Commentary on the 3rd year II Examination Question 1 "Network's main technology and renewal work" (1)

current location

Think IT > カテゴリ一覧 > 働き方 > 資格・試験PR資格・試験技術解説連載 [第5回] :ネットワークスペシャリスト試験完全制覇への道 for 20222022年2月24日(木) 加藤裕Tweet

At the beginning

This time, we will explain the question 1 of the Network Specialist II II Examination in the 3rd year of the 3rd year.You can download the exam questions here.Afternoon II exams a lot of questions and questions, and it takes time to answer, but please try it out.

Explanation of the afternoon II exam question 1

Question 1 has a wide range of issues related to the main technologies of networks and networks, such as STP/RSTP, stack functions, and link aggregation.When the configuration of the question sentence in Question 1 is confirmed, it is composed of a paragraph separated by six brackets ([]) in addition to the opening explanation.There are many paragraphs and the topics handled in each paragraph compared to the afternoon exam, so be careful not to overlook the content and the flow of topics.

Table 1: The paragraph name and the starting place of Q1

段落名	開始場所
社内システムの概要	2ページ6行目
現行の内部NW調査	4ページ6行目
RSTPを用いる方式	5ページ26行目
スイッチのスタック機能を用いる方式	7ページ6行目
新社内システムの構成設計	7ページ19行目
新社内システムへの移行の検討	8ページ1行目

Let's explain questions 1 to 6.

It is a problem of filling in DNS and VRRP.As before, the answer will be derived from the front and rear sentences.

It is a problem that considers the information to be notified by the DHCP server.The 21st line of page 3 states, "The information of the IP address of the name resolution is notified to the PC."Since the device to be requested for the name solution is a DNS server, check the device name of the DNS server used by the PC.This is described in the 6th and 8th rows of page 3 to the eighth line, "internal DNS server is transferred (abbreviated)", and it can be read that the PC uses the internal DNS server.Therefore, the answer is [internal DNS server].Don't overlook the answer in the terms of the question "Equipment name in Fig. 1".

This is a problem related to the STP route bridge selection.The route bridge is determined by the 64 -bit bridge ID value connected to the top 16 -bit bridge priority value and the lower 48 -bit MAC Ados.Therefore, if the bridge priority value is the same value, a small device with a MAC address will be selected as the root bridge.

Also, if the L2SW3 is selected as the root bridge, the link between L3SW1 and L3SW2 will not be able to communicate due to the blocking state.If you check the 13th to 16th lines of page 3 pages, you can pass VLAN10, VLAN11, VLAN101 and 103 between L3SW1 and L3SW2, but you can only pass VLAN101 to VLAN103 between L2SW3 and L3SW.In other words, VLAN10 (FW-L3SW subnet) and VLAN11 (internal server containment subnet) will not be able to exchange information on VRRP.Therefore, the answer to the comparison is [MAC address], the subnet is [FW-L3SW subnet] and [internal server containment subnet].Be careful not to overlook the condition of "Answer all using the subnet name in Fig. 1".

Figure 1: Flow of communication when L2SW3 is selected as a root bridge in Fig. 1.

It is a problem of filling in the basic mechanism of STP.

RSTP operation.RSTP has a mechanism to quickly recover communication even if the topology changes, and one of them is a mechanism to replace proposal and aggregation (hand shake).In this mechanism, if the topology changes and the upper switch is unknown, the link is changed to the specified port and the proposal BPDU is replaced.Then, compare the bridge priority value and pass cost information that arrived with your own information, if the opposite side determines that it is a higher -level switch (bridge priority value and pass cost), the agreement will be sent and the specified port is route port.Change to.In this way, it transitions quickly to a state where communication is possible.Therefore, the answer example is [Top switch].

RSTP's functional problem.The mechanism to realize the status of underlin (3) is described in (1) to (4) in Table 3 and 6 pages 9th to 7th lines (1) to (4).Consider the answer by referring to these.Answer example is [because the alternative port for port failure is determined in advance] [because there is no transfer delay and the port state transition is performed].Since it is necessary to answer the function of general RSTP as a reference in the text, it is likely that the answer will be correct even if it is not described as an answer example.

Commentary on the 3rd year II Examination Question 1

It is a problem with the switch function of the switch.The stack function refers to a function that connects multiple devices as a single logical device by connecting multiple devices with a stack cable, as described in lines 10 to the 11th line.The questions require the reason for reducing the operation load, but this is that two new L3SW1 and the new L3SW2 are treated as one of the stack L3SW, and the underlined parts ④ "Collection of switches and composition management, etc.Think by linking "maintenance management".Therefore, the answer example is [because two L3SW can be managed as one switch].

It is a problem to search for sections that effectively use the line bandwidth by the stack function.The function to achieve effective use of line bandwidth is the link aggregation function.Since this function is set between the stack L3SW and the new L2SW, the line band can be used effectively.Therefore, if you look for another section where the link aggregation function is used from Figure 3 on page 8, it will be the answer.Therefore, the answer is [Stack L3SW -New Director Server] or [Stack L3SW -New internal DNS server].

Fig. 2: A section that can effectively use the stack L3SW and line bandwidth in Fig. 8

It is a problem to compare and consider the features of network technology.STP and RSTP can achieve two functions: a function to redeem the line and the (L2) link loop.In response to these functions, the lines are redundant in the configuration of page 8 on page 8 with stack function and link aggregation.In addition, the stack function and link aggregation do not have a function to prevent link loops, but there is no problem in FIG.The loop is not configured because it is treated as a cable).We will answer these together.Therefore, the answer to the two technologies is [Stack] and [Link Agggin], and the answer for the reason is [because there is no loop].

It is a problem to consider the flow of communication in Figure 4 on page 9.In Figure 4, you can see that the route from the current directory server to the new directory server will via the L3SW1 and the stack L3SW.Also, checking the information on VLANs shows that the current directory server belongs to VLAN11 from Table 1 of page 1, and that the new directory server belongs to VLAN11 from 10 page 5.Although it is via L3SW, the current directory and new directory server belongs to the same segment, and you can see that you can send and receive data at the L2 level.Therefore, the answer to the source MAC address is [Current Directory Server], and the answer to the destination MAC address is [New directory server].

Figure 3: Communication from the current directory server to the new directory server (Fig. 4 on page 2 on page 2 and 9)

It is a problem to consider the flow of communication in page 9 4.The idea is the same as (1).From Figure 1 on page 2, it can be read that the current PC belongs to any of VLAN101-103, and from Table 5 and Table 6 on Table 6, the new FW1 and the new FW2 are VLAN10, and the newly released Web server is VLAN.It can be read that it is nothing.From these information, it can be found that the communication between the current PC and the new public web server is routed to a network without VLAN101 ~ VLAN103 → VLAN11 → VLAN10 → VLAN.That is, the MAC address of each L3SW is used for communication that flows between the current L3SW1 and the stack L3SW.Therefore, the answer to the source MAC address is [current L3SW1], and the answer to the destination MAC address is [Stack L3SW].

Figure 4: Communication from the current PC to the new public web server (synthesizes 2 pages and 9 on page 9)

This is a problem that finds an IP address that can be assigned to the new public web server.From the underlined part of page 9 and Table 5 on page 10, the new public web server is 172.16.254.You can see that you belong to the 0/24 network.172.16.254.0/24 can be confirmed in Table 1 on page 4, but it is used on the current public web server or external DNS server (172).16.254.10-172.16.254.Use 100 range).

As shown in Figure 4 on page 9, the new public web server exists in the network via the stack L3SW, the new FW1, and the new FW2, so it is necessary to distribute and route communication to the current public web server and the new public web server.there is.You can check this routing information on Table 6 and Table 7 on page 10.Specifically, the first line of the stack L3SW1 in Table 6 and the FW1, FW2, L3SW1, and L3SW2 in Table 7 (172).16.254.128/25) information.Due to this static routing information, L3SW1, L3SW2 → Stack L3 switch → New FW1, new FW2 routing will be realized.172.16.254.The range of 128/25 is 172.16.254.128 to 172.16.254.For 254, the answer is [172.16.254.128-172.16.254.254].In addition, 172.16.254.The 255 is excluded when answering because it is a broadcast address.

It is a problem to consider the purpose of system switching work.In the underlined section ⑨, the LAN cable between the current FW1, FW2, L2SW1, and L2SW2 is pulled out, so we will consider this effect.Focusing on the default gateway such as a public web server in Table 1 on page 4, the interface on FW1, FW2 L2SW1, and L2SW2 side is 172..16.254.You can see that you are using the virtual IP address of 1.

Focusing on the default gateway such as the new public web server in Table 5 on page 10, the interface on the new FW1, the new FW2 new L2SW1, and the new L2SW2 side are 172..16.254.I am using the virtual IP address of 1.Therefore, when the network is connected as it is, it is 172..16.254.1 will overlap.So we work on the underlined part ⑨.By performing this work, FW1 and FW2 172.16.254.1 is unused, new FW1, new FW2 172.16.254.1 can be used without overlapping.Therefore, the answer example is [the current FW and the new FW virtual IP address overlap.].

It is a problem to consider the contents of the system switching work as in (4).By setting the underlined part of page 11, the flow of communication from the Internet to the current public web server will be the Internet → New Router 1 → New L2SW0 → New FW1 → New L2SW1 → L2SW1 → Public Web server.In addition, the first and third lines of page 10 are described as "New FW1 and new FW2 set (abbreviated) static NAT".Therefore, in order to switch communication from the Internet from a new public web server to the current public web server, it seems that it can be realized by changing the information of the static NAT registered in the new FW1 and the new FW2.

Therefore, the answer example of the change is [Change the IP address after the static NAT conversion from the new public web server to the current public web server IP address], etc.1 → New L2SW0 → New FW1 → New L2SW1 → L2SW1].In addition, there is no need to describe it as a device via FW2 because there is a description in the 17th line of page 9 that "New FW1 and New FW2 are operating in an active/standby state".

Figure 5: Flow of communication from the Internet to the web server (synthesized in Fig. 1 and 9 on page 9)

It is a problem to consider logs that can be confirmed on the new FW.In the second to fourth line of the question, it is described as "The new public web server (abbreviated) is not recorded." This is likely to be a hint.When a client on the Internet accesses the web server, it usually specifies FQDN (Fully Qualified Domain Name) as a destination, so that the first communication with DNS will occur.This communication is performed as a new public DNS server.Then, the client on the Internet generates the web communication with the IP address obtained by the name resolution.This communication is performed as a new public web server.There are two communications required for the question, so we will answer them together.Answer example is [Web communication to the new public web server] and [DNS communication to the new public DNS server].

It is a problem to consider the IP address to be set in the stack L3SW.L3SW1 and L3SW2 and L3SW2 and L3SW use the IP address information used in the VLAN11 VLAN interface, based on the next Next hop information of the stack L3SW on Table 6 on Table 6 and the Next hop information of L3SW1 and L3SW2 in Table 7.You can read it.Specifically, 172 for L3SW1 and L3SW2.17.11.1 is 172 on the stack L3SW.17.11.101 is assigned each.Then, by performing the configuration change work described before and after [g], information such as IP address assigned to L3SW1 and L3SW2 is deleted.

However, as it is, 172.17.11.The new directory server and the new internal DNS server, which use 1 as the default gateway, will not be able to communicate.To avoid this, 172 in the stack L3SW.17.11.You need to assign 1.Therefore, the answer is [172.17.11.1].In addition, the stack L3SW used 172.17.11.101 uses only L3SW1 and L3SW2, so you do not need to keep it.Therefore, the change work is 172..17.11.101 172.17.11.It is changed to 1.

The problem with the role of the DHCP GIADDR field.GIADDR (GATEWAY IP Address) is used as a field to identify the source network address when DHCP relay agents are used in the exchange of DHCP packets.Usually, the IP address of the interface where the DHCP relay agent received the DHCP packet is included.The DHCP server determines the scope and IP address to be assigned by checking GIADDR.Therefore, the answer example is [to identify the subnet where the PC is housed, assign an IP address from the corresponding DHCP scope].

in conclusion

This time, I picked up and explained the Ⅱ exam question 1 in the 3rd year of the 3rd year.In the afternoon II exam, the amount of questions and questions compared to the afternoon exam, and it tends to take time to find the information necessary for answering the answer from the sentence.As a result, the test time is 2 hours, but it is quite possible that if you take too much time to read the question, you will lose time.It is a good idea to work on some past questions by the exam, check the time allocation and organize the read information.

Next time, we will take up the way of thinking and solving of the 3rd year of the 3rd year of the II exam question 2.

Tweet 情報処理技術者試験 / ネットワークスペシャリスト / 午後II / IPA前の記事第4回Explanation of "Network settings and design problems"著者加藤裕この著者の記事一覧この著者の記事一覧NECマネジメントパートナー株式会社人材開発サービス事業部2001年日本電気株式会社入社。ネットワーク機器の販促部門を経て教育部門に所属。主にネットワーク領域の研修を担当している。インストラクターとして社内外の人材育成に努めているほか、研修の開発・改訂やメンテナンスも担当している。

Serial back number

資格・試験技術解説第5回