storage area networking. An emerging data communications platform that interconnects servers and storage at Gigabaud speeds. By combining LAN networking models with the core building blocks of server performance and mass storage capacity, SAN eliminates the bandwidth bottlenecks and scalability limitations imposed by previous SCSI bus-based architectures.
1. service access point. Field defined by the IEEE 802.2 specification that is part of an address specification. Thus, the destination plus the DSAP define the recipient of a packet. The same applies to the SSAP. See also DSAP and SSAP.
2. Service Advertising Protocol. IPX protocol that provides a means of informing network clients, via routers and servers, of available network resources and services. See also IPX.
Scan is a nonintrusive analysis technique that identifies the open ports found on each live network device and collects the associated port banners found as each port is scanned. Each port banner is compared against a table of rules to identify the network device, its operating system, and all potential vulnerabilities.
Synchronous Digital Hierarchy. European standard that defines a set of rate and format standards that are transmitted using optical signals over fiber. SDH is similar to SONET, with a basic SDH rate of 155.52 Mbps, designated at STM-1. See also SONET and STM-1.
Synchronous Data Link Control. SNA data link layer communications protocol. SDLC is a bit-oriented, full-duplex serial protocol that has spawned numerous similar protocols, including HDLC and LAPB. See also HDLC and LAPB.
1. Session Definition Protocol. An IETF protocol for the definition of Multimedia Services. SDP messages can be part of SGCP and MGCP messages.
2. Session Data Protocol. SDP is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation. [RFC 2327]
single-line digital subscriber line. One of four DSL technologies. SDSL delivers 1.544 Mbps both downstream and upstream over a single copper twisted pair. The use of a single twisted pair limits the operating range of SDSL to 10,000 feet (3048.8 meters). Compare with ADSL, HDSL, and VDSL.
Secure Shell Protocol
Protocol that provides a secure remote connection to a router through a Transmission Control Protocol (TCP) application.
An instance of security policy and keying material applied to a data flow. Both IKE and IPSec use SAs, although SAs are independent of one another. IPSec SAs are unidirectional and are unique in each security protocol. An IKE SA is used by IKE only, and unlike the IPSec SA, it is bidirectional. IKE negotiates and establishes SAs on behalf of IPSec. A user also can establish IPSec SAs manually. A set of SAs are needed for a protected data pipe, one per direction per protocol. For example, if you have a pipe that supports ESP between peers, one ESP SA is required for each direction. SAs are identified uniquely by destination (IPSec endpoint) address, security protocol (AH or ESP), and security parameter index (SPI).
One of five categories of network management defined by ISO for the management of OSI networks. Security management subsystems are responsible for controlling access to network resources. See also accounting management, configuration
management, fault management, and performance management.
security parameter index
See SPI. This is a number that, together with a destination IP address and a security protocol, uniquely identifies a particular security association. When using IKE to establish the security associations, the SPI for each security association is a pseudo-randomly derived number. Without IKE, the SPI is specified manually for each security association.
1. Section of a network that is bounded by bridges, routers, or switches.
2. In a LAN using a bus topology, a segment is a continuous electrical circuit that often is connected to other such segments with repeaters.
3. Term used in the TCP specification to describe a single transport layer unit of information. The terms datagram, frame, message, and packet also are used to describe logical information groupings at various layers of the OSI reference model and in various technology circles.
Node or software program that provides services to clients.
Collection of service types required for a specific service offered. Each service class includes the attributes and values that define the type or quality of service associated with a given class. For example, data connectivity is a service class you might define that includes the service type data-bandwidth.
Related set of communications transactions between two or more network devices.
Secure Hash Algorithm 1. Algorithm that takes a message of less than 264 bits in length and produces a 160-bit message digest. The large message digest provides security against brute-force collision and inversion attacks. SHA-1 [NIS94c] is a revision to SHA that was published in 1994.
Routing that minimizes distance or path cost through the application of an algorithm
1. Process of sending a transmission signal over a physical medium for the purposes of communication.
2. In telephony, a term that refers to sending call information across a telephone connection. This information can be transmitted by many techniques, such as opening and closing a loop to stop and start the flow of DC loop current (used to indicate on-hook and off-hook state and to transmit dial-pulsing of digits), sending of ringing voltage to alert the other side of an incoming call, sending digit information in the form of DTMF or MF tones, or sending call state information on a DS0 timeslot by using robbed-bits.
Capability for transmission in only one direction between a sending station and a receiving station. Broadcast television is an example of a simplex technology. Compare with full duplex and half duplex.
Fiber-optic cabling with a narrow core that allows light to enter only at a single angle. Such cabling has higher bandwidth than multimode fiber, but requires a light source with a narrow spectral width (for example, a laser). Also called monomode fiber. See
also multimode fiber.
session initiation protocol. Protocol developed by the IETF MMUSIC Working Group as an alternative to H.323. SIP features are compliant with IETF RFC 2543, published in March 1999. SIP equips platforms to signal the setup of voice and multimedia calls over IP networks.
sliding window flow control
Method of flow control in which a receiver gives the transmitter permission to transmit data until a window is full. When the window is full, the transmitter must stop transmitting until the receiver advertises a larger window. TCP, other transport protocols, and several data link layer protocols use this method of flow control.
Serial Line Internet Protocol. Standard protocol for point-to-point serial connections using a variation of TCP/IP. Predecessor of PPP. See also CSI and PPP.
single-mode fiber. Fiber with a relatively low diameter through which only one mode can propagate.
Simple Mail Transfer Protocol. Internet protocol providing e-mail services.
Systems Network Architecture. Large, complex, feature-rich network architecture developed in the 1970s by IBM. Similar in some respects to the OSI reference model but with a number of differences. SNA essentially is composed of seven layers. See
also data flow control layer, data-link control layer, path control layer, physicalcontrol layer, presentation services layer, transaction services layer, and transmission control layer.
Subnetwork Access Protocol. Internet protocol that operates between a network entity in the subnetwork and a network entity in the end system. SNAP specifies a standard method of encapsulating IP datagrams and ARP messages on IEEE networks. The SNAP entity in the end system makes use of the services of the subnetwork and performs three key functions: data transfer, connection management, and QoS selection.
Simple Network Management Protocol. Network management protocol used almost exclusively in TCP/IP networks. SNMP provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security. See also SGMP and SNMP2.
Authentication scheme that enables an intelligent network device to validate SNMP requests.
SNMP Version 2. Version 2 of the popular network management protocol. SNMP2 supports centralized as well as distributed network management strategies, and includes improvements in the SMI, protocol operations, management architecture,
and security. See also SNMP.
small office, home office. Networking solutions and access technologies for offices that are not directly connected to large corporate networks.
Synchronous Optical Network. A standard format for transporting a wide range of digital telecommunications services over optical fiber. SONET is characterized by standard line rates, optical interfaces, and signal formats. High-speed (up to 2.5 Gbps) synchronous network specification developed by Bellcore and designed to run on optical fiber. STS-1 is the basic building block of SONET. Approved as an international standard in 1988. See also SDH, STS-1, and STS-3c.
Address of a network device that is sending data. See also destination address.
Term used to describe unsolicited e-mail or newsgroup posts, often in the form of commercial announcements. The act of sending a spam is called, naturally, spamming.
Switched Port Analyzer. A port on an Ethernet switch used to monitor traffic.
Loop-free subset of a network topology. See also spanning-tree algorithm and Spanning-Tree Protocol.
Algorithm used by the Spanning-Tree Protocol to create a spanning tree. Sometimes abbreviated as STA. See also spanning tree and Spanning-Tree Protocol.
shortest path first algorithm. Routing algorithm that iterates on length of path to determine a shortest-path spanning tree. Commonly used in link-state routing algorithms. Sometimes called Dijkstra’s algorithm. See also link-state routing algorithm.
security parameter index. This is a number that, together with a destination IP address and security protocol, uniquely identifies a particular security association. When using IKE to establish the security associations, the SPI for each security association
is a pseudo-randomly derived number.Without IKE, the SPI is manually specified for each security association.
service profile identifier. Number that some service providers use to define the services to which an ISDN device subscribes. The ISDN device uses the SPID when accessing the switch that initializes the connection to a service provider.
Routing technique in which information about routes is prevented from exiting the router interface through which that information was received. Split-horizon updates are useful in preventing routing loops.
1. Scheme used by routers to cause a host to treat an interface as if it were up and supporting a session. The router spoofs replies to keepalive messages from the host in order to convince that host that the session still exists. Spoofing is useful in routing environments, such as DDR, in which a circuit-switched link is taken down when there is no traffic to be sent across it in order to save toll charges. See also DDR.
2. The act of a packet illegally claiming to be from an address from which it was not actually sent. Spoofing is designed to foil network security mechanisms, such as filters and access lists.
Application that manages requests or jobs submitted to it for execution. Spoolers process the submitted requests in an orderly fashion from a queue. A print spooler is a common example of a spooler.
Sequenced Packet Exchange. Reliable, connection-oriented protocol that supplements the datagram service provided by network layer (Layer 3) protocols. Novell derived this commonly used NetWare transport protocol from the SPP of the XNS protocol suite.
Structured Query Language. International standard language for defining and accessing relational databases.
Signaling System 7. Standard CCS system used with BISDN and ISDN. Developed by Bellcore. See also CCS.
Service Selection Gateway. Gateway that offers service providers a means for menu-based service selection. End users can select services from the Dashboard menu, and the Cisco SSG can set up and tear down proxy and passthrough network connections based on a selection of a user. The Cisco SSG accounts for the services
selected so that service providers can bill for individual services.
a protocol that provides secure remote login utilising an insecure network. SSH is proprietary but will become an IETF standard in the near future. SSH was originally developed by SSH Communications Security.
Secure Socket Layer. Encryption technology for the Web used to provide secure transactions, such as the transmission of credit card numbers for e-commerce.
Source Specific Multicast. A datagram delivery model that best supports one-to-many applications, also known as broadcast applications. SSM is the core networking technology for the Cisco implementation of the IP Multicast Lite suite of solutions targeted for audio and video broadcast application environments.
Set of rules or procedures that are either widely used or officially specified.
Route that is explicitly configured and entered into the routing table. Static routes take precedence over routes chosen by dynamic routing protocols.
Synchronous Transport Module level 1. One of a number of SDH formats that specifies the frame structure for the 155.52-Mbps lines used to carry ATM cells. See also SDH.
store and forward
Function whereby a message is transmitted to some intermediate relay point and temporarily stored before forwarding to the next relay point.
store and forward packet switching
Packet-switching technique in which frames are completely processed before being forwarded out the appropriate port. This processing includes calculating the CRC and checking the destination address. In addition, frames must be stored temporarily until network resources (such as an unused link) are available to forward the message. Contrast with cut-through packet switching.
1. shielded twisted-pair. Two-pair wiring medium used in a variety of network implementations. STP cabling has a layer of shielded insulation to reduce EMI. Compare with UTP. See also twisted pair.
2. Spanning-Tree Protocol. Bridge protocol that uses the spanning-tree algorithm, enabling a learning bridge to dynamically work around loops in a network topology by creating a spanning tree. Bridges exchange BPDU messages with other bridges to
detect loops, and then remove the loops by shutting down selected bridge interfaces. Refers to both the IEEE 802.1 Spanning-Tree Protocol standard and the earlier Digital Equipment Corporation Spanning-Tree Protocol upon which it is based. The IEEE version supports bridge domains and allows the bridge to construct a loop-free topology across an extended LAN. The IEEE version generally is preferred over the Digital version. Sometimes abbreviated as STP. See also Bpdu, learning bridge, MAC address learning, spanning tree, and spanning-tree algorithm.
3. signal transfer point. Element of an SS7-based Intelligent Network that performs routing of the SS7 signaling.
Hierarchical clock reference in the PSTN network, where 1 represents the highest possible quality of clocking.
Precision timing reference that provides a free-run accuracy of plus or minus 4.6 parts per million (PPM), pull-in capability of 4.6 PPM, and holdover stability of fewer than 255 slips during first day. Thorough descriptions can be found in ANSI T1.101-1994 and the Bellcore document GR-1244-CORE.
Synchronous Transport Signal level 1. Basic building block signal of SONET, operating at 51.84 Mbps. Faster SONET rates are defined as STS-n, where n is a multiple of 51.84 Mbps. See also SONET.
Synchronous Transport Signal level 3, concatenated. SONET format that specifies the frame structure for the 155.52-Mbps lines used to carry ATM cells. See also SONET.
OSPF area that carries a default route, intra-area routes, and interarea routes, but does not carry external routes. Virtual links cannot be configured across a stub area, and they cannot contain an ASBR. Compare with nonstub area. See also ASAM and
Network that has only a single connection to a router.
One of a number of virtual interfaces on a single physical interface.
Portion of an IP address that is specified as the subnetwork by the subnet mask. See also IP address, subnet mask, and subnetwork.
32-bit address mask used in IP to indicate the bits of an IP address that are being used for the subnet address. Sometimes referred to simply as mask. See also address mask
and IP address.
1. In IP networks, a network sharing a particular subnet address. Subnetworks are networks arbitrarily segmented by a network administrator in order to provide a multilevel, hierarchical routing structure while shielding the subnetwork from the addressing complexity of attached networks. Sometimes called a subnet. See also IPaddress, subnet address, and subnet mask.
2. In OSI networks, a collection of ESs and ISs under the control of a single administrative domain and using a single network access protocol.
Aggregation of IP network addresses advertised as a single classless network address. For example, given four Class C IP networks—22.214.171.124, 126.96.36.199, 188.8.131.52, and 184.108.40.206—each having the intrinsic network mask of 255.255.255.0, one can advertise the address 220.127.116.11 with a subnet mask of 255.255.252.0.
switched virtual circuit. Virtual circuit that is dynamically established on demand and is torn down when transmission is complete. SVCs are used in situations where data transmission is sporadic. See also virtual circuit. Called a switched virtual connection in ATM terminology. Compare with PVC.
Network device that filters, forwards, and floods frames based on the destination address of each frame. The switch operates at the data link layer of the OSI model.
Process of taking an incoming frame from one interface and delivering it through another interface. Routers use Layer 3 switching to route a packet, and Layer 2 switches use Layer 2 switching to forward frames. See also Layer 2 switching and
Layer 3 switching.
Branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification).
Cryptographic key that is used in a symmetric cryptographic algorithm.
Denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.