Wide Area Networking Protocols

1
Chapter 11

• Wide Area Networking Protocols

2
Objectives

• Identify PPP operations to encapsulate WAN data
  on Cisco routers
• Configure authentication with PPP
• Understand how Frame Relay works on a large WAN
  network
• Configure Frame Relay Local Management Interface,
  maps, and subinterfaces
• Monitor Frame Relay operation in the router
• Understand the ISDN protocols, function groups,
  and reference points
• Describe how Cisco implements ISDN BRI

3
Defining WAN Terms

• Customer Premises Equipment (CPE)
• Routers
• Switches
• FRAD
• NT1
• PCs
• CSU/DSUs
• Etc
• Demarcation (demarc)
• Point of entry into the Local Loop
• Point where service providers responsibility
  begins
• Usually RJ45 connection

4
Defining WAN Terms

• Local Loop
• Connection between Demarc and Central Office
• Last Mile
• POTS
• ISDN
• ADSL
• Central Office (POP)
• Service providers facilities where traffic enters
  switching network
• Toll Network
• Trunk lines inside the providers WAN network
• Switching facilities

5
(No Transcript)
6
WAN Connection Types
7
WAN Connection Types

• Dedicated
• Usually a leased line
• Permanent connection
• T1, T3, Fraction T1 etc
• Circuit Switched - telephone, ISDN
• Dial up service
• No need for source or destination address
• Temporary
• Acts as if a Leased Line for the duration of the
  connection
• Packet Switched X.25, Frame Relay, ATM
• PVCs permanent logical circuits
• Share bandwidth
• SVCs must be setup each time a connection is
  required

8
Network Services Hierarchy
9
Terms

• Asynchronous
• Without clocking
• Events occur in a unpredictable manner
• Synchronization established with each character
• Stop / Start bits
• Synchronous
• Timing provided by a clock signal
• Modem / carrier

10
WAN Support

• X.25
• Packet Switched
• 3-layer protocol
• Physical --- Serial
• DataLink --- HDLC
• Ensures reliable delivery
• Network --- PLP Packet Layer Protocol
• Establish, maintain, and terminate virtual
  circuits
• Up to 9.6 kbs

• Frame Relay
• 2-Layer Protocol
• Physical --- Serial
• DataLink --- Cisco 0r IETF
• Successor to X.25
• Unreliable / faster
• Error Detection
• Bandwidth on demand
• T1 maybe T3 speeds

11
Key X.25 Protocols Map to the Three Lower Layers
of the OSI Reference Model
                                                  
     

12
WAN Support

• ISDN
• Voice, Data, Mulimedia
• Existing telephone lines
• Basic Rate Interface - BRI
• 2 64 kbps B(earer) Channels (128Kbps)
• 1 16 kbps D(ata) Channel
• Primary Rate Interface PRI (1.4 Mbps)
• 23 64 kbs B(earer) Channels
• 1 64 kbs D(ata) Channel

13
WAN SupportSerial Connection Protocols

• HDLC
• Bit-oriented Data Link layer ISO standard
  protocol
• Specifies a data encapsulation method
• PtP protocol used on leased lines
• No authentication can be used
• No layer 3 protocol identification
• Proprietary
• Cisco HDLC
• LAPB
• Similar to HDLC
• More overhead
• PPP
• More functional than SLIP
• Uses NCP to carry different Layer 3 protocols

14
WAN OSI Mapping
15
(No Transcript)
16
HDLC Frame Format
17
Point-to-Point Protocol (PPP)

• Purpose
• Transport layer-3 packets across a Data Link
  layer point-to-point link
• Can be used over asynchronous serial (dial-up) or
  synchronous serial (ISDN) media
• Uses Link Control Protocol (LCP)
• Builds maintains data-link connections

18
Point-to-Point Protocol Stack
19
PPP Main Components

• EIA/TIA-232-C
• Intl. Std. for serial communications
• HDLC
• Serial link datagram default encapsulation method
• LCP Link Control Protocol
• Used in P-t-P connections
• Establishing
• Maintaining
• Terminating
• NCP
• Method of establishing configuring Network
  Layer protocols
• Allows simultaneous use of multiple Network layer
  protocols

20
PPP
21
LCP Configuration Options

• Authentication
• PAP
• CHAP
• Compression
• Stacker
• Predictor
• Error detection
• Quality
• Magic Number
• Aids in detection of loop-back conditions
• down-when-loopback
• Multilink
• Splits the load for PPP over 2 parallel
  circuits a bundle
• ppp multilink

22
LCP Link Configuration

• Link-establishment phase
• Open and configure PPP
• Authentication phase (optional)
• CHAP / PAP
• Verify identity
• Link-quality determination (optional)
• Network-layer protocol phase
• Negotiates the proper layer-3 protocol
• Link Termination

23
PPP Authentication Methods

• Password Authentication Protocol (PAP)
• At start up only
• Passwords sent in clear text
• Remote node returns username password
• username remote router hostname
• Does not prevent access
• Challenge Authentication Protocol (CHAP)
• Done at start-up periodically
• Challenge Reply
• Remote router sends a one-way hash MD5
• Does not prevent access

24
PPP Authentication

• Password Authentication Protocol (PAP)
• PAP is not a strong authentication protocol.
  Passwords are sent across the link in clear text.
  Also known as 2-way handshake

25
PPP Authentication

• Challenge Handshake Authentication Protocol
  (CHAP)
• CHAP is used to periodically verify the identity
  of the remote node, using a three-way handshake
• CHAP provides protection against playback attacks
  through the use of a variable challenge value
  that is unique and unpredictable
• CHAP does not allow a caller to attempt
  authentication without a challenge

26
Configuring PPP

• Step 1 Configure PPP on RouterA RouterB
• Router__config t
• Router__(config)int s0
• Router__(config-if)encapsulation ppp
• Router__(config-if)Z
• Step 2 Define the username password on each
  router
• RouterA RouterA(config)username RouterB
  password cisco
• RouterB RouterB(config)username RouterA
  password cisco
• NOTE (1) Username maps to the remote router
• (2) Passwords must match
• Step 3 Choose Authentication type for each
  router CHAP/PAP
• Router__(Config)int s0
• Router__(config-if)ppp authentication chap
• Router__(config-if)ppp authentication pap
• Router__(config-if)Z
• Step 4 Verify setup
• Router sh int s0

27
PPP Authentication Setup

• Set hostname on both routers
• Set username
• Set password
• Must be the same on both routers
• Set authentication type
• CHAP
• PAP
• Both

28
Frame Relay

• Background
• High-performance WAN encapsulatuon method
• OSI Physical data Link layer
• Originally designed for use across ISDN
• Supported Protocols
• IP, DECnet, AppleTalk, Xerox Network Service
  (XNS), Novell IPX, Banyan Vines, Transparent
  Bridging, ISO

29
Frame Relay

• Purpose
• Provide a communications interface between DTE
  (router) DCE equipment (teleco switch)
• Connection-oriented Data Link layer communication
• Via virtual circuits
• Provides a complete path from the source to
  destination before sending the first frame

30
Frame Relay Terminology
31
Frame Relay

• Some networks will use a separate router and
  CSU/DSU.
• Some routers have built-in cards that allow them
  to make WAN connections.
• The network device that connects to the frame
  relay Switch is known as a Frame Relay Access
  Device (FRAD) or Frame Relay Assembler/Disassemble
  r.
• The frame relay switch is called the Frame Relay
  Network Device (FRND)

32
CSU/DSU on Router
33
Router With Built-In CSU/DSU
34
Virtual Circuits

• Nearly any serial interface
• Multiplexing, which means it combines multiple
  data streams onto one physical link.
• Data stream is separated into logical connections
  
• Virtual circuits.
• SVCs
• Less common
• Controlled by software
• Only active while a connection to the WAN is
  active.
• PVCs
• Permanently connected to the WAN
• Network administrator manually defines the PVC

35
Frame Relay Encapsulation

• Specified on serial interfaces
• Encapsulation types
• Cisco (default encapsulation type)
• IETF (used between Cisco non-Cisco devices)
• RouterA(config)int s0
• RouterA(config-if)encapsulation frame-relay ?
• ietf Use RFC1490 encapsulation
• ltcrgt

36
Data Link Connection Identifiers (DLCIs)

• Frame Relay PVCs are identified by DLCIs
• IP end devices are mapped to DLCIs
• Mapped dynamically or mapped by IARP
• Global Significance
• Advertised to all remote sites as the same PVC
• Local Significance
• DLCIs do not need to be unique
• Configuration
• RouterA(config-if)frame-relay interface-dlci ?
• lt16-1007gt Define a DLCI as part of the current
• subinterface
• RouterA(config-if)frame-relay interface-dlci 16

37
DLCI Numbers

• 10 bits - 210 1024
• 1 15 future use
• 16 1007 used to assign PVCs
• 1008 1018 future use
• 1019 1022 Multicast
• 0,1023 administrative DLCI for LMI

38
Frame Relay Map

• Routers that support frame relay will have a
  frame relay map
• A table that defines the specific interface to
  which a specific DLCI number is mapped.
• The frame relay switching table maps its ports to
  the correct DLCI numbers for the virtual
  connection
• Entries consists of the incoming port on the
  switch, the incoming DLCI number, the outgoing
  port on the switch, and the outgoing DLCI number

39
Frame Relay Map Example
40
Local Management Interface (LMI)

• Background
• Frame Relay Extensions
• Gang of Four
• Strata, nothern Telecom, Cisco and DEC
• Purpose
• Provide additional capabilities

41
LMI Messages

• Report type
• Indicates whether the message is just a
  keep-alive frame or a full status message.
• Keep-alive
• LMI sends keep-alive frames every 5 30 seconds
  (10 by default) to ensure that the link is still
  active.
• PVC status
• PVC status messages contain DLCI status in
  addition to the keep-alive information
• Also provides
• Multicasting
• Multicast Addressing
• Global Addressing

42
PVC Status

• New
• A new DLCI connection has been configured
• Active
• The virtual circuit is available
• Deleted
• LMI information is not being received from switch
• Receiver not ready
• Flow control indicates the vc is congested.
• Minimum bandwidth
• Usually indicates the CIR
• Some providers use this information to
  dynamically adjust the connection to adapt to
  changing traffic conditions.
• Global addressing
• Gives DLCI global significance, as described
  earlier.
• Multicasting
• Configure a group of destination addresses
• Provider-Initiated Status Update
• Allows the provider to initiate a status inquiry.

43
LMI Encapsulation Types

• Different frame relay switches and routers employ
  or support different types of LMI encapsulation
• Different protocol encapsulation types supported
  by Cisco
• cisco
• Defined by Gang of Four
• Allows for 992 virtual circuit addresses
• Uses DLCI 1023 as a management circuit
• ansi
• ANSI standard T1.617 Annex-D
• Allows for 976 virtual-circuit addresses
• Uses DLCI 0 as the management circuit.
• q933a ITU-T Q.933 Annex A
• Similar to ANSI T1.617 Annex D
• Uses DLCI 0 as a management circuit.

44
LMI Encapsulation Types Continued

• Cisco routers (using IOS Release 11.2 or later)
• Autosense the LMI encapsulation type used by the
  frame relay switch.
• If more than one LMI type identified, the Cisco
  router will automatically configure itself to use
  the last LMI type received.
• The administrator can also manually configure the
  LMI type.

45
LMI Types

• Configuration
• RouterA(config-if)frame-relay lmi-type ?
• cisco
• ansi
• q933a

46
Basic Configuration Graphic
47
Basic Configuration Commands
48
Sub-interfaces

• Definition
• Multiple virtual circuits on a single serial
  interface
• Enables the assignment of different network-layer
  characteristics to each sub-interface
• IP routing on one sub-interface
• IPX routing on another
• Mitigates difficulties associated with
• Partial meshed Frame Relay networks
• Split Horizon protocols

49
Partial Meshed Networks
50
Creating Sub-interfaces

• Configuration
• 1 Set the encapsulation on the serial interface
• 2 Define the subinterface
• RouterA(config)int s0
• RouterA(config)encapsulation frame-relay
• RouterA(config)int s0.?
• lt0-4294967295gt Serial interface number
• RouterA(config)int s0.16 ?
• multipoint Treat as a multipoint
  link
• point-to-point Treat as a point-to-point
  link
• point-to-point
• Each PtP sub-iterface requires a unique subnet
• Must assign DLCI
• Multipoint
• Multiple PVC connections to multiple remote
  (sub)interfaces
• DLCI can be resolved via inverse ARP

51
Point-to-Point Subinterface Configuration Graphic
52
Multipoint Configuration
Notice the same subnet identifier is used for
both virtual circuit connections. Note also that
the routers all share the same subnet, identified
by their first three octets.
53
Mapping Frame Relay

• Necessary to IP end devices to communicate
• Addresses must be mapped to the DLCIs
• Methods
• Frame Relay map command
• Inverse-arp function

54
Frame Relay Map Example
55
Using the map command

• RouterA(config)int s0
• RouterA(config-if)encap frame
• RouterA(config-if)int s0.16 point-to-point
• RouterA(config-if)no inverse-arp
• RouterA(config-if)ip address 172.16.30.1
  255.255.255.0
• RouterA(config-if)frame-relay map ip
  172.16.30.17 16 ietf broadcast
• RouterA(config-if)frame-relay map ip
  172.16.30.18 17 broadcast
• RouterA(config-if)frame-relay map ip
  172.16.30.19 18

56
Inverse ARP

• Inverse ARP to sends a query using the DLCI
  number to find an IP address.
• As routers respond to the Inverse ARP queries,
  the local router can build its frame relay map
  automatically.
• Routers exchange Inverse ARP messages every 60
  seconds, by default.
• If Inverse ARP not supported the frame relay map
  has to be built and updated manually (statically)

57
Using the inverse arp command

• inverse arp enabled by default
• RouterA(config)int s0.16 point-to-point
• RouterA(config-if)encap frame-relay ietf
• RouterA(config-if)ip address 172.16.30.1
  255.255.255.0
• Disable inverse ARP
• no frame relay inverse-arp protocol dlci
• Building a static map entry does the same thing
• Re-enable inverse ARP
• frame-relay inverse-arp protocol dlci

58
Global Addressing

• Makes Frame Relay network resemble LAN
• DLCI globally significant addresses of end-user
  devices
• Fixed DLCI is assigned to a specific location (A)
• Same DLCI for A regardless of sending location
• Router constructs the header of an outbound
  frame, inserting the DLCI value of the
  destination (rather than a DLCI value from the
  local pool of unused numbers).

59
Global Addressing
60
Global Addressing

• Each interface has its own identifier
• Pittsburgh wants to send a frame to San Jose
• Pittsburgh places the value 12 (San Jose)in the
  DLCI field
• Sends the frame into the Frame Relay network
• At the exit point, the DLCI field is changed by
  the network to 13 to reflect the source node
• Each router interface has a distinct value as its
  node identifier, so individual devices can be
  distinguished. This permits adaptive routing in
  complex environments.

61
Congestion Control

• Discard Eligibility (DE)
• Forward-Explicit Congestion Notification (FECN)
• Backward-Explicit Congestion Notification (BECN)

62
Congestion Control
63
Frame Format
64
Committed Information Rate (CIR)

• Definition Provision allowing customers to
  purchase amounts of bandwidth lower than what
  they might need
• Cost savings
• Good for bursty traffic
• Not good for constant amounts of data transmission

65
Frame Relay Charges

• CIR
• Port
• One at each end
• FRAD
• Last mile line

66
Monitoring Frame Relay

• RouterAgtsho frame ?
• ip show frame relay IP statistics
• lmi show frame relay lmi statistics
• map Frame-Relay map table
• pvc show frame relay pvc statistics
• route show frame relay route
• traffic Frame-Relay protocol statistics
• RouterAsho int s0
• RouterBshow frame map
• Routerdebug frame-relay lmi

67
(No Transcript)
68
Integrated Services Digital Network (ISDN)

• Background
• Designed to run over existing telephone lines
• Worldwide connectivity
• Popular with small offices, remote users
• Suite of standards encompassing Physical,
  DataLink, Network Layers
• Benefits
• Can carry voice, video data simultaneously
• Has faster call setup than a modem
• Has faster data rates than a modem connection
• Lower costs than Frame Relay

69
Function Groups Reference Points

• Function groups and reference points
• Describe ISDN components and conncetions
• Function groups describe a set of functions that
  are implemented by a device and software.
• The connection between two function groups is
  called a reference point
• Not all function groups and reference points are
  required for each ISDN connection.

70
ISDN Function Groups

• Terminal adapter
• A converter device that allows non-ISDN devices
  to operate on an ISDN network.
• Terminal Equipment 1 (TE1)
• A device that supports ISDN standards and that
  can be connected directly to an ISDN network
  connection
• Terminal Equipment 2 (TE2)
• A non-ISDN device which requires a TA.
• Network Termination 1 (NT1)
• A connection box that is attached to ISDN BRI
  lines. This device terminates the connection from
  the CO
• Network Termination 2 (NT2)
• Provides switching services for the internal
  network typically used with PRI lines

71
ISDN Reference Points

• U Defines the demarcation between the user
  network and the providers ISDN facility
• The actual two-wire cable local loop that
  connects the CPE to the provider.
• R Between non-ISDN equipment (TE2) and the TA
• The wire or circuit that connects TE2 to the TA.
• S TE1 or TA and the NT1 or NT2
• Four-wire cable from TE1 or TA to the NT1 or NT2
• T Between NT1 and NT2
• four-wire cable used to divide the 2-wire cable
  into 4 wires, which then allows the connection of
  up to eight ISDN devices.
• S/T When NT2 is not used
• The connection from the router or TA to the NT1

72
ISDN Components
73
ISDN Protocols

• E Existing telephone network
• E163 Telephone numbering
• E.164 ISDN addressing
• I Concepts, aspects, services
• I.100 Terminology, structure , concepts and
  interfaces
• I.300 Networking recommendations
• Q Switching signaling
• Q.921 Data Link Layer LAPD procedures
• Q.931 Network layer functions

74
Basic Rate Interface (BRI)

• 2B1D
• Two B-channels _at_ 64Kbps
• Data
• One D-channel _at_ 16Kbps
• Control signaling
• Configuration
• SPIDs one for each B-channel
• telephone number of each B-channel

75
Primary Rate Interface (PRI)

• 23B1D (North America)
• 23 B-channels _at_ 64 Kbps
• 1 D-channel _at_ 64 Kbps
• Total bit rate gt1.544 Mbps
• Europe/Australia/etc.
• 30 B-channels _at_ 64 Kbps
• 1 D-channel _at_ 64 Kbps
• Total bit rate gt2.048 Mbps

76
ISDN Operations

• ISDN uses both PPP and the Link Access Procedure
  D-channel (LAPD).
• ISDN uses LAPD to pass the signaling messages
  between the router and the ISDN switch at the
  local CO.
• The data travels between routers on the
  B-channels via HDLC or PPP encapsulation

77
ISDN Operations Example
78
ISDN Switch Types
79
SPIDS

• Many providers utilize ISDN switches, which
  require Service Profile Identifiers (SPIDs) for
  dial-in access.
• SPIDs are frequently referred to as ISDN phone
  numbers
• SPIDs identify your ISDN equipment to the ISDN
  switch.
• An ISDN device can access each ISDN channel via
  its SPID number.
• You can configure the router to utilize single or
  multiple SPIDs when making a connection

80
ISDN with Cisco Routers

• Accessing ISDN
• Built-in NT1 (U reference point)
• BRI interface
• ISDN modem (TA)
• Used with a routers serial interface
• RouterAconfig t
• Enter configuration commands, one per line. End
  with CTNL/Z.
• RouterA(config)isdn switch-type basic-ne1
• RouterA(config)int bri0
• RouterA(config-if)encap ppp (optional)
• RouterA(config-if)isdn spid1 085506610100
  8650661
• RouterA(config-if)isdn spid2 085506620100
  8650662

81
ISDN Subaddress

• If you want your Cisco router to answer incoming
  calls over your ISDN line, you can configure an
  ISDN subaddress or LDN Local Directory Number.
• The LDN is configured as subordinate to one of
  the ISDN SPIDs.
• For example, to define a LDN for ISDN SPID2
• Router(config-if) isdn answer 085506620100865066
  2 or
• Router(config-if) isdn spid2 085506620100
  8650662
• Only required when 2 SPIDs must tell the router
  which channel to listen on for incoming calls

82
Multilink PPP

• Multilink PPP, allows you to combine the
  individual bandwidth of several ISDN channels to
  increase the bandwidth of a single connection.
• Multilink provides
• load balancing
• packet fragmentation and reassembly
• sequencing for packets
• Can function over synchronous or asynchronous
  serial connections
• The command to enable multilink is
• router(config-if) ppp multilink

83
Dial-on-Demand Routing (DDR)

• Bandwidth on as-needed basis
• Low-volume/periodic network connections
• Reduces WAN costs
• Works when packets meet requirements as
  interesting traffic
• Interesting traffic is network traffic that you
  feel is worthy of activating or maintaining the
  link.
• DDR automatically connects and disconnects the
  line and/or ISDN channels as needed to support
  requested bandwidth

84
DDR

• The dial-on-demand routing (DDR) feature that is
  available on Cisco routers allows you to use
  bandwidth as needed.
• This feature can save organizations money on
  connections because DDR automatically connects
  and disconnects the line and/or ISDN channels as
  needed to support requested bandwidth.
• A DDR connection will only be made when
  interesting traffic reaches a certain level.
• Interesting traffic is network traffic that you
  feel is worthy of activating or maintaining the
  link.

85
Configuring DDR

• Tasks
• 1 Define static routes
• How to get to remote networks
• What interface to use
• 2 Specify interesting traffic
• Access Control / Dialer List
• You can link a dial list to an ACL
• 3 Configure the dialer information
• Interface / IP address
• Encapsulation
• Linkage of interesting traffic
• Telephone number

86
Configuring DDR (cont.)

• Step 1 Configuring Static Routes
• Participating routers must have static routes
  defining routes to known networks
• RouterA(config)ip route 172.16.50.0
  255.255.255.0 172.16.60.2
• RouterA(config)ip route 172.16.60.2
  255.255.255.0 bri0
• (Note If you configure dynamic routing the link
  will never disconnect)
• 
  

87
Configuring DDR (cont.)

• Step 2 Specify Interesting Traffic
• What traffic will bring up the ISDN line
• 804A(config)dialer-list 1 protocol ip permit
• 804A(config)int bri0
• 9-4A(config)dialer-group 1

88
Configuring DDR (cont.)

• Step 3 Configuring the Dialer Information
• 804Aconfig t
• 804A(config)int bri0
• 804A(config-if)ip address 172.16.60.1
  255.255.255.0
• 804A(config-if)no shut
• 804A(config-if)encapsulation ppp
• 804A(config-if)dialer-group 1
• 804A(config-if)dialer-string 8350661
• or
• 804A(config-if)dialer map ip 172.16.60.2 name
  804B 8350661

89
When to DDR?

• Define a traffic level when reached additional
  channel will be brought on line
• 804A(config-if)dialer load-threshold 1 255 in
  out either
• 255 100 loaded

90
DDR with Access Lists

• Use extended access lists to be more specific
  about what is interesting traffic
• 804A(config)dialer-list 1 list 110
• 804A(config)access-list 110 permit tcp any any
  eq smtp
• 804A(config)access-list 110 permit tcp any any
  eq telnet
• 804A(config)int bri0
• 804A(config-if)dialer-group 1

91
Verifying the ISDN Operation

• ping telnet
• show dialer dialer diagnostics, number of times
  the dial string has been reached
• show isdn active number called and whether call
  is in progress
• show isdn status Shows if SPIDs are valid
• show ip route
• debug isdn q921 See layer 2 information
• debug isdn q931 See layer 3 information
• debug dialer Call setup and teardown activity
  
• isdn disconnect int bri0 Disconnects

92
BRI Configuration Example Continued
93
(No Transcript)