Community ForumCommunity Wiki * Blog Home  * Log in
« »

Networking Appliances Explained

posted in Education, Training
by on January 5th, 2012 tags: , ,


If you’re new in the networking field and are faced with a complex network design, or are asked to design one, it can be a difficult task understanding what everything does. The certifications don’t cover it all: there’s so much more to networking than just routers and switches.

Therefor: an explanation about various appliances you’ll likely meet or need in a company. An appliance is a device that performs a specific purpose. Most simple example is a router: it’s actually a computer, but it can only provide routing. Here’s a list of other common devices:

Appliances

A (stateful) firewall: a device that protects your network. It’s main purpose is to keep track of conversations between devices (often based on layer 4 TCP and UDP ports) and to filter out unwanted packets. I mention stateful because it keeps track of all connection states to make decisions. A stateless firewall just uses access lists to filter traffic.

An IDS or Intrusion Detection System. Scans traffic for signatures that may indicate malicious behavior, and sends out alerts when these are detected.

An IPS or Intrusion Prevention System. Like an IDS, it scans traffic for signatures, but it drops any suspicious traffic instead. Note that this doesn’t render an IDS useless: an IDS may be used to gather evidence, alert an IPS, check if the IPS still works, or give orders to other devices to change behavior based on incoming signatures.

A load balancer: this device forwards requests to a pool of servers to balance the load, e.g. a website receives 60,000 page views an hour but a server can only handle up to 25,000. Using a load balancer to spread the requests over three servers will solve the problem. A modern load balancer can have different load-balancing methods, adapt in case one of the servers goes down, and filter out malformed requests.

A VPN endpoint is a device that terminates VPN tunnels. It can be used as a dedicated device to control all VPN sessions from teleworkers, or to control all site-to-site VPNs between the main office and branch offices. Sometimes contains specialized circuits to perform encryption, which would take a high CPU load otherwise.

A WLC or Wireless LAN Controller is a device that controls a group of LAPs, or Lightweight Access Points. It makes sure they are configured the right way, use the right channel and SSIDs, and allows roaming between them.

A SSL offloading device takes care of encrypting and decrypting SSL sessions, usually for https-websites. This way, the webserver(s) needs less CPU and can accept more requests, and the decrypted https session can also be checked with an IPS for malicious traffic inside the session, as encrypted traffic normally can’t be checked.

A RADIUS or Remote Authentication Dial In User Server is a server that checks if a user is permitted  to a certain resource. That resource can be anything: switches and access points can forward 802.1x authentication requests from computers that want to connect, various devices can forward Telnet or SSH logins to check if they’re allowed, and so on.

A proxy server is a server that caches (and often also firewalls) web content. It can speed up browsing through caching or increase security by filtering or hiding the client computers from the outside world.

A WAN accelerator is a device that translates data to signatures/hashes which are smaller, to send over a slow WAN link to another accelerator, which will translate the signature/hash back to the original data. Usually these devices have an internal hard drive to store data and signatures and adapt to traffic patterns. Basically they ‘zip data on the fly’.

Comments

A thread has been created on the site forum specifically for commenting on this blog post.