Wide Area Networks (WANs) Chapter 7 Panko’s Business Data Networks and Telecommunications, 6th edition Copyright 2007 Prentice-Hall May only be used by

Wide Area Networks(WANs)

Chapter 7

Panko’sBusiness Data Networks and Telecommunications, 6th edition

Copyright 2007 Prentice-Hall

May only be used by adopters of the book

7-2

Orientation

• Single Networks

– Layers 1 and 2 (so OSI standards dominate)

– Chapters 4-7: Local to long-distance for single networks

• Chapter 4: Wired Ethernet LANs

• Chapter 5: Wireless LANs (WLANs)

• Chapter 6: Telecommunications (and Internet Access)

• Chapter 7: Wide Area Networks (WANs)Chapter 7: Wide Area Networks (WANs)

• Chapter 8: TCP/IP Internetworking– To link multiple single networks

WAN Essentials

7-4

Figure 7-1: Wide Area Networks (WANs)

• Wide Area Networks (WANs)– Single networks that connect different sites

• WANs and the Telephone– WAN technology usually uses the Public Switched

Telephone Network transport system for transmission

– Adds data switching and management

• WAN Purposes– Internet access (Chapter 6)

– Link sites within the same corporation

– Provide remote access to individuals who are off site

7-5


• Site-to-Site Transmission within a Firm

– Leased line networks

– Public switched data networks (PSDNs)

– Virtual Private Networks (VPNs)

7-6


• WANs are Characterized by High Cost and Low Speeds

– High cost per bit transmitted compared to LANs

– Consequently, lower speeds (most commonly 128 kbps to a few megabits per second)

• This speed usually is aggregate throughput shared by many users

– Much slower than LAN speeds (100 Mbps to 1 Gbps to the desktop)

7-7


• Carriers

– Beyond their physical premises, companies must use the services of regulated carriers for transmission

• Companies do not have rights of way to lay wires beyond their premises

– Customers are limited to whatever services the carriers provide

– Prices for carrier services change abruptly and without technological reasons

– Prices and service availability vary widely from country to country

突然地

Leased Line Networks

7-9

Leased Lines: Recap

• Leased Line Characteristics

– Point-to-point circuits

– Always on

– High speeds: 64 kbps (rare) to several gigabits per second

– Leased for a minimum period of time

– Usually offered by telephone companies

7-10

Figure 7-2: Leased Line Networks for Voice and Data

OC3 Leased Line

T1LeasedLine

T1LeasedLine

T3LeasedLine

56 kbpsLeasedLine

56 kbpsLeasedLine

56 kbpsLeasedLine

Site A Site B

Site DSite E

Site C

Leased Line Voice Network

PBX

PBX

PBXPBX

PBX

Leased Line VoiceNetworks Have aPBX at Each Site

7-11

Figure 7-2: Leased Line Networks for Voice and Data

OC3 Leased Line

T1LeasedLine

T1LeasedLine

T3LeasedLine

56 kbpsLeasedLine

56 kbpsLeasedLine

56 kbpsLeasedLine

Site A Site B

Site D Site E

Site C

Leased Line Data Network

RouterRouter

Router

RouterRouter

Leased Line DataNetworks Have a

Router at Each Site

7-12

Figure 7-3: Full Mesh and Pure Hub-and-Spoke Topologies for Leased Line Data Networks

Full Mesh Topology

OC3 Leased Line

T1LeasedLine

Site A Site B

Site C Site D

T1LeasedLine

T3LeasedLine

T3LeasedLine

In a full mesh topology,there is a leased line

between each pair of sites

Highly reliableHighly expensive

7-13

Figure 7-3: Full Mesh and Pure Hub-and-Spoke Topologies for Leased Line Data Networks

Pure Hub-and-Spoke Topology

OC3 Leased Line

Site ASite B

Site C

Site D

T3LeasedLine

T3LeasedLine

In a pure hub-and-spoke topology, there is only

one leased line from thehub site to each other site.

Very inexpensive.Very unreliable.

Few companies use either of these extreme topologies.They have some backup links.

7-14

Figure 7-4: Leased Line Speeds

Line Speed Typical TransmissionMedium

56 kbps 56 kbps 2-Pair Data-Grade UTP

T1 1.544 Mbps 2-Pair Data-Grade UTP

North American Digital Hierarchy

56 kbps leased lines are hardly used today because they are so slow.

T1 lines are very widely usedbecause they are in the speed range of greatest corporate demand—

128 kbps to a few megabits per second.

7-15

Figure 7-4: Leased Line Speeds, Continued


Fractional T1 128 kbps, 256 kbps,384 kbps, 512 kbps,

768 kbps

2-Pair Data-Grade UTP



Bonded T1s (multipleT1s acting as a singleline)

A few multiples of1.544 Mbps

2-Pair Data-Grade UTP

T1 lines are very widely used.Fractional T1 lines offer lower speeds for companies that need them.

Two or three T1 lines can be bonded for higher speeds.T1, Fractional T1, and Bonded T1s are the most widely used leased lines.

7-16




T3 44.736 Mbps Optical Fiber

The jump from T1 to T3 speeds is extremely large.

Few firms need T3 speeds, and they only needthese speeds for some of their leased lines.

Some carriers offer fractional T3 lines to bridge the T1-T3 gap.

T3 lines and all faster leased lines use optical fiber.


7-17



E3 34.368 Mbps Optical Fiber

64 kbps 64 kbps 2-Pair Data-Grade UTP

E1 2.048 Mbps 2-Pair Data-Grade UTP

CEPT Hierarchy

In Europe, most countries use the CEPT hierarchy

E1 lines are slightly faster than T1 lines

E3 lines are slightly slower than T1 lines

European Conference of Postal and Telecommunications Administrations

7-18


Line Speed (Mbps) Typical TransmissionMedium

OC3/STM1 155.52 Optical Fiber

OS12/STM4 622.08 Optical Fiber

SONET/SDH Speeds

OC48/STM16 2,488.32 Optical Fiber



For speeds above 50 Mbps, the world uses one technology

Called SONET in the United States, SDH in EuropeSONET speeds measured in OC numbers, SDH in STM numbers

Speeds are multiples of 51.84 Mbps

SONET: synchronous optical networkingSDH: synchronous digital hierarchy

7-19


Line Speed (Mbps) Typical TransmissionMedium

OC3/STM1 155.52 Optical Fiber

OS12/STM4 622.08 Optical Fiber

SONET/SDH Speeds




Few commercial firms need SONET/SDH lines

Primarily, carriers use them internally

7-20

Figure 7-5: Business-Class Symmetric Digital Subscriber Line (DSL) Services

HDSL HDSL2 SHDSL

Uses Existing 1-Pair Voice-GradeUTP Telephone Access Line toCustomer Premises?*

Yes* Yes* Yes*

Downstream Throughput 768 kbps 1.544 Mbps 384 kbps –2.3 Mbps

Upstream Throughput 768 kbps 1.544 Mbps 384 kbps –2.3 Mbps

*By definition, DSL always uses 1-pair VG UTP

Many firms use HDSL and HDSL2 lines instead of T1 and fractional T1 speeds

7-21

Figure 7-5: Business-Class Symmetric Digital Subscriber Line (DSL) Services

HDSL HDSL2 SHDSL

Symmetrical Throughput? Yes Yes Yes

Target Market Businesses Businesses Businesses

QoS Throughput Guarantees? Yes Yes Yes

Businesses need symmetrical throughput and QoS

Public Switched Data Networks (PSDNs)

7-23

Figure 7-6: Public Switched Data Networks (PSDNs)

• Recap: Leased Line Data Networks

– Use many leased lines, which must span long distances between sites

– This is very expensive

– Company must design and operate its leased line network

7-24

Figure 7-7: Public Switched Data Network (PSDN)

Site A Site B

Site DSite C

One PrivateLine AccessLine per Site

Public Switched DataNetwork (PSDN)

Site E

POP POP

POPPOPPoint of Presence

In Public Switched Data Networks,the PSDN carrier handles all switching.Reduces the load on the network staff.

The PSDN central core is shown as a cloudto indicate that the user firm does not

have to know how the network operates.

7-25

Figure 7-7: Public Switched Data Network (PSDN)

Site A Site B

Site DSite C

One PrivateLine AccessLine per Site

Public Switched DataNetwork (PSDN)

Site E

POP POP

POPPOPPoint of Presence

In Public Switched Data Networks,the customer needs a single leased line

from each site to one of the PSDN carrier’spoints of presence (POPs)

7-26

Leased Lines in PSDNs

• A company has ten sites

• It wants to use a PSDN

• Will it need leased lines even if it is using a PDSN?

• How many leased lines will it need?

• Between what two locations will each leased line go?

7-27

Figure 7-6: PSDNs

• Costs

– Carriers benefit from economies of scale in building and managing the large PSDN network

– Consequently, the price to most companies is less than the cost of a network of leased lines

7-28

Figure 7-6: PSDNs

• Service Level Agreements (SLAs)

– Guarantees for services

– Throughput, availability, latency, error rate, etc.

– An SLA might guarantee a latency of no more than 100 ms 99.99 percent of the time

• SLA guarantees no worse than a certain worst-case level of performance

7-29

Figure 7-8: Virtual Circuit Operation

VirtualCircuit

VirtualCircuit

Switch A Switching Table

Virtual Circuit Port47 2

270 3982 3

5 1

Switch A Switch B

Switch E

Switch C

Switch D

Server

Frame withVC Number 47

The internal cloud networkis a mesh of switches.

This creates multiple alternative paths.

This gives reliability.

7-30


VirtualCircuit

VirtualCircuit



270 3982 3

5 1

Switch A Switch B

Switch E

Switch C

Switch D

Server


Mesh switching is slow becauseeach switch must evaluateavailable alternative pathsand select the best one.

This creates expensive switching.

7-31


VirtualCircuit

VirtualCircuit



270 3982 3

5 1

Switch A Switch B

Switch E

Switch C

Switch D

Server


Before communication begins betweensites, the PSDN computes

a best path called a virtual circuit.

All frames travel along this virtual circuit.

7-32


VirtualCircuit

VirtualCircuit



270 3982 3

5 1

Switch A Switch B

Switch E

Switch C

Switch D

Server


Each frame has a virtual circuit numberinstead of a destination address.

Each switch looks up the VC numberin its switching table, sends the frame

out the indicated port.

VCs greatly reduce switching costs.


Frame Relay

ATM

Metropolitan Area Ethernet

Carrier IP Networks

7-34

Figure 7-9: Frame Relay

• Frame Relay is the Most Popular PSDN Service Today

– 56 kbps to 40 Mbps

– This fits the range of greatest corporate demand for WAN speed

– Usually less expensive than a network of leased lines

7-35

Figure 7-10: Frame Relay Network Elements

SwitchPOP

Customer Premises B

Customer Premises C

1.Access DeviceCustomer

Premises A

Router or DedicatedFrame Relay

Access Device

And CSU/DSU

CSU/DSU (Channel Service Unit/Data Service Unit)

7-36


Site A

Site B

PC

Server

T1 CSU/DSU atPhysical Layer

Frame Relay atData Link Layer

T3 CSU/DSU atPhysical Layer

ATM etc. atData Link Layer

T1 Line

T3 Line

Access Device(Frame Relay

Access Device)

Access Device(Router)

7-37


• CSU/DSU

– Channel service unit (CSU) protects the access line from unapproved voltage levels, etc. coming from the firm

– Data service unit (DSU) converts between internal digital format and digital format of access link to Frame Relay network.

• May have different baud rate, number of states, voltage levels, etc.

DSU

7-38


SwitchPOP

Customer Premises B

Customer Premises C

Customer Premises A

2.Leased Access

Line to POP

7-39


SwitchPOP

Customer Premises B

Customer Premises C

Customer Premises A

3.Port

SpeedCharge at

POPSwitch

POP has a switch with ports

The port speed charge is basedon the port speed used

The port speed charge usuallyIs the biggest part of PSDN costs

7-40

Frame Relay Network PVCs

• Frame Relay PVC Numbers are called data link control indicators (DLCIs)

• Pronounced “Dull’ seas”• Usually 10 bits long• 210 or 1,024 possible PVCs from each site

– Multiplexed over the single leased line to the POP• Leased line must be fast enough to handle the

combined PVC speeds

Site 1 PSDNLeased

Line

Site 2

Site 3

POP

PVC 1-2

PVC 1-2

7-41


Switch

PVC 2

PVCs 1&2

POP

PVC 2 PVC 1

Customer Premises B

Customer Premises C

Customer Premises A

PVC 1

PVC 1

4.PVC

Charges

2 PVCs are multiplexedover a single leased line

PVC charges usuallyare collectively

the second-mostexpensive part

of Frame Relay service

PVC pricesdepend onPVC speed

7-42


Switch

PVC 2

PVCs 1&2

POP

PVC 2 PVC 1

Customer Premises B

Customer Premises C

Customer Premises A

PVC 1

PVC 1

5.Management

Charges

Frame Relay networksare managed by the carrier.

For managementof equipment on thecustomer premises,

there is an extra charge.


Frame Relay

ATM


Carrier IP Networks

7-44

Figure 7-11: ATM

• ATM (Asynchronous Transfer Mode) is a another PSDN

• ATM Provides Speeds Greater than Frame Relay Can Provide

– One megabit per second to several gigabits per second

• Not a Competitor for Frame Relay

– Most carriers offer both FR and ATM

– Sell based on the customer’s speed range needs

– May even interconnect the two services

7-45

Figure 7-11: ATM, Continued

• Designed to Run over SONET/SDH

• Cell Switching

– Most frames have variable length (Ethernet, etc.)

– All ATM frames, called cells, are 53 octets long

• 5 octets of header

• 48 octets of data

– Using fixed-length frames is called cell switching

– Short length minimizes latency (delay) at each switch

7-46


• ATM Has Strong Quality of Service (QoS) Guarantees for Voice Traffic

– Not surprising because ATM was created for the PSTN’s transport core

• For pure data transmission, however, ATM usually does NOT provide QoS guarantees!!

• Manageability, Complexity, and Cost

– Very strong management tools for large networks (designed for the PSTN)

– Too complex and expensive for most firms

7-47


• ATM’s Future?

– May flourish after firms outgrow Frame Relay speeds

– However, metropolitan area Ethernet (discussed next) should be a strong competitor

繁茂


Frame Relay

ATM


Carrier IP Networks

7-49

Figure 7-12: Metropolitan Area Ethernet

• Metropolitan Area Networks (MANs)

– MANs are carrier networks that are limited to a large urban area and its suburbs

– Metropolitan area Ethernet (metro Ethernet) is available for this niche

– New but growing rapidly

7-50

Figure 7-12: Metro Ethernet, Cont.

• Metro Ethernet Services

– E-Line Service

• Provides point-to-point connections between sites, like leased lines

– E-LAN Service

• Links multiple sites simultaneously

• Virtual Private LAN Service (VPLS)

– Makes the carrier service seem like a simple LAN segment

7-51


• Attractions of Metropolitan Area Ethernet

– Very Low Prices Compared to Frame Relay and ATM

– High Speeds: Tens of megabits per second

– Familiar Technology for the Networking Staff

• No need to learn a new technology

– Rapid Provisioning

• Setting up service to a customer

• Changing the service (adding more capacity)

7-52


• Carrier Class Service

– Basic Ethernet standards are insufficient for large wide area networks

– Quality of service and management tools must be developed

– The goal: provide carrier class services that are sufficient for customers

7-53


• Carrier Class Service

– 802.3ad standard

• Ethernet in the First Mile

• Standard for transmitting Ethernet signals over PSTN access lines

– 1-pair voice-grade UTP

– 2-pair data-grade UTP

– Optical fiber


Frame Relay

ATM


Carrier IP Networks

7-55

Carrier IP Networks

• Layer 2 Networks

– Frame Relay, ATM, and Ethernet PSDNs Operate at the Data Link Layer

• Some Carriers Now Offer IP Networks

– Essentially, private Internets

– Managed entirely by the carrier, so no overload in the Internet backbone from connected carries

– Access is not open to everyone, so security is enhanced

– Also called Private IP Networks

7-56

Carrier IP Networks

• Other Advantages

– Allow companies to use familiar IP technology

– Mature management and control standards

– Carrier can manage everything if the customer desires that (and will pay)

– Offer VoIP as well as data—convergence to reduce technology and management costs

Virtual Private Networks (VPNs)

7-58

Figure 7-13: Virtual Private Networks (VPNs)

• Virtual Private Networks (VPNs)

– Virtual private networks (VPN) use the Internet with added security for data transmission

• The Attractions of Internet Transmission

– Lowest cost per bit transmitted

– Universal access to communication partners (Everybody uses the Internet)

7-59

Figure 7-13: VPNs

• Management

– Self-managed corporate VPNs

– VPNs managed by carriers

• Cost more than self-managed VPNs

• Reduce management labor and need for in-corporation expertise

7-60


CorporateSite A

VPNGateway

VPNGateway

RemoteAccessVPN

Tunnel

Internet

RemoteCorporate

PC

Site-to-SiteVPN

CorporateSite B

ProtectedClient

ProtectedServer

A VPN is communication over theInternet with added security

Host-to-HostVPN

There are 3 types of VPNs

Remote access VPNsprotect traffic for individual users

7-61


CorporateSite A

VPNGateway

VPNGateway

RemoteAccessVPN

Tunnel

Internet

RemoteCorporate

PC

Site-to-SiteVPN

CorporateSite B

ProtectedClient

ProtectedServer


Host-to-HostVPN


Site-to-site VPNsprotect traffic between sites

Will dominate VPN traffic

7-62


CorporateSite A

VPNGateway

VPNGateway

RemoteAccessVPN

Tunnel

Internet

RemoteCorporate

PC

Site-to-SiteVPN

CorporateSite B

ProtectedClient

ProtectedServer


Host-to-HostVPN


Host-to-host VPNsconnect one client to one server

7-63

Figure 7-13: VPNs

• VPN Security Technologies

– IPsec for any type of VPN

• Offers very high security

– SSL/TLS for low-cost transmission

• Secure browser-server transmission

• Remote access VPNs

7-64

Figure 7-15: IPsec Transport and Tunnel Modes

Secure onthe Internet

SiteNetwork

SiteNetworkSecure Connection

Securein Site

Network

Securein Site

Network

Transport Mode

ExtraSoftware,

DigitalCertificate,and SetupRequired

ExtraSoftware,

DigitalCertificate,and SetupRequiredIPsec is the strongest VPN security technology.

In transport mode, there is end-to-end securityhowever, software must be added to each host,

each host must have a digital certificate,and each host must be setup (configured).

This is very expensive.

7-65

Figure 7-15: IPsec Transport and Tunnel Modes

IPsecGateway

Secure onthe Internet

SiteNetwork

SiteNetwork

IPsecGateway

TunneledConnection

NoSecurityin Site

Network

NoSecurityin Site

Network

Tunnel Mode

No ExtraSoftware,

DigitalCertificate,or SetupRequired

No ExtraSoftware,

DigitalCertificate,or SetupRequiredIn IPsec tunnel mode, there is only security over

the Internet between IPsec gateways at each site

No security within sites, butno setup on the individual hosts

Inexpensive compared to transport mode

7-66

Figure 7-16: SSL/TLS for Browser–Webserver

Communication

Webserverwith Built-in

SSL/TLS Support

PC withBrowser Already

Installed

1. SSL/TLS Operates at the Transport Layer

2.Protects All Application Layer Traffic

That Is SSL/TLS Aware(WWW and Sometimes E-Mail)

No additional software is needed on the user PC.

IPsec works at the internet layer.SSL/TLS works at the transport layer.

Only protects SSL/TLS-aware applications.This primarily means HTTP.

SSL/TLS is built into every browser and webserver.

7-67

Figure 7-17: SSL/TLS with a Gateway

1,ClientWith

Browser

2.SSL/TLSGateway

3.HTTP Server

4. DatabaseServer

The Internet

4.WebifiedOutput

3.Connection

to Webserver

Browser

SSL/TLS gateways turn SSL/TLS into a remote access VPN technology,Gives access to multiple internal webservers.

Can “webify” some other applications for viewing on browsers as webpages.Can give access to other servers.

7-68

SSL/TLS Versus IPsec

• SSL/TLS– Limited to remote access VPNs

– Only moderately strong security

– Harder to use with many applications

• IPsec– Both remote access and site-to-site VPNs

– Offers extremely strong security

– Costly to set up in the stronger transport mode

– Economically attractive for site-to-site VPNs in tunnel mode

7-69

Figure 7-18: Market Perspective

• Leased Line Networks

– Dominated WAN transmission until the 1990s

– But difficult to set up and expensive to run

– Recent spurt in use because of reduced leased line prices and rising Frame Relay prices

– Needed for access lines in PSDNs and VPNs anyway

迸發

7-70

Figure 7-18: Market Perspective, Cont.

• Frame Relay

– Grew explosively in the 1990s

– Became very widely used

– FR prices have risen recently in an effort by carriers to increase their profit margins

– Widely used and familiar, but now considered a legacy technology

7-71


• ATM

– Much faster than Frame Relay

– But most firms only need Frame Relay speeds

– Very expensive because was designed to replace the core of the PSTN

• It actually is doing this

– The required sophistication in management is not needed for corporate networking

7-72


• Metro Ethernet

– Price and speed are very attractive

– Growing very rapidly

– Limited to metropolitan area networking

– Still somewhat immature technically

7-73


• Carrier IP Networks

– PSDN vendors are beginning to offer IP service to their customers

– Essentially, private Internets

– Provide better congestion control and security than the global Internet

– Most carriers want their customers to transition to IP offerings

– Sprint will force this change in 2009

7-74


• Virtual Private Networks (VPNs)

– IP is an base attractive technology for everything

– Internet transmission is relatively inexpensive

– Security and performance issues can be addressed

– Growing rapidly

– Dominates planning for the future in most firms

Topics Covered

7-76

WANs

• Wide Area Networks– Carry data between different sites, usually within a

corporation

– High-cost and low-speed lines• 128 kbps to a few megabits per second

– Carriers

– Purposes• Internet access, site-to-site connections, and remote

access for Individuals

– Technologies• Leased line networks, public switched data networks,

and virtual private networks

7-77


• Leased Lines are Long-Term Circuits

– Point-to-Point

– Always On

– High-speeds

• Device at Each Site

– PBX for leased line voice networks

– Router for leased line data networks

• Pure Hub-and-Spoke, Full Mesh, and Mixed Topologies

7-78


• Many Leased Line Speeds

– Fractional T1, T1, and bonded T1 dominate

– Slowest leased lines run over 2-pair data-grade UTP

– Above 3 Mbps, run over optical fiber

– Below about 3 Mbps, 2-pair data grade UTP

– Above 3 Mbps, optical fiber

– North American Digital Hierarchy, CEPT, and other standards below 50 Mbps

– SONET/SDH above 50 Mbps

– Symmetrical DSL lines with QoS

7-79

Public Switched Data Networks

• PSDNs

– Services offered by carriers

– Customer does not have to operate or manage

– One leased line per site from the site to the nearest POP

– By reducing corporate labor, typically cheaper than leased line networks

– Service Level Agreements

– Virtual circuits

7-80

Frame Relay PSDNs

• Frame Relay

– Most popular PSDN

– 56 kbps to about 40 Mbps

– Access devices, CSU/DSUs, leased access lines, POP ports, virtual circuits, management

• Usually POP port speed charges are the biggest cost component

• Second usually are PVC charges

– Leased line must be fast enough to handle the speeds of all of the PVCs multiplexed over it

7-81

Other PSDNs

• ATM– High speed and cost– Cell switching– Low use

• Metro Ethernet– Extending Ethernet to MANs– Very attractive speeds and prices– Small but growing rapidly

• Carrier IP Networks– Essentially, private Internets with QoS and security– Carriers want to use it to replace Frame Relay

7-82

Virtual Private Networks (PVCs)

• The Internet is inexpensive and universal

– VPNs add security to transmission over the Internet (or any other untrusted network)

• IPsec– The strongest security for VPNs

– Tunnel mode between sites is inexpensive

– Transport mode between computers is expensive

• SSL/TLS– First for browser communication with a single webserver

– SSL/TLS gateways make it a full remote access VPN

Documents

Wide Area Networks (WANs) Chapter 7 Panko’s Business Data Networks and Telecommunications, 6th edition Copyright 2007 Prentice-Hall May only be used by