[Year 12 SofDev] Network Diagrams - Physical or Logical
Kevork Krozian
kevork at edulists.com.au
Sun Mar 30 21:58:27 EST 2008
Hi Folks,
I would make a few observations here.
1. A network has a boundary as a network card. This is also known as a
gateway ( there may be more than one gateway ). If the boundary is a router,
one card ( router interface ) is in the network, and at least one other has
to be in the "next" network otherwise you don't have a router. A router can
be a computer ( min 2 cards ) or a purpose built router such as a Cisco
router. A gateway device MUST have at least 2 NICs. The firewall sitting in
the middle of a network troubles me. How will packets be checked for
permission to ENTER the network if they are being sent to a device in the
MIDDLE of the network ?
2. Routing ( deciding which interfaces a packet should be sent to once it
has arrived at an interface ) is wasteful before the firewall does it's job.
Why decide how to process a packet only to have it dropped by the firewall ?
Therefore the firewall should sit further out than the router or if in the
one device the firewall function takes place first. If the firewall is happy
to accept the packet, the routing table is then checked to see which
interface the packet should now exit the router.
3. Some routers have firewall and inbuilt modem module capability. The modem
would sit further out again if it was a separate device. But since these
devices appear to be in one box the sequence of operations is sometimes not
clear.
4. There may be alternate representations and conceptually the issue is that
all traffic inbound must be forced to go through the firewall. How do we
assure every packet will be forced through the firewall in the non
sequential diagram as presented by Kevin ? If the inbound, default gateway
from the router is the firewall, it can't route traffic with one network
card except with some exotic configurations. Point 2 above is also still an
issue.
5. Use of DMZ ( Demilitarised Zones ) could be worth investigating with
students and explaining how they reduce the risk to networks.
6. Robert makes a good point regarding a conceptual understanding to be
sufficient rather than a distinction say, between routers and switches as
far as what data units ( packets vs frames ) they handle. I would have
thought the concrete would be much easier than the abstract for these kids.
This is only IMHO. The method lecturer's advice from Dip Ed to always
support a concept with a concrete example keeps ringing in my ear.
7. I don't recall anyone suggesting the reason for teaching these physical
implementation details in Software Development ( router, switch, firewall,
modem ) is in any way for preparation of these students for work. On the
contrary, it is to understand the concepts and not to go home and implement
a solution or build a network - unless they want to.
Now, give me a minute to take cover in the Demilitarized Zone before you
launch your assault on my comments here .....
Are we supposed to be on holidays ?
Kind Regards
Kevork Krozian
Edulists Creator and Administrator
www.edulists.com.au
kevork at edulists.com.au
----- Original Message -----
From: "Neil Wallace" <neil at norwood.vic.edu.au>
To: "'Year 12 Software Development Teachers' Mailing List'"
<sofdev at edulists.com.au>
Sent: Friday, March 28, 2008 2:24 PM
Subject: RE: [Year 12 SofDev] Network Diagrams - Physical or Logical
> You must also be marking SAC 1 now huh??? My comments below refer to the
> network diagram as a physical diagram. I use the DFD's and Data
> Dictionaries
> for logical representations in this SAC.
>
> I get similar things Kevin, but I don't have a problem with the serial
> representation. In many practical instances that kids are familiar with
> firewall features are built into the switch and router. A home ADSL router
> that provides firewall, VoIP, wireless and switching (OK maybe hub)
> services
> is an example.
>
> I usually walk the kids through what they may have at home, then tour the
> server room and switch cabinets when doing the network structure side of
> things.
>
> So, please all shoot me down if I am out of line here, but as long as the
> modem or router, firewall and switch are all in place in the network
> diagram
> (in that order from external to internal) I feel OK with that.
>
> And we haven't got to talking about DeMilitarised Zones for safety in
> isolation of onsite servers yet either. . . .
>
> Enjoy your break.
>
> Neil Wallace
> Norwood Secondary College
>
> -----Original Message-----
> From: sofdev-bounces at edulists.com.au
> [mailto:sofdev-bounces at edulists.com.au]
> On Behalf Of Kevin Feely
> Sent: Friday, 28 March 2008 1:14 PM
> To: sofdev at edulists.com.au
> Subject: [Year 12 SofDev] Network Diagrams - Physical or Logical
>
> Hi All
> Just to clarify one part of these things that i get a number of students
> representing firewalls inaccurately.
> I find some students like to connect them all up in series (see attached
> picture), so that from the switch they go to a firewall, then to a router
> then to the phone lines to the internet.
> Or even worse the go from the switch to a firewall and then to the
> internet
> with no mention of a router or modem.
> I have always put, or seen installed, firewalls (hardware, naturally)
> connected to the network switch (doesn't matter which one) and thats it.
> There is no "throughput". ie as you represent a server ,as basically thats
> what they are.
> The router (or modem if you want to go back a few years) is the throughput
> device, on one side the phone line (PSTN, ADSL, CABLE, ETC) and on the
> other
> the network connection to switch via ethernet, to switch from pc via usb
> from router, or to switch from pc via serial from modem.
> Is this a problem to your students or is it just me?
>
> regards
> kevin
>
> Important - This email and any attachments may be confidential. If
> received
> in error, please contact us and delete all copies. Before opening or using
> attachments check them for viruses and defects. Regardless of any loss,
> damage or consequence, whether caused by the negligence of the sender or
> not, resulting directly or indirectly from the use of any attached files
> our
> liability is limited to resupplying any affected attachments. Any
> representations or opinions expressed are those of the individual sender,
> and not necessarily those of the Department of Education and Early
> Childhood
> Development.
> _______________________________________________
> http://www.edulists.com.au
> IT Software Development Mailing List kindly supported by
> http://www.vcaa.vic.edu.au - Victorian Curriculum and Assessment Authority
> and http://www.vitta.org.au/vce/studies/infotech/softwaredevel3-4.html -
> VITTA Victorian Information Technology Teachers Association Inc
>
>
> _______________________________________________
> http://www.edulists.com.au
> IT Software Development Mailing List kindly supported by
> http://www.vcaa.vic.edu.au - Victorian Curriculum and Assessment Authority
> and
> http://www.vitta.org.au/vce/studies/infotech/softwaredevel3-4.html -
> VITTA Victorian Information Technology Teachers Association Inc
>
More information about the sofdev
mailing list