PSDN and VPNPSDN and VPN

From circuit to packet switching

2

Packet-Switched ServicesPacket-Switched Services

Offered by Carriers

X.25 Old, slow, and not sufficiently cheaper than frame relay

Frame Relay Speeds in main range of user demand Dominated the market in the 1990s

ATM High speeds and costs, requiring equipment changes

Carrier Internet and MPLS services Dominant services today

3

X.25 Packet-Switched Data NetworksX.25 Packet-Switched Data Networks

Oldest packet switched network service (1970s)

Low speed (maximum around 64 kbps)

Mature: easy to implement

Uses PVCs

Reliable service, so latency in transmission

Mostly replaced by Frame Relay

4

Frame Relay Packet-Switched Data Frame Relay Packet-Switched Data NetworksNetworks

Software upgrade to X.25 switches

Uses PVCs

Unreliable, so much faster on same switches

Good speed range: 56 kbps - 40 Mbps: Meets most corporate needs (most under 2 Mbps)

– Grew rapidly in the 90s, to equal leased line WANs in terms of market share (about 40%)

See more here.

5

Pricing of Packet SwitchingPricing of Packet Switching

Speed of the Access Line from Site to Network

Determines maximum transmission rate to the network

Often called the Port Speed

Often the most important price determinant

Must be fast enough for needs

See Frame Relay vs. DSL -- a price issue

6

ATM (Asynchronous Transfer Mode)ATM (Asynchronous Transfer Mode)

Offers very high speeds: 622 Mbps, 2.5 Gbps to 40 Gbps. Speeds are beyond most corporate needs today and high costs.

Connection-oriented (PVCs), unreliable

Quality of Service (QOS) guarantees critical traffic Minimize latency (delays) Inherent reliability (low loss rate)

Seen as the next generation before Ethernet surge But Frame Relay kept increasing in speed in low Mbps

range where market demand was highest

7

Pricing/Performance of Packet Switched Pricing/Performance of Packet Switched ServicesServices

Pricing of Frame Relay and ATM Customer Premises Equipment Access Line to Point of Presence Port Speed Per PVC Price Distance and Traffic Volume

The demise of Frame Relay and ATM Transition from Frame Relay and ATM to Carrier

Ethernet stimulated by Verizon, AT&T, etc. The move to Ethernet and IP based services a win-win

situation.

8

Customer Premises EquipmentCustomer Premises Equipment

Access Device Has link to internal system (often a LAN) Has CSU/DSU to put internal traffic into format for

Packet switching transmission In Frame Relay, called Frame Relay Access Device

(FRADS)

Access Device

LAN

Access Lineto Network

9

Modular RoutersModular Routers

CSU/DSUs are removable expansion boards

Router Switching CircuitryRouter Switching Circuitry

Port 1CSU/DSU

(T1)

Port 1CSU/DSU

(T1)

Port 2CSU/DSU(56 kbps)

Port 2CSU/DSU(56 kbps)

Port 3CSU/DSU

(T3)

Port 3CSU/DSU

(T3)

Port 4CSU/DSU(56 kbps)

Port 4CSU/DSU(56 kbps)

Modular Router

T1 Line 56 kbps Line T3 Line 56 kbps Line

10

Elements of a Packet Switched NetworkElements of a Packet Switched Network

CustomerPremises

A

LECSwitching

Office

POPat LECOffice

LeasedAccess Line

to POP

LeasedAccess Line

to POP

You need a leased access line to the network’s POP.

Sometimes the packet switched network vendor pays the cost of the access line for you and bundles it into your service charges.

11

Elements of a Packet Switched NetworkElements of a Packet Switched Network

SwitchedDataNetwork

TrunkLine

NetworkSwitching

Office

POPCustomer

Premises B LeasedAccess Line

12

CalculationsCalculations

Situation You have four sites You want any one to be able to reach any other

Questions How many PVCs do you need? How many access lines do you need?

13

CalculationsCalculations

PVCs If you have N sites, there are N(N-1)/2 possible connections In this case, you would have 4(3)/2 or 6 possible

connections Some vendors count this as 6 PVCs, others as 12 PVCs

Access Lines You would need four access lines (one for each site) Each will multiplex 3 PVCs Must be fast enough for the needs of communication with

the three other sites

14

Leased Lines vs. Packet-Switched Data Leased Lines vs. Packet-Switched Data NetworksNetworks

Leased Lines Point-to-point, inexpensive for thick routes Inflexible: must be established ahead of time

Packet Switched Networks Also must be established ahead of time for PVCs Competitor for leased line networks Priced aggressively Carrier does all the management Killing the leased line business

15

Virtual Private NetworkVirtual Private Network

VPN Server

Corporate Site A

VPN Server

CorporateSite B

2. RemoteCustomer PC

(or site)

3. RemoteCorporate PC

Tunnel

Internet

ExtranetRemote

Access forIntranet

1.Site-to-Site

16

VPN advantageVPN advantage

Virtual Private Network (VPN) Transmission over the Internet with added security Some analysts include transmission over a PSDN with

added security

Why VPNs? PSDNs are not interconnected

Only good for internal corporate communication But Internet reaches almost all sites in all firms Low transmission cost per bit transmitted

17

VPN issuesVPN issues

VPN Problems Latency and Sound Quality

Internet can be congested Creates latency, reduces sound quality Use a single ISP as for VoIP (voice over IP)

Security PPTP for remote access is popular IPsec for site-to-site transmission is popular

18

ISP-Based PPTP Remote Access VPNISP-Based PPTP Remote Access VPN

Remote Access VPNs User dials into a remote access server (RAS) RAS often checks with RADIUS server for user

identification information. Allows or rejects connection

RADIUSServer

PPTPRAS

Internet ISPPPTP

AccessConcentrator

LocalAccess

Corporate Site A

Secure Tunnel

Unsecure TCPControl Channel

19

VPN and PPTPVPN and PPTP

Point-to-Point Tunneling Protocol Available in Windows since Windows 95

No need for added software on clients Provided by many ISPs

PPTP access concentrator at ISP access point Some security limitations

No security between user site and ISP No message-by-message authentication of user Uses unprotected TCP control channel

20

IPsec in Tunnel ModeIPsec in Tunnel Mode

Tunnel OnlyBetween SitesHosts Need NoExtra Software

SecureTunnel

TunnelMode

IPsecServer

IPsecServer

LocalNetwork

LocalNetwork

No SecurityIn Site Network

No SecurityIn Site Network

21

IPsec in Transfer ModeIPsec in Transfer Mode

End-to-End (Host-to-Host)Tunnel

Hosts Need IPsec Software

SecureTunnel

TransferMode

IPsecServer

IPsecServer

LocalNetwork

LocalNetwork

SecurityIn Site Network

SecurityIn Site Network

22

IPsec alternativesIPsec alternatives

IP Security (IPsec)

Tunnel mode: sets up a secure tunnel between IPsec servers at two sites

No security within sites No need to install IPsec software on stations

Transfer mode: set up secure connection between two end hosts

Protected even on internal networks Must install IPsec software on stations, but default

in current OSs (Windows, Linux, UNIX).

23

Security at the internet layerSecurity at the internet layer

IP Security (IPsec) At internet layer, so protects information at higher

layers

Transparent: upper layer processes do not have to be modified

Internet Layer with IPsec Protection

TCP UDP

HTTP SMTP FTP SNMP

Protected

24

Common IPsec configurationCommon IPsec configuration

IP Security (IPsec) Security associations:

Governed by corporate policies

List ofAllowableSecurity

Associations

List ofAllowableSecurity

Associations

Party B Party A

IPsec Policy Server

25

SSL/TLS for Browser–Webserver Communication

26

Metropolitan Area Ethernet

Metropolitan Area Network (MAN) A carrier network limited to a large urban area and its

suburbs Metropolitan area Ethernet (metro Ethernet) is available

for this niche Metro Ethernet is relatively new, but is growing very

rapidly

802.3ad standard Ethernet in the first mile Standard for transmitting Ethernet signals over PSTN

access lines 1-pair voice-grade UTP, 2-pair data-grade UTP, optical

fiber

27

Metropolitan Area Ethernet

Attractions of Metropolitan Area Ethernet Low prices per bit transmitted High speeds Familiar technology for networking staff Rapid provisioning

Rapid capacity increases for special events

Carrier Class Service Basic metro Ethernet standards are insufficient for large

wide area networks Quality of service and management tools must be

developed The goal: To provide carrier class services that are

sufficient for customers

28

Carrier Ethernet and MPLS servicesCarrier Ethernet and MPLS services

29

Carrier Ethernet and MPLS servicesCarrier Ethernet and MPLS services

The two most popular WAN options today are: MPLS and Carrier Ethernet.

Carrier Ethernet services include virtual private LAN service (VPLS), Gigabit and metro Ethernet. E-LINE service -- site-to-site service, competes directly with

leased lines. E-LAN -- extends the LAN to the wide area, as if the PSDN

service was only trunk lines between switches.

MPLS (Multiprotocol Label Switching) services typically refer to Layer 3 MPLS VPN services a MPLS network determines the best path for packets between two

hosts -- the label switched path. Routers will send all packets along this path that receive a label

path number.

30

Overview of MPLS servicesOverview of MPLS services A MPLS primer at https://www.youtube

.com/watch?v=U1w-b9GIt0k

31

More in the MPLS serviceMore in the MPLS service

The label switched path

32

Carrier Ethernet and MPLS servicesCarrier Ethernet and MPLS services

A historic view of Carrier Ethernet in Wikipedia

An example of carrier services: AT&T

Keeping up with news about Carrier Ethernet: http://www.carrierethernetnews.com/

Carrier Ethernet vs MPLS services.

Software-Defined Networks (SDN) Overview in Wikipedia. Pros and cons of SDN.