PRESENTACION FINAL Nicaragua

2,344 views

Published on

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,344
On SlideShare
0
From Embeds
0
Number of Embeds
61
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Provides reliable transit of data across physical link2 sub-layersMAC (media access control): physical addressing MAC addressExample: 00-15-58-27-81-9LLC (logical link control) : flow controlData link protocol defines a linkExamples:HDLC, PPP, EthernetProvides reliable transit of data across physical link2 sub-layersMAC (media access control): physical addressing MAC addressExample: 00-15-58-27-81-9LLC (logical link control) : flow controlData link protocol defines a linkExamples:HDLC, PPP, EthernetProvides end-to-end delivery of packetsDefines logical addressingDefines how routing worksMapping between physical address (MAC address) and logical address (Network address) : ARPExamples:IP ; 144.254.0.1/24Explained further in Routing session
  • PRESENTACION FINAL Nicaragua

    1. 1. Networking Brief Overview Kristof De Brouwer © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
    2. 2. Agenda  OSI – Model  WAN  Convergence  Wireless  Q&A © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
    3. 3. OSI Model Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
    4. 4. OSI model – definition  Open System Interconnection  Conceptual/Reference model  7 layers  Simplify complex process  Describes communication between nodes  Nodes = computers, routers, switches,…  Simplifies Internetwork concept © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
    5. 5. OSI Model – Encapsulation © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
    6. 6. OSI Model – Physical Layer  Defines functions –Electrical –Mechanical –Procedural and functional  Maintains physical link between nodes  Examples: –10baseT, 100baseT,RJ45 –X.21,v.35 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
    7. 7. OSI Model – Data link Layer  Provides reliable transit of data across physical link  2 sub-layers –MAC (media access control): physical addressing  MAC address Example: 00-15-58-27-81-9E –LLC (logical link control) : flow control  Examples: –HDLC, PPP, Ethernet © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
    8. 8. OSI Model – Network Layer  Provides end-to-end delivery of packets  Defines logical addressing  Defines how routing works  Mapping between physical address (MAC address) and logical address (Network address) : ARP  Examples: –IP ; 144.254.0.1/24 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
    9. 9. OSI Model – Transport Layer  Re-ordering and re-assembling  Examples –TCP: provides error-correction –UDP: no error-correction –RTP: Re-ordering © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
    10. 10. WAN Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
    11. 11. WAN – Overview  LAN = Local Area Network  LANs need to be connected to each other  WAN can overcome large distances between LANs  MAN can overcome smaller (metropolitan) distances between LANs  Types of WAN: Frame Relay, ATM, Leased Line, ISDN © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
    12. 12. WAN – Leased Line  A leased line is a high-performance and permanently available Internet connection carrying voice, data and Internet traffic. A leased line is rented from telecommunications providers  Unlike dial-up connections, a leased line is always active  Leased lines deliver dedicated, guaranteed bandwidth and are supported by Service-Level Agreements (SLA)  Different types of leased lines are E1, T1, E3, T3 or Frame Relay.  Leased Lines are normally used by businesses: –Who require high quality 24/7 access –Who are running mission critical applications, cannot afford downtime and require SLAs –With multiple offices that require connectivity  Leased line is delivered on copper or fiber optic transmission network © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
    13. 13. WAN - MPLS  MPLS stands for quot;Multiprotocol Label Switching“.  In an MPLS network, incoming packets are assigned a label by a quot;label edge router (LER)quot;. Packets are forwarded along a quot;label switch path (LSP)quot; where each quot;label switch router (LSR)quot; makes forwarding decisions based solely on the contents of the label. At each hop, the LSR strips off the existing label and applies a new label which tells the next hop how to forward the packet.  A big advantage of MPLS is the ability to create end-to-end circuits, with specific performance characteristics, across any type of transport medium, eliminating the need for overlay networks or Layer 2 only control mechanisms. © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
    14. 14. Convergence Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
    15. 15. Convergence  Data, Voice and Video send over IP networks  Voice traffic inside goes over the corporate IP network (VoIP)  Not possible for calls outside corporate network  ISDN PRI is used for outside calls, and calls from outside towards corporate network (DID)  E1  one call possible / each channel  30 channels = 30 concurrent calls (incoming or outgoing) © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
    16. 16. Convergence - Qos  Guarantee “services”  Prioritize interesting (important) traffic –Voice –Video –Data  Prevent Congestion  Manage Congestion  Tools –Classification & Marking –Congestion Management –Congestion Avoidance –Traffic Conditioning © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
    17. 17. Convergence – QOS (2) Classification Congestion Congestion and Management Avoidance Traffic Link- Marking Conditioning Efficiency Management Identify Discard Fragment and/or specific Prioritize, and Mark packets to Control Protect and compress Traffic. avoid bursts and Isolate for WAN congestion conform Traffic, based efficiency traffic on Markings © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
    18. 18. Convergence - VOIP + More efficient use of bandwidth and equipment + Lower costs for telephony + Consolidated voice and data + Increased revenues from new services + Greater innovation in services + Access to new communication devices - Return on investment difficult to prove - Potential upgrade costs may override potential savings cost © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
    19. 19. Convergence – IPPhone  Obtain power from switch –Switch detects an unpowered phone and sends power down the Ethernet cable  Load stored image –Firmware stored in non-volatile flash –Initialising software and hardware  Vlan –Switch sends a CDP packet with vlan information  Contact TFTP server –Configuration files for the phone –Contains up to 3 CallManagers  Register with CallManager –TCP connection is made to register with the CallManager –Starting with highest CCM in the list –Phone gets load ID from CallManager (Upgrade if needed) © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
    20. 20. Convergence – Callmanager  Primary Functions –Call processing: Route the call from source to destination –Signalling and Device Control Set up all signalling connections between call endpoints Direct devices (ip phones, gateways, …) to setup and tear down streaming connections –Dial Plan administration Configure the list CCM uses to determine call routing –Phone Features Hold, transfer, forward, conference, … Speed dials, last-number redial, … –Directory Services LDAP database Authenticate and authorize users © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
    21. 21. Convergence – VOIP Protocols  Skinny Client Control Protocol (SCCP) –Communication between CallManager and IP phones –Call setup and teardown  H.323 –VoIP signalling and Call Control Signalling for Call Setup and teardown Control function for: Opening and closing channels (that carry the media stream) Negotiation of audio, video and codec's between the endpoints Determination of master / slave –Based on ISDN Q.931  RTP –Real Time Protocol –Carries voice payload across IP network –Uses UDP  RTCP –Real Time Control Protocol –Provides statistics on the call –For every RTP stream, there’s an RTCP stream as well © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
    22. 22. Convergence – VOIP on OSI Model Application Softphone, CallManager Applications Presentation Codec’s (G.711, G.729, …) Session H.323 / SIP / MGCP / SCCP Transport RTP/UDP (Media), TCP/UDP (signalling) Network IP Data-link Ethernet, Point-to-Point protocol, HDLC, … Physical … © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
    23. 23. Wireless Overview © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
    24. 24. Wireless - Mode  Infrastructure Mode In Infrastructure Mode, clients communicate through an Access Point (AP). The AP is a point at which wireless clients can access the network. The AP attaches to the Ethernet wired backbone and controls traffic flow to and from the network. The remote devices do not communicate directly with eachother ... They communicate to the AP.  Ad-hoc Mode Ad-hoc Mode is used to establish a peer-to-peer network between two or more clients. There’s no need for a 3rd party to be involved. You can compare Ad-hoc to a cross-cable between two clients. © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
    25. 25. Wireless – Frequency & Modulation  Frequencies Three bands are defined as unlicenced: - 900 Mhz - 2,4 Ghz - 5 Ghz 1 Mbps 2 Mbps 5,5 Mbps Each range has different charactaristics. 11 Mbps The lower frequencies exhibit better range, but with limited bandwidth and hence lower data rates. Higher frequencies have less range and subject to greater attenuation from solid objects. © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
    26. 26. Wireless – Frequency & Modulation (2)  DSSS Direct Sequence Spread Spectrum. 14 channels (13 for europe) are defined in the Direct Sequence (DS) channel set. Each channel is 22 Mhz wide, and 5 Mhz apart from the next: In the DS channel system, only three non-overlapping (hence non-interfering) channels are possible (such as channels 1, 6 and 11). 6 1 11 6 1 11 11 6 6 1 111 6 1 11 6 1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
    27. 27. Wireless – Frequency & Modulation (3)  OFDM Orthogonal Frequency Division Multiplexing. OFDM is a multi-carrier system, meaning one high-speed data stream is broken into a number of lower-speed data streams, which are then transmitted in parallel (simultaniously). Essentially, this allows sub- channels to overlap, providing a high spectral efficiency. This channel system supports twelve non-overlapping channels. 10 5 4 1 11 9 6 3 12 8 7 2 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
    28. 28. Wireless – Authentication There’s two steps involved in connecting to a wireless AP. First the client station must be authenticated. If the authentication passes, the station can then be associated. Only when both these steps have completed, traffic can pass.  Shared Key Authentication Shared Key authentication is considered insecure:  only available in combination with WEP (Wired Equivalent Privacy) WEP uses a key known by both transmitter and receiver to encrypt and decrypt data signals.  AP sends random ASCII string to client. Client encrypts using WEP and sends encrypted data back to AP. AP verifies encrypted string. Both unencrypted & encrypted string can be intercepted, which makes it possible to reverse engineer the used WEP key!! © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
    29. 29. Wireless – Authentication (2)  Open Authentication Open authentication is considered insecure:  no user verification  any device can authenticate  authentication traffic is sent in clear text Which is best, Open or Shared Key? Although still not concidered secure, Open Authentication in combination with WEP ends up being the better choice.The station will get authenticated and associated automatically, but it will still need the correct WEP key to encrypt/decrypt data. Since Open Authentication doesn’t send out data which makes reverse engineering of the key possible, unencrypted packets will just be discarded. © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
    30. 30. Wireless – Authentication (3)  SSID Based Authentication Service Set Identifier (SSID) is a code attached to all packets on a wireless network to identify each packet as part of that network. All wireless devices attempting to communicate with each other must share the same SSID SSID’s can be broadcasted, for everyone to see, or can be ‘hidden’, so only client stations that know the exact SSID string are able to authenticate. Hiding the SSID is concidered an extremely weak form of wireless security. Although the average user may not be able to see a network, the SSID can still be seen using the appropriate tools. © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
    31. 31. Wireless – Authentication (3)  MAC Address Authentication Permits AP’s to filter based on client MAC addresses, allowing only those clients that are in the “allow list” to be authenticated. A possible security risk using this type of authentication is “spoofing” or altering the client’s MAC address to still gain access to the network. © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
    32. 32. Wireless – Network Authentication  Network Authentication All protocols used for network authentication (except WPA and Radius) are based on the Extensible Authentication Protocol (EAP). EAP is an authentication framework which provides common functions and mechanisms used in (amongst others) the following authentication methods: -LEAP Lightweight EAP (Developed by Cisco) Supports the use of dynamic WEP keys and mutual authentication (between client and Radius server). LEAP allows for clients to re- authenticate frequently, providing a new WEP key with each successful authentication. -PEAP Protected EAP Uses server-side public key certificates to authenticate clients by creating an encrypted tunnel between the client and the authentication server. © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
    33. 33. Wireless – Security - WEP Wired Equivalent Privacy Uses a security scheme that utilizes a combination of secret user keys and system-generated values.. These keys are used to encrypt and decrypt data. Both the client station and the AP need the same key to be able to communicate. The key can be either 40, 128 or 256 bits in length, but is fairly easy to “hack”. - TKIP Temporary Key Integrity Protocol TKIP is used by WPA, and was developed to replace WEP. It makes use of a mechanism called “key mixing”, ensuring every data packet is sent with its own unique encryption key. This makes decoding the keys somewhat more complex. © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
    34. 34. Wireless – Network Authentication - EAP-FAST Flexible Authentication via Secure Tunneling (Developed by Cisco) Developed to replace LEAP. Like PEAP, EAP-FAST makes use of a secure tunnel. However, this tunnel is established using a pre-shared key. - WPA Wi-Fi Protected Access Uses TKIP, which was developed to replace WEP and its weaknesses. Features two different modes of operation: Enterprise Mode: Makes use of the Radius architecture, authenticating to a dedicated Radius authentication server. Pre-Shared Key (PSK) mode: Makes use of a static key or “passphrase” known by both the client and the AP. © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
    35. 35. Wireless - Roaming  Roaming occurs when a wireless client, currently associated to a certain AP moves out of that AP’s coverage area. In such case the client needs to associate to another AP that does have coverage for that area. The process of client association shifting between different AP’s is called roaming. © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
    36. 36. Wireless – Next Generation  Current Situation: AP’s are “intelligent”. They process 802.11 frames They have limited QoS (Quality of Service) functionalities They have certain security features ....  requires processing power and memory  requires “complex” configuration of the AP’s  New (NextGen) Situation: “Centralized WLAN”, which is based on a controller architecture. The central controller will take over the intelligent functions. Lightweight Access Point Protocol (LWAPP) is used to handle authentication and encryption between the AP’s and the controller.  processing & memory intensive tasks shift to controller  requires much less configuration on the AP’s  significantly eases management © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36

    ×