Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Networking Brief Overview

3,937 views

Published on

Networking Brief Overview

  • Be the first to comment

Networking Brief Overview

  1. 1. Networking Brief Overview Kristof De Brouwer
  2. 2. Agenda <ul><li>OSI – Model </li></ul><ul><li>WAN </li></ul><ul><li>Convergence </li></ul><ul><li>Wireless </li></ul><ul><li>Q & A </li></ul>
  3. 3. OSI Model Overview
  4. 4. OSI model – definition <ul><li>Open System Interconnection </li></ul><ul><li>Conceptual/Reference model </li></ul><ul><li>7 layers </li></ul><ul><li>Simplify complex process </li></ul><ul><li>Describes communication between nodes </li></ul><ul><li>Nodes = computers, routers, switches,… </li></ul><ul><li>Simplifies Internetwork concept </li></ul>
  5. 5. OSI Model – Encapsulation
  6. 6. OSI Model – Physical Layer <ul><li>Defines functions </li></ul><ul><ul><li>Electrical </li></ul></ul><ul><ul><li>Mechanical </li></ul></ul><ul><ul><li>Procedural and functional </li></ul></ul><ul><li>Maintains physical link between nodes </li></ul><ul><li>Examples: </li></ul><ul><ul><li>10baseT, 100baseT,RJ45 </li></ul></ul><ul><ul><li>X.21,v.35 </li></ul></ul>
  7. 7. OSI Model – Data link Layer <ul><li>Provides reliable transit of data across physical link </li></ul><ul><li>2 sub-layers </li></ul><ul><ul><li>MAC (media access control): physical addressing </li></ul></ul><ul><ul><ul><li> MAC address </li></ul></ul></ul><ul><ul><ul><li>Example: 00-15-58-27-81-9E </li></ul></ul></ul><ul><ul><li>LLC (logical link control) : flow control </li></ul></ul><ul><li>Examples: </li></ul><ul><ul><li>HDLC, PPP, Ethernet </li></ul></ul>
  8. 8. OSI Model – Network Layer <ul><li>Provides end-to-end delivery of packets </li></ul><ul><li>Defines logical addressing </li></ul><ul><li>Defines how routing works </li></ul><ul><li>Mapping between physical address (MAC address) and logical address (Network address) : ARP </li></ul><ul><li>Examples: </li></ul><ul><ul><li>IP ; 144.254.0.1/24 </li></ul></ul>
  9. 9. OSI Model – Transport Layer <ul><li>Re-ordering and re-assembling </li></ul><ul><li>Examples </li></ul><ul><ul><li>TCP: provides error-correction </li></ul></ul><ul><ul><li>UDP: no error-correction </li></ul></ul><ul><ul><li>RTP: Re-ordering </li></ul></ul>
  10. 10. WAN Overview
  11. 11. WAN – Overview <ul><li>LAN = Local Area Network </li></ul><ul><li>LANs need to be connected to each other </li></ul><ul><li>WAN can overcome large distances between LANs </li></ul><ul><li>MAN can overcome smaller (metropolitan) distances between LANs </li></ul><ul><li>Types of WAN: Frame Relay, ATM, Leased Line, ISDN </li></ul>
  12. 12. WAN – Leased Line <ul><li>A leased line is a high-performance and permanently available Internet connection carrying voice, data and Internet traffic. A leased line is rented from telecommunications providers </li></ul><ul><li>Unlike dial-up connections, a leased line is always active </li></ul><ul><li>Leased lines deliver dedicated, guaranteed bandwidth and are supported by Service-Level Agreements (SLA) </li></ul><ul><li>Different types of leased lines are E1, T1, E3, T3 or Frame Relay. </li></ul><ul><li>Leased Lines are normally used by businesses: </li></ul><ul><ul><li>Who require high quality 24/7 access </li></ul></ul><ul><ul><li>Who are running mission critical applications, cannot afford downtime and require SLAs </li></ul></ul><ul><ul><li>With multiple offices that require connectivity </li></ul></ul><ul><li>Leased line is delivered on copper or fiber optic transmission network </li></ul>
  13. 13. WAN - MPLS <ul><li>MPLS stands for &quot;Multiprotocol Label Switching“. </li></ul><ul><li>In an MPLS network, incoming packets are assigned a label by a &quot;label edge router (LER)&quot;. Packets are forwarded along a &quot;label switch path (LSP)&quot; where each &quot;label switch router (LSR)&quot; makes forwarding decisions based solely on the contents of the label. At each hop, the LSR strips off the existing label and applies a new label which tells the next hop how to forward the packet. </li></ul><ul><li>A big advantage of MPLS is the ability to create end-to-end circuits, with specific performance characteristics, across any type of transport medium, eliminating the need for overlay networks or Layer 2 only control mechanisms. </li></ul>
  14. 14. Convergence Overview
  15. 15. Convergence <ul><li>Data, Voice and Video send over IP networks </li></ul><ul><li>Voice traffic inside goes over the corporate IP network (VoIP) </li></ul><ul><li>Not possible for calls outside corporate network </li></ul><ul><li>ISDN PRI is used for outside calls, and calls from outside towards corporate network (DID) </li></ul><ul><li>E1  one call possible / each channel </li></ul><ul><ul><li>  30 channels = 30 concurrent calls (incoming or outgoing) </li></ul></ul>
  16. 16. Convergence - Qos <ul><li>Guarantee “services” </li></ul><ul><li>Prioritize interesting (important) traffic </li></ul><ul><ul><li>Voice </li></ul></ul><ul><ul><li>Video </li></ul></ul><ul><ul><li>Data </li></ul></ul><ul><li>Prevent Congestion </li></ul><ul><li>Manage Congestion </li></ul><ul><li>Tools </li></ul><ul><ul><li>Classification & Marking </li></ul></ul><ul><ul><li>Congestion Management </li></ul></ul><ul><ul><li>Congestion Avoidance </li></ul></ul><ul><ul><li>Traffic Conditioning </li></ul></ul>
  17. 17. Convergence – QOS (2)
  18. 18. Convergence - VOIP <ul><li>More efficient use of bandwidth and equipment </li></ul><ul><li>Lower costs for telephony </li></ul><ul><li>Consolidated voice and data </li></ul><ul><li>Increased revenues from new services </li></ul><ul><li>Greater innovation in services </li></ul><ul><li>Access to new communication devices </li></ul><ul><li>Return on investment difficult to prove </li></ul><ul><li>Potential upgrade costs may override potential savings cost </li></ul>
  19. 19. Convergence – IPPhone <ul><li>Obtain power from switch </li></ul><ul><ul><li>Switch detects an unpowered phone and sends power down the Ethernet cable </li></ul></ul><ul><li>Load stored image </li></ul><ul><ul><li>Firmware stored in non-volatile flash </li></ul></ul><ul><ul><li>Initialising software and hardware </li></ul></ul><ul><li>Vlan </li></ul><ul><ul><li>Switch sends a CDP packet with vlan information </li></ul></ul><ul><li>Contact TFTP server </li></ul><ul><ul><li>Configuration files for the phone </li></ul></ul><ul><ul><li>Contains up to 3 CallManagers </li></ul></ul><ul><li>Register with CallManager </li></ul><ul><ul><li>TCP connection is made to register with the CallManager </li></ul></ul><ul><ul><li>Starting with highest CCM in the list </li></ul></ul><ul><ul><li>Phone gets load ID from CallManager (Upgrade if needed) </li></ul></ul>
  20. 20. Convergence – Callmanager <ul><li>Primary Functions </li></ul><ul><ul><li>Call processing: </li></ul></ul><ul><ul><ul><li>Route the call from source to destination </li></ul></ul></ul><ul><ul><li>Signalling and Device Control </li></ul></ul><ul><ul><ul><li>Set up all signalling connections between call endpoints </li></ul></ul></ul><ul><ul><ul><li>Direct devices (ip phones, gateways, …) to setup and tear down streaming connections </li></ul></ul></ul><ul><ul><li>Dial Plan administration </li></ul></ul><ul><ul><ul><li>Configure the list CCM uses to determine call routing </li></ul></ul></ul><ul><ul><li>Phone Features </li></ul></ul><ul><ul><ul><li>Hold, transfer, forward, conference, … </li></ul></ul></ul><ul><ul><ul><li>Speed dials, last-number redial, … </li></ul></ul></ul><ul><ul><li>Directory Services </li></ul></ul><ul><ul><ul><li>LDAP database </li></ul></ul></ul><ul><ul><ul><li>Authenticate and authorize users </li></ul></ul></ul>
  21. 21. Convergence – VOIP Protocols <ul><li>Skinny Client Control Protocol (SCCP) </li></ul><ul><ul><li>Communication between CallManager and IP phones </li></ul></ul><ul><ul><li>Call setup and teardown </li></ul></ul><ul><li>H.323 </li></ul><ul><ul><li>VoIP signalling and Call Control </li></ul></ul><ul><ul><ul><li>Signalling for Call Setup and teardown </li></ul></ul></ul><ul><ul><ul><li>Control function for: </li></ul></ul></ul><ul><ul><ul><ul><li>Opening and closing channels (that carry the media stream) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Negotiation of audio, video and codec's between the endpoints </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Determination of master / slave </li></ul></ul></ul></ul><ul><ul><li>Based on ISDN Q.931 </li></ul></ul><ul><li>RTP </li></ul><ul><ul><li>Real Time Protocol </li></ul></ul><ul><ul><li>Carries voice payload across IP network </li></ul></ul><ul><ul><li>Uses UDP </li></ul></ul><ul><li>RTCP </li></ul><ul><ul><li>Real Time Control Protocol </li></ul></ul><ul><ul><li>Provides statistics on the call </li></ul></ul><ul><ul><li>For every RTP stream, there’s an RTCP stream as well </li></ul></ul>
  22. 22. Convergence – VOIP on OSI Model Application Presentation Session Transport Network Data-link Physical Softphone, CallManager Applications Codec’s (G.711, G.729, …) RTP/UDP (Media), TCP/UDP (signalling) IP Ethernet, Point-to-Point protocol, HDLC, … H.323 / SIP / MGCP / SCCP …
  23. 23. Wireless Overview
  24. 24. Wireless - Mode <ul><li>Infrastructure Mode In Infrastructure Mode , clients communicate through an Access Point (AP). The AP is a point at which wireless clients can access the network. The AP attaches to the Ethernet wired backbone and controls traffic flow to and from the network. The remote devices do not communicate directly with eachother ... They communicate to the AP. </li></ul><ul><li>Ad-hoc Mode Ad-hoc Mode is used to establish a peer-to-peer network between two or more clients. There’s no need for a 3rd party to be involved. You can compare Ad-hoc to a cross-cable between two clients. </li></ul>
  25. 25. Wireless – Frequency & Modulation <ul><li>Frequencies Three bands are defined as unlicenced: - 900 Mhz - 2,4 Ghz - 5 Ghz Each range has different charactaristics. The lower frequencies exhibit better range, but with limited bandwidth and hence lower data rates. Higher frequencies have less range and subject to greater attenuation from solid objects. </li></ul>
  26. 26. Wireless – Frequency & Modulation (2) <ul><li>DSSS Direct Sequence Spread Spectrum. 14 channels (13 for europe) are defined in the Direct Sequence (DS) channel set. Each channel is 22 Mhz wide, and 5 Mhz apart from the next: In the DS channel system, only three non-overlapping (hence non-interfering) channels are possible (such as channels 1, 6 and 11). </li></ul>1 6 11 1 6 11 1 6 6 11 1 6 6 11 1 11 1
  27. 27. Wireless – Frequency & Modulation (3) <ul><li>OFDM Orthogonal Frequency Division Multiplexing. OFDM is a multi-carrier system, meaning one high-speed data stream is broken into a number of lower-speed data streams, which are then transmitted in parallel (simultaniously). Essentially, this allows sub- channels to overlap, providing a high spectral efficiency. This channel system supports twelve non-overlapping channels. </li></ul>4 3 2 1 9 10 11 12 5 6 8 7
  28. 28. Wireless – Authentication <ul><li>There’s two steps involved in connecting to a wireless AP. First the client station must be authenticated. If the authentication passes, the station can then be associated. Only when both these steps have completed, traffic can pass. </li></ul><ul><li>Shared Key Authentication Shared Key authentication is considered insecure:  only available in combination with WEP (Wired Equivalent Privacy) WEP uses a key known by both transmitter and receiver to encrypt and decrypt data signals.  AP sends random ASCII string to client. Client encrypts using WEP and sends encrypted data back to AP. AP verifies encrypted string. Both unencrypted & encrypted string can be intercepted, which makes it possible to reverse engineer the used WEP key!! </li></ul>
  29. 29. Wireless – Authentication (2) <ul><li>Open Authentication Open authentication is considered insecure:  no user verification  any device can authenticate  authentication traffic is sent in clear text Which is best, Open or Shared Key? Although still not concidered secure, Open Authentication in combination with WEP ends up being the better choice.The station will get authenticated and associated automatically, but it will still need the correct WEP key to encrypt/decrypt data. Since Open Authentication doesn’t send out data which makes reverse engineering of the key possible, unencrypted packets will just be discarded. </li></ul>
  30. 30. Wireless – Authentication (3) <ul><li>SSID Based Authentication Service Set Identifier (SSID) is a code attached to all packets on a wireless network to identify each packet as part of that network. All wireless devices attempting to communicate with each other must share the same SSID SSID’s can be broadcasted, for everyone to see, or can be ‘hidden’, so only client stations that know the exact SSID string are able to authenticate. Hiding the SSID is concidered an extremely weak form of wireless security. Although the average user may not be able to see a network, the SSID can still be seen using the appropriate tools. </li></ul>
  31. 31. Wireless – Authentication (3) <ul><li>MAC Address Authentication Permits AP’s to filter based on client MAC addresses, allowing only those clients that are in the “allow list” to be authenticated. A possible security risk using this type of authentication is “spoofing” or altering the client’s MAC address to still gain access to the network. </li></ul>
  32. 32. Wireless – Network Authentication <ul><li>Network Authentication All protocols used for network authentication (except WPA and Radius) are based on the Extensible Authentication Protocol (EAP). EAP is an authentication framework which provides common functions and mechanisms used in (amongst others) the following authentication methods: -LEAP Lightweight EAP (Developed by Cisco) Supports the use of dynamic WEP keys and mutual authentication (between client and Radius server). LEAP allows for clients to re- authenticate frequently, providing a new WEP key with each successful authentication. -PEAP Protected EAP Uses server-side public key certificates to authenticate clients by creating an encrypted tunnel between the client and the authentication server. </li></ul>
  33. 33. Wireless – Security <ul><li>- WEP Wired Equivalent Privacy Uses a security scheme that utilizes a combination of secret user keys and system-generated values.. These keys are used to encrypt and decrypt data. Both the client station and the AP need the same key to be able to communicate. The key can be either 40, 128 or 256 bits in length, but is fairly easy to “hack”. </li></ul><ul><li>- TKIP Temporary Key Integrity Protocol TKIP is used by WPA, and was developed to replace WEP. It makes use of a mechanism called “key mixing”, ensuring every data packet is sent with its own unique encryption key. This makes decoding the keys somewhat more complex. </li></ul>
  34. 34. Wireless – Network Authentication <ul><li>- EAP-FAST Flexible Authentication via Secure Tunneling (Developed by Cisco) Developed to replace LEAP. Like PEAP, EAP-FAST makes use of a secure tunnel. However, this tunnel is established using a pre-shared key. </li></ul><ul><li>- WPA Wi-Fi Protected Access Uses TKIP, which was developed to replace WEP and its weaknesses. Features two different modes of operation: Enterprise Mode: Makes use of the Radius architecture, authenticating to a dedicated Radius authentication server. Pre-Shared Key (PSK) mode: Makes use of a static key or “passphrase” known by both the client and the AP. </li></ul>
  35. 35. Wireless - Roaming <ul><li>Roaming occurs when a wireless client, currently associated to a certain AP moves out of that AP’s coverage area. In such case the client needs to associate to another AP that does have coverage for that area. The process of client association shifting between different AP’s is called roaming. </li></ul>
  36. 36. Wireless – Next Generation <ul><li>Current Situation: AP’s are “intelligent”. They process 802.11 frames They have limited QoS (Quality of Service) functionalities They have certain security features ....  requires processing power and memory  requires “complex” configuration of the AP’s </li></ul><ul><li>New (NextGen) Situation: “Centralized WLAN”, which is based on a controller architecture. The central controller will take over the intelligent functions. Lightweight Access Point Protocol (LWAPP) is used to handle authentication and encryption between the AP’s and the controller.  processing & memory intensive tasks shift to controller  requires much less configuration on the AP’s  significantly eases management </li></ul>

×