From circuit to packet switching PSDN and VPN From circuit to packet switching 1 1
Packet-Switched Services Offered by Carriers X.25 Old, slow, and not sufficiently cheaper than frame relay Frame Relay Speeds in main range of user demand Dominated the market in the 1990s ATM High speeds and costs, requiring equipment changes Carrier Internet and MPLS services Dominant services today 2
X.25 Packet-Switched Data Networks Oldest packet switched network service (1970s) Low speed (maximum around 64 kbps) Mature: easy to implement Uses PVCs Reliable service, so latency in transmission Mostly replaced by Frame Relay 3
Frame Relay Packet-Switched Data Networks Software upgrade to X.25 switches Uses PVCs Unreliable, so much faster on same switches Good speed range: 56 kbps - 40 Mbps: Meets most corporate needs (most under 2 Mbps) Grew rapidly in the 90s, to equal leased line WANs in terms of market share (about 40%) See more here. 4
Pricing of Packet Switching Speed of the Access Line from Site to Network Determines maximum transmission rate to the network Often called the Port Speed Often the most important price determinant Must be fast enough for needs See Frame Relay vs. DSL -- a price issue 5
ATM (Asynchronous Transfer Mode) Offers very high speeds: 622 Mbps, 2.5 Gbps to 40 Gbps. Speeds are beyond most corporate needs today and high costs. Connection-oriented (PVCs), unreliable Quality of Service (QOS) guarantees critical traffic Minimize latency (delays) Inherent reliability (low loss rate) Seen as the next generation before Ethernet surge But Frame Relay kept increasing in speed in low Mbps range where market demand was highest 6
Pricing/Performance of Packet Switched Services Pricing of Frame Relay and ATM Customer Premises Equipment Access Line to Point of Presence Port Speed Per PVC Price Distance and Traffic Volume The demise of Frame Relay and ATM Transition from Frame Relay and ATM to Carrier Ethernet stimulated by Verizon, AT&T, etc. The move to Ethernet and IP based services a win-win situation. 7
Customer Premises Equipment Access Device Has link to internal system (often a LAN) Has CSU/DSU to put internal traffic into format for Packet switching transmission In Frame Relay, called Frame Relay Access Device (FRADS) Access Device Access Line to Network LAN 8
Router Switching Circuitry Modular Routers CSU/DSUs are removable expansion boards Modular Router Router Switching Circuitry Port 1 CSU/DSU (T1) Port 2 CSU/DSU (56 kbps) Port 3 CSU/DSU (T3) Port 4 CSU/DSU (56 kbps) T1 Line 56 kbps Line T3 Line 56 kbps Line 9
Elements of a Packet Switched Network Customer Premises A You need a leased access line to the network’s POP. Sometimes the packet switched network vendor pays the cost of the access line for you and bundles it into your service charges. Leased Access Line to POP LEC Switching Office Leased Access Line to POP POP at LEC Office 10 10
Elements of a Packet Switched Network Data Network Trunk Line Network Switching Office POP Customer Premises B Leased Access Line 11 11
Calculations Situation Questions You have four sites You want any one to be able to reach any other Questions How many PVCs do you need? How many access lines do you need? 12
Calculations PVCs Access Lines If you have N sites, there are N(N-1)/2 possible connections In this case, you would have 4(3)/2 or 6 possible connections Some vendors count this as 6 PVCs, others as 12 PVCs Access Lines You would need four access lines (one for each site) Each will multiplex 3 PVCs Must be fast enough for the needs of communication with the three other sites 13
Leased Lines vs. Packet-Switched Data Networks Point-to-point, inexpensive for thick routes Inflexible: must be established ahead of time Packet Switched Networks Also must be established ahead of time for PVCs Competitor for leased line networks Priced aggressively Carrier does all the management Killing the leased line business 14
Virtual Private Network 1. Site-to-Site VPN Server Tunnel Internet VPN Server Corporate Site B Corporate Site A 3. Remote Corporate PC 2. Remote Customer PC (or site) Remote Access for Intranet Extranet 15
VPN advantage Virtual Private Network (VPN) Why VPNs? Transmission over the Internet with added security Some analysts include transmission over a PSDN with added security Why VPNs? PSDNs are not interconnected Only good for internal corporate communication But Internet reaches almost all sites in all firms Low transmission cost per bit transmitted 16
VPN issues VPN Problems Latency and Sound Quality Internet can be congested Creates latency, reduces sound quality Use a single ISP as for VoIP (voice over IP) Security PPTP for remote access is popular IPsec for site-to-site transmission is popular 17
ISP-Based PPTP Remote Access VPN Remote Access VPNs User dials into a remote access server (RAS) RAS often checks with RADIUS server for user identification information. Allows or rejects connection Unsecure TCP Control Channel Local Access RADIUS Server PPTP RAS Secure Tunnel Internet ISP PPTP Access Concentrator Corporate Site A 18
VPN and PPTP Point-to-Point Tunneling Protocol Available in Windows since Windows 95 No need for added software on clients Provided by many ISPs PPTP access concentrator at ISP access point Some security limitations No security between user site and ISP No message-by-message authentication of user Uses unprotected TCP control channel 19
Hosts Need No Extra Software IPsec in Tunnel Mode Tunnel Mode IPsec Server IPsec Server Local Network Local Network Secure Tunnel Tunnel Only Between Sites Hosts Need No Extra Software No Security In Site Network No Security In Site Network 20
IPsec in Transfer Mode 21 Transfer Mode IPsec Server IPsec Server Local Network Local Network Secure Tunnel Security In Site Network Security In Site Network End-to-End (Host-to-Host) Tunnel Hosts Need IPsec Software 21
IPsec alternatives IP Security (IPsec) Tunnel mode: sets up a secure tunnel between IPsec servers at two sites No security within sites No need to install IPsec software on stations Transfer mode: set up secure connection between two end hosts Protected even on internal networks Must install IPsec software on stations, but default in current OSs (Windows, Linux, UNIX). 22
Security at the internet layer IP Security (IPsec) At internet layer, so protects information at higher layers Transparent: upper layer processes do not have to be modified HTTP SMTP FTP SNMP TCP UDP Protected Internet Layer with IPsec Protection 23
Common IPsec configuration IP Security (IPsec) Security associations: Governed by corporate policies Party A Party B List of Allowable Security Associations List of Allowable Security Associations 24 IPsec Policy Server
SSL/TLS for Browser–Webserver Communication 25
Metropolitan Area Ethernet Metropolitan Area Network (MAN) A carrier network limited to a large urban area and its suburbs Metropolitan area Ethernet (metro Ethernet) is available for this niche Metro Ethernet is relatively new, but is growing very rapidly 802.3ad standard Ethernet in the first mile Standard for transmitting Ethernet signals over PSTN access lines 1-pair voice-grade UTP, 2-pair data-grade UTP, optical fiber 26
Metropolitan Area Ethernet Attractions of Metropolitan Area Ethernet Low prices per bit transmitted High speeds Familiar technology for networking staff Rapid provisioning Rapid capacity increases for special events Carrier Class Service Basic metro Ethernet standards are insufficient for large wide area networks Quality of service and management tools must be developed The goal: To provide carrier class services that are sufficient for customers 27
Carrier Ethernet and MPLS services 28
Carrier Ethernet and MPLS services The two most popular WAN options today are: MPLS and Carrier Ethernet. Carrier Ethernet services include virtual private LAN service (VPLS), Gigabit and metro Ethernet. E-LINE service -- site-to-site service, competes directly with leased lines. E-LAN -- extends the LAN to the wide area, as if the PSDN service was only trunk lines between switches. MPLS (Multiprotocol Label Switching) services typically refer to Layer 3 MPLS VPN services a MPLS network determines the best path for packets between two hosts -- the label switched path. Routers will send all packets along this path that receive a label path number. 29
Overview of MPLS services A MPLS primer at https://www.youtube.com/watch?v=U1w-b9GIt0k 30
More in the MPLS service The label switched path 31
Carrier Ethernet and MPLS services A historic view of Carrier Ethernet in Wikipedia An example of carrier services: AT&T Keeping up with news about Carrier Ethernet: http://www.carrierethernetnews.com/ Carrier Ethernet vs MPLS services. Software-Defined Networks (SDN) Overview in Wikipedia. Pros and cons of SDN. 32