followed by the slot number/port number FDDI Fiber Distributed Data Interface (FDDI) is a LAN technology that uses fiber optic cable. FDDI is a ring topology that uses fourbit symbols rather than eight-bit octets in its frames. The 48-bit MAC addresses have 12 four-bit symbols for FDDI. FDDI is very fast and provides a data transfer rate of 100 Mbps and uses a token-passing mechanism to prevent collisions. FDDI uses two rings with their tokens moving in opposite directions to provide redundancy to the network. Usually only one ring is active at a given time. If one ring breaks, the other ring is used and the network does not experience downtime. FDDI interfaces on a non-modular Cisco router are F0, F1, and F2 and so on. F stands for FDDI and the number following F signifies the port number. In a modular router, a slot number/port number will follow F. ISDN Integrated Services Digital Network (ISDN) is a set of ITU-T (Telecommunication Standardization Sector of the International Telecommunications Union) standards for digital transmission over ordinary telephone copper wire as well as over other media. ISDN provides the integration of both analog or voice data together with digital data over the same network. ISDN has two levels of service: Basic Rate Interface (BRI) Primary Rate Interface (PRI) How do I know the path that a packet takes to the destination? Use "tracert" command-line utility. What is DHCP? What are the benefits and drawbacks of using it? DHCP is Dynamic Host Configuration Protocol. In a networked environment it is a method to assign an address to a computer when it boots up. With a DHCP server installed and configured on your network, DHCP-enabled clients can obtain their IP address and related configuration parameters dynamically each time they start and join your network. DHCP servers provide this configuration in the form of an address- lease offer to requesting clients. The lease defines the length of time for which the assigned IP address can be used. Benefit: A system administrator need not worry about computers being able to access network 1. Safe and reliable configuration: DHCP avoids configuration errors caused by the need to manually type in values at each computer. Also, DHCP helps prevent address conflicts caused by a previously assigned IP address being reused to configure a new computer on the network. Reduces configuration management : Using DHCP servers can greatly decrease time spent configuring and reconfiguring computers on your network. Servers can be configured to supply a full range of additional configuration values when assigning address leases. These values are assigned using DHCP options. Also, the DHCP lease renewal process helps assure that where client configurations need to be updated often (such as users with mobile or portable computers who change locations frequently), these changes can be made efficiently and automatically by clients communicating directly with DHCP servers.
2.
Describe the steps taken by the client and DHCP server in order to obtain an IP address. ? DHCP uses a client-server model.
What ports are used by DHCP and the DHCP clients? Requests are on UDP port 68, Server replies on UDP 67
How to authorize a DHCP server in Active Directory? Open DHCP - > In the console tree, click DHCP - > On the Action menu, click Manage authorized servers - > Click Authorize. When prompted, type the name or IP address of the DHCP server to be authorized and then click OK. What is the BOOTP protocol used for, where might you find it in Windows network infrastructure? In computing, Bootstrap Protocol, or BOOTP, is a UDP network protocol used by a network client to obtain its IP address automatically. This is usually done during the bootstrap process when a computer is starting up. The BOOTP servers assign the IP address to each client from a pool of addresses. We can find, Bootstrap Protocol in DHCP Pool configuration in CSCO Switchers and Router. DNS (Domain Name System/ Server): Answer, but it can also point to multiple IP addresses for load balancing, or for backup servers if one or more is offline or not accepting connections. Individual organizations may have their own DNS servers for their local Intranet. Some sites have their own DNS server to switch between sub domains within them. For example, a site such as BlogSpot can have sub domains come and go quite frequently. Rather than force every DNS server to update their own databases whenever someone creates a new blog, BlogSpot could maintain their own DNS server to resolve names within the blogspot.com domain, e.g., to distinguish between myblog.blogspot.com and yourblog.blogspot.com ... their DNS server would be queried once blogspot.com is resolved, and it would be responsible for resolving my blog vs. your blog. The following are the three main components of DNS: Domain name space and associated resource records (RRs) A distributed database of name-related information. DNS Name Servers that hold the domain name space and RRs, and that answer queries from DNS clients. DNS Resolvers The facility within a DNS client that contacts DNS name servers and issues name queries to obtain resource record information.
DNS Zones A DNS server that has complete information for part of the DNS name space is said to be the authority for that part of the name space. This authoritative information is organized into units called zones, which are the main units of replication in DNS. A zone contains one or more RRs for one or more related DNS domains. The following are the three DNS zone types : Standard Primary Holds the master copy of a zone and can replicate it to secondary zones. All changes to a zone are made on the standard primary. Standard Secondary Contains a read-only copy of zone information that can provide increased performance and resilience. Information in a primary zone is replicated to the secondary by use of the zone transfer mechanism. Active Directory-integrated A Microsoft proprietary zone type, where the zone information is held in the Windows 2000 Active Directory (AD) and replicated using AD replication. What Are Resource Records? An RR is information related to a DNS domain; for example, the host record defining a host IP address. Each RR will contain a common set of information, as follows: Owner Indicates the DNS domain in which the resource record is found.
TTL The length of time used by other DNS servers to determine how long to cache information for a record before discarding it. For most RRs, this field is optional. The TTL value is measured in seconds, with a TTL value of 0 indicating that the RR contains volatile data that's not to be cached. As an example, SOA records have a default TTL of 1 hour. This prevents these records from being cached by other DNS servers for a longer period, which would delay the propagation of changes. Class For most RRs, this field is optional. Where it's used, it contains standard mnemonic text indicating the class of an RR. For example, a class setting of IN indicates the record belongs to the Internet (IN) class. At one time there were multiple classes (such as CH for Chaos Net), but today, only the IN class is used. Type this required field holds a standard mnemonic text indicating the type for an RR. For example, a mnemonic of A indicates that the RR stores host addresses information. Record-Specific Data This is a variable-length field information's format varies according to the type and class of the RR. What are the requirements from DNS to support AD? When you install Active Directory on a member server, the member server is promoted to a domain controller. Active Directory uses DNS as the location mechanism for domain controllers, enabling computers on the network to obtain IP addresses of domain controllers. During the installation of Active Directory, the service (SRV) and address (A) resource records are dynamically registered in DNS, which are necessary for the successful functionality of the domain controller locator (Locator) mechanism. To find domain controllers in a domain or forest, a client queries DNS for the SRV and A DNS resource records of the domain controller, which provide the client with the names and IP addresses of the domain controllers. In this context, the SRV and A resource records are referred to as Locator DNS resource records. When adding a domain controller to a forest, you are updating a DNS zone hosted on a DNS server with the Locator DNS resource records and identifying the domain controller. For this reason, the DNS zone must allow dynamic updates (RFC 2136) and the DNS server hosting that zone must support the SRV resource records (RFC 2782) to advertise the Active Directory directory service. How do you manually create SRV records in DNS? This is on windows server Go to run ---> dnsmgmt.msc Right click on the zone you want to add srv record to and choose "other new record" and choose service location (srv)..... Understanding stub zones ? A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces. A stub zone consists of: containing information describing the resource. This
The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone. The IP address of one or more master servers that can be used to update the stub zone. The master servers for a stub zone are one or more DNS servers authoritative for the child zone, usually the DNS server hosting the primary zone for the delegated domain name.
Use stub zones to: Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the DNS server hosting both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone. Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers without needing to query the Internet or internal root server for the DNS namespace. Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not serve the same purpose as secondary zones and are not an alternative when considering redundancy and load sharing. There are two lists of DNS servers involved in the loading and maintenance of a stub zone: The list of master servers from which the DNS server loads and updates a stub zone. A master server may be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS servers for the zone. The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records. When a DNS server loads a stub zone, such as widgets.example.com, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets.example.com. The list of master servers may contain a single server or multiple servers and can be changed anytime. For more information, see Configure a stub zone for local master servers. How do I clear the DNS cache on the DNS server? To clear DNS Cache does the following: 1. Start 2. Run 3. Type "cmd" and press enter 4. In the command window type "ipconfig /flushdns" 5. If done correctly it should say "Successfully flushed the DNS Resolver Cache." What is WINS and when do we use it? Microsoft Windows Internet Name Service (WINS) is an RFC-compliant NetBIOS name- to- IP-address mapping service. WINS allows Windows-based clients to easily locate resources on Transmission Control Protocol/Internet Protocol (TCP/IP) networks. WINS servers maintain databases of static and dynamic resource nameto-IP-address mappings. Because the Microsoft WINS database supports dynamic name and IP address entries, WINS can be used with Dynamic Host Configuration Protocol (DHCP) services to provide easy configuration and administration of Windows-based TCP/IP networks. WINS servers provide the following benefits: Dynamic database that supports NetBIOS computer name registration and name resolution in an environment where the dynamic TCP/IP configuration of DHCP-enabled clients is dynamically configured for TCP/IP. Centralized management of the NetBIOS computer name database and its replication to other WINS servers. Reduction of NetBIOS name query IP broadcast traffic. Support for Windows-based clients (including Windows NT Server, Windows NT Workstation, Windows 95, Windows for Workgroups, and LAN Manager 2.x). Support for transparent browsing across routers for Windows NT Server, Windows NT Workstation, Windows 95, and Windows for Workgroups clients.
To the WINS server. The WINS server returns the destination computer's IP address to the original computer without the need for broadcast traffic. The second reason for using WINS is that it's dynamic. As computers attach to and detach from the network, the WINS databases are updated automatically. This means that you don't have to create a static LMHOST file that the computers can read to determine IP addresses. What is the 224.0.1.24 address used for? WINS server group address. Used to support auto discovery and dynamic configuration of replication for WINS servers.
What are the differences between Windows Clustering, Network Load Balancing and Round Robin, and scenarios for each use? Cluster technologies are becoming increasingly important to ensure service offerings meet the requirements of the enterprise. Windows 2000 and Windows Server 2003 support three cluster technologies to provide high availability, reliability and scalability. These technologies are: NLB, CLB and Server cluster. These technologies have a specific purpose and are designed to meet different requirements. Server cluster provides failover support for applications and services that require high availability, scalability and reliability, and is ideally suited for back-end applications and services, such as database servers. Server cluster can use various combinations of active and passive nodes to provide failover support for mission critical applications and services. NLB provides failover support for IP-based applications and services that require high scalability and availability, and is ideally suited for Web tier and front-end Services. NLB clusters can use multiple adapters and different broadcast methods to assist in the load balancing of TCP, UDP and GRE traffic requests. Component Load Balancing provides dynamic load balancing of middle-tier application components that use COM+ and is ideally suited for application servers. CLB clusters use two clusters. The routing cluster can be configured as a routing list on the front-end Web servers or as separate servers that run Server cluster. Round robin is a local balancing mechanism used by DNS servers to share and distribute network resource loads. You can use it to rotate all resource record (RR) types contained in a query answer if multiple RRs are found. By default, DNS uses round robin to rotate the order of RR data returned in query answers where multiple RRs of the same type exist for a queried DNS domain name. This feature provides a simple method for load balancing client use of Web servers and other frequently queried multihued computers. If round robin is disabled for a DNS server, the order of the response for these queries is based on a static ordering of RRs in the answer list as they are stored in the zone (either its zone file or Active Directory).
What is NAT? Network Address Translation, is a widely used IP translation and mapping protocol that works on the network layer (level 3) of the OSI model. It is sometimes referred to as a routing protocol because of the way it allows packets from a private network to be routed to the Internet NAT acts as a middle man between the internal and external network; packets coming from the private network are handled by NAT and then transferred to their intended destination. A single external address is used on the Internet so that the internal IP addresses are not shown. A table is created on the router that lists local and global addresses and uses it as a reference when translating IP addresses. NAT can work in several ways: Static NAT An unregistered IP address is mapped to a registered IP address on a one-to-one basis - which is useful when a device needs to be accessed from outside the network. Dynamic NAT
An unregistered IP address is mapped to a registered IP address from a group of registered IP addresses. For example, a computer 192.168.10.121 will translate to the first available IP in a range from 212.156.98.100 to 212.156.98.150. Overloading A form of dynamic NAT, it maps multiple unregistered IP addresses to a single registered IP address, but in this case uses different ports. For example, IP address 192.168.10.121 will be mapped to 212.56.128.122:port_number (212.56.128.122:1080). Overlapping This when addresses in the inside network overlap with addresses in the outside network the IP addresses are registered on another network too. The router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses. How NAT works A table of information about each packet that passes through is maintained by NAT. When a computer on the network attempts to connect to a website on the Internet: The header of the source IP address is changed and replaced with the IP address of the NAT computer on the way out the "destination" IP address is changed (based on the records in the table) back to the specific internal private class IP address in order to reach the computer on the local network on the way back in Network Address Translation can be used as a basic firewall the administrator is able to filter out packets to/from certain IP addresses and allow/disallow access to specified ports. It is also a means of saving IP addresses by having one IP address represent a group of computers.