#1 Class Power Points for Chapter #14
Download
Report
Transcript #1 Class Power Points for Chapter #14
Sybex CCNA 640-802
Chapter 14: Wide Area Networks
Chapter 14 Objectives
The CCNA Topics Covered in this chapter include:
• Introduction to WAN’s
• HDLC
• PPP
• Frame Relay
• Introduction to VPN’s
2
Defining WAN Terms
• Customer Premises Equipment
(CPE)
– Equipment the customer owns
• Demarcation
(demarc) - [see 2 “guest” slides, ff]
– The device in which where responsibiltiy shifts from the telco to
the customer. On the customer’s premises.
• Local loop
– Connects the demarc to the CO.
• Central Office
(CO
– This is the other end of the local loop, where the customer’s
network finally connects to the telco’s WAN switches.
– Not exactly the same as a Point of Presence, but close. The
definition of a CO can be more broad than that of a POP.
• Toll network
– The provider’s trunk lines.
Demarcation Point – U.S.
• The demarcation point, or "demarc" as it is commonly known, is the point
in the network where the responsibility of the service provider or "telco"
ends.
• In the United States, a telco provides the local loop into the customer
premises and the customer provides the active equipment such as the
channel service unit/data service unit (CSU/DSU) on which the local loop
is terminated.
• This termination often occurs in a telecommunications closet and the
customer is responsible for maintaining, replacing, or repairing the
4
equipment.
Demarcation Point – International
• In other countries around the world, the network terminating unit
(NTU) is provided and managed by the telco.
• This allows the telco to actively manage and troubleshoot the local loop
with the demarcation point occurring after the NTU.
• The customer connects a customer premises equipment (CPE) device,
such as a router or frame relay access device, into the NTU using a
V.35 or RS-232 serial interface.
5
WAN Connection Types
DTE-DCE-DTE
Channel Service Unit (CSU) is a device that converts a digital data
frame from the communications technology used on a local area
network (LAN) into a frame appropriate to a wide-area network (WAN)
and vice versa.
The Data Service Unit (DSU) is a device that performs protective
and diagnostic functions for a telecommunications line.
[G1. 10 slides follow]
External CSU/DSU
To T1 circuit
To router
• For digital lines, a channel service unit (CSU) and a data service
unit (DSU) are required.
– We won’t go into the differences here.
• The two are often combined into a single piece of equipment, called
the CSU/DSU.
8
CSU/DSU Interface Card
• The CSU/DSU may also be built into the
9
interface card in the router.
Overview
• Over the last several years, web-based applications, wireless devices,
and virtual private networking (VPN) have changed expectations about
computer networks.
• Today corporate networks are accessible virtually anytime from anywhere.
• Corporate networks are typically built around one central site that houses
key network resources.
• It is the job of networking professionals to provide users with remote access
to the networks.
• Remote users may be working at branch offices or home offices.
• They may even be on the road with a laptop or a handheld mobile device.
10
Range of
services
• Types of available WAN services and costs vary depending on the
geographical region and the provider. Budgetary constraints and service
availability are often the overriding selection criteria.
• There are two basic methods of data communications:
– Asynchronous transmission
– Synchronous transmission
• Typically, synchronous communications are more efficient, but dialup
asynchronous transmission is cheaper and more readily available.
Rick Graziani
[email protected]
11
sd
td
WAN Link Options
Synchronous
communication protocols
except for POTS which is
asynchronous
Asynchronous
•
•
SMDS: Switched Multimegabit Data Service – Handles large (enterprise level) amounts of
“bursty” traffic. Connectionless. Extends the capabilities of LANs that often have large
Rick Graziani
amounts
of data to send over the internet, but12only from time to time.
[email protected]
Switched 56: a switched, digital service. 64 Kbps, 56 for data, one bit/byte is for signalling.
Asynchronous Transmission
POTS (not ISDN)
http://www.jbmelectronics.com/
• Asynchronous means "without respect to time".
• In terms of data transmission, asynchronous means that no clock or timing
source is needed to keep both the sender and the receiver synchronized.
• Without the benefit of a clock, the sender must signal the start and stop of
each character so that the receiver knows when to expect data.
• Asynchronous transmission is often described as "character-framed" or
"start/stop" communication because this method frames each character
with a start and stop bit.
13
Synchronous
Transmission
• Synchronous means "with time".
• In terms of data transmission, synchronous means that a common timing
signal is used between hosts.
• A clock signal is either:
– embedded in the data stream “encoding”
– sent separately to the interfaces.
• A field of synchronization bits, called a preamble or flag, forms a pattern
of alternating ones and zeros.
• The receiver uses this pattern to synchronize with the sender.
• With sync, data is not sent in individual bytes, but as frames of large data
15
blocks.
WAN Services
• Service providers offer a variety of synchronous and asynchronous
WAN services.
• The following services can be grouped into three categories depending
on their connection type:
– Dedicated or leased-line connectivity such as 56K circuit, T1, T3,
OC-12, and recently DSL and cable modem technologies
– Circuit-switched networks such as dialup over PSTN or ISDN
17
– Packet-switched networks such as Frame Relay, X.25, and ATM
Dedicated connections
• A dedicated connection is a continuously available point-to-point link
between two sites.
• Dedicated connections typically carry high speed transmissions.
• Because of the expense associated with building and maintaining
transmission facilities, dedicated connections are almost always leased from
the telephone company or some other carrier network, “leased lines.”
• Leased lines are circuits that are reserved full time by the carrier for the
private use of the customer.
• The private nature of a dedicated line allows an organization to maximize
its control over the WAN connection.
18
Dedicated
connections
Uses CSU/DSUs
• Because the line is not shared, they tend to be more costly.
• The line must be paid for whether or not traffic is being sent over it.
• Some services, such as T1, provide a fixed fee for local-loop access for
both locations, and then provide a distance fee for linking those two
locations.
• The cost of maintaining multiple leased lines can add up quickly.
• For this reason, most companies find a fully meshed WAN too costly to
build using only dedicated lines.
• A fully meshed WAN means that every site maintains a connection to every
19
other site.
WAN Support
•
•
•
•
•
•
•
Frame Relay: high-speed, packet-switched technology
ISDN: Integrated Services Digital Network
LAPB: Link Access Procedure, Balanced
LAPD: Link Access Procedure, D-channel
HDLC: High-level Data Link Control
PPP: Point to Point Protocol; Industry standard
ATM: Asynchronous Transfer Mode (53-byte “cells”)
Other WAN protocols
besides Frame Relay
and ATM
• Point-to-Point Protocol (PPP) –Standards-based protocol for router-torouter and host-to-network connections over synchronous and asynchronous
circuits.
• Serial Line Internet Protocol (SLIP) – SLIP is the forerunner to PPP
• High-Level Data Link Control (HDLC) – HDLC implementations are
proprietary, so Cisco HDLC is typically used only when connecting two
Cisco devices.
• X.25/LAPB – X.25 provides extensive error detection and windowing
features because it was designed to operate over error-prone analog copper
circuits.
21
– X.25 was the predecessor of Frame Relay.
HDLC Protocol
• Bit-oriented Data Link layer ISO (same ISO that brought you
the OSI model) standard protocol, i.e., control information
is encoded by bits
• Specifies a data encapsulation method on
synchronous serial data links
• A point-to-point protocol used on leased lines
• No authentication can be used
• [Note: HDLC provides both connection-oriented and
connectionless service
– It can also run over asynchronous links. The book sticks to
the CCNA exams objectives, which focus on the
synchronous links, but HDLC is actually quite versatile.]
HDLC Frame Format
Point-to-Point Protocol (PPP)
• Purpose:
– Transport layer - 3 packets across a Data Link
layer point-to-point link
• Can be used over asynchronous serial (dialup) or synchronous serial (ISDN) media
– Uses Link Control Protocol (LCP)
• Builds & maintains data-link connections
Point-to-Point Protocol Stack
PPP Main Components
• EIA/TIA-232-C
– Intl. Std. for serial communications
• HDLC
– Serial link datagram encapsulation method
• LCP
– Used in P-2-P connections:
• Establishing
• Maintaining
• Terminating
• NCP (Network Control Protocol)
– Method of establishing & configuring Network Layer protocols (IP, IPX,
AppleTalk, etc.).
– Allows simultaneous use of multiple Network layer protocols
LCP Configuration Options
• Authentication
– PAP: Password Authentication Protocol
– CHAP: Challenge Handshake Authentication Protocol
• Compression
– Stacker
– Predictor
• Error detection
– Quality
– Magic Number
• Multilink
– Splits the load for PPP over 2+ parallel circuits; a “bundle”
• [ see Word document on LCP]
LCP
•
PPP Link Control Protocol (LCP)
Of all the different PPP suite protocols, the single most important protocol is the PPP Link
Control Protocol (LCP). LCP is the “boss” of PPP; it is responsible for its overall successful
operation, and for “supervising” (in a way) the actions of other protocols.
•
PPP is about links, and LCP is about controlling those links. As I discussed in the PPP
fundamentals section, the operation of a PPP link can be thought of as proceeding through
various “life stages” just as a biological organism does. There are three main stages of “link life”
and LCP plays a key role in each one:
•
Link Configuration: The process of setting up and negotiating the parameters of a link.
•
Link Maintenance: The process of managing an opened link.
•
Link Termination: The process of closing an existing link when it is no longer needed (or when
the underlying physical layer connection closes).
•
Each of these functions corresponds to one of the “life phases” of a PPP link. Link
configuration is performed during the initial Link Establishment phase of a link; link
maintenance occurs while the link is open, and of course, link termination happens in the
Link Termination phase.
•
Figure 26 represents a summary of the LCP link, showing the different message exchanges
performed by LCP during these different life phases of a PPP connection.
• See graphic:
“Link configuration” is arguably the
most important job that LCP does
in PPP. During the Link
Establishment phase, LCP frames
are exchanged that enable the two
physically-connected devices to
negotiate the conditions under
which the link will operate. Figure 27
shows the entire procedure, which
we will now examine in detail.
The process starts with the
initiating device creating a
Configure-Request frame that
contains a variable number of
configuration options that it wants to
see set up on the link. This is
basically device A's “wish list” for
how it wants the link created.
This flowchart shows in more detail
the negotiation process undertaken
to configure the link by LCP. This
process begins when the PPP link
enters the Link Establishment
phase. After configuration, the
connection goes to the
Authentication phase.
LCP (continued)
PPP Session Establishment
• Link-establishment phase
• Authentication phase
• Network-layer protocol phase
PPP Session Establishment
PPP Authentication Methods
• Password Authentication Protocol (PAP)
– Passwords sent in clear text
– Remote node returns username & password
– Only performed in initial link establishment
• Challenge Handshake Authentication
Protocol (CHAP)
– Done at start-up & periodically
– Challenge & Reply
• Remote router sends a one-way hash ~ MD5
Configuring PPP
•
Step #1: Configure PPP on RouterA & RouterB:
Router__#config t
Router__(config)#int s0
Router__(config-if)#encapsulation ppp
Router__(config-if)#^Z
•
Step #2: Define the username & password on each router:
– RouterA:
– RouterB:
•
RouterA(config)#username RouterB password cisco
RouterB(config)#username RouterA password cisco
NOTE: (1) Username maps to the remote router
(2) Passwords must match
Step #3: Choose Authentication type for each router; CHAP / PAP
Router__(Config)#int s0
Router__(config-if)#ppp authentication chap
Router__(config-if)#ppp authentication pap
Router__(config-if)#^Z
PPP: Example 1
PPP: Example 2:
Failed PPP authentication
PPP: Example 3:
Mismatched WAN Encapsulations
PPP: Example 4:
Mismatched IP Address
PPP Power Point
• Go to PPP Power Point
– PPt-8_PPP_with_slide-14_PAP-CHAP-etc.ppt
• Then go to the Frame Relay material
Frame Relay
• Frame Relay is probably the simplest data communications protocol ever
conceived. Designed to run over virtually error- free circuits, it's a protocol
stripped down for speed.
• Frame Relay abolishes the Network Layer of the OSI model, claims the
routing and multiplexing functions for itself, and leaves everything else to
the higher layers (like error-correction).
• A Frame Relay service ignores traditional functions such as window
rotation, sequence numbering, frame acknowledgment, and automatic
retransmission in order to concentrate on the basics:
– delivering correct data quickly in the right order to the right place.
– It simply discards incorrect data.
• The need for a streamlined protocol like Frame Relay grows from several
facts of modern data communications:
• Users have more data to communicate, and they'd like that data to travel
faster and in larger chunks than current technology has allowed.
• Physical transmission gets faster every year and introduces fewer and
fewer errors into the data.
• Computers and workstations with the intelligence to handle high-level
protocols have replaced dumb terminals as the instruments of choice.
Frame Relay
• Thanks especially to cleaner transmission and smarter workstations,
procedures that older Data Link and Network protocols use to recognize
and correct errors have become redundant for jobs that require large
volume at high speeds.
• Frame Relay handles volume and speed efficiently by combining the
functions of the Data Link and Network layers into one simple protocol.
• As a Data Link protocol, Frame Relay provides
– access to a network,
– delimits and delivers frames in proper order, and
– recognizes transmission errorsthrough a Cyclic Redundancy Check.
• As a Network protocol, Frame Relay provides multiple logical connections
over a single physical circuit and allows the network to route data over
those connections to its intended destinations.
• In order to operate efficiently, Frame Relay eliminates all the error handling
and flow control procedures common to conventional protocols such as
SDLC and X.25.
• In their place, it requires both an error-free transmission path, such as a
digital carrier circuit or a fiber span, and intelligent higher- layer
protocols in the user devices.
Frame Relay
• By definition, Frame Relay is an access protocol that operates between:
– an end-user device such as a LAN bridge or router or a front-end
processor and
– a network.
• The network itself can use any transmission method that's compatible
with the speed and efficiency that Frame Relay applications require.
Some networks use Frame Relay itself; others use either digital circuit
switching or one of the new cell relay systems.
Frame Relay
• Background
– High-performance WAN encapsulation method
– OSI Physical & Data Link layer
– Originally designed for use across ISDN
• Supported Protocols
– IP,
– DECnet,
– AppleTalk,
– Xerox Network Service (XNS),
– Novell IPX,
– Banyan Vines,
– Transparent Bridging, &
– ISO
Before Frame Relay
After Frame Relay
Early Implementations of Frame Relay
• Early implementation of Frame Relay required that a
router (DTE device) must have a WAN serial
interface for every permanent virtual circuit (PVC).
• This was effective but increased the cost because of
the increased number of interfaces, WAN
connections, at the hub router.
Multipoint Physical Interface (and multipoint
subinterfaces) and Split Horizon
• A single physical interface works, but Split Horizon prohibits
distance vector routing updates from propagating out the
same physical interface on which it received the update.
Solution: No Split Horizon with
Point-to-point Subinterfaces
Frame Relay, sidestep …
• Take a look at this Power Point:
– FrameRelay.Subinterfacs.SpltiHorizon.etc.ppt
• Then back again.
Frame Relay
• Purpose
– Provide a communication interface between DTE
& DCE equipments
– Connection-oriented Data Link layer
communication
• Via virtual circuits: PVC, SVC
• Provides a complete path from the source to
destination before sending the first frame
Frame Relay Terminology
Frame Relay Encapsulation
• Specified on serial interfaces
• Encapsulation types:
– Cisco (default encapsulation type)
– IETF (used between Cisco & non-Cisco devices)
RouterA(config)#int s0
RouterA(config-if)#encapsulation frame-relay ?
ietf Use RFC1490 encapsulation
<cr>
Data Link Connection Identifiers (DLCIs)
• Frame Relay PVCs are identified by DLCIs (identified to DCEs, like
routers, for example)
• IP end devices are mapped to DLCIs
– Mapped dynamically or mapped by IARP
• Global Significance:
– Advertised to all remote sites as the same PVC
– For this you need everyone in the network to use LMI extensions
– This is such a pain that it is very rarely implemented
• Local Significance:
– DLCIs do not need to be unique
• Configuration
RouterA(config-if)#frame-relay interface-dlci ?
<16-1007> Define a DLCI as part of the current subinterface
RouterA(config-if)#frame-relay interface-dlci 16
DLCI’s are Locally Significant
Local Management Interface (LMI)
• Background: a signaling standard between a router
and the first connected frame relay switch
• Purpose: passing information about the operation and
status of the VC between the DTE and switch
• LMI Messages
–
–
–
–
Keepalives
Multicasting
Global addressing
Status of virtual circuits
LMI Types
• Configuration:
RouterA(config-if)#frame-relay lmi-type ?
cisco
ansi
q933a
– Beginning with IOS ver 11.2+ the LMI type is auto-sensed
– Default type: cisco
• Virtual circuit status:
– “Active”: everything is up, routers can exchange
information
– “Inactive”: router interface is up and connected with the
switch, but the remote router is not up
– “Deleted”: no LMI info is being received on the interface
from the switch
Single interfaces
RouterA(config)#int s0/0
RouterA(config-if)#encapsulation frame-relay
RouterA(config-if)#ip address 172.16.20.1 255.255.255.0
RouterA(config-if)#frame-relay lmi-type ansi
RouterA(config-if)#frame-relay interface-dlci 101
RouterA(config-if)#^Z
Sub-interfaces
• Definition
– Multiple virtual circuits on a single serial interface:
multiplexing
– Enables the assignment of different network-layer
characteristics to each sub-interface
• IP routing on one sub-interface
• IPX routing on another
– Mitigates difficulties associated with:
• Partial meshed Frame Relay networks
• Split Horizon protocols
Creating Sub-interfaces
Configuration:
#1: Set the encapsulation on the serial interface
#2: Define the subinterface
RouterA(config)#int s0
RouterA(config)#encapsulation frame-relay
RouterA(config)#int s0.?
<0-4294967295> Serial interface number
RouterA(config)#int s0.16 ?
multipoint
Treat as a multipoint link
point-to-point
Treat as a point-to-point link
Sub-interfaces
– Point-to-point: a single virtual circuit connects one router to another.
Each p-2-p subinterface requires its own subnet.
– Multipoint: when the router is the center of a star of virtual circuits that
are using a single subnet for all routers’ serial interfaces connected to
the switch.
Mapping Frame Relay
Necessary to IP end devices to communicate
– Addresses must be mapped to the DLCIs
– Methods:
• Frame Relay map command
• Inverse-arp function
Using the map command
RouterA(config)#int s0
RouterA(config-if)#encap frame
RouterA(config-if)#int s0.16 point-to-point
RouterA(config-subif)#no inverse-arp
RouterA(config-subif)#ip address 172.16.30.1 255.255.255.0
RouterA(config-subif)#frame-relay map ip 172.16.30.17 16
ietf broadcast
Using the inverse arp command
RouterA(config)#int s0.16 point-to-point
RouterA(config-subif)#encap frame-relay ietf
RouterA(config-subif)#ip address 172.16.30.1 255.255.255.0
RouterA(config-subif)#frame-relay interface-dlci 200
Inverse arp is similar to arp, but maps local DLCIs to IP
addresses. This is used to deal with the local significance of
DLCIs.
Committed Information Rate (CIR)
• Definition: Provision allowing customers to
purchase amounts of bandwidth lower than what
they might need
– Cost savings
– Good for bursty traffic
– Not good for constant amounts of data transmission
Congestion Control
• Discard Eligibility (DE):
– Transmit packets beyond the CIR, the packets exceeding
the CIR are to be discarded if network is congested at that
time. These excessive bits are marked with a DE bit.
• Forward-Explicit Congestion Notification (FECN)
– When the frame relay network recognizes congestion in the
cloud, the FECN bit will be set to 1 to notify the destination
DTE that the path the frame just traversed is congested.
• Backward-Explicit Congestion Notification (BECN)
– When the switch detects congestions, it’ll set the BECN bit
in a frame that’s destined for the source router.
Monitoring Frame Relay
RouterA>sho frame ?
ip
show frame relay IP statistics
lmi
show frame relay lmi statistics
map
Frame-Relay map table
pvc
show frame relay pvc statistics
route show frame relay route
traffic Frame-Relay protocol statistics
RouterA#sho int s0
RouterB#show frame map
Router#debug frame-relay lmi
Troubleshooting Frame Relay
Why can’t RouterA talk to RouterB?
You need to use your own DLCI number 100 instead of the remote DLCI number to
communicate with the switch.
Troubleshooting Frame Relay
Why is RIP not sent across the PVC?
Because frame relay is a non-broadcast multi-access network, i.e., no broadcast across the
PVC. So it’s necessary to add broadcast in the mapping statement.
Introduction to VPN’s
• VPNs are used daily to give remote users and
disjointed networks connectivity over a public
medium like the Internet instead of using more
expensive permanent means.
70
Types of VPN’s
• REMOTE ACCESS VPNS
Remote access VPNs allow remote users like telecommuters to securely
access the corporate network wherever and whenever they need to.
• SITE-TO-SITE VPNS
Site-to-site VPNs, or, intranet VPNs, allow a company to connect its remote
sites to the corporate backbone securely over a public medium like the
Internet instead of requiring more expensive WAN connections like Frame
Relay.
• EXTRANET VPNS
Extranet VPNs allow an organization’s suppliers, partners, and customers to be
connected to the corporate network in a limited way for business-to-business
(B2B) communications.
71