5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1
5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business: mostly always-on connections Plus: academic networks (part of the Internet) Structure Large ISPs have their own world-wide backbone networks (leased lines interconnecting routers) Smaller ISPs have peering agreements with large ISPs to transport wide area traffic Most traffic to or from outside networks Efforts (e.g. Portals) to keep more traffic within own network 2
5.2The Intranet Internal IP networks (e.g. of a company) Full internal IP connectivity Often with internal DNS name space, DNS servers etc Often interconnecting multiple sites in the world External connectivity to Internet Via NAT, application proxies, firewalls, gateways often with private address range (e.g. 10.0.0.00 0 0 network) Or duplicate of a valid Internet address range (connectivity problems!) Problems with company mergers! Internal services Usually not exported to external world Exported services with access limitation Extranets 3
Extranet Different from Intranet Some resources may be accessed by specific groups of users outside the organization under the control of the network administrator. Example: on line ordering, distance learning. 4
Address for private network Three choices available Network apply for the set of address from the Internet authority (fixed IP) Use any set of address without registering (E.g., Dynamic IP, DHCP). This is ok because the network is isolated. Used the reserved addresses. 5
Reserved addresses 2 24 10.0.0.0 to 10.255.255.255 2 20 172.16.0.0 to 172.31.255.255 2 16 192.168.0.0 to192.168.255.255 These addresses are unique inside the organization but they are not unique globally 6
5.2.2 Virtual Private Network (VPN) Provide a private network using public IP network infrastructure IP tunneling Encryption VPN applications Between different sites of an enterprise Site-to-site VPN Private network addresses can be tunneled over a public network Tunnel works just like a leased line For remote access Allows remote access to the Intranet For providing an Extranet t Allows outside access to a part of an Intranet Three strategies: Private network Hybrid network VPN 7
Private Network Small organization with one single LAN can use private network Transaction between the people in the organization totally remain inside, secure from outsiders. Different sides can be connected using routers and leased lines. 8
Hybrid Network Privacy in intra-organization data exchange. At the same time needs Internet for the data exchange with other organizations. The organization have both global and private addresses. 9
Virtual private network Both private and hybrid networks are costly. VPN is private but virtual Uses IPsec and Tunneling 10
5.2.1Network Address Translation (NAT) Whole private address space hides behind one public IP address Translation of port numbers allows multiple internal hosts to communicate Savings in global IP addresses Issues with application layer protocols If they talk about IP addresses or port numbers E.g. FTP, H.323 Resolved by proxy servers or application awareness 11
5.2.3 Remote LAN Access (RLA) Dial-up access to an Intranet for teleworking Private modem pool and access server within Intranet long-distance dial-up connections information security relies on telephone network VPN based access use IP tunnel over the Internet or from a VPN provider encryption of data in tunnel ensures information security world-wide ISP presence allows local calls for dialup connections 12
5.5 Mobile Networks Mobile IP RFCs 2002, 2005, 2006 Difference between wireless technology and mobility! Wireless technology: communicate while moving Wire bound technology: plug into a new network and continue working Mobile IP specifies mobility support (More or less) independent of access technology Transparent support (independent of communication partners) for IPv4 Mobility across the internet (scalable in terms of distance) Advertisement / broadcast based forwarding management For infrequent changes of location 13
Address in mobile IP Home address A permanent address It associates the host to its home network Care-of-address A temporary address It associates with foreign network. 14
5.5.1 Mobile IP Mobility of mobile node MN supported No need for communication partner (Correspondent Node, CN) to know about this CN still sends packets to home address of MN Minimum requirement: Home Agent (HA) MN can act as Foreign Agent (FA) 15
Mobile IP (2) Mobile node connects to foreign network MN obtains IP address in foreign network (e.g. via DHCP) MN locates foreign agent IPsec tunnel established from Home Agent (HA) to Foreign Agent (FA) IP address of FA is called care-of of address Packets to the mobile node Reach the home network via standard IP routing Are intercepted by the home agent Home agent forwards packet to care-of address within tunnel Foreign agent forwards packet to mobile node (no tunnel) Packets from the mobile node Are sent via standard IP routing to the corresponding node ( triangular routing ), HA as source, sent by FA Are sent to the foreign agent Forwarded within reverse tunnel to home agent Sent to correspondent node by home agent This is when gateway routers have ingress filters 16
5.5.2 GPRS General Packet Radio Service provide a packet service extension to GSM mobile networks Protocol Stack: BSSGP Base Station System GPRS Protocol GGSN Gateway GPRS Support Node GPRS General Packet Radio Service GSM Global System for Mobile Communication GTP GPRS Tunneling Protocol LLC Logical Link Control MAC Media Access Control RLC Radio Link Control SGSN Serving GPRS Support Node SNDCP Subnetwork Dependent Convergence Prot 17
GSM/GPRS Coverage in Malaysia (Maxis) 18