***
< [Home](https://github.com/SeanOhAileasa) | [README](https://github.com/SeanOhAileasa/syp-architecture-and-design/blob/main/README.md) >

## CompTIA Security+ - Course Material 2022
###### Topic: ``Network Redundancy``
***

Course material for the ``CompTIA Security+`` module of the ``ICT Associate Apprenticeship (Cybersecurity)`` programme.

<a id="top"></a>
***
## Table of Contents
***

### [Network Redundancy](#a) <br/><br/>

- [Load Balancing](#b) <br/><br/>
- [NIC Teaming](#c) <br/><br/>
    - [Load Balancing / Fail Over](#c) <br/><br/>
        - [``LBFO``](#c) <br/><br/>
            - [Port Aggregation](#d) <br/><br/>
                - [Redundancy](#e) 
<hr width=50%;>

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="a"></a>
***
### Network Redundancy
***

< [Table of Contents](#top) | [References](#references) >
<a id="b"></a>
***
###### Load Balancing
***

One of the easiest ways to maintain uptime and availability on the network is to include a ``Load Balancer`` (``Virtual IP``) as part of the network infrastructure. As its name implies, is going to balance the load between multiple servers so that one person will access the load balancer, and then the load balancer will decide what server is able to provide that particular service. 

Will commonly have multiple servers on a load balancer that are active (``Server A`` and ``Server B``), which means if anybody is making requests to the load balancer, those servers will be available and provide a response to those requests.

There might also be other servers connected on this load balancer that are up and running and ready to go into action but are currently in a standby mode (``Server C`` and ``Server D``), and the load balancer will not send any of the traffic to those standby servers. 

![image.png](attachment:image.png)

The load balancer is always sending hello messages and checking in with those servers that are active - if any of those active servers suddenly don’t respond back to these health checks, then the load balancer makes a decision to disable the connection to that server and perhaps use a standby server as a replacement.

A user on the internet that is accessing these servers when hitting the ``Virtual IP`` address on this load balancer, the load balancer then determines that ``Server A`` is available, and it sends the traffic to ``Server A``. 

Most load balancers will also remember which servers were being used by a user, so if this request comes from the same user, the load balancer will remember that this user was using ``Server A``, and it will send that traffic to the ``Server A`` device.

![image.png](attachment:image.png)

Of course, there may be times when server A becomes unavailable - this might be because of a hardware failure, there might be a power supply that goes out, or the software that’s running on the server suddenly crashes and is no longer able to provide the service. In that case, the load balancer will recognize that that server has failed, and it will put that server into an offline mode. 

![image.png](attachment:image.png)

Since this load balancer also has standby servers, it can enable one of those standby servers to be online and available, and any future requests from devices on the internet will use the new server instead of going to the one that’s currently unavailable.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="c"></a>
***
###### NIC Teaming - Load Balancing / Fail Over - ``LBFO``
***

Even if you don’t have a load balancer, you can still provide redundancy to a server using multiple ``Network Interface Cards`` on that device - refer to this as ``NIC teaming`` - might also see this referred to as ``Load Balancing Fail Over`` (``LBFO``).

This allows us to plug in and use these multiple connections to a server, but instead of having a primary connection and a standby connection, we can use both of those connections simultaneously and aggregate the bandwidth between both of them. 

This provides us with increased throughput, and it also provides us with a way to have redundant paths should one of those connections fail.

On the server, this is usually configured by installing multiple network interface cards on the server, and in the server operating system, those cards are bound together to look as if they are one single interface. Will also configure the switch side of this to be able to interpret any of the traffic going to and from those connections as something that’s being ``NIC Teamed`` in the server. 

Just as we had a load balancer that sent hello messages to make sure that it would get a response back from those network interfaces, we also have the same functionality within the server. The server is going to have the network interface cards talk to each other, usually over a ``Multicast`` connection. 

Those ``Multicast`` hello messages will go out periodically, and the other interface cards on that server will listen and respond to those hello messages.

If for some reason a network connection becomes unavailable, perhaps a switch has failed or someone accidentally unplugs a cable, that hello message will not get a response from the interface card that’s been disconnected. 

 The server will recognize that that card is no longer talking on the network - it will administratively turn it off and use the other available network interface cards to provide the redundancy and the connectivity for all of the users.

![image.png](attachment:image.png)

< [Table of Contents](#top) | [References](#references) >
<a id="d"></a>
***
###### NIC Teaming - Load Balancing / Fail Over - ``LBFO`` - Port Aggregation
***

An example of using this ``Port Aggregation`` where we have a server that has two network interface cards, and both of those network interface cards are going to connect to a switch.

Will configure inside the server ``Port Aggregation`` across both of those interfaces, and also configure the switch for ``Port Aggregation`` so that both sides of this connection recognize and understand that this is one single logical connection rather than connecting two physical separate interfaces.

![image.png](attachment:image.png)

This allows multiple users to send traffic through the network and to have a higher bandwidth and throughput between the server and that last switch.

But as you can see from this diagram, there are some places where losing a switch could lose connectivity to the server, for example, there’s a single switch that both of these connections are plugged into, and if that switch fails, then we lose connectivity to the entire server. 

< [Table of Contents](#top) | [References](#references) >
<a id="e"></a>
***
###### NIC Teaming - Load Balancing / Fail Over - ``LBFO`` - Port Aggregation - Redundancy
***

To provide another level of redundancy, we can configure the connections to go to different switches - will still have the same two network interface cards in the server, but instead of plugging both of those into the same physical switch, we’ll separate them into different switches. 

That way, if we lose either one of these switches due to a hardware problem or a connectivity issue with the cables, we’ll have a separate path that can be used for all of our users to maintain the connectivity to that server.

![image.png](attachment:image.png)

***
## END

< [Table of Contents](#top) >
<a id="references"></a>
***
## References
***

J. "Professor" Messer, "CompTIA Security+ (SY0-601) Course Notes," [professormesser.com](https://web.archive.org/web/20220521181010/https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/), September 2021.

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="appendix"></a>
***
## Appendix
***

***
## END

In [1]:
from IPython.core.display import display,HTML
display(HTML("<style>.container { width:100% !important; }</style>"))

  from IPython.core.display import display,HTML


# END JUPYTER NOTEBOOK