Basic Concepts - Raymond R. Panko

Download Report

Transcript Basic Concepts - Raymond R. Panko

Wide Area Networks
(WANs)
Chapter 7
Updated January 2007
Panko’s
Business Data Networks and Telecommunications, 6th edition
Copyright 2007 Prentice-Hall
May only be used by adopters of the book
Orientation
• Single Networks
– Layers 1 and 2 (so OSI standards dominate)
– Chapters 4-7: Local to long-distance for single networks
• Chapter 4: Wired Ethernet LANs
• Chapter 5: Wireless LANs (WLANs)
• Chapter 6: Telecommunications (and Internet Access)
• Chapter 7: Wide Area Networks (WANs)
• Chapter 8: TCP/IP Internetworking
– To link multiple single networks
7-2
WAN Essentials
Figure 7-1: Wide Area Networks
(WANs)
• Wide Area Networks (WANs)
– Single networks that connect different sites
– So Layer 1 and Layer 2 operation
• WAN Purposes
– Internet access (Chapter 6)
– Link sites within the same corporation
– Provide remote access to individuals who are off site
7-4
Figure 7-1: Wide Area Networks
(WANs)
• WANs are Characterized by High Cost and Low
Speeds
– High cost per bit transmitted compared to LANs
– Consequently, lower speeds (most commonly 128 kbps
to a few megabits per second)
• This speed usually is aggregate throughput shared by
many users
– Much slower than LAN speeds (100 Mbps to 1 Gbps to
the desktop)
7-5
Figure 7-1: Wide Area Networks
(WANs)
• Carriers
– Beyond their physical premises, companies must use
the services of regulated carriers for transmission
• Companies do not have rights of way to lay wires
beyond their premises
– Customers are limited to whatever services the carriers
provide
– Prices for carrier services change abruptly and without
technological reasons
– Prices and service availability vary widely from country
to country
7-6
Leased Line Networks
Leased Lines: Recap
• Leased Line Characteristics
– Point-to-point circuits
– Always on
– High speeds: 64 kbps (rare) to several gigabits per
second
– Leased for a minimum period of time
– Usually offered by telephone companies
7-8
Figure 7-2: Leased Line Networks for Voice and
Data
Leased Line Voice Network
Site B
Site A
OC3 Leased Line
PBX
PBX
56 kbps
Leased
Line
T3
Leased
Line
Site C
PBX
PBX
56 kbps
Leased
Line
Site D
T1
Leased
Line
Leased Line Voice
Networks Hav e a
PBX at Each Site
T1
56 kbps
Leased
Leased
Line
Line
PBX
Site E
7-9
Figure 7-2: Leased Line Networks for Voice and
Data
Leased Line Data Network
Site B
Site A
Router
OC3 Leased Line
T3
Leased
Line
56 kbps
Leased
Line
T1
Leased
Leased Line Data
Line
Networks Hav e a
Router at Each Site
Site C
Router
Router
Router
T1
Leased
Line
56 kbps
Leased
Line
Site D
56 kbps
Leased
Line
Router
Site E
7-10
Figure 7-3: Full Mesh and Pure Hub-and-Spoke
Topologies for Leased Line Data Networks
Site A
Site B
Full Mesh Topology
OC3 Leased Line
In a full mesh topology,
T3
there is a leased line
Leased
between each pair of sites Line
T3
Leased
Line
Highly reliable
Highly
T1 expensive
Leased
Line
Site C
T1
Leased
Line
Site D
7-11
Figure 7-3: Full Mesh and Pure Hub-and-Spoke
Topologies for Leased Line Data Networks
Site A
Pure Hub-and-Spoke Topology
Site B
In a pure hub-and-spoke
topology,Line
there is only
OC3 Leased
one leased line from the
hub site to each other site.
Very inexpensive.
Very unreliable.
T3
T3
Leased
Leased
Line
Site D
Line
Few companies use either of these extreme topologies.
They have some backup links.
Site C
7-12
Figure 7-4: Leased Line Speeds
North American Digital Hierarchy
Line
56 kbps
T1
Speed Typical Transmission
Medium
56 kbps 2-Pair Data-Grade UTP
1.544 Mbps 2-Pair Data-Grade UTP
56 kbps leased lines are hardly used today because they are so slow.
T1 lines are very widely used
because they are in the speed range of greatest corporate demand—
128 kbps to a few megabits per second.
7-13
Figure 7-4: Leased Line Speeds, Continued
North American Digital Hierarchy
Line
T1
Fractional T1
Bonded T1s (multiple
T1s acting as a single
line)
Speed Typical Transmission
Medium
1.544 Mbps 2-Pair Data-Grade UTP
128 kbps, 256 kbps, 2-Pair Data-Grade UTP
384 kbps, 512 kbps,
768 kbps
A few multiples of 2-Pair Data-Grade UTP
1.544 Mbps
T1 lines are very widely used.
Fractional T1 lines offer lower speeds for companies that need them.
Two or three T1 lines can be bonded for higher speeds.
T1, Fractional T1, and Bonded T1s are the most widely used leased lines.
7-14
Figure 7-4: Leased Line Speeds, Continued
North American Digital Hierarchy
Line
T1
T3
Speed Typical Transmission
Medium
1.544 Mbps 2-Pair Data-Grade UTP
44.736 Mbps Optical Fiber
The jump from T1 to T3 speeds is extremely large.
Few firms need T3 speeds, and they only need
these speeds for some of their leased lines.
Some carriers offer fractional T3 lines to bridge the T1-T3 gap.
T3 lines and all faster leased lines use optical fiber.
7-15
Figure 7-4: Leased Line Speeds, Continued
CEPT Hierarchy
Line
64 kbps
E1
E3
Speed Typical Transmission
Medium
64 kbps 2-Pair Data-Grade UTP
2.048 Mbps 2-Pair Data-Grade UTP
34.368 Mbps Optical Fiber
In Europe, most countries use the CEPT hierarchy
E1 lines are slightly faster than T1 lines
E3 lines are slightly slower than T3 lines
7-16
Figure 7-4: Leased Line Speeds, Continued
SONET/SDH Speeds
Line
Speed (Mbps) Typical Transmission
Medium
OC3/STM1
155.52 Optical Fiber
OC12/STM4
622.08 Optical Fiber
OC48/STM16
2,488.32 Optical Fiber
OC192/STM64
9,953.28 Optical Fiber
OC768/STM256
39,813.12 Optical Fiber
For speeds above 50 Mbps, the world uses one technology
Called SONET in the United States, SDH in Europe
SONET speeds measured in OC numbers, SDH in STM numbers
Speeds are multiples of 51.84 Mbps
Used mostly by carriers
7-17
Figure 7-5: Business-Class Symmetric Digital
Subscriber Line (DSL) Services
Uses Existing 1-Pair Voice-Grade
UTP Telephone Access Line to
Customer Premises?*
HDSL
HDSL2
SHDSL
Yes*
Yes*
Yes*
Downstream Throughput
768 kbps 1.544 Mbps 384 kbps –
2.3 Mbps
Upstream Throughput
768 kbps 1.544 Mbps 384 kbps –
2.3 Mbps
*By definition, DSL always uses 1-pair VG UTP
Many firms use HDSL and HDSL2 lines instead of T1 and fractional T1
speeds
7-18
Figure 7-5: Business-Class Symmetric Digital
Subscriber Line (DSL) Services
HDSL
Target Market
HDSL2
SHDSL
Businesses Businesses Businesses
Symmetrical Throughput?
Yes
Yes
Yes
QoS Throughput Guarantees?
Yes
Yes
Yes
Businesses need symmetrical throughput and QoS
7-19
Public Switched Data
Networks (PSDNs)
Figure 7-6: Public Switched Data Networks
(PSDNs)
• Recap: Leased Line Data Networks
– Use many leased lines, which must span long distances
between sites
– This is very expensive
– Company must design and operate its leased line
network
• Public Switched Data Networks
– Carrier does more of the operational and management
work
– Total cost of technology, service, and management
usually lower than leased line networks
7-21
Figure 7-7: Public Switched Data Network (PSDN)
Site B
Site A
POP
Point of Presence
Public Switched Data
Network (PSDN)
POP
POP
POP
One Private
Line Access
Line per Site
In Public Switched Data Networks,
the PSDN carrier handles all switching.
Reduces the load on the network staff.
The PSDN central core is shown as a cloud
toSite
indicate
that the user firmSite
does
C
D not
have to know how the network operates.
Site E
7-22
Figure 7-7: Public Switched Data Network (PSDN)
Site B
Site A
POP
Point of Presence
Public Switched Data
Network (PSDN)
POP
POP
In Public Switched Data Networks,
the customer needs a single leased line
from Site
eachCsite to one of the PSDN
carrier’s
Site D
points of presence (POPs)
POP
One Private
Line Access
Line per Site
Site E
7-23
Leased Lines in PSDNs
• A company has ten sites
• It wants to use a PSDN
• Will it need leased lines even if it is using a
PDSN?
• How many leased lines will it need?
• Between what two locations will each leased
line go?
7-24
Figure 7-6: PSDNs
• Service Level Agreements (SLAs)
– Guarantees for services
– Throughput, availability, latency, error rate, etc.
– An SLA might guarantee a latency of no more than 100
ms 99.99 percent of the time
• SLA guarantees no worse than a certain worst-case
level of performance
7-25
Figure 7-8: Virtual Circuit Operation
Virtual
Circuit
Switch A
Frame with
VC Number 47
Switch B
Switch C
Switch D
Switch A Switching Table
Virtual Circuit
47
270
982
5
Port
2
3
3
1
Virtual
The internal cloud network
Circuit
is a mesh of switches.
Switch E
This creates multiple alternative paths.
Server
This gives reliability.
7-26
Figure 7-8: Virtual Circuit Operation
Virtual
Circuit
Switch A
Frame with
VC Number 47
Switch B
Switch C
Switch D
Switch A Switching Table
Virtual Circuit
47
270
982
5
Port
2
3
3
1
Virtual
Mesh switching is slow because
Circuit
each switch must evaluate
Switch
E
available
alternative
paths
Server
and select the best one.
This creates expensive switching.
7-27
Figure 7-8: Virtual Circuit Operation
Before communication begins between
sites, the PSDN computes
a best path called a virtual circuit.
Virtual
Circuit
Switch A
Frame with
VC Number 47
All frames travelSwitch
alongBthis virtual circuit.
Switch C
Virtual
Circuit
Switch D
Switch A Switching Table
Virtual Circuit
47
270
982
5
Port
2
3
3
1
Switch E
Server
7-28
Figure 7-8: Virtual Circuit Operation
Each frame has a virtual circuit number
instead of a destination address.
Virtual
Circuit
Switch A
Frame with
VC Number 47
Switch B
Each switch looks up the VC number
in its switching table, sends the frame
out the indicated port.
Switch C
VCs greatly reduce switching costs.
Virtual
Circuit
Switch D
Switch A Switching Table
Virtual Circuit
47
270
982
5
Port
2
3
3
1
Switch E
Server
7-29
Public Switched Data
Networks (PSDNs)
Frame Relay
ATM
Metropolitan Area Ethernet
Carrier IP Networks
Figure 7-9: Frame Relay
• Frame Relay is the Most Popular PSDN Service
Today
– 56 kbps to 40 Mbps
– This fits the range of greatest corporate demand for
WAN speed
– Usually less expensive than a network of leased lines
– Grew rapidly in the 1990s, to be come equal to leased
line WANs in terms of market share (about 40%)
– Carriers have raised prices, reducing growth
7-31
Figure 7-10: Frame Relay Network Elements
Customer
Premises A
Router or Dedicated
Switch Relay
Frame
Access Device
1.
Access Device
POP
And CSU/DSU
Customer
Premises B
Customer
Premises C
7-32
Figure 7-10: Frame Relay Network Elements
Site A
Access Device
(Frame Relay
Access Device)
T1 CSU/DSU at
Physical Layer
T1 Line
Frame Relay at
Data Link Layer
PC
Site B
Server
Access Device
(Router)
T3 CSU/DSU at
Physical Layer
T3 Line
ATM etc. at
Data Link Layer
7-33
Figure 7-10: Frame Relay Network Elements
• CSU/DSU
– Channel service unit (CSU) protects the access line
from unapproved voltage levels, etc. coming from
the firm. It acts like a fuse in an electrical circuit.
– Data service unit (DSU) converts between internal
digital format and digital format of access link to
Frame Relay network.
• May have different baud rate, number of states,
voltage levels, etc.
DSU
7-34
Figure 7-10: Frame Relay Network Elements
Customer
Premises A
2.
Leased Access
Line to POP
Switch
POP
Customer
Premises B
Customer
Premises C
7-35
Figure 7-10: Frame Relay Network Elements
3.
Port
Speed
Charge at
POP
Switch
Customer
Premises A
POP has a switch with ports
Switch
The port speed charge is based
on the port speed used
POP
The port speed charge usually
Is the biggest part of PSDN costs
Customer
Premises B
Customer
Premises C
7-36
Figure 7-10: Frame Relay Network Elements
PVC charges usually
Customer
are collectively
Premises
A
the second-most
expensive part
of Frame Relay service
Switch
2.
PVCs are multiplexed
over a single leased line
4.
PVC
Charges
PVCs 1&2
POP
PVC 2
PVC prices
depend on
PVC speed
PVC 1
PVC 1
PVC 2
Customer
Premises B
PVC 1
Customer
Premises C
7-37
Frame Relay Network PVCs
• Frame Relay PVC Numbers are called data
link control indicators (DLCIs)
• Pronounced “Dull’ seas”
• Usually 10 bits long
• 210 or 1,024 possible PVCs from each site
– Multiplexed over the single leased line to the POP
• Leased line must be fast enough to handle the
combined PVC speeds
PVC 1-2
POP
Site 1
Leased
Line
Site 2
PSDN
PVC 1-3
Site 3
7-38
Figure 7-10: Frame Relay Network Elements
5.
Management
Charges
Frame Relay networks
Customer
are
managed
Premises
A by the carrier.
For management
of equipment on the
customer
Switch premises,
there is an extra charge.
PVC 2
PVCs 1&2
POP
PVC 1
PVC 1
PVC 2
Customer
Premises B
PVC 1
Customer
Premises C
7-39
Public Switched Data
Networks (PSDNs)
Frame Relay
ATM
Metropolitan Area Ethernet
Carrier IP Networks
Figure 7-11: ATM
• ATM (Asynchronous Transfer Mode) is a another
PSDN
• ATM Provides Speeds Greater than Frame Relay
Can Provide
– One megabit per second to several gigabits per second
• Not a Competitor for Frame Relay
– Most carriers offer both FR and ATM
– Sell based on the customer’s speed range needs
– May even interconnect the two services
7-41
Figure 7-11: ATM, Continued
• Designed to Run over SONET/SDH
• Cell Switching
– Most frames have variable length (Ethernet, etc.)
– All ATM frames, called cells, are 53 octets long
• 5 octets of header
• 48 octets of data
– Using fixed-length frames is called cell switching
– Short length minimizes latency (delay) at each switch
7-42
Figure 7-11: ATM, Continued
• ATM Has Strong Quality of Service (QoS)
Guarantees for Voice Traffic
– Not surprising because ATM was created for the
PSTN’s transport core
• For pure data transmission, however, ATM
usually does NOT provide QoS guarantees!!
• Manageability, Complexity, and Cost
– Very strong management tools for large networks
(designed for the PSTN)
– Too complex and expensive for most firms
– Not thriving in the marketplace
7-43
Public Switched Data
Networks (PSDNs)
Frame Relay
ATM
Metropolitan Area Ethernet
Carrier IP Networks
Figure 7-12: Metropolitan Area Ethernet
• Metropolitan Area Networks (MANs)
– MANs are carrier networks that are limited to a large
urban area and its suburbs
– Metropolitan area Ethernet (metro Ethernet) is available
for this niche
– New but growing very rapidly
7-45
Figure 7-12: Metro Ethernet, Cont.
• Attractions of Metropolitan Area Ethernet
– Very Low Prices Compared to Frame Relay and ATM
– High Speeds: Tens of megabits per second
– Familiar Technology for the Networking Staff
• No need to learn a new technology
– Rapid Provisioning
• Setting up service to a customer
• Changing the service (adding more capacity)
7-46
Figure 7-12: Metro Ethernet, Cont.
• Carrier Class Service
– Basic Ethernet standards are insufficient for large wide
area networks
– Quality of service and management tools must be
developed
– The goal: provide carrier class services that are sufficient
for customers
7-47
Public Switched Data
Networks (PSDNs)
Frame Relay
ATM
Metropolitan Area Ethernet
Carrier IP Networks
Carrier IP Networks
• Some Carriers Now Offer IP Networks
– Essentially, private internets
– Operate at Layer 3 instead of at Layers 1 and 2, like
Frame Relay, ATM, and Ethernet
– Use TCP/IP standards
– Operated entirely by the carrier, so no overload in the
Internet backbone from connected carries
– Access is not open to everyone, so security is
enhanced
– Also called Private IP Networks
7-49
Carrier IP Networks
• Other Advantages
– Allow companies to use familiar IP technology
– Mature management and control standards
– Carrier can manage everything if the customer desires
that (and will pay)
– Offer VoIP as well as data—convergence to reduce
technology and management costs
• Growing Rapidly
– Carriers may soon force Frame Relay users to switch
to carrier IP service
7-50
Virtual Private Network (VPNs)
Figure 7-13: Virtual Private Networks
(VPNs)
• Virtual Private Networks (VPNs)
– Virtual private networks (VPN) use the Internet with
added security for data transmission
• The Attractions of Internet Transmission
– Lowest cost per bit transmitted
– Universal access to communication partners
(Everybody uses the Internet)
7-52
Figure 7-14: Virtual Private Networks (VPNs)
Site-to-Site
VPN
T unnel
Protected VPN
Server Gateway
VPN Protected
Gateway Client
Internet
Corporate
Site A
Remote access VPNs
Host-to-Host
protect traffic for individual
users
VPN
A VPN is communication over the
Internet with added security
Corporate
Site B
Remote
Access
VPN
Remote
Corporate
PC
7-53
Figure 7-14: Virtual Private Networks (VPNs)
Site-to-Site
VPN
T unnel
Protected VPN
Server Gateway
Corporate
Site A
VPN Protected
Gateway Client
Internet
Site-to-site VPNs
protect traffic between sites
Corporate
Site B
Will dominate VPN traffic
Host-to-Host
VPN
A VPN is communication over the
Internet with added security
Remote
Access
VPN
Remote
Corporate
PC
7-54
Figure 7-13: VPNs
• VPN Security Technologies
– IPsec for any type of VPN
• Offers very high security
– SSL/TLS for low-cost transmission
• Secure browser-server transmission
• Remote access VPNs
7-55
Figure 7-15: IPsec Transport and Tunnel Modes
Site
Network
Transport Mode
Secure Connection
Site
Network
Secure
Secure
Extra
Extra
in Site
in Site
Sof tware,
Sof tware,
Secure on
Network
Network
Digital
Digital
the Internet
Certif icate,
Certif icate,
and Setup
and Setup
Required
Required
IPsec is the strongest VPN security technology.
IPsec transport mode gives host-to-host security
however, software must be added to each host,
each host must have a digital certificate,
and each host must be setup (configured).
This is very expensive.
7-56
Figure 7-15: IPsec Transport and Tunnel Modes
Site
Network
No Extra
No
Sof tware, Security
Digital
in Site
Certif icate, Network
or Setup
Required
IPsec
Gateway
Tunnel Mode
Tunneled
Connection
Secure on
the Internet
IPsec
Gateway
Site
Network
No
No Extra
Security Sof tware,
in Site
Digital
Network Certif icate,
or Setup
Required
In IPsec tunnel mode, there is only security over
the Internet between IPsec gateways at each site
No security within sites, but
no software, setup or certificates on the individual hosts
Inexpensive compared to transport mode
7-57
Figure 7-16: SSL/TLS for Browser–Webserver
Communication
PC with
Browser Already
Installed
2.
Protects All Application Layer Traffic
That Is SSL/TLS Aware
(WWW and Sometimes E-Mail)
Webserver
with Built-in
SSL/TLS Support
1. SSL/TLS Operates at the Transport Layer
No additional software is needed on the user PC.
IPsec works at the internet layer.
SSL/TLS works at the transport layer.
Only protects SSL/TLS-aware applications.
This primarily means HTTP.
SSL/TLS is built into every browser and webserver.
7-58
Figure 7-17: SSL/TLS with a Gateway
T he Internet
3.
HTT P Server
2.
SSL/TLS
Gateway
3.
Connection
to Webserver
4. Database
Server
4.
Webified
Output
Browser
1,
Client
With
Browser
SSL/TLS gateways turn SSL/TLS into a remote access VPN technology,
Gives access to multiple internal webservers.
Can “webify” some other applications for viewing on browsers as webpages.
Can give access to other servers.
7-59
SSL/TLS Versus IPsec
• SSL/TLS
– Limited to remote access VPNs
– Only moderately strong security
– Harder to use with many applications
• IPsec
– Offers stronger security than SSL/TLS
– Both remote access and site-to-site VPNs
– Costly to set up in the stronger transport mode
– Economically attractive for site-to-site VPNs in tunnel
mode
7-60
Figure 7-18: Market Perspective
• Rapid Growth
– VPNs
– Carrier IP networks
– Metro Ethernet
• Stagnant
– Leased line networks
– Frame Relay
– ATM
7-61
Topics Covered
WANs
• Wide Area Networks
– Carry data between different sites, usually within a
corporation
– High-cost and low-speed lines
• 128 kbps to a few megabits per second
– Carriers
– Purposes
• Internet access, site-to-site connections, and remote
access for Individuals
– Technologies
• Leased line networks, public switched data networks,
and virtual private networks
7-63
Leased Line Networks
• Leased Lines are Long-Term Circuits
– Point-to-Point
– Always On
– High-speeds
• Device at Each Site
– PBX for leased line voice networks
– Router for leased line data networks
• Pure Hub-and-Spoke, Full Mesh, and Mixed
Topologies
7-64
Leased Line Networks
• Many Leased Line Speeds
– Fractional T1, T1, and bonded T1 dominate
– Slowest leased lines run over 2-pair data-grade UTP
– Above 3 Mbps, run over optical fiber
– Below about 3 Mbps, 2-pair data grade UTP
– Above 3 Mbps, optical fiber
– North American Digital Hierarchy, CEPT, and other
standards below 50 Mbps
– SONET/SDH above 50 Mbps
– Symmetrical DSL lines with QoS
7-65
Public Switched Data Networks
• PSDNs
– Services offered by carriers
– Customer does not have to operate or manage
– One leased line per site from the site to the nearest POP
– By reducing corporate labor, typically cheaper than
leased line networks
– Service Level Agreements
– Virtual circuits
7-66
Frame Relay PSDNs
• Frame Relay
– Most popular PSDN
– 56 kbps to about 40 Mbps
– Access devices, CSU/DSUs, leased access lines, POP
ports, virtual circuits, management
• Usually POP port speed charges are the biggest cost
component
• Second usually are PVC charges
– Leased line must be fast enough to handle the speeds of
all of the PVCs multiplexed over it
7-67
Other PSDNs
• ATM
– High speed and cost
– Cell switching
– Low use
• Metro Ethernet
– Extending Ethernet to MANs
– Very attractive speeds and prices
– Small but growing rapidly
• Carrier IP Networks
– Essentially, private Internets with QoS and security
– Carriers want to use it to replace Frame Relay
7-68
Virtual Private Networks (PVCs)
• The Internet is inexpensive and universal
– VPNs add security to transmission over the Internet (or
any other untrusted network)
• IPsec
– The strongest security for VPNs
– Tunnel mode between sites is inexpensive
– Transport mode between computers is expensive
• SSL/TLS
– First for browser communication with a single webserver
– SSL/TLS gateways make it a full remote access VPN
7-69