Moving Traffic Across the Street and the World
How does a company connect the network in its New York office to the network
in its Los Angeles office? It doesn’t make sense to run a private cable
across the U.S. Instead, the company subscribes to wide-area services. A widearea
network (WAN) is a network that covers a broad geographic area and
often uses transmission facilities provided by service providers. WAN functionality
occurs at Layers 1 to 3 in the Open Systems Interconnection (OSI) reference
model.
The bicoastal company just mentioned would contact its service provider to
purchase WAN connectivity between the offices. WAN services are leased from
service providers that charge either a monthly flat fee or fees based on the
amount of data transmitted. The more bandwidth required for a WAN circuit,
the greater the usage charges are. Service providers can use a single national
network to provide WAN services for many different corporate customers. In
this way it is not necessary for each company to physically connect every office
to every other office. Imagine the cross-country cables involved in connecting
just one large company, let alone thousands.
WAN Services
Three types of transport are used with WANs:
• Point-to-point: Also known as leased line, a point-to-point connection is a
pre-established link from one site, across a service provider’s network, to a
remote site. The carrier establishes the point-to-point link for the customer’s
private use.
• Circuit switching: A service provider establishes a dedicated physical circuit
into a carrier network for two or more connections. Unlike point-to-point,
which has exactly two sites connected to a single connection, multiple sites
privately connect into a carrier’s switched network to communicate with
each other. Circuit switching operates like a normal telephone call. ISDN is
an example of circuit-switched WAN technology.
• Packet switching: This type of transport is similar to circuit switching in
that multiple sites privately connect into a carrier-switched network.
However, packet switching involves the statistical multiplexing of packets
across shared circuits. Frame Relay, Multiprotocol Label Switching (MPLS),
broadband DSL and cable, and Metro Ethernet are all examples of packet
switching.
Some WAN technologies, such as Frame Relay and Asynchronous Transfer
Mode (ATM), use virtual circuits to ensure reliable communication between
two network devices. The two types of virtual circuits are switched virtual circuits
(SVC) and permanent virtual circuits (PVC). An SVC is dynamically
established on demand and is torn down when transmission is complete. A
connection uses SVCs when data transmission between devices is sporadic. A
PVC is a permanently established logical circuit and is useful for connections
between two devices in which data transfer is constant.
WAN dialup services are available as alternative backup technologies for traditional
WAN services. As the name implies, dialup services use plain old telephone
service (POTS) and are inexpensive (but relatively slow) alternatives
when the main WAN service goes down. Cisco routers offer two popular types
of dialup services: dial-on-demand routing (DDR) and dial backup. DDR can
be triggered automatically when the primary connection goes down or when a
traffic threshold is reached. Dial backup initiates a dial connection to another
router after it determines that the primary WAN service is unavailable. The
dial connection remains active until the WAN service returns
Integrated Services Digital Network
Integrated Services Digital Network (ISDN) is a set of technologies developed
to carry voice, video, and data across telephone networks. ISDN operates at
Layers 1 to 3 in the OSI reference model. ISDN was the first broadband service
deployed in the home. It operated at two to four times the speed of the
modem technologies of the day and provided “always-on” connectivity compared
to modem dialup. For many years ISDN received a lot of hype that it
never quite lived up to. Eventually it was dealt a death blow as far as home
use with the advent of DSL and high-speed cable services. However, it is still in
use in some businesses, so it’s worth a quick look here.
Frame Relay
Frame Relay is a packet-switched WAN service that operates at the physical
and logical layers of the OSI reference model. Frame Relay was originally
designed to operate over ISDN but today operates over a variety of network
interfaces. Typical communication speeds for Frame Relay are between 56
kbps and 2 Mbps (although lower and higher speeds are supported). Frame
Relay provides connection-oriented services using virtual circuits. A Frame
Relay virtual circuit is a logical connection between two data terminal equipment
(DTE) devices across a Frame Relay packet-switched network. A datalink
connection identifier (DLCI) uniquely identifies each virtual circuit. You
can multiplex multiple virtual circuits on a single physical circuit.
Frame Relay switched networks provide simple congestion-notification mechanisms.
Frame Relay switching equipment can mark a Frame Relay packet with
front-end congestion notification (FECN) or back-end congestion notification
(BECN). The equipment marks the packets with a FECN or BECN if congestion
occurs during the transmission of the packet. The DTE equipment at the
other end of a circuit notices whether a packet has experienced congestion and
notifies a higher layer that congestion has occurred. Additionally, the equipment
can mark a packet as discard eligible (DE) to indicate that it is less
important, which means that it can be dropped if congestion occurs.
ATM
ATM is a standard for cell-based relay that carries voice, video, and data in
small, fixed-size cells. ATM networks are connection-oriented networks that
combine the benefits of circuit switching (guaranteed capacity and constant
transmission delay) with those of packet switching (flexibility and efficiency for
intermittent traffic). ATM transmits at speeds from a few Mbps to many Gbps.
High-speed ATM circuits typically require optic-fiber cables to transmit such
high speeds. Speeds of these circuits are characterized as “Optical Carrier”
class and are represented as OC-number. The number represents the multiple of the base OC-1 standard circuit, which can carry 51.84 Mbps. Common
circuit speeds are OC-3 (155.52 Mbps), OC-12 (622.08 Mbps), and OC-192
(9953.28 Mbps, or roughly 10 Gbps).
Traditional circuit-based networks use time-division multiplexing (TDM), in
which users are assigned a predetermined time slot; no other device can transmit
during this time slot. If a station has a lot of data to send, it can transmit
only during its time slot, even if the other time slots are empty. Conversely, if
the station has nothing to transmit, the time slot is sent empty and is wasted.
This arrangement is called synchronous transmission.
ATM is asynchronous, meaning that time slots are available on demand. This
allows for a more efficient use of available bandwidth. ATM uses single-sized
cells (as opposed to the variable-sized frames in Frame Relay), which have 53
bytes. Computers usually define things in powers of 2 or 8. The 53-byte cell
size represents a compromise between the phone-standards folks and the datastandards
folks.
ATM networks have two devices: ATM switches and ATM endpoints. ATM
switches accept cells from an endpoint or another switch, evaluate the cell
header, and quickly forward the cell out another interface toward the destination.
An ATM endpoint contains an ATM network interface adapter and is
responsible for converting digital data into cells and back again. Examples of
ATM endpoints include workstations, LAN switches, routers, and video coderdecoders
(codecs).
ATM networks can mark traffic after it is converted from its original data format
to require different types of handling. Some traffic, such as voice and
video, must be transferred through the network at regular intervals with little
variation in delay. Otherwise, the destination receives low-quality voice or
video transmission. Data traffic is less sensitive to network delays and can be
handled differently.
To ensure the appropriate delivery for each of these traffic types, ATM devices
employ QoS mechanisms that involve reserving bandwidth, shaping traffic to
meet the reserved bandwidth, and policing traffic that exceeds the reservation.
MPLS
MPLS is a highly efficient WAN service that companies are quickly adopting
either as a replacement for legacy Frame Relay and ATM WANs or as a second
high-speed WAN service. MPLS is discussed in more depth in a later section.
Broadband
Increasingly, companies are leveraging cable, DSL, and other types of broadband
Internet services to deploy WAN services. They offer low-cost, high-bandwidth
connectivity that is often suitable for small branch office locations, such as
retail stores, small insurance office branches, and gas stations and convenience
stores. Broadband services are discussed in more depth in a later section.
Virtual Private Networks (VPN)
A VPN is a secured connection between two devices over a shared, unsecured
network. VPNs have been used for some time for mobile devices such as laptops
to connect to their corporate headquarters over the Internet. This is typically
called a remote-access VPN. Encryption provides security so that no one
else on the Internet can eavesdrop on the data being sent back and forth.
Increasingly, companies are taking advantage of VPNs to also connect branch
offices to headquarters locations over the Internet, called a site-to-site VPN.
Site-to-site VPNs can be a very cost-effective way to connect relatively small
locations to corporate headquarters over Internet services, such as broadband
cable and DSL. VPNs are also used to some degree to authenticate users to
local access points in a wireless environment. VPNs are addressed in a bit
more depth in a later section.
WAN Devices
Numerous types of devices are associated with WAN service delivery. The first
is a WAN switch. Usually located in a carrier’s network, a WAN switch is a
multiport internetworking device whose job is moving traffic from source to
destination. Routers at the customer sites attach to the edges of the carrier’s
switched network (for Frame Relay and ATM). WAN switches operate at
Layer 2, the data link layer, of the OSI model.
For many packet-switched services, often a WAN router is used at both the
access location, often called the Customer Premises Equipment (CPE), and
the nearest connectivity location of the WAN service provider, often called the
Point of Presence (PoP). Modern packet-switched services, such as MPLS,
broadband, and the Internet, rely on very large, very high-speed routers to
route traffic across the service provider network between PoPs. These routers
form the backbone of the modern Internet and global WAN connectivity services
and are sometimes called core routers. Routers sitting at the edges of the
network, providing WAN access to businesses, are often called edge routers.
Multiprotocol Label Switching (MPLS) Services
MPLS is a Layer 2 WAN backbone technology that delivers WAN and MAN
services, traffic engineering capabilities, and a converged network infrastructure
that can also be used to aggregate and transport Frame Relay, ATM, and
IP traffic. Originally developed by Cisco in the form of tag switching, MPLS
was adopted as an Internet standard by the Internet Engineering Task Force
(IETF). Service providers are the primary implementers of the technology.
Service providers offer MPLS services as an alternative to their traditional
Frame Relay, leased line, and ATM services. With MPLS networks, service
providers can offer services similar to traditional WAN technologies at lower
costs and provide additional IP-based services previously not available.
At the heart of MPLS is an encapsulation scheme that serves as an alternative
to traditional IP routing. When a packet comes into the service provider edge,
a router assigns a tag to the packet based on the destination IP network. The
tag is a type of shorthand for a traditional IP-based route. After the tag is
applied, the router forwards the packet into the MPLS core. The core routers
read the label, apply the appropriate services, and forward the packet based on
the label. As soon as the packet reaches the destination edge of the service
provider network, the MPLS label is removed, and the IP packet is forwarded
onto the IP network.
Traffic engineering is a core component for service providers that allows them
to deliver services predictably for each of their customers. MPLS traffic engineering
expands on the capabilities offered by ATM and Frame Relay. Tagged
IP packets are routed through the MPLS core based on the resources required
by the packet and available network resources. The MPLS network chooses
the shortest path for a traffic flow based on its resource requirements.
Resource requirements are determined by the size and priority of a traffic flow.
MPLS networks can honor IP QoS by delivering both best-effort delivery as
well as time and bandwidth-sensitive guarantees.
One of the MPLS services that service providers offer is virtual private networks.
Using MPLS labels, service providers can deliver IP-based services to
many customers without the complexity of traditional Frame Relay or ATM
circuit management. Customers can use private or public IP addressing without
concern about overlapping other customer addressing.
Another advantage of MPLS networks is any-to-any connectivity. Whereas in
Frame Relay and ATM networks, connections are point-to-point, MPLS services
allow customers to connect into the service and easily reach any other office
connected to the service. This removes some of the complexity of traffic engineering
that corporate customers would have to do themselves and allows the
service provider to offer an important value-added service as a WAN provider.
MPLS VPN services are as secure as Frame Relay in that one customer cannot
see the traffic from another customer even though they traverse the same
MPLS network. For additional security, customers can place firewalls between
their private network and the service providers, as well as encrypt the traffic as it
goes into the MPLS network. As long as the packets have standard IP headers,
the MPLS network can ship the packet to its destination.
Because MPLS networks look like a private intranet to the connected IP networks,
service providers can offer additional IP-based services such as QoS,
telephony support within the VPN, and centralized services such as web
hosting.
MPLS Labels
The forwarding mechanism in MPLS uses a label to decide where and how to send packets or cells through
the network. The label is applied at the ingress to the SP network and is removed at the network egress
point. The router responsible for adding the label is the only network router that needs to process the
entire packet header. The information contained in the header, along with the preconfigured instructions, is
used to generate the label. Labels can be based on IP destinations (this is what traditional routing uses) and
other parameters, such as IP sources, QoS, VPN membership, or specific routes for traffic engineering purposes.
MPLS is also designed to support forwarding mechanisms from other protocols. MPLS tags are 4
bytes or 32 bits long, which aids the speed at which the rest of the routers can process the forwarding
information (IP headers are much longer than that).
MPLS Security
An additional benefit of MPLS is a small measure
of security (as compared to Frame Relay or ATM).
As illustrated in the figure, as soon as the packet or
cell from a company enters the SP network, the
label assigned essentially keeps that packet segregated
from all other customers’ packets/cells.
Because there is no place where one customer can
view another customer’s packet/cells, there is no
danger of having someone outside the SP network
snoop for packets. Obviously this would not stop
someone bent on illegally accessing a company’s
information, but it does remove the possibility of
someone claiming that he “accidentally” received
the information. Unfortunately, the number of incidents
of people or groups intentionally stealing or
monitoring data has been on the rise over the past
several years. Because of this trend, many people
no longer consider MPLS to be “inherently
secure,” as it was once billed.
Many companies opt for encryption using technologies
such as IPsec (IP Security) to provide data
Although it is possible to encrypt MPLS, it is not
encrypted by default.
How Does the Router Know Where
to Send Stuff?
The routers in an MPLS network forward packets
based on labels, but the router must know the
relationship between a label and path through the
network. This relationship is established and communicated
throughout the network using
Forwarding Equivalence Classes (FEC). A FEC is a
specific path through the network of LSRs and is
equal to the destination network, stored in an IP
routing table. The LSRs simply look at the label
and forward the packet based on the contents of
the FEC. This is much simpler, faster, and more
flexible than traditional IP routing. Sometimes a
packet arrives at a router without a label (if it
security for their traffic traversing MPLS networks
(and, in general, any WAN type). This is especially
true where companies have offices with connections
in developing and emerging countries, where
the trust level of in-country providers may be
lower than in the U.S. and Europe.
MPLS Architecture
MPLS is divided into two layers or planes, each
having a specific function in the network. The layers
are the Control plane and the Data plane. The
Control plane is responsible for the exchange of
routing information (including labels) between
adjacent devices. The Data plane handles forwarding
operations.
It is important to note that MPLS is no more or
less secure than Frame or ATM. Also, there is a
common misconception that MPLS is encrypted.Although it is possible to encrypt MPLS, it is not
encrypted by default.
How Does the Router Know Where
to Send Stuff?
to Send Stuff?
The routers in an MPLS network forward packets
based on labels, but the router must know the
relationship between a label and path through the
network. This relationship is established and communicated
throughout the network using
Forwarding Equivalence Classes (FEC). A FEC is a
specific path through the network of LSRs and is
equal to the destination network, stored in an IP
routing table. The LSRs simply look at the label
and forward the packet based on the contents of
the FEC. This is much simpler, faster, and more
flexible than traditional IP routing. Sometimes a
packet arrives at a router without a label (if itcame from a non-MPLS network). When this happens,
it is the router’s job to add a label so that the
packet can be properly forwarded through the
MPLS network.
0 responce(s):
Post a Comment