630 likes | 766 Views
Teleworker Services. Accessing the WAN – Chapter 6 Modified by Mike Haines. 09/20/2008. Objectives. In this chapter, you will learn to: Describe the enterprise requirements for providing teleworker services, including the differences between private and public network infrastructures.
E N D
Teleworker Services Accessing the WAN– Chapter 6 Modified by Mike Haines 09/20/2008
Objectives • In this chapter, you will learn to: • Describe the enterprise requirements for providing teleworker services, including the differences between private and public network infrastructures. • Describe the teleworker requirements and recommended architecture for providing teleworking services. • Explain how broadband services extend enterprise networks using DSL, cable, and wireless technology. • Describe the importance of VPN technology, including its role and benefits for enterprises and teleworkers. • Describe how VPN technology can be used to provide secure teleworker services to an enterprise network.
Business Requirement for Teleworker Services • With advances in broadband and wireless technologies, working away from the office no longer presents the challenges it did in the past. • Organizations can cost-effectively distribute data, voice, video, and real-time applications, across their entire workforce no matter how remote and scattered they might be. • On a broader scale, the ability of businesses to provide service across time zones and international boundaries is greatly enhanced using teleworkers. • Contracting and outsourcing solutions are easier to implement and manage. • From a social perspective, teleworking options increase the employment opportunities for various groups, including parents with small children, the handicapped, and people living in remote areas. • Teleworkers enjoy more quality family time, less travel-related stress, and in general provide their employers with increased productivity, satisfaction, and retention.
Teleworker Solution • With the growing number of teleworkers, enterprises have an increasing need for secure, reliable, and cost-effective ways to connect to people working in small offices and home offices (SOHOs), and other remote locations, with resources on corporate sites. • The figure displays 3 remote connection technologies available to organizations for supporting teleworker: 1. Traditional private WAN Layer 2 technologies, including Frame Relay, ATM, and leased lines, provide many remote connection solutions. 2. IPsec Virtual Private Networks (VPNs) offer flexible and scalable connectivity. • Site-to-site connections can provide a secure, fast, and reliable remote connection to teleworkers. • This is the most common option for teleworkers, combined with remote access over broadband, to establish a secure VPN over the public Internet. (A less reliable means of connectivity using the Internet is a dialup connection.)
Teleworker Solution: Broadband Services 3. The term broadband refers to advanced communications systems capable of providing high-speed transmission of services, such as data, voice, and video, over the Internet and other networks. Transmission is provided by a wide range of technologies, including digital subscriber line (DSL) fiber-optic cable, coaxial cable, wireless technology, satellite. The broadband service data transmission speeds typically exceed 200 kilobits per second (kb/s), or 200,000 bits per second, in at least one direction: downstream (from the Internet to the user's computer) upstream (from the user's computer to the Internet).
Remote Connection Topologies for the Teleworker • Broadband vs. Baseband. • Baseband: only one signal on the wire at once - time-division multiplexing: • Ethernet networks. • Broadband: multiple signals - frequency division multiplexing. • In general, broadband refers to telecommunication in which a wide band of frequencies is available to transmit information. • Broadband is generally defined as any sustained speed of 200K or more. • Broadband options include • digital subscriber line (DSL), • high-speed cable modems, • fast downstream data connections from direct broadcast satellite (DBS) • fixed wireless providers. • 3G wireless • The most common problem with broadband access is lack of coverage area.
Teleworker Solution • To connect effectively to their organization's networks, teleworkers need two key sets of components: • Home Office Components - The required home office components are a laptop or desktop computer, broadband access (cable or DSL), and a VPN router or VPN client software installed on the computer. • When traveling, teleworkers need an Internet connection and a VPN client to connect to the corporate network over any available dialup, or broadband connection. • Corporate Components - Corporate components are VPN-capable routers, VPN concentrators, multifunction security appliances, authentication, and central management devices for resilient aggregation and termination of the VPN connections.
Teleworker Solution Typically, providing support for VoIP requires upgrades to these components. Routers need Quality of Service (QoS) functionality. QoS refers to the capability of a network to provide better service to selected network traffic, as required by voice and video applications. The figure shows an encrypted VPN tunnel connect the teleworker to the corporate network. This is the heart of secure and reliable teleworker connections. A VPN is a private data network that uses the public telecommunication infrastructure. VPN security maintains privacy using a tunneling protocol and security procedures. This course presents the IPsec (IP Security) protocol as the favored approach to building secure VPN tunnels.
Options for Connecting the Teleworker • Split tunneling: • Split tunneling is a computer networking concept which allows a VPN user to access a public network (e.g., the Internet) and a local LAN or WAN at the same time, • The remote user, for example, then downloads his email from the mail server at 10.10.0.5, and downloads a document from the Archive at 10.2.3.4. Next, without exiting the tunnel, the remote user can print the document through the PC's local network interface 192.19.2.32 to the printer at 192.19.2.33. • Advantages • An advantage of using split tunneling is that it alleviates bottlenecks and conserves bandwidth as Internet traffic does not have to pass through the VPN server. • Disadvantages • A disadvantage of this method is that it essentially renders the VPN vulnerable to attack as it is accessible through the public, non-secure network.
Connecting Teleworker to the WAN • Teleworkers typically use diverse applications (e-mail, web, voice, and videoconferencing) that require a high-bandwidth connection: • Dialup access - Dialup is the slowest option, and is typically used by mobile workers in areas where high speed connection are not available. • DSL - DSL also uses telephone lines. DSL uses a special modem that separates the DSL signal from the telephone signal and provides an Ethernet connection to a host computer or LAN. • Cable modem - The Internet signal is carried on the same coaxial cable that delivers cable TV. A special cable modem separates the Internet signal from the other signals and provides an Ethernet connection to a host computer or LAN. • Satellite - The computer connects to a satellite modem that transmits radio signals to the nearest point of presence within the satellite network.
What is a Cable System? • John Walson the founder of the cable television. • He was the first cable operator to use microwave to import distant television stations, • He was the first to use coaxial cable to improve picture quality, and the distribute pay television programming. • Cable television first began in Pennsylvania in 1948. John Walson, the owner of an appliance store in a small mountain town, needed to solve poor over-the-air reception problems experienced by customers trying to receive TV signals from Philadelphia through the mountains. • Walson erected an antenna on a utility pole on a local mountaintop that enabled him to demonstrate the televisions in his store with strong broadcasts coming from the three Philadelphia stations. • He connected the antenna to his appliance store via a cable and modified signal boosters. • He then connected several of his customers who were located along the cable path. • This was the first community antenna television (CATV) system in the United States. http://www.pcta.com/news/walson.php?PHPSESSID=bad26d0ac5fd8e02fb67d0d5045a6fab
What is a Cable System? • The “cable” in cable system refers to the coaxial cable that carries radio frequency (RF) signals across the network. Coaxial cable is the primary medium used to build cable TV systems. • A typical cable operator now uses a satellite dish to gather TV signals. Early systems were one-way with cascading amplifiers placed in series along the network to compensate for signal loss. • Taps were used to couple video signals from the main trunks to subscriber homes via drop cables • Modern cable systems provide two-way communication between subscribers and the cable operator. • Cable operators now offer customers advanced telecommunications services including high-speed Internet access, digital cable television, and residential telephone service. • (e.g. impulse-pay-per-view, home shopping, Internet access),
What is a Cable System? 1-way vs. 2 way • One Way Cable Modems • In this system, communications in the down direction is by cable but the return path is by conventional telephone line and telephone modem (33 Kbps). • Some companies have a modem box which connects to both your telephone line and to the cable TV system. The box then connects to your computer via either a USB port or an Ethernet port. • Two way Cable Modems • Two way cable systems transmit data in both directions via cable and therefore do not need a telephone line. Uplink speeds are typically higher than 56K modem but not as high as downlink speeds. • Cable modem service is always-on and so the problems with busy signals, connect time, and disconnects are eliminated. • These systems generally permanently assign a dedicated internet address (IP number) to each user which allows the use of services where your friends need to know your Internet address such as ICQ or netphone. http://www.azinet.com/articles/cablemodem.htm
Cable Technology Terms • The following terms describe key cable technologies: • Broadband: In cable systems, broadband refers to the frequency-division multiplexing (FDM) of many signals in a wide RF bandwidth over a hybrid fiber-coaxial (HFC) network. • Community antenna television (CATV): The term now widely refers to residential cable systems. • Coaxial cable: Coaxial cable transports RF signals and has certain physical properties that define the attenuation of the signal. These properties include cable diameter, dielectric construction, ambient temperature, and operating frequency. • Tap: A tap divides the input signal's RF power to support multiple outputs. Typically, the cable operators deploy taps with two, four, or eight ports called subscriber drop connections. --- (Passive) • Amplifier: An amplifier magnifies an input signal and produces a significantly larger output signal. ---- (Active) • Hybrid fiber-coaxial (HFC): HFC is a mixed optical-coaxial network in which optical fiber replaces the lower bandwidth coaxial where useful in the traditional trunk portion of the cable network. • Downstream: This is the direction of an RF signal transmission (TV channels and data) from the source (headend) to the destination (subscribers). Transmission from source to destination is called the forward path. • Upstream: This is the direction of an RF signal transmission opposite to downstream: from subscribers to the headend, or the return or reverse path. Tap Amplifier Figure: HFC Architecture
Cable Technology Terms Upstream vs. Downstream • The following terms describe key cable technologies: • Value 768 kbpsUpload Speed 256kbps • Basic 2.0 MbpsUpload Speed 384kbps • Advanced 4.0 MbpsUpload Speed 512kbps • Ultra 6.0 MbpsUpload Speed 512kbps. • Ultra Plus 6.0 Mbps Upload speed of 1Mbps. http://www1.wowway.com/internet/internet.aspx?ConIdent=1003&RCView=MAIN
Cable System Components • CATV distributes TV channels collected at a central location, called a headend, to subscribers over a branched network of optical fibers, coaxial cables, and broadband amplifiers. • There are five major components of a cable system: • Antenna site: The location of an antenna site is chosen for optimum reception of over-the-air, satellite signals. • Headend: The headend is a master facility where signals are first received, processed, formatted, and then distributed downstream to the cable network. • Transportation network: A transportation network links a remote antenna site to a headend. The transportation network can be microwave, coaxial, or fiber-optic. • Distribution network: In a classic cable system called a tree-and-branch cable system, the distribution network consists of trunk and feeder cables. The trunk is the backbone that distributes signals throughout the community service area to the feeder. The feeder branches flow from a trunk and reach all of the subscribers in the service area. • Subscriber drop: A subscriber drop connects the subscriber to the cable services. The subscriber drop is a connection between the feeder part of a distribution network and the subscriber terminal device (for example, TV set or cable modem).
Cable System Benefits • The cable system architecture provides a cost-effective solution for densely populated areas by cascading a broadcast architecture to the users. • The development of cable systems made new services possible. • Cable systems support telephony and data services and analog and digital video services. • Businesses that employ teleworkers can gain the following benefits from this widely available high-speed cable Internet access method: • VPN connectivity to corporate intranets • SOHO capabilities for work-at-home employees • Interactive television • Public switched telephone network (PSTN)-quality voice and fax calls over the managed IP networks www.conniq.com/InternetAccess_cable.htm
Sending Digital Signals over Radio Waves • When users tune a radio set across the RF spectrum to find different radio stations, they tune the radio to different electromagnetic frequencies across that RF spectrum. • The same principle applies to the cable system. • The cable TV industry uses a portion of the RF electromagnetic spectrum. • At the subscriber end, equipment such as TVs, VCRs, and High Definition TV set-top boxes tune to certain frequencies that allow the user to view the TV channel or to receive high-speed Internet access. • A cable network is capable of transmitting signals on the cable in either direction at the same time. The following frequency scope is used: • Downstream:Transmitting the signals from the cable operator to the subscriber, the outgoing frequencies are in the range of 50 to 860 MHz. • Upstream:Transmitting the signals in the reverse path from the subscriber to the cable operator, the incoming frequencies are in the range of 5 to 42 MHz. 43–50 MHz: Cordless telephones, "49 MHz" FM walkie-talkies, and mixed 2-way mobile communication Downstream: Headend-to-subscriber has 810 MHz of RF bandwidth. Upstream: Subscriber-to-headend has 37 MHz of RF bandwidth.
Sending Digital Signals over Radio Waves • When a cable company offers Internet access over the cable, Internet use the same cables • the cable modem system puts downstream data -- data sent from the Internet to an individual computer -- into a 6-MHz channel. • On the cable, the data looks just like a TV channel. So Internet downstream data takes up the same amount of cable space as any single channel of programming. • Upstream data -- information sent from an individual back to the Internet -- requires even less of the cable's bandwidth, just 2 MHz, since the assumption is that most people download far more information than they upload. • Putting both upstream and downstream data on the cable television system requires two types of equipment: a cable modem on the customer end and a cable modem termination system (CMTS) at the cable provider's end. http://computer.howstuffworks.com/cable-modem2.htm
The Data-over-Cable Service Interface Specification (DOCSIS) • DOCSIS is an international standard developed by CableLabs, a nonprofit research and development consortium for cable-related technologies. • CableLabs tests and certifies cable equipment such as cable modem and cable modem termination systems. • DOCSIS specifies the Open Systems Interconnection (OSI) Layers 1 and 2 requirements: • Physical layer: For data signals that the cable operator can use, DOCSIS specifies the channel widths (bandwidths of each channel) • DOCSIS 1.0: 200 kHz, 400 kHz, 800 kHz, 1.6 MHz, 3.2 MHz, • DOCSIS 2.0: 6.4 MHz. • MAC layer: Defines a deterministic access method (time-division multiple access [TDMA] or synchronous code division multiple access [S-CDMA]). • DOCSIS currently uses two standards, and a third standard is under development: • DOCSIS 1.0 was the first standard issued in March 1997. • DOCSIS 2.0 was released in January 2002. • DOCSIS 2.0 enhanced upstream transmission speeds and QoS capabilities. • DOCSIS 3.0 is under development and expected to feature channel bonding, enabling the use of multiple downstream and upstream channels. http://en.wikipedia.org/wiki/DOCSIS
The Data-over-Cable Service Interface Specification • Plans for frequency allocation bands differ between North American and European cable systems. • Euro-DOCSIS is adapted for use in Europe. • The main differences between DOCSIS and Euro-DOCSIS relate to channel bandwidths. • TV technical standards vary across the world, which affects the way DOCSIS variants develop. • International TV standards include NTSC in North American and parts of Japan; • PAL in most of Europe, Asia, Africa, Australia, Brazil, and Argentina; • SECAM in France and some Eastern European countries.
Hybrid Fiber-Coaxial (HFC) Cable Networks • Accessing the Internet through a cable network is a popular option that teleworkers can use to access their enterprise network. • A significant drawback of only using coaxial cable is the signal attenuation that happens when the signal travels from the antenna to the subscriber. • Amplifiers placed approximately every 2000 feet, boost signal strength and ensure that RF signals have enough power to receive all channels for analog TV, digital TV, and digital data cable modem services. • Modern cable operators use an HFC network that deploys fiber in the trunks: • Reduces the number of amplifiers • Thin and lightweight—takes less space • Covers longer distances • Induces less or virtually no noise • Less loss of signal • Immune to external influences, such as thunder or RF interference • Easier to handle
Hybrid Fiber-Coaxial (HFC) Cable Networks • HFC architecture is relatively simple. A web of fiber trunk cables connects the headend (or hub) to the nodes where optical-to-RF signal conversion takes place. • Fiber trunks carry downstream traffic at a signal strength above 50 decibels (dB) and reduce the number of cable amplifiers in trunk lines. • Coaxial cable is already in place throughout many neighborhoods, so cable operators can build an HFC network without having to replace existing coaxial cable between nodes and subscribers.
Sending Data over Cable • Two types of equipment are required to send digital modem signals upstream and downstream on a cable system: • A cable modem (CM) on the subscriber end • A cable modem termination system (CMTS) at the headend of the cable operator • In a modern HFC network, 500 to 2000 active data subscribers are typically connected to a cable network segment, all sharing the upstream and downstream bandwidth. • The actual bandwidth for Internet service over a CATV line can be up to 27 Mbps on the download path to the subscriber and about 2.5 Mbps of bandwidth on the upload path. • Based on the cable network architecture, cable operator provisioning practices, and traffic load, an individual subscriber can typically get an access speed of between 256 kb/s and 6 Mb/s. http://en.wikibooks.org/wiki/Computer_Networks/Cable
Sending Data over Cable (cont.) • When high usage causes congestion, the cable operator can add additional bandwidth for data services by allocating an additional TV channel for high-speed data. • This addition may effectively double the downstream bandwidth that is available to subscribers. • Another option is to reduce the number of subscribers served by each network segment. To reduce the number of subscribers, the cable operator further subdivides the network by laying the fiber-optic connections closer and deeper into the neighborhoods. http://en.wikibooks.org/wiki/Computer_Networks/Cable
Cable Technology: Putting It All Together • In the downstream path, • the local headend (LHE) distributes TV signals to subscribers via the distribution network. • TV signals are received through satellite dishes. • The CMTS modulates digital data on an RF signal and combines that RF signal with the TV signals. • At the fiber node, the optical signal is converted back to an RF signal and then transmitted over the coaxial network comprised of amplifiers, taps, and drops. • At the subscriber end, an RF splitter divides the combined RF signal into video and data portions. • The CM receives the data portion of the RF signal. • The CM, tuned to the data RF signal channels, demodulates the data RF signal back into digital data and finally passes the data to the computer over an Ethernet connection. • In the upstream direction, • the CM decodes the digital information from the Ethernet connection, modulates a separate RF signal with this digital information, and transmits this signal at a certain RF power level. • At the headend, the CMTS, tuned to the data RF channels, demodulates the data RF signal back to digital data and routes the digital data to the Internet.
Data Cable Network Technology Issues • Because subscribers share a coaxial cable line, some problems may occur: • Subscribers on a segment share the available bandwidth on that segment. • The bandwidth that is available to each subscriber varies based on the number of subscribers. • Cable operators resolve this issue by adding RF channels and splitting the service area into multiple smaller areas within the segment. • As with any shared media, there is a risk of privacy loss. Available safeguards are encryption and other privacy features, which are specified in the DOCSIS standard used by most CMs. • A common misconception is that a computer may communicate directly with another computer on the same segment. This is not possible because the CM transmits on a completely separate frequency than the frequency on which another CM would receive.
Data Cable Network Technology Issues • Data Transport Services Security • DOCSIS data transport security provides cable modem users with data privacy across the cable network by encrypting traffic flows between the Cable Modem (CM) and the Cable Modem Termination System (CMTS) located in the cable network headend. • It should be noted, however, that these security services only apply to the access network. Once traffic makes its way from the access network onto the Internet backbone, it will be subject to privacy threats common to all traffic traveling across the Internet, regardless of how it got onto the Internet. http://www.cablelabs.com/news/newsletter/SPECS/September_SPECSTECH/tech.pgs/leadstory.html
What is DSL • Several years ago, Bell Labs identified that a typical voice conversation over a local loop only required the use of bandwidth of 300 Hz to 3 kHz. • For many years, the telephone networks did not use the bandwidth beyond 3 kHz. • Advances in technology allowed DSL to use the additional bandwidth above 3 kHz up to 1 MHz to deliver high-speed data services over ordinary copper lines. • As an example, asymmetric DSL (ADSL) uses a frequency range from approximately 20 kHz to 1 MHz. • Fortunately, only relatively small changes to existing telephone company infrastructure are required to deliver high-bandwidth data rates to subscribers. • Figure shows a representation of bandwidth space allocation on a copper wire for ADSL. • The green area represents the space used by POTS, • The other colored spaces represent the space used by the upstream and downstream DSL signals. http://en.wikibooks.org/wiki/Computer_Networks/DSL
What is DSL • Service providers deploy DSL connections in the last step of a local telephone network, called the local loop or last mile. • The connection is set up between a pair of modems on either end of a copper wire that extends between the customer premises equipment (CPE) and the DSL access multiplexer (DSLAM). • The two key components of DSL connection are: • DSLAM: A DSLAM is the device located at the central office (CO) of the provider. • The DSLAM is at the central office and combines individual DSL connections from users into one high capacity link to the Internet. • The DSL transceiver: it connects the teleworker’s computer to the DSL line. • Newer DSL transceivers can be built into small routers with multiple 10/100 switch ports for home office use. • The advantage that DSL has over cable technology is that DSL is not a shared medium. • Each user has a separate direct connection to the DSLAM. • Adding users does not impede performance unless the DSLAM Internet connection on the other side becomes saturated.
How Does DSL Work? • DSL types fall into two major categories, taking into account downstream and upstream speeds: • Symmetrical DSL: Upstream and downstream speeds are the same. (Enterprise user) • Asymmetrical DSL: Upstream and downstream speeds are different. Downstream speed is typically higher than upstream speed. (Home user) • The term xDSL covers a number of DSL variations, such as Asymmetric DSL (ADSL), high-data-rate DSL (HDSL), Rate Adaptive DSL (RADSL), symmetric DSL (SDSL), ISDN DSL (IDSL), and very-high-data-rate DSL (VDSL). • DSL types that do not use the voice frequency band allow DSL lines to carry both data and voice signals simultaneously (for example, ADSL and VDSL types), while other DSL types occupying the complete frequency range can carry data only (for example, SDSL and IDSL types). • The data rate that DSL service can provide depends on the distance between the subscriber and the CO. • The shorter the distance: the higher the bandwidth available. http://www.linktionary.com/d/dsl.html
DSL Variants • The following properties differentiate DSL variants: • Nature: Symmetrical DSL has the same speed in both directions, while asymmetric DSL has different downstream and upstream speeds. • Maximum data rate: This defines the maximum speed that you can deploy with a certain type of DSL. • Line coding technology: This describes the technique used to represent digital signals transported over a copper twisted pair so that the receiver can interpret the signals accurately. (CAP, DMT, G.Lite) • Data and voice support: Depending on the usage of the available frequency spectrum, certain DSL types support data and voice simultaneously while other types do not. • Maximum distance: This describes the maximum distance that a certain type of DSL connection can span. The transfer rates are dependent on the actual length of the local loop, and the type and condition of its cabling. For satisfactory service, the loop must be less than 5.5 kilometers (3.5 miles).
ADSL and POTS Coexistence • The major benefit of ADSL is the ability to provide data services with voice services. • Figure shows the data channel is established between the CPE modem and the CO DSLAM. • The voice channel is established between the telephone and the voice switch at the CO premises. • ADSL signals distort voice transmission and are splitorfiltered at the customer premises. • A microfilter filters the ADSL signal from the voice signal. This solution eliminates the need for a technician to visit the premises and allows the user to use any jack in the house for voice or ADSL service. • POTS splitters separate the DSL traffic from the POTS traffic. The POTS splitter is a passive device. Splitters are located at the CO and, in some deployments, at the customer premises. • Figure uses a splitter at the customer premises. • The actual device is the network interface device (NID). • The splitter acts as a low-pass filter, allowing only the 0 to 4 kHz frequencies to pass to or from the telephone.
ADSL and POTS Coexistence • Because of this additional labor and technical support, most home installations today use microfilters. • Using microfilters also has the advantage of providing wider connectivity through the residence. • Since the POTS splitter separates the ADSL and voice signals at the NID, there is usually only one ADSL outlet available in the house. • The user can install inline microfilters on each telephone, or install wall-mounted microfilters in place of regular telephone jacks.
Broadband Wireless • Wireless networking, or Wi-Fi, has improved the connectivity situation, not only in the SOHO, but on enterprise campuses as well. • Using 802.11 networking standards, data travels from place to place on radio waves. • What makes 802.11 networking easy to deploy is that it uses the unlicensed radio spectrum. • Most radio and TV transmissions are government regulated and require a license to use. • A hotspot is the area covered by one or more interconnected access points. • Public gathering places, like coffee have created Wi-Fi hotspots, hoping to increase business. • By overlapping access points, hotspots can cover many square miles. • [Tony]: CDMA, EVDO, WiMax, Satellite, smartphone …
Broadband Wireless • Until recently, a significant limitation of wireless access has been the need to be within the local transmission range (typically less than 100 feet) of a wireless router or wireless access. • New developments in broadband wireless technology are increasing wireless availability. These include: • Municipal Wi-Fi • WiMAX • Satellite Internet
Broadband Wireless: Municipal Wi-Fi • Municipal governments also join the Wi-Fi revolution. • Often working with service providers, cities are deploying municipal wireless networks. • Some of these networks provide high-speed Internet access at no cost or for substantially less than the price of other broadband services. • Other cities reserve their Wi-Fi networks for official use, providing police, fire fighters, and city workers remote access to the Internet and municipal networks. • Most municipal wireless networks use a mesh topology rather than a hub-and-spoke model. • A mesh is a series of access points (radio transmitters). Each access point is in range and can communicate with at least two other access points. • From an operational point of view, it is more reliable. If a node fails, others in the mesh compensate for it.
Broadband Wireless: WiMAX • WiMAX (Worldwide Interoperability for Microwave Access) is telecommunications technology aimed at providing wireless data over long distances in a variety of ways, from point-to-point links to full mobile cellular type access. • WiMAX operates at higher speeds, over greater distances, and for a greater number of users than Wi-Fi. • Because of its higher speed (bandwidth) and falling component prices, the WiMAX will soon supplant municipal mesh networks for wireless deployments. • A WiMAX network consists of two main components: • A tower that is similar to a cellular telephone tower. A single WiMAX tower can provide coverage to an area as large as 3,000 square miles. • A WiMAX receiver that is similar in size to a PCMCIA card, or built into a laptop or other wireless device. • A tower can also connect to other WiMAX towers using line-of-sight microwave links.
Broadband Wireless: Satellite Internet • Satellite Internet services are used in locations where land-based Internet access is not available, or for temporary installations that are continually on the move. • Internet access using satellites is available worldwide, including for vessels at sea, airplanes in flight, and vehicles moving on land. • There are 3 ways to connect to Internet using satellites: • One-way multicast satellite Internet systems are used for IP multicast-based data, audio, and video distribution. • Even though most IP protocols require two-way communication, for Internet content, including web pages, one-way satellite-based Internet services can be "pushed" pages to local storage at end-user sites by satellite Internet. Full interactivity is not possible. • One-way terrestrial return satellite Internet systems use traditional dialup access to send outbound data through a modem and receive downloads from the satellite. • Two-way satellite Internet sends data from remote sites via satellite to a hub, which then sends the data to the Internet. The satellite dish at each location needs precise positioning to avoid interference with other satellites.
Broadband Wireless: Satellite Internet The figure illustrates a two-way satellite Internet system. Upload speeds are about one-tenth of the download speed, which is in the range of 500 kb/s. The key installation requirement is for the antenna to have a clear view toward the equator, where most orbiting satellites are stationed. Trees and heavy rains can affect reception of the signals. Two-way satellite Internet uses IP multicasting technology, which allows one satellite to serve up to 5,000 communication channels simultaneously. IP multicast sends data from one point to many points at the same time by sending data in a compressed format. Compression reduces the size of the data and the bandwidth.
Broadband Wireless • The IEEE 802.11 wireless local area network (WLAN) standard, which addresses the 5 GHz and 2.4 GHz public (unlicensed) spectrum bands. • The most popular access approaches to connectivity are those defined by the IEEE 802.11b and IEEE 802.11g protocols. • The latest standard, 802.11n, is a proposed amendment that builds on the previous 802.11 standards by adding multiple-input multiple-output (MIMO). • [Tony]: 802.11a – 5.4 GHz and 54 Mb/s • The 802.16 (or WiMAX) standard allows transmissions up to 70 Mb/s, and has a range of up to 30 miles (50 km). It can operate in licensed or unlicensed bands of the spectrum from 2 to 6 GHz.
VPN A VPN creates a private network over a public network infrastructure while maintaining confidentiality and security. VPNs use cryptographic tunneling protocols to provide protection against packet sniffing, sender authentication, and message integrity.
VPNs and Their Benefits • The Internet is a worldwide, publicly accessible IP network. Because of its global proliferation, it is an attractive way to interconnect remote sites. • However, the fact that it is a public infrastructure poses security risks to enterprises and their internal networks. • Fortunately, VPN technology enables organizations to create private networks over the public Internet infrastructure that maintain confidentiality and security. • Organizations use VPNs to provide a virtual WAN infrastructure that connects branch offices, home offices, business partner sites, and remote telecommuters to all or portions of their corporate network.
VPNs and Their Benefits • Organizations using VPNs benefit from increased flexibility and productivity. • Cost savings - Organizations can use Internet infrastructure to connect remote offices and users to the main corporate site. • This eliminates expensive dedicated WAN links and modem banks. • Remote sites and teleworkers can connect securely to the corporate network from almost any place. • VPNs bring remote hosts inside the firewall, giving them close to the same levels of access to network devices as if they were in a corporate office. • Security - Advanced encryption and authentication protocols protect data from unauthorized access. • Scalability - Organizations, big and small, are able to add large amounts of capacity without adding significant infrastructure.
Types of VPNs: Site-to-Site VPNs • Because most organizations now have Internet access, it makes sense to take advantage of the benefits of site-to-site VPNs. • Site-to-site VPNs support company intranets and business partner extranets. • In effect, a site-to-site VPN is an extension of classic WAN networking. • Site-to-site VPNs connect entire networks to each other. For example, they can connect a branch office network to a company headquarters network. • In a site-to-site VPN, hosts send and receive IP traffic through a VPN gateway, which could be a router, PIX firewall, or an ASA. • The VPN gateway is responsible for encapsulating and encrypting outbound traffic and sending it through a VPN tunnel over the Internet to the target site. • On receipt, the peer VPN gateway strips the headers, decrypts the content, and relays the packet toward the target host inside its private network.
Types of VPNs: Remote Access VPNs • Mobile users and telecommuters use remote access VPNs extensively. • In the past, corporations supported remote users using dialup networks. This usually involved a toll call and incurring long distance charges. • Most teleworkers now have access to the Internet from their homes and can establish remote VPNs using broadband connections. • Remote access VPNs can support the needs of telecommuters, mobile users, as well as extranet consumer-to-business. • In a remote-access VPN, each host typically has VPN client software. • Whenever the host tries to send any traffic, the VPN client software encapsulates and encrypts that traffic before sending it over the Internet to the VPN gateway at the edge of the target network.
VPN Components • Components required to establish VPN include: • An existing network with servers and workstations • A connection to the Internet • VPN gateways, such as routers, firewalls, VPN concentrators, and ASAs, that act as endpoints to establish, manage, and control VPN connections • Appropriate software to create and manage VPN tunnels • The key to VPN effectiveness is security. VPNs secure data by encapsulating or encrypting the data. Most VPNs can do both. • Encapsulationreferres to as tunneling, because encapsulation transmits data transparently from network to network through a shared infrastructure. • Encryptioncodes data into a different format using a secret key. Decryption decodes encrypted data into the original unencrypted format.
Characteristics of Secure VPNs • The 3 foundation of a secure VPN are the followings: • Data confidentiality - A common security concern is protecting data from eavesdroppers or unauthorized sources. • VPNs achieve confidentiality using encapsulation and encryption. • Data integrity - Data integrity guarantees that no tampering or alterations occur to data while it travels between the source and destination. • VPNs typically use hashes to ensure data integrity. • A hash is like a checksum or a seal that guarantees that no one has read the content, but it is more robust. • Authentication - Authentication ensures that a message comes from an authentic source and goes to an authentic destination. • User identification gives a user confidence that the party with whom the user establishes communications is who the user thinks the party is. • VPNs can use passwords, digital certificates, smart cards, and biometrics to establish the identity of parties at the other end of a network.
VPN Tunneling • Tunneling allows the use of public networks like the Internet to carry data for users as though the users had access to a private network. • Tunneling encapsulates an entire packet within another packet and sends the new, composite packet over a network. • This figure illustrates an e-mail message traveling through the Internet over a VPN. • PPP carries the message to the VPN device, where the message is encapsulated within a Generic Route Encapsulation (GRE) packet. • GRE is a tunneling protocol developed by Cisco. • The outer packet source and destination addressing is assigned to "tunnel interfaces" and is made routable across the network. • Once a composite packet reaches the destination tunnel interface, the inside packet is extracted.