Professional Documents
Culture Documents
(WANs)
• WAN Purposes
– Provide remote access to individuals who are off site
– Link sites within the same corporation
– Provide Internet access
7-2
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-1: Wide Area Networks (WANs)
7-3
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-1: Wide Area Networks (WANs)
• Carriers
– Beyond their physical premises, companies must use the
services of regulated carriers for transmission
7-4
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-1: Wide Area Networks (WANs)
7-5
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-2: Leased Line Networks for Voice and Data
7-6
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-2: Leased Line Networks for Voice and Data
7-7
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-3: Full Mesh and Pure Hub-and-Spoke
Topologies for Leased Line Data Networks
Site A Site B
Full Mesh Topology
Site C Site D
7-8
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-3: Full Mesh and Pure Hub-and-Spoke
Topologies for Leased Line Data Networks
1
In a pure hub-and-spoke
topology, there is only
one leased line from the
hub site to each other site
Very inexpensive
Very unreliable
7-10
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Leased Lines
7-12
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-4: Leased Line Speeds
7-13
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-4: Leased Line Speeds
CEPT Hierarchy
7-14
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-4: Leased Line Speeds
SONET/SDH Speeds
7-15
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-5: Connecting to a Leased Line
7-16
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Figure 7-6: ADSL versus Business-Class
Symmetric Digital Subscriber Line (DSL) Services
*By definition,
ALL DSLs use 1-pair voice-grade UTP residential access lines
7-17
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Public Switched Data
Networks (PSDNs)
7-19
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-8: Public Switched Data Network (PSDN)
Site A Site B
POP POP
Public Switched Data
Network (PSDN)
7-20
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-8: Public Switched Data Network (PSDN)
Site A Site B
POP POP
Public Switched Data
Network (PSDN)
7-22
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-9: Virtual Circuit Operation
Virtual
Circuit
Switch A Switch B
Frame with
VC Number 47
Switch C
Switch D Virtual
The internal cloud network
Circuit
is a mesh of switches.
Switch A Switching Table Switch E
Virtual Circuit Port This creates multiple alternative paths.
Server
47 2
270 3
This gives reliability.
982 3
5 1
7-23
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-9: Virtual Circuit Operation
Virtual
Circuit
Switch A Switch B
Frame with
VC Number 47
Switch C
Switch D Virtual
Mesh switching is slow because
Circuit
Switch A Switching Table each switch must evaluate each
Switch E
available alternative paths
Virtual Circuit Port Server
47 2
and select the best one.
270 3
This creates expensive switching.
982 3
5 1
7-24
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-9: Virtual Circuit Operation
Before communication begins between
sites, the PSDN computes
Virtual
Circuit a best path, called a virtual circuit.
Switch C
Switch D Virtual
Circuit
Switch A Switching Table Switch E
Virtual Circuit Port Server
47 2
270 3
982 3
5 1
7-25
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-9: Virtual Circuit Operation
7-27
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-10: Frame Relay
• Frame Relay Is the Most Popular PSDN Service
Today
– 56 kbps to 40 Mbps
Switch
POP
Customer Customer
Premises B Premises C
© 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-29
7-11: Frame Relay Network Elements
Customer 2.
Premises A Leased Access
Line to POP
Switch
POP
Customer Customer
Premises B Premises C
© 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-30
7-11: Frame Relay Network Elements
3.
Port
Customer Speed
Premises A Charge at
POP
Switch
POP has a switch with ports
Switch
POP
The port speed charge is based
on the port speed used
Customer Customer
Premises B Premises C
© 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-31
7-12: ATM
7-32
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-12: ATM
Payload Header
53 Octets 5 Octets
• Short Frames
– Most frames have variable length
– All ATM frames are a very short 53 octets in length
• 5 octets of header
• 48 octets of data (payload)
• No trailer
• 53 octets total
– Short length minimizes latency (delay) at each switch
7-33
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-12: ATM
7-34
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-12: ATM
1
• ATM’s Future?
– May flourish after firms outgrow Frame Relay speeds
– However, metropolitan area Ethernet should be a strong
competitor
– ATM is flourishing in a different market, the PSTN core
• Rapidly replacing circuit switching in the PSTN core
7-35
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-13: Metropolitan Area Ethernet
7-36
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-13: Metropolitan Area Ethernet
1
• Services
– E-Line Service
• Provides a point-to-point connection between sites, as
leased lines do
– E-LAN Service
• Links multiple sites simultaneously
7-37
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-13: Metropolitan Area Ethernet
7-38
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-13: Metropolitan Area Ethernet
7-39
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-13: Metropolitan Area Ethernet
• 802.3ad standard
– Ethernet in the first mile
– Standard for transmitting Ethernet signals over PSTN
access lines
– 1-pair voice-grade UTP, 2-pair data-grade UTP, optical
fiber
7-40
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Layer 3 Carrier WAN Service
IP Carrier Networks
The Internet with Virtual Private Networks
• IP Is Increasingly Important
– Companies know it and are comfortable with it
• A common mantra is “IP over everything”
– There are two ways to use IP at Layer 3 for WAN
transmission:
• IP carrier networks are like PSDNs but work at Layer
3 instead of Layer 2
• Companies can communicate over the Internet,
adding a cryptographic VPN for security
7-42
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-14: The Internet Versus IP Carrier
Networks
7-43
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-14: The Internet versus IP Carrier
Networks
• Security
– If companies act on their own, they can add virtual
private network (VPN) protection to their transmissions
– IP Carrier Network Security
• IP Carrier Networks have some inherent security
– Restrict access to business customers
• However, for real security, virtual private networks
(VPNs) are needed
– IP carrier networks provide cryptographic
equipment at each site
7-44
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-15: Route-Based Virtual Private
Network (VPN) in an IP Carrier Network
7-45
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-16: Cryptographic Virtual Private Networks
(VPNs)
Site-to-Site
VPN
Tunnel
Protected VPN VPN Protected
Server Gateway Internet Gateway Client
Corporate Corporate
Site A Site B
Host-to-Host
VPN Remote
Access
VPN
A VPN is communication over the
Remote access VPNs Remote
Internet with added security
Corporate
protect traffic for individual users
PC
7-46
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-16: Cryptographic Virtual Private Networks
(VPNs)
Site-to-Site
VPN
Tunnel
Protected VPN VPN Protected
Server Gateway Gateway Client
Internet
Site-to-site VPNs
Corporate Corporate
Site A
protect traffic between sites Site B
7-47
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Cryptographic VPN Technologies
1
7-48
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-17: IPsec Transport and Tunnel Modes
Secure Secure
Extra Extra
in Site in Site
Software, Secure on Software,
Network Network
Digital the Internet Digital
Certificate, Certificate,
and Setup and Setup
Required IPsec is the strongest VPN security technology. Required
IPsec transport mode gives host-to-host security
however, software must be added to each host,
each host must be given a digital certificate,
and each host must be setup (configured).
This is expensive if a firm has many hosts.
7-49
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-17: IPsec Transport and Tunnel Modes
No Extra No No No Extra
Software, Security Security Software,
Digital in Site Secure on in Site Digital
Certificate, Network the Internet Network Certificate,
or Setup or Setup
Required In IPsec tunnel mode, there is only security over Required
the Internet between IPsec gateways at each site
No security within sites, but no
software, setup or certificates on individual hosts
Inexpensive compared to transport mode
7-50
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
7-18: SSL/TLS for Browser–Webserver
Communication
2. Webserver
PC with
Protects All Application Layer Traffic with Built-in
Browser Already
Installed That Is SSL/TLS Aware SSL/TLS Support
(WWW and Sometimes E-Mail)
The Internet
3.
HTTP Server
2.
SSL/TLS Browser
3.
Gateway Connection
4. Database to Webserver
Server
4.
1,
Webified
Client
Output
With
Browser
7-53
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Figure 7-20: Market Perspective
• Frame Relay
– Grew explosively in the 1990s
– Became very widely used
– FR prices have risen recently in an effort by carriers to
increase their profit margins
– Widely used and familiar, but now considered a legacy
technology
7-54
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Figure 7-20: Market Perspective
• ATM
– Very high speeds, but very high price
– Not thriving in the corporate market
7-55
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Figure 7-20: Market Perspective
• Metro Ethernet
– Price and speed are very attractive
– Growing very rapidly
– Limited to metropolitan area networking, at least for now
– Still somewhat immature technically
7-56
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Figure 7-20: Market Perspective
• Internet Transmission
– The Internet offers a very low cost per bit transmitted
• VPNs provide security for Internet transmission
– Companies can build their own IP WANs by transmitting
over the Internet
• Must add cryptographic VPN security
7-57
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Topics Covered
• Operate at Layer 1
• Device at Each Site
– PBX for leased line voice networks
– Router for leased line data networks
7-61
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Public Switched Data Networks
• PSDNs
– Operate at Layer 2
– Services offered by carriers
– Customer does not have to operate or manage
– One leased line per site from the site to the nearest POP
– By reducing corporate labor, often cheaper than leased
line networks
– Service Level Agreements
– Virtual circuits reduce costs
7-62
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Frame Relay PSDNs
• Frame Relay
– Most popular PSDN
– 56 kbps to about 40 Mbps
– Access devices, CSU/DSUs, leased access lines, POP
ports, virtual circuits, management
• Usually POP port speed charges are the biggest cost
component
• Second usually are PVC charges
– Leased line must be fast enough to handle the speeds of
all of the PVCs multiplexed over it
7-63
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Other PSDNs
• ATM
– High speed and cost
– Low use
• Metro Ethernet
– Extending Ethernet to MANs
– Very attractive speeds and prices
– Small but growing rapidly
– Still immature management tools
• Carrier IP Networks
– Essentially, private Internets with QoS and security
– Carriers want to use it to replace Frame Relay
7-64
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
IP Transmission
• Transmission at Layer 3
– Trend toward IP over everything
• Carrier IP Networks
– Essentially, private Internets with QoS
– Typically, offer noncryptographic VPNs
• Virtual private networks
• Hide routing from different subscribers
• Not good security
– Carriers want to use carrier IP networks to replace Frame
Relay
7-65
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Virtual Private Networks (VPNs)
• IPsec
– The strongest security for VPNs
– Tunnel mode between sites is inexpensive
– Transport mode between hosts is expensive
• SSL/TLS
– First for browser communication with a single webserver
– SSL/TLS gateways make it a full remote access VPN
7-66
© 2009 Pearson Education, Inc. Publishing as Prentice Hall
Market Perspective
• Stagnant
– Leased line networks
– Frame Relay
– ATM
• Rapid Growth
– Metro Ethernet
– Corporate transmission over the Internet with VPNs
– Carrier IP networks
7-67
© 2009 Pearson Education, Inc. Publishing as Prentice Hall