IMPORTANT MATERIAL

1
IMPORTANT MATERIAL

• Chapters 8-11

2
Topology

• Topology is the basic geometric layout of the
  network -- the way in which the computers on the
  network are interconnected.

• Ethernet uses a bus topology (a high speed
  circuit and a limited distance between the
  computers, such as within one building).

3
Bus Topology
Terminators required on each end
4
Ring Topology
Data Flow
5
Token Ring
6
Star Topology
Preferred method for todays LANs
Wiring Hub
7
Media Access Control

• Ethernet uses a contention-based technique called
  Carrier Sense Multiple Access with Collision
  Detection (CSMA/CD)
• If two computers attempt to transmit at the same
  time, they detect the collision, send a jamming
  signal, wait a random amount of time, then
  re-broadcast.

8
Ethernet Tree Topology

• Each hub broadcasts to own segment
• Misbehaving nodes will be shut off by the hub

9
Network Servers Everything You Wanted to Know
But Were Afraid to Ask!

• Servers use multiple processors
• Very important to access-intensive operations
• Multiple processors provide 50 improvement
• Buses provide backbone internal support for data
  transfer
• RAM provides a buffer for operations

10
Its a RAID!

• Disk arrays improve performance and redundancy
• RAID (Redundant Array of Inexpensive Disks) is a
  method used to write across (stripe) multiple
  disks to improve performance and fault tolerance
• RAID 1 and 5 most popular but all have problems

11
RAID
File
Disk 1
Disk 2
RAID 0--Stripes data between disks
RAID 1--Mirrors data between disks
12
Mirrored Disk Drives
Duplexed Controllers
Controller 1
Controller 2
File 1
File 1
File 2
File 2
2
1
13
Raid Level 5 Technology
Server
File 1 Part 1
File 1 Part 3
File 1 Parity
File 1 Part 2
File 2 Part 2
File 2 Part 3
File 2 Part 1
File 1 Parity
1
2
3
4
14
A Fault-Tolerant Duplexed Server
Duplexed Servers
Dedicated High-Speed Connection
Disk Drive
Disk Drive
Mirrored Disk Drives
15
Immediate and Recurring Costs of a LAN
Immediate Costs
Equipment upgrades Documentation Installation of
cabling System software installation Creating
user environments Space required for new
equipment LAN managementpersonnel
costs Consumable suppliestoner, paper, etc.
Training users, operators, administrators Site
preparation Hardware installation Installing
applications Testing Supplies and
spares Hardware and software
maintenance Training new users, administrators
Recurring Costs
16
Basic LAN Management Tasks
User/Group Oriented
Add, delete users and groups Set user
environment Install/remove printers Maintain
printers Add/change/delete hardware Add/change/del
ete hardware Plan and implement changes Make
backups Carry out recovery as necessary Plan
capacity needs Serve as liaison with other
network administrators
Set user/group security Solve user problems Setup
user/printer environment Manage print
jobs Establish connections with other
networks Diagnose problems Maintain operating
procedures Educate users Monitor the network for
problems and to gather statistics for capacity
planning
Printer Oriented
Hardware/Software Oriented
General
17
Backup Devices

• Removable Disk Drives
• Manual intervention is necessary for changing
  disk cartridges, whereas some tape backup system
  provide tapes with much higher storage capacity
  and with automatic tape changing.
• Hard-Disk Drives
• The arguments for and against this alternative
  are much the same as those for diskettes. The
  major difference is that the capacity of
  hard-disk drives is greater than that of
  diskettes.

18
Backup Devices (cont.)

• Optical Disk Drives
• Optical disk drives are gaining popularity as
  input, output, and backup devices. The reasons
  for this are their decreasing costs and large
  storage capacity.
• Magnetic Tape Drives
• A magnetic tape drive is the usual choice for a
  backup device. Magnetic tapes are less expensive
  than the other options. They hold large volumes
  of data, are easy to use and store, and generally
  provide good performance.

19
Gateways

• Gateways operate at the network layer and use
  network layer addresses in processing messages.
• Gateways connect two or more LANs that use the
  same or different (usually different) data link
  and network protocols. They may connect the same
  or different kinds of cable.
• Gateways process only those messages explicitly
  addressed to them.

20
Gateways

• One of the most common uses of gateways is to
  enable LANs that use TCP/IP and Ethernet to
  communicate with IBM mainframes that use SNA.
• The gateway provides both the basic system
  interconnection and the necessary translation
  between the protocols in both directions.

21
Gateways
22
Classic SNA Architecture
23
Standalone PC 3270 Terminal Emulation
24
LAN-based SNA Gateways
25
Full Duplex Ethernet
26
Switched Ethernet
Switched Ethernet at Fish Richardson
27
Hierarchies

• Vulnerable to Single Points of Failure
• Switch or Link (trunk line between switches)
• Divide the network into pieces

X
X
Ethernet Switch
28
Switch Learning

• Every Few Minutes, Switch Erases Switch
  Forwarding Table
• To eliminate obsolete information
• Relearning is very fast

Ethernet Switch
Address
Port
Erased
A1
BF
C9
29
Routing Types
30
Standards for Web Server Access
31
OSI Networking Model
Provide network services To OS through network
client
Layer 7 Application
Application OS
Network Client
Application OS
Data compression decompression
data Encryption/decryption
Layer 6 Presentation
54321
12345
Connection between Client server
Layer 5 Session
Session
Packet control sequencing error control
Layer 4 Transport
Packets
Packet construction, Transmission, reception
Layer 3 Network
Data Packet with Header Trailer
Bit stream connection protocol
Layer 2 Data Link
Network card drivers
Network Wiring specifications
Layer 1 Physical
32
Domain Name System (DNS)

• Subtlety
• Organizations or ISPs have local DNS hosts
• These hosts must know only local host names and
  IP addresses
• For other host names, local DNS host passes
  request to another DNS host

User PC Internet Layer Process
Local DNS Host
Remote DNS Host
33
Domain Name System (DNS)

• Subtlety
• Remote DNS host passes information back to the
  local DNS host
• Local DNS host passes information back to user PC
• Browser only talks to local DNS host

User PC Internet Layer Process
Local DNS Host
Remote DNS Host
34
Autoconfiguration

• Every computer attached to the Internet is a host
• Including desktop PCs
• Every host must have an IP address
• Some hosts, such as routers and webservers, get
  permanent IP addresses
• So that they can be found easily

35
Autoconfiguration

• User PCs do not need permanent IP addresses
• They only need to be found within a use session
• They usually are given temporary IP addresses
  each time they use the Internet
• They may get a different IP address each time
  they use the Internet

36
Autoconfiguration

• Request-Response Cycle
• User software requests IP address for the user PC
  in Autoconfiguration Request message
• Autoconfiguration Response message contains
  temporary IP address to use in current session

Autoconfiguration Request
User PC
Autoconfiguration Host
Temporary IP Address in Autoconfiguration Response
37
Autoconfiguration

• Most popular autoconfiguration protocol is DHCP
• Dynamic Host Configuration Protocol
• Built into Windows after Win 3.1
• Supplies host with temporary IP address
• DHCP can give more information too
• Usually gives IP address of a default gateway
  (Microsoft terminology for router)
• Can give IP address of a local DNS host
• Can give other information

38
The Peak Load Problem

• Capacity Sufficient Most of the Time
• Otherwise, get bigger switches and trunk lines!
• Brief Traffic Peaks can Exceed Capacity
• Frames will be delayed in queues or even lost if
  queue gets full

Traffic Peak
Capacity
39
Overprovisioning

• Overprovisioning Install More Capacity than Will
  be Needed Nearly All of the Time
• Wasteful of capacity
• Still, usually the cheapest solution today
  because of its simplicity

Overprovisioned Capacity
Traffic Peak
40
Priority

• Assign Priorities to Frames
• High priority for time-sensitive applications
  (voice)
• Low priority for time-insensitive applications
  (e-mail)
• In traffic peaks, high-priority frames still get
  through
• Low-priority applications do not care about a
  brief delay for their frames

High-Priority Frame Goes
Low-Priority Frame Waits Briefly
41
Bridges

• A bridge can be used to connect two similar LANs,
  such as two CSMA/CD LANs.
• A bridge can also be used to connect two closely
  similar LANs, such as a CSMA/CD LAN and a token
  ring LAN.
• The bridge examines the destination address in a
  frame and either forwards this frame onto the
  next LAN or does not.
• The bridge examines the source address in a frame
  and places this address in a routing table, to be
  used for future routing decisions.

42
Bridges Interconnect
43
Connecting LANs
44
Frames Are Converted
45
Storage Area Network
46
Relationship Between the OSI Model and
Internetworking Devices
47
Internet Protocols

• UDP
• Layer 4
• Operates over IP
• End-to-end connectionless, unreliable datagram
  service
• Used for query based applications, multicasting
  and VoIP
• ICMP
• Provides error-handling
• Messages related to network management
• IGMP
• Layer 3
• Allows Internet hosts to participate in
  multi-casting

48
TCP/IP

• TCP performs the packetizing function
• Breaking data into smaller packets
• Numbering packets
• Ensuring reliable delivery of packets
• Ordering packets at the destination

49
Linking to the Application Layer

• Each type of application has a unique port
  address
• Application software sends both source and
  destination port addresses to the transport layer
• Standard port addresses
• Port 80 - web server
• Port 21 FTP (also port 20)
• Port 23 - telnet
• Port 25 - SMTP

50
Packetizing

• Breaking large data messages into smaller packets
  for transmission through the network
• Size is dependent of data link layer protocol
• Default size without protocol is 536 bits
• Size can be negotiated between sender and
  receiver
• Numbering packets (sequencing) when needed
• Ensuring reliable delivery of every packet
• Delivered one at a time or held until all have
  arrived at the destination
• Reassembling and ordering packets at the
  destination

51
Connection-Oriented Routing

• Sets up a virtual circuit between sender and
  receiver
• Transport layer sends a special packet called a
  SYN
• Virtual circuit appears to the application
  software to use point-to-point circuit-switching
• Actually uses store-and-forward switching
• Network layer decides which route the packets
  will be travelling and sends them sequentially
• High overhead - open/close of circuit

52
Connectionless Routing

• Each packet of a large transmission is treated
  separately and makes its own way through the
  network
• Packets may travel different routes and at
  different speeds through the network
• Sequence number must be added to each packet by
  the Network layer
• Network layer at receivers side must reassemble
  packet in sequence

53
Connectionless vs. Connection-Oriented Routing

• TCP/IP can operate as connection-oriented or
  connectionless.
• When connection-oriented routing is needed, both
  TCP and IP are used. TCP establishes the virtual
  circuit and IP routes the messages.
• When connectionless routing is desired, only IP
  is needed, and the TCP packet is replaced with a
  User Datagram Protocol (UDP) packet.

54
Quality of Service (QoS) Routing

• Special kind of connection-oriented dynamic
  routing
• Packets are assigned different priorities
• Depending on the type of packet sent
• Different classes of service are defined to
  determine the priority
• Transport layer specifies the class of service
  when requesting virtual circuit
• Each path designed to support different service
  classes
• Qos protocols
• Rsvp
• Rtsp
• Rtp

55
Addressing
Key Concept Each computer has several addresses,
each used by a different layer.
Example Address
Example Software
Address
Application Layer
Web Browser
www.cob.niu.edu
Network Layer
IP
131.156.120.128
Data Link Layer
00-0C-00-F5-03-5A
Ethernet
56
Route and Route Table
C
B
Computer B Destination
Route A A C C D A E E F E G C
G
A
F
D
E
57
Internet Routes
WSU Destination Route UEN
Utah Oxford Europe U of Toronto Canada U of
Singapore Asia UC Stanford West Coast Other
Other
58
Routing Protocols

• RIP, IGP, OSPF, EGP, BGP
• Distance vector routing protocols (RIP,
  Appletalk,IPX, IGRP)
• Routers inform neighboring routers of table
• Closest router is used to route packets
• Link State routing protocols (OSPF)
• Routers have at least a partial map of the
  network
• Changes are flooded throughout network
• Routes are recomputed

59
Interior and Exterior Routing

• Interior routing is within an autonomous system
  (collection of routers under a single
  administrative control)RIP, OSPF
• Exterior routing occurs between autonomous
  systems
• Network access protocols operate at Layer 2.
• Transport of IP datagrams
• IP over point-to-point connections is used by ISP
  when you dial in

60
Routing Protocols

• Internet protocols
• BGP (border gateway protocol)
• Exchanges information between autonomous systems
  about the condition of the internet
• Complex, hard to administer, exterior routing
  protocol
• ICMP (internet control message protocol)
• Simple, interior routing protocol used with the
  internet
• Reports routing errors but is limited in the
  ability to update
• RIP (routing information protocol)
• Dynamic distance vector interior routing protocol
• Counts the number of devices on each route
• Selects the route with the least number of devices

61
Routing Protocols

• OSPF (open shortest path first)
• Link state interior routing protocol used on the
  internet
• Counts number of computers, network traffic,
  network error rates to select the best route
• Doesnt broadcast to all devices just to routing
  devices
• Preferred TCP/IP, but also used by IPX/SPX
• EIGRP (enhanced interior gateway routing
  protocol)
• Link state interior routing protocol developed by
  CISCO
• Uses route transmission capacity, delay,
  reliability and load to select best route
• Stores multiple routing tables
• SAP (service advertisement protocol)
• Netware servers send SAP advertisements
• Novells broadcast protocol

62
Bandwidth and Expansion

• Internet traffic doubles every 11 months
• Traffic increases due to changing nature of
  applicationsmore video and music with high
  bandwidth
• Streaming video requires 3-7 Mbps
• Video compression
• MPEG standards

63
Broadband Requirements

• High speed and capacity
• From terabits to petabits!
• Bandwidth on demand
• Any time allocation
• Bandwidth reservation
• Guarantee of needed bandwidth
• Support of isochronous traffic
• Traffic with no tolerance for delay
• QoS
• Provide variable service levels

64
Tunneling with a VPN
65
Why VPNs?

• Improves ability to communicate outside of a
  company
• Enables secure access
• Provides rapid provisioning of capacity as needed

66
How Remote Access Via a VPN Works
67
VPN Characteristics

• Logical network
• Isolates customer traffic on shared provider
  facilities
• Looks like a private network
• Runs on either packet switched data network or
  circuit-switched public network
• Can be deployed over a wide range of network
  technologies
• Uses shared carrier infrastructure

68
Deployment Models

• Customer-based
• Carriers install gateways, routers and hardware
  on customer premises
• Customer manages security
• Network-based
• Carrier houses all equipment at POP near customer
  location

69
VPN Frameworks

• Internet based
• Small ISPs provide local access services in a
  region
• Business users get end-to-end services from a
  variety of suppliers
• Encryption used to isolate traffic and provide
  security
• Customer provides servers wit applications/content
  
• A RADIUS server is used to authenticate traffic
  for access to application/Content servers
• RADIUS server is connected to a firewall

70
Provisioned VPNs

• Packet-switched VPN that runs across ISP backbone
  using Frame Relay or ATM
• Supports multiple protocols
• Provisioned services improve performance by
  enabling guarantees of service (QoS)

71
3 Major VPN Applications

• Intranets
• Sit-to-site connections
• Remote Access
• Remote workers and outside customers
• Eliminates modems remote access routers
• Extranets
• Suppliers have specific access

72
VPN Gateway Functions

• Maintenance of a secure logical connection as a
  tunnel
• Tunneling is encapsulation of a data packet
  within an IP packet
• Remote ends of tunnel can be at edges of ISP or
  corporate boundary router
• Traffic is routed as encyrpted

73
Key Tunneling Protocols

• PPTPLayer 2 in MS products
• L2TP used by ISPs on backbone
• IPSec covers encryption at 168 bit and
  authenticated both ends of tunnel connection
• Works only in IP environment

74
VPN Security

• Firewalls are used to control policies for data
  exchange between 2 networks
• Routers can act as a firewall by managing packet
  traffic (filter)
• Proxy servers used to separate internal network
  from public services
• Authentication provided by RADIUS servers
• Uses CHAP (Challenge Handshake Authentication
  Protocol) to authenticate
• Tokens issued with user password to server to
  verify user access
• New tokens generated each time a user connects

75
Basic Encryption Terminology

• Plaintext (aka cleartext) original, readable
  data
• Ciphertext scrambled form of plaintext
• Encryption reversible conversion of plaintext
  into ciphertext
• Decryption conversion of ciphertext back into
  plaintext
• Crack (aka break) code decrypt ciphertext
  without knowing key

76
Basic Encryption Terminology (contd)

• Key secret allowing encryption and decryption
  to be restricted to possessors of key
• Symmetric encryption encryption requiring a
  shared key for both encryption and decryption
• Asymmetric encryption algorithm using a
  different key for decryption than for encryption

77
Encryption

• Encoding plain text data to hide contents with
  cipher text
• Symmetric
• Sender and receiver use same key
• Popular algorithms DES, Triple DES, Blowfish
• Asymmetric (PKI)
• Different keys with one key held publicly
• Verifies message through hashing (MD5)
• Types of public keys are RSA, Diffie-Hellman, PGP
• PKI uses digital certificates to authenticate
  users and encrypt data
• Verisign and Entrust

78
US Digital Signature Law

• USA 15 USC 7006
• Title 15 Commerce and Trade
• Chapter 96 Electronic Signatures in Global and
  National Commerce
• Based on S.761 (Sponsor Sens Abraham Spencer)
• Introduced 1999-003-25
• Came into force 2000-06-30
• See Legal Information Institute entry at
• http//www4.law.cornell.edu/uscode/15/ch96.htmlPC
  96

79
Electronic Payments

• Credit card transactions
• Digital cash
• Micropayments

80
Credit Card Transactions

• No documented case of interception of credit-card
  data while in transit through the Internet
• Most sites use Secure Sockets Layer (SSL)
• Credit-card information theft has occurred from
  servers
• All sensitive data on Web servers should be
  encrypted
• Safety of allowing a merchant to use credit-card
  information depends on the merchant
• No worse to give info to reputable firm via Web
  than to clerk who takes card away from view

81
Credit Cards Escrow

• Allow buyer to register credit-card data with
  reputable firm
• Merchant receives payment from escrow service
• Escrow service bills client credit card
• Insulates buyer from seller
• Examples
• VeriSign Cybercash http//www.cybercash.com
• Escrow.com http//www.escrow.com (for domain name
  sales)
• Beseen BuyIt Button http//buyit.beseen.com
• Tradenable http//www.tradenable.com
• PayPal www.paypal.com

82
Digital Cash

• All credit-card transactions result in electronic
  audit trail
• Digital cash (aka e-cash) removes trail
• Load a device with credits
• Use device for transactions to transfer credits
• Requires device that can prevent
• Counterfeiting (loading credits fraudulently)
• Theft (removing credits fraudulently)

83
Digital Cash (contd)

• Mechanisms depend on smart cards
• Devices size of credit card
• Include microprocessor, RAM, power
• Programmed with cryptographic tools to prevent
  unauthorized modification of contents
• Interface allows merchant to deduct or refund
  credits
• Examples include
• eCash http//www.digiscash.com
• E-Cash Services http//www.ecashservices.com

84
Expensive Leased Lines
85
VPN Access as an Intranet
86
VPNs and Business
Before a VPN Point-to-Point
After a VPN Tunneled
87
Encryption and VPNs
88
Evaluating a VPN Solution
89
VoIP

• Not yet a big player with less than 5 of market
• Cost savings, enhanced voice services and new
  applications major advantages
• VoIP gateways bridge circuit-switched PSTN and
  packet-switched Internet
• Gateways packetize, and compress voice, route
  packets, authenticate users, and manage network
  of gateways

90
VoIP Hardware

• Enterprise gateway
• Deployed between PBX and WAN device (router) for
  call set-up,routing, and conversion
• VoIP routers
• Voice cards perform packetization and compression
  functions in a router
• IP PBX
• Distributed telephony servers that operat ein
  packt-switched mode
• ISP VoIP gateways
• Aggregate incoming traffic and routing

91
VoIP Infrastructure
92
VoIP Architecture
93
Implementing VoIP
94
VoIP Standards

• H.323
• Based on ISDN and limited to point-to-point
  applications
• SIP
• Application layer (signaling) protocol
• Establishes temp sessions for multimedia
  conferences, telephony, mobile phone-to-instant
  messaging
• LDAP
• Standard directory server technology for Internet
• Enables retrieval of information from
  multi-vendor directories
• Used for free phone and Internet phone number
  hosting