Introducing WAN Technologies Flashcards
Service provider networks are complex. They are mostly built of high-bandwidth fiber-optic media, using Dense Wavelength Division Multiplexing (DWDM), the Synchronous Optical Networking (SONET) in North America, and Synchronous Digital Hierarchy (SDH) in the rest of the world. These standards define how to transfer data over optical fiber over great distances
Dense Wavelength Division Multiplexing (DWDM)
Synchronous Optical Networking (SONET) - in North America
Synchronous Digital Hierarchy (SDH) - in the rest of the world
Are devices that modulate and demodulate analog carriers to encode and retrieve digital information. A modem interprets digital and analog signals, enabling data to be transmitted over voice-grade telephone lines.
Modems
Are used where a fiber-optic link terminates to convert optical signals into electrical signals and vice versa. You can also implement the converter as a router or switch module.
Optical fiber converters
provides internetworking and WAN access interface ports that are used to connect to the service provider network. These interfaces may be serial connections or other WAN interfaces. With some types of WAN interfaces, you need an external device such as a CSU/DSU or modem (analog, cable, or DSL) to connect the router to the local point of presence (POP) of the service provider.
router
Resides within the middle or backbone of the WAN, rather than at its periphery. To fulfil this role, a router or multilayer switch must be able to support multiple telecommunications interfaces of the highest speed in use in the WAN core. It must also be able to forward Internet Protocol (IP) packets at wire speed on all these interfaces.
core router or multilayer switch
Are used when you are using the wireless medium for WAN connectivity. You can also use an access point instead of a wireless router.
Router with cellular connectivity features
Data terminating equipment (DTE) and data communications equipment (DCE) are terms that were used in the context of WAN connectivity options that are mostly considered legacy today. The two terms name two separate devices. The DTE device is either a source or a destination for digital data. Specifically, these devices include PCs, servers, and routers. In the figure, a router in either office would be considered a DTE. DCE devices convert the data received from the sending DTE into a form acceptable to the WAN service provider.
DTE - (Data terminating equipment)
DCE - (Data communications equipment)
Is a marking which separates a customer’s WAN equipment from the service provider’s equipment.
demarcation point
The customer side of the demarcation point accommodates
Customer Premises Equipment (CPE)
This topology establishes a circuit (a logical connection) between exactly two sites. It is also called a Layer 2 service as it creates a connection, via which it seems that both sites are on the same physical segment.
Point-to-point topology
This topology features a central router or multilayer switch, acting as the hub, which is connected to all other remote devices, the spokes. All communication among the spoke networks traverses the hub.
Hub-and-spoke topology
In this topology, each remote node on the periphery of a given service provider network has a direct logical connection, also called a circuit, to every other remote node. Any site can communicate directly with any other site. The key rationale for creating a full mesh environment is to provide a high level of redundancy.
Full mesh topology
In this topology, almost, but not all remote nodes are inter-connected. It reduces the number of sites that have direct connections to all other nodes. Partial meshes are highly flexible topologies that can take various very different configurations.
Partial mesh topology
Which provide permanent dedicated connections using point-to-point links with various capacities that are limited only by the underlying physical facilities and the willingness of enterprises to pay for these dedicated lines. A point-to-point link provides a pre-established WAN communications path from the customer premises through the provider network to a remote destination.
Dedicated communication links
Can be either circuit-switched or packet-switched. It is important to differentiate between the two switching models
Switched communication links
Circuit switching establishes a dedicated virtual connection, called a circuit between a sender and a receiver. The connection through the network of the service provider is established dynamically, before communication can start, using signaling which varies for different technologies.
Circuit-switched communication
Using circuit switching does not make efficient use of the allocated fixed bandwidth due to the data flow fluctuations. In contrast to circuit switching, packet switching segments data into packets that are routed over a shared network
Packet-switched communication
Instead of using a separate WAN infrastructure, enterprises today commonly take advantage of the global internet infrastructure for WAN connectivity. Previously, the internet was not a viable option for a WAN connection due to many security risks and lack of SLA, i.e. the lack of adequate performance guarantees.
Internet-based communication links
Is a Layer 2 technology which defines virtual circuits (VCs). Each VC represents a logical end-to-end link mapped over the physical service provider’s Frame Relay WAN. An enterprise can use a single router interface to connect to multiple sites using different VCs.
Frame Relay
Is built on a cell-based architecture rather than on a frame-based architecture. ATM cells are always a fixed length of 53 bytes. Small, fixed-length cells are well-suited for carrying voice and video traffic because this traffic is intolerant of delay. Video and voice traffic do not have to wait for larger data packets to be transmitted.
ATM technology
Is an Internet Engineering Task Force (IETF) standard that defines a packet label-based switching technique, which was originally devised to perform fast switching in the core of IP networks. This technique helped carriers and large enterprises scale their networks as increasingly large routing tables become more complex to manage.
MPLS (Multipleprotocol Label Switching)
Many municipal governments, often working with service providers, are deploying wireless networks. Some of these networks provide high-speed internet access at no cost or for substantially less than the price of other broadband services.
Municipal Wi-Fi
Broadband refers to wireless internet access delivered through mobile phone towers to computers, mobile phones, and other digital devices. Devices use small radio antenna to communicate with larger antenna at the phone tower, via radio waves.
Cellular/Mobile
Is a general term for the internet services from a mobile phone or from any device that uses the same technology. A mobile phone subscription does not necessarily include a mobile data subscription.
Mobile Internet or Mobile Data
A mobile technology that increased the capacity and speed of the wireless link compared to 2G and 3G technologies. It introduced novelties, such as using a different radio interface, and core network improvements.
Long-Term Evolution (LTE)
Acronyms refer to the mobile wireless technologies and standards, and stand for second, third, fourth, and fifth generations of mobile wireless technologies. Each new generation is an evolution of the previous one. Each generation defines its own standards and with each new generation the access bitrates continue to increase.
2G/3G/4G/5G
Is a high-speed bi-directional internet connection made through geostationary communications satellites. Internet-by-satellite speed and cost nowadays compare with DSL broadband offerings. Satellite Internet is typically used in locations where land-based internet access is not available or for temporary installations that are mobile.
Satellite Internet
Provides high-speed broadband service with wireless access and provides broad coverage similar to a cell phone network rather than through small Wi-Fi hotspots. WiMAX is a wireless technology for both fixed and mobile implementations. WiMAX operates in a similar way to Wi-Fi, but at higher speeds, over greater distances, and for a greater number of users.
Worldwide Interoperability for Microwave Access (WiMAX)
Single-homed ISP connectivity is used in cases when a loss in internet connectivity is not as problematic to a customer (although the internet is typically a vital resource). Single-homed customers use only one service provider for the internet uplink, and use only one physical uplink to connect to the ISP, so there is no redundancy.
Single-homed
With a single ISP, customers can still achieve redundancy if two links toward the same ISP are used, effectively making a customer dual-homed. The dual-homed design could also be configured to load balance traffic over both of the links, but the dual-home redundancy option cannot protect the customer if the ISP has an outage.
Dual-homed
If a customer network is connected to multiple ISPs, the solution is said to be multihomed. The customer is responsible for announcing their own IP address space to upstream ISPs. The customer should avoid forwarding any routing information between ISPs, or they become a transit provider between the two ISPs.
Multihomed
To enhance resiliency, a customer can have two links to each ISP, making the solution dual-multihomed. This dual-multihomed solution gives an organization the most redundancy possible. This set up would probably be the connectivity option of choice for a data center or a large enterprise with plenty of resources, as it would be the most costly option.
Dual-multihomed
is a technology that secures communication across an untrusted network. By definition, as per Request for Comments (RFC) 2828, a VPN is “a restricted-use, logical (for example, artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (for example, real) network (such as the internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network.”
VPN (Virtual Private Network)
Logical networks, independent of physical architecture.
Virtual
Independent of IP addressing and routing schemes (noncryptographic approaches). Secure confidentiality, message integrity, and origin authentication (cryptographic approaches).
Private
Interconnected computers, devices, and resources that are grouped to share information.
Network
Site-to-site VPN and remote-access VPN. A site-to-site VPN connects two entire networks, is statically configured and serves traffic of many hosts. A remote-access VPN connects an individual endpoint over the internet to the VPN device at the edge of the remote network.
Deployment mode
IP Security (IPsec) VPN, Secure Sockets Layer (SSL) VPN, MPLS VPN, and hybrid VPNs combining multiple technologies.
Underlying technology
VPNs enable organizations to use a cost-effective, third-party internet transport to connect remote offices and remote users to the main corporate site. The use of VPNs therefore eliminates expensive, dedicated WAN links.
Cost savings
VPNs enable corporations to use the internet infrastructure, which makes it easy to add new users. Therefore, corporations can expand capacity without adding significant infrastructure. For instance, a corporation with an existing VPN between a branch office and the headquarters can securely connect new offices by simply making a few changes to the VPN configuration and ensuring that the new office has an internet connection.
Scalability
VPNs allow mobile workers, telecommuters, and people who want to extend their work day to take advantage of high-speed, broadband connectivity, such as DSL and cable, to gain access to their corporate network.
Compatibility with broadband technology
Cryptographic VPNs can provide the highest level of security by using advanced encryption and authentication protocols that protect data from unauthorized access. The two available options are IPsec and SSL.
Security
VPNs connect entire networks to each other, such as connecting branch offices, home offices, or business partners networks to the main office network. Each site has a VPN capable device, called VPN gateway. Routers, firewalls, and other security appliances, such as the Cisco Adaptive Security Appliance (ASA), can act as VPN gateways.
Site-to-site
VPNs are used to connect individual hosts to remote networks over the internet. These VPNs support the need of telecommuters, mobile users, and enterprise customers to access remote networks and applications. Individual hosts typically connect to internet via broadband connections.
Remote-access
IPsec is a framework of open standards that spells out the rules for secure communications. IPsec relies on existing algorithms to implement cryptographic functions. The framework allows technologies to be replaced over time. When cryptographic technologies become obsolete, it does not make the IPsec framework obsolete.
IPsec tunnel
Although IPsec provides a secure method for tunneling data across an IP network, it has limitations. IPsec does not support IP broadcast or IP multicast, for example, it cannot be used when exchanging messages from protocols that rely on these features, such as routing protocols.
Generic Routing Encapsulation (GRE) over IPsec
Is a Cisco proprietary software solution that simplifies the device configuration when there is a need for many VPN connections. With Cisco DMVPN, a hub-and-spoke topology is first implemented. The configuration of this network is facilitated by a multipoint GRE tunnel interface, established on the hub.
Cisco Dynamic Multipoint Virtual Private Network (DMVPN)
IPSec VTI is a feature that associates an IPsec tunnel endpoint with a virtual interface. Traffic is encrypted or decrypted when it is forwarded from or to the tunnel interface and is managed by the IP routing table. Using IP routing to forward the traffic to the tunnel interface simplifies the IPsec VPN configuration compared to the conventional process, allowing for the flexibility of sending and receiving both IP unicast and multicast encrypted traffic on any physical interface.
IPsec virtual tunnel interface (VTI)
A cryptographic VPN
IPSec VPN
A client in remote-access VPN
SSL enabled browser
Is a device that can act as VPN gateway, to terminate VPNs
Firewall
Is a site-to-site VPN solution that implements hub-and-spoke topology and facilitates establishment of direct spoke-to-spoke connections
Cisco DMVPN
Is a site-to-site VPN solution that enables secure exchange of broadcast and multicast traffic
GRE over IPSec VPN
