Sybex CCNA 640-802 Chapter 14: Wide Area Networks.
-
Upload
shanon-jefferson -
Category
Documents
-
view
266 -
download
18
Transcript of Sybex CCNA 640-802 Chapter 14: Wide Area Networks.
Sybex CCNA 640-802 Chapter 14: Wide Area Networks
Chapter 14 Objectives
The CCNA Topics Covered in this chapter include:• Introduction to WAN’s• HDLC• PPP• Frame Relay• Introduction to VPN’s
2
Defining WAN Terms• Customer Premises Equipment (CPE)
– Equipment the customer owns
• Demarcation (demarc) - [see 2 “guest” slides, ff]– The device in which where responsibiltiy shifts from the telco to
the customer. On the customer’s premises.
• Local loop– Connects the demarc to the CO.
• Central Office (CO– This is the other end of the local loop, where the customer’s
network finally connects to the telco’s WAN switches.
– Not exactly the same as a Point of Presence, but close. The definition of a CO can be more broad than that of a POP.
• Toll network– The provider’s trunk lines.
4
Demarcation Point – U.S.
• The demarcation point, or "demarc" as it is commonly known, is the point in the network where the responsibility of the service provider or "telco" ends.
• In the United States, a telco provides the local loop into the customer premises and the customer provides the active equipment such as the channel service unit/data service unit (CSU/DSU) on which the local loop is terminated.
• This termination often occurs in a telecommunications closet and the customer is responsible for maintaining, replacing, or repairing the equipment.
5
Demarcation Point – International
• In other countries around the world, the network terminating unit (NTU) is provided and managed by the telco.
• This allows the telco to actively manage and troubleshoot the local loop with the demarcation point occurring after the NTU.
• The customer connects a customer premises equipment (CPE) device, such as a router or frame relay access device, into the NTU using a V.35 or RS-232 serial interface.
WAN Connection Types
DTE-DCE-DTE
Channel Service Unit (CSU) is a device that converts a digital data frame from the communications technology used on a local area network (LAN) into a frame appropriate to a wide-area network (WAN) and vice versa. The Data Service Unit (DSU) is a device that performs protective and diagnostic functions for a telecommunications line. [G1. 10 slides follow]
8
External CSU/DSU
• For digital lines, a channel service unit (CSU) and a data service unit (DSU) are required. – We won’t go into the differences here.
• The two are often combined into a single piece of equipment, called the CSU/DSU.
To routerTo T1 circuit
9
CSU/DSU Interface Card
• The CSU/DSU may also be built into the interface card in the router.
10
Overview
• Over the last several years, web-based applications, wireless devices, and virtual private networking (VPN) have changed expectations about computer networks.
• Today corporate networks are accessible virtually anytime from anywhere. • Corporate networks are typically built around one central site that houses
key network resources. • It is the job of networking professionals to provide users with remote
access to the networks. • Remote users may be working at branch offices or home offices. • They may even be on the road with a laptop or a handheld mobile device.
Rick Graziani [email protected]
11
Range of services
• Types of available WAN services and costs vary depending on the geographical region and the provider. Budgetary constraints and service availability are often the overriding selection criteria.
• There are two basic methods of data communications:– Asynchronous transmission – Synchronous transmission
• Typically, synchronous communications are more efficient, but dialup asynchronous transmission is cheaper and more readily available.
Rick Graziani [email protected]
12
Asynchronous
Synchronous communication protocols except for POTS which is asynchronous
WAN Link Options
• SMDS: Switched Multimegabit Data Service – Handles large (enterprise level) amounts of “bursty” traffic. Connectionless. Extends the capabilities of LANs that often have large amounts of data to send over the internet, but only from time to time.
• Switched 56: a switched, digital service. 64 Kbps, 56 for data, one bit/byte is for signalling.
sdtd
13
Asynchronous Transmission
• Asynchronous means "without respect to time". • In terms of data transmission, asynchronous means that no clock or timing
source is needed to keep both the sender and the receiver synchronized. • Without the benefit of a clock, the sender must signal the start and stop of
each character so that the receiver knows when to expect data.• Asynchronous transmission is often described as "character-framed" or
"start/stop" communication because this method frames each character with a start and stop bit.
POTS (not ISDN)
http://www.jbmelectronics.com/
15
Synchronous Transmission
• Synchronous means "with time". • In terms of data transmission, synchronous means that a common timing
signal is used between hosts. • A clock signal is either:
– embedded in the data stream “encoding” – sent separately to the interfaces.
• A field of synchronization bits, called a preamble or flag, forms a pattern of alternating ones and zeros.
• The receiver uses this pattern to synchronize with the sender.• With sync, data is not sent in individual bytes, but as frames of large data
blocks.
17
WAN Services
• Service providers offer a variety of synchronous and asynchronous WAN services.
• The following services can be grouped into three categories depending on their connection type:– Dedicated or leased-line connectivity such as 56K circuit, T1, T3,
OC-12, and recently DSL and cable modem technologies – Circuit-switched networks such as dialup over PSTN or ISDN – Packet-switched networks such as Frame Relay, X.25, and ATM
18
Dedicated connections
• A dedicated connection is a continuously available point-to-point link between two sites.
• Dedicated connections typically carry high speed transmissions. • Because of the expense associated with building and maintaining
transmission facilities, dedicated connections are almost always leased from the telephone company or some other carrier network, “leased lines.”
• Leased lines are circuits that are reserved full time by the carrier for the private use of the customer.
• The private nature of a dedicated line allows an organization to maximize its control over the WAN connection.
19
Dedicated connections
• Because the line is not shared, they tend to be more costly. • The line must be paid for whether or not traffic is being sent over it. • Some services, such as T1, provide a fixed fee for local-loop access for
both locations, and then provide a distance fee for linking those two locations.
• The cost of maintaining multiple leased lines can add up quickly. • For this reason, most companies find a fully meshed WAN too costly to
build using only dedicated lines. • A fully meshed WAN means that every site maintains a connection to every
other site.
Uses CSU/DSUs
WAN Support• Frame Relay: high-speed, packet-switched technology• ISDN: Integrated Services Digital Network• LAPB: Link Access Procedure, Balanced• LAPD: Link Access Procedure, D-channel• HDLC: High-level Data Link Control• PPP: Point to Point Protocol; Industry standard• ATM: Asynchronous Transfer Mode (53-byte “cells”)
21
• Point-to-Point Protocol (PPP) –Standards-based protocol for router-to-router and host-to-network connections over synchronous and asynchronous circuits.
• Serial Line Internet Protocol (SLIP) – SLIP is the forerunner to PPP• High-Level Data Link Control (HDLC) – HDLC implementations are
proprietary, so Cisco HDLC is typically used only when connecting two Cisco devices.
• X.25/LAPB – X.25 provides extensive error detection and windowing features because it was designed to operate over error-prone analog copper circuits.
– X.25 was the predecessor of Frame Relay.
Other WAN protocols besides Frame Relay
and ATM
HDLC Protocol
• Bit-oriented Data Link layer ISO (same ISO that brought you
the OSI model) standard protocol, i.e., control information is encoded by bits
• Specifies a data encapsulation method on synchronous serial data links
• A point-to-point protocol used on leased lines• No authentication can be used
• [Note: HDLC provides both connection-oriented and connectionless service– It can also run over asynchronous links. The book sticks to
the CCNA exams objectives, which focus on the synchronous links, but HDLC is actually quite versatile.]
HDLC Frame Format
Point-to-Point Protocol (PPP)
• Purpose:– Transport layer - 3 packets across a Data Link
layer point-to-point link
• Can be used over asynchronous serial (dial-up) or synchronous serial (ISDN) media– Uses Link Control Protocol (LCP)
• Builds & maintains data-link connections
Point-to-Point Protocol Stack
PPP Main Components
• EIA/TIA-232-C– Intl. Std. for serial communications
• HDLC– Serial link datagram encapsulation method
• LCP– Used in P-2-P connections:
• Establishing• Maintaining• Terminating
• NCP (Network Control Protocol)– Method of establishing & configuring Network Layer protocols (IP,
IPX, AppleTalk, etc.).– Allows simultaneous use of multiple Network layer protocols
LCP Configuration Options
• Authentication– PAP: Password Authentication Protocol– CHAP: Challenge Handshake Authentication Protocol
• Compression– Stacker– Predictor
• Error detection– Quality– Magic Number
• Multilink– Splits the load for PPP over 2+ parallel circuits; a “bundle”
• [ see Word document on LCP]
LCP• PPP Link Control Protocol (LCP)
Of all the different PPP suite protocols, the single most important protocol is the PPP Link Control Protocol (LCP). LCP is the “boss” of PPP; it is responsible for its overall successful operation, and for “supervising” (in a way) the actions of other protocols.
• PPP is about links, and LCP is about controlling those links. As I discussed in the PPP fundamentals section, the operation of a PPP link can be thought of as proceeding through various “life stages” just as a biological organism does. There are three main stages of “link life” and LCP plays a key role in each one:
• Link Configuration: The process of setting up and negotiating the parameters of a link.
• Link Maintenance: The process of managing an opened link.
• Link Termination: The process of closing an existing link when it is no longer needed (or when the underlying physical layer connection closes).
• Each of these functions corresponds to one of the “life phases” of a PPP link. Link configuration is performed during the initial Link Establishment phase of a link; link maintenance occurs while the link is open, and of course, link termination happens in the Link Termination phase.
• Figure 26 represents a summary of the LCP link, showing the different message exchanges performed by LCP during these different life phases of a PPP connection.
• See graphic:
LCP (continued)• “Link configuration” is arguably the
most important job that LCP does in PPP. During the Link Establishment phase, LCP frames are exchanged that enable the two physically-connected devices to negotiate the conditions under which the link will operate. Figure 27 shows the entire procedure, which we will now examine in detail.
• The process starts with the initiating device creating a Configure-Request frame that contains a variable number of configuration options that it wants to see set up on the link. This is basically device A's “wish list” for how it wants the link created.
• This flowchart shows in more detail the negotiation process undertaken to configure the link by LCP. This process begins when the PPP link enters the Link Establishment phase. After configuration, the connection goes to the Authentication phase.
PPP Session Establishment
• Link-establishment phase
• Authentication phase
• Network-layer protocol phase
PPP Session Establishment
PPP Authentication Methods
• Password Authentication Protocol (PAP)– Passwords sent in clear text– Remote node returns username & password– Only performed in initial link establishment
• Challenge Handshake Authentication Protocol (CHAP)– Done at start-up & periodically– Challenge & Reply
• Remote router sends a one-way hash ~ MD5
Configuring PPP• Step #1: Configure PPP on RouterA & RouterB:
Router__#config t
Router__(config)#int s0
Router__(config-if)#encapsulation ppp
Router__(config-if)#^Z
• Step #2: Define the username & password on each router:– RouterA: RouterA(config)#username RouterB password cisco– RouterB: RouterB(config)#username RouterA password cisco
NOTE: (1) Username maps to the remoteremote router
(2) Passwords must match
• Step #3: Choose Authentication type for each router; CHAP / PAPRouter__(Config)#int s0
Router__(config-if)#ppp authentication chap
Router__(config-if)#ppp authentication pap
Router__(config-if)#^Z
PPP: Example 1
PPP: Example 2: Failed PPP authentication
PPP: Example 3:Mismatched WAN Encapsulations
PPP: Example 4:Mismatched IP Address
PPP Power Point
• Go to PPP Power Point– PPt-8_PPP_with_slide-14_PAP-CHAP-etc.ppt
• Then go to the Frame Relay material
Frame Relay• Frame Relay is probably the simplest data communications protocol ever
conceived. Designed to run over virtually error- free circuits, it's a protocol stripped down for speed.
• Frame Relay abolishes the Network Layer of the OSI model, claims the routing and multiplexing functions for itself, and leaves everything else to the higher layers (like error-correction).
• A Frame Relay service ignores traditional functions such as window rotation, sequence numbering, frame acknowledgment, and automatic retransmission in order to concentrate on the basics: – delivering correct data quickly in the right order to the right place. – It simply discards incorrect data.
• The need for a streamlined protocol like Frame Relay grows from several facts of modern data communications:
• Users have more data to communicate, and they'd like that data to travel faster and in larger chunks than current technology has allowed.
• Physical transmission gets faster every year and introduces fewer and fewer errors into the data.
• Computers and workstations with the intelligence to handle high-level protocols have replaced dumb terminals as the instruments of choice.
• Thanks especially to cleaner transmission and smarter workstations, procedures that older Data Link and Network protocols use to recognize and correct errors have become redundant for jobs that require large volume at high speeds.
• Frame Relay handles volume and speed efficiently by combining the functions of the Data Link and Network layers into one simple protocol.
• As a Data Link protocol, Frame Relay provides – access to a network, – delimits and delivers frames in proper order, and – recognizes transmission errorsthrough a Cyclic Redundancy Check.
• As a Network protocol, Frame Relay provides multiple logical connections over a single physical circuit and allows the network to route data over those connections to its intended destinations.
• In order to operate efficiently, Frame Relay eliminates all the error handling and flow control procedures common to conventional protocols such as SDLC and X.25.
• In their place, it requires both an error-free transmission path, such as a digital carrier circuit or a fiber span, and intelligent higher- layer protocols in the user devices.
Frame Relay
• By definition, Frame Relay is an access protocol that operates between:– an end-user device such as a LAN bridge or router or a front-end
processor and– a network.
• The network itself can use any transmission method that's compatible with the speed and efficiency that Frame Relay applications require. Some networks use Frame Relay itself; others use either digital circuit switching or one of the new cell relay systems.
Frame Relay
Frame Relay• Background
– High-performance WAN encapsulation method– OSI Physical & Data Link layer– Originally designed for use across ISDN
• Supported Protocols– IP, – DECnet, – AppleTalk, – Xerox Network Service (XNS), – Novell IPX, – Banyan Vines, – Transparent Bridging, & – ISO
Before Frame Relay
After Frame Relay
Early Implementations of Frame Relay
• Early implementation of Frame Relay required that a router (DTE device) must have a WAN serial interface for every permanent virtual circuit (PVC).
• This was effective but increased the cost because of the increased number of interfaces, WAN connections, at the hub router.
Multipoint Physical Interface (and multipoint subinterfaces) and Split Horizon
• A single physical interface works, but Split Horizon prohibits distance vector routing updates from propagating out the same physical interface on which it received the update.
Solution: No Split Horizon with Point-to-point Subinterfaces
Frame Relay, sidestep …
• Take a look at this Power Point:– FrameRelay.Subinterfacs.SpltiHorizon.etc.ppt
• Then back again.
Frame Relay• Purpose
– Provide a communication interface between DTE & DCE equipments
– Connection-oriented Data Link layer communication
• Via virtual circuits: PVC, SVC• Provides a complete path from the source to
destination before sending the first frame
Frame Relay Terminology
Frame Relay Encapsulation• Specified on serial interfaces• Encapsulation types:
– Cisco (default encapsulation type)– IETF (used between Cisco & non-Cisco devices)
RouterA(config)#int s0
RouterA(config-if)#encapsulation frame-relay ?
ietf Use RFC1490 encapsulation
<cr>
Data Link Connection Identifiers (DLCIs)
• Frame Relay PVCs are identified by DLCIs (identified to DCEs, like routers, for example)
• IP end devices are mapped to DLCIs– Mapped dynamically or mapped by IARP
• Global Significance: – Advertised to all remote sites as the same PVC– For this you need everyone in the network to use LMI extensions– This is such a pain that it is very rarely implemented
• Local Significance: – DLCIs do not need to be unique
• ConfigurationRouterA(config-if)#frame-relay interface-dlci ?
<16-1007> Define a DLCI as part of the current subinterface
RouterA(config-if)#frame-relay interface-dlci 16
DLCI’s are Locally Significant
Local Management Interface (LMI)
• Background: a signaling standard between a router and the first connected frame relay switch
• Purpose: passing information about the operation and status of the VC between the DTE and switch
• LMI Messages– Keepalives– Multicasting– Global addressing– Status of virtual circuits
LMI Types
• Configuration:RouterA(config-if)#frame-relay lmi-type ? cisco ansi q933a
– Beginning with IOS ver 11.2+ the LMI type is auto-sensed– Default type: cisco
• Virtual circuit status:– “Active”: everything is up, routers can exchange
information– “Inactive”: router interface is up and connected with the
switch, but the remote router is not up– “Deleted”: no LMI info is being received on the interface
from the switch
Single interfaces
RouterA(config)#int s0/0
RouterA(config-if)#encapsulation frame-relay
RouterA(config-if)#ip address 172.16.20.1 255.255.255.0
RouterA(config-if)#frame-relay lmi-type ansi
RouterA(config-if)#frame-relay interface-dlci 101
RouterA(config-if)#^Z
Sub-interfaces• Definition
– Multiple virtual circuits on a single serial interface: multiplexing
– Enables the assignment of different network-layer characteristics to each sub-interface
• IP routing on one sub-interface• IPX routing on another
– Mitigates difficulties associated with:• Partial meshed Frame Relay networks• Split Horizon protocols
Creating Sub-interfaces
Configuration:#1: Set the encapsulation on the serial interface
#2: Define the subinterfaceRouterA(config)#int s0
RouterA(config)#encapsulation frame-relay
RouterA(config)#int s0.?
<0-4294967295> Serial interface number
RouterA(config)#int s0.16 ?
multipoint Treat as a multipoint link
point-to-point Treat as a point-to-point link
Sub-interfaces– Point-to-point: a single virtual circuit connects one router to another.
Each p-2-p subinterface requires its own subnet.– Multipoint: when the router is the center of a star of virtual circuits that
are using a single subnet for all routers’ serial interfaces connected to the switch.
Mapping Frame RelayNecessary to IP end devices to communicate
– Addresses must be mapped to the DLCIs– Methods:
• Frame Relay map command• Inverse-arp function
Using the map command
RouterA(config)#int s0
RouterA(config-if)#encap frame
RouterA(config-if)#int s0.16 point-to-point
RouterA(config-subif)#no inverse-arp
RouterA(config-subif)#ip address 172.16.30.1 255.255.255.0
RouterA(config-subif)#frame-relay map ip 172.16.30.17 16 ietf broadcast
Using the inverse arp command
RouterA(config)#int s0.16 point-to-point
RouterA(config-subif)#encap frame-relay ietf
RouterA(config-subif)#ip address 172.16.30.1 255.255.255.0
RouterA(config-subif)#frame-relay interface-dlci 200
Inverse arp is similar to arp, but maps local DLCIs to IP addresses. This is used to deal with the local significance of DLCIs.
Committed Information Rate (CIR)
• Definition: Provision allowing customers to purchase amounts of bandwidth lower than what they might need– Cost savings– Good for bursty traffic– Not good for constant amounts of data transmission
Congestion Control• Discard Eligibility (DE):
– Transmit packets beyond the CIR, the packets exceeding the CIR are to be discarded if network is congested at that time. These excessive bits are marked with a DE bit.
• Forward-Explicit Congestion Notification (FECN)– When the frame relay network recognizes congestion in the
cloud, the FECN bit will be set to 1 to notify the destination DTE that the path the frame just traversed is congested.
• Backward-Explicit Congestion Notification (BECN)– When the switch detects congestions, it’ll set the BECN bit
in a frame that’s destined for the source router.
Monitoring Frame Relay
RouterA>sho frame ?
ip show frame relay IP statistics
lmi show frame relay lmi statistics
map Frame-Relay map table
pvc show frame relay pvc statistics
route show frame relay route
traffic Frame-Relay protocol statistics
RouterA#sho int s0
RouterB#show frame map
Router#debug frame-relay lmi
Troubleshooting Frame Relay
Why can’t RouterA talk to RouterB?Why can’t RouterA talk to RouterB?You need to use your own DLCI number 100 instead of the remote You need to use your own DLCI number 100 instead of the remote DLCI number to communicate with the switch. DLCI number to communicate with the switch.
Troubleshooting Frame Relay
Why is RIP not sent across the PVC?Why is RIP not sent across the PVC?Because frame relay is a non-broadcast multi-access network, i.e., no Because frame relay is a non-broadcast multi-access network, i.e., no broadcast across the PVC. So it’s necessary to broadcast across the PVC. So it’s necessary to add broadcastadd broadcast in the in the mapping statement.mapping statement.
Introduction to VPN’s
• VPNs are used daily to give remote users and disjointed networks connectivity over a public medium like the Internet instead of using more expensive permanent means.
70
Types of VPN’s
• REMOTE ACCESS VPNSRemote access VPNs allow remote users like telecommuters to securely
access the corporate network wherever and whenever they need to.
• SITE-TO-SITE VPNSSite-to-site VPNs, or, intranet VPNs, allow a company to connect its remote
sites to the corporate backbone securely over a public medium like the Internet instead of requiring more expensive WAN connections like Frame Relay.
• EXTRANET VPNSExtranet VPNs allow an organization’s suppliers, partners, and customers to be
connected to the corporate network in a limited way for business-to-business (B2B) communications.
71