Transcript presentation source

Enterprise Internets
Copyright 1997 Prentice-Hall
Wide Area Networks (WANs)

WAN Technologies
 Ordinary
telephone line and telephone modem.
 Point-to-Point
 Public
Leased lines
switched data network (PSDN)
 Send
your data over the Internet securely, using Virtual
Private Network (VPN) technology
PSDN
VPN
2
Local versus Enterprise Internets
Hong
Kong

New
York
LANs and Local Internets
 Run
on customer premises
 Organization controls transmission lines
London

Enterprise Internets Span Sites
 Organization
does not have right of ways between sites
 Organization must turn to a transmission carrier
 Carriers have legal rights to rights-of-way between
customer premises
 Carriers are regulated
3
Carriers

You have the right to lay wires on your own
premises

You do not have the right-of-way to lay wires
outside your premises

For services beyond your premises, you must turn
to a carrier

Carriers have rights of way. To compensate for
this power, they are regulated
4
Transmission Carriers in the U.S.
 Local
Telephony
LEC
LATAs
 U.S.
divided into 161 Local
Access and Transport Areas (LATAs)
 In
each LATA, there is a main carrier--the local
telephone company.
 This
company formerly had a monopoly on intra-LATA
service.
 This
firm is the local exchange carrier (LEC)
 CAP  Refer
Competitive Access Providers
to last class meeting for details
5
Transmission Carriers in the U.S.

Domestic Inter-LATA Carriers (U.S.)
 Domestic
means within a country
 Inter-LATA service
 Carriers
(between LATAs)
are called inter-exchange carriers (IXCs).
 Competition
has long existed in this arena.
IXC
6
Transmission Carriers Between
Countries

International Carriers
 Called
International Common Carriers (ICCs)
 Each pair of countries negotiates on what ICCs to
allow, like we saw last class meeting.
 When you call internationally, you use one ICC, not
two--one at each end.
ICC
7
Point of Presence (POP)
Trunk Line
POP
at LEC
Switching
Office
The POP provides
interconnection
between LEC
subscribers and
CAP subscribers.
The POP is located
at a LEC switching
office.
8
Connecting to IXCs and ICCs
IXC
Switching
Office
Trunk Line
POP
at LEC
Switching
Office
IXC
Switching
Office
ICC
Switching
Office
The POP also links LEC and CAP subscribers to IXCs and ICCs.
9
POP

All competitors can interconnect their customers
into an integrated system

The key to competition
 Without
it, new competitors could not get a critical
mass of customers
 With
a POP, even a small customer base is no problems,
because these customers can reach any other telephone
customers in the world.

Trunk lines connect carrier switching offices
10
Circuit
 End-to-End
Connection Between Stations
 May
Pass through Several Switches
 May Go Through Multiple Transmission Media
 Maintained throughout the call

May flow through multiple carriers
 LEC,
ICC, etc.
Wire
Satellite
Wire
11
Circuit Speeds

Voice Grade Circuits
 Ordinary
telephone line, except point-to-point
 Analog line: high error rate
 Requires modem
 Worst of all, slow: Under ~35 kbps
Analog
12
Circuit Speeds

Digital
64 kbps
56 kbps
64 kbps Circuits
 Digital
line: low error rate
 If
you digitize an analog telephone system, it generates
64 kbps in data
 Used
to be sufficient for linking people from home
 Used
to be sufficient for linking branch offices
 Sometimes,
 Use
56 kbps
to be the most widely used digital circuit
 Inexpensive.
In range of most demand.
13
Circuit Speeds

T1
1.544 Mbps
T1 Circuits
 1.544
Mbps
 Designed
 Can
DS1
to multiplex 24 digital voice lines
be used as a single high-speed data pipe
 Sufficient
 Also
for many uses to connect sites
called DS1 for the signaling format
 Very
widely used: In the critical speed range for many
“high speed” corporate uses and not too expensive
14
Circuit Speeds

Fractional T1
128 kbps
256 kbps
384 kbps
768 kbps
Fractional T1 Circuits
 Many
 128
firms need between 64 kbps and T1 speeds
kbps, 256 kbps, 384 kbps, 768 kbps common
 Each
vendor only offers some options
 Different
 768
vendors offer different options
kbps usually is the fastest offering
15
Circuit Speeds

T3
44.7 Mbps
T3 Circuits
 44.7
Mbps in U.S.
 For firms needing very high speeds
 Uncommon now but increasing

Other T-Series Speeds
 There
are faster T-series circuits, but they are rarely
used.
 There are T2 circuits, but they are not offered
16
Circuit Speeds

E Series
2.048 Mbps
34.4 Mbps
E Series Circuits
 Used
in Europe, other areas
 Created
by CEPT (Conference of European Postal and
Telecommunications Authorities)
 E1:
2.048 Mbps (faster than T1)
 E3:
34.4 Mbps
17
Circuit Speeds

Higher-Speed Digital Lines (SONET/SDH)
 Single
 In
world-wide standard for very high speeds
U.S., called SONET (Synchronous Optical Network)
 In
Europe, elsewhere called SDH (Synchronous Digital
Hierarchy)
 OC
circuit designations. Multiples of 51.84 Mbps
 OC3:
 OC12:
156 Mbps
622 Mbps
 Defined
SONET
SDH
up to a few Gigabits per second
18
Types of Traditional Telephone
Circuits

Dial-Up Service (Any-to-Any)

Leased Lines
 Point-to-point
only
 Cheaper for high volumes of use
Switched
Dial-Up
Service
Seattle
Leased Line
Washington, D.C.
19
Leased Line Service
Switching
Office
Leased Lines
May Pass Through
Multiple Switches,
Even Multiple
Carriers
Trunk
Line
Switching
Office
Local
Loop
Customer Premises A
Trunk
Line
Switching
Office
Local
Loop
Customer Premises B20
Leased Lines
 Limited
to 2 points
 Cheaper
than dial-up on high-volume routes
 Companies
can build enterprise networks from
meshes of leased lines between sites
Corporate-owned
Switch
Leased
Line
See this document for price example
21
Data Networks
Data Network
 Data
Networking Alternatives
 Use
the telephone network and modems (slow)
 Lease lines, add own switching (complex)
 Data
Networks
 Optimized
for data transmission
 Customer only has to connect to the data network
 Carrier handles transmission, switching, management
 Shown as cloud to indicate lack of need to know details
 Two types: circuit-switched and packet-switched
22
Circuit-Switched Data Networks

Switched for any-to-any communication

Just dial the number of the party being called

Very flexible
23
Circuit-Switched Data Networks

Dedicated Capacity
 Circuit
is maintained during the duration of the call
 Capacity
 You
is always available
must pay for this constant capacity
 Most
data transmission is burst, with long silences
between transmission
 Utilization
 So
of the line may be as low as 5%
circuit-switched services is inherently expensive
24
Circuit-Switched Data Networks

ISDN
ISDN
 Usually
circuit-switched
 Both voice and data
 Two 64 kbps B channels to the desktop
 Sometimes can combine into a 128 kbps circuit
 About twice as expensive as a telephone line
 Needs a terminal adapter to connect computer, phone
 Reasonably inexpensive, reasonably fast, popular
Seen previously
25
Packet-Switched Data Networks

Messages are Broken into Small Pieces (Packets)
 Flow
through the network more easily than long
messages, like sand in an hourglass
Packet
26
Packet Switches

Packet Switched Networks have Switches
 Route
the packets through the network
Switch
1
3
2
4
6
5
7
27
Packet Switching is Efficient

Packets from several stations multiplexed over
trunk lines between switches
 No
costly dedicated transmission capacity
1
2
Trunk Line
28
Error Checking in Packet-Switched Data
Networks

The Process
 Sender
transmits the packet
 Sender
maintains the packet in memory
 Receiver
 If
1
2
checks the packet for errors
there is an error, asks for a retransmission
 Sender
retrieves from memory, retransmits
29
Error Checking in Packet-Switched Data
Networks

Considerations in
 Adds
delay (latency) every time it is done
 Places
a heavy load on the switch, lowering throughput
 Not
often needed, because there are very few errors on
modern transmission lines.
30
Reliable Packet-Switched Data Networks

Check for Errors at Each Hop
 Have
reduced throughput
 Have latency (delays)
Error
Check
Error
Check
Error
Check
Error
Check
Error
Check
1
2
3
4
5
31
Unreliable Packet-Switched Data
Networks

No Error Check at Each Packet Switch
 Check
only once, at receiving host
 Low latency, load on switches
Error
Check
No Error Checks at Switches
1
2
3
4
5
32
Unreliable Service

Most Packet Switched Networks Today are
Unreliable
 Little
Need: Error rates are low with modern lines,
switches
 Reduces
 Low
delays: critical for some applications
load on the switches for high throughput
 Better
to check once, on the receiving host, than at
every switch
33
Connectionless Service
 Routing
Decision for each packet at each switch
 Places
a heavy load on switches
 Unnecessary work: subsequent packets usually travel
same path, because conditions rarely change between
packets
Decision
1
Decision
3
2
4
6
Decision
5
7
Decision
See some Verizon services
34
Connection-Oriented Service

Routing decision is made once, at start of
connection
Decision
1
Decision
3
2
4
6
Decision
5
7
Decision
35
Connection-Oriented Service

First decision establishes a path (virtual circuit)
 All
subsequent packets follow the virtual circuit
1
3
2
4
6
Virtual Circuit
5
7
36
Connection-Oriented Packet-Switched
Data Networks

All Commercial Packet Switched Networks are
Connection-Oriented
 Reduces
 Lower

loads on the switches for higher throughput
latency because of less work at each switch
When marketers say “packet switched,” they now
automatically include the concept of connection
orientation
37
Connections in Packet-Switched Data
Networks

Permanent Virtual Circuits (PVCs)
 Established
for long durations
 Set up weeks or months ahead of time
 If your firm has four sites, need 6 PVCs
 Makes packet switched networks like network of leased
lines
PVC
Site 1
Site 2
Site 3
Site 4
38
Connections in Packet-Switched Data
Networks

Switched Virtual Circuits
 Established
 Only
at call setup
available in some packet switched networks
 Will
provide the any-to-any flexibility of circuitswitched data networks AND the efficiency of
connection-oriented packet switching
39
OSI Layering

Connectionless Service
 OSI
Layer 3 (Networking)
 Routing across a series of packet switches
 Alternative Routing

Connection-Oriented Service
 OSI
Layer 2 (Data Link)
 Reduces network to a single path
 Loses flexibility of alternative routing after virtual
circuit is established
40
Packet-Switched Services
 Offered

X.25
 Old,

by Carriers
slow, and not sufficiently cheaper than frame relay
Frame Relay
 Speeds
in main range of user demand
 Attractive prices
 Dominates the market today

ATM
 High
speeds and costs
41
X.25 Packet-Switched Data Networks

Oldest packet switched network service (1970s)

Low speed (maximum around 64 kbps)
 Mature:
easy to implement

Uses PVCs

Reliable service, so latency in transmission

Mostly replaced by Frame Relay
42
Frame Relay Packet-Switched Data
Networks

Software upgrade to X.25 switches

Uses PVCs

Unreliable, so much faster on same switches

Good speed range: 56 kbps - 40 Mbps: Meets
most corporate needs (most under 2 Mbps)

Priced aggressively to kill leased lines
(succeeding)

Best-selling packet switched network service
See more here.
43
ATM (Asynchronous Transfer Mode)

Offers very high speeds
 622
Mbps, 2.5 Gbps to 40 Gbps

Connection-oriented (PVCs), unreliable

Quality of Service (QOS) guarantees critical
traffic
 Minimize
latency (delays)
 Inherent reliability (low loss rate)
 Etc.
44
ATM

Speeds are beyond most corporate needs today

High costs
 Seen
as the next generation
 But
Frame Relay keeps increasing in speed in low
Mbps range where market demand is highest
See ATM pricing in 97
Also Verizon project prices
45
Pricing Packet Switched Services

Customer Premises Equipment

Access Line to Point of Presence
 Port
Speed

Per PVC Price

Distance and Traffic Volume
46
Customer Premises Equipment

Access Device
 Has
link to internal system (often a LAN)
 Has CSU/DSU to put internal traffic into format for
Frame Relay transmission
 In Frame Relay, called Frame Relay Access Device
(FRADS)
Access Device
Access Line
to Network
LAN
47
Modular Routers

CSU/DSUs are removable expansion boards
Modular Router
Router Switching Circuitry
Port 1
CSU/DSU
(T1)
Port 2
CSU/DSU
(56 kbps)
Port 3
CSU/DSU
(T3)
Port 4
CSU/DSU
(56 kbps)
T1 Line
56 kbps Line
T3 Line
56 kbps Line
48
Elements of a Packet Switched Network
Customer
Premises
A
LEC
Switching
Office
Leased
Access Line
to POP
Leased
Access Line
to POP
POP
at LEC
Office
You need a leased access
line to the network’s
POP.
Sometimes the packet
switched network vendor
pays the cost of the
access line for you and
bundles it into your
service charges.
49
Elements of a Packet Switched Network
Switched
Data
Network
Trunk
Line
Network
Switching
Office
Customer
Premises B
POP
Leased
Access Line
50
Pricing of Frame Relay

Speed of the Access Line from Site to Network
 Determines
maximum transmission rate to the network
 Often
called the Port Speed (not in the book)
 Often
the most important price determinant
 Must
be fast enough for needs
See Frame Relay vs. DSL -- a price issue
51
Pricing of Frame Relay

In Some Frame Relay networks, two speeds
 Committed
Information Rate (pretty much guaranteed)
 Available
Bit Rate (like flying standby) for bursts. Not
guaranteed.
 Price
depends both on CIR and ABR
 Access
line speed must be fast enough for ABR
52
Pricing of Frame Relay

Additional price per PVC
 Usually
small compared to the access line charge
 One access line can multiplex all PVCs to/from site
 PVCs share access line speed
PVC1
Site
PVC2
53
Calculations

Situation
 You
have four sites
 You want any one to be able to reach any other

Questions
 How
many PVCs do you need?
 How many access lines do you need?
54
Calculations

PVCs
 If
you have N sites, there are N(N-1)/2 possible
connections
 In this case, you would have 4(3)/2 or 6 possible
connections
 Some vendors count this as 6 PVCs, others as 12 PVCs

Access Lines
 You
would need four access lines (one for each site)
 Each will multiplex 3 PVCs
 Must be fast enough for the needs of communication
with the three other sites
55
Pricing of Frame Relay

May Depend on Distance
 But
often a flat monthly rate throughout the carrier’s
service area

May Depend on Traffic
 But
often a flat monthly rate based only on the speed of
the access line
56
Leased Lines vs. Packet-Switched Data
Networks

Leased Lines
 Point-to-point,
inexpensive for thick routes
 Inflexible: must be established ahead of time

Packet Switched Networks
 Also
must be established ahead of time for PVCs
 Competitor for leased line networks
 Priced aggressively
 Carrier does all the management
 Killing the leased line business
57
Circuit-Switched vs. Packet-Switched
Services

Circuit Switched Networks (ISDN, Switched 56)
 Any-to-any connectivity by dialing number
 Highest speed is ISDN: 64 kbps to 128 kbps

Packet Switched Networks (X.25, Frame Relay, ATM)
 PVCs make them primarily competitors to leased lines
 Megabit to gigabit speeds
 SVCs may provide any-to-any flexibility in the future
58
Virtual Private Network
1.
Site-to-Site
Tunnel
Internet
VPN Server
VPN Server
Corporate
Site B
Corporate
Site A
Extranet
2. Remote
Customer PC
(or site)
Remote
Access for
Intranet
3. Remote
Corporate PC
59
VPN advantage

Virtual Private Network (VPN)
 Transmission
over the Internet with added security
 Some analysts include transmission over a PSDN with
added security

Why VPNs?
 PSDNs
are not interconnected
 Only good for internal corporate communication
 But Internet reaches almost all sites in all firms
 Low transmission cost per bit transmitted
60
VPN issues

VPN Problems
 Latency
and Sound Quality
 Internet can be congested
 Creates latency, reduces sound quality
 Use a single ISP as for VoIP (voice over IP)
 Security
 PPTP
for remote access is popular
 IPsec for site-to-site transmission is popular
61
ISP-Based PPTP Remote Access VPN
 Remote Access
VPNs
 User
dials into a remote access server (RAS)
 RAS often checks with RADIUS server for user
identification information. Allows or rejects connection
Unsecure TCP
Control Channel
Local
Access
Secure Tunnel
RADIUS
Server
PPTP
RAS
Corporate
Site A
Internet
ISP
PPTP
Access
Concentrator
62
VPN and PPTP

Point-to-Point Tunneling Protocol
 Available
in Windows since Windows 95
 No need for added software on clients
 Provided by many ISPs
 PPTP access concentrator at ISP access point
 Some security limitations
 No security between user site and ISP
 No message-by-message authentication of user
 Uses unprotected TCP control channel
63
IPsec in Tunnel Mode
Local
Network
IPsec
Server
Tunnel
Mode
IPsec
Local
Server
Network
Secure
Tunnel
No Security
In Site Network
Tunnel Only
Between Sites
Hosts Need No
Extra Software
No Security
In Site Network
64
IPsec in Transfer Mode
Local
Network
IPsec
Server
Transfer
Mode
IPsec
Local
Server
Network
Secure
Tunnel
Security
In Site Network
End-to-End (Host-to-Host)
Tunnel
Hosts Need IPsec Software
Security
In Site Network
65
IPsec alternatives

IP Security (IPsec)
 Tunnel
mode: sets up a secure tunnel between IPsec
servers at two sites
 No security within sites
 No need to install IPsec software on stations
 Transfer
mode: set up secure connection between two
end hosts
 Protected even on internal networks
 Must install IPsec software on stations
66
Security at the internet layer

IP Security (IPsec)
 At
internet layer, so protects information at higher
layers
 Transparent:
upper layer processes do not have to be
modified
HTTP
Protected
SMTP
TCP
FTP
SNMP
UDP
Internet Layer with IPsec Protection
67
Common IPsec configuration

IP Security (IPsec)
 Security
associations:
 Governed
by corporate policies
Party A
Party B
List of
Allowable
Security
Associations
List of
Allowable
Security
Associations
IPsec Policy Server
68