Wide Area Networks (WANs) Chapter 7. WAN Essentials.

Wide Area Networks(WANs)

Chapter 7

WAN Essentials

7-3

Figure 7-1: Wide Area Networks (WANs)

• Wide Area Networks (WANs)

– Single networks that connect different sites

– So Layer 1 and Layer 2 operation

• WAN Purposes

– Internet access (Chapter 6)

– Link sites within the same corporation

– Provide remote access to individuals who are off site

7-4


• WANs are Characterized by High Cost and Low Speeds

– High cost per bit transmitted compared to LANs

– Consequently, lower speeds (most commonly 128 kbps to a few megabits per second)

• This speed usually is aggregate throughput shared by many users

– Much slower than LAN speeds (100 Mbps to 1 Gbps to the desktop)

7-5


• Carriers

– Beyond their physical premises, companies must use the services of regulated carriers for transmission

• Companies do not have rights of way to lay wires beyond their premises

– Customers are limited to whatever services the carriers provide

– Prices for carrier services change abruptly and without technological reasons

– Prices and service availability vary widely from country to country

Leased Line Networks

7-7

Leased Lines: Recap

• Leased Line Characteristics

– Point-to-point circuits

– Always on

– High speeds: 64 kbps (rare) to several gigabits per second

– Leased for a minimum period of time

– Usually offered by telephone companies

7-8

Figure 7-2: Leased Line Networks for Voice and Data

OC3 Leased Line

T1LeasedLine

T1LeasedLine

T3LeasedLine

56 kbpsLeasedLine

56 kbpsLeasedLine

56 kbpsLeasedLine

Site A Site B

Site DSite E

Site C

Leased Line Voice Network

PBX

PBX

PBXPBX

PBX

Leased Line VoiceNetworks Have aPBX at Each Site

7-9

Figure 7-2: Leased Line Networks for Voice and Data

OC3 Leased Line

T1LeasedLine

T1LeasedLine

T3LeasedLine

56 kbpsLeasedLine

56 kbpsLeasedLine

56 kbpsLeasedLine

Site A Site B

Site D Site E

Site C

Leased Line Data Network

RouterRouter

Router

RouterRouter

Leased Line DataNetworks Have a

Router at Each Site

7-10

Figure 7-3: Full Mesh and Pure Hub-and-Spoke Topologies for Leased Line Data Networks

Full Mesh Topology

OC3 Leased Line

T1LeasedLine

Site A Site B

Site C Site D

T1LeasedLine

T3LeasedLine

T3LeasedLine

In a full mesh topology,there is a leased line

between each pair of sites

Highly reliableHighly expensive

7-11

Figure 7-3: Full Mesh and Pure Hub-and-Spoke Topologies for Leased Line Data Networks

Pure Hub-and-Spoke Topology

OC3 Leased Line

Site ASite B

Site C

Site D

T3LeasedLine

T3LeasedLine

In a pure hub-and-spoke topology, there is only

one leased line from thehub site to each other site.

Very inexpensive.Very unreliable.

Few companies use either of these extreme topologies.They have some backup links.

7-12

Figure 7-4: Leased Line Speeds

Line Speed Typical TransmissionMedium

56 kbps 56 kbps 2-Pair Data-Grade UTP

T1 1.544 Mbps 2-Pair Data-Grade UTP

North American Digital Hierarchy

56 kbps leased lines are hardly used today because they are so slow.

T1 lines are very widely usedbecause they are in the speed range of greatest corporate demand—

128 kbps to a few megabits per second.

7-13

Figure 7-4: Leased Line Speeds, Continued


Fractional T1 128 kbps, 256 kbps,384 kbps, 512 kbps,

768 kbps

2-Pair Data-Grade UTP



Bonded T1s (multipleT1s acting as a singleline)

A few multiples of1.544 Mbps

2-Pair Data-Grade UTP

T1 lines are very widely used.Fractional T1 lines offer lower speeds for companies that need them.

Two or three T1 lines can be bonded for higher speeds.T1, Fractional T1, and Bonded T1s are the most widely used leased lines.

7-14




T3 44.736 Mbps Optical Fiber

The jump from T1 to T3 speeds is extremely large.

Few firms need T3 speeds, and they only needthese speeds for some of their leased lines.

Some carriers offer fractional T3 lines to bridge the T1-T3 gap.

T3 lines and all faster leased lines use optical fiber.


7-15



E3 34.368 Mbps Optical Fiber

64 kbps 64 kbps 2-Pair Data-Grade UTP

E1 2.048 Mbps 2-Pair Data-Grade UTP

CEPT Hierarchy

In Europe, most countries use the CEPT hierarchy

E1 lines are slightly faster than T1 lines

E3 lines are slightly slower than T3 lines

7-16


Line Speed (Mbps) Typical TransmissionMedium

OC3/STM1 155.52 Optical Fiber

OC12/STM4 622.08 Optical Fiber

SONET/SDH Speeds

OC48/STM16 2,488.32 Optical Fiber



For speeds above 50 Mbps, the world uses one technology

Called SONET in the United States, SDH in EuropeSONET speeds measured in OC numbers, SDH in STM numbers

Speeds are multiples of 51.84 Mbps

Used mostly by carriers

7-17

Figure 7-5: Business-Class Symmetric Digital Subscriber Line (DSL) Services

HDSL HDSL2 SHDSL

Uses Existing 1-Pair Voice-GradeUTP Telephone Access Line toCustomer Premises?*

Yes* Yes* Yes*

Downstream Throughput 768 kbps 1.544 Mbps 384 kbps –2.3 Mbps

Upstream Throughput 768 kbps 1.544 Mbps 384 kbps –2.3 Mbps

*By definition, DSL always uses 1-pair VG UTP

Many firms use HDSL and HDSL2 lines instead of T1 and fractional T1 speeds

7-18

Figure 7-5: Business-Class Symmetric Digital Subscriber Line (DSL) Services

HDSL HDSL2 SHDSL

Symmetrical Throughput? Yes Yes Yes

Target Market Businesses Businesses Businesses

QoS Throughput Guarantees? Yes Yes Yes

Businesses need symmetrical throughput and QoS

Public Switched Data Networks (PSDNs)

7-20

Figure 7-6: Public Switched Data Networks (PSDNs)

• Recap: Leased Line Data Networks– Use many leased lines, which must span long distances

between sites

– This is very expensive

– Company must design and operate its leased line network

• Public Switched Data Networks– Carrier does more of the operational and management

work

– Total cost of technology, service, and management usually lower than leased line networks

7-21

Figure 7-7: Public Switched Data Network (PSDN)

Site A Site B

Site DSite C

One PrivateLine AccessLine per Site

Public Switched DataNetwork (PSDN)

Site E

POP POP

POPPOPPoint of Presence

In Public Switched Data Networks,the PSDN carrier handles all switching.Reduces the load on the network staff.

The PSDN central core is shown as a cloudto indicate that the user firm does not

have to know how the network operates.

7-22

Figure 7-7: Public Switched Data Network (PSDN)

Site A Site B

Site DSite C

One PrivateLine AccessLine per Site

Public Switched DataNetwork (PSDN)

Site E

POP POP

POPPOPPoint of Presence

In Public Switched Data Networks,the customer needs a single leased line

from each site to one of the PSDN carrier’spoints of presence (POPs)

7-23

Leased Lines in PSDNs

• A company has ten sites

• It wants to use a PSDN

• Will it need leased lines even if it is using a PDSN?

• How many leased lines will it need?

• Between what two locations will each leased line go?

7-24

Figure 7-6: PSDNs

• Service Level Agreements (SLAs)

– Guarantees for services

– Throughput, availability, latency, error rate, etc.

– An SLA might guarantee a latency of no more than 100 ms 99.99 percent of the time

• SLA guarantees no worse than a certain worst-case level of performance

7-25

Figure 7-8: Virtual Circuit Operation

VirtualCircuit

VirtualCircuit

Switch A Switching Table

Virtual Circuit Port47 2

270 3982 3

5 1

Switch A Switch B

Switch E

Switch C

Switch D

Server

Frame withVC Number 47

The internal cloud networkis a mesh of switches.

This creates multiple alternative paths.

This gives reliability.

7-26


VirtualCircuit

VirtualCircuit



270 3982 3

5 1

Switch A Switch B

Switch E

Switch C

Switch D

Server


Mesh switching is slow becauseeach switch must evaluateavailable alternative pathsand select the best one.

This creates expensive switching.

7-27


VirtualCircuit

VirtualCircuit



270 3982 3

5 1

Switch A Switch B

Switch E

Switch C

Switch D

Server


Before communication begins betweensites, the PSDN computes

a best path called a virtual circuit.

All frames travel along this virtual circuit.

7-28


VirtualCircuit

VirtualCircuit



270 3982 3

5 1

Switch A Switch B

Switch E

Switch C

Switch D

Server


Each frame has a virtual circuit numberinstead of a destination address.

Each switch looks up the VC numberin its switching table, sends the frame

out the indicated port.

VCs greatly reduce switching costs.


Frame Relay

ATM

Metropolitan Area Ethernet

Carrier IP Networks

7-30

Figure 7-9: Frame Relay

• Frame Relay is the Most Popular PSDN Service Today

– 56 kbps to 40 Mbps

– This fits the range of greatest corporate demand for WAN speed

– Usually less expensive than a network of leased lines

– Grew rapidly in the 1990s, to be come equal to leased line WANs in terms of market share (about 40%)

– Carriers have raised prices, reducing growth

7-31

Figure 7-10: Frame Relay Network Elements

SwitchPOP

Customer Premises B

Customer Premises C

1.Access DeviceCustomer

Premises A

Router or DedicatedFrame Relay

Access Device

And CSU/DSU

7-32


Site A

Site B

PC

Server

T1 CSU/DSU atPhysical Layer

Frame Relay atData Link Layer

T3 CSU/DSU atPhysical Layer

ATM etc. atData Link Layer

T1 Line

T3 Line

Access Device(Frame Relay

Access Device)

Access Device(Router)

7-33


• CSU/DSU

– Channel service unit (CSU) protects the access line from unapproved voltage levels, etc. coming from the firm. It acts like a fuse in an electrical circuit.

– Data service unit (DSU) converts between internal digital format and digital format of access link to Frame Relay network.

• May have different baud rate, number of states, voltage levels, etc.

DSU

7-34


SwitchPOP

Customer Premises B

Customer Premises C

Customer Premises A

2.Leased Access

Line to POP

7-35


SwitchPOP

Customer Premises B

Customer Premises C

Customer Premises A

3.Port

SpeedCharge at

POPSwitch

POP has a switch with ports

The port speed charge is basedon the port speed used

The port speed charge usuallyIs the biggest part of PSDN costs

7-36


Switch

PVC 2

PVCs 1&2

POP

PVC 2 PVC 1

Customer Premises B

Customer Premises C

Customer Premises A

PVC 1

PVC 1

4.PVC

Charges

2.PVCs are multiplexed

over a single leased linePVC charges usually

are collectivelythe second-mostexpensive part

of Frame Relay service

PVC pricesdepend onPVC speed

7-37

Frame Relay Network PVCs

• Frame Relay PVC Numbers are called data link control indicators (DLCIs)

• Pronounced “Dull’ seas”• Usually 10 bits long• 210 or 1,024 possible PVCs from each site

– Multiplexed over the single leased line to the POP• Leased line must be fast enough to handle the

combined PVC speeds

Site 1 PSDNLeased

Line

Site 2

Site 3

POP

PVC 1-2

PVC 1-3

7-38


Switch

PVC 2

PVCs 1&2

POP

PVC 2 PVC 1

Customer Premises B

Customer Premises C

Customer Premises A

PVC 1

PVC 1

5.Management

Charges

Frame Relay networksare managed by the carrier.

For managementof equipment on thecustomer premises,

there is an extra charge.


Frame Relay

ATM


Carrier IP Networks

7-40

Figure 7-11: ATM

• ATM (Asynchronous Transfer Mode) is a another PSDN

• ATM Provides Speeds Greater than Frame Relay Can Provide– One megabit per second to several gigabits per second

• Not a Competitor for Frame Relay– Most carriers offer both FR and ATM

– Sell based on the customer’s speed range needs

– May even interconnect the two services

7-41

Figure 7-11: ATM, Continued

• Designed to Run over SONET/SDH

• Cell Switching

– Most frames have variable length (Ethernet, etc.)

– All ATM frames, called cells, are 53 octets long

• 5 octets of header

• 48 octets of data

– Using fixed-length frames is called cell switching

– Short length minimizes latency (delay) at each switch

7-42

Figure 7-11: ATM, Continued

• ATM Has Strong Quality of Service (QoS) Guarantees for Voice Traffic– Not surprising because ATM was created for the

PSTN’s transport core

• For pure data transmission, however, ATM usually does NOT provide QoS guarantees!!

• Manageability, Complexity, and Cost– Very strong management tools for large networks

(designed for the PSTN)– Too complex and expensive for most firms– Not thriving in the marketplace


Frame Relay

ATM


Carrier IP Networks

7-44

Figure 7-12: Metropolitan Area Ethernet

• Metropolitan Area Networks (MANs)

– MANs are carrier networks that are limited to a large urban area and its suburbs

– Metropolitan area Ethernet (metro Ethernet) is available for this niche

– New but growing very rapidly

7-45

Figure 7-12: Metro Ethernet, Cont.

• Attractions of Metropolitan Area Ethernet

– Very Low Prices Compared to Frame Relay and ATM

– High Speeds: Tens of megabits per second

– Familiar Technology for the Networking Staff

• No need to learn a new technology

– Rapid Provisioning

• Setting up service to a customer

• Changing the service (adding more capacity)

7-46

Figure 7-12: Metro Ethernet, Cont.

• Carrier Class Service

– Basic Ethernet standards are insufficient for large wide area networks

– Quality of service and management tools must be developed

– The goal: provide carrier class services that are sufficient for customers


Frame Relay

ATM


Carrier IP Networks

7-48

Carrier IP Networks

• Some Carriers Now Offer IP Networks

– Essentially, private internets

– Operate at Layer 3 instead of at Layers 1 and 2, like Frame Relay, ATM, and Ethernet

– Use TCP/IP standards

– Operated entirely by the carrier, so no overload in the Internet backbone from connected carries

– Access is not open to everyone, so security is enhanced

– Also called Private IP Networks

7-49

Carrier IP Networks

• Other Advantages

– Allow companies to use familiar IP technology

– Mature management and control standards

– Carrier can manage everything if the customer desires that (and will pay)

– Offer VoIP as well as data—convergence to reduce technology and management costs

• Growing Rapidly

– Carriers may soon force Frame Relay users to switch to carrier IP service

Virtual Private Network (VPNs)

7-51

Figure 7-13: Virtual Private Networks (VPNs)

• Virtual Private Networks (VPNs)

– Virtual private networks (VPN) use the Internet with added security for data transmission

• The Attractions of Internet Transmission

– Lowest cost per bit transmitted

– Universal access to communication partners (Everybody uses the Internet)

7-52


CorporateSite A

VPNGateway

VPNGateway

RemoteAccessVPN

Tunnel

Internet

RemoteCorporate

PC

Site-to-SiteVPN

CorporateSite B

ProtectedClient

ProtectedServer

A VPN is communication over theInternet with added security

Host-to-HostVPN

Remote access VPNsprotect traffic for individual users

7-53


CorporateSite A

VPNGateway

VPNGateway

RemoteAccessVPN

Tunnel

Internet

RemoteCorporate

PC

Site-to-SiteVPN

CorporateSite B

ProtectedClient

ProtectedServer

A VPN is communication over theInternet with added security

Host-to-HostVPN

Site-to-site VPNsprotect traffic between sites

Will dominate VPN traffic

7-54

Figure 7-13: VPNs

• VPN Security Technologies

– IPsec for any type of VPN

• Offers very high security

– SSL/TLS for low-cost transmission

• Secure browser-server transmission

• Remote access VPNs

7-55

Figure 7-15: IPsec Transport and Tunnel Modes

Secure onthe Internet

SiteNetwork

SiteNetworkSecure Connection

Securein Site

Network

Securein Site

Network

Transport Mode

ExtraSoftware,

DigitalCertificate,and SetupRequired

ExtraSoftware,

DigitalCertificate,and SetupRequiredIPsec is the strongest VPN security technology.

IPsec transport mode gives host-to-host securityhowever, software must be added to each host,

each host must have a digital certificate,and each host must be setup (configured).

This is very expensive.

7-56

Figure 7-15: IPsec Transport and Tunnel Modes

IPsecGateway

Secure onthe Internet

SiteNetwork

SiteNetwork

IPsecGateway

TunneledConnection

NoSecurityin Site

Network

NoSecurityin Site

Network

Tunnel Mode

No ExtraSoftware,

DigitalCertificate,or SetupRequired

No ExtraSoftware,

DigitalCertificate,or SetupRequired

In IPsec tunnel mode, there is only security overthe Internet between IPsec gateways at each site

No security within sites, butno software, setup or certificates on the individual hosts

Inexpensive compared to transport mode

7-57

Figure 7-16: SSL/TLS for Browser–Webserver

Communication

Webserverwith Built-in

SSL/TLS Support

PC withBrowser Already

Installed

1. SSL/TLS Operates at the Transport Layer

2.Protects All Application Layer Traffic

That Is SSL/TLS Aware(WWW and Sometimes E-Mail)

No additional software is needed on the user PC.

IPsec works at the internet layer.SSL/TLS works at the transport layer.

Only protects SSL/TLS-aware applications.This primarily means HTTP.

SSL/TLS is built into every browser and webserver.

7-58

Figure 7-17: SSL/TLS with a Gateway

1,ClientWith

Browser

2.SSL/TLSGateway

3.HTTP Server

4. DatabaseServer

The Internet

4.WebifiedOutput

3.Connection

to Webserver

Browser

SSL/TLS gateways turn SSL/TLS into a remote access VPN technology,Gives access to multiple internal webservers.

Can “webify” some other applications for viewing on browsers as webpages.Can give access to other servers.

7-59

SSL/TLS Versus IPsec

• SSL/TLS– Limited to remote access VPNs

– Only moderately strong security

– Harder to use with many applications

• IPsec– Offers stronger security than SSL/TLS

– Both remote access and site-to-site VPNs

– Costly to set up in the stronger transport mode

– Economically attractive for site-to-site VPNs in tunnel mode

7-60

Figure 7-18: Market Perspective

• Rapid Growth

– VPNs

– Carrier IP networks

– Metro Ethernet

• Stagnant

– Leased line networks

– Frame Relay

– ATM

Wide Area Networks (WANs) Chapter 7. WAN Essentials.

Documents

Transcript of Wide Area Networks (WANs) Chapter 7. WAN Essentials.