CSCI-370/EENG-480 Computer Networks

  • View
    35

  • Download
    0

Embed Size (px)

DESCRIPTION

CSCI-370/EENG-480 Computer Networks. Khurram Kazi. IPv6. Around 1990 IETF started to get worried that the IPv4 address space was too small The situation was exacerbated both by the success of the Internet and by the dramatic growth of the PCs in the home and the office. - PowerPoint PPT Presentation

Text of CSCI-370/EENG-480 Computer Networks

  • EVC1

    EVC2

    EVC3

    47

    1343

    187

    UNI A

    UNI B

    47

    1343

    untagged and priority tagged

    Kazi Fall 2007 CSCI 370/EENG 480

    Traffic Engineering: Bandwidth profile attributesDifferent subscribers will have different bandwidth needs. Some might require 100 Mb/s, others less than 20 Mb/s while some might require 1 Gb/sSome may prefer pay as they use for the bandwidth needs; they may start with 20 Mb/s to begin with and at a future date increase their requirements to 100 Mb/sTo accommodate such requirements, there are bandwidth profile parameters that MEF definedCommitted Information Rate (CIR) expressed as bits per secondCommitted Burst Size (CBS) expressed as bytesExcess Information Rate (EIR) expressed as bits per secondExcess Burst Size (EBS) expressed as bytesCoupling flag (CF) must have either value of 1 or a 0Code Mode (CM) must have only one of the two possible valuesColor BlindColor AwareThese profile attributes form the basis of the Service Level Agreements

    Kazi Fall 2007 CSCI 370/EENG 480

    Bandwidth Profiles defined in three waysBandwidth Profile defined on per Ingress UNI

    Kazi Fall 2007 CSCI 370/EENG 480

    Bandwidth Profiles defined in three waysBandwidth Profile defined on per EVC basis

    Kazi Fall 2007 CSCI 370/EENG 480

    Bandwidth Profiles defined in three waysBandwidth Profile defined on per EVC and CE-VLAN CoS:The most granular defined attributes allowed

    Kazi Fall 2007 CSCI 370/EENG 480

    Ethernet Services over public WAN:Work being done at ITU-T

    Kazi Fall 2007 CSCI 370/EENG 480

    Summary of Ethernet types of Services

    ConnectivityResource sharingService typePoint-to-pointDedicatedEPL (Ethernet Private Line)SharedEVPL (Ethernet Virtual Private Line)MultipointDedicatedEPLAN (Ethernet Private LAN)SharedEVPLAN (Ethernet Virtual Private LAN)

    Kazi Fall 2007 CSCI 370/EENG 480

    Ethernet Private Line (EPL) ServiceEPL is the simplest service that existing SONET/SDH transport network can supportDesired dedicated bandwidth is allocated enabled by VCAT, LCAS and GFPMimics a virtual wire connectivity between two CEs

    Kazi Fall 2007 CSCI 370/EENG 480

    Ethernet Private LAN (EPLAN) ServiceMultiple sites either across the street or across the globe connected virtually Mesh connectivity using Multi-service Provisioning Platform type Network Elements

    Kazi Fall 2007 CSCI 370/EENG 480

    Ethernet Private LAN (EPLAN) ServiceLAN connectivity made by using centralized switch, i.e. the traffic is hauled to a centralized switch and then forwarded to the respective UNI

    Kazi Fall 2007 CSCI 370/EENG 480

    Ethernet Private LAN (EPLAN) ServiceEdge node serves as a bridge or a switch to provide connectivity between the respective UNIs

    Kazi Fall 2007 CSCI 370/EENG 480

    Reference architecture of a Network Element for EPLWith present state of the art VLSI technology most of these functional blocks can fit in a single VLSI device (minus the optics)

    Kazi Fall 2007 CSCI 370/EENG 480

    How is Ethernet affecting our lives in some other ways!Examples of using Ethernet for Virtual doctors office servicePatients in a village from their homes can have a video conference with their doctor (residing somewhere else) [example cited from Telenor, Norways Service Provider]Doctors can monitor/see intricate operations being performed at a hospital across the globeDistance Learning

    Kazi Fall 2007 CSCI 370/EENG 480

    Network Security ArchitectureCustomers responsibility or Service Providers

    Kazi Fall 2007 CSCI 370/EENG 480

    Security Issues Throughout HistoryBreaches in information security have translated into catastrophic losses and at times brought organizations or nations to their kneesAs time progressed the techniques to transport sensitive information changed, however, the objectives of the sender and interested interceptor still remained the same The sender always tries to ensure the message assuranceThe interceptor on the other hand has been trying to find innovative ways to decipher the intercepted messages

    Kazi Fall 2007 CSCI 370/EENG 480

    Are Metro and Wide Area Networks Safe: A Myth or RealityPhysical IsolationDoes not guarantee data security

    Kazi Fall 2007 CSCI 370/EENG 480

    Are Metro and Wide Area Networks Safe: A Myth or RealityVirtual IsolationData can be easily snooped at by unauthorized entities

    Kazi Fall 2007 CSCI 370/EENG 480

    Are Metro and Wide Area Networks Safe: A Myth or Reality?Tandem ConnectionSubscriber does not have any idea who all might be carrying its data

    Kazi Fall 2007 CSCI 370/EENG 480

    Are Metro and Wide Area Networks Safe: A Myth or Reality?Snooping Subscribers Data by the CarriersCases have been reported where the Voice over IP service providers data is being blocked by the carriers it uses.There are tools available that make data snooping, filtering and recording possible

    Kazi Fall 2007 CSCI 370/EENG 480

    Overview of Access Transport TechnologiesSONET/SDHWidely deployed and is being used for Ethernet services1/10 Gigabit EthernetUsed in green field applicationsFibre ChannelRestricted to Storage Area Networks Native traffic over dark fiberTypically used by large organizations for whom it is cheaper to manage their own networks

    Kazi Fall 2007 CSCI 370/EENG 480

    Encryption at Different OSI LayersThree main high speed access protocolsSONET/SDH, 1/10 Gigabit Ethernet and Fibre ChannelClient Mapping of signals over transport protocols

    Kazi Fall 2007 CSCI 370/EENG 480

    Encryption at SONET/SDH LayerEncryption at SONET/SDH layerBulk encryption of data of varied traffic typeLess number of Security Associations (SAs) in SONET/SDHGeneration of encryption keys and their management easier (due to less SAs)For STS-768 (40 Gb/s) using STS-1 granularities, maximum number of SAs will be 768; for STS-192, there will be 192 SAs.Due to the lower number of end nodes, the authentication of the networks elements or nodes is significantly lowered.Ease of management of security infrastructure due to low number of SAs.

    Kazi Fall 2007 CSCI 370/EENG 480

    Encryption of SAN Traffic Over SONET/SDHLatency Sensitive traffic: Secure SAN extension example Guaranteed delivery: Fibre Channel (FC) based SANs do not tolerate frame loss in the network beyond what might be expected from BER and availabilityHigh Throughput: Storage applications are the largest drivers of traffic across a network.Low Latency: Storage applications require quick response times or performance can suffer.Zero Loss: Loss is unacceptable in a storage environment. Retransmissions significantly affect application performance