Wan networks
Upcoming SlideShare
Loading in...5
×
 

Wan networks

on

  • 726 views

WAN Networking Lectures for professordkinney.com

WAN Networking Lectures for professordkinney.com

Statistics

Views

Total Views
726
Views on SlideShare
415
Embed Views
311

Actions

Likes
0
Downloads
17
Comments
0

1 Embed 311

http://professordkinney.com 311

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Graphic 1.2.1.1 Only physical & data link is changed ATM – asynchronous transfer mode HDLC – high level data link control – used instead of clock in RT to RT comm before
  • Graphic 1.2.2.1 If space permits add graphics 1.2.2.2 & 1.2.2.3 (if forced to make a choice between the 2 graphic pick 1.2.2.2) PSTN devices – multiplexer (time division and frequency division multiplexing) used in switches
  • Graphic 1.2.3.1 Ppp- rt to rt
  • Graphic 1.2.4.1 Circuit-switching for telephone Packet-switching for computers (SMS and email) We can ’t use packet-switching for telephone calls because it divides packets We can use circuit-switching for transmitting packets Alternative graphic can be found at the following URL (not necessary to use – just a thought): http://www.cisco.com/image/jpg/en/us/guest/products/ps6438/c1244/cdccont_0900aecd802c2010_0900aecd802c2010-08.jpg graphic 1.2.4.2 Delays (latency) and variability of delay (jitter) are greater in packet-switched than in circuit-switched networks. This is because the links are shared, and packets must be entirely received at one switch before moving to the next.
  • Graphic 1.3.1.1
  • Graphic 1.3.2.1 Broadband has modulation for transmission to diff. channels Leased line uses dedicated line Telephone lines use analog communication
  • Graphics 1.3.3.1 & 1.3.3.2
  • Graphic 1.3.4.1
  • The objective stated above does not make sense to me. Reword the above objective as follows: List factors to consider when selecting a WAN connection Graphic 1.3.5.4

Wan networks Wan networks Presentation Transcript

  • www.professordkinney.com 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group
  • Wide-Area Networks 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group
  • Lessons Summary: Understanding WAN Technologies Configuring Serial Encapsulation Introducing VPN Solutions  Configuring GRE Tunnels 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Understanding WAN Technologies WAN’s – The need Sharing of data Organization to organization Remote users Over large distance LAN – Falls short Company Growth Wide-Area Networks
  • WAN functions in terms of the OSI Reference Model The physical layer (OSI Layer 1) protocols describe how to provide electrical, mechanical, operational, and functional connections to the services of a communications service provider. The data link layer (OSI Layer 2) protocols define how data is encapsulated for transmission toward a remote location and the mechanisms for transferring the resulting frames. A variety of different technologies are used, such as Frame Relay and ATM. Some of these protocols use the same basic framing mechanism, High-Level Data Link Control (HDLC), an ISO standard, or one of its subsets or variants. Wide-Area Networks
  • WAN physical layer concepts for network and Internet communications Wide-Area Networks
  • •WAN physical-layer protocols describe how to provide electrical, mechanical, operational, and functional connections for WAN services. • The WAN physical layer also describes the interface between the DTE and the DCE. Wide-Area Networks
  • WAN data link layer protocols used in today’s Enterprise WAN networks Data link layer protocols define how data is encapsulated for transmission to remote sites and the mechanisms for transferring the resulting frames. ATM uses small fixed-size cells of 53 bytes (48 bytes for data), Wide-Area Networks
  • Switching technologies used for WANs in an Enterprise setting A circuit-switched network is one that establishes a dedicated circuit (or channel) between nodes and terminals before the users may communicate. PSTN and ISDN are two types of circuit- switching technology that may be used to implement a WAN in an enterprise setting. Packet switching splits traffic data into packets that are routed over a shared network. Packet- switching networks do not require a circuit to be established, and they allow many pairs of nodes to communicate over the same channel. Packets are divided and sent through available connections. There are two approaches to this link determination, connectionless or connection- oriented. Wide-Area Networks
  • List the various options for connecting subscribers to the WAN Wide-Area Networks
  • Enterprises use leased line services to provide a WAN connection Point-to-point lines are usually leased from a carrier and are called leased lines. Wide-Area Networks
  • Circuit switching options available to provide a WAN connection Wide-Area Networks
  • Packet switching options available to provide a WAN connection Wide-Area Networks
  • List factors to consider when selecting a WAN connection Wide-Area Networks
  • Configuring Serial Encapsulation Circuit Switching 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Public Switched Telephone Network 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • PSTN Considerations Advantages  Simplicity  Availability  Cost Disadvantages  Low data rates  Relatively long connection setup time Leased Line 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks Leased Line
  • Configuring a Serial Interface Enter global configuration mode- RouterX#configure terminal RouterX(config)# Specify interface- RouterX(config)#interface serial 0/0/0 RouterX(config-if)# Set clock rate (on DCE interfaces only)- RouterX(config-if)#clock rate 64000 RouterX(config-if)# Set bandwidth (recommended)- RouterX(config-if)#bandwidth 64 RouterX(config-if)#exit RouterX(config)#exit RouterX# 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Point-to-Point Considerations Advantages  Simplicity  Quality  Availability Disadvantages  Cost  Limited flexibility 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks PPP Configuration Example
  • HDLC and Cisco HDLC 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Configuring HDLC Encapsulation RouterX(config-if)# encapsulation hdlc  Enables Cisco HDLC encapsulation  Uses the default encapsulation on synchronous serial interfaces . Enable PPP Encapsulation and Configuring Authentication RouterX(config-if)# encapsulation ppp Enables PPP encapsulation RouterX(config)# hostname name Assigns a hostname to your router RouterX(config)# username name password password Identifies the username and password of remote router RouterX(config-if)# ppp authentication {chap | chap pap | pap chap | pap} Enables PAP or CHAP authentication 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • PPP and CHAP Configuration Example 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Verifying a Serial Interface Configuration RouterX# show interface s0/0/0 Serial0/0/0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up rial Interface Configuration 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Verifying the HDLC and PPP Encapsulation Configuration RouterX# show interface s0/0/0 Serial0/0/0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Verifying PPP Authentication 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Introducing VPN Solutions An academic definition of a VPN is “connectivity deployed on a shared infrastructure with the same policies and performance as a private network, with lower total cost of ownership.” 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks Benefits Of VPN
  • VPNs offer flexiblity as site-to-site and remote-access connections can be set up quickly and over existing infrastructure. A variety of security policies can be provisioned in a VPN, enabling flexible interconnection of different security domains. VPNs also offer scalability over large areas, as IP transport is universally available. This in turn reduces the number of physical connections and simplifies the underlying structure of a customer WAN. Lower cost is one of the main reasons for migrating from traditional connectivity options to a VPN connection, as customers may reuse existing links and take advantage of statistical packet multiplexing features of IP networks, used as a VPN transport. The Cisco hardware and Cisco IOS software provide a full set of VPN tools, not only for just VPNs but for security, management, and all related needs. The Cisco remote access line of routers is compatible with the Cisco Secure VPN Client PC client software. The slide lists some of the IPSec capabilities one would expect (and find) in such a client. Some of these will be covered in more detail in the next module on IPSec-based VPNs. With client IPSec encryption, a public Internet connection can be used as part of a virtual private dial-up network (VPDN) solution. 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • VPNs come in a number of flavors. VPNs are designed based on one of two architectural options—client-initiated or network access server (NAS)-initiated VPNs. Client-initiated VPNs—Users establish a tunnel across the Internet service provider (ISP) shared network to the customer network. The customer manages the client software that initiates the tunnel. The main advantage of client-initiated VPNs is that they secure the connection between the client and ISP. However, client-initiated VPNs are not as scalable and are more complex than NAS-initiated VPNs. NAS-initiated VPNs—Users dial in to the ISP NAS, which establishes a tunnel to the private network. Network access server (NAS)-initiated VPNs are more robust than client- initiated VPNs and do not require the client to maintain the tunnel-creating software. NAS-initiated VPNs do not encrypt the connection between the client and the ISP, but this is not a concern for most customers because the Public Switched Telephone Network (PSTN) is much more secure than the Internet. VPNs can also run from a remote client PC or remote office router across the Internet or an IP service provider network to one or more corporate gateway routers. VPNs between a company’s offices are a company intranet. VPNs to external business partners are extranets. 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Voluntary tunnels are those initiated by the client PC. Voluntary tunnels are where the client voluntarily starts up the tunnel. Compulsory tunnels take service provider participation and awareness. Compulsory tunnels leave the client no choice. The slide shows some of the features of (remote) access VPNs. They can be used with whatever access is available, and ubiquity is important. This means they should work with modem, Integrated Service Digital Network (ISDN), xDSL, or cable. They provide potential operations and infrastructure cost savings because a company can outsource its dial plant, getting out of the remote access server business. It is best if VPDN and access VPN connectivity involves only a single ISP. With more than one ISP involved, no service level agreements are possible. 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • An extranet is where you also use the Internet or one or two SPs to connect to business partners. Security policy becomes very important at this point, because you would hate for a hacker to spoof an order for 1 million widgets from a business partner. 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Intranet VPNs extend the basic remote access VPN to other corporate offices with connectivity across the Internet or across the SP IP backbone. Service levels are likely to be maintained and enforced within a single SP. With VPNs across the Internet, there are no performance guarantees—no one is in charge of the Internet. The main attractions of intranet VPNs are reduced WAN infrastructure needs,lower ongoing leased line or Frame Relay charges, and operational savings. Security on shared media (the Internet or SP backbone) is important too. 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Tunneling Types Most VPNs are really tunnels, whereby Point-to-Point Protocol (PPP) frames or IP packets are tunneled inside some other protocol. Microsoft Point-to-Point Tunneling Protocol (PPTP) (see the Layer 2 module) is a Layer 2 technique, where IP is used to encapsulate and transport PPP and IP packets to a corporate gateway or server. Cisco Layer 2 Forwarding (L2F) and Layer 2 Tunneling Protocol (L2TP) are also Layer 2 techniques. They simulate PPP connectivity directly from a client PC to a corporate gateway router or server. Multiprotocol Label Switching (MPLS) (see the module), generic routing encapsulation (GRE), and IPSec are, however, Layer 3 tunnels, where Layer 3 information is transported directly inside another Layer 3 header across the intervening SP network. The terms Layer 2 and Layer 3 may be imprecise when applied to VPNs. Some people consider Frame Relay and ATM to be Layer 2 VPNs. Others consider that to be an out-of date usage of the term “VPN.” 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • The protocols used to transport Layer 2 frames and Layer-3 packets are:  L2TP —Layer 2 Tunneling Protocol  GRE – Generic Route Encapsulation  PPTP – Point-to-Point Tunneling Protocol  IPsec – IP security protocols  MPLS – Multi Protocol Label Switching Configuring GRE Tunnels The Generic Route Encapsulation (GRE) is a standardized Layer-3 carrier encapsulation, designed for generic tunneling of protocols. GRE is described in RFC 1701, and RFC 1702 defines how GRE uses IP as the transport protocol (GRE IP). In Cisco IOS, GRE tunneling is used to tunnel multiple protocols (IPX, DECnet, AppleTalk, and others) over an IP network. Also, GRE IP can tunnel IP over IP, which is useful when building small-scale IP VPN network, which do not require substantial security. GRE has no built-in security mechanisms built, but can be secured by additional mechanisms, such as IPsec traffic protection, of the Cisco Encryption Technology protection. 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • The GRE protocol is an IP protocol with the protocol number of 47. The GRE header is of variable length, and at the minimum defines the passenger protocol carried in a GRE packet. The header is from 4 to 20 bytes long, depending on the GRE options (such as optional sequencing) used within each packet. 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • The benefits of GRE IP tunneling are  GRE enables simple and flexible deployment of basic IP VPNs.  In Cisco IOS, GRE IP can tunnel almost any Layer-3 protocol. GRE IP tunneling also has some drawbacks  Provisioning of tunnels is not very scalable in a full-mesh network (every pointto-  point association has to be defined separately; the Next-Hop Routing Protocol (NHRP) can be used to achieve some configuration scalability, and point-to-multipoint tunnels can be used as a remedy in strictly hub-and-spoke networks).  Packet payload is not protected against snooping and unauthorized changes, and there is no authentication of sender. IPsec provides all those functions, and can be combined with GRE IP. 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks GRE Configuration Example Within the tunnel interface, the tunnel source and tunnel destination commands configure the tunnel endpoints. The tunnel source must be a local routers interface address, such as, for example, a loopback address. The other peer’s tunnel source and destination must exactly mirror the local peer’s configuration, that is, the tunnel must be defined between the same IP addresses in both peers’ configuration. The tunnel mode gre ip command specifies that GRE should be used as the tunnel carrier encapsulation
  • Configuring Multiprotocol GRE Example The figure shows the configurations of two routers configured for GRE tunneling. Note the symmetric configuration of tunnel source and destination. IP and IPX are enabled over the tunnel link, and OSPF provides routing over the tunnel, treating it like a point-to- point link. 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • GRE Monitoring and Troubleshooting The show ip interface brief command can be used to quickly determine the status of the tunnel interface. The show interface command shows the configured tunnel parameters and the interface traffic statistics. 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks
  • Lessoned Learned: WAN technologies. VPN types. GRE encapsulation 08/26/13 Instructional Design-Computer Networking - Bridges Educational Group Wide-Area Networks