Upload
bathsheba-fields
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
PSDN and VPNPSDN and VPN
From circuit to packet switching
2
Packet-Switched ServicesPacket-Switched Services
Offered by Carriers
X.25 Old, slow, and not sufficiently cheaper than frame relay
Frame Relay Speeds in main range of user demand Dominated the market in the 1990s
ATM High speeds and costs, requiring equipment changes
Carrier Internet and MPLS services Dominant services today
3
X.25 Packet-Switched Data NetworksX.25 Packet-Switched Data Networks
Oldest packet switched network service (1970s)
Low speed (maximum around 64 kbps)
Mature: easy to implement
Uses PVCs
Reliable service, so latency in transmission
Mostly replaced by Frame Relay
4
Frame Relay Packet-Switched Data Frame Relay Packet-Switched Data NetworksNetworks
Software upgrade to X.25 switches
Uses PVCs
Unreliable, so much faster on same switches
Good speed range: 56 kbps - 40 Mbps: Meets most corporate needs (most under 2 Mbps)
– Grew rapidly in the 90s, to equal leased line WANs in terms of market share (about 40%)
See more here.
5
Pricing of Packet SwitchingPricing of Packet Switching
Speed of the Access Line from Site to Network
Determines maximum transmission rate to the network
Often called the Port Speed
Often the most important price determinant
Must be fast enough for needs
See Frame Relay vs. DSL -- a price issue
6
ATM (Asynchronous Transfer Mode)ATM (Asynchronous Transfer Mode)
Offers very high speeds: 622 Mbps, 2.5 Gbps to 40 Gbps. Speeds are beyond most corporate needs today and high costs.
Connection-oriented (PVCs), unreliable
Quality of Service (QOS) guarantees critical traffic Minimize latency (delays) Inherent reliability (low loss rate)
Seen as the next generation before Ethernet surge But Frame Relay kept increasing in speed in low Mbps
range where market demand was highest
7
Pricing/Performance of Packet Switched Pricing/Performance of Packet Switched ServicesServices
Pricing of Frame Relay and ATM Customer Premises Equipment Access Line to Point of Presence Port Speed Per PVC Price Distance and Traffic Volume
The demise of Frame Relay and ATM Transition from Frame Relay and ATM to Carrier
Ethernet stimulated by Verizon, AT&T, etc. The move to Ethernet and IP based services a win-win
situation.
8
Customer Premises EquipmentCustomer Premises Equipment
Access Device Has link to internal system (often a LAN) Has CSU/DSU to put internal traffic into format for
Packet switching transmission In Frame Relay, called Frame Relay Access Device
(FRADS)
Access Device
LAN
Access Lineto Network
9
Modular RoutersModular Routers
CSU/DSUs are removable expansion boards
Router Switching CircuitryRouter Switching Circuitry
Port 1CSU/DSU
(T1)
Port 1CSU/DSU
(T1)
Port 2CSU/DSU(56 kbps)
Port 2CSU/DSU(56 kbps)
Port 3CSU/DSU
(T3)
Port 3CSU/DSU
(T3)
Port 4CSU/DSU(56 kbps)
Port 4CSU/DSU(56 kbps)
Modular Router
T1 Line 56 kbps Line T3 Line 56 kbps Line
10
Elements of a Packet Switched NetworkElements of a Packet Switched Network
CustomerPremises
A
LECSwitching
Office
POPat LECOffice
LeasedAccess Line
to POP
LeasedAccess Line
to POP
You need a leased access line to the network’s POP.
Sometimes the packet switched network vendor pays the cost of the access line for you and bundles it into your service charges.
11
Elements of a Packet Switched NetworkElements of a Packet Switched Network
SwitchedDataNetwork
TrunkLine
NetworkSwitching
Office
POPCustomer
Premises B LeasedAccess Line
12
CalculationsCalculations
Situation You have four sites You want any one to be able to reach any other
Questions How many PVCs do you need? How many access lines do you need?
13
CalculationsCalculations
PVCs If you have N sites, there are N(N-1)/2 possible connections In this case, you would have 4(3)/2 or 6 possible
connections Some vendors count this as 6 PVCs, others as 12 PVCs
Access Lines You would need four access lines (one for each site) Each will multiplex 3 PVCs Must be fast enough for the needs of communication with
the three other sites
14
Leased Lines vs. Packet-Switched Data Leased Lines vs. Packet-Switched Data NetworksNetworks
Leased Lines Point-to-point, inexpensive for thick routes Inflexible: must be established ahead of time
Packet Switched Networks Also must be established ahead of time for PVCs Competitor for leased line networks Priced aggressively Carrier does all the management Killing the leased line business
15
Virtual Private NetworkVirtual Private Network
VPN Server
Corporate Site A
VPN Server
CorporateSite B
2. RemoteCustomer PC
(or site)
3. RemoteCorporate PC
Tunnel
Internet
ExtranetRemote
Access forIntranet
1.Site-to-Site
16
VPN advantageVPN advantage
Virtual Private Network (VPN) Transmission over the Internet with added security Some analysts include transmission over a PSDN with
added security
Why VPNs? PSDNs are not interconnected
Only good for internal corporate communication But Internet reaches almost all sites in all firms Low transmission cost per bit transmitted
17
VPN issuesVPN issues
VPN Problems Latency and Sound Quality
Internet can be congested Creates latency, reduces sound quality Use a single ISP as for VoIP (voice over IP)
Security PPTP for remote access is popular IPsec for site-to-site transmission is popular
18
ISP-Based PPTP Remote Access VPNISP-Based PPTP Remote Access VPN
Remote Access VPNs User dials into a remote access server (RAS) RAS often checks with RADIUS server for user
identification information. Allows or rejects connection
RADIUSServer
PPTPRAS
Internet ISPPPTP
AccessConcentrator
LocalAccess
Corporate Site A
Secure Tunnel
Unsecure TCPControl Channel
19
VPN and PPTPVPN and PPTP
Point-to-Point Tunneling Protocol Available in Windows since Windows 95
No need for added software on clients Provided by many ISPs
PPTP access concentrator at ISP access point Some security limitations
No security between user site and ISP No message-by-message authentication of user Uses unprotected TCP control channel
20
IPsec in Tunnel ModeIPsec in Tunnel Mode
Tunnel OnlyBetween SitesHosts Need NoExtra Software
SecureTunnel
TunnelMode
IPsecServer
IPsecServer
LocalNetwork
LocalNetwork
No SecurityIn Site Network
No SecurityIn Site Network
21
IPsec in Transfer ModeIPsec in Transfer Mode
End-to-End (Host-to-Host)Tunnel
Hosts Need IPsec Software
SecureTunnel
TransferMode
IPsecServer
IPsecServer
LocalNetwork
LocalNetwork
SecurityIn Site Network
SecurityIn Site Network
22
IPsec alternativesIPsec alternatives
IP Security (IPsec)
Tunnel mode: sets up a secure tunnel between IPsec servers at two sites
No security within sites No need to install IPsec software on stations
Transfer mode: set up secure connection between two end hosts
Protected even on internal networks Must install IPsec software on stations, but default
in current OSs (Windows, Linux, UNIX).
23
Security at the internet layerSecurity at the internet layer
IP Security (IPsec) At internet layer, so protects information at higher
layers
Transparent: upper layer processes do not have to be modified
Internet Layer with IPsec Protection
TCP UDP
HTTP SMTP FTP SNMP
Protected
24
Common IPsec configurationCommon IPsec configuration
IP Security (IPsec) Security associations:
Governed by corporate policies
List ofAllowableSecurity
Associations
List ofAllowableSecurity
Associations
Party B Party A
IPsec Policy Server
25
SSL/TLS for Browser–Webserver Communication
26
Metropolitan Area Ethernet
Metropolitan Area Network (MAN) A carrier network limited to a large urban area and its
suburbs Metropolitan area Ethernet (metro Ethernet) is available
for this niche Metro Ethernet is relatively new, but is growing very
rapidly
802.3ad standard Ethernet in the first mile Standard for transmitting Ethernet signals over PSTN
access lines 1-pair voice-grade UTP, 2-pair data-grade UTP, optical
fiber
27
Metropolitan Area Ethernet
Attractions of Metropolitan Area Ethernet Low prices per bit transmitted High speeds Familiar technology for networking staff Rapid provisioning
Rapid capacity increases for special events
Carrier Class Service Basic metro Ethernet standards are insufficient for large
wide area networks Quality of service and management tools must be
developed The goal: To provide carrier class services that are
sufficient for customers
28
Carrier Ethernet and MPLS servicesCarrier Ethernet and MPLS services
29
Carrier Ethernet and MPLS servicesCarrier Ethernet and MPLS services
The two most popular WAN options today are: MPLS and Carrier Ethernet.
Carrier Ethernet services include virtual private LAN service (VPLS), Gigabit and metro Ethernet. E-LINE service -- site-to-site service, competes directly with
leased lines. E-LAN -- extends the LAN to the wide area, as if the PSDN
service was only trunk lines between switches.
MPLS (Multiprotocol Label Switching) services typically refer to Layer 3 MPLS VPN services a MPLS network determines the best path for packets between two
hosts -- the label switched path. Routers will send all packets along this path that receive a label
path number.
30
Overview of MPLS servicesOverview of MPLS services A MPLS primer at https://www.youtube
.com/watch?v=U1w-b9GIt0k
31
More in the MPLS serviceMore in the MPLS service
The label switched path
32
Carrier Ethernet and MPLS servicesCarrier Ethernet and MPLS services
A historic view of Carrier Ethernet in Wikipedia
An example of carrier services: AT&T
Keeping up with news about Carrier Ethernet: http://www.carrierethernetnews.com/
Carrier Ethernet vs MPLS services.
Software-Defined Networks (SDN) Overview in Wikipedia. Pros and cons of SDN.