Exam Highlights

Before taking the exam, review the key topics and terms that are presented in this chapter. You need to know this information.

Key Points

• Before designing redundancy into your connectivity design, you should verify that redundancy is required. You should also determine the cost to the company if downtime occurs, for example, how much the company would lose for each minute company employees could not connect to the Internet.

• In designing redundancy into your network, you should also identify any hardware components that might be points of failure to your network if they were to become unavailable because they are the only means by which users can do their jobs.

• Before selecting an ISP for the implementation of your VPN or connectivity to the Internet, you should consider how reliable the ISP’s peering connections are, how stable the vendor is financially, and whether or not the ISP offers your company any guarantees or service-level agreements. You should also determine if your ISP offers any security features such as intrusion detection systems or firewalls, and whether the ISP gives your company reports showing the daily usage or weekly usage of bandwidth.

• Just as airlines overbook flights, most ISPs oversubscribe bandwidth. By oversubscribing bandwidth, the ISP is counting on all of their customers not simultaneously using 100 percent of the bandwidth they are allocated, in the same way airlines count on some customers not using their plane tickets.

• When calculating the bandwidth requirements for a VPN, you should know how many users will need to access the network, if VoIP, e-mail, or Web servers will also use the VPN bandwidth, and how much bandwidth these additional services will require.

• Network Address Translation (NAT) is a protocol that enables a private network to connect to the Internet. Private IP network IDs 10.0.0.0 8, 172.16.0.0 /12, and 192.168.0.0 /16 are not able to connect to Internet resources unless they are translated to a public IP network ID.

• The NAT server drops packets that do not have a matching port number in the session mapping table.

• In designing a NAT strategy for your company’s network infrastructure, you must consider whether or not NAT is the right choice for both the size of the business and the needs of the users.

• Securing your NAT solution can be done with inbound and outbound filters and the use of special ports and address pools.