Embed Size (px)
Citation preview
IMPORTANT MATERIAL
Chapters 8-11
Topology
Topology is the basic geometric layout of the network -- the way in which the computers on the network are interconnected.
Ethernet uses a bus topology (a high speed circuit and a limited distance between the computers, such as within one building).
Bus Topology
Terminators required on each end
Ring Topology
Data Flow
Token Ring
Star Topology
Wiring Hub
Preferred method for today’s LANs
Media Access Control Ethernet uses a contention-based
technique called Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
If two computers attempt to transmit at the same time, they detect the collision, send a jamming signal, wait a random amount of time, then re-broadcast.
Ethernet Tree Topology
•Each hub broadcasts to own segment•Misbehaving nodes will be shut off by the hub
Network Servers: Everything You Wanted to Know But Were Afraid to Ask! Servers use multiple processors
Very important to access-intensive operations
Multiple processors provide 50% improvement
Buses provide backbone internal support for data transfer
RAM provides a buffer for operations
It’s a RAID!
Disk arrays improve performance and redundancy
RAID (Redundant Array of Inexpensive Disks) is a method used to write across (stripe) multiple disks to improve performance and fault tolerance
RAID 1 and 5 most popular but all have problems
RAID
Disk 1 Disk 2
File
RAID 1--Mirrors data between disks
RAID 0--Stripes data between disks
Mirrored Disk Drives
Controller 1 Controller 2
File 1 File 1
File 2 File 2
DuplexedControllers
1 2
Raid Level 5 Technology
File 1 Part 1 File 1 Part 3File 1 ParityFile 1 Part 2
File 2 Part 2 File 2 Part 3 File 2 Part 1 File 1 Parity
Server
1 2 3 4
A Fault-Tolerant Duplexed Server
Dedicated High-SpeedConnection
Duplexed Servers
Disk Drive Disk Drive
Mirrored Disk Drives
Immediate and Recurring Costs of a LAN
Equipment upgrades
Documentation
Installation of cabling
System software installation
Creating user environments
Space required for new equipment
LAN management—personnel costs
Consumable supplies—toner, paper, etc.
Immediate Costs
Recurring Costs
Training users, operators, administrators
Site preparation
Hardware installation
Installing applications
Testing
Supplies and spares
Hardware and software maintenance
Training new users, administrators
Basic LAN Management Tasks
Add, delete users and groups
Set user environment
Install/remove printers
Maintain printers
Add/change/delete hardware
Add/change/delete hardware
Plan and implement changes
Make backups
Carry out recovery as necessary
Plan capacity needs
Serve as liaison with other network administrators
User/Group Oriented
General
Set user/group security
Solve user problems
Setup user/printer environment
Manage print jobs
Establish connections with other networks
Diagnose problems
Maintain operating procedures
Educate users
Monitor the network for problems and to gather statistics for capacity planning
Printer Oriented
Hardware/Software Oriented
Backup Devices
Removable Disk Drives Manual intervention is necessary for changing disk
cartridges, whereas some tape backup system provide tapes with much higher storage capacity and with automatic tape changing.
Hard-Disk Drives The arguments for and against this alternative are
much the same as those for diskettes. The major difference is that the capacity of hard-disk drives is greater than that of diskettes.
Backup Devices (cont.)
Optical Disk Drives Optical disk drives are gaining popularity as input,
output, and backup devices. The reasons for this are their decreasing costs and large storage capacity.
Magnetic Tape Drives A magnetic tape drive is the usual choice for a
backup device. Magnetic tapes are less expensive than the other options. They hold large volumes of data, are easy to use and store, and generally provide good performance.
Gateways
Gateways operate at the network layer and use network layer addresses in processing messages.
Gateways connect two or more LANs that use the same or different (usually different) data link and network protocols. They may connect the same or different kinds of cable.
Gateways process only those messages explicitly addressed to them.
Gateways
One of the most common uses of gateways is to enable LANs that use TCP/IP and Ethernet to communicate with IBM mainframes that use SNA.
The gateway provides both the basic system interconnection and the necessary translation between the protocols in both directions.
Gateways
Classic SNA Architecture
3270
Mainframe computer
modem
modem
3274 cluster controller
3274 cluster controller
3745 front-end processor
3270 terminals
3270 terminal
327032703270
3270 terminals
327032703270
GOLDMAN & RAWLES: ADC3e FIG. 09-24
Standalone PC 3270 Terminal Emulation
3270
Mainframe computer
modem modem
modem
modem
3274 cluster controller
3274 cluster controller
3745 front-end processor
3270 terminals
3270 terminal
PC with installed 3270 protocol
conversion hardware and software
PC with installed 3270 protocol
conversion hardware and software
327032703270
3270 terminals
327032703270
GOLDMAN & RAWLES: ADC3e FIG. 09-25
LAN-based SNA Gateways
3270
Mainframe computer
Remote PC or asynchronous "dumb"
terminal without any 3270 protocol conversion
hardware or software
modem
modem
cluster controller
cluster controller
front-end processor
3270 terminal
local gateway PC with 3270 hardware and software installed.
32703270
3270
Synchronous modems
3270
asynchronous modem
asynchronous modem
asynchronous modem
Remote PC or asynchronous "dumb"
terminal without any 3270 protocol conversion
hardware or software
Standalone protocol converter which
emulates both 3270 terminals and a 3174
cluster conntroller
Remote gateway PC with both 3270 terminal emulation
as well as 3274 cluster controller
emulation hardware and software
Standalone 3270 protocol
converter
asynchronous modem
GOLDMAN & RAWLES: ADC3e FIG. 09-26
Full Duplex Ethernet
Switched Ethernet
Switched Ethernet at Fish & Richardson
Hierarchies
Vulnerable to Single Points of Failure Switch or Link (trunk line between switches) Divide the network into pieces
X XEthernetSwitch
Switch Learning
Every Few Minutes, Switch Erases Switch Forwarding Table To eliminate obsolete information Relearning is very fast
Address Port
A1 BF C9
EthernetSwitch
Erased
Routing Types
Standards for Web Server Access
Layer Standard
Application HyperText Transport Protocol (HTTP)
Transport Transmission Control Protocol (TCP)
Internet Internet Protocol (IP);Messages are packets
Data Link Point-to-Point Protocol (PPP); Messages are frames
Physical Modem, telephone standards
OSI Networking Model
Layer 7Application
Layer 6Presentation
Layer 5Session
Layer 4Transport
Layer 3Network
Layer 2Data Link
Layer 1Physical
Application & OS Network Client Application & OS
Bit stream connectionprotocol
Packet construction, Transmission, &
reception
Packet control& sequencing error
control
Connection betweenClient & server
Data compression& decompression; dataEncryption/decryption
Provide network services
To OS through network client
Network Wiring & specifications
54321 12345
Session
Packets
Network card & drivers
Data Packet with Header & Trailer
Domain Name System (DNS)
Subtlety Organizations or ISPs have local DNS
hosts These hosts must know only local host
names and IP addresses For other host names, local DNS host
passes request to another DNS host
User PCInternetLayer
Process
LocalDNSHost
RemoteDNSHost
Domain Name System (DNS)
Subtlety Remote DNS host passes information
back to the local DNS host Local DNS host passes information back
to user PC Browser only talks to local DNS host
User PCInternetLayer
Process
LocalDNSHost
RemoteDNSHost
Autoconfiguration
Every computer attached to the Internet is a host Including desktop PCs
Every host must have an IP address Some hosts, such as routers and
webservers, get permanent IP addresses So that they can be found easily
Autoconfiguration
User PCs do not need permanent IP addresses They only need to be found within a use
session They usually are given temporary IP
addresses each time they use the Internet They may get a different IP address each
time they use the Internet
Autoconfiguration
Request-Response Cycle User software requests IP address for the user
PC in Autoconfiguration Request message Autoconfiguration Response message contains
temporary IP address to use in current session
User PCAutoconfiguration
Host
AutoconfigurationRequest
TemporaryIP Address in
Autoconfiguration Response
Autoconfiguration
Most popular autoconfiguration protocol is DHCP Dynamic Host Configuration Protocol Built into Windows after Win 3.1 Supplies host with temporary IP address
DHCP can give more information too Usually gives IP address of a default gateway
(Microsoft terminology for router) Can give IP address of a local DNS host Can give other information
The Peak Load Problem
Capacity Sufficient Most of the Time Otherwise, get bigger switches and trunk lines!
Brief Traffic Peaks can Exceed Capacity Frames will be delayed in queues or even lost if
queue gets fullCapacityTrafficPeak
Overprovisioning
Overprovisioning: Install More Capacity than Will be Needed Nearly All of the TimeWasteful of capacityStill, usually the cheapest solution today because of its simplicity
Overprovisioned Capacity
TrafficPeak
Priority
Assign Priorities to Frames High priority for time-sensitive applications (voice) Low priority for time-insensitive applications (e-mail) In traffic peaks, high-priority frames still get through Low-priority applications do not care about a brief delay for
their frames
High-PriorityFrame Goes
Low-Priority FrameWaits Briefly
Bridges•A bridge can be used to connect two similar LANs, such as two CSMA/CD LANs.
•A bridge can also be used to connect two closely similar LANs, such as a CSMA/CD LAN and a token ring LAN.
•The bridge examines the destination address in a frame and either forwards this frame onto the next LAN or does not.
•The bridge examines the source address in a frame and places this address in a routing table, to be used for future routing decisions.
Bridges Interconnect
Connecting LANs
Frames Are Converted
Storage Area Network
Links to Enterprise Network or MAN
Tape Servers
GOLDMAN & RAWLES: ADC3e FIG. 09-02
RAID Disk
ArraysOptical Juke
Boxes
Fibre Channel Switch
Storage Area Network
Gigabit Ethernet
ATM Packet over SONET
Relationship Between the OSI Model and Internetworking Devices
Switch
Application
Presentation
Session
Transport
Network
Datalink
Physical
Application
Presentation
Session
Transport
Network
Datalink
Physical
OSI Model Layer LAN 1
OSI Model Layer LAN 2
Internetworking Device
Bridge
Gateway
Repeater
Router
GOLDMAN & RAWLES: ADC3e FIG. 09-05
Layer 3Switch
Layer 4
Layer 2
Switch
Internet Protocols
UDP Layer 4 Operates over IP End-to-end connectionless, unreliable datagram service Used for query based applications, multicasting and VoIP
ICMP Provides error-handling Messages related to network management
IGMP Layer 3 Allows Internet hosts to participate in multi-casting
TCP/IP
TCP performs the packetizing function Breaking data into smaller packets Numbering packets Ensuring reliable delivery of packets Ordering packets at the destination
Linking to the Application Layer
Each type of application has a unique port address
Application software sends both source and destination port addresses to the transport layer
Standard port addresses Port 80 - web server Port 21 – FTP (also port 20) Port 23 - telnet Port 25 - SMTP
Packetizing
Breaking large data messages into smaller packets for transmission through the network
Size is dependent of data link layer protocol Default size without protocol is 536 bits Size can be negotiated between sender and receiver
Numbering packets (sequencing) when needed Ensuring reliable delivery of every packet
Delivered one at a time or held until all have arrived at the destination
Reassembling and ordering packets at the destination
Connection-Oriented Routing
Sets up a virtual circuit between sender and receiver Transport layer sends a special packet called a SYN
Virtual circuit appears to the application software to use point-to-point circuit-switching Actually uses store-and-forward switching
Network layer decides which route the packets will be travelling and sends them sequentially
High overhead - open/close of circuit
Connectionless Routing
Each packet of a large transmission is treated separately and makes its own way through the network
Packets may travel different routes and at different speeds through the network
Sequence number must be added to each packet by the Network layer
Network layer at receivers side must reassemble packet in sequence
Connectionless vs. Connection-Oriented Routing
TCP/IP can operate as connection-oriented or connectionless.
When connection-oriented routing is needed, both TCP and IP are used. TCP establishes the virtual circuit and IP routes the messages.
When connectionless routing is desired, only IP is needed, and the TCP packet is replaced with a User Datagram Protocol (UDP) packet.
Quality of Service (QoS) Routing
Special kind of connection-oriented dynamic routing Packets are assigned different priorities
Depending on the type of packet sent Different classes of service are defined to
determine the priority Transport layer specifies the class of service when
requesting virtual circuit Each path designed to support different service
classes Qos protocols
Rsvp Rtsp Rtp
Addressing
Application Layer
Network Layer
Data Link Layer
Example Software
ExampleAddress
Web Browser
IP
Ethernet
www.cob.niu.edu
131.156.120.128
00-0C-00-F5-03-5A
Address
Key ConceptEach computer has several addresses, each used by a different layer.
Route and Route Table
Computer B Destination Route
A AC CD AE EF EG C
A
B C
G
E
D F
Internet Routes
UEN
WSU CanadaOther destinations
West Coast
Europe Asia
WSUDestination RouteUEN UtahOxford EuropeU of Toronto CanadaU of Singapore AsiaUC Stanford West CoastOther Other
Routing Protocols
RIP, IGP, OSPF, EGP, BGP Distance vector routing protocols (RIP,
Appletalk,IPX, IGRP) Routers inform neighboring routers of table Closest router is used to route packets
Link State routing protocols (OSPF) Routers have at least a partial map of the network Changes are flooded throughout network Routes are recomputed
Interior and Exterior Routing
Interior routing is within an autonomous system (collection of routers under a single administrative control)—RIP, OSPF
Exterior routing occurs between autonomous systems
Network access protocols operate at Layer 2. Transport of IP datagrams IP over point-to-point connections is used by ISP
when you dial in
Routing Protocols Internet protocols
BGP (border gateway protocol) Exchanges information between autonomous systems
about the condition of the internet Complex, hard to administer, exterior routing protocol
ICMP (internet control message protocol) Simple, interior routing protocol used with the internet Reports routing errors but is limited in the ability to
update RIP (routing information protocol)
Dynamic distance vector interior routing protocol Counts the number of devices on each route Selects the route with the least number of devices
Routing Protocols OSPF (open shortest path first)
Link state interior routing protocol used on the internet Counts number of computers, network traffic, network
error rates to select the best route Doesn’t broadcast to all devices just to routing devices Preferred TCP/IP, but also used by IPX/SPX
EIGRP (enhanced interior gateway routing protocol)
Link state interior routing protocol developed by CISCO Uses route transmission capacity, delay, reliability and
load to select best route Stores multiple routing tables
SAP (service advertisement protocol) Netware servers send SAP advertisements Novell’s broadcast protocol
Bandwidth and Expansion
Internet traffic doubles every 11 months Traffic increases due to changing nature
of applications—more video and music with high bandwidth
Streaming video requires 3-7 Mbps Video compression
MPEG standards
Broadband Requirements
High speed and capacity From terabits to petabits!
Bandwidth on demand Any time allocation
Bandwidth reservation Guarantee of needed bandwidth
Support of isochronous traffic Traffic with no tolerance for delay
QoS Provide variable service levels
Tunneling with a VPN
Why VPNs?
Improves ability to communicate outside of a company
Enables secure access Provides rapid provisioning of capacity
as needed
How Remote Access Via a VPN Works
VPN Characteristics
Logical network Isolates customer traffic on shared provider
facilities Looks like a private network Runs on either packet switched data network
or circuit-switched public network Can be deployed over a wide range of
network technologies Uses shared carrier infrastructure
Deployment Models
Customer-based Carriers install gateways, routers and
hardware on customer premises Customer manages security
Network-based Carrier houses all equipment at POP near
customer location
VPN Frameworks
Internet based Small ISPs provide local access services in a region Business users get end-to-end services from a
variety of suppliers Encryption used to isolate traffic and provide security Customer provides servers wit applications/content A RADIUS server is used to authenticate traffic for
access to application/Content servers RADIUS server is connected to a firewall
Provisioned VPNs
Packet-switched VPN that runs across ISP backbone using Frame Relay or ATM
Supports multiple protocols Provisioned services improve
performance by enabling guarantees of service (QoS)
3 Major VPN Applications
Intranets Sit-to-site connections
Remote Access Remote workers and outside customers Eliminates modems & remote access
routers Extranets
Suppliers have specific access
VPN Gateway Functions
Maintenance of a secure logical connection as a tunnel
Tunneling is encapsulation of a data packet within an IP packet
Remote ends of tunnel can be at edges of ISP or corporate boundary router
Traffic is routed as encyrpted
Key Tunneling Protocols
PPTP—Layer 2 in MS products L2TP –used by ISPs on backbone IPSec –covers encryption at 168 bit and
authenticated both ends of tunnel connection Works only in IP environment
VPN Security
Firewalls are used to control policies for data exchange between 2 networks
Routers can act as a firewall by managing packet traffic (filter)
Proxy servers used to separate internal network from public services
Authentication provided by RADIUS servers Uses CHAP (Challenge Handshake Authentication
Protocol) to authenticate Tokens issued with user password to server to verify
user access New tokens generated each time a user connects
Basic Encryption Terminology
Plaintext (aka cleartext): original, readable data
Ciphertext: scrambled form of plaintext Encryption: reversible conversion of
plaintext into ciphertext Decryption: conversion of ciphertext
back into plaintext Crack (aka break) code: decrypt
ciphertext without knowing key
Basic Encryption Terminology (cont’d)
Key: secret allowing encryption and decryption to be restricted to possessors of key
Symmetric encryption: encryption requiring a shared key for both encryption and decryption
Asymmetric encryption: algorithm using a different key for decryption than for encryption
Encryption Encoding plain text data to hide contents with cipher text Symmetric
Sender and receiver use same key Popular algorithms: DES, Triple DES, Blowfish
Asymmetric (PKI) Different keys with one key held publicly Verifies message through hashing (MD5) Types of public keys are RSA, Diffie-Hellman, PGP PKI uses digital certificates to authenticate users and
encrypt data Verisign and Entrust
US Digital Signature Law
USA: 15 USC §7006 Title 15: Commerce and Trade
Chapter 96: Electronic Signatures in Global and National Commerce
Based on S.761 (Sponsor Sens Abraham & Spencer) Introduced 1999-003-25 Came into force 2000-06-30 See Legal Information Institute entry athttp://www4.law.cornell.edu/uscode/15/
ch96.html#PC96
Electronic Payments
Credit card transactions Digital cash Micropayments
Credit Card Transactions
No documented case of interception of credit-card data while in transit through the Internet Most sites use Secure Sockets Layer (SSL) Credit-card information theft has occurred from
servers All sensitive data on Web servers should be
encrypted Safety of allowing a merchant to use credit-
card information depends on the merchant No worse to give info to reputable firm via Web than
to clerk who takes card away from view
Credit Cards & Escrow Allow buyer to register credit-card data with reputable firm
Merchant receives payment from escrow service Escrow service bills client credit card Insulates buyer from seller
Examples: VeriSign Cybercash http://www.cybercash.com Escrow.com http://www.escrow.com (for domain name
sales) Beseen BuyIt Button http://buyit.beseen.com Tradenable http://www.tradenable.com PayPal www.paypal.com
Digital Cash
All credit-card transactions result in electronic audit trail
Digital cash (aka e-cash) removes trail Load a device with credits Use device for transactions to transfer credits
Requires device that can prevent Counterfeiting (loading credits fraudulently) Theft (removing credits fraudulently)
Digital Cash (cont’d)
Mechanisms depend on smart cardsDevices size of credit card Include microprocessor, RAM, powerProgrammed with cryptographic tools to prevent
unauthorized modification of contents Interface allows merchant to deduct or refund
credits Examples include
eCash http://www.digiscash.comE-Cash Services http://www.ecashservices.com
Expensive Leased Lines
VPN Access as an Intranet
VPNs and Business
Before a VPN—Point-to-Point
After a VPN—Tunneled
Encryption and VPNs
Evaluating a VPN Solution
VoIP
Not yet a big player with less than 5% of market
Cost savings, enhanced voice services and new applications major advantages
VoIP gateways bridge circuit-switched PSTN and packet-switched Internet Gateways packetize, and compress voice, route
packets, authenticate users, and manage network of gateways
VoIP Hardware
Enterprise gateway Deployed between PBX and WAN device (router) for
call set-up,routing, and conversion VoIP routers
Voice cards perform packetization and compression functions in a router
IP PBX Distributed telephony servers that operat ein packt-
switched mode ISP VoIP gateways
Aggregate incoming traffic and routing
VoIP Infrastructure
VoIP Architecture
Implementing VoIP
VoIP Standards H.323
Based on ISDN and limited to point-to-point applications SIP
Application layer (signaling) protocol Establishes temp sessions for multimedia conferences,
telephony, mobile phone-to-instant messaging LDAP
Standard directory server technology for Internet Enables retrieval of information from multi-vendor
directories Used for free phone and Internet phone number hosting
