PSDN and VPN - PowerPoint PPT Presentation

About This Presentation
Title:

PSDN and VPN

Description:

Title: Enterprise Internets Author: x Last modified by: Al Bento Created Date: 3/3/1997 7:51:28 PM Document presentation format: On-screen Show Company – PowerPoint PPT presentation

Number of Views:131
Avg rating:3.0/5.0
Slides: 33
Provided by: X321
Learn more at: http://home.ubalt.edu
Category:
Tags: psdn | vpn

less

Transcript and Presenter's Notes

Title: PSDN and VPN


1
PSDN and VPN
  • From circuit to packet switching

2
Packet-Switched Services
  • Offered by Carriers
  • X.25
  • Old, slow, and not sufficiently cheaper than
    frame relay
  • Frame Relay
  • Speeds in main range of user demand
  • Dominated the market in the 1990s
  • ATM
  • High speeds and costs, requiring equipment
    changes
  • Carrier Internet and MPLS services
  • Dominant services today

2
3
X.25 Packet-Switched Data Networks
  • Oldest packet switched network service (1970s)
  • Low speed (maximum around 64 kbps)
  • Mature easy to implement
  • Uses PVCs
  • Reliable service, so latency in transmission
  • Mostly replaced by Frame Relay

3
4
Frame Relay Packet-Switched Data Networks
  • Software upgrade to X.25 switches
  • Uses PVCs
  • Unreliable, so much faster on same switches
  • Good speed range 56 kbps - 40 Mbps Meets most
    corporate needs (most under 2 Mbps)
  • Grew rapidly in the 90s, to equal leased line
    WANs in terms of market share (about 40)

4
See more here.
5
Pricing of Packet Switching
  • Speed of the Access Line from Site to Network
  • Determines maximum transmission rate to the
    network
  • Often called the Port Speed
  • Often the most important price determinant
  • Must be fast enough for needs

See Frame Relay vs. DSL -- a price issue
5
6
ATM (Asynchronous Transfer Mode)
  • Offers very high speeds 622 Mbps, 2.5 Gbps to 40
    Gbps. Speeds are beyond most corporate needs
    today and high costs.
  • Connection-oriented (PVCs), unreliable
  • Quality of Service (QOS) guarantees critical
    traffic
  • Minimize latency (delays)
  • Inherent reliability (low loss rate)
  • Seen as the next generation before Ethernet
    surge
  • But Frame Relay kept increasing in speed in low
    Mbps range where market demand was highest

6
7
Pricing/Performance of Packet Switched Services
  • Pricing of Frame Relay and ATM
  • Customer Premises Equipment
  • Access Line to Point of Presence
  • Port Speed
  • Per PVC Price
  • Distance and Traffic Volume
  • The demise of Frame Relay and ATM
  • Transition from Frame Relay and ATM to Carrier
    Ethernet stimulated by Verizon, ATT, etc.
  • The move to Ethernet and IP based services a
    win-win situation.

7
8
Customer Premises Equipment
  • Access Device
  • Has link to internal system (often a LAN)
  • Has CSU/DSU to put internal traffic into format
    for Packet switching transmission
  • In Frame Relay, called Frame Relay Access Device
    (FRADS)

Access Device
Access Line to Network
LAN
8
9
Modular Routers
  • CSU/DSUs are removable expansion boards

Modular Router
Router Switching Circuitry
Port 1 CSU/DSU (T1)
Port 2 CSU/DSU (56 kbps)
Port 3 CSU/DSU (T3)
Port 4 CSU/DSU (56 kbps)
T1 Line
56 kbps Line
T3 Line
56 kbps Line
9
10
Elements of a Packet Switched Network
Customer Premises A
You need a leased access line to the networks
POP. Sometimes the packet switched network vendor
pays the cost of the access line for you and
bundles it into your service charges.
Leased Access Line to POP
LEC Switching Office
Leased Access Line to POP
POP at LEC Office
10
11
Elements of a Packet Switched Network
Switched Data Network
Trunk Line
Network Switching Office
POP
Customer Premises B
Leased Access Line
11
12
Calculations
  • Situation
  • You have four sites
  • You want any one to be able to reach any other
  • Questions
  • How many PVCs do you need?
  • How many access lines do you need?

12
13
Calculations
  • PVCs
  • If you have N sites, there are N(N-1)/2 possible
    connections
  • In this case, you would have 4(3)/2 or 6 possible
    connections
  • Some vendors count this as 6 PVCs, others as 12
    PVCs
  • Access Lines
  • You would need four access lines (one for each
    site)
  • Each will multiplex 3 PVCs
  • Must be fast enough for the needs of
    communication with the three other sites

13
14
Leased Lines vs. Packet-Switched Data Networks
  • Leased Lines
  • Point-to-point, inexpensive for thick routes
  • Inflexible must be established ahead of time
  • Packet Switched Networks
  • Also must be established ahead of time for PVCs
  • Competitor for leased line networks
  • Priced aggressively
  • Carrier does all the management
  • Killing the leased line business

14
15
Virtual Private Network
1. Site-to-Site
Tunnel
Internet
VPN Server
Corporate Site B
Corporate Site A
Remote Access for Intranet
Extranet
15
16
VPN advantage
  • Virtual Private Network (VPN)
  • Transmission over the Internet with added
    security
  • Some analysts include transmission over a PSDN
    with added security
  • Why VPNs?
  • PSDNs are not interconnected
  • Only good for internal corporate communication
  • But Internet reaches almost all sites in all
    firms
  • Low transmission cost per bit transmitted

16
17
VPN issues
  • VPN Problems
  • Latency and Sound Quality
  • Internet can be congested
  • Creates latency, reduces sound quality
  • Use a single ISP as for VoIP (voice over IP)
  • Security
  • PPTP for remote access is popular
  • IPsec for site-to-site transmission is popular

17
18
ISP-Based PPTP Remote Access VPN
  • Remote Access VPNs
  • User dials into a remote access server (RAS)
  • RAS often checks with RADIUS server for user
    identification information. Allows or rejects
    connection

Unsecure TCP Control Channel
Local Access
Secure Tunnel
ISP PPTP Access Concentrator
Internet
Corporate Site A
18
19
VPN and PPTP
  • Point-to-Point Tunneling Protocol
  • Available in Windows since Windows 95
  • No need for added software on clients
  • Provided by many ISPs
  • PPTP access concentrator at ISP access point
  • Some security limitations
  • No security between user site and ISP
  • No message-by-message authentication of user
  • Uses unprotected TCP control channel

19
20
IPsec in Tunnel Mode
Tunnel Mode
IPsec Server
IPsec Server
Local Network
Local Network
Secure Tunnel
Tunnel Only Between Sites Hosts Need NoExtra
Software
No Security In Site Network
No Security In Site Network
20
21
IPsec in Transfer Mode
Transfer Mode
IPsec Server
IPsec Server
Local Network
Local Network
Secure Tunnel
Security In Site Network
Security In Site Network
End-to-End (Host-to-Host) Tunnel Hosts Need IPsec
Software
21
22
IPsec alternatives
  • IP Security (IPsec)
  • Tunnel mode sets up a secure tunnel between
    IPsec servers at two sites
  • No security within sites
  • No need to install IPsec software on stations
  • Transfer mode set up secure connection between
    two end hosts
  • Protected even on internal networks
  • Must install IPsec software on stations, but
    default in current OSs (Windows, Linux, UNIX).

22
23
Security at the internet layer
  • IP Security (IPsec)
  • At internet layer, so protects information at
    higher layers
  • Transparent upper layer processes do not have to
    be modified

HTTP
SMTP
FTP
SNMP
TCP
UDP
Protected
Internet Layer with IPsec Protection
23
24
Common IPsec configuration
  • IP Security (IPsec)
  • Security associations
  • Governed by corporate policies

Party A
Party B
List of Allowable Security Associations
List of Allowable Security Associations
24
IPsec Policy Server
25
SSL/TLS for BrowserWebserver Communication
25
26
Metropolitan Area Ethernet
  • Metropolitan Area Network (MAN)
  • A carrier network limited to a large urban area
    and its suburbs
  • Metropolitan area Ethernet (metro Ethernet) is
    available for this niche
  • Metro Ethernet is relatively new, but is growing
    very rapidly
  • 802.3ad standard
  • Ethernet in the first mile
  • Standard for transmitting Ethernet signals over
    PSTN access lines
  • 1-pair voice-grade UTP, 2-pair data-grade UTP,
    optical fiber

26
27
Metropolitan Area Ethernet
  • Attractions of Metropolitan Area Ethernet
  • Low prices per bit transmitted
  • High speeds
  • Familiar technology for networking staff
  • Rapid provisioning
  • Rapid capacity increases for special events
  • Carrier Class Service
  • Basic metro Ethernet standards are insufficient
    for large wide area networks
  • Quality of service and management tools must be
    developed
  • The goal To provide carrier class services that
    are sufficient for customers

27
28
Carrier Ethernet and MPLS services
28
29
Carrier Ethernet and MPLS services
  • The two most popular WAN options today are MPLS
    and Carrier Ethernet.
  • Carrier Ethernet services include virtual private
    LAN service (VPLS), Gigabit and metro Ethernet.
  • E-LINE service -- site-to-site service, competes
    directly with leased lines.
  • E-LAN -- extends the LAN to the wide area, as if
    the PSDN service was only trunk lines between
    switches.
  • MPLS (Multiprotocol Label Switching) services
    typically refer to Layer 3 MPLS VPN services
  • a MPLS network determines the best path for
    packets between two hosts -- the label switched
    path.
  • Routers will send all packets along this path
    that receive a label path number.

29
30
Overview of MPLS services
  • A MPLS primer at https//www.youtube.com/watch?vU
    1w-b9GIt0k

30
31
More in the MPLS service
  • The label switched path

31
32
Carrier Ethernet and MPLS services
  • A historic view of Carrier Ethernet in Wikipedia
  • An example of carrier services ATT
  • Keeping up with news about Carrier Ethernet
    http//www.carrierethernetnews.com/
  • Carrier Ethernet vs MPLS services.
  • Software-Defined Networks (SDN)
  • Overview in Wikipedia.
  • Pros and cons of SDN.

32
Write a Comment
User Comments (0)
About PowerShow.com