Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download slides
Document related concepts
Transcript
Wide Area Networks (WANs) © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-1 7-1: Wide Area Networks (WANs) 1 • Wide Area Networks (WANs) – Connect different sites – (LANs connect hosts within sites) • WAN Purposes – Provide remote access to individuals who are off site – Link sites within the same corporation – Provide Internet access © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-2 7-1: Wide Area Networks (WANs) • WANs and the Telephone Network – Most WANs use the PSTN transport system for transmission – Public data carrier services add switching and management to create a WAN © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-3 7-1: Wide Area Networks (WANs) • Carriers – Beyond their physical premises, companies must use the services of regulated carriers for transmission – Companies are limited to whatever services the carriers provide – Prices for carrier services often change abruptly and without technological reasons – Prices and service availability vary from country to country © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-4 7-1: Wide Area Networks (WANs) • High Costs and Low Speeds – High cost per bit transmitted, compared with LANs – Consequently, lower speeds (most commonly 256 kbps to about 50 megabits per second) © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-5 7-2: Leased Line Networks for Voice and Data © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-6 7-2: Leased Line Networks for Voice and Data © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-7 7-3: Full Mesh and Pure Hub-and-Spoke Topologies for Leased Line Data Networks Site A Site B Full Mesh Topology OC3 Leased Line In a full mesh topology, there is a leased line between each pair of sites T3 Leased Line Highly reliable T1 expensive Highly Leased Line Site C T3 Leased Line T1 Leased Line Site D © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-8 7-3: Full Mesh and Pure Hub-and-Spoke Topologies for Leased Line Data Networks 1 In a pure hub-and-spoke topology, there is only one leased line from the hub site to each other site Very inexpensive Very unreliable Few companies use either of these extreme topologies. They have some backup links © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-9 7-1: Wide Area Networks (WANs) • Evolution of WAN Technology – Layer 1: Leased line service and networks – Layer 2: Public switched data networks (PSDNs) – Layer 3: Virtual Private Networks (VPNs) over the Internet and IP carrier networks © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-10 Leased Lines Layer 1 Carrier WAN Service © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-11 Leased Lines • Circuits between two sites • Always on • All-digital • High speeds • Physical layer operation only – Companies must add their own switching and management © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-12 7-4: Leased Line Speeds North American Digital Hierarchy Line 56 kbps or 64 kbps (rarely offered) T1 Fractional T1 Bonded T1s (multiple T1s acting as a single line) T3 Speed Typical Transmission Medium 56 kbps or 64 kbps *2-Pair Data-Grade UTP 1.544 Mbps *2-Pair Data-Grade UTP 128 kbps, 256 kbps, *2-Pair Data-Grade UTP 384 kbps, 512 kbps, 768 kbps Small multiples of *2-Pair Data-Grade UTP 1.544 Mbps 44.736 Mbps *Optical Fiber *Usually must be pulled to the customer’s premises. This is expensive © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-13 7-4: Leased Line Speeds CEPT Hierarchy Line Speed Typical Transmission Medium 64 kbps 64 kbps 2-Pair Data-Grade UTP E1 2.048 Mbps 2-Pair Data-Grade UTP E3 34.368 Mbps Optical Fiber The CEPT hierarchy is widely used in Europe © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-14 7-4: Leased Line Speeds SONET/SDH Speeds Line Speed (Mbps) Typical Transmission Medium OC3/STM1 155.52 Optical Fiber OC12/STM4 622.08 Optical Fiber OC48/STM16 2,488.32 Optical Fiber OC192/STM64 9,953.28 Optical Fiber OC768/STM256 39,813.12 Optical Fiber Above 50 Mbps, the world uses the same standard, which has two slight variations: SONET (UH) and SDH (Europe). These two variants interoperate without problems. © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-15 7-5: Connecting to a Leased Line Routers need CSU/DSUs to connect to leased lines. The CSU terminates the telephone line and protects the telephone system from harmful voltages and signals. The DSU converts between the router’s data signals and the digital Signals that the PSTN is expecting to receive from the firm. Conversion is needed because digital signals can vary in transmission speed, voltage levels, clock cycle duration, etc. © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-16 Figure 7-6: ADSL versus Business-Class Symmetric Digital Subscriber Line (DSL) Services ADSL Yes* Uses existing 1-pair voice-grade UTP telephone access line to customer premises?* Target Market Residences Downstream A few Throughput megabits per second Upstream Throughput Slower than downstream QoS Throughput No Guarantees? HDSL Yes* HDSL2 Yes* SHDSL Yes* Businesses 768 kbps Businesses 1.544 Mbps Businesses 384 kbps– 2.3 Mbps 768 kbps 1.544 Mbps Yes Yes 384 kbps– 2.3 Mbps Yes *By definition, ALL DSLs use 1-pair voice-grade UTP residential access lines © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-17 Public Switched Data Networks (PSDNs) Layer 2 Carrier WAN Services © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-18 Public Switched Data Networks (PSDNs) 1 • Leased Line Data Networks – Use many leased lines, which must span long distances between sites – This is very expensive – Company must design and operate its leased line network • Public Switched Data Networks (PSDNs) – Carrier does more of the operational and management work – Total cost of technology, service, and management usually lower than leased line networks © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-19 7-8: Public Switched Data Network (PSDN) Site B Site A POP Point of Presence Public Sw itched Data Netw ork (PSDN) POP POP In Public Switched Data Networks, the PSDN carrier handles all switching. Reduces the load on the network staff. POP One Private Line Access Line per Site The PSDN central core is shown as a cloud to indicate that the user firm does not Site Siteoperates. D have to Cknow how the network © 2009 Pearson Education, Inc. Publishing as Prentice Hall Site E 7-20 7-8: Public Switched Data Network (PSDN) Site B Site A POP Point of Presence Public Sw itched Data Netw ork (PSDN) POP POP POP One Private Line Access Line per Site In Public Switched Data Networks, the customer needs a single leased line from each site to one of the PSDN carrier’s Site C Site D points of presence (POPs) © 2009 Pearson Education, Inc. Publishing as Prentice Hall Site E 7-21 7-7: PSDNs • PSDNs Typically Offer Service Level Agreements – Guarantees for throughput, availability, latency, error rate, etc. – An SLA might guarantee a latency of no more than 100 ms 99.99 percent of the time • SLA guarantees no worse than a certain worst-case level of performance © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-22 7-9: Virtual Circuit Operation Virtual Circuit Sw itch A Frame w ith VC Number 47 Sw itch B Sw itch C Sw itch D Sw itch A Sw itching Table Virtual Circuit 47 270 982 5 Port 2 3 3 1 Virtual The internal cloud network Circuit is a mesh of switches. Sw itch E This creates multiple alternative paths. Server This gives reliability. © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-23 7-9: Virtual Circuit Operation Virtual Circuit Sw itch A Frame w ith VC Number 47 Sw itch B Sw itch C Sw itch D Sw itch A Sw itching Table Virtual Circuit 47 270 982 5 Port 2 3 3 1 Virtual because Circuit Mesh switching is slow each switch must evaluate each Sw itch E available alternative paths Server and select the best one. This creates expensive switching. © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-24 7-9: Virtual Circuit Operation Before communication begins between sites, the PSDN computes a best path, called a virtual circuit. Virtual Circuit Sw itch A Frame w ith VC Number 47 itch Bthis virtual circuit. All frames travelSw along Sw itch C Virtual Circuit Sw itch D Sw itch A Sw itching Table Virtual Circuit 47 270 982 5 Sw itch E Port 2 3 3 1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Server 7-25 7-9: Virtual Circuit Operation Each frame has a virtual circuit number instead of a destination address. Virtual Circuit Sw itch A Frame w ith VC Number 47 Sw itch B Each switch looks up the VC number in its switching table, sends the frame out the indicated port. Sw itch C VCs greatly reduce switching costs. Virtual Circuit Sw itch D Sw itch A Sw itching Table Virtual Circuit 47 270 982 5 Sw itch E Port 2 3 3 1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Server 7-26 7-10: Frame Relay • There are several PSDN services – Frame Relay – ATM – Metropolitan area Ethernet © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-27 7-10: Frame Relay • Frame Relay Is the Most Popular PSDN Service Today – 56 kbps to 40 Mbps – This fits the range of greatest corporate demand for WAN speed – Usually less expensive than a network of leased lines – Grew rapidly in the 1990s, to be come equal to leased line WANs in terms of market share (about 40%) – Carriers have recently raised prices, reducing growth © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-28 7-11: Frame Relay Network Elements Customer Premises A The access device usually 1. Consists of a router and CSU/DS Access Device Or a Frame Relay Access Device (FRAD) and a CSU/DSU Switch POP Customer Premises B Customer Premises C © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-29 7-11: Frame Relay Network Elements Customer Premises A 2. Leased Access Line to POP Switch POP There is a leased access line from each site to the POP Customer Premises B Customer Premises C © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-30 7-11: Frame Relay Network Elements 3. Port Speed Charge at POP Switch Customer Premises A POP has a switch with ports Switch The port speed charge is based on the port speed used POP The port speed charge usually Is the biggest part of PSDN costs Customer Premises B Customer Premises C © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-31 7-12: ATM • Asynchronous Transfer Mode • For Speeds Greater than Frame Relay Can Provide – 1 Mbps up to several gigabits per second • Not a Competitor for Frame Relay – Most carriers provide both FR and ATM – May even interconnect the two services © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-32 7-12: ATM • Short Frames Payload Header 53 Octets 5 Octets – Most frames have variable length – All ATM frames are a very short 53 octets in length • 5 octets of header • 48 octets of data (payload) • No trailer • 53 octets total – Short length minimizes latency (delay) at each switch © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-33 7-12: ATM • ATM Has Strong Quality of Service (QoS) Guarantees for Voice Traffic – Not surprising because ATM was created for the PSTN’s transport core, and voice needs high quality of service – For pure data transmission, however, ATM does not provide QoS guarantees • Data gets whatever is left over after guaranteed capacity for voice and video © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-34 7-12: ATM 1 • Manageability, Complexity, and Cost – Very strong management tools for large networks (designed for the PSTN) – Too complex and expensive for most firms • ATM’s Future? – May flourish after firms outgrow Frame Relay speeds – However, metropolitan area Ethernet should be a strong competitor – ATM is flourishing in a different market, the PSTN core • Rapidly replacing circuit switching in the PSTN core © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-35 7-13: Metropolitan Area Ethernet • Metropolitan Area Network (MAN) – A carrier network limited to a large urban area and its suburbs – Metropolitan area Ethernet (metro Ethernet) is available for this niche – Metro Ethernet is relatively new, but is growing very rapidly © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-36 7-13: Metropolitan Area Ethernet 1 • Services – E-Line Service • Provides a point-to-point connection between sites, as leased lines do – E-LAN Service • Links multiple sites simultaneously © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-37 7-13: Metropolitan Area Ethernet • Attractions of Metropolitan Area Ethernet – Low prices per bit transmitted – High speeds – Familiar technology for networking staff – Rapid provisioning • Rapid capacity increases for special events © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-38 7-13: Metropolitan Area Ethernet • Carrier Class Service – Basic metro Ethernet standards are insufficient for large WANs (wide area networks) – Quality of service and management tools must be developed – The goal: To provide carrier class services that are sufficient for customers © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-39 7-13: Metropolitan Area Ethernet • 802.3ad standard – Ethernet in the first mile – Standard for transmitting Ethernet signals over PSTN access lines – 1-pair voice-grade UTP, 2-pair data-grade UTP, optical fiber © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-40 Layer 3 Carrier WAN Service IP Carrier Networks The Internet with Virtual Private Networks © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-41 7-14: The Internet Versus IP Carrier Networks • IP Is Increasingly Important – Companies know it and are comfortable with it • A common mantra is “IP over everything” – There are two ways to use IP at Layer 3 for WAN transmission: • IP carrier networks are like PSDNs but work at Layer 3 instead of Layer 2 • Companies can communicate over the Internet, adding a cryptographic VPN for security © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-42 7-14: The Internet Versus IP Carrier Networks • Advantages using of the Internet as a WAN – Low cost per bit transmitted because of economies of scale in the Internet – Access to other companies, nearly all of which are connected to the Internet – IP carrier networks can offer QoS SLAs • IP is only a best-effort protocol • But companies can engineer their networks for full QoS • Customers must connect all sites to the same ISP for this to work © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-43 7-14: The Internet versus IP Carrier Networks • Security – If companies act on their own, they can add virtual private network (VPN) protection to their transmissions – IP Carrier Network Security • IP Carrier Networks have some inherent security – Restrict access to business customers • However, for real security, virtual private networks (VPNs) are needed – IP carrier networks provide cryptographic equipment at each site © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-44 7-15: Route-Based Virtual Private Network (VPN) in an IP Carrier Network © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-45 7-16: Cryptographic Virtual Private Networks (VPNs) Site-to-Site VPN Tunnel Protected VPN Server Gatew ay VPN Protected Gatew ay Client Internet Corporate Site A Corporate Site B Host-to-Host VPN A VPN is communication over the Internet wRemote ith addedaccess securityVPNs protect traffic for individual users Remote Access VPN Remote Corporate PC © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-46 7-16: Cryptographic Virtual Private Networks (VPNs) Site-to-Site VPN Tunnel Protected VPN Server Gatew ay Corporate Site A VPN Protected Gatew ay Client Internet Site-to-site VPNs protect traffic between sites Corporate Site B Will dominate VPN traffic Host-to-Host VPN A VPN is communication over the Internet w ith added security Remote Access VPN Remote Corporate PC © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-47 Cryptographic VPN Technologies 1 • IPsec for any type of VPN – Offers very high security – Complex and expensive • SSL/TLS for low-cost transmission – Secure browser-server transmission – Remote access VPNs – Uses the Internet but does not use IP directly © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-48 7-17: IPsec Transport and Tunnel Modes Site Network Extra Software, Digital Certificate, and Setup Required Secure in Site Network Transport Mode Secure Connection Secure on the Internet Site Network Secure in Site Network IPsec is the strongest VPN security technology. IPsec transport mode gives host-to-host security however, software must be added to each host, each host must be given a digital certificate, and each host must be setup (configured). This is expensive if a firm has many hosts. © 2009 Pearson Education, Inc. Publishing as Prentice Hall Extra Software, Digital Certificate, and Setup Required 7-49 7-17: IPsec Transport and Tunnel Modes Site Network No Extra Software, Digital Certificate, or Setup Required IPsec Gateway Tunnel Mode Tunneled Connection IPsec Gateway Site Network No No Extra Security Software, Secure on in Site Digital the Internet Network Certificate, or Setup In IPsec tunnel mode, there is only security over Required No Security in Site Network the Internet between IPsec gateways at each site No security within sites, but no software, setup or certificates on individual hosts Inexpensive compared to transport mode © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-50 7-18: SSL/TLS for Browser–Webserver Communication PC w ith Brow ser Already Installed 2. Protects All Application Layer Traffic That Is SSL/TLS Aw are (WWW and Sometimes E-Mail) Webserver w ith Built-in SSL/TLS Support 1. SSL/TLS Operates at the Transport Layer No additional softw are is needed on the user PC. IPsec works at the internet layer. SSL/TLS works at the transport layer. SSL/TLS only protects SSL/TLS-aware applications. This primarily means HTTP and some e-mail. SSL/TLS is built into every browser and webserver, So no setup on clients. © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-51 7-19: SSL/TLS with a Gateway The Internet 3. HTTP Server 2. SSL/TLS Gatew ay 3. Connection to Webserver 4. Database Server 4. Webified Output Brow ser 1, Client With Brow ser SSL/TLS gateways turn SSL/TLS into a remote access VPN technology, Gives access to multiple internal webservers. Can “webify” some other applications for viewing on browsers as webpages. Can give access to other servers. © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-52 Figure 7-20: Market Perspective • Leased Line Networks – Dominated WAN transmission until the 1990s – But leased line networks are difficult to set up and expensive to run – Recent spurt in use because of reduced leased line prices and rising Frame Relay prices – Also, growing use for access lines in PSDNs and VPNs anyway © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-53 Figure 7-20: Market Perspective • Frame Relay – Grew explosively in the 1990s – Became very widely used – FR prices have risen recently in an effort by carriers to increase their profit margins – Widely used and familiar, but now considered a legacy technology © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-54 Figure 7-20: Market Perspective • ATM – Very high speeds, but very high price – Not thriving in the corporate market © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-55 Figure 7-20: Market Perspective • Metro Ethernet – Price and speed are very attractive – Growing very rapidly – Limited to metropolitan area networking, at least for now – Still somewhat immature technically © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-56 Figure 7-20: Market Perspective • Internet Transmission – The Internet offers a very low cost per bit transmitted • VPNs provide security for Internet transmission – Companies can build their own IP WANs by transmitting over the Internet • Must add cryptographic VPN security – Companies can also subscribe to IP carrier services • IP carrier services also offer QoS – IP WAN usage is growing rapidly © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-57 Topics Covered © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-58 WANs • Wide Area Networks – Carry data between different sites, usually within a corporation – High-cost and low-speed lines • 256 kbps to about 50 megabits per second – Carriers – Purposes • Internet access, site-to-site connections, and remote access for Individuals – Technologies • Leased line networks, public switched data networks, and IP service with VPNs © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-59 Leased Line Networks • Leased Lines are Long-Term Circuits – Point-to-Point – Always On – High-speeds • Operate at Layer 1 • Device at Each Site – PBX for leased line voice networks – Router for leased line data networks • Pure Hub-and-Spoke, Full Mesh, and Mixed Topologies © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-60 Leased Line Networks • Many Leased Line Speeds – Fractional T1, T1, and bonded T1 dominate in the U.S. – Slowest leased lines run over 2-pair data-grade UTP – Below about 3 Mbps, 2-pair data grade UTP – Above 3 Mbps, run over optical fiber – North American Digital Hierarchy, CEPT, and other standards below 50 Mbps – SONET/SDH above 50 Mbps – Symmetrical DSL lines with QoS © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-61 Public Switched Data Networks • PSDNs – Operate at Layer 2 – Services offered by carriers – Customer does not have to operate or manage – One leased line per site from the site to the nearest POP – By reducing corporate labor, often cheaper than leased line networks – Service Level Agreements – Virtual circuits reduce costs © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-62 Frame Relay PSDNs • Frame Relay – Most popular PSDN – 56 kbps to about 40 Mbps – Access devices, CSU/DSUs, leased access lines, POP ports, virtual circuits, management • Usually POP port speed charges are the biggest cost component • Second usually are PVC charges – Leased line must be fast enough to handle the speeds of all of the PVCs multiplexed over it © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-63 Other PSDNs • ATM – High speed and cost – Low use • Metro Ethernet – – – – Extending Ethernet to MANs Very attractive speeds and prices Small but growing rapidly Still immature management tools • Carrier IP Networks – Essentially, private Internets with QoS and security – Carriers want to use it to replace Frame Relay © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-64 IP Transmission • Transmission at Layer 3 – Trend toward IP over everything • Carrier IP Networks – Essentially, private Internets with QoS – Typically, offer noncryptographic VPNs • Virtual private networks • Hide routing from different subscribers • Not good security – Carriers want to use carrier IP networks to replace Frame Relay © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-65 Virtual Private Networks (VPNs) • The Internet is inexpensive and universal – Cryptographic VPNs add security to transmission over the Internet (or any other untrusted network) • IPsec – The strongest security for VPNs – Tunnel mode between sites is inexpensive – Transport mode between hosts is expensive • SSL/TLS – First for browser communication with a single webserver – SSL/TLS gateways make it a full remote access VPN © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-66 Market Perspective • Stagnant – Leased line networks – Frame Relay – ATM • Rapid Growth – Metro Ethernet – Corporate transmission over the Internet with VPNs – Carrier IP networks © 2009 Pearson Education, Inc. Publishing as Prentice Hall 7-67
