Glossary
0–9
802.1p See IEEE 802.1p.
A
abstraction layer A virtualization layer that hides the technical implementation details of a system, allowing us to focus on the function of the layer.
access attack A network attack that exploits known vulnerabilities in authentication services, FTP services, and web services. The purpose of this type of attack is to gain entry to web accounts, confidential databases, and other sensitive information.
access control entry (ACE) A single line in an ACL. ACEs are also commonly called ACL statements. When network traffic passes through an interface configured with an ACL, the router compares the information within the packet against each ACE, in sequential order, to determine if the packet matches one of the ACEs.
access control list (ACL) A series of IOS commands that controls whether a router forwards or drops packets, based on information found in the packet header.
access layer A tier in the two- and three-layer hierarchical network design model in which devices connect to the network and that includes services such as power to network endpoints.
address spoofing attack An attack in which a threat actor uses the IP address or MAC address of another host to impersonate that host.
adjacency table A table in a router that contains a list of the relationships formed between selected neighboring routers and end nodes for the purpose of exchanging routing information. Adjacency is based on the use of a common media segment.
adjacency database The database that is used to create an OSPF neighbor table.
Advanced Encryption Standard (AES) A very secure and commonly used symmetric encryption algorithm. It provides stronger security than DES and is computationally more efficient than 3DES. Compare with Data Encryption Standard, Triple DES, and Software-Optimized Encryption Algorithm.
Amazon Web Services (AWS) An Amazon company that provides on-demand cloud computing platforms to clients for a fee.
amplification and reflection attack An attack in which a threat actor attempts to prevent legitimate users from accessing information or services by using DoS and DDoS attacks. The threat actor forwards spoofed ICMP echo request messages to many hosts, which all reply to the spoofed IP address of the victim to overwhelm it.
Ansible An agentless configuration management tool built on Python that is used to create a set of instructions called a playbook. Compare with Chef, Puppet, and SaltStack.
Application Network Profile (ANP) A core component of Cisco ACI architecture, which is a collection of EPGs, their connections, and the policies that define those connections.
Application Policy Infrastructure Controller (APIC) Considered to be the brains of the Cisco ACI, a centralized software controller that manages and operates a scalable and clustered ACI fabric. It is designed for programmability and centralized management and translates application policies into network programming.
application programming interface (API) A special subroutine used by an application to communicate with the operating system or some other control program. APIs use special function calls to provide the linkage to the required subroutine for execution. Open and standardized APIs are used to ensure the portability of the application code and vendor independence.
application-specific-integrated circuit (ASIC) Electronics added to a switch that allowed it to have more ports without degrading performance.
area In OSPF, part of a routing domain created to help control routing update traffic.
area border router (ABR) In OSPF, a router that connects one or more non-backbone areas to the backbone. ABRs are the routers interconnecting the areas in a multiarea OSPF network.
ARP cache poisoning A type of man-in-the-middle attack that can be used to intercept, alter, or even stop network traffic. The threat actor creates spoofed ARP messages to make legitimate hosts send frames to them.
array A data structure that contains a group of similar elements (for example, integer, string) that is used in an application to organize data to simplify sorting or searching.
asset Anything of value to an organization, including people, equipment, resources, and data (which is usually the most valuable asset).
assured forwarding (AF) A category of DSCP values consisting of four classes to provide different levels of forwarding assurances. Compare with best-effort (BE) and expedited forwarding (EF).
asymmetric DSL (ADSL) A type of DSL service used to connect home users and SOHO sites to ISPs. ADSL supports higher downstream speeds and slower upstream speeds. Compare with symmetric DSL (SDSL).
asymmetric encryption algorithm Also called a public-key algorithm, an algorithm that uses a public key and a private key. These algorithms are substantially slower than symmetric algorithms.
Asynchronous Transfer Mode (ATM) A legacy international standard for cell relay in which multiple service types (such as voice, video, or data) are conveyed in fixed-length (53-byte) cells. Fixed-length cells allow cell processing to occur in hardware, thereby reducing transit delays.
attenuation The gradual loss in signal intensity that occurs while transmitting analog or digital signals over long distances, such as when a UTP cable exceeds the design limit of 100 meters.
Authentication Header (AH) An IPsec packet encapsulation method that provides connectionless data integrity and data origin authentication for IP packets. It does not provide confidentiality as ESP does. Compare with Encapsulation Security Protocol (ESP).
authoritative time source A high-precision timekeeping device assumed to be accurate and with little or no delay associated with it. Also referred to as a stratum 0 device.
automation Any process that is self-driven and that reduces and potentially eliminates the need for human intervention.
autonomous system boundary router (ASBR) In OSPF, a router that exchanges routes between OSPF and another routing domain through route redistribution. Routes are injected into OSPF from an ASBR. An ASBR communicates the OSPF routes into another routing domain. The ASBR runs OSPF and another routing protocol.
availability A measure of the probability that a network is available for use when it is required.
B
backbone area In OSPFv2 and OSPFv3, the special area in a multiarea design where all nonbackbone areas connect. Also known as area 0. In any OSPF network design, there must be at least one area. Traditionally, this area is numbered 0. In single-area OSPF, the lone area is area 0. In multiarea OSPF, area 0 forms the core of the network, and all other areas attach to the backbone area to facilitate interarea communication.
backbone network A large, high-capacity network used to interconnect large Tier 1 service provider networks and to create a redundant network.
backbone router In OSPF, a router that is configured to participate in area 0, or the backbone area. A backbone router can also be an ABR or ASBR.
backhaul network A service provider network connecting multiple access nodes over municipalities, countries, and regions. Backhaul networks are also connected to internet service providers and to the backbone network.
backup designated router (BDR) In OSPF, a backup to the DR in case the DR fails. The BDR is the OSPF router with the second-highest priority at the time of the last DR election.
baseline A reference used to establish normal network or system performance by collecting performance data from the ports and devices that are essential to network operation.
baselining tool A tool that is used to help establish and measure a network’s behavior.
Best Effort (BE) A category of DSCP values with a value of 0. When a router experiences congestion, these packets are dropped. No QoS plan is implemented. Compare with expedited forwarding (EF) and assured forwarding (AF).
best-effort model The default model when QoS is not explicitly configured. Compare with Integrated Services (IntServ) and Differentiated Services (DiffServ).
black hat hacker An unethical threat actor who compromises computer and network security vulnerabilities. The goal is usually financial gain or personal gain, though this type of hacker may simply have malicious intent.
blacklisting A process in which a firewall or security appliance (for example, IPS, ESA, WSA) is configured with access control rules to deny traffic to and from specific IP addresses.
botnet A network of infected zombies (that is, hosts) controlled by a threat actor using a CnC system.
bottom-up troubleshooting A troubleshooting method that starts with the physical components of the network and moves up through the layers of the OSI model until the cause of the problem is found. Bottom-up troubleshooting is a good approach to use when you suspect a physical problem. Compare with top-down troubleshooting and divide-and-conquer troubleshooting.
branch router A router platform that optimizes branch services while delivering an optimal application experience across branch and WAN infrastructures. Compare with network edge router and service provider router.
broadband Generic term that generally refers to DSL and cable internet technology.
broadband modem A digital modem used with DSL or cable internet service broadband communications.
broadband service Technology that provides internet access using broadband connections. Broadband service technologies include DSL, cable, and satellite access.
broadcast multiaccess A type of network configuration in which multiple routers are interconnected over an Ethernet network.
building switch block A design that deploys routers or multilayer switches in pairs, with access layer switches evenly divided between them. Each switch block operates independently of the others, so a failure of a single device does not cause the network to go down. As a result, the failure of a single device or switch block does not significantly affect end users. See also departmental switch block.
C
cable analyzer A multifunctional handheld device that is used to test and certify copper and fiber cables for different services and standards. More sophisticated tools include advanced troubleshooting diagnostics that measure distance to performance defect (NEXT, RL), identify corrective actions, and graphically display crosstalk and impedance behavior.
cable modem (CM) A device located at the customer premises that is used to convert an Ethernet signal from the user device to broadband cable frequencies transmitted to the headend.
cable modem termination system (CMTS) A component that exchanges digital signals with cable modems on a cable network. A headend CMTS communicates with cable modems that are located in subscribers’ homes.
cable tester A specialized handheld device designed to test the various types of data communication cabling. Cabling testers can be used to detect broken wires, crossed-over wiring, shorted connections, and improperly paired connections.
campus LAN switch Distribution, access, or compact switches that may be anywhere from a fanless switch with eight fixed ports to a 13-blade switch supporting hundreds of ports. Campus LAN switch platforms include the Cisco 2960, 3560, 3650, 3850, 4500, 6500, and 6800 Series. Compare with cloud-managed switch, data center switch, service provider switch, and virtual networking switch.
carrier protocol A term used in GRE to describe the protocol (for example, GRE) that encapsulates the passenger protocol. Compare with passenger protocol and transport protocol.
central office (CO) A local telephone company office to which all local loops in a given area connect and in which circuit switching of subscriber lines occurs.
Chef An agent-based configuration management tool built on Ruby that is used to create a set of instructions called a cookbook. Compare with Ansible, Puppet, and SaltStack.
circuit-switched communication A type of communication in which two network nodes establish a dedicated communications channel (circuit) through the network so that the nodes can communicate.
Cisco Adaptive Security Appliance (ASA) A Cisco dedicated firewall appliance.
Cisco AnyConnect Secure Mobility Client VPN software that is installed on a host to securely establish a remote-access VPN.
Cisco Application Centric Infrastructure (ACI) A data center architecture solution originally developed by Insieme and acquired by Cisco in 2013 for integrating cloud computing and data center management. ACI is a Cisco SDN solution that includes a data center fabric built with Nexus 9000 switches running ACI Fabric OS, a cluster of APICs, and an ecosystem of integrated solutions.
Cisco Application Policy Infrastructure Controller–Enterprise Module (APIC-EM) A policy-based SDN for enterprise and campus deployments.
Cisco Borderless Networks architecture An architecture designed to help IT balance demanding business challenges and changing business models promoted by the influx of consumer devices into the business world. Cisco Borderless Networks can help IT evolve its infrastructure to deliver secure, reliable, and seamless user experiences in a world with many new and shifting borders.
Cisco Discovery Protocol (CDP) A Cisco proprietary Layer 2 link discovery protocol enabled on all Cisco devices by default. It is used to discover other CDP-enabled devices for autoconfiguring connections and to troubleshoot network devices. Compare with Link Layer Discovery Protocol (LLDP).
Cisco DNA An open software-driven intent-based networking platform that is constantly learning and adapting. It uses contextual insights to make sure the network continuously responds to dynamic IT and business needs.
Cisco DNA Assurance A Cisco DNA intent-based solution to troubleshoot and increase IT productivity. It applies advanced analytics and machine learning to improve performance and issue resolution and predictions to assure network performance. It provides real-time notification for network conditions that require attention. Compare with SD-Access, SD-WAN, and Cisco DNA Security.
Cisco DNA Center The network management and command center for Cisco DNA.
Cisco DNA Security A Cisco DNA intent-based solution that provides visibility by using a network as a sensor for real-time analysis and intelligence. It provides increased granular control to enforce policy and contain threats across the network. Compare with SD-Access, SD-WAN, and Cisco DNA Assurance.
Cisco Email Security Appliance (ESA) A mitigation technology device for email-based threats. The Cisco ESA monitors SMTP traffic using real-time feeds from Cisco Talos to detect threats, block known threats, remediate when stealth malware evades initial detection, discard emails with bad links, block access to newly infected sites, and encrypt content in outgoing email to prevent data loss.
Cisco Express Forwarding (CEF) A Cisco- proprietary protocol that allows high-speed packet switching in ASICs rather than using CPUs. Cisco Express Forwarding offers “wire speed” routing of packets and load balancing.
Cisco IOS File System (IFS) The common Cisco IOS command-line interface (CLI) to all file system for all Cisco devices. The IFS provides access to file systems such as Flash memory and network file systems (for example, TFTP, rcp, and FTP).
Cisco Nexus 9000 Series switch A core component of the Cisco ACI architecture that provides an application-aware switching fabric and works with an APIC to manage the virtual and physical network infrastructure.
Cisco Talos One of the largest commercial threat intelligence teams in the world, composed of world-class researchers, analysts, and engineers. Industry-leading visibility, actionable intelligence, and vulnerability research drive rapid detection and protection for Cisco customers against known and emerging threats—and stop threats in the wild to protect the internet at large.
Cisco UCS Manager An application used to manage all software and hardware components in Cisco UCS. Cisco UCS Manager can control multiple servers and manage resources for thousands of VMs.
Cisco Unified Computing System (UCS) A product line developed specifically for a data center to manage the computing hardware, virtualization, and switching fabric. Cisco UCS is managed using Cisco UCS Manager.
Cisco Visual Networking Index (VNI) A group within Cisco that performs projections, estimates and forecasts, and direct data collection for broadband connections, video subscribers, mobile connections, and more.
Cisco Web Security Appliance (WSA) A mitigation technology device for web-based threats. Cisco WSA can perform blacklisting of URLs, URL filtering, malware scanning, URL categorization, web application filtering, and encryption and decryption of web traffic.
Class of Service (CoS) A 3-bit field inserted in a 802.1Q VLAN tagged Ethernet frame to assign a quality of service (QoS) marking. The 3-bit field identifies the CoS priority value and is used by Layer 2 switches to specify how the frame should be handled when QoS is enabled.
Class-Based Weighted Fair Queuing (CBWFQ) A QoS queuing method that permits custom policies per class of traffic, such as allowing web traffic more bandwidth than email traffic. All other unspecified traffic uses WFQ. Compare with first-in, first-out (FIFO), Weighted Fair Queuing (WFQ), and Low Latency Queuing (LLQ).
classification A QoS term for the process of sorting types of packets so they can be marked and have policies applied to them.
classless Describes a routing protocol that carries subnet mask information in its routing updates. Classless routing protocols can take advantage of VLSM and supernet routes. RIPv2, OSPF, and EIGRP are IPv4 classless routing protocols.
client-based VPN A remote-access connection that requires IPsec or SSL VPN client software on the device. The software is used to initiate the VPN connection and authenticate to the destination VPN gateway to access corporate files and applications.
clientless VPN A remote-access connection that is secured using a web browser SSL connection. The SSL connection is first established, and then HTTP data is exchanged over the connection.
cloud computing The use of computing resources (hardware and software) delivered as a service over a network. An enterprise typically accesses the processing power, storage, software, or other computing services, often via a web browser, from a provider for a fee. The provider is usually an external company that hosts and manages the cloud resources.
cloud-managed switch A switch (for example, Cisco Meraki switch) that can monitor and configure thousands of switchports over the web, without the intervention of onsite IT staff. This type of switch enables virtual stacking of switches. Compare with campus LAN switch, data center switch, service provider switch, and virtual networking switch.
collapsed core layer model A two-tier hierarchical network design model that collapses the core and distribution layers into a single layer that connects to the access layer, where wired and wireless end devices attach. Also called a two-tier campus network design.
command and control (CnC) An attack method used by a threat actor to send control messages to a botnet of zombies and carry out a DDoS attack.
community string A text string that is used as a password to authenticate messages sent between SNMP agents (for example, routers, switches, servers) and an NMS. The community string is sent in every packet between the NMS and agent.
confidentiality An IPsec VPN term that describes how encryption algorithms prevent cybercriminals from reading packet contents.
configuration register A hexadecimal value used to change the booting behavior and connection settings of a Cisco router. Common settings include 0x2102 (normal boot) and 0x2142 (bypass startup configuration for password recovery.)
congestion avoidance A QoS method for monitoring network traffic loads in an effort to anticipate and avoid congestion. As queues fill up to the maximum threshold, a small percentage of packets are dropped. When the maximum threshold is passed, all packets are dropped.
control plane One of the Cisco NFP functional areas that consists of managing device-generated packets required for the operation of the network itself, such as ARP message exchanges or OSPF routing advertisements. Compare with management plane and data plane.
converged network (1) A network that combines voice and video with the traditional data network. (2) A network that provides a loop-free Layer 2 topology for a switched LAN through the use of spanning tree. (3) A network that provides a stable Layer 3 network where the routers have finished providing each other updates and the routing tables are complete.
convergence The process in which a group of internetworking devices running a specific routing protocol all agree on the internetworking topology after a topology change.
core layer A tier in the three-layer hierarchical network design model that creates the network backbone. All traffic to and from peripheral networks must pass through the core layer, which includes high-speed switching devices that can handle relatively large amounts of traffic. In a two-layer hierarchical design model, the core layer is combined with the distribution layer for small to medium-sized business networks.
CSU/DSU (channel service unit/data service unit) A digital interface device that connects end-user equipment to the local digital telephone loop.
customer premises equipment (CPE) Terminating equipment, such as terminals, telephones, and modems, supplied by the telephone company, installed at customer sites, and connected to the telephone company network.
cyber weaponry The collective name for tools that threat actors may use to exploit vulnerable systems.
cybercriminal A threat actor who commits malicious activities on networks and devices to steal sensitive information for profit. Cybercriminals can be self-employed, or they may work for large cybercrime organizations.
D
dark fiber Unused fiber-optic cable that is unlit (that is, dark).
data center switch A high-performance, low-latency switch that promotes infrastructure scalability, operational continuity, and transport flexibility. Data center switch platforms include the Cisco Nexus Series switches and the Cisco Catalyst 6500 Series switches. Compare with campus LAN switch, cloud-managed switch, service provider switch, and virtual networking switch.
data center A facility used to house computer systems and associated components, including redundant data communications connections, high-speed virtual servers, redundant storage systems, and security devices. Only large organizations use privately built data centers. Smaller organizations lease server and storage services from data center organizations.
data communications equipment (DCE) An EIA term for the devices and connections of a communications network that comprise the network end of the user-to-network interface. The DCE provides a physical connection to the network, forwards traffic, and provides a clocking signal used to synchronize data transmission between DCE and DTE devices. Broadband modems and interface cards are examples of DCE. The ITU refers to this device as the data circuit-terminating equipment.
data confidentiality One of four elements of secure communication, which guarantees that only authorized users can read a message, and if a message is intercepted, it cannot be deciphered within a reasonable amount of time. Data confidentiality is implemented using symmetric and asymmetric encryption algorithms.
Data Encryption Standard (DES) A legacy symmetric encryption algorithm that should no longer be used. DES uses a 56-bit key. Compare with Triple DES (3DES), Advanced Encryption Standard (AES), and Software-Optimized Encryption Algorithm (SEAL).
data exfiltration A security term describing theft of data. It is the unauthorized copying, transfer, or retrieval of data from a compromised host by a threat actor or malware.
data format In web programming, a way to store and exchange data in a structured format (that is, a markup language). For example, HTML describes a data format used by a web browser to display a page correctly.
data nonrepudiation One of four elements of secure communication, which guarantees that the sender cannot repudiate, or refute, the validity of a message sent. Nonrepudiation relies on the fact that only the sender has the unique characteristics or signature for how the message is treated.
data object In a markup language, a value or group of values displayed in a key/value pair format.
Data over Cable Service Interface Specification (DOCSIS) An international standard developed by CableLabs, a nonprofit research and development consortium for cable-related technologies. CableLabs tests and certifies cable equipment vendor devices, such as cable modems and cable modem termination systems, and grants DOCSIS-certified or qualified status.
data plane One of the Cisco NFP functional areas responsible for forwarding data. Data plane traffic normally consists of user-generated packets being forwarded between end devices. Most traffic travels through the router, or switch, via the data plane. Also called the forwarding plane. Compare with control plane and management plane.
data terminal equipment (DTE) A device at the user end of a user-network interface that serves as a data source, destination, or both. DTE connects to a data network through a DCE device (such as a modem) and typically uses clocking signals generated by the DCE. DTE includes such devices as computers, protocol translators, and multiplexers.
database description (DBD) packet A packet used in OSPF that contains LSA headers only and describes the contents of the entire link-state database. Routers exchange DBDs during the exchange phase of adjacency creation. A DBD is an OSPF type 2 packet.
data-link connection identifier (DLCI) A value that specifies a PVC or SVC in a Frame Relay network. In the basic Frame Relay specification, DLCIs are locally significant. (Connected devices might use different values to specify the same connection.) In the LMI extended specification, DLCIs (which specify individual end devices) are globally significant.
dead interval The time, in seconds, that an OSPF router waits to hear from a neighbor before declaring the neighboring router out of service.
dedicated line A communications line that is indefinitely reserved for transmissions rather than switched as transmission is required.
defense-in-depth approach In security, a layered approach that requires a combination of networking devices and services working together to secure a network and assets.
delay A QoS term used to describe the time it takes for a packet to travel from the source to the destination. Fixed delay is a particular amount of time a specific process takes. A variable delay takes an unspecified amount of time and is affected by factors such as how much traffic is being processed.
demarcation point The point where the service provider or telephone company network ends and connects with the customer’s equipment at the customer’s site.
demodulate To convert an analog signal such as sound into a digital signal, such as when a modem receives data over telephone lines.
denial-of-service (DoS) attack An attack that is used to overload specific devices and network services with illegitimate traffic, thereby preventing legitimate traffic from reaching those resources.
dense wavelength-division multiplexing (DWDM) An optical technology used to increase bandwidth over existing fiber-optic backbones. DWDM works by combining and transmitting multiple signals simultaneously at different wavelengths on the same fiber.
departmental switch block A design that deploys routers or multilayer switches in pairs, with access layer switches evenly divided between them. Each switch block operates independently of the others, so a failure of a single device does not cause the network to go down. As a result, the failure of a single device or switch block does not significantly affect end users. See also building switch block.
designated router (DR) An OSPF router that generates LSAs for a multiaccess network and has other special responsibilities in running OSPF. Each multiaccess OSPF network that has at least two attached routers has a designated router that is elected by the OSPF Hello packet. The designated router enables a reduction in the number of adjacencies required on a multiaccess network, which in turn reduces the amount of routing protocol traffic and the size of the topology database.
DHCP spoofing An attack in which a cybercriminal installs a fake DHCP server on the network so that legitimate clients acquire their IP confirmation from the bogus server. These types of attacks force the clients to use both a false DNS server and a computer that is under the control of the attacker as their default gateway.
dialup modem See voiceband modem.
Differentiated Services (DiffServ) A QoS model that provides high scalability and flexibility. QoS differentiates between multiple traffic flows. Network devices recognize traffic classes and provide different levels of QoS to different traffic classes. DiffServ is less resource-intensive and more scalable than IntServ. Compare with best-effort model and Integrated Services (IntServ).
Differentiated Services Code Point (DSCP) A field defined in RFC 2474 to redefine the ToS field by renaming and extending the IP Precedence (IPP) field. The field has 6 bits and offers a maximum of 64 possible classes of service. The 64 DSCP values are organized into three categories: best effort (BE), expedited forwarding (EF), and assured forwarding (AF).
Diffie-Hellman (DH) An asymmetric algorithm that enables two parties to agree on a key that they can use to encrypt messages they want to send to each other.
digital certificate A cryptographic key that has been issued by a PKI certificate authority (CA). The certificate is used to identity the communicating parties and validate the information being transferred.
digital multimeter (DMM) A test instrument that directly measures electrical values of voltage, current, and resistance. In network troubleshooting, most multimedia tests involve checking power-supply voltage levels and verifying that network devices are receiving power.
digital signal processor (DSP) A QoS algorithm used in voice networks when small packet loss is experienced. DSP analyzes and re-creates what the lost audio signal should be.
digital subscriber line (DSL) An always-on connection technology that uses existing twisted-pair telephone lines to transport high-bandwidth data and that provides IP services to subscribers. A DSL modem converts an Ethernet signal from the user device into a DSL signal, which is transmitted to the central office.
Dijkstra’s algorithm An algorithm used by the OSPF routing protocol that is also called the shortest path first (SPF) algorithm.
distributed denial of service (DDoS) A coordinated attack from many devices, called zombies, that is meant to degrade or halt public access to an organization’s website and resources. The threat actor uses a CnC system to send control messages to the zombies.
distribution layer A tier in the three-layer hierarchical network design model that connects the access layer to the core layer. The distribution layer aggregates connectivity from multiple access layer devices, Layer 2 broadcast domains, and Layer 3 routing boundaries. In a two-layer hierarchical design model, the distribution layer is combined with the core layer for small-to-medium-sized business networks.
divide-and-conquer troubleshooting A troubleshooting approach that starts by collecting users’ experiences with a problem and documenting the symptoms. Then, using that information, you make an informed guess about the OSI layer at which to start your investigation. After you verify that a layer is functioning properly, assume that the layers below it are functioning and work up the OSI layers. If an OSI layer is not functioning properly, work your way down the OSI layer model. Compare with the bottom-up troubleshooting and top-down troubleshooting.
DNS domain shadowing attack A DNS attack that uses subdomains or valid domains to redirect user traffic to malicious servers.
DNS open resolver attack A DNS attack that targets publicly open available DNS resolvers such as GoogleDNS at 8.8.8.8.
DNS stealth attack A DNS attack that is used by a threat actor to hide his or her identity.
DNS tunneling attack A DNS attacks used to send non-DNS traffic (such as CnC traffic) within DNS traffic.
DROTHER A router in an OSPF multiaccess network that is neither the DR nor the BDR. DROTHERs are the other routers in the OSPF network.
DSL access multiplexer (DSLAM) A device located at the provider’s CO that concentrates connections from multiple DSL subscribers.
DSL modem A DSL device located at the customer premises that converts Ethernet signals from the internal network to DSL signals, which are transmitted to the CO.
dual-carrier connection A setup in which an organization connects to two different service providers to provide redundancy and increase network availability. Contrast with single-carrier connection.
dual-homed ISP An internet access design in which an organization has two connections to the same service provider. Compare with single-homed ISP, multihomed ISP, and dual-multihomed ISP.
dual-homed topology A topology that provides redundancy such as when spoke routers are connected to two hub routers across a WAN cloud. Contrast with point-to-point topology, hub-and-spoke topology, and fully meshed topology.
dual-multihomed ISP An internet access design in which an organization has multiple connections to two or more different service providers. Compare with single-homed ISP, dual-homed ISP, and multihomed ISP.
dual stack An IPv4-to-IPv6 migration technique in which a device is enabled for both IPv4 and IPv6 protocols. It is a transition mechanism used when converting from IPv4 to IPv6. Basically, when using a dual stack, a router runs both IPv4 and IPv6. Other IPv6 migration techniques include translation and tunneling.
duplex mismatch A situation in which one end of a connection is set to half duplex while the other end is set to full duplex.
Dynamic Multipoint VPN (DMVPN) A Cisco software solution that simplifies the configuration involved in building multiple VPNs in an easy, dynamic, and scalable manner. It provides increased flexibility when connecting central office sites with branch sites in a hub-and-spoke configuration.
dynamic NAT A type of network address translation (NAT) in which many local addresses (normally private IP addresses) are mapped to many global IP addresses (which are normally public IP addresses).
E
E1 A type of leased line available from service providers in Europe that provides bandwidth of up to 2.048 Mbps. Contrast with T1, T3, and E3.
E3 A type of leased line available from service providers in Europe that provides bandwidth of up to 34.368 Mbps. Contrast with T1, T3, and E1.
east–west traffic A virtualization term for traffic being exchanged between virtual servers. Compare with north–south traffic.
edge port A switchport that is not intended to be connected to another switch device. It immediately transitions to the forwarding state when enabled. Edge ports are conceptually similar to PortFast-enabled ports in the Cisco implementation of IEEE 802.1D.
edge router A router that connects an inside network to an outside network (typically the internet).
electromagnetic interference (EMI) Interference by magnetic signals caused by the flow of electricity. EMI can cause reduced data integrity and increased error rates on transmission channels. This process occurs because electrical current creates magnetic fields, which in turn cause other electrical currents in nearby wires. The induced electrical currents can interfere with proper operation of the other wire.
Electronic Industries Alliance (EIA) An organization best known for its standards related to electrical wiring, connectors, and the 19-inch racks used to mount networking equipment. EIA standards are often combined with TIA standards and referred to as TIA/EIA standards.
Encapsulation Security Protocol (ESP) An IPsec packet encapsulation method that provides connectionless data integrity, data origin authentication, and data confidentiality for IP packets.
endpoint group (EPG) A Cisco ACI term for endpoints (for example, VLANs, web servers, applications).
enterprise campus network The computing infrastructure that provides access to network communication services and resources to end users and devices spread over a single geographic location (for example, a single floor or building or even a large group of buildings spread over an extended geographic area).
enterprise network A large and diverse network that connects most major points in a company or another organization. An enterprise network differs from a WAN in that it is privately owned and maintained.
enterprise VPN An enterprise-managed VPN site-to-site and remote-access (that is, client based or clientless) IPsec and SSL VPN solution.
EtherChannel A feature in which up to eight parallel Ethernet segments between the same two devices, each using the same speed, can be combined to act as a single link for forwarding and STP logic.
Ethernet over MPLS (EoMPLS) A type of Ethernet WAN service that works by encapsulating Ethernet PDUs in MPLS packets and forwarding them across the MPLS network. Each PDU is transported as a single packet.
Ethernet WAN A WAN in which service providers provide Ethernet-based connection options to connect subscribers to a larger service network or the internet. Also called Metro Ethernet.
ethical hacker A white hat hacker who assesses and reports the security posture of a corporate target system.
Exchange state An OSPF state in which OSPF routers exchange DBD packets, which contain LSA headers only and describe the contents of the entire link-state database.
expedited forwarding (EF) A category of DSCP values with a value of 46 (binary 101110). The first 3 bits (101) map directly to the Layer 2 CoS value 5 used for voice traffic. At Layer 3, Cisco recommends that EF only be used to mark voice packets. Compare with best effort (BE) and assured forwarding (AF).
exploit A mechanism that takes advantage of a vulnerability in a network.
ExStart state An OSPF state in which the routers and their DR and BDR establish a master/slave relationship and choose the initial sequence number for adjacency formation. The router with the higher router ID becomes the master and starts the exchange.
extended ACL An IOS feature that filters traffic based on multiple attributes, including protocol type, source IPv4 addresses, destination IPv4 addresses, source ports, and destination ports.
Extensible Markup Language (XML) A markup language standard defined for the internet that defines a set of rules for encoding documents (similar to HTML) in a format that is both human readable and machine readable. In XML, the data is enclosed within a related set of tags: <tag>data</tag>. However, it is generally more challenging to read as it was designed to carry data and not display it. Sitemaps and configuration files often use XML files. Compare with JavaScript Object Notation (JSON) and YAML Ain’t Markup Language (YAML).
Extensible Markup Language–Remote Procedure Call (XML-RPC) A web service API protocol that evolved into SOAP. Compare with JavaScript Object Notation–Remote Procedure Call (JSON-RPC), Representational State Transfer (REST), and Simple Object Access Protocol (SOAP).
F
facility A syslog service identifier that identifies and categorizes system state data for error and event message reporting. The logging facility options that are available are specific to the networking device.
failure domain An area of a network that is impacted when a critical device or network service experiences problems.
fiber-to-the-building (FTTB) An optical fiber installation term describing a situation in which fiber reaches the boundary of the building, such as the basement in a multi-dwelling unit, with the final connection to the individual living space being made via alternative means, such as curb or pole technologies.
fiber-to-the-home (FTTH) An optical fiber installation term describing a situation in which fiber reaches the boundary of the residence. Passive optical networks and point-to-point Ethernet are architectures that can deliver cable TV, internet, and phone services over FTTH networks directly from the service provider central office.
fiber-to-the-node/neighborhood (FTTN) An optical fiber installation term describing a situation in which fiber reaches an optical node that converts optical signals to a format acceptable for twisted-pair or coaxial cable to the premise.
firewall A router, dedicated device, or software that denies outside traffic from entering an inside (that is, private) network. However, it permits inside network traffic to exit and return to the inside network. A firewall may use access lists and other methods to ensure the security of the private network.
first-in, first-out (FIFO) A QoS queuing method that is often the default queuing method for a faster interface. FIFO has no concept of priority or classes of traffic and, consequently, makes no decision about packet priority. FIFO forwards packets in the order in which they arrived. Compare with Weighted Fair Queuing (WFQ), Class-Based Weighted Fair Queuing (CBWFQ), and Low Latency Queuing (LLQ).
fixed configuration switch A type of switch commonly used in the access layer of the hierarchical network design model that supports only the features and options shipped with the switch. This type of switch is not upgradable. Contrast with modular configuration switch.
flow table An SDN table implemented in a data center switch that matches incoming packets to a particular flow and specifies the functions that are to be performed on the packets. Multiple flow tables may operate in a pipeline fashion. Compare with group table and meter table.
form factor The size, shape, and other physical specifications of components, particularly in consumer electronics and electronic packaging. For example, switch form factors include fixed configuration and modular configuration switch.
forwarding database The OSPF database that is used to help populate a routing table.
Forwarding Information Base (FIB) A table used with CEF to provide optimized lookups for more efficient packet forwarding.
forwarding rate A rate that defines the processing capabilities of a switch by stating how much data the switch can process per second.
frame buffer A section of memory used to store frames on congested ports.
Frame Relay A legacy industry-standard Layer 2 WAN protocol that established multiple virtual circuits between connected devices (such as routers).
Full state An OSPF state in which OSPF routers are fully adjacent with each other. All the router and network LSAs are exchanged, and the routers’ databases are fully synchronized.
full-duplex An operation in which two devices can transmit and receive on the media at the same time.
fully meshed topology A network in which each network node has either a physical circuit or a virtual circuit connecting it to every other network node. A full mesh provides a great deal of redundancy, but because it can be prohibitively expensive to implement, it is usually reserved for network backbones. Contrast with point-to-point topology, hub-and-spoke topology, and dual-homed topology.
G
Generic Routing Encapsulation (GRE) A tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels. GRE creates a virtual point-to-point link to Cisco routers at remote points over an IP internetwork. GRE is designed to manage the transportation of multiprotocol and IP multicast traffic between two or more sites that may have only IP connectivity. It can encapsulate multiple protocol packet types inside an IP tunnel.
get request A type of request used by an SNMP manager to query a device for data.
gratuitous ARP An ARP reply to which no request has been made. Other hosts on the subnet store the MAC address and IP address contained in the gratuitous ARP in their ARP tables. Can be used by threat actors for nefarious reasons.
gray hat hacker A threat actor who does arguably unethical things but not for personal gain or to cause damage. For example, a gray hat hacker may disclose a vulnerability to the affected organization after having compromised the network.
GRE over IPsec tunnel Traffic encapsulated in a GRE packet that is then encapsulated into an IPsec packet so it can be forwarded securely to the destination VPN gateway. IPsec tunnels can only forward unicast traffic. GRE over IPsec enables IPsec to also send multicast and broadcast traffic, such as routing protocols.
group table An SDN table implemented in a data center switch. A flow table may direct a flow to a group table, which may trigger a variety of actions that affect one or more flows. Compare with flow table and meter table.
H
hacktivist A gray hat hacker who publicly protests organizations or governments by posting articles and videos, leaking sensitive information, and performing network attacks. Two examples of hacktivist groups are Anonymous and the Syrian Electronic Army.
half-duplex An operation in which two devices can both transmit and receive on the media but cannot do so simultaneously.
hash message authentication code (HMAC) A code used for origin authentication to add authentication to integrity assurance by using an additional secret key as input to the hash function.
headend A cable provider term describing where signals are first received, processed, formatted, and then distributed downstream to the cable network. The headend facility is usually unstaffed and under security fencing, and it is similar to a telephone company central office.
Hello interval The frequency, in seconds, at which a router sends Hello packets.
hello keepalive mechanism With OSPF and EIGRP, a small packet that is exchanged by peers to verify that a link is still operational.
Hello packet A packet used by OSPF and EIGRP routers to discover, establish, and maintain neighbor relationships. In OSPF, Hello packets are type 1 OSPF packets and are used to establish and maintain adjacency with other OSPF routers.
hierarchical network A design methodology for building networks in three layers: access, distribution, and core.
High-Level Data Link Control (HDLC) An ISO bit-oriented Layer 2 WAN serial line protocol that supports router-to-router connections. It is the default encapsulation of serial interfaces on Cisco routers. Contrast with Point-to-Point Protocol (PPP).
hub router Generally, a device that serves as the center of a hub-and-spoke star topology network. Connecting routers are referred to as spoke routers.
hub-and-spoke topology A topology in which stub routers (spokes) are connected to a central hub router. A single interface to the hub can be shared by all spoke circuits. For example, spoke sites can be interconnected through the hub site using virtual circuits and routed subinterfaces at the hub. A hub-and-spoke topology is also an example of a single-homed topology. Sometimes referred to as a hub-to-spoke topology. Contrast with point-to-point topology, fully meshed topology, and dual-homed topology.
hybrid cloud A cloud model that combines two or more cloud models (that is, private, community, or public). Individuals on a hybrid cloud would be able to have degrees of access to various services based on user access rights. Compare with public cloud, private cloud, and community cloud.
hybrid fiber-coaxial (HFC) A telecommunications industry term for a broadband network that combines optical fiber and coaxial cable. It is commonly used by cable service providers.
Hypertext Markup Language (HTML) The standard markup language for web browser documents. HTML describes the structure of a web page and its elements and instructs the browser on how to display the content. HTML can be enhanced using Cascading Style Sheets (CSS) and the JavaScript scripting language.
hypervisor A program, firmware, or hardware used to create instances of VMs, which are emulated hardware including CPU, memory, storage, and networking settings in one OS. A hypervisor adds an abstraction layer on top of the real physical hardware to create VMs. Each VM runs a complete and separate operating system.
I
ICMP attack An attack in which a threat actor uses ICMP echo packets (pings) to discover subnets and hosts on a network.
IEEE 802.1p An IEEE standard that is used with the IEEE 802.1Q protocol to define traffic class expediting and dynamic multicast filtering. The 802.1p standard uses the first 3 bits in the 802.1Q Tag Control Information (TCI) field to create the Priority (PRI) field, which identifies the Class of Service (CoS) markings.
implicit deny A hard-coded ACL statement in all ACLs that denies all traffic from passing through the interface. This statement is called implicit because it is not shown in output when you list ACL statements using show commands. It is always the last line of any ACL.
in-band management The process of monitoring and making configuration changes to a network device over a network connection using Telnet, SSH, or HTTP access.
inbound ACL A type of ACL that filters incoming packets. Inbound ACLs are best used to filter packets when the network attached to an inbound interface is the only source of packets that need to be examined.
infrastructure as a service (IaaS) A cloud service in which the cloud provider is responsible for access to the network equipment, virtualized network services, and supporting network infrastructure. IaaS provides processing, storage, networking, or other fundamental computing resources to customers. Compare with software as a service (SaaS) and platform as a service (PaaS).
Init state An OSPF state which specifies that the router has received a Hello packet from its neighbor, but the receiving router’s ID was not included in the Hello packet.
inside address In NAT, the address of a device that is being translated by NAT.
inside global address In NAT for IPv4, a valid public IPv4 address that is given to the packet sourced from an inside host. Normally, the IPv4 public address is assigned as the packet exits the NAT router.
inside local address In NAT for IPv4, an address (usually an RFC 1918 private address) that is not usually assigned by a Regional Internet Registry (RIR) or a service provider. The private IP address is assigned to a device inside a home or corporate environment.
inside network In NAT, the internal network.
Institute of Electrical and Electronics Engineers (IEEE) An organization dedicated to advancing technological innovation and creating standards in a wide area of industries, including power and energy, healthcare, telecommunications, and networking.
Integrated Services (IntServ) A QoS model (sometimes called hard QoS) that provides guaranteed QoS to IP packets. However, IntServ is considered to be a legacy QoS model because it is very resource intensive and therefore limited in scalability. Compare with best-effort model and Differentiated Services (DiffServ).
Integrated Services Digital Network (ISDN) A legacy communication protocol offered by telephone companies that permits telephone networks to carry data, voice, and other source traffic.
integrity A VPN term that describes how IPsec uses hashing algorithms to ensure that packets have not been altered between source and destination.
interarea routing In multiarea OSPF, routing that occurs between areas.
internal API An API used by an organization or a company to access data and services for internal use only. Compare with open API and partner API.
International Organization for Standardization (ISO) An international standard-setting body with members from global national standards organizations. The ISO is responsible for multiple standards, including the OSI reference model.
Internet Key Exchange (IKE) An IPsec protocol responsible for negotiating security associations (SAs) to set up a secure, authenticated communications channel between two parties.
Internet of Things (IoT) An architecture that connects billions of smart objects to the internet.
intent-based networking (IBN) A type of networking that captures business intent and uses analytics, machine learning, and automation to align the network continuously to changing business needs. It can include application service levels, security policies, regulatory compliance, and operational processes.
inter-VLAN routing The process of routing data between VLANs so that communication can occur between the different networks. It can be implemented using legacy inter-VLAN routing, a router-on-a-stick method, or a Layer 3 multilayer switch.
intrusion detection system (IDS) A network security feature that is similar to an IPS but does not block an attack.
intrusion prevention system (IPS) A network security feature typically deployed as a service on an ISR G2 router or by using a dedicated device (such as an IPS sensor). An IPS captures and analyzes incoming and outgoing traffic to detect traffic anomalies, detect network attacks, issue alerts, and block malicious packets.
IP Precedence See IP Precedence (IPP) field.
IP Precedence (IPP) field A field defined in the original IP standard RFC 791 to be used for QoS markings. It has now been replaced with the Differentiated Services Code Point (DSCP) field, defined in RFC 2474.
IP Security (IPsec) A framework of open standards that spells out the rules for secure communications. IPsec works at the network layer, protecting and authenticating IP packets between participating IPsec peers.
IP spoofing An attack in which a threat actor alters the source IP address of a packet to impersonate another network host.
IPsec See IP Security (IPsec).
IPsec Virtual Tunnel Interface (VTI) A relatively new IPsec VPN technology that simplifies the configuration required to support multiple sites and remote access. IPsec VTI configurations use virtual interfaces to send and receive IP unicast and multicast encrypted traffic. Therefore, routing protocols are automatically supported without requiring configuration of GRE tunnels.
IT as a service (ITaaS) A cloud service in which the cloud provider provides IT support for cloud computing. ITaaS can extend the capability of IT without requiring investment in new infrastructure, training of new personnel, or licensing of new software.
J
jabber The condition in which a network device continually transmits random, meaningless data onto the network.
JavaScript Object Notation (JSON) A lightweight data format for storing and transporting data. It is simpler and more readable than XML and is supported by web browsers. In JSON, the data (known as an object) is one or more key/value pairs enclosed in braces, { }. Keys must be strings within double quotation marks, " ". Keys and values are separated by a colon. Compare with Extensible Markup Language (XML) and YAML Ain’t Markup Language (YAML).
JavaScript Object Notation-Remote Procedure Call (JSON-RPC) A very simple web service API protocol that is similar to XML-RPC. Compare with Extensible Markup Language–Remote Procedure Call (XML-RPC), Representational State Transfer (REST), and Simple Object Access Protocol (SOAP).
jitter Variation in delay (that is, latency). Ideal network conditions have little variation in the time it takes to receive packets, whereas a network experiencing congestion could have a lot of variation in latency.
K
key/value pair A markup language term used to describe a data object. The key, on the left side, identifies or describes the data. The value on the right side is the data itself (for example, character, string, number, or list).
keylogger A Trojan horse that actively captures confidential information (such as banking and credit card information) by recording user keystrokes on websites.
knowledge base An information database used to assist in the use or troubleshooting of a product. Online network device vendor knowledge bases have become indispensable sources of information. When vendor-based knowledge bases are combined with internet search engines such as Google, a network administrator has access to a vast pool of experience-based information.
L
landline A telephone line that connects to a provider network using the public switched telephone network (PSTN).
last mile See local Loop.
latency The time (in milliseconds or seconds) it takes for a packet to get from its source to its destination. Higher bandwidths typically have lower latency. Latency is sometimes displayed as RTT (round trip time) in command output.
Layer 2 MPLS VPN An MPLS service provider VPN solution that does not involve customer routing. Instead, the MPLS provider deploys VPLS to emulate an Ethernet multiaccess LAN segment over the MPLS network. The customer’s routers effectively belong to the same multiaccess network.
Layer 3 MPLS VPN An MPLS service provider VPN solution that involves routing between the customer’s routers and the provider’s routers. Customer routes received by the provider’s router are securely redistributed through the MPLS network to the customer’s remote locations.
leased line A type of dedicated line provided by a service provider to a client network. Leased lines are also referred to as leased circuits, serial links, serial lines, point-to-point links, and T1/E1 or T3/E3 lines. Leased lines are available in different capacities. In North America, service providers use the T-carrier system to define the digital transmission capability of a serial copper media link, while Europe uses the E-carrier system.
light-emitting diode (LED) A semiconductor light source that is used as an indicator lamp or for general lighting.
line card A switch card that fits into the switch chassis the way that expansion cards fit into a PC. The larger the chassis, the more modules it can support.
link aggregation A method of aggregating (that is, combining) multiple links between equipment to increase bandwidth.
Link Layer Discovery Protocol (LLDP) A vendor-neutral neighbor discovery protocol similar to CDP that works with network devices, such as routers, switches, and wireless LAN access points. LLDP advertises its identity and capabilities to other devices and receives the information from a physically connected Layer 2 device.
link-state acknowledgment (LSAck) packet A packet that acknowledges receipt of LSA packets. LSAck packets are type 5 OSPF packets.
link-state advertisement (LSA) Often referred to as a link-state packet (LSP), a broadcast packet used by link-state protocols that contains information about neighbors and path costs. LSAs are used by receiving routers to maintain their routing tables.
link-state database (LSDB) A table used in OSPF that represents the topology of the autonomous system. It is the method by which routers “see” the state of the links in the autonomous system.
link-state information With OSPF, information about a link, such as neighbor ID, link type, and bandwidth.
link-state packet (LSP) See link-state advertisement (LSA).
link-state request (LSR) packet A type 3 OSPF packet that is used to request the pieces of a neighbor’s database that are most up to date.
link-state router A router that uses a link-state routing protocol such as OSPF.
link-state update (LSU) packet A type 4 OSPF packet that carries a collection of link-state advertisements (LSAs).
Loading state An OSPF state in which peers exchange link-state information based on the neighbor DataBase Descriptor (DBD). OSPF routers send Link State Requests (LSRs) and receive Link State Updates (LSUs) containing all Link State Advertisements (LSAs).
local address In NAT, any address that appears on the inside portion of a network.
local loop A line from the premises of a telephone subscriber to the telephone company CO. Also referred to as the last mile.
logical topology diagram A diagram that includes symbols to represent routers, servers, hosts, VPN concentrators, and security devices. It also includes symbols representing the type of link used to interconnect these devices, including interfaces and IP addressing. Compare with physical topology diagram.
Long-Term Evolution (LTE) Usually marketed as 4G LTE, a standard for wireless communication.
Low Latency Queuing (LLQ) A QoS queuing method that is sometimes referred to as PQ-CBWFQ (Priority Queuing CBWFQ). LLQ uses Priority Queuing (PQ) on the identified traffic to guarantee traffic bandwidth and ensure those packets are sent first. LLQ is typically used in voice networks. Compare with first-in, first-out (FIFO), Weighted Fair Queuing (WFQ), and Class-Based Weighted Fair Queuing (CBWFQ).
M
MAC spoofing An attack in which a threat actor alters the source MAC address of a frame to impersonate another local network host.
malware Software that is designed to exploit or damage end devices and networks. Malware includes computer viruses, Trojan horses, worms, ransomware, spyware, scareware, and adware.
management console An application used with a Type 1 hypervisor to manage multiple VM servers. The management console can automatically consolidate multiple servers and power on or off servers, as required. It also provides recovery from hardware failure and can automatically and seamlessly move an unresponsive VM to another server.
Management Information Base (MIB) A database of the objects that can be managed on a device. The managed objects, or variables, can be set or read to provide information on the network devices and interfaces.
management plane A Cisco NFP functional area that is responsible for managing network elements. Management plane traffic is generated either by network devices or network management stations, using processes and protocols such as Telnet, SSH, TFTP, FTP, NTP, AAA, SNMP, syslog, TACACS+, RADIUS, and NetFlow. Compare with control plane and data plane.
man-in-the-middle attack A type of attack in which the threat actor is positioned in between a victim and the destination.
marking In QoS, adding a value to the packet header. Devices receiving the packet look at this field to see if it matches a defined policy. Marking should be done as close to the source device as possible to establish the trust boundary.
markup language A system for formatting text in a document that is syntactically distinguishable from the text. The markup language syntax is not displayed when viewing the document.
Message Digest 5 (MD5) See Message Digest version 5 (MD5).
Message Digest version 5 (MD5) A popular cryptographic hash function that produces a 128-bit (16-byte) hash value, typically expressed in text format as a 32-digit hexadecimal number. MD5 has been utilized in a wide variety of cryptographic applications and is also commonly used to verify data integrity. Contrast with SHA.
meter table An SDN table implemented in data center switches that triggers a variety of performance-related actions on a flow. Compare with flow table and group table.
Metropolitan Ethernet (MetroE) A WAN in which service providers provide Ethernet-based connection options to connect subscribers to a larger service network or the internet. Also called Ethernet WAN.
mission-critical service A network service that is crucial to the operation of the enterprise.
mitigation Countermeasures to eliminate or reduce the potential of a threat or risk. Network security involves multiple mitigation techniques.
modular configuration switch A type of switch commonly used in the distribution and core layers of the hierarchical network design model that allows flexibility and customization by adding various line cards. Contrast with fixed configuration switch.
modulate To convert digital signals to analog signals, such as when a modem sends data over telephone lines.
multiarea OSPF A method for scaling an OSPF implementation in which as an OSPF network is expanded, other, non-backbone, areas can be created. All areas must connect to the backbone area (area 0). Routers interconnecting the areas are referred to as ABRs.
multihomed ISP An internet access design in which an organization has connections to two or more service providers. Compare with single-homed ISP, dual-homed ISP, and dual-multihomed ISP.
multilayer switch An enterprise Layer 3 switch characterized by its ability to build a routing table, support a few routing protocols, and forward IP packets at a rate close to that of Layer 2 forwarding.
multiplexing A communication method by which multiple analog or digital signals are combined into one signal over a shared medium. DWDM transmits multiple streams of data (multiplexing) using different wavelengths of light.
Multipoint Generic Routing Encapsulation (mGRE) A variation of GRE used with DMVPN in which an mGRE tunnel interface allows a single GRE interface to support multiple IPsec tunnels. With mGRE, dynamically allocated tunnels are created through a permanent tunnel source at the hub and dynamically allocated tunnel destinations, created as necessary, at the spokes. This reduces the size and simplifies the complexity of the configuration.
Multiprotocol Label Switching (MPLS) A packet-forwarding technology that uses labels to make data-forwarding decisions. With MPLS, the Layer 3 header analysis is done just once (when the packet enters the MPLS domain). Label inspection drives subsequent packet forwarding.
municipal Wi-Fi Wireless internet access provided by a city for free or for a nominal fee. Most implementations use a mesh topology, which is a series of interconnected access points located throughout a city.
N
named ACL An ACL identified in a configuration by a descriptive name. Standard named ACLs are created using the ip access-list standard acl-name global configuration command. Extended named ACLs are created using the ip access-list extended acl-name global configuration command. Compare with numbered ACL.
NAT overload See Port Address Translation (PAT).
NAT64 A NAT implementation that translates IPv6 addresses to IPv4 addresses.
National Institute of Standards and Technology (NIST) A U.S. Department of Commerce standards agency that promotes innovation and industrial competitiveness. Its Special Publication (SP) 800-145, The NIST Definition of Cloud Computing, defines software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).
neighbor table A table in which an OSPF router records addresses and interfaces of neighbors that it discovers. In OSPF, it is created using the adjacency database.
Network Address Translation (NAT) A mechanism for translating private addresses into publicly usable addresses to be used within the public internet. An effective means of hiding actual device addressing within a private network.
Network Address Translation–Protocol Translation (NAT-PT) A mechanism implemented when using both IPv4 and IPv6 addresses. This method has been deprecated by IETF in favor of NAT64.
Network Analysis Module (NAM) An embedded browser-based interface that generates reports on the traffic that consumes critical network resources. It can be installed in Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers to provide a graphical representation of traffic from local and remote switches and routers. In addition, NAM can capture and decode packets and track response times to pinpoint an application problem to the network or server.
Network Based Application Recognition (NBAR) A classification and protocol discovery feature of Cisco IOS software that works with QoS features and classifies traffic at Layers 4 to 7.
network baseline A reference used to efficiently diagnose and correct network problems. A network baseline documents what the network’s expected performance should be under normal operating conditions. This information is captured in documentation such as configuration tables and topology diagrams.
network edge router A router that delivers high-performance, highly secure, and reliable services to unite campus, data center, and branch networks. Compare with branch router, network edge router, and service provider router.
network management system (NMS) A reasonably powerful and well-equipped computer, such as an engineering workstation, that is responsible for managing parts of a network. NMSs communicate with agents to help keep track of network statistics and resources.
network management system tools Tools that help simplify network management; they include device-level monitoring, configuration, and fault-management tools. These tools can be used to investigate and correct network problems.
network operations center (NOC) The central location from which a network is supervised, monitored, and maintained.
network penetration testing Testing in which an ethical white hat hacker uses external and internal tools to test the security posture of an organization.
Network Time Protocol (NTP) A protocol that synchronizes the time of day among a set of distributed time servers and clients so that you can correlate events when you receive system logs and other time-specific events from multiple network devices. NTP uses User Datagram Protocol (UDP) as its transport protocol.
network topology diagram A graphical representation of a network that illustrates how devices are connected and the logical architecture of the network. A topology diagram has many of the same components as a network configuration table. Each network device should be represented on the diagram, using consistent notation or graphical symbols. Also, the logical and physical connections should be represented using simple lines or other appropriate symbols.
network virtualization Virtualization of infrastructure hardware such as servers, routers, firewalls, switches, IPSs, WSA, and ESA. It includes IT compute, networking, and storage that can be automatically deployed in a flexible, automated, software-controlled environment.
nonbroadcast multiaccess (NBMA) A characterization of a type of Layer 2 network in which more than two devices connect to the network, but the network does not allow broadcast frames to be sent to all devices on the network.
northbound API A subroutine used by an SDN controller to communicate with the upstream applications. Northbound APIs help network administrators shape traffic and deploy services.
north–south traffic A virtualization term used to describe traffic being exchanged between external data center users and the data center server. Compare with east–west traffic.
NTP client A device that obtains time and date information from a single source using NTP.
NTP server A device that provides NTP services to clients.
numbered ACL An ACL identified in a configuration by a number. The number also designates the type of ACL. For instance, ACLs numbered between 1 and 99 and between 1300 and 1999 are standard ACLs, whereas ACLs numbered between 100 and 199 and between 2000 and 2699 are extended ACLs. Numbered ACLs are configured using the access-list global configuration command. Compare with named ACL.
O
object ID (OID) In SNMP, a variable (that is, object) in the MIB. OIDs uniquely identify managed objects in the MIB hierarchy, which organizes the OIDs based on RFC standards into a hierarchy of OIDs that is usually displayed as a tree.
open API A publicly available API that can be used with no restrictions. API providers typically require the user to get a free key, or token, prior to using an open API to help control the number of API requests they receive and process. Compare with internal API and partner API.
Open Shortest Path First (OSPF) A popular scalable, link-state routing protocol. It is based on link-state technology and introduced new concepts such as authentication of routing updates, VLSM, and route summarization.
OpenFlow A protocol developed at Stanford University that is a foundational element for building SDN solutions. The OpenFlow standard is now maintained by the Open Networking Foundation.
OpenStack A cloud operating system that is used in data centers to control large pools of compute, storage, and networking resources. OpenStack uses a web dashboard to build scalable cloud environments and provide an infrastructure as a service (IaaS) solution. OpenStack is often used with Cisco ACI.
optical carrier (OC) A term used by service providers to identify a standardized set of specifications for transmission bandwidths used with SONET fiber networks. For example, OC-1 supports bandwidths of 51.84 Mbps, OC-3 supports 155.52 Mbps, and OC-768 supports 40 Gbps.
optical converter A device that connects fiber-optic media to copper media and converts optical signals to electronic pulses.
optical time-domain reflectometer (OTDR) A TDR used to test fiber-optic cable.
origin authentication An element of secure communication which guarantees that a message is not a forgery and actually comes from the sender who was supposed to send it. Many modern networks ensure authentication with protocols such as HMAC.
OSPF area A logical set of network segments and their attached devices. Areas are usually connected to other areas through routers to form a single autonomous system.
OSPF Hello and Dead intervals Timers in OSPF that are used to maintain neighbor adjacency. By default, if an OSPF router does not hear from its neighbor after four Hello intervals, the neighbor is considered down (dead). Configured Hello and Dead intervals must match between neighbors.
OSPFv2 Version 2 of the OSPF routing protocol, which is used to support IPv4 unicast address families.
OSPFv3 Version 3 of the OSPF routing protocol, which is used to support both IPv4 and IPv6 unicast address families.
outbound ACL An ACL that processes packets routed to the outbound interface. Outbound ACLs are best used when the same filter will be applied to packets coming from multiple inbound interfaces before exiting the same outbound interface.
outside address In NAT, the address of the destination device.
outside global address A reachable IP address used in NAT for IPv4 and assigned to a host located out on the internet.
outside local address In NAT, the address of the destination, as seen from the inside network. Although uncommon, this address could be different from the globally routable address of the destination.
outside network In NAT, a non-internal network.
P
packet loss A QoS term used to refer to packets that did not reach their destination because of network congestion, an invalid QoS policy that is dropping packets, physical cable problems, and more.
packet-switched communication A type of network connection that splits traffic data into packets that are routed over a shared network. Routers determine the links that packets must be sent over based on the addressing information in each packet. Packet-switching networks do not require a circuit to be established, and they allow many pairs of nodes to communicate over the same channel.
parallel communication A connection that uses multiple wires running parallel to each other to transfer data on all the wires simultaneously. Contrast with parallel connection.
partially meshed topology A network in which each network node has either a physical circuit or a virtual circuit connecting it to many but not all other network nodes. A partial mesh provides some redundancy between key sites as it is less expensive to implement than a fully meshed topology. Contrast with fully meshed topology, point-to-point topology, hub-and-spoke topology, and dual-homed topology.
partner API An API used between a company and business partners/contractors to facilitate business between them. A partner must have a license or another form of permission to use the API. Compare with open API and internal API.
passenger protocol In GRE, the original IPv4, IPv6, or legacy protocol (that is, AppleTalk, DECnet, or IPX) packet that will be encapsulated by a carrier protocol. Compare with carrier protocol and transport protocol.
permanent virtual circuit (PVC) A type of virtual circuit used in Frame Relay that is always ready and available for data transfer. PVCs are used to carry both voice and data traffic between a source and destination, and they support data rates of 4 Mbps or more.
phishing A social engineering attack that aims to obtain sensitive victim information. For example, a threat actor may send fraudulent emails or messages or use social networking platforms, pretending to be trustworthy entities to trick the victims.
physical topology diagram A diagram that documents the mapping of a network by showing the physical layout of equipment, cables, and interconnections. Compare with logical topology diagram.
platform as a service (PaaS) A cloud service in which the cloud provider is responsible for access to the development tools and services used to deliver the applications. Compare with software as a service (SaaS) and infrastructure as a service (IaaS).
playout delay buffer A QoS term for a mechanism that compensates for jitter by buffering packets and then playing them out in a steady stream.
point of presence (POP) A point of interconnection between the communications facilities provided by the telephone company and a building’s main distribution facility.
Point-to-Point Protocol (PPP) A Layer 2 WAN protocol that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. It should be used on Cisco routers when connecting to other vendor routers. It also supports options such as authentication, compression, multilinking, and more. Contrast with High-Level Data Link Control (HDLC).
point-to-point topology A topology in which connections connect LANs to service provider WANs and connect LAN segments within an enterprise network. Contrast with fully meshed topology, hub-and-spoke topology, and dual-homed topology.
Port Address Translation (PAT) A mechanism for mapping multiple private IP addresses to a single public IP address or a few addresses. Sometimes called NAT overloading.
port density The number of ports or interfaces supported on a switch. Network switches must support the appropriate number of devices on the network.
portable network analyzer A portable device that is used to troubleshoot switched networks and VLANs. By plugging in a network analyzer anywhere on the network, a network engineer can see the switchport to which the device is connected and the average and peak utilization.
Postman An application for testing and using REST APIs that is available as a browser app or a standalone installation.
Power over Ethernet (PoE) A feature that allows a switch to deliver power to a device over the existing Ethernet cabling. This feature can be used by IP phones, security cameras, wireless access points, and other switches.
PPP over Ethernet (PPPoE) A combination of two widely accepted standards, Ethernet and PPP, that provides an authenticated method of assigning IP addresses to client systems. PPPoE clients are typically personal computers connected to an ISP over a remote broadband connection, such as DSL or cable service. ISPs deploy PPPoE because it supports high-speed broadband access using the existing remote-access infrastructure and because it is easier for customers to use.
pre-shared key (PSK) A secret password that two parties know in advance and use to secure communications or authenticate users.
Priority (PRI) field A 3-bit field in the 802.1Q Tag Control field that identifies the class of service (CoS) markings of the frame.
private API See internal API.
private cloud A cloud model in which all cloud-based applications and services offered are intended for an enterprise only. A private cloud can be provisioned internally but would be expensive to build and maintain. A private cloud can also be provisioned for strict access security by a cloud provider. Compare with public cloud, hybrid cloud, and community cloud.
private IP address An address assigned from a special IP address range that cannot be routed over the internet.
private IPv4 address See private IP address.
private WAN A network comprising dedicated point-to-point leased lines, circuit-switched links, such as PSTN or ISDN, and packet-switched links, such as Ethernet WAN, ATM, or Frame Relay.
propagate a default route To advertise a default route to all other routers that use a particular dynamic routing protocol.
protocol analyzer A tool that decodes the various protocol layers in a recorded frame and presents this information in a relatively easy-to-use format. Wireshark is a protocol analyzer.
public API See open API.
public cloud A cloud model in which all cloud-based applications and services are offered publicly to anyone. Services may be free or offered on a pay-per-use model, such as for online storage. A public cloud uses the internet to provide services. Compare with private cloud, hybrid cloud, and community cloud.
public IP address An IP address that has been registered with IANA or one of its member agencies, which guarantees that the address is globally unique. Globally unique public IP addresses can be used for packets sent through the internet.
public IPv4 address See public IP addresses.
public key infrastructure A structure for authenticating and confirming the identities of users and devices using digital signatures. Trusted PKI certificate authorities (CAs) create digital signatures certifying that a particular cryptographic key belongs to a specific user or device. Devices use the key to confidently identify the user.
public WAN A network offering broadband internet access using DSL, cable, or satellite access. Broadband connection options are typically used to connect small offices and telecommuting employees to a corporate site over the internet. Data traveling between corporate sites over the public WAN infrastructure should be protected using VPNs.
Puppet An agent-based configuration management tool built on Ruby that is used to create a set of instructions called a manifest. Compare with Ansible, Chef, and SaltStack.
Python An interpreted, high-level, general-purpose programming language that uses an object-oriented approach to help write clear, logical code for small and large-scale projects.
R
rack unit (RU) The thickness of a device, as defined in EIA-310. One unit (U) has a standard height of 4.45 centimeters (1¾ inches) and width of 48.26 centimeters (19 inches). Therefore, a device occupying double that height would be referred to as a 2U device. Most 24-port fixed configuration switches are 1 rack unit (1U).
ransomware A type of malware that encrypts the data on a host and locks access to it until a ransom is paid. WannaCry is an example of ransomware.
reconnaissance attack An information-gathering attack that usually precedes an access or DoS attack. Threat actors use recon attacks to do unauthorized discovery and mapping of systems, services, or vulnerabilities.
reference bandwidth The number, measured in Mbps, that is used by OSPF routers to calculate cost. The default reference bandwidth is 100 Mbps. Changing the reference bandwidth does not actually affect the bandwidth capacity on the link; rather, it simply affects the calculation used to determine the metric.
remote-access VPN A network that enables remote VPN clients (remote hosts) to gain secure access to the enterprise network via a VPN server device at the network edge.
Representational State Transfer (REST) The most popular architectural style for designing web service applications. A REST API works on top of the HTTP protocol and defines a set of functions developers can use to perform requests and receive responses via HTTP (for example, GET and POST). REST has become popular due to its performance, scalability, simplicity, and reliability. Compare with Extensible Markup Language–Remote Procedure Call (XML-RPC), JavaScript Object Notation–Remote Procedure Call (JSON-RPC), and Simple Object Access Protocol (SOAP).
Resource Reservation Protocol (RSVP) A network-control protocol used in an IntServ QoS model that enables end devices to request specific QoS from IntServ-enabled devices.
RESTful Conforming to the constraints of the REST architecture.
risk The likelihood of a threat to exploit the vulnerability of an asset, with the aim of negatively affecting an organization. Risk is measured using the probability of the occurrence of an event and its consequences.
Rivest, Shamir, and Adleman (RSA) authentication An authentication method that uses digital certificates to authenticate peers. The local device derives a hash, encrypts it with its private key, and attaches it to the message to act like a signature. The remote end decrypts the encrypted hash using the sender’s public key. If the decrypted hash matches the recomputed hash, the signature is genuine. Each peer must authenticate its opposite peer before the tunnel is considered secure.
rogue DHCP server An unauthorized DHCP server connected to a corporate network to provide false IP configuration information to legitimate clients.
ROMMON mode A basic device command line that supports commands to recover a lost or forgotten password, format the flash file system, and reinstall the IOS.
route summarization The process of aggregating multiple routes into one routing advertisement to reduce the size of routing tables.
router ID A field in an OSPF Hello packet that is a 32-bit value expressed in dotted-decimal notation (an IPv4 address) used to uniquely identify the originating router.
router priority A value that is used in an OSPF DR/BDR election. The default priority for all OSPF routers is 1 but can be manually altered from 0 to 255. The higher the value, the more likely the router is to become the DR on the link.
Ruby An open-source cross-platform programming language similar to Python. Ruby is typically considered a more difficult language to learn than Python.
S
SaltStack An agentless configuration management tool built on Python that is used to create a set of instructions called a pillar. Compare with Ansible, Chef, and Puppet.
scalability A network’s ability to accommodate more users and data transmission requirements. For example, a scalable network can expand quickly to support new users and applications without impacting the performance of the service being delivered to existing users.
script kiddie An inexperienced hacker (possibly a teenager) running existing scripts, tools, and exploits to cause harm but typically not for profit.
SDN controller A controller that performs complex functions, defines the data flows that occur in the SDN data plane, and populates the data center switches’ forwarding flow tables. Each flow traveling through the network must first get permission from the SDN controller, which verifies that the communication is permissible according to the network policy. If the controller allows a flow, it computes a route for the flow to take and adds an entry for that flow in each of the switches along the path.
SD-Access A Cisco DNA intent-based solution that creates a consistent, highly secure user experience. Compare with SD-WAN, Cisco DNA Assurance, and Cisco DNA Security.
SD-WAN A Cisco DNA intent-based solution that uses a secure cloud-delivered architecture to centrally manage WAN connections. Compare with SD-Access, Cisco DNA Assurance, and Cisco DNA Security.
Secure Hash Algorithm (SHA) A cryptographic hash-generating algorithm that is used for data integrity and authentication.
Secure Sockets Layer (SSL) A cryptographic protocol designed to provide communication security over the internet. It has been replaced by Transport Layer Security (TLS).
security association (SA) A set of security attributes (that is, mutually agreed-upon keys and algorithms) shared between two devices to establish a secure VPN connection. IPsec uses the IKE protocol to create SAs between two devices.
serial connection A connection that uses a single wire to transfer data bits one at a time. Contrast with parallel connection.
server sprawl A term used to describe dedicated servers sitting idle for long periods of time, wasting energy and taking up more space than is warranted by their amount of service.
service level agreement (SLA) A contract between a service provider and clients that identifies the services and quality of service the provider is obligated to provide.
service provider A telecommunications company that provides access to other networks (such as the internet) to its subscribers.
service provider router A router that is responsible for differentiating the service portfolio and increasing revenue by delivering end-to-end scalable solutions and subscriber-aware services. Compare with branch router and network edge router.
service provider switch A switch that aggregates traffic at the edge of a network. Service provider Ethernet access switches provide application intelligence, unified services, virtualization, integrated security, and simplified management. Compare with campus LAN switch, cloud-managed switch, data center switch, and virtual networking switch.
service provider VPN A service provider-managed VPNs solution such as a Layer 2 MPLS VPN, a Layer 3 MPLS VPN, or a legacy solution such as a Frame Relay or Asynchronous Transfer Mode (ATM) VPN.
set request A type of request used by an SNMP manager to change the configuration in an agent device. A set request can also initiate actions within a device.
severity level A number in syslog messages that is used to describe the type of message. Expressed as Level 0 to Level 7, with smaller numerical levels indicating more critical syslog alarms.
shortest path first (SPF) algorithm Often referred to as the Dijkstra’s algorithm, an algorithm used by protocols such as STP and OSPF to determine a shortest path to a destination. The algorithm accumulates costs along each path, from source to destination, to determine the total cost of a route.
Simple Network Management Protocol (SNMP) A network management protocol that is used to manage devices (that is, SNMP agents) on an IP network. The SNMP manager, which is part of the NMS, communicates with SNMP agents to monitor and manage network performance and to help find and solve network problems.
Simple Object Access Protocol (SOAP) A web service messaging protocol for exchanging XML-structured information over HTTP or SMTP. SOAP APIs are considered slow to parse, complex, and rigid. Compare with Extensible Markup Language–Remote Procedure Call (XML-RPC), JavaScript Object Notation–Remote Procedure Call (JSON-RPC), and Representational State Transfer (REST).
single point of failure A network device (for example, a router, switch, or server) that, if it fails, will stop the entire system from working. A single point of failure is undesirable in any system with a goal of high availability or reliability.
single-area OSPF An OSPF configuration that only uses one area, the backbone area (area 0).
single-carrier connection An organization’s connection to only one service provider. In this setup, the carrier connection and the service provider are both single points of failure. Contrast with dual-carrier connection.
single-homed Term used to describe an enterprise with one connection to a service provider. Compare with multihomed.
single-homed ISP An internet access design in which the organization only has one connection to a service provider. Compare with dual-homed ISP, multihomed ISP, and dual-multihomed ISP.
single-homed topology A topology that provides one connection to a hub router across a WAN cloud. Contrast with dual-homed topology, point-to-point topology, hub-and-spoke topology, and fully meshed topology.
site-to-site VPN A VPN that establishes a secure communication tunnel between two networks, such as a branch office network connecting to a company headquarters network.
small form-factor pluggable (SFP) A small, compact, hot-pluggable transceiver used on switches to provide flexibility when choosing network media. SFPs are available for Ethernet, SONET/SDH, and Fibre Channel networks.
SNMP agent An agent that resides on a managed device to collect and store information about the device and its operation.
SNMP manager An application running on an NMS that polls SNMP agents and queries the MIB of SNMP agents using UDP port 161.
SNMP trap An alert message sent from an SNMP agent to an SNMP manager. SNMP agents send SNMP traps to the SNMP manager using UDP port 162.
snmpget A freeware utility used to quickly retrieve real-time information from the MIB. The snmpget utility requires that the SNMP version, the correct community, the IP address of the network device to query, and the OID number be set.
social engineer A threat actor who uses social engineering techniques to exploit helpful human nature to gain access to resources.
social engineering An access attack that attempts to manipulate individuals into performing actions or divulging confidential information. Examples include pretexting, phishing, baiting, and impersonation. Some social engineering techniques are performed in person, and others are carried out using the telephone or internet.
software as a service (SaaS) A cloud service in which the cloud provider is responsible for providing consumers access to fully functional applications. The cloud provider manages the underlying hardware or software infrastructure and is responsible for access to services such as email, communication, and Office 365 that are delivered over the internet. Users only need to provide their data. Compare with platform as a service (PaaS) and infrastructure as a service (IaaS).
software clock A clock on a router or switch that starts when the system boots and is the primary source of time for the system.
software-defined networking (SDN) An architecture that decouples network control (control plane) from network devices (forwarding plane). SDN brings automation and programmability into data center, campus, backbone, and wide-area networks.
Software-Optimized Encryption Algorithm (SEAL) A very secure symmetric encryption algorithm. It is a stream cipher that encrypts data continuously one byte at a time rather than encrypting blocks of data. SEAL uses a 160-bit key. Compare with Data Encryption Standard (DES), Triple DES (3DES), and Advanced Encryption Standard (AES).
southbound API A routine used by an SDN controller to define the behavior of the downstream virtual switches and routers. OpenFlow is the original and widely implemented southbound API.
spam Also known as junk mail, a social engineering attack that involves the sending of unsolicited email, which often contains harmful links, malware, or deceptive content.
spine-leaf topology A two-tier data center topology consisting of spine switches and leaf switches. Leaf switches always attach to the spines, but they never attach to each other, and spine switches only attach to the leaf and core switches.
spoke router Generally, a router that connects to a hub router at the center of a hub-and-spoke star topology network. Spoke routers connect to other spokes through the hub router.
stackable configuration switch A configuration in which devices are capable of being connected to others, such as devices to provide higher port density.
standard ACL An IOS feature used to filter traffic based on source IPv4 addresses.
stateful firewall service A router configured with extended ACLs to support TCP state information using the TCP established keyword.
state-sponsored A security term used to describe a white hat hacker or black hat hacker who gathers intelligence and steals secrets from foreign governments, terrorist groups, or corporations. Most countries in the world participate to some degree in state-sponsored hacking.
static NAT A type of NAT that uses a one-to-one mapping of local and global addresses that remains constant. Static NAT is particularly useful for web servers or hosts that must have a consistent address that is accessible from the internet. These internal hosts may be enterprise servers or networking devices.
stratum A level of the hierarchical system of time sources used by NTP. The stratum level is defined as the number of hop counts from the authoritative time source.
symmetric DSL (SDSL) A type of DSL service used to connect corporate sites to service providers. SDSL provides the same downstream and upstream capacity in both directions. Compare with asymmetric DSL (ADSL).
symmetric encryption algorithm An algorithm that uses a pre-shared key to encrypt and decrypt data. Symmetric algorithms use fewer CPU resources than asymmetric encryption algorithms.
Synchronous Digital Hierarchy (SDH) A standard that defines how to transfer data, voice, and video traffic over optical fiber using lasers or LEDs over great distances. SDH is a European-based ETSI and ITU standard, and SONET is an American-based ANSI standard. SDH and SONET are essentially the same and, therefore, often referred to as SONET/SDH.
Synchronous Optical Networking (SONET) A high-speed (up to 2.5 Gbps) synchronous network specification developed by Bellcore and designed to run on optical fiber. STS-1 is the basic building block of SONET. Approved as an international standard in 1988, SONET is an American-based ANSI standard, whereas SDH is a European-based ETSI and ITU standard. SDH and SONET are essentially the same and, therefore, often referred to as SONET/SDH.
syslog A protocol that was developed for UNIX systems in the 1980s and was first documented as RFC 3164 by the IETF in 2001. Syslog uses UDP port 514 to send event notification messages across IP networks to event message collectors.
syslog server A server that receives and stores syslog messages that can be displayed with a syslog application.
T
T1 A type of leased line available from service providers in North America that provides bandwidth of up to 1.54 Mbps. Contrast with T3, E1, and E3.
T3 A type of leased line available from service providers in North America that provides bandwidth of up to 44.7 Mbps. Contrast with T1, E1, and E3.
Tag Control Information (TCI) field A 16-bit field in the 802.1Q header that identifies a 3-bit priority code, a 1-bit drop eligible indicator, and a 12-bit VLAN identifier.
TCP session hijacking An attack that exploits a TCP vulnerability using IP and TCP sequence number spoofing techniques. If successful, the threat actor can send, but not receive, data from the target device.
TCP SYN flood attack An attack that exploits the TCP three-way handshake to create a DoS attack by denying TCP services to legitimate users.
TCP SYN reset attack An attack that exploits the TCP connection terminating flags to disrupt communicating hosts.
Telecommunications Industry Association (TIA) An organization that develops communication standards in a variety of areas, including standards for radio equipment, cellular towers, voice over IP (VoIP) devices, satellite communications, and more. TIA standards are often combined with EIA standards and referred to as TIA/EIA standards.
teleworker A remote user conducting work-related tasks using teleworking services. Also referred to as a telecommuter.
teleworking Working from a nontraditional workplace such as at home. Teleworking offers many benefits to the worker and to the business. Connections are typically provided using broadband DSL or cable internet.
threat actor An individual or a group of individuals who conduct malicious activities against individuals or organizations.
threat A potential danger to a company’s assets, data, or network functionality.
three-layer hierarchical model A hierarchical design that maximizes performance, network availability, and the ability to scale the network design. Consists of core, distribution, and access layers.
time-domain reflectometer (TDR) A special type of cable tester that can pinpoint the distance to a break in a cable by sending signals and measuring the time it takes the break to reflect the signal.
toll network A network that consists of the long-haul, all-digital, fiber-optic communications lines, switches, routers, and other equipment inside the WAN provider network. There is a fee to use the services of a toll network.
top-down troubleshooting A troubleshooting approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem is found. You test end-user applications of an end system before tackling the more specific networking pieces. Use this approach for simpler problems or when you think the problem is with a piece of software. Compare with bottom-up troubleshooting and divide-and-conquer troubleshooting.
topology table In OPSF, a table that contains all destinations that are advertised by neighboring routers. It is created using the OSPF LSDB.
Traffic Class field The IPv6 equivalent of the IPv4 Type of Service (ToS) field.
traffic policing A QoS mechanism that limits the amount of bandwidth that certain network traffic can use. Policing typically drops (discards) excess traffic. Compare with traffic shaping.
traffic shaping A QoS mechanisms for preventing congestion by queueing (that is, delaying) excess traffic and sending it later. Traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of time. Compare with traffic policing.
Transport Layer Security (TLS) A cryptographic protocol that replaces Secure Sockets Layer (SSL) but is still frequently referred to as SSL. It provides secure communications over a computer network and is commonly used to secure web access with HTTPS.
transport protocol In GRE, a delivery protocol that encapsulates the carrier protocol. Compare with carrier protocol and passenger protocol.
Triple DES (3DES) A variant of DES that provides significantly stronger encryption strength over DES. However, 3DES is now considered to be a legacy symmetric encryption algorithm that should be avoided. Compare with Data Encryption Standard (DES), Advanced Encryption Standard (AES), and Software-Optimized Encryption Algorithm (SEAL).
Trojan A type of malware. See also Trojan horse.
Trojan horse A type of non-self-replicating malware designed to look like a legitimate application or file to trick the user to download, install, or open the malware.
Two-Way state An OSPF state in which communication between two routers is bidirectional and on multiaccess links, and the routers elect a DR and a BDR.
Type 1 hypervisor A “bare metal” hypervisor installed directly on hardware. Instances of an OS are installed on the server, giving Type 1 hypervisors direct access to the hardware resources. Type 1 hypervisors improve scalability, performance, and robustness and are therefore usually used on enterprise servers and data center networking devices.
Type 2 hypervisor Also called a “hosted hypervisor” because the hypervisor is installed on top of the existing OS (for example, Mac OS X, Windows, or Linux). Many Type 2 hypervisors are available at no cost; they are therefore popular with consumers and with organizations experimenting with virtualization.
Type of Service (ToS) See Type of Service (TOS) field.
Type of Service (ToS) field A QoS marking that exists in the Layer 3 header of an IPv4 packet and that a router can identify.
U
UDP flood attack An attack that involves flooding UDP packets from a spoofed host to a target device, sweeping through all UDP ports and forcing the target device to reply with ICMP port unreachable messages.
uniform resource identifier (URI) A string of characters that identifies a specific network resource. Web resources and web services such as RESTful APIs are identified using a URI. A URI contains a URL and a URN. Compare with uniform resource name (URN) and uniform resource locator (URL).
uniform resource locator (URL) A string of characters that identifies the location of a specific resource on the network. HTTP and HTTPS URLs are typically used with web browsers. Other protocols, such as FTP, SFTP, and SSH, can also use URLs. Compare with uniform resource identifier (URI) and uniform resource name (URN).
uniform resource name (URN) A string of characters that identifies the namespace of a resource (web page, document, image, and so on), without reference to the protocol. Compare with uniform resource identifier (URI) and uniform resource locator (URL).
URL filtering A security feature that prevents users from accessing websites based on information contained in a URL list.
V
virtual circuit A logical circuit created to ensure reliable communication between two network devices.
virtual machine (VM) An instance of an OS running on top of another OS. A VM runs a complete and separate operating system and has access to all the resources (that is, CPUs, memory, disk controllers, and NICs) of the host OS. VMs are a form of virtualization.
virtual networking switch A switch such as a Cisco Nexus switch that provides secure multi-tenant services by adding virtualization intelligence technology to the data center network. Compare with campus LAN switch, cloud-managed switch, data center switch, and service provider switch.
Virtual Private LAN Services (VPLS) A technology that supports the connection of multiple sites in a single bridged domain over a managed IP/MPLS network. VPLS presents an Ethernet interface to customers, simplifying the LAN/WAN boundary for service providers and customers, and enabling rapid and flexible service provisioning, because the service bandwidth is not tied to the physical interface. All VPLS services appear to be on the same LAN, regardless of location.
virtual private network (VPN) A virtual point-to-point connection that uses dedicated connections, encryption, or a combination of the two between two endpoints over an unsecured network such as the internet.
virtual routing and forwarding (VRF) An IP technology that is commonly used on service provider routers to create virtual instances of routing tables to separate network traffic between routers. VRF reduces the number of routers required, helps segment traffic, and increases network security.
virtualization The creation of a virtual version of something, such as a hardware platform, operating system (OS), storage device, or network resources. Virtualization separates the OS from the hardware.
virus A type of malware that executes a specific unwanted (and often harmful) function on a computer. Viruses cannot propagate and infect other computers without human action.
VMware Commercial cloud and virtualization software and services on the x86 architecture pioneered by VMware, Inc., a subsidiary of Dell Technologies.
voice over IP (VoIP) A voice technology that uses traditional telephones to establish telephone calling privileges over the internet. VoIP uses voice-enabled routers that convert analog voice from traditional telephone signals into IP packets. After the signals are converted into IP packets, a router sends those packets between corresponding locations.
voiceband modem Also called a dial-up modem, an older type of modem that connects a computer to the internet via a standard telephone line.
VPN client software Software that is installed on a host and used to establish a remote-access VPN connection.
VPN gateway An enterprise device that is responsible for encapsulating, encrypting, and sending outbound traffic through a VPN tunnel over the internet to a peer VPN gateway that strips the headers, decrypts the content, and relays the packet toward the target host inside its private network. The VPN gateway could be a router, a firewall, or a Cisco Adaptive Security Appliance (ASA).
vulnerability broker A gray hat hacker who attempts to discover exploits and report them to vendors, sometimes for prizes or rewards.
vulnerability A weakness in a system or its design that could be exploited.
W
Weighted Fair Queuing (WFQ) A QoS queuing method that attempts to balance available bandwidth between incoming flows. WFQ is often the default method applied to serial interfaces. Compare with first-in, first-out (FIFO), Class-Based Weighted Fair Queuing (CBWFQ), and Low Latency Queuing (LLQ).
Weighted Random Early Detection (WRED) A QoS congestion avoidance tool that is used by TCP to regulate data traffic in a bandwidth-efficient manner before tail drops caused by queue overflows occur. WRED provides buffer management and allows TCP traffic to decrease, or throttle back, before buffers are exhausted.
white hat hacker A threat actor who uses his or her skills for good, ethical, and legal purposes such as corporate network penetration testing to discover and report network vulnerabilities.
wildcard mask A string of 32 binary digits used by a router to determine which bits of the address to examine for a match.
wire speed The data rate that an Ethernet port on a switch is capable of attaining.
Worldwide Interoperability for Microwave Access (WiMAX) IEEE standard 802.16, which offers high-speed broadband service with wireless access. It provides broad coverage like a cell phone network rather than using small Wi-Fi hotspots.
worm A type of self-replicating malware that exploits vulnerabilities in legitimate software to consume resources and disrupt network operations.
Y
YAML Ain’t Markup Language (YAML) A newer and increasingly popular readable markup language that is commonly used for configuration files and in applications. It is similar to JSON and XML but has a minimal syntax. In YAML, the data (known as an object) is one or more key/value pairs. A key is separated from a value by a colon, without the use of quotation marks. YAML uses indentation to define the structure, without the use of brackets or commas. Compare with JavaScript Object Notation (JSON) and Extensible Markup Language (XML).
Z
zero-day exploit A malware tool created by a threat actor to exploit an unknown flaw.
zombie A compromised host device that is controlled by a threat actor for nefarious purposes such as taking part in a coordinated DDoS attack.