WANs

Question 1

LAN

Answer 1

Local Area Network:
A network that connects computers/devices in a relatively small area, typically a single building or small group of buildings

Question 2

WAN

Answer 2

Wide Area Network:

A geographically distributed network that connects multiple LANs

Question 3

MAN

Answer 3

Metropolitan Area Network:

A network that connects computers/devices in a geographic area larger than a LAN but smaller than a WAN

Question 4

VPNs

Answer 4

Provides a virtual tunnel between private networks across a shared public network (ex: Internet)

Traffic traveling over the tunnel is encrypted & only readable by the authorized users on both sides

User can share data over the tunnel as if they were connected with a dedicated private link

Allow an organization to use the same physical links for connectivity to the Internet & between offices

Because they use shared infrastructure, VPN connections are typically less expensive than dedicated links

Question 5

Site-to-Site VPN

Answer 5

Terminated on a router/firewall in each office

Software does not need to be installed on user desktops

IPsec typically used for encryption

Question 6

Site-to-Site VPN: Configuration Options

Answer 6

IPsec Tunnel
–Open standard, does not support multicast

GRE (Generic Routing Encapsulation) over IPsec Tunnel
–Adds support for multicast

IPsec VTI (Virtual Tunnel Interface)
--Cisco proprietary simplified configuration, supports multicast

DMVPN (Dynamic Multipoint VPN)
–Cisco proprietary. Scalable simple hub/spoke style configuration enables direct full mesh connectivity between all offices

FlexVPN
–Cisco proprietary. Very similar to DMVPN, newer tech

GETVPN (Group Encrypted Transport VPN)
–Cisco proprietary. Scalable centralized policy for VPN over non-public infrastructure (ex: MPLS)

Question 7

Remote Access VPN

Answer 7

Between a router or firewall in the office & VPN software installed on an individual user’s device

The user can access the VPN from anywhere with internet connectivity

They usually use SSL (sometimes IPsec) for encryption

Question 8

MPLS

Answer 8

Multi Protocol Label Switching:
Uses a shared core infrastructure at the service provider. It can be used for connectivity to the internet and/or connectivity between offices over VPN

Question 9

Satellite

Answer 9

Can be used for connectivity to the internet, for direct connectivity between offices and/or connectivity between offices over VPN

Question 10

Optical Fiber

Answer 10

More suitable for longer distances than copper
Commonly used for ISP backhaul connections

FTTx Services:
Fiber to the Home
Fiber to the Premises
Fiber to the Building
Fiber to the Neighborhood

Question 11

SONET & SDH

Answer 11

SONET (North America) and SDH (rest of the world) are the standards used in service provider optical fiber networks

Question 12

DWDM

Answer 12

Dense Wavelength Division Multiplexing:
Combines multiple optical signals in one optical signal transmitted over a single fiber strand

Each signal is assigned a different wavelength

DWDM allows more capacity to be added to existing infrastructure without expensive upgrades

DWDM is used in all modern long haul optical connections

Question 13

Dark Fiber

Answer 13

Many ISPs laid optical fiber cabling in the past and then found they didn’t require it
–DWDM was a major reason for this

The unused cabling can be offered to customers as “dark fiber”

Question 14

WAN Backup & Small Office Solutions

Answer 14

Less expensive options often aimed at home user internet access can be used as Internet VPN WAN backup options in corporate environments

There will typically be no corporate level SLA with these services

These can be used as the primary WAN connection method corporate network from smaller offices and for home users

• -DSL
• -Cable
• -Wireless (4G/5G)

Question 15

Legacy WAN Options

Answer 15

PSTN (Public Switched Telephone Network)
ISDN (Integrated Services Digital Network)
Frame Relay
ATM (Asynchronous Transfer Mode)
X.25

Question 16

Leased Lines

Answer 16

A leased line is a dedicated physical connection between two locations

It has fixed, reserved bandwidth which is not shared with anyone else

The same bandwidth is available in both directions

The company may own the cable infrastructure but more commonly it is leased from a SP for a monthly fee, hence the name

Question 17

Leased Lines: Locations

Answer 17

The first location is typically a corporate office

Second location is typically

• -Another corporate office (point-to-point connectivity)
• -A data center that’s connected to the company’s existing WAN, providing multipoint connectivity between offices
• -A data center that’s connected to the internet, providing internet connectivity & optionally corporate office connectivity over internet VPN

Question 18

Leased Lines: Bandwidth Options

Answer 18

Leased lines use a serial connection requiring the correct physical interface card in the router (no ethernet)

T1 - 1.544 Mbps
T2 - 6 Mbps
T3 - 45 Mbps
T4 - 275 Mbps

E1 - 2 Mbps
E2 - 8 Mbps
E3 - 34 Mbps
E4 - 140 Mbps

Question 19

Leased Lines: Benefits & Drawbacks

Answer 19

Leased lines have fixed, reserved bandwidth which is not shared with anyone else

The SP will typically provide an SLA for uptime/delay/loss on link

Typically more expensive than other options
Usually a longer lead time for installation

Copper/fiber options to the CPE (Customer Premises Equipment) are becoming more common than serial leased lines

Question 20

MPLS VPN

Answer 20

WAN connectivity can be offered via MPLS through ISP

Traffic from multiple customers can travel over the provider’s shared MPLS network = VPN service

Different levels of SLA for uptime & traffic delay/loss are often available at different price points

Ethernet connections are typically used to the customer router

MPLS VPNs provide full mesh topology by default

Question 21

MPLS VPN: Layer 3

Answer 21

MPLS runs across the providers core on the PE & P routers
Customer CE routers do not run MPLS
Customer CE routers peer at Layer 3 with the provider PE routers
Static route or a routing protocol runs between CE & PE
PE router looks like another customer router to the customer
Provider’s core routers are transparent to the customer
Customer sites are in different IP subnets

Question 22

MPLS VPN: Layer 2

Also:
Multipoint Layer 2 VPN
Point to point Layer 2 VPN

Answer 22

CE devices do not peer with PE devices
–Entire provider network is transparent to customer

Provider network acts like a giant switch
Customer sites are in the same IP subnets
May be required for clustering an application over the WAN
It can be useful for migrating hosts during disaster recovery

Terminology:
VPLS (Virtual Private LAN Service): Multipoint layer 2 VPN
VPWS (VIrtual PseudoWire Service): Point to point layer 2 VPN

Question 23

PPPoE

Answer 23

Point to Point Protocol over Ethernet:

Commonly used in DSL deployments
Can be configured on DSL modem or router

Question 24

Topology Options

Answer 24

Please review diagrams in study guide

Hub & Spoke (Star)
Advantages: Simplicity, centralized security policy
Disadvantages: Single point of failure, suboptimal traffic flow

Redundant Hub & Spoke
Advantages: Removes single point of failure, centralized security policy
Disadvantages: Higher cost, suboptimal traffic flow

Full Mesh
Advantage: Optimal traffic flow
Disadvantages: Higher complexity & cost

Partial Mesh

Question 25

Internet Redundancy Options

Answer 25

Please refer to study guide for diagrams

Single Homed
Dual Homed
Multihomed
Dual Multihomed