Glossary

2-way state In OSPF, a neighbor state that implies that the router has exchanged Hellos with the neighbor and that all required parameters match.

3G/4G Internet An Internet access technology that uses wireless radio signals to communicate through mobile phone towers, most often used by mobile phones, tablets, and some other mobile devices.

802.1Q The IEEE standardized protocol for VLAN trunking.

ABR Area Border Router. A router using OSPF in which the router has interfaces in multiple OSPF areas.

access interface A LAN network design term that refers to a switch interface connected to end-user devices, configured so that it does not use VLAN trunking.

access link (WAN) A physical link between a service provider and its customer that provides access to the SP’s network from that customer site.

access rate The speed at which bits are sent over an access link.

ACI See Application Centric Infrastructure.

ACL Access control list. A list configured on a router to control packet flow through the router, such as to prevent packets with a certain IP address from leaving a particular interface on the router.

adjacency table In Cisco IOS CEF, a table that keeps a copy of the outgoing data link headers that a router will then add to a packet before forwarding the packet, for the purpose of reducing the per-packet processing done by the router.

administrative distance In Cisco routers, a means for one router to choose between multiple routes to reach the same subnet when those routes are learned by different routing protocols. The lower the administrative distance, the more preferred the source of the routing information.

administrative mode See trunking administrative mode.

ADSL Asymmetric digital subscriber line. One of many DSL technologies, ADSL is designed to deliver more bandwidth downstream (from the central office to the customer site) than upstream.

alternate port With 802.1w RSTP, a port role in which the port acts as an alternative to a switch’s root port, so that when the switch’s root port fails, the alternate port can immediately take over as the root port.

analog modem See modem.

anti-replay Preventing a man in the middle from copying and later replying the packets sent by a legitimate user, for the purpose of appearing to be a legitimate user.

APIC See Application Policy Infrastructure Controller.

APIC-EM See Application Policy Infrastructure Controller – Enterprise Module.

Application Centric Infrastructure (ACI) Cisco’s data center SDN solution, the concepts of defining policies that the APIC controller then pushes to the switches in the network using the OpFlex protocol, with the partially distributed control plane in each switch building the forwarding table entries to support the policies learned from the controller. It also supports a GUI, a CLI, and APIs.

Application Policy Infrastructure Controller (APIC) The software that plays the role of controller, controlling the flows that the switches create to define where frames are forwarded, in a Cisco data center that uses the Application Centric Infrastructure (ACI) approach, switches, and software.

Application Policy Infrastructure Controller – Enterprise Module (APIC-EM) The software that plays the role of controller in an enterprise network of Cisco devices, in its first version as of the publication of this book, which leaves the distributed routing and switching control plane as is, instead acting as a management and automation platform. It provides robust APIs for network automation, and uses CLI (Telnet and SSH) plus SNMP southbound to control the existing routers and switches in an enterprise network.

application programming interface (API) A software mechanism that enables software components to communicate with each other.

application signature With Network Based Application Recognition (NBAR), the definition of a combination of matchable fields that Cisco has identified as being characteristic of a specific application, so that NBAR can be configured by the customer to match an application, while IOS then defines the particulars of that matching.

application-specific integrated circuit (ASIC) An integrated circuit (computer chip) designed for a specific purpose or application, often used to implement the functions of a networking device rather than running a software process as part of the device’s OS that runs on a general-purpose processor.

AR See access rate.

Area Border Router See ABR.

ARP Address Resolution Protocol. An Internet protocol used to map an IP address to a MAC address. Defined in RFC 826.

AS_Path A BGP path attribute that lists the ASNs in the path (other than the ASN of the router on which the AS_Path is examined).

ASAv A Cisco ASA firewall software image that runs as a virtual machine rather than on Cisco hardware, intended to be used as a consumer-controlled firewall in a cloud service or in other virtualized environments.

ASBR Autonomous System Border Router. A router using OSPF in which the router learns routes via another source, usually another routing protocol, exchanging routes that are external to OSPF with the OSPF domain.

ASIC See application-specific integrated circuit.

Assured Forwarding (AF) The name of a grid of 12 DSCP values, and a matching grid of per-hop behavior as defined by DiffServ. AF defines four queuing classes, and three packet drop priorities within each queuing class. The text names of the 12 DSCP values follow a format of AFXY, where X is the queuing class, and Y is the drop priority.

authentication The ability to verify the identity of a user or a computer system on a computer network.

authentication, authorization, and accounting (AAA) server A server that holds security information and provides services related to user login, particularly authentication (is the user who they say they are), authorization (once authenticated, what do we allow the user to do), and accounting (tracking the user).

authenticator With IEEE 802.1x, the LAN switch that uses EAPoL to ask for the identification from the supplicant (the end-user device), and then passes the EAP messages to a AAA server to authenticate the user.

autonomous system (AS) An internetwork that is managed by one organization.

Autonomous System Border Router See ASBR.

autonomous system number (ASN) A number used by BGP to identify a routing domain, often a single enterprise or organization. As used with EIGRP, a number that identifies the routing processes on routers that are willing to exchange EIGRP routing information with each other.

AutoQoS In Cisco switches and routers, an IOS feature that configures a variety of QoS features with useful settings as defined by the Cisco reference design guide documents.

autosummarization A routing protocol feature in which a router that connects to more than one classful network advertises summarized routes for each entire classful network when sending updates out interfaces connected to other classful networks.

autosummary See autosummarization.

backup designated router An OSPF router connected to a multiaccess network that monitors the work of the designated router (DR) and takes over the work of the DR if the DR fails.

backup port With 802.1w RSTP, a port role in which the port acts as a backup to one of the switch’s ports acting as a designated port. If the switch’s designated port fails, the switch will use the backup port to immediately take over as the designated port.

balanced hybrid A term that, over the years, has been used to refer to the logic behind the EIGRP routing protocol. More commonly today, this logic is referred to as advanced distance vector logic.

bandwidth The speed at which bits can be sent and received over a link.

bandwidth profile In Metro Ethernet, a contractual definition of the amount of traffic that the customer can send into the service, and receive out of the service. Includes a concept called the committed information rate (CIR), which defines the minimum amount of bandwidth (bits/second) the SP will deliver with the service.

best path selection The BGP process of choosing the best route by working through an ordered list of comparisons of different BGP path attributes.

BGP neighbor Another term for BGP peer. A reference to another router with which a router has formed a BGP neighbor or peer relationship.

BGP peer Another term for BGP neighbor. A reference to another router with which a router has formed a BGP neighbor or peer relationship.

BGP table The table in each router, maintained by the BGP process, that holds prefixes and path attributes known to BGP.

BGP update The BGP message that lists BGP path attributes and prefixes.

BGP update source When running BGP in a router, the interface IP address used to form the TCP connection for the BGP peer relationship with another router.

blocking state In 802.1D STP, a port state in which no received frames are processed and the switch forwards no frames out the interface, with the exception of STP messages.

boot field The low-order 4 bits of the configuration register in a Cisco router. The value in the boot field in part tells the router where to look for a Cisco IOS image to load.

Border Gateway Protocol (BGP) An exterior routing protocol, used today as the primary routing protocol to exchange routes in the Internet.

BPDU Bridge protocol data unit. The generic name for Spanning Tree Protocol messages.

BPDU Guard A Cisco switch feature that listens for incoming STP BPDU messages, disabling the interface if any are received. The goal is to prevent loops when a switch connects to a port expected to only have a host connected to it.

bridge ID (BID) An 8-byte identifier for bridges and switches used by STP and RSTP. It is composed of a 2-byte priority field followed by a 6-byte System ID field that is usually filled with a MAC address.

bridge protocol data unit See BPDU.

broadcast address Generally, any address that represents all devices, and can be used to send one message to all devices. In Ethernet, the MAC address of all binary 1s, or FFFF.FFFF.FFFF in hex. For IPv4, see subnet broadcast address.

broadcast domain A set of all devices that receive broadcast frames originating from any device in the set. Devices in the same VLAN are in the same broadcast domain.

broadcast subnet When subnetting a Class A, B, or C network, the one subnet in each classful network for which all subnet bits have a value of binary 1. The subnet broadcast address in this subnet has the same numeric value as the classful network’s networkwide broadcast address.

carrier Ethernet Per MEF documents, the term for what was formerly called Metro Ethernet, generally referring to any WAN service that uses Ethernet links as the access link between the customer and the service provider.

central office (CO) A term used by telcos to refer to a building that holds switching equipment, into which the telco’s cable plant runs, so that the telco has cabling from each home and business into that building.

centralized control plane An approach to architecting network protocols and products that places the control plane functions into a centralized function rather than distributing the function across the networking devices.

Channel-group One term Cisco switches use to reference a bundle of links that are, in some respects, treated like a single link. Other similar terms include EtherChannel and PortChannel.

CHAP Challenge Handshake Authentication Protocol. A security feature defined by PPP that allows either or both endpoints on a link to authenticate the other device as a particular authorized device.

chassis aggregation A Cisco technology used to combine two distribution or core switches together to act as one, sharing the data plane functions across both switches (called active/active), and centralizing control plane functions on one switch (called active/standby).

CIDR Classless interdomain routing. An RFC-standard tool for global IP address range assignment. CIDR reduces the size of Internet routers’ IP routing tables, helping deal with the rapid growth of the Internet. The term classless refers to the fact that the summarized groups of networks represent a group of addresses that do not confirm to IPv4 classful (Class A, B, and C) grouping rules.

CIDR notation See prefix notation.

circuit switching The switching system in which a dedicated physical circuit path must exist between the sender and the receiver for the duration of the “call.” Used heavily in the telephone company network.

Cisco Access Control Server (ACS) A Cisco product that acts as a AAA server.

Cisco AnyConnect Secure Mobility Client Cisco software product used as client software on user devices to create a client VPN. Commonly referred to as the Cisco VPN client.

Cisco Express Forwarding (CEF) A long-time Cisco IOS internal feature that optimizes the forwarding process by creating a more search-efficient forwarding information base (FIB) that is used instead of the IP routing table, along with an adjacency table that caches the new data link headers used to reach the next-hop addresses.

Cisco Intercloud Fabric Cisco software that provides a variety of functions to help companies connect to different cloud services and to aid the management of and migration between different public cloud services.

Cisco Open SDN Controller (OSC) A commercial SDN controller from Cisco that is based on the OpenDaylight controller.

Cisco Prime Graphical user interface (GUI) software that utilizes SNMP and can be used to manage your Cisco network devices. The term Cisco Prime is an “umbrella” term that encompasses many different individual software products.

Cisco VPN client See Cisco AnyConnect Secure Mobility Client.

Class of Service (CoS) The informal term for the 3-bit field in the 802.1Q header intended for marking and classifying Ethernet frames for the purposes of applying QoS actions. Another term for Priority Code Point (PCP).

Class Selector (CS) The name of eight DSCP values that all end with binary 000, for the purpose of having eight identifiable DSCP values whose first 3 bits match the eight values used for the older IP Precedence field. Originally used for backward compatibility with IP Precedence, but today the values are often used as just more values to use for packet marking.

classful addressing A concept in IPv4 addressing that defines a subnetted IP address as having three parts: network, subnet, and host.

classful network An IPv4 Class A, B, or C network. It is called a classful network because these networks are defined by the class rules for IPv4 addressing.

classful routing protocol An inherent characteristic of a routing protocol. Specifically, the routing protocol does not send subnet masks in its routing updates. This requires the protocol to make assumptions about classful networks and makes it unable to support VLSM and manual route summarization.

classification The process of examining various fields in networking messages in an effort to identify which messages fit into certain predetermined groups (classes).

classless addressing A concept in IPv4 addressing that defines a subnetted IP address as having two parts: a prefix (or subnet) and a host.

classless interdomain routing (CIDR) See CIDR.

classless routing A variation of the IPv4 forwarding (routing) process that defines the particulars of how the default route is used. The default route is always used for packets whose destination IP address does not match any other routes.

classless routing protocol An inherent characteristic of a routing protocol. Specifically, the routing protocol sends subnet masks in its routing updates, thereby removing any need to make assumptions about the addresses in a particular subnet or network. This allows the protocol to support VLSM and manual route summarization.

client VPN A VPN for which one endpoint is a user device, like a phone, tablet, or PC.

clock rate The speed at which a serial link encodes bits on the transmission medium.

clock source The device to which the other devices on the link adjust their speed when using synchronous links.

clocking The process of supplying a signal over a cable, either on a separate pin on a serial cable or as part of the signal transitions in the transmitted signal, so that the receiving device can keep synchronization with the sending device.

cloud services catalog A listing of the services available in a cloud computing service.

Cloud Services Router (CSR) A Cisco router software image that runs as a virtual machine rather than on Cisco hardware, intended to be used as a consumer-controlled router in a cloud service or in other virtualized environments.

committed information rate (CIR) In carrier/Metro Ethernet, the concept of the committed amount of bandwidth (typically measured in bits/second) that the SP commits to deliver over a particular EVC; the SP may deliver more bits/second than the CIR, but it commits to the amount defined by the CIR.

composite metric A term in EIGRP for the result of the calculation of the EIGRP metric for a route.

confidentiality (privacy) Preventing anyone in the middle of the Internet (a.k.a. man in the middle) from being able to read the data.

configuration revision number A number used by VTP that identifies the version of the VLAN configuration database. Each time the configuration database changes, a switch increments the configuration revision number by 1.

congestion window With TCP, a calculation each TCP receiver does that limits the window it grants to the receiver by shrinking the window in response to the loss of TCP segments.

console port A physical socket on a router or switch to which a cable can be connected between a computer and the router/switch, for the purpose of allowing the computer to use a terminal emulator and use the CLI to configure, verify, and troubleshoot the router/switch.

contiguous network In IPv4, an internetwork design in which packets being forwarded between any two subnets of a single classful network only pass through the subnets of that classful network.

control plane Functions in networking devices and controllers that directly control how devices perform data plane forwarding, but excluding the data plane processes that work to forward each message in the network.

convergence The time required for routing protocols to react to changes in the network, removing bad routes and adding new, better routes so that the current best routes are in all the routers’ routing tables.

core In computer architecture, an individual processing unit that can execute instructions of a CPU; modern server processors typically have multiple cores, each capable of concurrent execution of instructions.

CSU/DSU Channel service unit/data service unit. A device that connects a physical circuit installed by the telco to some CPE device, adapting between the voltages, current, framing, and connectors used on the circuit to the physical interface supported by the DTE.

customer edge (CE) A term used by service providers, both generally and also specifically in MPLS VPN networks, to refer to the customer device that connects to the SP’s network, and therefore sits at the edge of the SP’s network.

customer premises equipment (CPE) A telco term that refers to equipment on-site at the telco customer site (the enterprise’s site) that connects to the WAN service provided by the telco.

data link connection identifier (DLCI) The Frame Relay address that identifies a VC on a particular access link.

data plane Functions in networking devices that are part of the process of receiving a message, processing the message, and forwarding the message.

data VLAN A VLAN used by typical data devices connected to an Ethernet, such as PCs and servers. Used in comparison to a Voice VLAN.

Database Description An OSPF packet type that lists brief descriptions of the LSAs in the OSPF LSDB.

DCE Data circuit-terminating equipment. Also refers to data communications equipment. From a physical layer perspective, the device providing the clocking on a WAN link, usually a CSU/DSU, is the DCE. From a packet-switching perspective, the service provider’s switch, to which a router might connect, is considered the DCE.

Dead Interval In OSPF, a timer used for each neighbor. A router considers the neighbor to have failed if no Hellos are received from that neighbor in the time defined by the timer.

decrypt/decryption The ability to receive encrypted data and process it to derive the original unencrypted data.

deencapsulation On a computer that receives data over a network, the process in which the device interprets the lower-layer headers and, when finished with each header, removes the header, revealing the next-higher-layer PDU.

default gateway/default router On an IP host, the IP address of some router to which the host sends packets when the packet’s destination address is on a subnet other than the local subnet.

delay In QoS, the amount of time it takes for a message to cross a network. Delay can refer to one-way delay (the time required for the message to be sent from the source host to the destination host) or two-way delay (the delay from the source to the destination host and then back again).

delivery header GRE term to refer to the outer unencrypted IP header used to encapsulate the data (often an encrypted payload packet).

demilitarized Zone (DMZ) In an Internet edge design at an enterprise, one or more subnets set aside as a place to locate servers that should allow users in the Internet to initiate connections to those servers. The devices in the DMZ typically sit behind a firewall.

denial of service (DoS) Any type of attack in which the attack causes harm by denying the normal use of the network to legitimate users.

deny An action taken with an ACL that implies that the packet is discarded.

designated port In both STP and RSTP, a port role used to determine which of multiple interfaces on multiple switches, each connected to the same segment or collision domain, should forward frames to the segment. The switch advertising the lowest-cost Hello BPDU onto the segment becomes the DP.

designated router In OSPF, on a multiaccess network, the router that wins an election and is therefore responsible for managing a streamlined process for exchanging OSPF topology information between all routers attached to that network.

DevNet Cisco’s community and resource site for software developers, open to all, with many great learning resources; https://developer.cisco.com.

DHCP attack Any attack that takes advantage of DHCP protocol messages.

DHCP Binding Table A table built by the DHCP snooping feature on a switch when it sees messages about a new DHCP lease, with the table holding information about legitimate successful DHCP leases, including the device’s IP address, MAC address, switch port, and VLAN.

DHCP snooping A switch security feature in which the switch examines incoming DHCP messages, and chooses to filter messages that are abnormal and therefore might be part of a DHCP attack.

dial access A general term referring to any kind of switched WAN service that uses the telco network in which the device must signal (the equivalent of tapping digits on a phone) to establish a connection before sending data.

dial pool An IOS configuration concept for some interface-related resources that can be used and then released. For PPPoE, it is used to associate the dialer interface with the physical Ethernet interface.

dialer interface A virtual interface inside a Cisco router, used for a variety of purposes, including for PPPoE to act as the Layer 3 interface, and to hold the PPP configuration used as a template by IOS to create an associated virtual-access interface.

Differentiated Services (DiffServ) An approach to QoS, originally defined in RFC 2475, that uses a model of applying QoS per classification, with planning of which applications and other traffic types are assigned to each class, with each class given different QoS per-hop behaviors at each networking device in the path.

Differentiated Services Code Point (DSCP) A field existing as the first 6 bits of the ToS byte, as defined by RFC 2474, which redefined the original IP RFC’s definition for the IP header ToS byte. The field is used to mark a value in the header for the purpose of performing later QoS actions on the packet.

Diffusing Update Algorithm (DUAL) A convergence algorithm used in EIGRP when a route fails and a router does not have a feasible successor route. DUAL causes the routers to send EIGRP Query and Reply messages to discover alternate loop-free routes.

Digital Subscriber Line (DSL) A public network technology that delivers high bandwidth over conventional telco local-loop copper wiring at limited distances. Typically used as an Internet access technology, connecting a user to an ISP.

Dijkstra Shortest Path First (SPF) algorithm The name of the algorithm used by link-state routing protocols to analyze the LSDB and find the least-cost routes from that router to each subnet.

disabled port In STP, a port role for nonworking interfaces—in other words, interfaces that are not in a connect or up/up interface state.

discard route A static route with an outgoing interface of null0, which causes a router to discard packets that, when forwarded, happen to match that route.

discarding state An RSTP interface state in which no received frames are processed and the switch forwards no frames out the interface, with the exception of RSTP messages.

discontiguous network In IPv4, an internetwork design in which packets being forwarded between two subnets of a single classful network must pass through the subnets of another classful network.

distance vector The logic behind the behavior of some interior routing protocols, such as RIP and IGRP. Distance vector routing algorithms call for each router to send its entire routing table in each update, but only to its neighbors. Distance vector routing algorithms can be prone to routing loops but are computationally simpler than link-state routing algorithms. Also called Bellman-Ford routing algorithm.

distributed control plane An approach to architecting network protocols and products that places some control plane functions into each networking device rather than centralizing the control plane functions in one or a few devices. An example is the use of routing protocols on each router which then work together so that each router learns Layer 3 routes.

DNS Domain Name System. An application layer protocol used throughout the Internet for translating hostnames into their associated IP addresses.

DS0 Digital signal level 0. A 64-Kbps line or channel of a faster line inside a telco whose origins are to support a single voice call using the original voice (PCM) codecs.

DS1 Digital signal level 1. A 1.544-Mbps line from the telco, with 24 DS0 channels of 64 Kbps each, plus an 8-Kbps management and framing channel. Also called a T1.

DS3 Digital signal level 3. A 44.736-Mbps line from the telco, with 28 DS1 channels plus overhead. Also called a T3.

DSL modem A device that connects to a telephone line and uses DSL standards to transmit and receive data to/from a telco using DSL.

DSL Digital subscriber line. Public network technology that delivers high bandwidth over conventional telco local-loop copper wiring at limited distances. Usually used as an Internet access technology connecting a user to an ISP.

DTE Data terminal equipment. From a Layer 1 perspective, the DTE synchronizes its clock based on the clock sent by the DCE. From a packet-switching perspective, the DTE is the device outside the service provider’s network, usually a router.

dual homed One design of the Internet edge in which the enterprise connects to one ISP, but with two or more links to that one ISP.

dual multihomed One design of the Internet edge in which the enterprise connects to two or more ISPs, and with two or more links to each ISP.

dual stack In IPv6, a mode of operation in which a host or router runs both IPv4 and IPv6.

DUAL See Diffusing Update Algorithm.

Dynamic Multipoint VPN (DMVPN) A Cisco router feature that dynamically creates GRE tunnels between routers, using a multipoint GRE tunnel to create a multipoint topology, and using the Next Hop Resolution Protocol (NHRP) to dynamically discover other routers.

eBGP multihop A configuration feature that enables the router to set the TTL for packets sent by BGP for eBGP connections to some value other than 1 (the normal value), so that the packets are delivered to the peer without being discarded.

EIGRP Enhanced Interior Gateway Routing Protocol. An advanced version of IGRP developed by Cisco. Provides superior convergence properties and operating efficiency and combines the advantages of link-state protocols with those of distance vector protocols.

EIGRP for IPv4 classic mode The traditional method to configure EIGRP for IPv4, which enables EIGRP on interfaces indirectly using the network command in EIGRP router configuration mode.

EIGRP for IPv4 named mode The newer method to configure EIGRP for IPv4 as compared to classic mode, which enables EIGRP on interfaces directly with interface subcommands, and uses address families within EIGRP router configuration mode.

EIGRP for IPv6 A version of EIGRP that supports advertising routes for IPv6 prefixes instead of IPv4 subnets.

E-LAN A specific carrier/Metro Ethernet service defined by MEF (MEF.net) that provides a service much like a LAN, with two or more customer sites connected to one E-LAN service in a full mesh, so that each device in the E-LAN can send Ethernet frames directly to every other device.

E-Line A specific carrier/metro Ethernet service defined by MEF (MEF.net) that provides a point-to-point topology between two customer devices, much as if the two devices were connected using an Ethernet crossover cable.

enable mode A part of the Cisco IOS CLI in which the user can use potentially disruptive commands on a router or switch, including the ability to then reach configuration mode and reconfigure the router.

encapsulation The placement of data from a higher-layer protocol behind the header (and in some cases, between a header and trailer) of the next-lower-layer protocol. For example, an IP packet could be encapsulated in an Ethernet header and trailer before being sent over an Ethernet.

encoding The conventions for how a device varies the electrical or optical signals sent over a cable to imply a particular binary code. For instance, a modem might encode a binary 1 or 0 by using one frequency to mean 1 and another to mean 0.

encrypt/encryption The ability to take data and send the data in a form that is not readable by someone who intercepts this data.

encryption key A secret value used as input to the math formulas used by an encryption process.

End of Row (EoR) switch In a traditional data center design with servers in multiple racks, and the racks in multiple rows, a switch placed in a rack at the end of the row, intended to be cabled to all the Top of Rack (ToR) switches in the same row, to act as a distribution layer switch for the switches in that row.

EtherChannel A feature in which up to eight parallel Ethernet segments exist between the same two devices, each using the same speed. May be a Layer 2 EtherChannel, which acts like a single link for forwarding and Spanning Tree Protocol logic, or a Layer 3 EtherChannel, which acts like a single link for the switch’s Layer 3 routing logic.

Ethernet access link A WAN access link (a physical link between a service provider and its customer) that happens to use Ethernet.

Ethernet LAN Service Another term for E-LAN; see E-LAN.

Ethernet Line Service Another term for E-Line; see E-Line.

Ethernet Tree Service Another term for E-Tree; see E-Tree.

Ethernet Virtual Connection (EVC) A concept in carrier/Metro Ethernet that defines which customer devices can send frames to each other over the Ethernet WAN service; includes E-Line, E-LAN, and E-Tree EVCs.

Ethernet WAN A general and informal term for any WAN service that uses Ethernet links as the access link between the customer and the service provider.

E-Tree A specific carrier/metro Ethernet service defined by MEF (MEF.net) that provides a rooted multipoint service, in which the root site can send frames directly to all leaves, but the leaf sites can send only to the root site.

EUI-64 Literally, a standard for an extended unique identifier that is 64 bits long. Specifically for IPv6, a set of rules for forming a 64-bit identifier, used as the interface ID in IPv6 addresses, by starting with a 48-bit MAC address, inserting FFFE (hex) in the middle, and inverting the seventh bit.

Expedited Forwarding (EF) The name of a particular DSCP value, as well as the term for one per-hop behavior as defined by DiffServ. The value, decimal 46, is marked for packets to which the networking devices should apply certain per-hop behaviors, like priority queuing.

extended access list A list of IOS access-list global configuration commands that can match multiple parts of an IP packet, including the source and destination IP address and TCP/UDP ports, for the purpose of deciding which packets to discard and which to allow through the router.

extended ping An IOS command in which the ping command accepts many other options besides just the destination IP address.

Extensible Authentication Protocol (EAP) An authentication protocol used by IEEE 802.1x.

External BGP The use of BGP between two routers in different ASNs, with different rules compared to Internal BGP (iBGP).

External Border Gateway Protocol (eBGP) See External BGP.

exterior gateway protocol (EGP) 1) A class of IP routing protocols intended for use between different autonomous systems. 2) An old (no longer used) specific routing protocol that predated BGP.

feasible distance In EIGRP, the metric of the best route to reach a subnet.

feasible successor In EIGRP, a route that is not the best route (successor route) but that can be used immediately if the best route fails, without causing a loop. Such a route meets the feasibility condition.

fiber Internet A general term for any Internet access technology that happens to use fiber-optic cabling. It often uses Ethernet protocols on the fiber link.

filter Generally, a process or a device that screens network traffic for certain characteristics, such as source address, destination address, or protocol. This process determines whether to forward or discard that traffic based on the established criteria.

First Hop Redundancy Protocol (FHRP) A class of protocols that includes HSRP, VRRP, and GLBP, which allows multiple redundant routers on the same subnet to act as a single default router (first-hop router).

flash memory A type of read/write permanent memory that retains its contents even with no power applied to the memory and that uses no moving parts, making the memory less likely to fail over time.

FlexStack A switch stacking technology from Cisco, combining up to four 2960-S or 2960-X model switches so that they act as a single logical switch.

FlexStack-Plus A switch stacking technology from Cisco, as a later improvement to FlexStack, combining up to eight 2960-X or 2960-XR model switches so that they act as a single logical switch.

forward To send a frame toward its ultimate destination by way of an internetworking device.

forward delay An STP timer, defaulting to 15 seconds, used to dictate how long an interface stays in the listening state, and the time spent in learning state. Also called the forward delay timer.

forward route From one host’s perspective, the route over which a packet travels from that host to some other host.

Forwarding plane A synonym for data plane. See data plane.

forwarding state An STP and RSTP port state in which an interface operates unrestricted by STP.

Frame Relay An international standard data link protocol that defines the capabilities to create a frame-switched (packet-switched) service, allowing DTE devices (usually routers) to send data to many other devices using a single physical connection to the Frame Relay service.

framing The conventions for how Layer 2 interprets the bits sent according to OSI Layer 1. For example, after an electrical signal has been received and converted to binary, framing identifies the information fields inside the data.

FTP File Transfer Protocol. An application protocol, part of the TCP/IP protocol stack, used to transfer files between network nodes. FTP is defined in RFC 959.

full duplex Generically, any communication in which two communicating devices can concurrently send and receive data. Specifically for Ethernet LANs, the ability of both devices to send and receive at the same time. This is allowed when there are only two stations in a collision domain. Full duplex is enabled by turning off the CSMA/CD collision detection logic.

full mesh From a topology perspective, any topology that has two or more devices, with each device being able to send frames to every other device.

full state In OSPF, a neighbor state that implies that the two routers have exchanged the complete (full) contents of their respective LSDBs.

full update With IP routing protocols, the general concept that a routing protocol update lists all known routes. See also partial update.

fully adjacent In OSPF, a characterization of the state of a neighbor in which the two neighbors have reached the full state.

generic routing encapsulation (GRE) A protocol, defined in RFC 2784, that defines the headers used when creating a site-to-site VPN tunnel. The protocol defines the use of a normal IP header, called the Delivery Header, and a GRE header that the endpoints use to create and manage traffic over the GRE tunnel.

global routing prefix An IPv6 prefix, which defines an IPv6 address block made up of global unicast addresses, assigned to one organization, so that that organization has a block of globally unique IPv6 addresses to use in their network.

global unicast address A type of unicast IPv6 address that has been allocated from a range of public globally unique IP addresses as registered through IANA/ICANN, its member agencies, and other registries or ISPs.

GRE tunnel A site-to-site VPN idea, in which the endpoints act as if a point-to-point link (the tunnel) exists between the sites, while actually encapsulating packets using GRE standards.

Hello (Multiple definitions) 1) A protocol used by OSPF routers to discover, establish, and maintain neighbor relationships. 2) A protocol used by EIGRP routers to discover, establish, and maintain neighbor relationships. 3) In STP, refers to the name of the periodic message sourced by the root bridge in a spanning tree.

Hello BPDU The STP and RSTP message used for the majority of STP communications, listing the root’s bridge ID, the sending device’s bridge ID, and the sending device’s cost with which to reach the root.

Hello Interval With OSPF and EIGRP, an interface timer that dictates how often the router should send Hello messages.

Hello timer In STP, the time interval at which the root switch should send Hello BPDUs.

host In a virtualized server environment, the term used to refer to one physical server that is running a hypervisor to create multiple virtual machines.

Hot Standby Router Protocol (HSRP) A Cisco-proprietary protocol that allows two (or more) routers to share the duties of being the default router on a subnet, with an active/standby model, with one router acting as the default router and the other sitting by waiting to take over that role if the first router fails.

HSRP active A Hot Standby Router Protocol (HSRP) state in which the router actively supports the forwarding of off-subnet packets for hosts in that subnet.

HSRP standby A Hot Standby Router Protocol (HSRP) state in which the router does not currently support the forwarding of off-subnet packets for hosts in that subnet, instead waiting for the currently active router to fail before taking over that role.

hub-and-spoke From a topology perspective, any topology that has a device that can send messages to all other devices (the hub), with one or more spoke devices that can send messages only to the hub. Also called point-to-multipoint.

Hyperthreading The name of Intel’s multithreading technology.

hypervisor Software that runs on server hardware to create the foundations of a virtualized server environment primarily by allocating server hardware components like CPU core/threads, RAM, disk, and network to the VMs running on the server.

ICMP Echo Reply One type of ICMP message, created specifically to be used as the message received by the ping command to test connectivity in a network. The ping command expects to receive these messages from other hosts, after the ping command first sends an ICMP Echo Request message to the host.

ICMP Echo Request One type of ICMP message, created specifically to be used as the message sent by the ping command to test connectivity in a network. The ping command sends these messages to other hosts, expecting the other host to reply with an ICMP Echo Reply message.

ICMPv6 Internet Control Message Protocol for IPv6, used for a variety of purposes, including the Echo Request/Reply messages used by the ping command, and also including Neighbor Discovery Protocol (NDP).

IEEE 802.11 The IEEE base standard for wireless LANs.

IEEE 802.1AD The IEEE standard for the functional equivalent of the Cisco-proprietary EtherChannel.

IEEE 802.1D The IEEE standard for the original Spanning Tree Protocol.

IEEE 802.1Q The IEEE-standard VLAN trunking protocol. 802.1Q includes the concept of a native VLAN, for which no VLAN header is added, and a 4-byte VLAN header is inserted after the original frame’s type/length field.

IEEE 802.1s The IEEE standard for Multiple Instances of Spanning Tree (MIST), which allows for load balancing of traffic among different VLANs.

IEEE 802.1w The IEEE standard for an enhanced version of STP, called Rapid STP, which speeds convergence.

IEEE 802.3 The IEEE base standard for Ethernet-like LANs.

IGRP Interior Gateway Routing Protocol. An old, no-longer-supported interior gateway protocol (IGP) developed by Cisco.

inferior Hello When STP compares two or more received Hello BPDUs, a Hello that lists a numerically larger root bridge ID than another Hello or a Hello that lists the same root bridge ID but with a larger cost.

infinity In the context of IP routing protocols, a finite metric value defined by the routing protocol that is used to represent an unusable route in a routing protocol update.

Infrastructure as a Service (IaaS) A cloud service in which the service consists of a virtual machine that has defined computing resources (CPUs, RAM, disk, and network), and may or may not be provided with an installed OS.

Integrated Services (IntServ) An approach to QoS, different from Differentiated Services (DiffServ), in which QoS is applied per flow, with reservations made for the necessary QoS characteristics for that flow.

integrity In data transfers, means that the network administrator can determine that the information has not been tampered with in transit.

interarea prefix LSA In OSPFv6, a type of LSA similar to the Type 3 summary LSA in OSPFv2, created by an Area Border Router (ABR), to describe an IPv6 prefix in one area in the database of another area.

intercloud exchange A WAN service that provides connectivity between public cloud providers and their customers, so that customers can install and keep the WAN connections, even when migrating from one cloud provider to another.

interface bandwidth In OSPF, the numerator in the calculation of an interface’s default OSPF cost metric, calculated as the interface bandwidth divided by the reference bandwidth.

Internal Border Gateway Protocol (iBGP) The use of BGP between two routers in the same ASN, with different rules compared to External BGP (eBGP).

interior gateway protocol (IGP) A routing protocol designed to be used to exchange routing information inside a single autonomous system.

Internal router In OSPF, a router with all interfaces in the same non-backbone area.

Internet access technology Any technology that an ISP offers that allows its customer to send and receive data to/from the ISP, including serial links, Frame Relay, MPLS, Metro Ethernet, DSL, cable, and fiber Internet.

Internet edge The part of the topology of the Internet that sits between an ISP and the ISP’s customer.

Internet service provider A company or organization that provides Internet services to customers; the company may have a heritage as a telco, WAN service provider, or cable company.

Internetwork Operating System (IOS) See IOS.

Inter-Switch Link (ISL) The Cisco-proprietary VLAN trunking protocol that predated 802.1Q by many years. ISL defines a 26-byte header that encapsulates the original Ethernet frame.

IOS Cisco operating system software that provides the majority of a router’s or switch’s features, with the hardware providing the remaining features.

IOS feature set A set of related features that can be enabled on a router to enable certain functionality. For example, the Security feature set would enable the ability to have the router act as a firewall in the network.

IOS image A file that contains the IOS.

IP Control Protocol (IPCP) A control protocol defined as part of PPP for the purpose of initializing and controlling the sending of IPv4 packets over a PPP link.

IP Precedence (IPP) In the original definition of the IP header’s Type of Service (ToS) byte, the first 3 bits of the ToS byte, used for marking IP packets for the purpose of applying QoS actions.

IP Service Level Agreement (IP SLA) The Cisco router feature that defines a variety of measurable probe types, so that a network engineer can configure a probe, have the router generate probe messages and measure the responses, and then let the network engineer use those results for troubleshooting and for reporting.

IP SLA operation A type of test generated by a Cisco router IP SLA feature. The test can generate many different types of test messages, which causes the IP SLA feature on the router to send a particular type of packet, and wait to receive a response, for the purpose of measuring something about the behavior of the network.

IP SLA responder With the Cisco IP Service Level Agreement (SLA) feature in routers, a process that runs in a router (after being configured on that router) and waits to receive and respond to certain types of IP SLA probe messages.

IP SLA source With the Cisco IP Service Level Agreement (SLA) feature in routers, the router that is configured to originate IP SLA probe messages of some kind.

IPsec The term referring to the IP Security protocols, which is an architecture for providing encryption and authentication services, usually when creating VPN services through an IP network.

IPv6 prefix length A number written as /x, where x is an integer between 0 and 128 inclusive, that defines the number of initial bits in an IPv6 address, used for IPv6 subnetting and for matching with IPv6 ACLs.

ISDN Integrated Services Digital Network. A communication protocol offered by telephone companies that permits telephone networks to carry data, voice, and video.

ISL See Inter-Switch Link.

ISP prefix In IPv6, the prefix that describes an address block that has been assigned to an ISP by some Internet registry.

JSON (JavaScript Object Notation) A popular method to represent data for exchange by APIs, in a format readable by both programs and computers, and defined as part of the JavaScript language.

keyboard, video, mouse (KVM) Three components of a typical desktop computer that are typically not included in a modern server because the server is installed and managed remotely.

KVM (Red Hat) Kernel-Based Virtual Machine (KVM), a server virtualization/hypervisor product from the Red Hat company.

LAN broadcast An Ethernet frame sent to destination address FFFF.FFFF.FFFF, meaning that the frame should be delivered to all hosts on that LAN.

LAPF Link Access Procedure Frame Bearer Services. Defines the basic Frame Relay header and trailer. The header includes DLCI, FECN, BECN, and DE bits.

Layer 2 EtherChannel (L2 EtherChannel) An EtherChannel that acts as a switched port (that is, not a routed port), and as such, is used by a switch’s Layer 2 forwarding logic. As a result, the Layer 2 switch lists the Layer 2 EtherChannel in switch MAC address tables, and when forwarding a frame based on one of these MAC table entries, the switch balances traffic across the various ports in the Layer 2 EtherChannel.

Layer 3 EtherChannel (L3 EtherChannel) An EtherChannel that acts as a routed port (that is, not a switched port), and as such, is used by a switch’s Layer 3 forwarding logic. As a result, the Layer 3 switch lists the Layer 3 EtherChannel in various routes in the switch’s IP routing table, with the switch balancing traffic across the various ports in the Layer 3 EtherChannel.

Layer 3 switch A LAN switch that can also perform Layer 3 routing functions. The name comes from the fact that this device makes forwarding decisions based on logic from multiple OSI layers (Layers 2 and 3).

learn Describes how switches discover MAC addresses by examining the source MAC addresses of frames they receive. They add each new MAC address, along with the port number of the port on which it learned of the MAC address, to an address table.

learning state In STP, a temporary port state in which the interface does not forward frames, but it can begin to learn MAC addresses from frames received on the interface.

leased line A transmission line reserved by a communications carrier for a customer’s private use. A leased line is a type of dedicated line.

Link Control Protocol A control protocol defined as part of PPP for the purpose of initializing and maintaining a PPP link.

link state A classification of the underlying algorithm used in some routing protocols. Link-state protocols build a detailed database that lists links (subnets) and their state (up, down), from which the best routes can then be calculated.

link-local address A type of unicast IPv6 address that represents an interface on a single data link. Packets sent to a link-local address cross only that particular link and are never forwarded to other subnets by a router. Used for communications that do not need to leave the local link, such as neighbor discovery.

link-state advertisement (LSA) In OSPF, the name of the data structure that resides inside the LSDB and describes in detail the various components in a network, including routers and links (subnets).

link-state database (LSDB) In OSPF, the data structure in RAM of a router that holds the various LSAs, with the collective LSAs representing the entire topology of the network.

Link-State Request An OSPF packet used to ask a neighboring router to send a particular LSA.

Link-State Update An OSPF packet used to send an LSA to a neighboring router.

listening state A temporary STP port state that occurs immediately when a blocking interface must be moved to a forwarding state. The switch times out MAC table entries during this state. It also ignores frames received on the interface and doesn’t forward any frames out the interface.

local loop A line from the premises of a telephone subscriber to the telephone company CO.

local SPAN A SPAN monitor session in which the monitored frames and the SPAN destination port are in the same switch.

local username A username (with matching password), configured on a router or switch. It is considered local because it exists on the router or switch, and not on a remote server.

logical switch In a switch stack, the term logical switch refers to the behavior of the switch stack as a whole in that the entire stack together acts as one switch.

loss A reference to packets in a network that are sent but do not reach the destination host.

low latency queue In Cisco queuing systems, a queue from which the queue scheduling algorithm always takes packets next if the queue holds any packets. This scheduling choice means that packets in this queue spend little time in the queue, achieving low delay (latency) as well as low jitter.

Low Latency Queuing (LLQ) The name of a queuing system that can be enabled on Cisco routers and switches by which messages sensitive to latency and jitter are placed in a queue that is always serviced first, resulting in low latency and jitter for those messages.

LSA See link-state advertisement.

LTE Literally, Long Term Evolution, but is used as a word itself to represent the type of wireless 4G technology that allows faster speeds than the original 4G specifications.

management plane Functions in networking devices and controllers that control the devices themselves, but that do not impact the forwarding behavior of the devices like control plane protocols do.

man-in-the-middle attack Any type of attack in which the attacker gains control of some device or process between a user and some server, for the purpose of then capturing the messages sent between the user and the server.

marking The process of changing one of a small set of fields in various network protocol headers, including the IP header’s DSCP field, for the purpose of later classifying a message based on that marked value.

match/action logic The basic logic done by a networking element: to receive incoming messages, to match fields in the message, to then use logic based on those matches to take action against the message, and to then forward the message.

MaxAge In STP, a timer that states how long a switch should wait when it no longer receives Hellos from the root switch before acting to reconverge the STP topology. Also called the MaxAge timer.

maximum paths In Cisco IOS, a reference to the number of equal cost routes (paths) to reach a single subnet that IOS will add to the IP routing table at the same time.

metric A numeric measurement used by a routing protocol to determine how good a route is as compared to other alternate routes to reach the same subnet.

Metro Ethernet The original term used for WAN service that used Ethernet links as the access link between the customer and the service provider.

metropolitan-area network (MAN) A service provided by a service provider to connect customer sites, with the customer sites existing in the same city; it takes its name from the metropolitan area of cities.

MIB See Management Information Base.

MIB view A concept in SNMPv3 that identifies a subset of an SNMP agent’s MIB for the purpose of limiting access to some parts of the MIB to certain SNMP managers.

modem Modulator-demodulator. A device that converts between digital and analog signals so that a computer may send data to another computer using analog telephone lines. At the source, a modem converts digital signals to a form suitable for transmission over analog communication facilities. At the destination, the analog signals are returned to their digital form.

MPLS See Multiprotocol Label Switching

MPLS Experimental Bits A 3-bit field in the MPLS label used for QoS marking.

MPLS VPN A WAN service that uses MPLS technology, with many customers connecting to the same MPLS network, but with the VPN features keeping each customer’s traffic separate from others.

MTU Maximum transmission unit. The maximum packet size, in bytes, that a particular interface can handle.

multiarea In OSPFv2 and OSPFv3, a design that uses multiple areas.

Multichassis EtherChannel (MEC) A Cisco technology that allows switches in a switch stack to be one endpoint of an EtherChannel, with links in the EtherChannel connecting to different switches in the switch stack.

multilayer switch A LAN switch that can also perform Layer 3 routing functions. The name comes from the fact that this device makes forwarding decisions based on logic from multiple OSI layers (Layers 2 and 3).

multilink interface A virtual interface created by Multilink PPP as the Layer 3 interface used in MLPPP configurations.

Multilink PPP (MLPPP) A feature of PPP that manages multiple links between two nodes, load balancing data link frames across those multiple links by fragmenting each frame into pieces (fragments), sending one fragment over each active link. It also presents a single Layer 3 interface to the Layer 3 logic in the endpoint devices.

multipoint A topology with more than two devices in it (in contrast to a point-to-point topology, which has exactly two devices). Without any further context, the term multipoint does not define whether all devices in the topology can send messages directly to each other (full mesh) or not (partial mesh).

multipoint GRE A type of GRE tunnel in which more than two devices can be part of the same tunnel, sending packets directly to each other over the same tunnel, and using one subnet for all devices connected to the tunnel.

Multiprotocol BGP (MPBGP) A particular set of BGP extensions that allows BGP to support multiple address families, which when used to create an MPLS VPN service gives the SP the method to advertise the IPv4 routes of many customers while keeping those route advertisements logically separated.

Multiprotocol Label Switching (MPLS) A WAN technology used to create an IP-based service for customers, with the service provider’s internal network performing forwarding based on an MPLS label rather than the destination IP address.

multithreading In computer architecture, a process of maximizing the use of a processor core by sharing an individual core among multiple programs, taking advantage of the typical idle times for the core while it waits on various other tasks like memory reads and writes.

National Institute of Standards and Technology (NIST) A U.S. federal agency that develops national standards, including standards for cloud computing.

NBI See Northbound API.

NBMA See nonbroadcast multiaccess.

neighbor In routing protocols, another router with which a router decides to exchange routing information.

Neighbor Advertisement (NA) A message defined by the IPv6 Neighbor Discovery Protocol (NDP) and used to declare to other neighbors a host’s MAC address. Sometimes sent in response to a previously received NDP Neighbor Solicitation (NS) message.

Neighbor Discovery Protocol (NDP) A protocol that is part of the IPv6 protocol suite and is used to discover and exchange information about devices on the same subnet (neighbors). In particular, it replaces IPv4 ARP.

Neighbor Solicitation (NS) A message defined by the IPv6 Neighbor Discovery Protocol (NDP) and used to ask a neighbor to reply back with a Neighbor Advertisement, which lists the neighbor’s MAC address.

neighbor table For OSPF and EIGRP, a list of routers that have reached neighbor status.

network analyzer Network management software that captures LAN frames (often frames directed to it by a switch SPAN session) for the purpose of then analyzing the contents of those frames for a network engineer.

Network Based Application Recognition (NBAR) A Cisco router feature that looks at message details beyond the Layer 2, 3, and 4 headers to identify over 1000 different classifications of packets from different applications.

Network Layer Reachability Information (NLRI) The formal BGP term for a prefix and matching prefix length that defines an address block, which is included in the BGP Update message.

Network LSA In OSPF, a type of LSA that a designated router (DR) creates for the network (subnet) for which the DR is helping to distribute LSAs.

Network Management System (NMS) Software that manages the network, often using SNMP and other protocols.

Next Hop Resolution Protocol (NHRP) A protocol defined by the IETF, used by Cisco’s DMVPN feature for the purpose of allowing routers connected to the Internet to discover each other’s public IP addresses and inform each other of their private IP addresses as used by DMVPN.

Nexus 1000v A Cisco Nexus data center switch that runs as a software-only virtual switch inside one host (one hardware server), to provide switching features to the virtual machines running on that host.

NHRP client When using Next Hop Resolution Protocol, a router that registers its public and private IP addresses by informing the NHRP server of the addresses it uses. The NHRP client also asks the NHRP server to inform the client of the public/private address pairs of other routers.

NHRP server When using Next Hop Resolution Protocol, a router that collects and distributes the public and private IP address pairs registered to it from NHRP clients.

NMS Network Management Station. The device that runs network management software to manage network devices. SNMP is often the network management protocol used between the NMS and the managed device.

nonbroadcast multiaccess (NBMA) A characterization of a type of Layer 2 network in which more than two devices connect to the network, but the network does not allow broadcast frames to be sent to all devices on the network.

Northbound API In the area of SDN, a reference to the APIs that a controller supports that gives outside programs access to the services of the controller; for instance, to supply information about the network or to program flows into the network. Also called a Northbound Interface.

Northbound Interface Another term for Northbound API. See Northbound API.

notification community An SNMP community (a value that acts as a password), defined on an SNMP manager, which then must be supplied by any SNMP agent that that sends the manager any unsolicited SNMP notifications (like SNMP Trap and Notify requests).

NVRAM Nonvolatile RAM. A type of random-access memory (RAM) that retains its contents when a unit is powered off.

OID Object identifier. Used to uniquely describe a MIB variable in the SNMP database. This is a numeric string that identifies the variable uniquely and also describes where the variable exists in the MIB tree structure.

on-demand self-service One of the five key attributes of a cloud computing service as defined by NIST, referring to the fact that the consumer of the server can request the service, with the service being created without any significant delay and without waiting on human intervention.

one-way delay The elapsed time from sending the first bit of data at the sending device until the last bit of that data is received on the destination device.

ONF See Open Networking Foundation.

Open Networking Foundation A consortium of SDN users and vendors who work together to foster the adoption of open SDN in the marketplace.

OpenDaylight An open source SDN controller, created by an open source effort of the OpenDaylight project under the Linux foundation, built with the intent to have a common SDN controller code base from which vendors could then take the code and add further features and support to create SDN controller products.

OpenFlow The open standard for Software Defined Networking (SDN) as defined by the Open Networking Foundation (ONF), which defines the OpenFlow protocol as well as the concept of an abstracted OpenFlow virtual switch.

OpFlex The southbound protocol used by the Cisco ACI controller and the switches it controls.

OSPF Open Shortest Path First. A popular link-state IGP that uses a link-state database and the Shortest Path First (SPF) algorithm to calculate the best routes to reach each known subnet.

OSPF super backbone Jargon used to refer to how when an MPLS VPN customer uses OSPF, that the MPLS VPN service acts as if it were part of OSPF backbone area 0, with that part of area 0 being called the super backbone.

OSPF version 2 The version of the OSPF routing protocol that supports IPv4, and not IPv6, and has been commonly used for over 20 years.

OSPF version 3 The version of the OSPF routing protocol that originally supported only IPv6, and not IPv4, but now supports IPv4 through the use of address family configuration.

out-of-band Traffic that does not share the same network paths with user data traffic. Network management traffic is often sent OOB.

overlapping subnets An (incorrect) IP subnet design condition in which one subnet’s range of addresses includes addresses in the range of another subnet.

PAgP Port Aggregation Protocol (PAgP) is a messaging protocol defined by Cisco which enables two neighboring devices to realize that they have multiple parallel links connecting to each other, and then to decide which links can be combined into an EtherChannel.

PAP Password Authentication Protocol. A PPP authentication protocol that allows PPP peers to authenticate one another, characterized by the weak authentication it uses by sending the username and password as clear text values.

partial mesh A network topology in which more than two devices could physically communicate, but by choice, only a subset of the pairs of devices connected to the network is allowed to communicate directly.

partial update With IP routing protocols, the general concept that a routing protocol update lists a subset of all known routes. See also full update.

path attribute In BGP, one of many types of information that describe a route (path), with the path attributes being used for best path selection and other purposes.

periodic update With routing protocols, the concept that the routing protocol advertises routes in a routing update on a regular periodic basis. This is typical of distance vector routing protocols.

permanent virtual circuit (PVC) A preconfigured communications path between two Frame Relay DTEs, identified by a local DLCI on each Frame Relay access link, that provides the functional equivalent of a leased circuit but without a physical leased line for each VC.

permit An action taken with an ACL that implies that the packet is allowed to proceed through the router and be forwarded.

ping Packet Internet groper. An Internet Control Message Protocol (ICMP) echo message and its reply; ping often is used in IP networks to test the reachability of a network device.

Platform as a Service (PaaS) A cloud service intended for software developers as a development platform, with a variety of tools useful to developers already installed, so that the developer can focus on developing software rather than on creating a good development environment.

point of presence (PoP) A term used for a service provider’s (SP) perspective to refer to a service provider’s installation that is purposefully located relatively near to customers, with several spread around major cities, so that the distance from each customer site to one of the SP’s PoPs is short.

point-to-multipoint See hub-and-spoke.

point-to-point From a topology perspective, any topology that has two and only two devices that can send messages directly to each other.

point-to-point edge port With 802.1w RSTP, a port type in which the switch believes the port is connected to a single other device, specifically one that is not another switch.

point-to-point port With 802.1w RSTP, a port type in which the switch believes the port is connected to a single other device, specifically another switch.

poisoned route A route advertisement in which the routing protocol assigns the route a maximum metric that represents infinity, as a means to advertise that the route is no longer usable.

policing A QoS tool that monitors the bit rate of the messages passing some point in the processing of a networking device, so that if the bit rate exceeds the policing rate for a period of time, the policer can discard excess packets to lower the rate.

policing rate The bit rate at which a policer compares the bit rate of packets passing through a policing function, for the purpose of taking a different action against packets that conform (are under) to the rate versus those that exceed (go over) the rate.

port (Multiple definitions) 1) In TCP and UDP, a number that is used to uniquely identify the application process that either sent (source port) or should receive (destination port) data. 2) In LAN switching, another term for switch interface.

PortChannel One term Cisco switches use to reference a bundle of links that are, in some respects, treated like a single link. Other similar terms include EtherChannel and Channel-group.

PortFast A switch STP feature in which a port is placed in an STP forwarding state as soon as the interface comes up, bypassing the listening and learning states. This feature is meant for ports connected to end-user devices.

PPP over Ethernet (PPPoE) A specific protocol designed to encapsulate PPP frames inside Ethernet frames, for the purpose of delivering the PPP frames between two devices, effectively creating a point-to-point tunnel between the two devices.

PPP Point-to-Point Protocol. A data link protocol that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits.

PPPoE session The logical connection between two PPPoE endpoints, used to track the state of the ability of each endpoint to send PPPoE frames to the other endpoint.

prefix notation A shorter way to write a subnet mask in which the number of binary 1s in the mask is simply written in decimal. For instance, /24 denotes the subnet mask with 24 binary 1 bits in the subnet mask. The number of bits of value binary 1 in the mask is considered to be the prefix.

Priority Code Point (PCP) The formal term for the 3-bit field in the 802.1Q header intended for marking and classifying Ethernet frames for the purposes of applying QoS actions. Another term for Class of Service (CoS).

priority queue In Cisco queuing systems, another term for a low latency queue (LLQ).

private address Several Class A, B, and C networks that are set aside for use inside private organizations. These addresses, as defined in RFC 1918, are not routable through the Internet.

private cloud A cloud computing service in which a company provides its own IT services to internal customers inside the same company but by following the practices defined as cloud computing.

private IP network One of several classful IPv4 network numbers that will never be assigned for use in the Internet, meant for use inside a single enterprise.

private key A secret value used in public/private key encryption systems. Either encrypts a value that can then be decrypted using the matching public key, or decrypts a value that was previously encrypted with the matching public key.

problem isolation The part of the troubleshooting process in which the engineer attempts to rule out possible causes of the problem, narrowing the possible causes until the root cause of the problem can be identified.

protocol type A field in the IP header that identifies the type of header that follows the IP header, usually a Layer 4 header, such as TCP or UDP. ACLs can examine the protocol type to match packets with a particular value in this header field.

provider edge (PE) A term used by service providers, both generally and also specifically in MPLS VPN networks, to refer to the SP device in a point of presence (PoP) that connects to the customer’s network, and therefore sits at the edge of the SP’s network.

public cloud A cloud computing service in which the cloud provider is a different company than the cloud consumer.

public key A publicly available value used in public/private key encryption systems. Either encrypts a value that can then be decrypted using the matching private key, or decrypts a value that was previously encrypted with the matching private key.

PVC See permanent virtual circuit.

PVST+ An STP option in Cisco switches that creates an STP instance per VLAN while using the STP (802.1D) protocol for those STP instances.

Quality of Service (QoS) The performance of a message, or the messages sent by an application, in regard to the bandwidth, delay, jitter, or loss characteristics experienced by the message(s).

queuing The process by which networking devices hold packets in memory while waiting on some constrained resource; for example, when waiting for the outgoing interface to become available when too many packets arrive in a short period of time.

RAM Random-access memory. A type of volatile memory that can be read and written by a microprocessor.

rapid elasticity One of the five key attributes of a cloud computing service as defined by NIST, referring to the fact that the cloud service reacts to requests for new services quickly, and it expands (is elastic) to the point of appearing to be a limitless resource.

Rapid PVST+ An STP option in Cisco switches that creates an STP instance per VLAN while using the RSTP (802.1w) protocol for those STP instances.

Rapid Spanning Tree Protocol (RSTP) Defined in IEEE 802.1w. Defines an improved version of STP that converges much more quickly and consistently than STP (802.1d).

reachability In BGP, a reference to the goal of BGP to advertise about a prefix/length so that other routers know that the prefix is reachable through the router that advertised the prefix.

read-only community An SNMP community (a value that acts as a password), defined on an SNMP agent, which then must be supplied by any SNMP manager that sends the agent any messages asking to learn the value of a variable (like SNMP Get and GetNext requests).

read-write community An SNMP community (a value that acts as a password), defined on an SNMP agent, which then must be supplied by any SNMP manager that sends the agent any messages asking to set the value of a variable (like SNMP Set requests).

Real-time Transport Protocol (RTP) The transport layer protocol used by many voice and video applications, including between Cisco IP Telephone and other Cisco Unified Communications products.

reference bandwidth In OSPF, a configurable value for the OSPF routing process, used by OSPF when calculating an interface’s default OSPF cost metric, calculated as the interface’s bandwidth divided by the reference bandwidth.

Regional Internet Registry (RIR) The generic term for one of five current organizations that are responsible for assigning the public, globally unique IPv4 and IPv6 address space.

registry prefix In IPv6, the prefix that describes a block of public, globally unique IPv6 addresses assigned to a Regional Internet Registry by ICANN.

reported distance From one EIGRP router’s perspective, the metric for a subnet as calculated on a neighboring router and reported in a routing update to the first router.

Representational State Transfer (REST) A type of API that allows two programs that reside on separate computers to communicate, with the messages used to move requests and data across the network using HTTP messages Get, Post, Put, and Delete.

resource pooling One of the five key attributes of a cloud computing service as defined by NIST, referring to the fact that the cloud provider treats its resources as a large group (pool) of resources that its cloud management systems then allocate dynamically based on self-service requests by its customers.

REST See Representational State Transfer.

REST API Any API that uses Representational State Transfer (REST), which means that the two programs, on separate computers, use HTTP messages to request and transfer data.

RESTful API A turn of phrase that means that the API uses REST.

reverse route From one host’s perspective, for packets sent back to the host from another host, the route over which the packet travels.

RFC Request For Comments. A document used as the primary means for communicating information about the TCP/IP protocols. Some RFCs are designated by the Internet Architecture Board (IAB) as Internet standards, and others are informational. RFCs are available online from numerous sources, including www.rfc-editor.org.

RIP Routing Information Protocol. An interior gateway protocol (IGP) that uses distance vector logic and router hop count as the metric. RIP Version 1 (RIPv1) has become unpopular. RIP Version 2 (RIPv2) provides more features, including support for VLSM.

root bridge See root switch.

root cost The STP cost from a nonroot switch to reach the root switch, as the sum of all STP costs for all ports out which a frame would exit to reach the root.

root port In STP, the one port on a nonroot switch in which the least-cost Hello is received. Switches put root ports in a forwarding state.

root switch In STP, the switch that wins the election by virtue of having the lowest bridge ID, and, as a result, sends periodic Hello BPDUs (default, 2 seconds).

round robin A queue scheduling algorithm in which the scheduling algorithm services one queue, then the next, then the next, and so on, working through the queues in sequence.

round-trip delay The elapsed time from sending the first bit of data at the sending device until the last bit of that data is received on the destination device, plus the time waiting for the destination device to form a reply, plus the elapsed time for that reply message to arrive back to the original sender.

Round Trip Time (RTT) The time it takes a message to go from the original sender to the receiver, plus the time for the response to that message to be sent back.

routable protocol See routed protocol.

route redistribution A method by which two routing protocol processes running in the same device can exchange routing information, thereby causing a route learned by one routing protocol to then be advertised by another.

route summarization The process of combining multiple routes into a single advertised route, for the purpose of reducing the number of entries in routers’ IP routing tables.

routed port A port on a multilayer Cisco switch, configured with the no switchport command, that tells the switch to treat the port as if it were a Layer 3 port, like a router interface.

routed protocol A Layer 3 protocol that defines a packet that can be routed, such as IPv4 and IPv6.

Router Advertisement (RA) A message defined by the IPv6 Neighbor Discovery Protocol (NDP) and used by routers to announce their willingness to act as an IPv6 router on a link. These may be sent in response to a previously received NDP Router Solicitation (RS) message.

router ID (RID) In EIGRP and OSPF, a 32-bit number, written in dotted decimal, that uniquely identifies each router.

router LSA In OSPF, a type of LSA that a router creates to describe itself and the networks connected to it.

Router on a Stick (ROAS) Jargon to refer to the Cisco router feature of using VLAN trunking on an Ethernet interface, which then allows the router to route packets that happen to enter the router on that trunk and then exit the router on that same trunk, just on a different VLAN.

Router Solicitation (RS) A message defined by the IPv6 Neighbor Discovery Protocol (NDP) and used to ask any routers on the link to reply, identifying the router, plus other configuration settings (prefixes and prefix lengths).

routing protocol A set of messages and processes with which routers can exchange information about routes to reach subnets in a particular network. Examples of routing protocols include Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), and Routing Information Protocol (RIP).

RSTP See Rapid Spanning Tree Protocol.

SDM See Switching Database Manager.

Secure Sockets Layer (SSL) A security protocol that is integrated into commonly used web browsers that provides encryption and authentication services between the browser and a website.

security level The level of SNMPv3 security applied by the SNMP agent, specifically either noauth, auth, or priv.

segment (Multiple definitions) 1) In TCP, a term used to describe a TCP header and its encapsulated data (also called an L4PDU). 2) Also in TCP, the set of bytes formed when TCP breaks a large chunk of data given to it by the application layer into smaller pieces that fit into TCP segments. 3) In Ethernet, either a single Ethernet cable or a single collision domain (no matter how many cables are used).

serial cable A type of cable with many different styles of connectors used to connect a router to an external CSU/DSU on a leased-line installation.

serial link Another term for leased line.

Service Level Agreement (SLA) See IP Service Level Agreement (IP SLA).

service provider A company that provides a service to multiple customers. Used most often to refer to providers of private WAN services and Internet services. See also Internet service provider.

session key With encryption, a secret value that is known to both parties in a communication, used for a period of time, which the endpoints use when encrypting and decrypting data.

shaping A QoS tool that monitors the bit rate of the messages exiting a networking devices, so that if the bit rate exceeds the shaping rate for a period of time, the shaper can queue the packets, effectively slowing down the sending rate to match the shaping rate.

shaping rate The bit rate at which a shaper compares the bit rate of packets passing through the shaping function, so that when the rate is exceeded, the shaper enables the queuing of packets, resulting in slowing the bit rate of the collective packets that pass through the shaper, so the rate of bits getting through the shaper does not exceed the shaping rate.

shared key A reference to a security key whose value is known (shared) by both the sender and receiver.

shared port With 802.1w RSTP, a port type that is determined by the fact that the port uses half duplex, which could then imply a shared LAN as created by a LAN hub.

shortest path first (SPF) algorithm The algorithm used by OSPF to find all possible routes, and then choose the route with the lowest metric for each subnet.

Simple Network Management Protocol (SNMP) An Internet-standard protocol for managing devices on IP networks. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.

single homed One design of the Internet edge in which the enterprise connects to the ISP with a single link.

single multihomed One design of the Internet edge in which the enterprise connects to two or more ISPs, but with a single link to each.

single point of failure In a network, a single device or link which, if it fails, causes an outage for a given population of users.

site prefix In IPv6, the prefix that describes a public globally unique IPv6 address block that has been assigned to an end-user organization (for example, an enterprise or government agency). The assignment usually is made by an ISP or Internet registry.

site-to-site VPN The mechanism that allows all devices at two different sites to communicate securely over some unsecure network like the Internet, by having one device at each site perform encryption/decryption and forwarding for all the packets sent between the sites.

SLSM Static-length subnet mask. The usage of the same subnet mask for all subnets of a single Class A, B, or C network.

SNMP See Simple Network Management Protocol.

SNMP agent Software that resides on the managed device and processes the SNMP messages sent by the Network Management Station (NMS).

SNMP community A simple password mechanism in SNMP in which either the SNMP agent or manager defines a community string (password), and the other device must send that same password value in SNMP messages, or the messages are ignored. See also read-only community, read-write community, and notification community.

SNMP Get message Used by SNMP to read from variables in the MIB.

SNMP Inform message An unsolicited SNMP message like a Trap message, except that the protocol requires that the Inform message needs to be acknowledged by the SNMP manager.

SNMP manager Typically a Network Management System (NMS), with this term specifically referring to the use of SNMP and the typical role of the manager, which retrieves status information with SNMP Get requests, sets variables with the SNMP Set requests, and receives unsolicited notifications from SNMP agents by listening for SNMP Trap and Notify messages.

SNMP Set message Used in SNMP to set the value in variables of the MIB. These messages are the key to an administrator configuring the managed device using SNMP.

SNMP Trap message An unsolicited SNMP message generated by the managed device, and sent to the SNMP manager, to give information to the manager about some event or because a measurement threshold has been passed.

SNMPv2c A variation of the second version of SNMP. SNMP Version 2 did not originally support communities; the term SNMPv2c refers to SNMP version 2 with support added for SNMP communities (which were part of SNMPv1).

SNMPv3 The third version of SNMP, with the notable addition of several security features as compared to SNMPv2c, specifically message integrity, authentication, and encryption.

Software as a Service (SaaS) A cloud service in which the service consists of access to working software, without the need to be concerned about the details of installing and maintaining the software or the servers on which it runs.

Software Defined Networking (SDN) A branch of networking that emerged in the marketplace in the 2010s characterized by the use of a centralized software controller that takes over varying amounts of the control plane processing formerly done inside networking devices, with the controller directing the networking elements as to what forwarding table entries to put into their forwarding tables.

Southbound API In the area of SDN, a reference to the APIs used between a controller and the network elements for the purpose of learning information from the elements and for programming (controlling) the forwarding behavior of the elements. Also called a Southbound Interface.

Southbound Interface Another term for Southbound API. See Southbound API.

SPAN destination port In a SPAN monitor session, the configuration that tells the switch out which port to forward frames copied based on that same SPAN session’s source ports or source VLANs.

SPAN monitor session A function enabled in a Cisco switch that intercepts a defined subset of frames being sent through the switch (as defined by the SPAN monitor session), directing a copy of those frames out a certain port, so that other tools (like network analyzers and intrusion protection systems) can examine the frames.

SPAN session See SPAN monitor session.

SPAN source port In a SPAN monitor session, the configuration that tells a switch to copy frames sent or received on a particular port, and to then send those copied frames to the SPAN destination defined by that same SPAN session.

SPAN source VLAN In a SPAN monitor session, the configuration that tells a switch to copy frames sent in that VLAN, and to then send those copied frames to the SPAN destination defined by that same SPAN session.

Spanning Tree Protocol (STP) A protocol defined by IEEE standard 802.1D. Allows switches and bridges to create a redundant LAN, with the protocol dynamically causing some ports to block traffic, so that the bridge/switch forwarding logic will not cause frames to loop indefinitely around the LAN.

split horizon A distant vector routing technique in which information about routes is prevented from exiting the router interface through which that information was received. Split-horizon updates are useful in preventing routing loops.

spurious DHCP server A DHCP server that is used by an attacker for attacks that take advantage of DHCP protocol messages.

SSL See Secure Sockets Layer.

Stack Master The one switch in a FlexStack or FlexStack-Plus switch stack that performs the data plane, control plane, and management plane processing on behalf of all switches in the stack.

stacking cable A special cable used to connect stacking modules in switches that are cabled into the same switch stack.

stacking module In Cisco’s switch stacking technologies like FlexStack and FlexStack-Plus, the hardware module that is required on each switch to create a communications link between all switches in the stack so that they can forward user frames and also communicate with each other to manage the stack.

standard access list A list of IOS global configuration commands that can match only a packet’s source IP address for the purpose of deciding which packets to discard and which to allow through the router.

stateful DHCP A term used in IPv6 to contrast with stateless DHCP. Stateful DHCP keeps track of which clients have been assigned which IPv6 addresses (state information).

stateless address autoconfiguration (SLAAC) A feature of IPv6 in which a host or router can be assigned an IPv6 unicast address without the need for a stateful DHCP server.

stateless DHCP A term used in IPv6 to contrast with stateful DHCP. Stateless DHCP servers do not lease IPv6 addresses to clients. Instead, they supply other useful information, such as DNS server IP addresses, but with no need to track information about the clients (state information).

static-length subnet mask (SLSM) See SLSM.

subinterface One of the virtual interfaces on a single physical interface.

subnet A subdivision of a Class A, B, or C network, as configured by a network administrator. Subnets allow a single Class A, B, or C network to be used and still allow for a large number of groups of IP addresses, as is required for efficient IP routing.

subnet broadcast address A special address in each subnet—specifically, the largest numeric address in the subnet—designed so that packets sent to this address should be delivered to all hosts in that subnet.

subnet mask A 32-bit number that describes the format of an IP address. It represents the combined network and subnet bits in the address with mask bit values of 1 and represents the host bits in the address with mask bit values of 0.

subnet prefix In IPv6, a term for the prefix that is assigned to each data link, acting like a subnet in IPv4.

successor In EIGRP, the route to reach a subnet that has the best metric and should be placed in the IP routing table.

summary LSA In OSPFv2, a type of LSA, created by an Area Border Router (ABR), to describe a subnet in one area in the database of another area.

summary route A route created via configuration commands to represent routes to one or more subnets with a single route, thereby reducing the size of the routing table.

supplicant With IEEE 802.1x, the end-user device that uses an 802.1x client to listen for messages asking for its identification and then supplies that identification when asked.

switch A network device that filters, forwards, and floods frames based on each frame’s destination address. The switch operates at the data link layer of the Open System Interconnection (OSI) reference model.

switch abstraction The fundamental idea of what a switch does, in generalized form, so that standards protocols and APIs can be defined that then program a standard switch abstraction; a key part of the OpenFlow standard.

switch stacking A switch technology that connects a small set of switches using a specialized stacking module and stacking cable hardware, along with control software used on each switch, so that the switches collectively act as one logical switch rather than separate switches.

switched port A port on a multilayer Cisco switch or a Layer 2 switch, configured with the normal default interface setting of switchport, that tells the switch to treat the port as if it were a Layer 2 port, resulting in the switch performing switch MAC learning, Layer 2 forwarding, and STP on that interface.

Switched Port Analyzer (SPAN) The Cisco switch feature that allows the network engineer to configure the switch to monitor a subset of frames that the switch forwards, to copy those frames, and to send the copies out a specified destination port.

switched virtual interface (SVI) Another term for any VLAN interface in a Cisco switch. See also VLAN interface.

Switching Database Manager (SDM) A formal term for a Cisco IOS switch feature that allows the user to reconfigure some settings (with the sdm prefer global command) about how the switch’s forwarding matches messages and how it allocates TCAM memory to store tables such as Layer 2 MAC address tables and Layer 3 routing tables.

synchronous The imposition of time ordering on a bit stream. Practically, a device tries to use the same speed as another device on the other end of a serial link. However, by examining transitions between voltage states on the link, the device can notice slight variations in the speed on each end and can adjust its speed accordingly.

syslog A server that takes system messages from network devices and stores them in a database. The syslog server also provides reporting capabilities on these system messages. Some syslog servers can even respond to select system messages with certain actions such as emailing and paging.

System ID Extension The term for the formatting applied to the original 16-bit STP priority field to break it into a 4-bit priority field and a 12-bit VLAN ID field.

T3 A line from the telco that allows transmission of data at 44.736 Mbps, with the capability to treat the line as 28 different 1.544-Mbps DS1 (T1) channels, plus overhead.

TACACS+ A security protocol often used for user authentication as well as authorization and accounting, often used to authenticate users who log in to Cisco routers and switches.

tail drop Packet drops that occur when a queue fills, another message arrives that needs to be placed into the queue, and the networking device tries to add the new message to the tail of the queue but finds no room in the queue, resulting in a dropped packet.

TCAM See ternary content-addressable memory.

TCP synchronization An effect that happens across many TCP connections whose segments cross the same congested link. The TCP connections increase their windows, the connections send more and more traffic, the link fills, the output queues fill, tail drops occur, causing TCP windows to quickly shrink, resulting in slower data transfer for the TCP connections and an underutilized link for a short period of time. The process can repeat, with the TCP connections synchronized.

TCP window The mechanism in a TCP connection used by each host to manage how much data the receiver allows the sender to send to the receiver.

telco A common abbreviation for telephone company.

ternary content-addressable memory (TCAM) A type of physical memory, either in a separate integrated circuit or built into an ASIC, that can store tables and then be searched against a key, such that the search time happens quickly and does not increase as the size of the table increases. TCAMs are used extensively in higher-performance networking devices as the means to store and search forwarding tables in Ethernet switches and higher-performance routers.

time interval (shaper) Part of the internal logic used by a traffic shaping function, which defines a short time period in which the shaper sends packets until a number of bytes are sent, and then the shaper stops sending for the rest of the time interval, with a goal of averaging a defined bit rate of sending data.

Top of Rack (ToR) switch In a traditional data center design with servers in multiple racks, and the racks in multiple rows, a switch placed in the top of the rack for the purpose of providing physical connectivity to the servers (hosts) in that rack.

topology database The structured data that describes the network topology to a routing protocol. Link-state and balanced hybrid routing protocols use topology tables, from which they build the entries in the routing table.

traceroute A program available on many systems that traces the path that a packet takes to a destination. It is used mostly to debug routing problems between hosts.

triggered update A routing protocol feature in which the routing protocol does not wait for the next periodic update when something changes in the network, instead immediately sending a routing update.

trunk In campus LANs, an Ethernet segment over which the devices add a VLAN header that identifies the VLAN in which the frame exists.

trunk interface A switch interface configured so that it operates using VLAN trunking (either 802.1Q or ISL).

trunking Also called VLAN trunking, a method (using either the Cisco ISL protocol or the IEEE 802.1Q protocol) to support multiple VLANs that have members on more than one switch.

trunking administrative mode The configured trunking setting on a Cisco switch interface, as configured with the switchport mode command.

trunking operational mode The current behavior of a Cisco switch interface for VLAN trunking.

trust boundary When thinking about a message as it flows from the source device to the destination device, the trust boundary is the first device the message reaches for which the QoS markings in the message’s various headers can be trusted as having an accurate value, allowing the device to apply the correct QoS actions to the message based on the marking.

trusted port A switch port configured with DHCP snooping that may receive frames from DHCP servers, so that the DHCP snooping feature should trust all incoming DHCP messages.

tunnel interface A virtual interface in a Cisco router used to configure a variety of features, including generic routing encapsulation (GRE), which encapsulates IP packets into other IP packets for the purpose of creating VPNs.

Type of Service (ToS) In the original definition of the IP header, a byte reserved for the purpose of QoS functions, including holding the IP Precedence field. The ToS byte was later repurposed to hold the DSCP field.

Unified Computing System (UCS) The Cisco brand name for their server hardware products.

unique local unicast address A type of IPv6 unicast address meant as a replacement for IPv4 private addresses.

untrusted port A configuration choice for a switch port configured with DHCP snooping and that should never receive frames from DHCP servers. This setting causes the DHCP snooping feature to discard all incoming messages that only a DHCP server would have sent, along with any other DHCP message matching logic that causes the filtering of other incoming DHCP messages.

update timer The time interval that regulates how often a routing protocol sends its next periodic routing updates. Distance vector routing protocols send full routing updates every update interval.

user network interface (UNI) A term used in a variety of WAN standards, including carrier/Metro Ethernet, that defines the standards for how a customer device communicates with an service provider’s device over an access link.

variance A value used in routing protocol decisions by EIGRP. EIGRP computes its metric in a way such that for different routes, the calculated metric seldom results in the exact same value. The variance value is multiplied with the lower metric when multiple routes to the same subnet exist. If the product is larger than the metrics for other routes, the routes are considered to have “equal” metric, allowing multiple routes to be added to the routing table.

virtual-access interface A virtual interface inside a Cisco router, created by IOS’s PPPoE function to act as the Layer 2 interface, with its Layer 2 PPP parameters being built from the configuration listed on an associated dialer interface.

virtual CPU (vCPU) In a virtualized server environment, a CPU (processor) core or thread allocated to a virtual machine (VM) by the hypervisor.

virtual IP address For any FHRP protocol, an IP address that the FHRP shares between multiple routers so that they appear as a single default router to hosts on that subnet.

virtual LAN (VLAN) A group of devices connected to one or more switches that are grouped into a single broadcast domain through configuration. VLANs allow switch administrators to place the devices connected to the switches in separate VLANs without requiring separate physical switches. This creates design advantages of separating the traffic without the expense of buying additional hardware.

virtual MAC address (vMAC) For any FHRP protocol, a MAC address that the FHRP uses to receive frames from hosts.

virtual machine An instance of an operating system, running on server hardware that uses a hypervisor to allocate a subset of the server hardware (CPU, RAM, disk, and network) to that VM.

virtual network function (VNF) Any function done within a network (for example, router, switch, firewall) that is implemented not as a physical device but as an OS running in a virtualized system (for instance, a VM).

virtual NIC (vNIC) In a virtualized server environment, a network interface card (NIC) used by a virtual machine, which then connects to some virtual switch (vSwitch) running on that same host, which in turn connects to a physical NIC on the host.

virtual private network (VPN) A set of security protocols that, when implemented by two devices on either side of an unsecure network such as the Internet, can allow the devices to send data securely. VPNs provide privacy, device authentication, anti-replay services, and data integrity services.

Virtual Router Redundancy Protocol (VRRP) A TCP/IP RFC protocol that allows two (or more) routers to share the duties of being the default router on a subnet, with an active/standby model, with one router acting as the default router and the other sitting by waiting to take over that role if the first router fails.

virtual switch (vSwitch) A software-only virtual switch inside one host (one hardware server), to provide switching features to the virtual machines running on that host.

VLAN See virtual LAN.

VLAN configuration database The name of the collective configuration of VLAN IDs and names on a Cisco switch.

VLAN interface A configuration concept inside Cisco switches, used as an interface between IOS running on the switch and a VLAN supported inside the switch, so that the switch can assign an IP address and send IP packets into that VLAN.

VLAN Trunking Protocol (VTP) A Cisco-proprietary messaging protocol used between Cisco switches to communicate configuration information about the existence of VLANs, including the VLAN ID and VLAN name.

vlan.dat The default file used to store a Cisco switch’s VLAN configuration database.

VLSM Variable-length subnet mask(ing). The ability to specify a different subnet mask for the same Class A, B, or C network number on different subnets. VLSM can help optimize available address space.

voice VLAN A VLAN defined for use by IP Phones, with the Cisco switch notifying the phone about the voice VLAN ID so that the phone can use 802.1Q frames to support traffic for the phone and the attached PC (which uses a data VLAN).

VoIP Voice over IP. The transport of voice traffic inside IP packets over an IP network.

VPN See virtual private network.

VPN client Software that resides on a PC, often a laptop, so that the host can implement the protocols required to be an endpoint of a VPN.

VTP See VLAN Trunking Protocol.

VTP client mode One of three VTP operational modes for a switch with which switches learn about VLAN numbers and names from other switches, but which does not allow the switch to be directly configured with VLAN information.

VTP pruning The VTP feature by which switches dynamically choose interfaces on which to prevent the flooding of frames in certain VLANs, when those frames do not need to go to every switch in the network.

VTP server mode One of three sets of operating characteristics (modes) in VTP. Switches in server mode can configure VLANs, tell other switches about the changes, and learn about VLAN changes from other switches.

VTP synchronization The process by which switches that use VTP exchange VTP messages and realize that one switch now has an updated VLAN configuration database (one that has a higher revision number), resulting in messages that allow the rest of the switches to learn the contents of that updated configuration database.

VTP transparent mode One of three operating characteristics (modes) in VTP. Switches in transparent mode can configure VLANs, but they do not tell other switches about the changes, and they do not learn about VLAN changes from other switches; however, they can pass VTP messages between other switches that use VTP server and client modes.

WAN link Another term for leased line.

WAN service provider A company that provides private WAN services to customers; the company may have a heritage as a telco or cable company.

wildcard mask The mask used in Cisco IOS ACL commands and OSPF and EIGRP network commands.

wireless access point (AP) A wireless LAN device that provides a means for wireless clients to send data to each other and to the rest of a wired network. The wireless access point connects to both the wireless LAN and the wired Ethernet LAN.

write community See read-write community.