WIDE AREA NETWORK

Introduction
 A wide area network (WAN) is a geographically distributed private
telecommunications network that interconnects multiple local area networks (
LANs).
 In an enterprise, a WAN may consist of connections to a company's headquarters,
branch offices, cloud services and other facilities.
 Typically, a router or other multifunction device is used to connect a LAN to a
WAN.
 Enterprise WANs allow users to share access to applications, services and other
centrally located resources.
 This eliminates the need to install the same application server, firewall or other
resource in multiple locations
 Reasons why WANs are necessary in
corporate environments today
 People in the regional or branch offices of an organization need to be able to
communicate and share data.
 Organizations often want to share information with other organizations across
large distances
 Employees who travel on company business frequently need to access
information that resides on their corporate networks.
 Major characteristics of WANs

 WANs generally connect devices that are separated by a broader geographic area
than a LAN can serve.
 WANs use the services of carriers such as telcoms, cable companies, satellite
systems, and network providers
 WANs use serial connections of various types to provide access to bandwidth over
large geographic areas.
 WAN Topologies
 Star or hub-and-spoke topology
 Fully meshed topology
 Partially meshed topology
Star or Hub-and-Spoke Topology
• This topology features a single hub (central
router) that provides access from remote
networks to a core router.
• All communication among the networks
travels through the core router
• The central router (hub) represents a single
point of failure
• The central router limits the overall
performance for access to centralized
resources. It is a single pipe that manages all
traffic intended either for the centralized
resources or for the other regional routers
Fully meshed topology
 In this topology, each routing node on
the edge of a given packetswitching
network has a direct path to every other
node on the cloud
 This configuration clearly provides a high
level of redundancy, but the costs are
the highest
 Many virtual circuits are required—one
for every connection between routers,
which brings up the cost
 Configuration is more complex for
routers
Partially meshed topology
 This type of topology reduces the
number of routers within a network
that have direct connections to all
other routers in the topology
 Unlike in the full mesh network, all
routers are not connected to all other
routers, but it still provides more
redundancy than a typical hub-and-
spoke design will.
 WAN TERMS
 Customer premises equipment (CPE) : Customer premises equipment (CPE) is
equipment that’s typically owned by the subscriber and located on the subscriber’s
premises.
 CSU/DSU : A channel service unit/data service unit (CSU/DSU) is a device that
is used to connect data terminal equipment (DTE) to a digital circuit, such as a
T1/T3 line. A device is considered DTE if it is either a source or destination for
digital data. the CSU/DSU connects to the service provider infrastructure using a
telephone or coaxial cable.
 WAN TERMS
 Demarcation point : The demarcation point (demarc for short) is the
precise spot where the service provider’s responsibility ends and the CPE begins.
It’s generally a device in a telecommunications closet owned and installed by the
telecommunications company (telco). It’s your responsibility to cable (extended
demarc) from this box to the CPE.
 Local loop : The local loop connects the demarc to the closest switching office,
referred to as the central office.
 WAN TERMS
 Central office (CO): This point connects the customer’s network to the
provider’s switching network. Make a mental note that a central office (CO) is
sometimes also referred to as a point of presence (POP).
 Toll network: The toll network is a trunk line inside a WAN provider’s network.
This network is a collection of switches and facilities owned by the Internet
service provider (ISP).
 Optical fiber converters: optical fiber converters are used where a fiber-optic
link terminates to convert optical signals into electrical signals and vice versa. You
can also implement the converter as a router or switch module.
 WAN Connection Bandwidths
SL NO CONNECTION NAME BANDWIDTH

1 DS0 (Digital Signal 0) 64 Kbps

2 T1 1.544 Mbps

3 E1 2.048 Mbps

4 T3 44.736 Mbps

5 OC-3 155.52 Mbps

6 OC-12 622.08 Mbps

7 OC-48 2488.32 Mbps

8 OC-192 9953.28 Mbps

 WAN Connection Types
 Leased Line
 Circuit Switching
 Packet Switching
 Frame Relay
 MPLS (Multi Protocol Label Switching)
 LEASED LINE
 These are usually referred to as a point-to-point or dedicated connections.
 A leased line is a pre-established WAN communications path that goes from the CPE through the
DCE switch, then over to the CPE of the remote site.
 The CPE enables DTE networks to communicate at any time.
LEASED LINE
 Encapsulation Used
 HDLC (High Level Data Link Control)
 PPP (Point to Point Protocol)
HDLC (High Level Data Link Control)
 It is a group of protocols or rules for transmitting data between network points.
 In HDLC, data is organized into a unit (called a frame) and sent across a network
to a destination that verifies its successful arrival.
 The HDLC protocol also manages the flow or pacing at which data is sent.
 HDLC is one of the most commonly-used protocols in what is layer 2 of OSI
Layer.
 HDLC is based on IBM's SDLC protocol, which is widely used by IBM's large
customer base in mainframe computer environments.
HDLC Frame Format
Checking Process
PPP (Point to Point Protocol)
 The Point-to-Point Protocol (PPP) provides a standard method for transporting
multi-protocol datagrams over point-to-point links.
 PPP has three main components:
 A way to encapsulate multiprotocol datagrams;
 A Link Control Protocol to establish, configure and test the data-link connection;
 And a group of network control protocols that establish and configure different
types of network-layer protocols
 It is a Data Link Layer Protocol .
PPP (Point to Point Protocol)
 PPP is a full-duplex protocol that can be used on a variety of physical media,
including twisted pair copper wire, fiber optic lines or satellite links.
PPP Frame Format
 PPP Session Establishment
 LINK DEAD :- This phase occurs when the link fails or one side has been told to
be disconnect.
 LINK ESTABLISHMENT :- Here LCP (Link Control Protocol) negotiation
attempted. If successful control goes to Authentication phase.
 AUTHENTICATION :- It allows both sides to authenticate each other before a
connection is established.
 NETWORK LAYER PROTOCOL :- This phase is where each desired protocols'
Network Control Protocols are invoked.
 Link Termination Phase :- This phase closes down this connection. This can
happen if there is an authentication failure, if there are so many checksum errors that
the two parties decide to tear down the link automatically, if the link suddenly fails,
or if the user decides to hang up his connection
 CIRCUIT SWITCHING
 The big advantage is cost
 most plain old telephone service (POTS) and ISDN dial-up connections are not flat rate, which is
their advantage over dedicated lines because you pay only for what you use, and you pay only
when the call is established.
 No data can transfer before an end-to-end connection is established.
 Circuit switching uses dial-up modems or ISDN and is used for low bandwidth data transfers.
 PACKET SWITCHING
 This is a WAN switching method that allows you to share bandwidth with other
companies to save money
 Packet switching can be thought of as a network that’s designed to look like a
leased line yet
 it charges you less, like circuit switching does. As usual, you get what you pay
for, and there’s definitely a serious downside to this technology. If you need to
transfer data constantly, well, just forget about this option and get a leased line
instead! Packet switching will only really work for you if your data transfers are
bursty, not continuous; think of a highway, where you can only go as fast as the
traffic—packet switching is the same thing. Frame Relay and X.25 are packet-
switching technologies with speeds that can range from 56 Kbps up to
 T3 (45 Mbps).
 FRAME RELAY
 Uses existing Service provider to provide connectivity.
 Cost effective solutions
 It is a Packet Switching Technology.
 FRAME RELAY

TERMS
Virtual Circuits :- These are multiple logical connection on same physical
connection. These are the connections that are provided by Frame Relay to the
branches.
 DLCI (Data-link Connection Identifier) :- These are virtual circuit range from
16-1007. It is given by ISP. It is used to map local DLCI to remote IP addresses. It
can be assigned manually and Dynamically.
 LMI(Local Management Interface ):- These messages are used between
company Routers and Frame Relay Switches to check connectivity. There are 3
type of LMI : 1. CISCO 2. ANSI 3. Q.933a
FRAME RELAY CONNECTION TYPE

1. Point to Point
2. Point to Multipoint
Point to Point connection
Point to Multi-Point connection
POINT TO POINT
HUB CONFIGURATION
SPOKE CONFIGURATION
FR-SWITCH CONFIGURATION
ROUTER AS FRAME-RELAY SWITCH
HUB CONFIGURATION
SPOKE CONFIGURATION
FR SWITCH CONFIGURATION
POINT TO MULTIPOINT
HUB CONFIGURATION
SPOKE-1 CONFIGURATION
SPOKE-2 CONFIGURATION
FRS CONFIGURATION
FRAME RELAY VERIFICATION
VPN (Virtual Private Network)
Traditional Network
 What is VPN ?
 Virtual Private Network is a type of private network that uses public
telecommunication, such as the Internet, instead of leased lines to communicate.

 Became popular as more employees worked in remote locations.

 Terminologies to understand how VPNs work.

 Private Networks VS VPN

 Employees can access the network (Intranet) from remote locations.

 Secured networks.

 The Internet is used as the backbone for VPNs

 Saves cost tremendously from reduction of equipment and maintenance costs.

 Scalability
Four Critical Functions of VPN
 Authentication – validates that the data was sent from
the sender.
 Access control – limiting unauthorized users from
accessing the network.
 Confidentiality – preventing the data to be read or
copied as the data is being transported.
 Data Integrity – ensuring that the data has not been
altered
 VPN TYPES
 SITE TO SITE VPN
 REMOTE ACCESS VPN
 Remote Access VPN
 A remote-access VPN allows individual users to establish secure connections
with a remote computer network.
 Those users can access the secure resources on that network as if they were
directly plugged in to the network's servers
 There are two components required in a remote-access VPN.
 The first is a network access server
 A NAS might be a dedicated server, or it might be one of multiple software
applications running on a shared server.
 The other required component of remote-access VPNs is client software.
 Remote Access VPN

 In other words, employees who want to use the VPN from their computers require
software on those computers that can establish and maintain a connection to the
VPN.
SITE-TO-SITE VPN
SCENARIO
GRE (Generic Routing Encapsulation)

OSI Layer 3 tunneling protocol:

 Uses IP for transport
 Uses an additional header to support any other OSI Layer 3 protocol as payload (e.g., IP, IPX,
AppleTalk)
Default GRE Characteristics

 Tunneling of arbitrary OSI Layer 3 payload is the primary goal of GRE

 Stateless (no flow control mechanisms)
 No security (no confidentiality, data authentication, or integrity assurance)
 24-byte overhead by default (20-byte IP header and 4-byte GRE header)
Optional GRE Extensions

 GRE can optionally contain any one or more of these fields:

 Tunnel checksum
 Tunnel key
 Tunnel packet sequence number
 GRE keepalives can be used to track tunnel path status.
Introducing Secure GRE Tunnels
 GRE is good at tunneling:
 Multiprotocol support
 Provides virtual point-to-point connectivity, allowing routing protocols to be used
 GRE is poor at security—only very basic plaintext authentication can be
implemented using the tunnel key (not very secure)
 GRE cannot accommodate typical security requirements:
 Confidentiality
 Data source authentication
 Data integrity