Transcript presentation source

PSDN and VPN
From circuit to packet switching
Packet-Switched Services

Offered by Carriers

X.25
 Old, slow, and not sufficiently cheaper than frame relay

Frame Relay
 Speeds in main range of user demand
 Dominated the market in the 1990s

ATM
 High speeds and costs, requiring equipment changes

Carrier Internet and MPLS services
 Dominant services today
2
X.25 Packet-Switched Data Networks

Oldest packet switched network service (1970s)

Low speed (maximum around 64 kbps)
 Mature:
easy to implement

Uses PVCs

Reliable service, so latency in transmission

Mostly replaced by Frame Relay
3
Frame Relay Packet-Switched Data
Networks
 Software
upgrade to X.25 switches

Uses PVCs

Unreliable, so much faster on same switches

Good speed range: 56 kbps - 40 Mbps: Meets
most corporate needs (most under 2 Mbps)
–
Grew rapidly in the 90s, to equal leased line
WANs in terms of market share (about 40%)
See more here.
4
Pricing of Packet Switching

Speed of the Access Line from Site to Network
 Determines
maximum transmission rate to the network
 Often
called the Port Speed
 Often
the most important price determinant
 Must
be fast enough for needs
See Frame Relay vs. DSL -- a price issue
5
ATM (Asynchronous Transfer Mode)
 Offers
very high speeds: 622 Mbps, 2.5 Gbps to
40 Gbps. Speeds are beyond most corporate needs
today and high costs.
 Connection-oriented
 Quality
(PVCs), unreliable
of Service (QOS) guarantees critical
traffic
 Minimize
latency (delays)
 Inherent reliability (low loss rate)
 Seen
as the next generation before Ethernet surge
 But
Frame Relay kept increasing in speed in low Mbps
range where market demand was highest
6
Pricing/Performance of Packet Switched
Services
 Pricing
of Frame Relay and ATM
 Customer
Premises Equipment
 Access Line to Point of Presence
 Port Speed
 Per PVC Price
 Distance and Traffic Volume
 The
demise of Frame Relay and ATM
 Transition
from Frame Relay and ATM to Carrier
Ethernet stimulated by Verizon, AT&T, etc.
 The move to Ethernet and IP based services a win-win
situation.
7
Customer Premises Equipment

Access Device
 Has
link to internal system (often a LAN)
 Has CSU/DSU to put internal traffic into format for
Packet switching transmission
 In Frame Relay, called Frame Relay Access Device
(FRADS)
Access Device
Access Line
to Network
LAN
8
Modular Routers

CSU/DSUs are removable expansion boards
Modular Router
Router Switching Circuitry
Port 1
CSU/DSU
(T1)
Port 2
CSU/DSU
(56 kbps)
Port 3
CSU/DSU
(T3)
Port 4
CSU/DSU
(56 kbps)
T1 Line
56 kbps Line
T3 Line
56 kbps Line
9
Elements of a Packet Switched Network
Customer
Premises
A
LEC
Switching
Office
Leased
Access Line
to POP
Leased
Access Line
to POP
POP
at LEC
Office
You need a leased access
line to the network’s
POP.
Sometimes the packet
switched network vendor
pays the cost of the
access line for you and
bundles it into your
service charges.
10
Elements of a Packet Switched Network
Switched
Data
Network
Trunk
Line
Network
Switching
Office
Customer
Premises B
POP
Leased
Access Line
11
Calculations

Situation
 You
have four sites
 You want any one to be able to reach any other

Questions
 How
many PVCs do you need?
 How many access lines do you need?
12
Calculations

PVCs
 If
you have N sites, there are N(N-1)/2 possible
connections
 In this case, you would have 4(3)/2 or 6 possible
connections
 Some vendors count this as 6 PVCs, others as 12 PVCs

Access Lines
 You
would need four access lines (one for each site)
 Each will multiplex 3 PVCs
 Must be fast enough for the needs of communication
with the three other sites
13
Leased Lines vs. Packet-Switched Data
Networks

Leased Lines
 Point-to-point,
inexpensive for thick routes
 Inflexible: must be established ahead of time

Packet Switched Networks
 Also
must be established ahead of time for PVCs
 Competitor for leased line networks
 Priced aggressively
 Carrier does all the management
 Killing the leased line business
14
Virtual Private Network
1.
Site-to-Site
Tunnel
Internet
VPN Server
VPN Server
Corporate
Site B
Corporate
Site A
Extranet
2. Remote
Customer PC
(or site)
Remote
Access for
Intranet
3. Remote
Corporate PC
15
VPN advantage

Virtual Private Network (VPN)
 Transmission
over the Internet with added security
 Some analysts include transmission over a PSDN with
added security

Why VPNs?
 PSDNs
are not interconnected
 Only good for internal corporate communication
 But Internet reaches almost all sites in all firms
 Low transmission cost per bit transmitted
16
VPN issues

VPN Problems
 Latency
and Sound Quality
 Internet can be congested
 Creates latency, reduces sound quality
 Use a single ISP as for VoIP (voice over IP)
 Security
 PPTP
for remote access is popular
 IPsec for site-to-site transmission is popular
17
ISP-Based PPTP Remote Access VPN
 Remote Access
VPNs
 User
dials into a remote access server (RAS)
 RAS often checks with RADIUS server for user
identification information. Allows or rejects connection
Unsecure TCP
Control Channel
Local
Access
Secure Tunnel
RADIUS
Server
PPTP
RAS
Corporate
Site A
Internet
ISP
PPTP
Access
Concentrator
18
VPN and PPTP

Point-to-Point Tunneling Protocol
 Available
in Windows since Windows 95
 No need for added software on clients
 Provided by many ISPs
 PPTP access concentrator at ISP access point
 Some security limitations
 No security between user site and ISP
 No message-by-message authentication of user
 Uses unprotected TCP control channel
19
IPsec in Tunnel Mode
Local
Network
IPsec
Server
Tunnel
Mode
IPsec
Local
Server
Network
Secure
Tunnel
No Security
In Site Network
Tunnel Only
Between Sites
Hosts Need No
Extra Software
No Security
In Site Network
20
IPsec in Transfer Mode
Local
Network
IPsec
Server
Transfer
Mode
IPsec
Local
Server
Network
Secure
Tunnel
Security
In Site Network
End-to-End (Host-to-Host)
Tunnel
Hosts Need IPsec Software
Security
In Site Network
21
IPsec alternatives

IP Security (IPsec)
 Tunnel
mode: sets up a secure tunnel between IPsec
servers at two sites
 No security within sites
 No need to install IPsec software on stations
 Transfer
mode: set up secure connection between two
end hosts
 Protected even on internal networks
 Must install IPsec software on stations, but default
in current OSs (Windows, Linux, UNIX).
22
Security at the internet layer

IP Security (IPsec)
 At
internet layer, so protects information at higher
layers
 Transparent:
upper layer processes do not have to be
modified
HTTP
Protected
SMTP
TCP
FTP
SNMP
UDP
Internet Layer with IPsec Protection
23
Common IPsec configuration

IP Security (IPsec)
 Security
associations:
 Governed
by corporate policies
Party A
Party B
List of
Allowable
Security
Associations
List of
Allowable
Security
Associations
IPsec Policy Server
24
SSL/TLS for Browser–Webserver
Communication
25
Metropolitan Area Ethernet
Metropolitan Area
Network (MAN)
A carrier network limited to a large urban area and its
suburbs
 Metropolitan area Ethernet (metro Ethernet) is available
for this niche
 Metro Ethernet is relatively new, but is growing very
rapidly

802.3ad
standard
Ethernet in the first mile
 Standard for transmitting Ethernet signals over PSTN
access lines
 1-pair voice-grade UTP, 2-pair data-grade UTP, optical
fiber

26
Metropolitan Area Ethernet
Attractions
of Metropolitan Area Ethernet
Low prices per bit transmitted
 High speeds
 Familiar technology for networking staff
 Rapid provisioning
 Rapid capacity increases for special events

 Carrier
Class Service
Basic metro Ethernet standards are insufficient for large
wide area networks
 Quality of service and management tools must be
developed
 The goal: To provide carrier class services that are
sufficient for customers

27
Carrier Ethernet and MPLS services
28
Carrier Ethernet and MPLS services

The two most popular WAN options today are: MPLS
and Carrier Ethernet.

Carrier Ethernet services include virtual private LAN
service (VPLS), Gigabit and metro Ethernet.



E-LINE service -- site-to-site service, competes directly with
leased lines.
E-LAN -- extends the LAN to the wide area, as if the PSDN
service was only trunk lines between switches.
MPLS (Multiprotocol Label Switching) services typically
refer to Layer 3 MPLS VPN services


a MPLS network determines the best path for packets between two
hosts -- the label switched path.
Routers will send all packets along this path that receive a label
path number.
29
Overview of MPLS services
 A MPLS
primer at
https://www.youtube.com/watch?v=U1w-b9GIt0k
30
More in the MPLS service
 The
label switched path
31
Carrier Ethernet and MPLS services
 A historic
 An
view of Carrier Ethernet in Wikipedia
example of carrier services: AT&T
 Keeping
up with news about Carrier Ethernet:
http://www.carrierethernetnews.com/
 Carrier
Ethernet vs MPLS services.
 Software-Defined
Networks (SDN)
 Overview
in Wikipedia.
 Pros and cons of SDN.
32