- WANs generally connect devices that are separated by a broader geographical area than can be served by a LAN.
- WANs use the services of carriers, such as telephone companies, cable companies, satellite systems, and network providers.
- WANs use serial connections of various types to provide access to bandwidth over large geographic areas.
The Hierarchical Network Model
Access layer-Grants user access to network devices. In a network campus, the access layer generally incorporates switched LAN devices with ports that provide connectivity to workstations and servers. In the WAN environment, it may provide teleworkers or remote sites access to the corporate network across WAN technology.
Distribution layer-Aggregates the wiring closets, using switches to segment workgroups and isolate network problems in a campus environment. Similarly, the distribution layer aggregates WAN connections at the edge of the campus and provides policy-based connectivity.
Core layer (also referred to as the backbone) – A high-speed backbone that is designed to switch packets as fast as possible. Because the core is critical for connectivity, it must provide a high level of availability and adapt to changes very quickly. It also provides scalability and fast convergence.
Enterprise Campus Architecture:
An enterprise campus network is a building or group of buildings connected into one network that consists of many LANs.
It is generally limited to a fixed geographic area, but it can span several neighboring buildings.
The architecture is modular and scalable and can easily expand to include additional buildings or floors as required.
Enterprise Branch Architecture:
This module allows businesses to extend the applications and services found at the enterprise campus to thousands of remote locations and users or to a small group of branches.
Enterprise Data Center Architecture:
Data centers are responsible for managing and maintaining the many data systems that are vital to modern business operations.
This module centrally houses the data and resources to enable users to effectively create, collaborate, and interact.
Enterprise Teleworker Architecture:
This module leverages the network resources of the enterprise from home using broadband services such as cable modem or DSL to connect to the corporate network.
Typically implemented using remote access VPNs.
Enterprise Edge Architecture:
This module often functions as a liaison between the campus module and the other modules in the Enterprise Architecture.
PAP – 2 Way handshake
PAP usernames and passwords are sent as clear text strings, which can be intercepted and reused.
CHAP is a more secure procedure for connecting to a system than PAP
CHAP – 3 Way handshake
CHAP authentication sends a challenge message to the remote device. The remote device encrypts the challenge value with a shared secret and returns the encrypted value and its name to the local router in a Response message.
Data Communications Equipment (DCE) (Switch) -Also called data circuit-terminating equipment, the DCE consists of devices that put data on the local loop. The DCE primarily provides an interface to connect subscribers to a communication link on the WAN cloud.
Data Terminal Equipment (DTE) (Router) -The customer devices that pass the data from a customer network or host computer for transmission over the WAN. The DTE connects to the local loop through the DCE.
Modem-Modulates an analog carrier signal to encode digital information, and also demodulates the carrier signal to decode the transmitted information.
CSU/DSU-Digital lines, such as T1 or T3 carrier lines, require a channel service unit (CSU) and a data service unit (DSU). The two are often combined into a single piece of equipment, called the CSU/DSU. The CSU provides termination for the digital signal and ensures connection integrity through error correction and line monitoring. The DSU converts the T-carrier line frames into frames that the LAN can interpret and vice versa.
WAN Physical Layer Standards:
EIA/TIA-232-This protocol allows signal speeds of up to 64 kb/s on a 25-pin D-connector over short distances.
EIA/TIA-449/530-This protocol is a faster (up to 2 Mb/s) version of EIA/TIA-232. It uses a 36-pin D-connector and is capable of longer cable runs.
EIA/TIA-612/613-This standard describes the High-Speed Serial Interface (HSSI) protocol, which provides access to services up to 52 Mb/s on a 60-pin D-connector.
V.35-This is the ITU-T standard for synchronous communications between a network access device and a packet network. Originally specified to support data rates of 48 kb/s, it now supports speeds of up to 2.048 Mb/s using a 34-pin rectangular connector.
X.21-This protocol is an ITU-T standard for synchronous digital communications. It uses a 15-pin D-connector.
The most common WAN data-link protocols are:
Frame Relay offers data rates up to 4 Mb/s, with some providers offering even higher rates.
ATM cells are always a fixed length of 53 bytes. The ATM cell contains a 5 byte ATM header followed by 48 bytes of ATM payload.
A typical ATM line needs almost 20 percent greater bandwidth than Frame Relay to carry the same volume of Network layer data.
ATM was designed to be extremely scalable and can support link speeds of T1/E1 to OC-12 (622 Mb/s) and higher.
Types of VPN Access
There are two types of VPN access:
Site-to-site VPNs-Site-to-site VPNs connect entire networks to each other, for example, they can connect a branch office network to a company headquarters network, as shown in the figure. Each site is equipped with a VPN gateway, such as a router, firewall, VPN concentrator, or security appliance. In the figure, a remote branch office uses a site-to-site-VPN to connect with the corporate head office.
Remote-access VPNs-Remote-access VPNs enable individual hosts, such as telecommuters, mobile users, and extranet consumers, to access a company network securely over the Internet. Each host typically has VPN client software loaded or uses a web-based client.
Customer Premises Equipment (CPE):
The devices and inside wiring located at the premises of the subscriber and connected with a telecommunication channel of a carrier.
The subscriber either owns the CPE or leases the CPE from the service provider.
Central Office (CO):
A local service provider facility or building where local telephone cables link to long-haul, all-digital, fiber-optic communications lines through a system of switches and other equipment.
Often referred to as the “last mile,” it is the copper or fiber telephone cable that connects the CPE at the subscriber site to the CO of the service provider.
Data Communications Equipment (DCE):
Also called data circuit-terminating equipment, the DCE consists of devices that put data on the local loop.
The DCE primarily provides an interface to connect subscribers to a communication link on the WAN cloud.
Data Terminal Equipment (DTE):
The customer devices that pass the data from a customer network or host computer for transmission over the WAN.
The DTE connects to the local loop through the DCE.
Physically, the demarcation point is the cabling junction box, located on the customer premises, that connects the CPE wiring to the local loop and officially separates the customer equipment from service provider equipment.
It is the place where the responsibility for the connection changes from the user to the service provider.
A voiceband modem converts and reconverts the digital signals produced by a computer into voice frequencies that can be transmitted over the analog lines of the public telephone network.
Faster modems, such as cable modems and DSL modems, transmit using higher broadband frequencies.
Digital lines, such as T1 or T3 carrier lines, require a channel service unit (CSU) and a data service unit (DSU).
The two are often combined into a single piece of equipment, called the CSU/DSU.
The CSU provides termination for the digital signal and ensures connection integrity through error correction and line monitoring while the DSU converts the T-carrier line frames into frames that the LAN can interpret.
Concentrates dial-in and dial-out user communications and may have a mixture of analog and digital interfaces and support hundreds of simultaneous users.
A multiport internetworking device used in carrier networks to support Frame Relay, ATM, or X.25.
Provides internetworking and WAN access interface ports that are used to connect to the service provider network.
These interfaces may be serial connections or other WAN interfaces and may require an external device such as, a DSU/CSU or modem (analog, cable, or DSL), to connect to the service provider.
Older low-capacity WAN technology with a maximum speed of 48 kb/s, typically used in dialup mode with point-of-sale card readers to validate transactions on a central computer.
For these applications, the low bandwidth and high latency are not a concern, and the low cost makes X.25 affordable.
Frame Relay has replaced X.25 at many service provider locations.
Layer 2 WAN protocol that typically offers data rates of 4 Mb/s or higher.
It provides permanent, shared, medium-bandwidth connectivity using virtual circuits capable of carrying both voice and data traffic.
VCs are uniquely identified by a DLCI, which ensures bidirectional communication from one DTE device to another.
Asynchronous Transfer Mode (ATM) technology is based on a cell-based architecture rather than a frame-based architecture, using fixed length cells of 53 bytes.
These small, fixed-length cells are well suited for carrying delay-sensitive voice and video traffic.