M10 WAN and the Internet

avatar
Created by
Fernando Villareal

Cards (55)

  • Wide Area Networks
    •Wide area networks (WANs) run long distances connecting different buildings or offices◦ All land typically not owned by organization◦ May span a city, regions, or even countries• Often built using leased circuits from common carriers◦ e.g., AT&T, Sprint, Verizon, BT, Telefónica, Level 3• A federal government agency regulates data and voice communications in most countries In the U.S., this is the Federal Communications Commission (FCC)
  • Wide Area Networks – Sample Geography
    Microsoft Corporation’s WAN Map (Data Center Connections)
  • Wide Area Networks – Types 

    •Services that use common carriers◦ Dedicated-circuit networks◦ Packet-switched networks• Service that uses the public Internet◦ Virtual private network (VPN)
  • Dedicated-Circuit Networks
    •Use full duplex circuits from common carriers called leased lines or private lines to create point-to-point links between organizational locations• Circuit that connects locations installed by carrier• Connect LANs to leased lines using modem, multiplexer, or channel service unit / data service unit (CSU/DSU)• Billed at a flat fee per month with unlimited use of the circuit• Adding/removing lines or increasing/decreasing capacity may be difficult, time consuming, and expensive
  • Dedicated-Circuit Networks – A Diagram
  • Dedicated-Circuit Networks – Architectures 

    •Three architectures (physical topologies) for dedicated-circuit networks◦ Ring◦ Star◦ Mesh
  • Ring Architecture
    •A ring architecture connects all computers in a closed loop with each computer linked to the next• Circuits are full-duplex or half-duplex• Messages can take a long time• Failure of any one circuit/computer:  the network can continue to function
  • Star Architecture
    •A star architecture connects all computers to one central computer• Easy to manage• Most susceptible to traffic problems• Central computer must have sufficient capacity to handle traffic peaks• Failure of any one circuit affects only the one circuit• Central computer failure causes the network to fail
  • Full Mesh Architecture
    •In a full-mesh architecture, every computer is connected to every other computer• Seldom used because of the extremely high cost• Extremely reliable
  • Partial Mesh Architecture
    •Partial-mesh architecture is where many, but not all, computers are connected
    Usually called just mesh architecture
    Much more common than Full Mesh
    •Mesh networks combine the performance benefits of both ring networks and star networks Drawback is use of decentralized routing
  • Dedicated-Circuit Networks – Comparison 
  • Dedicated-Circuit Networks – Types of Services

    •Two types of dedicated circuit services: 1. T-carrier network• Developed by AT&T Bell Labs in 1962• First version, “Transmission System One” or T1• Transport protocol: Digital Signal 1 (DS-1) 2. Synchronous optical network (SONET)• OC designations stand for “optical carrier”• Transport protocol also SONET• Synchronous digital hierarchy (SDH) used outside U.S. & Canada•
  • Dedicated-Circuit Networks – T-Carrier Services 

    •T-carrier services◦Most common dedicated circuit used in North America using copper wires◦Similar to E-carrier services in Europe
  • Dedicated-Circuit Networks – SONET 

    •Synchronous optical network (SONET)◦ ANSI standard for optical fiber transmission◦ Similar to synchronous digital hierarchy (SDH) used outside of North America
  • Packet-Switched Networks
    •Operate more like LANs and BNs than dedicated-circuit networks• Connect to carrier network using packet assembler/disassembler (PAD)◦ Translates messages between protocols◦ e.g., frame relay assembler/disassembler• Customers pay a fixed price for a connection to the carrier and then a fee for the data transmitted• Packets from separate messages may be interleaved to maximize efficiency
  • Packet-Switched Networks – Virtual Circuits
    •Packets from separate messages may be interleaved to maximize efficiency• Permanent virtual circuits (PVCs) are connections between different locations in the packet network◦ Make packet-switched networks act like dedicated circuit networks.• Switched virtual circuits (SVCs) change dynamically• AKA “Temporary Virtual Circuits”
  • Packet-Switched Networks – Virtual Circuits
    •Packets from separate messages may be interleaved to maximize efficiency• Permanent virtual circuits (PVCs) are connections between different locations in the packet network◦ Make packet-switched networks act like dedicated circuit networks.• Switched virtual circuits (SVCs) change dynamically• AKA “Temporary Virtual Circuits”
  • Packet-Switched Networks – Data Rates
    •Different locations may have different transmission speeds to the carrier network• Customers specify the rates per PVC• The committed information rate (CIR) guaranteed by service provider • Packets exceeding the CIR up to the maximum allowable rate (MAR) may be discarded if the network becomes overloaded
  • Packet-Switched Network Diagram
  • Packet-Switched Networks – Types of Services
•Frame relay
    •Ethernet MPLS (Other services also available (i.e. – X.25, FDDI), but less prevalent)
  • Packet-Switched Networks – Multiprotocol label switching (MPLS) 

    •Can be used with a variety of layer 2 protocols• Label applied at entry to carrier network between layer 2, 3 headers◦ MPLS is sometimes called a layer 2.5 protocol◦ Label used in forwarding decisions and traffic engineering• Packets can be switched using labels faster than using complete IP addresses and routing tables
  • Packet-Switched Networks – Ethernet 

    •Converting to and from LAN/BN protocols and WAN protocols slows communication• Many carriers have switched or are switching to Ethernet for WANs• These new packet services bypass the public switched telephone network (PSTN)◦ May be less expensive than other alternatives
  • Virtual Private Networks (VPNs)

    •Provide equivalent of private packet-switched network over the public Internet• Connect a VPN gateway (a specially designed router) to each Internet access circuit• Create a virtual circuit often called a tunnel• May use dedicated hardware (VPN gateways) or be implemented in software• VPNs can be implemented at layer 2 or layer 3.
  • Virtual Private Network (VPN) Diagram
    The VPN gateways create permanent virtual circuits (PVCs) through the Internet, called tunnels
  • VPN Types
    •Intranet VPN◦ Provides virtual circuits between organization locations over the Internet• Extranet VPN◦ Same as an intranet VPN, but connects different organizations over the Internet◦ e.g., customers and suppliers• (Remote) Access VPN◦ Employees access organization's networks remotely over the Internet
  • How VPNs Work
    • Assume a layer 3 access VPN using IPSec◦ VPN software creates an interface for a VPN connection◦ The VPN gateway assigns a subnetted IP address to the VPN interface on the employee’s computer◦ The VPN interface becomes the default interface for all network traffic to and from the Internet◦ For transmissions, the VPN software receives the IP packet, encrypts it (IPSec), and encapsulates it (and its contents: the TCP segment and the HTTP packet) with an Encapsulating Security Payload (ESP) packet◦ Processes application layer and TCP/IP headers  Adds and strips Ethernet frames
  • Using VPN Software
    1. Client starts VPN s/w, creates new (virtual) interface 2. Logs in to office VPN gateway (Router, DHCP server) 3. VPN gateway assigns subnet address, makes VPN default client interface 4. Client sends HTTP web request; assigned src/true dest IP addresses 5. Client VPN encrypts packet (thought of as application layer packet) 6. Client std interface packages IPSec packet in UDP (port 500), Office VPN gateway IP dest, client gateway router MAC address 7. Client gateway router sends to ISP using PPP (both ISPs using DSL) 8. Client ISP routes through internet to office
  • VPNs – Pros and Cons
    •Advantages◦ Inexpensive◦ Flexible◦ Client appears to be in office (VPN gateway) subnet• Disadvantages◦ Internet traffic unpredictable◦ Multiple incompatible implementations◦ Not all vendor equipment and services are compatible
  • The Best Practice WAN Design – Factors 

    •Factors: effective data rates, cost, reliability 
  • The Best Practice WAN Design – Recommendations
  • Software Defined WAN
    •The increased complexity in WANs means that many organizations are implementing a Software Defined WAN (SDWAN)• A SDWAN uses software to control and manage routers used in the WAN• An SDWAN provides four benefits: 1. It provides centralized management 2. It reduces costs by balancing network traffic over circuits that have different costs and capacities 3. It provides more visibility over network traffic so network managers can see end-to-end traffic flows 4. SDWANs provide good security
  • Architecture of an SDWAN
    1.The top level is the Management Plane: Some vendors call this the Orchestration Plane: This is the software that is used to control the network 2. The second plane is the Control Plane. This is the software that controls the network and makes the decisions. 3.The third plane is the Data Plane. This plane includes the routers that implement the network
  • Improving WAN Performance
  • Implications for Cyber Security
    •A WAN is usually one of the most secure parts of the network, unless you’re using a VPN over the Internet. ◦VPNs are becoming commonplace. ◦The possibility remains that an attacker could break into the common carrier’s network. •The cost of encryption is low, so most large organizations routinely use VPNs to encrypt their data on their WAN, regardless of whether they use the Internet or services provided by common carriers.
  • The Internet
    Network of networks
    Various networks managed by for-profit, non-profit, and government organizations
    Organizations use standardized protocols to communicate
    Few controls over content and applications. Note:  The World Wide Web (WWW) ≠ Internet
    WWW is about content, specifically hyperlinked content
    Internet is the transport mechanism that enables WWW and other services
  • Internet Architecture
    •Internet service providers (ISPs) connect the networks of their customers to the Internet• Hierarchy of ISPs by size◦ Tier 1 – National ISPs ◦Tier 2 – Regional ISPs◦ Tier 3 – Local ISPs• Connections between ISPs◦ Historically, lower-tier ISPs purchased connections to higher-tier ISPs◦ Most interconnections between ISPs occurs at Internet exchange points (IXPs)
  • Internet Architecture – A Diagram
  • Internet Architecture – Costs 

    •ISPs are autonomous systems and share routing info using BGP•Service charges◦ Higher-tier ISPs charge lower-tier ISPs for data transfer◦ ISPs at the same tier typically do not charge each other◦ Called peering◦ One of the primary reasons for IXPs
  • The ISP Backbone
    •Larger backbone connections operating at OC-192 (10 Gbps) and experimenting with OC-768 (40 Gbps) and OC-3072 (160 Gbps)• Require faster backbone switches and routers• Internet peak traffic estimated to reach 1 Pbps by 2018
  • A Typical Internet Backbone of a Major ISP