Sunday, 27 April 2014

CONFIGURE DNS SERVER ON CISCO ROUTER

How To Configure DNS Server On A Cisco Router?
The DNS protocol is used to resolve FQDN (Fully Qualified Domain Names) to IP addresses around the world. This allows us to successfully find and connect to Internet websites and services no matter where they are. Its usefulness, however, doesn't stop there: local company and private networks also rely on DNS to operate efficiently and correctly.

In many cases, where a local DNS server is not available, we are forced to either use our ISP's DNS servers or some public DNS server, however, this can sometimes prove troublesome. Today, small low-end routers have the ability to integrate DNS functionality, making life easier, but so do Cisco routers - they simply have to be setup and you're done.

We will show you how to configure your Cisco router to provide DNS services to your network, and make all clients use it as a DNS server. Our easy to follow step-by-step process ensures you'll understand the process and have it running within minutes.

Example Scenario
Consider the following network diagram. This is our example network, we'd like to enable the DNS Service so our workstations can properly resolve Internet domains but also local network names.

First step is to enable the DNS service and domain lookup on the router:
R1# configure terminal
R1(config)# ip dns server
R1(config)# ip domain-lookup

Next, we need to configure the router with a public name-server, this will force the router to perform recursive DNS lookups, in other words, for every request it receives from our workstations the router will try to find the answer by asking as many DNS servers it needs, and finally return with an answer:
R1(config)# ip name-server 4.2.2.5
R1(config)# ip name-server 4.2.2.6

The Cisco IOS will allow you to enter up to 6 different name servers (essentially DNS servers). Usually you would use your ISP's DNS server to ensure you have quick responses, then place a few free public DNS servers such as the ones above. This will ensure that you'll get a DNS response from either your ISP or public DNS servers.

Next step is to configure your DNS server with the host names of your local network, this way when Alan's PC trys to ping or connect to Wayne, the router will successfully resolve its netbios name to the appropriate IP address:
R1(config)# ip host alan 192.168.1.10
R1(config)# ip host john 192.168.1.11
R1(config)# ip host wayne 192.168.1.12

If you now try to ping 'wayne' directly from your router's CLI prompt, you should receive an answer:
R1# ping wayne

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

DIFFERENCE BETWEEN TCP AND UDP

TCP vs UDP
The flow of traffic across the Internet is on the basis of protocols which are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
While TCP is more popular across the Internet, the UDP cannot be rendered completely redundant. TCP allows error correction but UDP does not. In the case of TCP, there is a guarantee of the data delivery at the download or address point. This is made possible by ‘flow control’ which determines the requirement for resending data. Flow control also checks and stops the transmission of data unless previous packets have been successfully delivered. This is based on the process in which the client can request a resending of a particular packet from the server until the entire packet has been received as in its original form.

UDP is also common but it cannot be relied upon for sending important data like secure files, important webpages etc. It is used mostly for streaming media including audio and video. UDP is faster than TCP and media players work best with it. There is no flow control or error correction but the speed is far greater so despite streaming media not being of high quality, it can be viewed properly with UDP.

TCP is safer as compared to UDP as the latter serves as an adequate cover for viruses. TCP also has a complicated frame structure. In case of UDP, the operating system has to do very little work to translate the data.

UDP is connection less while TCP is connection-oriented which requires the latter protocol to establish full connection between the receiver and the sender. The connection needs to be closed after the transfer is complete to free up system resources that were being used by the protocol. UDP requires no authorization and is okay for free-floating dissemination of data.

DIFFERENCE BETWEEN IPV4 AND IPV6

Difference between IPV4 and IPV6





















IPv4
Defined in RFC 791
This is a 32 bit number to identify hosts. So the total address space is 232 which is nearly equal s to 4×109. IP is operated in classful and classless concepts to overcome the shortage of addresses. Classful network is an addressing plan to identify the network and the hosts of the networks. IPv4 has 5 classes A, B, C, D and E. In class A, first 8bits of 32 bits identifies the network and Class B it’s the first 16 bits and in class C it’s 24 bits. If you consider a class C address first 24 bits identify the network part and the last 8 bits to identify the hosts in that particular network. In theory, a class C network can contain only 28 which is 256 hosts.

Because of the limitation of address space, CIDR (Classless Inter-Domain Routing) is introduced in 1993. Rather having a fixed network part and host part, CIDR introduces variable length of network and host part with relevant subnet masks.

IPv6
Defined in RFC 2460
IPv6 is introduced to overcome the shortage of IP address space. IPv6 is a 128 bit number with address space of 2128 (about 3.4×1038). This gives the flexibility to overcome the addressing space issues and routing traffic.
Address Format:

Here in IPv6 first 64 bits defines the network part and the rest of the 64 bits is host address part. IPv4 is represented in 4 blocks of 8 bit binary whereas IPv6 is represented by 8 groups of 16 bit hexadecimal values separated by colons.
Example: 2607:f0d0:1002:0051:0000:0000:0202:0004

Further for easy use, it can be abbreviated with the following rules
(1) Leading zeroes within a 16-bit value may be omitted
(2) Single occurrence of consecutive groups of zeroes within an address may be replaced by a double colon
So 2607:f0d0:1002:0051:0000:0000:0202:0004 can be written as follows
2607:f0d0:1002:0051:0000:0000:0202:0004
2607:f0d0:1002:0051::202:4

Main features of IPv6
(1) Large address space, since it’s 128 bit
(2) Enhanced supports to Multicast
(3) Support for Network Layer Security
(4) Mobility Supported
(5) Extensible header if necessary
(6) Bigger Size payloads supported in IPv6 if network supports bigger MTU. 

Summary:
(1) IPv4 is 32bit address space where as IPv6 has 128bit address space.
(2) CIDR was introduced for optimized usage of IPv4
(3) IPv4 format is four Octect and IPv6 is 8 block Hexadecimal.
(4) Even though IPv4 supports limited multicast, IPv6 is extensively supporting Multicast
(5) IPv6 avoid triangular routing, since it supports Mobility
(6) IPv6 supports bigger payload than IPv4
(7) IP tunneling is used for IPv4 and IPv6 interconnection at the moment.

DIFFERENCE BETWEEN TELNET AND SSH

Difference Between Telnet and SSH
Secure Shell, commonly known as SSH, and Telnet are two network protocols that have been used widely at one point in time or another. They are both used to connect to remote servers in order to facilitate some sort of communications. The primary difference, which also led to one superseding the other, is in security. SSH offers security mechanisms that protect the users against anyone with malicious intent while Telnet has no security measures whatsoever.

Telnet was designed to work within a private network and not across a public network where threats can appear. Because of this, all the data is transmitted in plain text, including passwords. This is a major security issue and the developers of SSH used encryptions to make it harder for other people to sniff the password and other relevant information. Telnet also omits another safety measure called authentication. This ensures that the source of the data is still the same device and not another computer. Without authentication, another person can intercept the communication and do what he wishes. This is also addressed in SSH as it uses a public key to authenticate the source of the data. 

Due to the security measures that were necessary for SSH to be used in public networks, each packet contains less data to make room for the data of the security mechanisms. In order to transmit the same amount of data, you would need to take-up a lot more bandwidth. This is called overhead and was such a major issue back when internet speeds were very low because it translates to a performance hit.

The security issues of Telnet forced a lot of people to use SSH in order to protect themselves. It didn’t take a long time before SSH replaced Telnet in a great majority of its uses. Telnet did not fade away though as it is still used in some areas, mostly in testing and debugging. Telnet extensions were developed to provide security but they are not used in most Telnet implementations.

Summary:
1. SSH and Telnet commonly serves the same purpose
2. SSH is more secure compared to Telnet
3. SSH encrypts the data while Telnet sends data in plain text
4. SSH uses a public key for authentication while Telnet does not use any authentication
5. SSH adds a bit more overhead to the bandwidth compared to Telnet
6. Telnet has been all but replaced by SSH in almost all uses.

Saturday, 26 April 2014

CREATE RESERVATIONS IN CISCO DHCP SERVER

How to create reservations in Cisco DHCP Server?
If you want to configure a DHCP reservation on a switch or router, gather the MAC address of the device. If you are unsure of the MAC address of the device, you can find the current IP address and issue the following commands to get the MAC address and clear the DHCP binding before you create the pool.

show ip dhcp binding | include 10.11.12.4
clear ip dhcp binding 10.11.12.4 

Next, run the following commands to setup the reservation.
core.3750(dhcp-config)# host 192.168.135.53 255.255.255.0

NOTE: This command may not be used with network, origin, vrf or relay pools.
So, this is what we set up instead.
ip dhcp pool pool135
network 192.168.135.0 255.255.255.0
default-router 192.168.135.1
domain-name sctc.local
dns-server 192.168.235.249 192.168.235.4
address 192.168.135.56 hardware-address 0000.74b8.6481
address 192.168.135.65 hardware-address 0000.74b8.6522
address 192.168.135.53 hardware-address 0000.74b8.6523

It does not look that complicated, but the three devices listed took .2, .3, and .4 when they were restarted.

HOW TO SECURE A CISCO ROUTER

How to secure a Cisco Router?
Before you begin, keep a copy of your present, working router configuration in pristine condition. Save the edited configuration to a new file. The same goes for IOS code. Make sure you have a full copy of the version you're running before you upgrade.

1. Upgrade IOS. Upgrade to the latest stable code version available for your router. Like other operating systems, Cisco IOS is upgraded for various reasons including to fix security flaws. 

2. Generate an rsa crypto-key. If your router code supports cryptography, enter the following commands to create a crypto-key for later use with SSH (if your router does not support cryptography, you will receive an error when you try to enter the commands):
hostname [enter a hostname for your router]
ip domain-name [enter your domain name i.e. mydomain.com]
crypto key generate rsa
If it works, the router will process the command for a moment then ask you how many bits the modulus should be. If permitted by you local laws regarding cryptograpy, enter 1024. If not, enter the largest number you are entitled to use. 

3. Disable unneeded services. There are many services that are enabled by default on Cisco routers. Each can provide information an attacker can use. There is a free utility called Yersinia that can be used to obtain Cisco Discovery Protocol (CDP) information over the Internet for example.
Global commands:
no service tcp-small-servers
no service udp-small-servers
no service dhcp 
no ip bootp server
no service finger
no ip http server [you may not want to enter this command if you use Adaptive Security Device Manager (ASDM) to manager your router over HTTP] 
no ip http secure-server [you may not want to enter this command if you use ASDM to manager your router over HTTPS] 
no snmp-server 
no cdp run
no service config
no ip gratuitous-arps 
no ip source-route
ip options drop 
Interface commands (enter these on each interface in use):
no ip directed-broadcast
no ip unreachables
no ip redirects 
no ip mask-reply
no ip proxy-arp 
In addition to the above, the shutdown command should be applied to interfaces that are not in use.

4. Enable 'good' services. Some beneficial services are not enabled by default. We'll turn them on:
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec show-timezone localtime
service timestamps log datetime msec show-timezone localtime 

5. Secure local and remote access.
Console line configuration:
line con 0
exec-timeout 5 0
login
Auxiliary line configuration (should be disabled unless needed for remote access):
line aux 0
no exec
exec-timeout 0 10
transport input none 
VTY lines (virtual lines for remote access over the network):
line vty 0 4
exec-timeout 5 0
login
transport input telnet ssh
(If you can configure SSH for remote access, it is recommended that you remove the word telnet from the above command and only use SSH for remote access.)

6. Set and secure passwords. 
service password-encryption
enable secret 0 [enter your password here]
Console line
line con 0
password [enter your password here] 
Auxiliary Line
line aux 0
password [enter your password here] 

7. Enable and configure logging. Ideally, logs should be sent to a hardened syslog server so they cannot be tampered with and so they are more permanent. Local logs are deleted whenever the router is rebooted. We will configure local logging here though.
logging enable
logging buffered 16000
logging console critical
logging trap informational

DIFFERENCE BETWEEN IPSEC AND GRE

Difference Between IPSEC and GRE
A computer network consists of a group of two or more computers or other electronic devices that are connected to each other which allow them to share information and resources. There are three types of networks, namely: Internet, Intranet, and Extranet.

There are also several different networking methods: Local Area Network (LAN) which is used in a small area like in a building; Metropolitan Area Network (MAN) which is used in cities; Wide Area Network (WAN) which is used in a large area, and Wireless LANs and WANs.

These networks, especially those using the Internet, utilize communications protocol to transmit packets of data to be shared by the different users of the network. A packet contains control information which supplies information needed for data delivery, error detection, and user data or payload.

One such packet is the Internet Protocol (IP) packet which is the primary protocol of the Internet. It routes packets between computers or devices in a network using IP addresses. By using packets, networks can obtain multiple host addressing and error detection. To secure IP communications, a protocol suite is needed to encrypt and authenticate all IP packets of a session. Some of the Internet security systems are: Secure Sockets Layer (SSL), Secure Shell (SSH), Transport Layer Security (TLS), and Internet Protocol Security (IPsec). 

IPsec is used to protect data shared between two hosts, two security gateways, or a gateway and a host. Unlike other security systems, it can be used even in applications that are not designed to use it. At the start of a session, IPsec allows agents to establish mutual authentication and agreement of cryptographic keys that are to be used during the session.

It can be applied in both host-to-host transport mode and network-tunnel mode. It is open standard and performs several operations by using these protocols: Authentication Header (AH) which protects against replay attacks, Encapsulating Security Payloads (ESP) which gives confidentiality, and Security Associations (SA) which provide data for AH and ESP operations.

Generic Routing Encapsulation (GRE), on the other hand, is a tunneling protocol that is used to carry other routed protocols in an IP network as well as IP packets in an IP network. It is stateless and has no flow control mechanisms.

While IPsec offers confidentiality through authentication, GRE offers less security. GRE also has additional overhead byte headers that can cause delays in the routing and forwarding of packets. While IPsec can send packets, it cannot send routing protocols like GRE can.

Summary:
1.IPsec stands for Internet Protocol Security while GRE stands for Generic Routing Encapsulation.
2.IPsec is the primary protocol of the Internet while GRE is not.
3.GRE can carry other routed protocols as well as IP packets in an IP network while Ipsec cannot.
4.IPsec offers more security than GRE does because of its authentication feature.
5.GRE has more overhead byte headers which can affect the routing and forwarding of packets while IPsec does not.

DIFFERENCE BETWEEN OSI AND TCP IP

Difference between OSI and TCP IP Model
TCP/IP is a communication protocol that allows for connections of hosts to the internet. OSI, on the other hand, is a communication gateway between the network and the end users. TCP/IP refers to Transmission Control Protocol used in and by the applications on the internet. This protocol can borrow its roots from the Department of Defense, which developed it to allow different devices to be connected to the internet. OSI, on the other hand, refers to Open Systems Interconnection, a communication gateway developed by the International Organization for Standardization (ISO).

Just what differences are there among the two? First off is the model of implementation on which each is developed. TCP/IP comes from the implementation of the OSI model, which led innovation in the field. OSI, on the other hand, was developed as a reference model that could be employed online. The model upon which TCP/IP is developed, on the other hand, points toward a model that revolves around the internet. The model around which OSI was developed upon is a theoretical model and not the internet.

There are four levels or layers upon which TCP is developed. These layers include the Link Layer, the Internet Layer, Application Layer and the Transport Layer. The OSI gateway, on the other hand, is developed upon a seven-layer model. The seven layers include Physical Layer, DataLink Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer and, last but not least, Application Layer.

When it comes to general reliability, TCP/IP is considered to be a more reliable option as opposed to OSI model. The OSI model is, in most cases, referred to as a reference tool, being the older of the two models. OSI is also known for its strict protocol and boundaries. This is not the case with TCP/IP. It allows for a loosening of the rules, provided the general guidelines are met. 

On the approach that the two implement, TCP/IP is seen to implement a horizontal approach while the OSI model is shown to implement a vertical approach. It is also important to note that TCP/IP combines the session layer and presentation too in the application layer. OSI, on the other side, seems to take a different approach to the presentation, having different session and presentation layers altogether.

It is also imperative to note the design followed when protocols were being designed. In TCP/IP, the protocols were first designed and then the model was developed. In OSI, the model development came first and then the protocol development came in second.

When it comes to the communications, TCP/IP supports only connectionless communication emanating from the network layer. OSI, on the other hand, seems to do quite well, supporting both connectionless and connection-oriented communication within the network layer. Last but not least is the protocol dependency of the two. TCP/IP is a protocol dependent model, whereas OSI is a protocol independent standard.

Summary
TCP refers to Transmission Control Protocol.
OSI refers to Open Systems Interconnection.
Model TCP/IP is developed on points toward a model the internet.
TCP/IP has 4 layers.
OSI has 7 layers.
TCP/IP more reliable than OSI
OSI has strict boundaries; TCP/IP does not have very strict boundaries.
TCP/IP follow a horizontal approach.
OSI follows a vertical approach.
In the application layer, TCP/IP uses both session and presentation layer.
OSI uses different session and presentation layers.
TCP/IP developed protocols then model.
OSI developed model then protocol.
TCP/IP offers support for connectionless communication within the network layer.
In the network layer, OSI supports both connectionless and connection-oriented communication.
TCP/IP is protocol dependent.
OSI is protocol independent.

DIFFERENCE BETWEEN VPN AND MPLS

Difference Between VPN and MPLS
Virtual Private Network (also known as VPN) is a computer network. This network is layered on top of a computer network that resides underneath it. The privacy connotes that the data that travels over the VPN is not visible to, or encapsulated from, the traffic of the underlying network. This is possible because of strong encryption –most VPNs are deployed to be high security network tunnels. As such, the traffic that happens within the VPN is seen as another traffic stream to the underlying network. In a technical sense, the link layer protocols of the virtual network –that is, the lowers layer of the Internet Protocol Suite– are tunnelled through the transport network underneath. In lay terms, the connection is thought of as a pipe in a pipe –the outer pipe is your internet connection.

Multiprotocol Label Switching (also known as MPLS) is a mechanism that directs and carries data from one network node to the next. It makes it easier to create virtual links between distant nodes. It also has the ability to encapsulate packets of a variety of network protocols. It is a highly scalable, protocol independent, data carrying mechanism. This basically means that data packets are assigned labels and decisions are made regarding where they will be forwarded based on the contents of the label, without ever having to examine the packet itself. As such, a user is able to create end to end circuits across any type of medium used for virtual transportation and using any protocol. The main objective is to eliminate dependence on any specific Data Link Layer technology (ATM, frame relay, SONET, or Ethernet, for instance).

Secure VPNs use cryptographic tunnelling protocols in order to provide the necessary and intended confidentiality, sender authentication, and message integrity in order to achieve the highest level of security. The protocols that carry out these functions include many features that include, but aren’t limited to Internet Protocol Security (or IPsec), which is a standard based security protocol with mandatory support; Transport Layer Security (or SSL/TLS), which is used for tunnelling the traffic of an entire network; and Secure Socket Tunnelling Protocol (or SSTP), which tunnels PPP or L2TP traffic through an SSL 3.0 channel. 

MPLS is operable at the OSI Model layer –which lies between traditional definitions of Layer 2 (the Data Link Layer) and Layer 3 (the Network Layer). It is often times referenced as the Layer 2.5 protocol. It was designed specifically to provide unified data carrying service for circuit based clients and packet switching clients –that provide a datagram service model. It was also designed to be able to carry a variety of traffic (IP packets, native ATM, SONET, and Ethernet frames, for example).

Summary:
1. VPN is a network layered on top of a computer network; MPLS directs and carries data from one network node to the next.
2. VPN use cryptographic tunnelling protocols to provide high level security; MPLS is operable between the Data Link Layer and the Network Layer.

Wednesday, 23 April 2014

COMPUTER BASIC DEFINITIONS

What is bandwidth?
The maximum data-carrying capability in devices/wires.

What is Uploading vs. Downloading?

Uploading is the transfer of files from your computer to another computer or server. 

Downloading, however, is exactly the opposite in that its transferring files from a server to your computer.

Speed vs Storage Units
Although when abbreviated bits and bytes may look the same, they aren't. The good rule of thumb is when “b” is used in the abbreviated form, it will represent as below.

"b" - bit
"B" - Byte
speed:
storage:
1 kilobit(kb)=1024 bits
1 kilobyte(kB)=1024 bytes
1 megabit(Mb)=1024 kb
1 megabyte(MB)=1024 kB
1 gigabit(Gb)=1024 Mb
1 gigabyte(GB)=1024 MB
1 terabit(Tb)=1024 Gb
1 terabyte(TB)=1024 GB
1 petabit(Pb)=1024 Tb
1 petabyte(PB)=1024 TB
1 exabit (Eb)=1024 Pb
1 exabyte (EB)=1024 PB

What is LAN?
A local area network (LAN) is a computer network that interconnects computers within a limited area such as a home, school, computer laboratory, or office building using network media.

What is WLAN?
A wireless local area network (WLAN) links two or more devices using some wireless distribution method (typically spread-spectrum or OFDM radio), and usually providing a connection through an access point to the wider Internet.

What is WAN?
A wide area network (WAN) is a network that covers a broad area (i.e., any telecommunications network that links across metropolitan, regional, or national boundaries) using leased telecommunication lines. Business and government entities utilize WANs to relay data among employees, clients, buyers, and suppliers from various geographical locations.

What is an Intranet?
An intranet is a computer network that uses Internet Protocol technology to share information, operational systems, or computing services within an organization.

What is an Extranet?
An extranet is a computer network that allows controlled access from the outside, for specific business or educational purposes. In a business-to-business context, an extranet can be viewed as an extension of an organization's intranet that is extended to users outside the organization, usually partners, vendors and suppliers, in isolation from all other Internet users.

What is an Internet?
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite (TCP/IP) to link several billion devices worldwide.

It is a network of networks that consists of millions of private, public, academic, business, and government networks, of local to global scope, that are linked by a broad array of electronic, wireless, and optical networking technologies.

What is cloud or utility computing?
Cloud computing is an approach to computing that leverages the efficient pooling of on-demand, self-managed virtual infrastructure consumed as a service. Sometimes known as utility computing, clouds provide a set of typically virtualized computers which can provide users with the ability to start and stop servers or use compute cycles only when needed.

Wednesday, 16 April 2014

ETHERNET CABLE DATA FLOW & PATTERN

ETHERNET CABLE DATA FLOW
















ETHERNET CABLE PATTERNS

NGINX - OPEN SOURCE WEB APPLICATION ACCELERATOR

NGINX is a high performance, open source web application accelerator that helps over 37% of the world's busiest websites deliver more content, faster, to its users.
Companies deploy NGINX to manage the complexities and pitfalls associated with HTTP and to make their web applications more responsive, scalable, fast and secure.
NGINX is commonly installed between the network and the application to offload concurrency processing, URL switching, HTTP load balancing, SSL termination, caching, and security policies

NGINX Plus provides a complete set of web serving, proxying, acceleration and load balancing capabilities for HTTP-based services: 


Protocols and performance
·         HTTP/1.1, HTTPS, SPDY, WebSocket
·         IMAP, POP3, SMTP with external HTTP based authentication
·         IPv4 and IPv6
·         1 million concurrent connections
·         10,000+ virtual servers multi-tenancy
·         Connection multiplexing pools for low latency communications
Load Balancing
·         Fully Layer-7 reverse proxy
·         HTTP, HTTPS, FastCGI, SCGI, uwsgi, memcached
·         URL/URI content-based request routing
·         Reverse proxy and load balancer with round-robin, least-connections, ip-hash
·         Session persistence
·         Application backend health monitoring with synthetic transactions and slow-start
High Availability
·         Active-Standby (NGINX AMI and standalone)
·         Live binary upgrades to eliminate downtime
·         Graceful restart with non-stop request processing
Security
·         Bandwidth, connection and request policing
·         Protocol isolation and request filtering
·         Header scrubbing and manipulation
Edge Cache and Origin Server
·         Content offload and caching
·         On-the-fly content compression and optimization
·         HTTP video streaming with MP4/FLV/HDS/HLS
SSL Termination
·         TLSv1.1/TLSv1.2/SSL/SNI/PFS/PCI-DSS
·         OCSP Stapling
Configuration and Management
·         Live reconfiguration of server pools to change upstream settings on the fly
·         Activity monitoring
·         Geo-IP configuration decisions
·         Logging to syslog
Supported Operating Systems and Architectures
·         Ubuntu, Debian, CentOS, Amazon Linux, Red Hat, SuSE, FreeBSD
·         x86_64, i386
Recommended Hardware
NGINX Plus was designed and optimized for use on generic server hardware. A common recommendation for an edge server capable of serving 3-6Gbps of live traffic and 20-50K requests per second is the following:
·         4 Xeon E5 series CPUs, 2-8 core per CPU
·         16-32GB RAM
·         6 x 250GB SSD drives
·         10G Intel networking card
NGINX Plus modules
NGINX Plus includes the following modules from NGINX F/OSS: 


HTTP core
·         HTTP Core: basic HTTP configuration
·         Auto Index: Generate directory listings
·         Index: Specify index files used in directory requests
·         Gzip: GZIP compression of HTTP responses
·         Headers: Add headers to HTTP responses
·         Charset: Character set tagging and transformation
·         Empty GIF: Generate empty image response
·         SSI: Perform Server Side Include processing
·         User ID: Add unique ‘User ID’ cookies
·         Gzip Static: Serve pre-compressed files from disk
·         Gunzip: Decompress responses for clients that don’t support compression
·         Random Index: Select random indes file for directory request
·         Real IP: Determine true origin IP address for proxied traffic
·         Substitution: Modifies response with textual replacement
·         Addition: Prepend and append data to a response
·         WebDAV: Implements WebDAV support for file management
HTTP Advanced Configuration
·  Map: Create run-time configuration variables based on arbitrary request parameters
·         Browser: Detect User-Agent type
·         Geo: Create run-time variables based on IP address
·         Rewrite: Test and manipulate URI
·         Split Clients: Partition clients for A|B testing
SSL and SPDY
·         SSL: Provides support for HTTPS
·         SPDY: Provides support for SPDY
HTTP Access Control and Authentication
·         Access: IP-based Access Control Lists (ACLs)
·         Auth Basic: HTTP Basic Authentication
·         Referer: Apply access control based on HTTP referrer
·         Secure Link: Process encrypted, time-limited links to content
·         Auth Request: Flexible authentication using subrequests
HTTP Transaction Shaping
·         Limit Requests: Rate-limit requests by key
·         Limit Conn: Limit concurrent connections by key
HTTP Logging and Monitoring
·         Log: Log HTTP transactions
·         Session Log: Log HTTP sessions (rather than individual transactions)
·         SysLog: Request logging to syslog
·         Status: Provides advanced NGINX status information
HTTP Proxying and APIs
·         Proxy: Proxy and cache requests to HTTP server
·         FastCGI: Proxy and cache requests to FastCGI application
·         Memcached: Proxy requests to memcached server
·         SCGI: Proxy and cache requests to SCGI application
·         uWSGI: Proxy and cache requests to uWSGI application
·         Upstream: Load-balanced pools of servers for proxy, FastCGI and memcached
HTTP Media delivery
·         MP4: Stream H.264/AAC files (.mp4, .m4v, .m4a)
·         FLV: Stream Flash Video (FLV) files
·         F4F: Support for Adobe HTTP Dynamic Streaming (HDS)
·         HLS: HTTP Live Streaming (HLS) server-side support for H.264/AAC files
Mail
·         Mail Core: basic Mail-proxying configuration
·         POP3: Authentication methods for POP3 traffic
·         IMAP: Capabilities and Authentication methods for IMAP
·         SMTP: Capabilities and SASL Authentication for SMTP
·         Auth HTTP: Offload authentication to HTTP server
·         Proxy: Proxy parameters for Mail protocols
·         SSL: Implement SSL, TLS and STARTTLS for Mail protocols
NGINX Plus Lua
NGINX Plus Lua includes additional third-party modules. 


Additional modules in NGINX Plus Lua
·     Lua: A third-party extension to embed Lua actions into NGINX’ configuration and processing
NGINX Plus Extras
NGINX Plus Extras includes additional NGINX F/OSS and third-party modules: 


Additional modules in NGINX Plus Extras
·         Perl: Embed Perl actions into NGINX’ configuration and processing
·         GeoIP: Create run-time variables based on MaxMind geoip data
·         Image Filter: Resize, sharpen, crop and resample images
·         XSLT: Transforms XML responses with XSLT stylesheets
·      Lua : A third-party extension to embed Lua actions into NGINX’ configuration and processing
·         Headers-More: A third-party extension to NGINX’ Headers module
·         Set-Misc: A third-party extension to NGINX’ Rewrite module

NGINX Plus Streaming Media Server
NGINX Plus Streaming Media Server is targetted specifically for video delivery requirements. It contains the streaming media delivery and extended status modules from NGINX Plus, and a third-party RTMP streaming media module: 


Additional modules in NGINX Plus Streaming Media Server
·         MP4: Stream H.264/AAC files (.mp4, .m4v, .m4a)
·         FLV: Stream Flash Video (FLV) files
·         F4F: Support for Adobe HTTP Dynamic Streaming (HDS)
·         HLS: HTTP Live Streaming (HLS) server-side support for H.264/AAC files
·         Status: Provides advanced NGINX status information
·      RTMP Media Streaming: A trusted third-party extension for RTMP media delivery
Other NGINX Plus features (load balancing, health check, session persistence, etc.) are not included in NGINX Plus Streaming Media Server.
Third-party extensions are provided for convenience and are not supported by Nginx Inc.