Download WAN topology

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
Document related concepts

Multiprotocol Label Switching wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Policies promoting wireless broadband in the United States wikipedia , lookup

Net neutrality wikipedia , lookup

Computer security wikipedia , lookup

IEEE 1355 wikipedia , lookup

Computer network wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

Network tap wikipedia , lookup

Wireless security wikipedia , lookup

Peering wikipedia , lookup

Net neutrality law wikipedia , lookup

Airborne Networking wikipedia , lookup

Distributed firewall wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

TV Everywhere wikipedia , lookup

Service-oriented architecture implementation framework wikipedia , lookup

Deep packet inspection wikipedia , lookup

Net bias wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Transcript 
Network design
WAN topology
Topic 5
Agenda
•
•
•
•
•
•
•
Enterprise topology
Functions and components
Security
Design goals
Physical standards
Topologies
WAN link types
Enterprise Composite Network Model
• A hierarchal and scalable blue-print for network designers
• Enterprise campus
– The elements for network operation within one campus (building)
– Designed to provide high availability, scalability, and flexibility
– Includes a campus backbone, a server farm, building access and building
distribution modules and a network management module
• Enterprise edge
– Efficient and secure communication between the enterprise campus and
remote locations, business partners, mobile users, and the Internet
– Aggregates connectivity, provides traffic filtering and inspection and
routing to the enterprise campus
– Includes WAN, VPN, internet access, and e-commerce modules
• Service provider edge
– Enables communication with other networks
– Uses different WAN technologies and Internet service providers (ISPs)
Enterprise Composite Network Model
Service Providers
•
Tier 1 provider
–
–
–
–
•
Tier 2 Provider
–
–
–
–
•
National or international backbone with at least DS-3, OC-3 to OC-48 connectivity
All its routes from bilateral peering arrangements
24/7 network operations center
Customers are primarily other providers, but it may support a large enterprise also
Regional or national presence
High bandwidth backbones and 24/7 operations
Buys transit (discounted) from a Tier 1 provider for traffic that goes outside the region
Gets all its regional routes through peering arrangements.
Tier 3 Provider
– Typically a regional provider for a small or medium-sized region
– Buys transit from multiple upstream providers
– Runs a default-free routing table
•
Tier 4 and Tier 5 Providers
– Metropolitan provider multi-homed to two regional providers
– Small, single-homed provider that connects end users via dialup, cable modem, or wireless
service
Enterprise edge module
•
•
•
•
•
Edge distribution
– Interface to the enterprise network
– Web security appliances and Intrusion Prevention appliances
E-commerce
– DMZ security zones with internet facing servers, network services such as DNS, FTP
and NTP, email, websites and web portal
– Separates internal and external services such as DNS, intranet and collaboration
services
Internet connectivity
– Safe and secure access to internet for corporate users, and remote users
Remote access VPN
– Corporate access to remote users such as tele-workers and mobile workers
WAN
– Wan networks such as Frame Relay and ATM to other sites
– Site-to-site VPNs for branch and partner sites
– Protection services such as Intrusion Protection services
Components
• Inner switch
– Provide connectivity between core and campus VLANs and firewall
• Firewall
– Stateful access control and deep packet inspection
– Controlling user’s internet bound traffic
– Protecting public services in DMZ
• Outer switches
– Provides connectivity between the firewall and the edge router
• Edge routers
– Route traffic from enterprise to the internet via one or more ISPs
– Security such as ACLs and uRPF
• Remote access appliances
– Terminate remote-access VPNs such as SSL and Ipsec VPNs
Design goals for the edge
• Availability
• Eliminate any single point of failure on the network
– Redundancy
• High availability for internet, extranet, and virtual private
network (VPN) with redundant interfaces, standby devices,
redundant links and devices
• Reliability by duplicating any required component whose
failure could disable critical applications – a channel service
unit (CSU), a power supply, a WAN trunk, internet
connectivity
– Affordability
• Trade-offs may be required
Design goals for the edge
• Backup paths
– How much capacity does the backup path support?
– How quickly will the network begin to use the backup path?
– Common for a backup path to have less capacity than a
primary path and use different technologies
– Automatic failover is necessary for mission-critical
applications
– What about the cable to the ISP – often the weakest link
• Multi-homing the internet connection
– Providing an enterprise network with more than one entry
into the Internet.
• Circuit diversity
– Different carriers sometimes use the same facilities
– Ensure that your backup really is a backup
Design goals for the edge
• Management
– Configurations
– Monitor traffic flows
– Monitor protocol and process efficiency
– Security baselines
•
•
•
•
Device access
Routing security
Device resilience
Policy enforcement
Designing process
• What are the business and technical goals for
the Enterprise Edge?
– Who are the user communities?
– What is the health of the existing network?
– Where are the traffic flows?
• What technologies?
• What topology?
• What link type?
Security and remote access
• Business and technical goals
– Confidentiality and privacy
– Integrity
– Availability
• Security technologies
– Security zones, ACLs and network address translation
– Access control
• AAA services
• Auditing
– Protection
• Application inspection
• Monitoring and intrusion protection
– Privacy
• Encryption
• Remote access
– Remote access VPNS, SSL and Ipsec VPNS
– Site-to-site VPNS
WAN topologies
•
•
•
•
Full mesh
– Every router is connected to every other router for complete redundancy
– Good performance because there is just a single link delay between any two sites
– The number of links in a full-mesh topology is
• (N * (N – 1)) / 2
– Expensive to deploy and maintain, hard to optimize, troubleshoot, and upgrade
– Scalability limits for groups of routers that broadcast routing updates or service
advertisements (20% broadcast rule)
Partial mesh
– Not every router is connected to every other router
– Compromise solution
• Partial redundancy
• Less cost
• Less performance as some destinations might require traversing intermediate
links
Hub and spoke (Star)
– Common hierarchical design
– Destinations are reached via the ‘hub’
Peer
– No redundancy, least expensive, easiest setup
Choosing a WAN link connection
• What is the purpose of the WAN?
• What is the geographic scope?
• What are the traffic requirements? Type, volume, quality
and security
• Should the WAN use a private or public infrastructure?
• For a private WAN, should it be dedicated or switched?
• For a public WAN, what type of VPN access do you need?
• Which connection options are available locally?
• What is the cost of the available connection options?
WAN link connection methods
• Private
– Dedicated
• Leased lines Point-to-Point and Point-to-Multipoint PPP HDLC
– Switched
• Circuit Switched, PSTN, ISDN
• Packet Switched, Frame Relay, X.25, ATM (cells)
• Public
– Internet
• DSL, cable, broadband wireless
• Satellite
• Metro Ethernet
Leased lines
• Permanent dedicated connections leased from carrier
–
–
–
–
T1
T3
E1
E3
1.544 Mb/s
44.736 Mb/s
2.048 Mb/s (Australia)
34.064 Mb/s (Australia)
• A router serial port is required for each leased line
connection.
• A CSU/DSU and the actual circuit from the service provider
are also required.
– CSU/DSU is a Channel Service Unit/Data Service Unit that
terminates T1/E1 carrier lines
• Lower latency and jitter
• No call setup required
Public networks
• DSL
– Always-on connection technology that uses existing PSTN infrastructure
and DSL access multiplexer (DSLAM) at the provider location
– Varying data rates of up to 8.192 Mb/s and distance limitations
• Cable
– Always-on connection that uses existing cable TV infrastructure
– Bandwidth shared by users
• Broadband wireless – WiMax
– High-speed broadband service over metro distances for many users
– Provides broad coverage like a cell phone network
• Satellite
– Rural users, upload speed is about one-tenth of download speed
– Satellite dish, two modems (uplink and downlink), and coaxial cables
• Metro Ethernet
– Reduced expenses and administration
– Easy integration with existing networks
Circuit switching
• Establishes a circuit between hosts before communication
can start
• Initial very fast call setup to establish a dedicated circuit or
path which cannot be used by others until call tear down
• ISDN
– Time-division multiplexed (TDM) digital signals
– Uses 64 kb/s bearer channels (B) for carrying voice or data and a
signaling, delta channel (D) for call setup and call management
– Basic Rate Interface (BRI)-ISDN is intended for the home and
small enterprise and provides two 64 kb/s B channels and a 16
kb/s D channel
– Primary Rate Interface (PRI)-ISDN provides 30 B channels and
one D channel, for an E1 link of 2.048 Mb/s
• ISDN links are used by enterprises as an extra capacity and
backup link
Packet switching
• Packets are routed individually and can follow different
paths to destination and arrive out of order
• Connection oriented packet switching verifies the
existence of the destination with a 3-way handshake
• Frame Relay
– Permanent and shared connectivity for voice and data
traffic using virtual circuits (up to 4 Mbp/s)
– Frame Relay is ideal for connecting enterprise LANs
• Asynchronous Transfer Mode (ATM)
– Small, fixed-length cells carrying data, voice and video
traffic over private and public networks
Physical WAN serial standards
• Standards to define how to transmit and receive
signals
–
–
–
–
–
–
–
–
–
EIA/TIA-232
EIA/TIA-449
EIA-530
High-Speed Serial Interface (HSSI)
V.24
V.35
X.25
X.21
G.703
Agenda
•
•
•
•
•
•
•
Enterprise topology
Functions and components
Security
Design goals
Physical standards
Topologies
WAN link types
Related documents
Digital Literacy – Computer Basics – Common Computer Terminology
Digital Literacy – Computer Basics – Common Computer Terminology
ch._1_-_guided_reading
ch._1_-_guided_reading
الشريحة 1
الشريحة 1
WAN Data Networks
WAN Data Networks
Networks
Networks
Director Network Services
Director Network Services
Study Guide - Csulb.​edu
Study Guide - Csulb.​edu
ch01
ch01
Today`s Topics
Today`s Topics
Document
Document
Huawei AR3600 Series Agile Enterprise Gateway Datasheet
Huawei AR3600 Series Agile Enterprise Gateway Datasheet
AR1200 Series Enterprise Routers Brochure
AR1200 Series Enterprise Routers Brochure