Serial ways to Internet

1
Serial ways to Internet

• Richard Perlman
• Lucent Technologies
• perl_at_lucent.com
• with special thanks to Ksenija Furman Jug

2
Serial Communications

• The goal of our session
• Agenda
• General overview
• Theoretical fundaments
• Practice

3
Connecting to Internet

• Why?
• How?
• Costs?

4
Overview

• Dial-up
• Provider perspective
• User perspective
• Dial-out host
• Dial-out LAN
• Leased lines and Dedicated services

5
Serial
Serial data pipes
Internet user
Internet service provider
6
How?

• Dial-Up
• Leased line
• Public Data Services (X.25,Frame Relay, ATM,..)
• xDSL Services (ADSL, SDSL, HDSL, )
• Cable Modems
• Wireless services

7
Serial

• Dial-up
• Provider perspective
• User perspective
• Dial-out host
• Dial-out LAN
• Leased lines

8
Dial-up

• Technology type
• POTS - Plain Old Telephone System
• ISDN - Integrated Services Digital Network
• Type of services
• host
• LAN

9
Dial-up host
Providers Access Server
Asynchronous modem Pool
Users PC
POTS
Asynchronous modem
10
Dial-up LAN
Providers Access Sever
LAN
Asynchronous modem Pool
POTS
Asynchronous modem
Router
11
Serial

• Dial-up
• Provider perspective
• User perspective
• Dial-out host
• Dial-out LAN
• Leased lines

12
Provider perspective

• Choose the equipment
• Form a user database
• Create a security mechanism
• Create an IP addressing scheme
• Select the routing scheme for LAN
• Use/Install DNS services
• Management

13
Choosing equipment - POTS (cont.)

• Sufficient number of telephone lines
• geographical distribution helps decrease calling
  costs
• number of users per line (Ratio 101 or ?)
• Asynchronous modems
• modem management (SNMP, Rack Control or ?)
• software (firmware) upgradable
• Is 56kbs the end?

14
Choosing equipment - POTS (cont.)

• Access server
• protocols (SLIP/PPP)
• terminal services (NAS or Term Serv modems)
• users database (Text files, DBMS, LDAP,)
• security tools
• IP routing
• management (SNMP, remote access, CLI)
• filters

15
User database

• on the Access Server
• on a special host

16
Security mechanism

• DIAL-UP - a big security thread
• anybody and everybody can dial-in
• Authentication, Authorization, Accounting
• Security servers (RADIUS, TACACS?...)
• Logging facility
• NTP

17
RADIUS (TACACS?)

• TACACS
• Proprietary
• based on TCP
• encrypts all data
• separated AAA
• more complex
• open for future extensions, but?

• RADIUS
• IETF Standard
• Multi-Vendor Support
• based on UDP
• encrypts only challenge responses
• Many implementations including commercial servers
• Billing interfaces

18
Authentication

• Each user having a good password
• Users forced to change password
• Policy choice Safe vs. Popular
• One time passwords
• Token Cards, OTP Schemes
• Login procedure
• PPP authentication (PAP vs. CHAP)
• Caller Line Identification (ISDN)

19
Authorization

• Who is allowed to do what
• Time-of-Day
• Requested service (Analog, 1 channel ISDN,
  mulit-link, PPP, SLIP, etc.)
• Access Point
• Etc., etc.

20
User Accounting

• In case of dynamic addressing helps to trace
  intruders
• For charging/usage accounting
• Commercial, non-profit and public service
• Storage of data
• Interface to billing/security system

21
IP addressing scheme - Dial-in host

• Dynamic address allocation
• saves address space
• users can not be always reachable at same IP
  address
• NAS or centralized administration
• IP address dedicated per user
• impossible with large number of users
• useful for some services

22
IP addressing scheme - Dial-in LAN

• Addresses on LAN side
• registered IP addresses
• IP masquerading - using private address space
• PAT (Port Address Translation - special case of
  Network Address Translation (NAT))

23
Routing scheme for LAN

• Static routing
• dedicated address on PPP side to which a static
  route is pointing
• Dynamic routing
• filter routing information to disable
  advertisement of invalid routes
• No routing
• for PAT

24
Static routing
Network 193.225.219.0
193.225.220.6
Users router
Providers Access Server
Static route for 193.225.219.0
Default route pointing to the asynchronous
interface
to address 193.225.220.6
25
Dynamic routing
Network 193.225.219.0
Users router
Providers Access Server
Enable routing protocol on both interfaces
26
Port Address Translation
Network private address space
WAN IP address assigned by Access Server
statically or dynamically
Users router using PAT
Providers Access Server
No IP routing - remote LAN equals to individual
dial-up host
27
New Technologies

• Virtual Private Dialup Networks (VPDN)
• Service provider is able to outsource dial-up
  ports to other service providers
• Global Roaming
• Service provider is able to outsource dial-up
  ports to users

28
Serial

• Dial-up
• Provider perspective
• User perspective
• Dial-out host
• Dial-out LAN
• Leased lines

29
Dial-out host

• Get the account
• inform yourself about number of users per modem,
  types of services and charging
• Choose equipment
• Take care about the password

30
Choosing equipment - Dial-out host - POTS

• Asynchronous modem
• the compatibility to provider modems
• latest standard
• PC

31
Choosing equipment - Dial-out LAN - POTS (cont.)

• Asynchronous modem
• compatibility with providers modems
• latest standard
• Dial on Demand Router
• commercial
• dedicated box for higher price
• reliable and easy to manage

32
Choosing equipment - Dial-out LAN - POTS (cont.)

• PC with DOS, Linux, WIN NT,..
• non-dedicated box for lower price
• also usable for Internet server
• less reliable, more complex to manage
• Features
• Dial on Demand

33
Dial-out host - types of services

• Low cost - accessible to anyone
• Telnet access
• less friendly user interface

34
Dial-out host - types of services

• PPP/SLIP
• Complete individual Internet connectivity
• user friendly client software
• Graphical Interface
• e-mail
• POP server

35
Dial-out host - types of services

• Internet servers
• not convenient
• you need a fixed IP address and dialing in both
  directions
• Long set-up time (especially analog)
• Web hosting

36
Dial-out LAN - types of services (cont.)

• PPP/SLIP
• Full connectivity for LAN on demand
• Low cost
• E-mail
• UUCP

37
Dial-out LAN - types of services (cont.)

• SMTP demon with spooler
• at time of activation of line, mail has to be
  transferred to destination LAN
• Internet servers
• not convenient
• you need a fixed IP address and dialing in both
  directions

38
Dial on Demand

• Reducing telephone costs by
• defining interesting packets
• defining idle-timers

39
Serial

• Dial-up
• Providers perspective
• Users perspective
• Dial-out host
• Dial-out LAN
• Leased lines and Dedicated services

40
Leased Line Characteristics

• Higher cost
• Full time connectivity
• convenient for Internet servers

41
Dedicated Services

• Marginally higher than dial-up
• May be bandwidth limitations
• Full time connectivity
• convenient for Internet servers
• Leading Edge technologies may not be widely
  available

42
Leased line
Providers router
LAN
Synchronous modem
Leased line
Synchronous modem
Router
43
Dedicated ServicesCable Modem
Providers router
LAN
Cable modem Bank
TV Cable Plant
Video Services
Router
Cable modem
TV/Video
44
Dedicated ServicesCable Modem
Providers router
LAN
Copper Phone Lines
xDSL Termination
Router
Splitter
xDSL Interface
POTS Services
45
Provider perspective

• Establish geographically distributed points of
  presence
• Offer ports (synchronous, asynchronous)
• Establish routing for users IP subnets
• Using different types of modems according to
• distance
• speed

46
User perspective (cont.)

• Register IP addresses
• NAT reduces the IP address space usage
• Select appropriate router
• number and type of ports according to network
  topology
• protocols
• routing protocols
• manageable

47
User perspective (cont.)

• security mechanism
• Establish e-mail, DNS,WWW servers
• no problem with full time connectivity

48
Security

• DONTT LET THE WHOLE WORLD TO ENTER YOUR DOOR!
• Use security mechanisms
• firewalls of different types