WAN and VPN technologies

Chapter 5 WAN and VPN technologies Overview Dedicated, Private Lines T1 and E1 ISDN SONET ATM DSL Frame Relay Gigabit Ethernet VPN and MPLS 1 2 What in common? Dedicated Service All technologies to be discussed in this chapter are digital services Meet requirements for high speed and accurate transmission WAN: Wide Area Networks 3 4

Dedicated Services Available for exclusive use of owner Placed at predetermined locations Cheaper than switched circuit use when volume is high Flat fee per month, usage not charged by volume Secure transmission of data Attributes of Dedicated Lines Fixed monthly fee Fixed routes Exclusive use 24-hour per day availability Voice, video, and data Fixed capacity Analog or digital 5 6 Fixed Routes Dedicated circuits are not shared Put into place to exclusively transport traffic from one location to the next Video-conferencing Transmission of orders to factory Manufacturing plants to dealers Global companies: Database access between different sites Transfer of customer calls between sites within a company Bulk transmission of x-ray images Dedicated Lines - Pricing Based on distance and speed of medium Must add in cost of employing technical staff to maintain network Organizational expertise needed to design, implement and maintain the system Being replaced by VPN 7 8

T1 Developed in 1960 s to save on cabling Multiplexing scheme designed to carry 24 voice channels over one telephone circuit 1.544 Mbps = 24* 64 Kbps In order to reduce number of cables wired between telephone company switches Available to user locations in 1983 Much more reliable than analog line Time Division Multiplexing All T carrier signals are based on time division multiplexing (TDM) Each device which communicates over a T-line is assigned a time slot 8 devices communicating, 8 time slots assigned Assigned for duration of the communication, even when no information being transmitted Silence during conversation results in nothing being transmitted Inefficient 9 10 11 12

Idle Time Slots Pauses in data transmission result in idle time slots In a network with millions of time slots, empty time slots represent waste or inefficient use of transmission capacity ATM and IP do not assign specific time slots to each device T-1 Configurations T-1 circuit has 24 lines available for voice, data, or video voice usually connected to a PBX data usually bypasses the PBX video can bypass or be routed through the PBX, depending on the required speed 13 14 T1 for Data Unchannelized T1 Single pipe with slightly more capacity for data 1.544 Mbps > 1.536 Mbps (24 * 64 Kbps) Router performs multiplexing When we use T1 for voice, we use multiplexer, and not router T3 Equivalent to 28 T1 lines or 672 channels 28 X 24 = 672 Total speed 44.736 Mbps, includes bits for overhead and 28 X 1.544 Mbps Used for businesses with large calling volume 15 16

E1 T1 and E1 T1: 1.544 Mbps (24 * 64 Kbps) 24voice channels E1: 2.048 Mbps (32 * 64 Kbps) 32voice channels bps = Bits per second Kbps = Kilobits per second Bps = Bytes per second 17 Can be used for voice and data T1 is used in USA E1 is used everywhere else, including Thailand Rate adaptation equipment is needed for international line Voice channels Data speed T1 T2 T3 E1 E2 E3 24 98 (24 * 4) 672 (24 * 28) 32 128 (32 * 4) 496 (128 * 4) 1.544 Mbps 6.312 Mbps 44.736 Mbps 2.048 Mbps 8.448 Mbps 34.368 Mbps 18 Digital Signal Levels DS0 64 Kbps or 56 Kbps, depending on equipment capability Individual channel of T1 or DS1 Usually mean 64 Kbps worldwide DS1 means different things in different places DS1 = T1 in North America DS1 = E1 in Europe and Asia DS refers to the level of multiplexing hierarchy DS in North America Both T1 and DS1 have 1.54 Mbps aggregate data speed T1 can be separated into 24 channels DS1 refer to the entire 1.54 Mbps Use interchangeably in the US DS1: 1,544,000 bps Speed at which T1 line runs 19 20

Users and Applications T1 Variations Initial users Large organizations, universities, financial institutions Used to connect locations in support of applications such as: payroll, inventory Cost was high Better than hand carrying huge data tapes from location to location Current users ISP and corporation T3 is often used at HQ for ISP link, while T1 is often used in remote offices 21 Fractional T1 For customer who require something between 64 Kbps and 1.544 Mbps n x 64 Kbps Not popular anymore Integrated Access Devices (IADs) Single T1 is shared between voice and data Also do firewall, remote monitoring, routing Ex. 12 voice lines + 768 Kbps data Some even do bandwidth on-demand 22 Channel Banks Figure 5.8 Integrated access devices for T-1s carrying voice and data. 23 Multiplexing device used to connect T1 circuits to analog PBX and CO systems samples signals from PBX systems digitizes these signals sends down the T1 channel channel bank on other end decodes digital signal back to analog signal Virtually all PBX today support digital T1/E1 line 24

Medium and Devices T1 and E1 can easily use copper pair Fiber is also used for long distance T3 and E3 prefers fiber optics Modems CSU: Channel Service Unit Portion of the modem that connect to network jack (Telecom operator) DSU: Data Service Unit The other half that plug into customer equipment and PBX 25 ISDN Integrated Services Digital Network Worldwide public standard for sending voice, video, and data or packets over public switched telephone network (PSTN) in digital format Switched digital service BRI ISDN: Basic Rate Interface with two voice or data channels and 16 Kbps signaling channel PRI ISDN: Primary Rate Interface with 30 data channels plus 2 signaling channels 26 Characteristics ISDN Digital connectivity: consistent, high quality service Common between ISDN and T1 Unique characteristics of ISDN (not available in T1) Out of band signaling: call set up fast, total bandwidth of each channel dedicated to transfer of user data Switchedservice: fees based on usage time Standard interface: all ISDN users can interface with each other Basic Rate Interface Two bearer channels (voice, data, video) 64 Kbps each One signaling channel 16 Kbps BRI Users Backup connection Voice + Internet access in Europe Desktop video conferencing Centrex ISDN multi-line telephones Connecting remote local area networks 27 28

ISDN in the Real World Works on copper wiring Complicated and expensive to install Expensive monthly fee Slightly more expensive than ADSL for lowusage customer Much more expensive than ADSL for highvolume customer Must be within 18,000 feet from central office ISDN and Analog Lines ISDN is a digitally based technology For data application Cannot transmit to an analog line Can only communicate with ISDN-equipped services Must have matching modems on each end of the connection For voice telephony Can call anyone on the PSTN number ISDN equipment is not required at both ends 29 30 Primary Rate Interface ISDN PRI: has 32 channels (64 Kbps each) 30-31 channels are bearer channels (voice/data) Also 64 Kbps each 1-2 channel used for signaling Similar to an E1 Both have 32 channels E1 uses in-band signaling PRI uses out-of-band signaling on 31 st and 32 nd channels PRI can talk to BRI for voice and data calls E1 and PRI ISDN Same data transfer speed ISDN reserves one or two channels for signaling Dial tone, ringing, caller ID, etc. ISDN is mainly used for video conferencing and telephony Call center and PBX connection E1 is a dedicated service, ISDN is a switched service 31 32

Uses PRI ISDN Video conferencing (128 to 384 Kbps) PBX in large corporation and call center Dial-in modems bank at ISP Support both BRI and analog customers Backing up LAN-to-LAN connections Backing up dedicated lines Corporate sites for remote access PBXs with PRI Trunks PRI is often used for trunk connection Trunkconnection: A communication line between two switching systems Calls and signals sent separately PBX may send the signal to a database to match the number and then pull the data (caller ID) Call centers for CTI information Call screening for individual user 33 34 PRI Bandwidth on Demand Setup signals notify the network how to route the call Voice: public network Data: data network E1 channels are permanently set aside for voice or data purposes Require Integrated Access Devices (IADs) to do bandwidth on demand 35 ISDN Impact to Telecom ISDN signaled a move from analog to digital services at sub-t1 speeds Replace an expensive dedicated 56Kbps or T1/E1 ISDN services are switched B channels (data) are formatted and switched D channel (signaling) is in a packet format All 64K bit/sec of each DS0 is available for data. The fundamental format for the "D" channel became the basis for frame relay Enhanced service called Broadband ISDN provided the basis for ATM services 36

SONET Synchronous Optical NETwork Is a standard way to multiplex high speed traffic from various sources onto a fiber Advantages: Lower bandwidth pipes can be fed into SONET multiplexers and carried at high speeds Much easier to demultiplex than T1/E1 Ability to demultiplex is critical at high speed 37 SONET Equipment and software enable network providers to carry traffic from many types of customer equipment in a uniform way on backbone fiber optic cabling Still based on circuit (virtual circuit) High speed portion of SONET network called backbone or core Sonet can handle traffic coming from: T1 lines, ATM, T3 lines, and other sources Also being replaced by IP and MPLS 38 SDH SONET/SDH Capacity Synchronous Digital Hierarchy SONET is only used in the USA Capacity (SONET) Expressed in OC-n (Optical Carrier) in North America (SDH) Expressed in STM-n (Synchronous Transfer mode) in Europe and Asia Speed 52 Mbps 155 Mbps 622 Mbps 2.5 Gbps USA OC-1 OC-3 OC-12 OC-48 Channels 28 DS1 84 DS1 336 DS1 48 DS3 Europe STM-0 STM-1 STM-4 STM-16 Channels 21 E1 63 E1 252 E1 1008 E1 10 Gbps OC-192 192 DS3 STM-64 4032 E1 39 40 Gbps OC-768 768 DS3 STM-256 16128 E1 40

SONET/SDH Ring SONET is often deployed in ring configuration Traffic is only sent in one direction High reliability due to dual-ring configuration A broken link or multiplexer will cause direction to reverse Very fast detection time Metro fiber ring 41 Figure 5.18 SONET bidirectional duplicate rings in a carrier s backbone network. 42 SONET Equipment Add-Drop Multiplexer (ADM) Add and drop some channels from fiber rings Digital Cross Connect (DCC) Rearrange all channels of traffic between routes Similar to switch, but not as dynamic Switch is used for 2 minutes call, DCC is for 3 months Switch is mostly blocking, DCC in mostly nonblocking ATM Asynchronous transfer mode High speed, carrier voice, data, video, and multimedia images Carries multiple types of traffic over a single connection Native support for Quality-of-Service (QoS) Expensive and complicate to install Being replaced by IP Some are entirely optical 43 44

ATM Characteristics Packages data that it switches into a fixed size payload (53 bytes) Requires less handling than variable-sized payload Can be processed entirely in hardware Asynchronous switching No reserved timeslot like E1 Also called statistical multiplexing Route set up upon connection (Virtual circuit) ATM QoS Categories Constant bit rate (CBR) Real-time variable bit rate (RT-VBR) Non-real-time variable bit rate (NRT-VBR) Available bit rate (ABR) Unspecified bit rate (UBR) A complete networking technology Support multiple traffic streams simultaneously Also have routing and switching capability 45 46 DSL Digital Subscriber Line services Works on existing copper cabling Not a switched service, is always available in the last mile on a dedicated path from the telephone company to the customer Connection always on! Popular for Internet access The Last Mile Portion from CO to end user The final cable connection to a home Also called access network Biggest cost center and major bottleneck 47 48

DSL and Fiber DSL only work on a relatively short distance Fiber is needed in order to keep DSL length short How? 49 50 DSL Variations ADSL: Asymmetric digital subscriber line Line has different speeds from and to customer Upstream (upload) slower than downstream (download) connection SDSL: Symmetric DSL Same upload and download speed Make sense for business customer HDSL: High-bit-rate DSL (Over 1 Mbps) VDSL: Very-high-bit-rate DSL Speed reaches 25 Mbps in Singapore 51 52

Design Assumptions PSTN Public Switched Telephone Network Assumptions: Based on voice traffic where at any given time not every telephone user would be on a call The average call used to be 3 minutes, today the average call lasts 20 minutes, some last 12-24 hours Today there are more frequent calls and longer calls Increased demand on public switched network DSL and PSTN DSL: many different flavors Speeds may vary Distance from CO varies Has potential to relieve network congestion caused by modem traffic on PSTN DSL traffic routed onto a data network when it hits the CO switch 53 54 Obstacles DSL Availability has been slow, now popular High installation cost for providers Loading coils and bridge caps must be removed by providers Not easy to install for end users Japan has close to 13 million subscribers That s 1 DSL per 6 people Technical Explanation DSL (1) Uses unused frequencies available in the telephone wire for data transmission Voice carried between 300-3300 Hz Simultaneously with data DSL uses rest of frequencies available for data communications DMT: discrete multi-tone modulation used to send data in frequencies over 4,000Hz 55 56

Technical Explanation DSL (2) DMT used compression algorithms to encode and compress signals Different frequencies are used for the upstream and downstream portions of the channel DSLAM DSL access multiplexer Located at network providers site Take traffic from multiple DSL lines and combine into higher speeds before sending it out to the Internet Often use STM-1 link back to central office Customer has dedicated capacity between their DSL modem and DSLAM 57 58 Figure 5.12 Figure 5.13 DSLAMs located in digital loop carriers (remote terminals). DSLAM connections to an Internet service provider. 59 60

MiniRAM Miniremote access multiplexer Smaller version of DSLAM Use for shorter copper line and smaller number of subscriber Can be installed outdoor, on the pole Use power from copper telephone line Still use fiber to link back to DSLAM and CO 61 Figure 5.14 Neighborhood mini remote access multiplexers (MiniRAMs). 62 Frame Relay A shared wide area network service Allows customers to transmit data between multiple locations LAN connectivity Internet access Connections for remote users Acts like a private, dedicated network Leasing dedicated lines not necessary Alternative to those building their network 63 Figure 5.3 Frame relay network permanent virtual circuits (PVCs) between branches and with links to the Internet. 64

Access to Frame Relay Speed range from 56 Kbps to 44 Mbps Flexible selection of speed Dedicated service, fixed monthly fee Use Frame Relay Access Device (FRAD) Convert packets into frames Mark the beginning/ending of user data Add addressing information for routing Still rely on other physical technology, like T1, E1, and SDH Frame relay network is shared by multiple users Advantages: Frame Relay Advantages Network managed by provider Less hardware required at each location Capacity on frame relay is flexible Has internal backup routes Can replace multiple private lines with one frame relay link and network Especially beneficial with multiple backup sites Also being replaced by IP and MPLS 65 66 Frame Relay Terminology Permanent Virtual Circuit (PVC) Logical, predefined path through a carrier network Frame relay port Entry point on a frame relay network Support multiple PVC Committed Information Rate (CIR) Minimum bits per second that is guaranteed for the customer Always less than port capacity Gigabit Ethernet Ethernet is not just a LAN technology Site-to-site and Internet access over fiber optic Same protocol as LAN, simplifying connection Equipment is also widely available ROADM and DWDM ring are often used Gaining in popularity over SONET/SDH for high capacity link 67 68

Figure 5.15 Gigabit Ethernet service over fiber-optic cabling and metropolitan fiber rings. 69 MPLS Multi-protocol Label Switching Support a wide variety of access technologies Support any IP-based networking device Customer only has to give a list of IP addresses associated with each site to their provider For multi-site configuration Carrier creates a closed group of users Much more flexible to support data, voice, and video through different class of service SLA: Service level agreement 70 Service Level Agreement Agreement to offer guarantees on performance Uptime: Percentage of time that the service operates Latency: Delay between send and receive Failure recovery time Packet loss Committed information rate (CIR): guaranteed speed in the core network Credit ($) is given when SLA is broken How did MPLS work? MPLS device attaches electronic tags to each packet Telling the destination and priority Managed MPLS Carrier looks after routers 71 72

MPLS Advantages Based on popular networking technology Most use IP core, but some support ATM Much easier to administered through network management software Will not be easily obsolete MPLS equipment is getting more affordable Also available internationally Exercise Specify the type of WAN technology that should be used for the following links Choose from T1, T3, E1, E3, ISDN BRI, ISDN PRI, OC-1, STM-0, ATM, DSL, Frame relay, Gigabit Ethernet, MPLS 73 74 Exercise VPN ธ. ออมส น Call center x x ธ. ออมส น Branch ธ. ออมส น HQ x ธ. ออมส น Branch x Public Voice network Internet Public Data network x Bank of Thailand Citibank (Thailand branch) VISA International (US branch) Citibank staff working from home Virtual Private Network Provide connections between offices, remote workers, and the Internet without requiring dedicated lines Evolving from Frame Relay A generalization of Frame Relay More features, more flexible, and more efficient Customer only needs high-speed (Internet) access from its building to carrier network 75 76

VPN Advantages Figure 5.1 A virtual private network with access lines from branches nationwide. Save money on private lines Shorter installation time Suitable for remote access and remote offices Large organization often have both private line (high speed link) and VPN (low speed link) Allow employee to access corporate network from home and on the road Ex. Intranet resource 77 78 VPN Technology VPN for site-to-site communication IP VPN using IPSec (IP Security) MPLS: Multi-protocol Label Switching Any-site to any-site connectivity More flexible than Frame Relay, especially for voice VPN for secure remote access Aka, person-to-site communication IP VPN using IPSec SSL VPN (Secure socket layer) IPSec VPN Use Internet as the underlying network Speed in the core network cannot be guaranteed No SLA (Service Level Agreement) offered Use IPSec (encryption) to create secure IP tunnel from remote office to the central office Special software is needed on both ends User cannot use public computer 79 80

IPSec for remote access Client software is installed on remote worker s computer Can be used with dial-up or broadband User establish Internet connection first Then launch IPSec VPN client software The computer can then access any Intranet resources Shortcomings: Client software is needed, eliminate the possibility of using public computer or PDA 81 Figure 5.2 IPSec virtual private network for remote access. 82 SSL VPN Aggregator Provide the same feature as IPSec VPN, but without the client software Capability is already embedded in browser (https:\\) Work on PDA, Linux, Internet café Reduce administrative support from IT staff New technology that is gaining popularity Appropriate technology if most corporate resources are web-based 83 VPN relies on the user s ability to obtain Internet connection A traveling employee may have to obtain Internet access from many different vendors during a single trip Big headache for both employee and company A network aggregator makes agreement with carriers worldwide so that the employee can have Internet access anywhere The company only have to deal with a single aggregator on billing and negotiation The employee only needs aggregator's software on his laptop 84

Example of VPN usage Which link can we use VPN? Which link should we use VPN? ธ. ออมส น Call center Bank of Thailand ธ. ออมส น HQ Public Voice network Citibank (Thailand branch) Citibank staff working from home Internet ธ. ออมส น Branch ธ. ออมส น Branch Public Data network VISA International (US branch) 85