COS 338 Day 12

2 DAY 12 Agenda Capstone Proposal Overdue 3 accepted, 2 in mediation, 1 MIA Assignment 4 Due Lab 4 is Today & Oct 24 (After exam) OpNet lab 3 – Evaluating WAN Performance Due Oct 27 Lab 5 is on Oct 27 OpNet Lab 4 – Large WAN Exam 2 is on Oct 24 Chap 4-7, open book, open notes, 60 min, 25 M/C questions Today is Lecture on WAN’s (con’t)

3 Frame Relay Design, Continued Example The Situation Headquarters and two branch offices. Branches communicate with HQ at 150 kbps Branches communicate with each other at 75 kbps HQ B1 B2

4 Frame Relay Design, Continued Example For HQ How many connections will HQ need? What are their speeds? What will be their PVC speeds (if options are 0 kbps, 56 kbps, 256 kbps, 384 kbps, 512 kbps,768 kbps, 1 Mbps)? HQ

5 Frame Relay Design, Continued Example For HQ If port speeds are 56 kbps, 256 kbps, 384 kbps, 512 kbps, what port speed will be needed? What private line will be needed if speeds are 56 kbps, 256 kbps, 384 kbps, 512 kbps, 768 kbps or T1? HQ

6 Frame Relay Design, Continued Example For Each Branch How many links will the branch need? What are their speeds? What will be their PVC speeds (0 kbps, 56 kbps, 256 kbps, 512 kbps, or 1 Mbps)? B1

7 Frame Relay Design, Continued Example For Each Branch If port speeds are 56 kbps, 256 kbps, 384 kbps, or 512 kbps, what port speed will be needed? What private line will be needed if speeds are 56 kbps, 256 kbps, 512 kbps, or T1? B1

Site-to-Site Networking: Asynchronous Transfer Mode (ATM)

9 Asynchronous Transfer Mode (ATM) ATM is a faster PSDN than Frame Relay Frame Relay: 56 kbps up to about 40 Mbps ATM: 1 Mbps up to about 156 Mbps Not Competitors. Most PSDN Vendors Offer Both to Customers FR for low-speed customer needs ATM for higher speeds (at higher prices) As corporate demand grows, ATM may increase its market share

10 ATM Cell Fixed Length (53 octets) Frame Allows Simpler and Therefore Faster Processing at Switches For instance, switch does not have to do calculations to figure out how much buffer space it will need for a cell, as is the case with Frame Relay’s variable-size frame. 53 Octets 5 octets of header 48 octets of payload (data) Fixed length frames are called cells

11 ATM Cell, Continued Short Cell Length Limits Latency at Each Switch Switches may have to wait until the entire frame arrives before processing it and sending it back out. With shorter frames, there is less latency at each switch along the path Important in continent-wide WANs that require cells to pass through many switches Especially important for voice, which is highly latency-intolerant (ATM was created for digitized voice)

12 ATM QoS Quality of Service ATM provides strong QoS guarantees for voice traffic (latency, jitter, etc.) However, ATM usually offers few or no QoS guarantees for data traffic—get what is left over after capacity reserved for voice QoS

13 ATM QoS, Continued Manageability Strong management tools (designed for the PSTN transport core) So it is very expensive for small and medium firms

Site-to-Site Networking: Metropolitan Area Ethernet Ethernet is moving into metropolitan area networks

15 Metropolitan Area Ethernet Ethernet is moving beyond the LAN Moving into the metropolitan area network (within a single urban area) New standards (10 Gbps and 40 Gbps) being developed primarily for long distances of 10 km or more E-Line service: to connect LANs at two sites E-LAN service: to connect LANs at multiple sites

16 Metropolitan Area Ethernet, Continued Cheaper than ATM for high speeds Familiar technology so easy to manage Still lacks standards for carrier-class service New but growing rapidly compared to Frame Relay and ATM

Site-to-Site Networking: Virtual Private Networks (VPNs) VPNs: Transmission over the Internet with added security

18 Virtual Private Network (VPN) Issues Virtual Private Network (VPN) Transmission over the Internet with added security Some analysts include transmission over a PSDN with added security Why VPNs? Lower transmission cost per bit transmitted than PSDNs Adequate security

19 Figure 7-16: Virtual Private Network (VPN) VPN Server Corporate Site A VPN Server Corporate Site B 3. Host-to-Host VPN Remote Corporate PC Tunnel Internet 2. Remote Access VPN 1. Site-to-Site VPN

20 VPN Technologies SSL/TLS Limited to remote access VPNs SSL (Secure Sockets Layer) was its original name IETF changed it to Transport Layer Security Created to protect HTTP traffic in e-commerce Built into every browser and webserver, so easy to implement Good if all traffic over the VPN will be HTTP Beginning to handle other applications (not in book) Moderate security

21 VPN Technologies, Continued Point-to-Point Tunneling Protocol (PPTP) For remote access VPNs Operates at the data link layer Transparently provides security to all messages at higher layers Software exists on all client PCs, but individual PCs must be configured to work with PPTP, and this is somewhat expensive Good for remote access when not all traffic is HTTP SSL/TLS has pushed PPTP almost entirely aside in the marketplace (New: Since book was written)

22 VPN Technologies, Continued IPsec For all types of VPN (remote access, site-to-site, host-to-host) Operates at the Internet layer Transparently protects traffic at all higher layers Very strong security Requires digital certificates for all computers Creating an infrastructure for certificates is expensive Installation and setup on individual client PCs is expensive

23 IPsec in Tunnel Mode Security Only Between Sites Hosts Need No Extra Software Only IPsec Gateways need Digital Certificates Easier to Set Up than Transport Mode Secure Tunnel Mode IPsec IPsec Gateway IPsec Gateway Local Network Local Network No Security In Site Network No Security In Site Network

24 IPsec in Transport Mode End-to-End (Host-to-Host) Tunnel Each Host Needs IPsec Software And Digital Certificate Secure Tunnel Transport Mode IPsec IPsec Gateway IPsec Gateway Local Network Local Network Security In Site Network Security In Site Network

Topics Covered

26 Topics Covered Technologies for Individual Internet Access Telephone modems DSL lines Cable modems Wireless Internet access Site-to-Site Transmission within a Firm Private line networks Public switched data networks (PSDNs) Virtual Private Networks Propagation over the Internet with added security

27 Market Data Individual Internet Access About two-thirds telephone modem access About one-third broadband (DSL and cable modem) Half broadband in large cities Site-to-Site Networking Frame Relay: about 45% of the market Private lines: about 45% of the market VPNs: very small but growing rapidly

28 Key Points WANs speeds are slow because long-distance transmission is costly Most WAN links are 56 kbps to a few megabits per second DSLs use the existing 1-pair UTP wiring that runs to residences and small businesses Limited transmission capability, but no cost to run new wiring

29 Key Points The most widely used private lines are Fractional T1 and T1 Because in the range of greatest corporate demand for WAN links PSDNs have one private line running from each site to the PSDN cloud Virtual circuits reduce cost No need to compute the best alternative path for each frame separately

30 Key Points Frame Relay Pricing Multiple PVCs (one to each other site) are multiplexed over a site’s single private line and single POP port. Port speed charges are the biggest price factor in Frame Relay pricing PVC charges are the second biggest price factor

31 Key Points Virtual private networks (VPNs) Communication over the Internet with added security Why? Cheaper than other WAN alternatives Moderate security for remote access VPNs SSL: simplest but limited to HTTP PPTP: protects all traffic above the data link layer IPsec has the strongest VPN security But costly to set up because of digital certificates