Enterprise Internets
Download
Report
Transcript Enterprise Internets
Frame Relay, ATM
and VPN
Metropolitan Area Ethernet
Overview
Packet-Switched Services
Offered
X.25
Old,
by Carriers
slow, and not sufficiently cheaper than frame relay
Frame Relay
Speeds
in main range of user demand
Attractive prices
Dominates the market today
ATM
High
speeds and costs
2
X.25 Packet-Switched Data Networks
Oldest packet switched network service (1970s)
Low speed (maximum around 64 kbps)
Mature:
easy to implement
Uses PVCs
Reliable service, so latency in transmission
Mostly replaced by Frame Relay
3
Frame Relay Packet-Switched Data
Networks
Software
upgrade to X.25 switches
Uses PVCs
Unreliable, so much faster on same switches
Good speed range: 56 kbps - 40 Mbps: Meets
most corporate needs (most under 2 Mbps)
–
Grew rapidly in the 90s, to equal leased line
WANs in terms of market share (about 40%)
Best-selling packet switched network service
See more here.
4
ATM (Asynchronous Transfer Mode)
Offers
very high speeds: 622 Mbps, 2.5 Gbps to
40 Gbps. Speeds are beyond most corporate needs
today and high costs.
Connection-oriented
Quality
(PVCs), unreliable
of Service (QOS) guarantees critical
traffic
Minimize
latency (delays)
Inherent reliability (low loss rate)
Seen
as the next generation
But
Frame Relay keeps increasing in speed in low
Mbps range where market demand is highest
5
Pricing Packet Switched Services
Customer Premises Equipment
Access Line to Point of Presence
Port
Speed
Per PVC Price
Distance and Traffic Volume
6
Customer Premises Equipment
Access Device
Has
link to internal system (often a LAN)
Has CSU/DSU to put internal traffic into format for
Frame Relay transmission
In Frame Relay, called Frame Relay Access Device
(FRADS)
Access Device
Access Line
to Network
LAN
7
Modular Routers
CSU/DSUs are removable expansion boards
Modular Router
Router Switching Circuitry
Port 1
CSU/DSU
(T1)
Port 2
CSU/DSU
(56 kbps)
Port 3
CSU/DSU
(T3)
Port 4
CSU/DSU
(56 kbps)
T1 Line
56 kbps Line
T3 Line
56 kbps Line
8
Elements of a Packet Switched Network
Customer
Premises
A
LEC
Switching
Office
Leased
Access Line
to POP
Leased
Access Line
to POP
POP
at LEC
Office
You need a leased access
line to the network’s
POP.
Sometimes the packet
switched network vendor
pays the cost of the
access line for you and
bundles it into your
service charges.
9
Elements of a Packet Switched Network
Switched
Data
Network
Trunk
Line
Network
Switching
Office
Customer
Premises B
POP
Leased
Access Line
10
Pricing of Frame Relay
Speed of the Access Line from Site to Network
Determines
maximum transmission rate to the network
Often
called the Port Speed
Often
the most important price determinant
Must
be fast enough for needs
See Frame Relay vs. DSL -- a price issue
11
Pricing of Frame Relay
In Some Frame Relay networks, two speeds
Committed
Information Rate (pretty much guaranteed)
Available
Bit Rate (like flying standby) for bursts. Not
guaranteed.
Price
depends both on CIR and ABR
Access
line speed must be fast enough for ABR
12
Pricing of Frame Relay
Additional price per PVC
Usually
small compared to the access line charge
One access line can multiplex all PVCs to/from site
PVCs share access line speed
PVC1
Site
PVC2
13
Calculations
Situation
You
have four sites
You want any one to be able to reach any other
Questions
How
many PVCs do you need?
How many access lines do you need?
14
Calculations
PVCs
If
you have N sites, there are N(N-1)/2 possible
connections
In this case, you would have 4(3)/2 or 6 possible
connections
Some vendors count this as 6 PVCs, others as 12 PVCs
Access Lines
You
would need four access lines (one for each site)
Each will multiplex 3 PVCs
Must be fast enough for the needs of communication
with the three other sites
15
Pricing of Frame Relay
May Depend on Distance
But
often a flat monthly rate throughout the carrier’s
service area
May Depend on Traffic
But
often a flat monthly rate based only on the speed of
the access line
16
Leased Lines vs. Packet-Switched Data
Networks
Leased Lines
Point-to-point,
inexpensive for thick routes
Inflexible: must be established ahead of time
Packet Switched Networks
Also
must be established ahead of time for PVCs
Competitor for leased line networks
Priced aggressively
Carrier does all the management
Killing the leased line business
17
Virtual Private Network
1.
Site-to-Site
Tunnel
Internet
VPN Server
VPN Server
Corporate
Site B
Corporate
Site A
Extranet
2. Remote
Customer PC
(or site)
Remote
Access for
Intranet
3. Remote
Corporate PC
18
VPN advantage
Virtual Private Network (VPN)
Transmission
over the Internet with added security
Some analysts include transmission over a PSDN with
added security
Why VPNs?
PSDNs
are not interconnected
Only good for internal corporate communication
But Internet reaches almost all sites in all firms
Low transmission cost per bit transmitted
19
VPN issues
VPN Problems
Latency
and Sound Quality
Internet can be congested
Creates latency, reduces sound quality
Use a single ISP as for VoIP (voice over IP)
Security
PPTP
for remote access is popular
IPsec for site-to-site transmission is popular
20
ISP-Based PPTP Remote Access VPN
Remote Access
VPNs
User
dials into a remote access server (RAS)
RAS often checks with RADIUS server for user
identification information. Allows or rejects connection
Unsecure TCP
Control Channel
Local
Access
Secure Tunnel
RADIUS
Server
PPTP
RAS
Corporate
Site A
Internet
ISP
PPTP
Access
Concentrator
21
VPN and PPTP
Point-to-Point Tunneling Protocol
Available
in Windows since Windows 95
No need for added software on clients
Provided by many ISPs
PPTP access concentrator at ISP access point
Some security limitations
No security between user site and ISP
No message-by-message authentication of user
Uses unprotected TCP control channel
22
IPsec in Tunnel Mode
Local
Network
IPsec
Server
Tunnel
Mode
IPsec
Local
Server
Network
Secure
Tunnel
No Security
In Site Network
Tunnel Only
Between Sites
Hosts Need No
Extra Software
No Security
In Site Network
23
IPsec in Transfer Mode
Local
Network
IPsec
Server
Transfer
Mode
IPsec
Local
Server
Network
Secure
Tunnel
Security
In Site Network
End-to-End (Host-to-Host)
Tunnel
Hosts Need IPsec Software
Security
In Site Network
24
IPsec alternatives
IP Security (IPsec)
Tunnel
mode: sets up a secure tunnel between IPsec
servers at two sites
No security within sites
No need to install IPsec software on stations
Transfer
mode: set up secure connection between two
end hosts
Protected even on internal networks
Must install IPsec software on stations, but default
in current OSs (Windows, Linux, UNIX).
25
Security at the internet layer
IP Security (IPsec)
At
internet layer, so protects information at higher
layers
Transparent:
upper layer processes do not have to be
modified
HTTP
Protected
SMTP
TCP
FTP
SNMP
UDP
Internet Layer with IPsec Protection
26
Common IPsec configuration
IP Security (IPsec)
Security
associations:
Governed
by corporate policies
Party A
Party B
List of
Allowable
Security
Associations
List of
Allowable
Security
Associations
IPsec Policy Server
27
SSL/TLS for Browser–Webserver
Communication
28
Metropolitan Area Ethernet
Metropolitan Area
Network (MAN)
A carrier network limited to a large urban area and its
suburbs
Metropolitan area Ethernet (metro Ethernet) is available
for this niche
Metro Ethernet is relatively new, but is growing very
rapidly
802.3ad
standard
Ethernet in the first mile
Standard for transmitting Ethernet signals over PSTN
access lines
1-pair voice-grade UTP, 2-pair data-grade UTP, optical
fiber
29
Metropolitan Area Ethernet
Attractions
of Metropolitan Area Ethernet
Low prices per bit transmitted
High speeds
Familiar technology for networking staff
Rapid provisioning
Rapid capacity increases for special events
Carrier
Class Service
Basic metro Ethernet standards are insufficient for large
wide area networks
Quality of service and management tools must be
developed
The goal: To provide carrier class services that are
sufficient for customers
30