Tài liệu WAN Introduction ppt

Typically, WAN connections fall under one of four categories: ■ Leased lines, such as dedicated circuits or connections ■ Circuit-switched connections, such as analog modem and digital I

WAN Introduction

The last few chapters introduced you to configuring IP features on your Cisco router.

This chapter introduces you to wide area networking (WAN) concepts and some basicpoint-to-point configurations, including HDLC and PPP The two chapters followingthis, Frame Relay and ISDN, focus on packet-switched and dialup connections, respectively

CERTIFICATION OBJECTIVE 15.01

Wide Area Networking Overview

Typically, LAN connections are within a company and WAN connections allowyou to connect to remote sites Typically, you don’t own the infrastructure for WANconnections—another company, such as a telephone company, provides the infrastructure.WAN connections are usually slower than LAN connections A derivative of WANsolutions is the metropolitan area network (MAN) MANs sometimes use high-speedLAN connections in a small geographic area between different companies, or divisionswithin a company MANs are becoming more and more popular in large cities andeven provide connections over a LAN medium, such as Ethernet

One of the major factors when choosing a

WAN or MAN provider is cost These connections

are billed in multiple ways: flat monthly lease cost,per-packet cost, per-minute cost, and many othermethods On top of this, you have many solutions

to choose from to solve your WAN connectionproblems In order to choose the right solution, you’ll need to weigh your connectionrequirements, your traffic patterns, and the cost of the solution

Equipment and Components

WAN connections are made up of many types of equipment and components Figure 15-1shows some of these WAN terms Table 15-1 has a list of the terms and definitions

As you may recall from Chapter 2, a DCEterminates a connection between two sites andprovides clocking and synchronization for thatconnection; it connects to a DTE The DCEcategory includes equipment such as CSU/DSUs,NT1s, and modems A DTE is an end-user device,

The most important factor

in choosing a WAN service is cost.

It is important to remember the WAN terms in Table 15-1.

such as a router or PC, that connects to the WAN via the DCE equipment In somecircumstances, the function of the DCE might be built into the DTE’s physicalinterface For instance, certain Cisco routers can be purchased with built-in NT1s

or CSU/DSUs in their WAN interfaces

Wide Area Networking Overview 3

FIGURE 15-1 WAN terms

Demarcation point This is where the responsibility of the carrier is passed on to you; this

could be inside or outside your local facility Please note that this is a

logical boundary, not necessarily a physical boundary.

Local loop This is the connection from the carrier's switching equipment to the

demarcation point

CO (central office) switch This is the carrier's switch within the toll network

Toll network This is the carrier's internal infrastructure for transporting your data

TABLE 15-1 WAN Terms and Definitions

As you can see from this list, you have a lot of choices Not all of these solutions will beavailable in every area, and not every solution is ideal for your needs Therefore, one

of your first tasks is to have a basic understanding of some of these services Chapter 1provided a brief overview of some of these services This chapter covers some of theseservices briefly, and Chapters 16 and 17 expand on some of the others

Typically, WAN connections fall under one of four categories:

■ Leased lines, such as dedicated circuits

or connections

■ Circuit-switched connections, such as analog

modem and digital ISDN dialup connections

■ Packet-switched connections, such as Frame

Relay and X.25

■ Cell-switched connections, such as ATM

and SMDSThe following three sections will introduce you to these three connection types

Leased-Line Connections

A leased-line connection is basically a dedicated circuit connection between two sites

It simulates a single cable connection between the local and remote sites Leased linesare best suited when both of these conditions hold:

■ The distance between the two sites is small, making them cost-effective

■ You have a constant amount of traffic between two sites and need to guaranteebandwidth for certain applications

Even though leased lines can provide guaranteed bandwidth and minimal delay forconnections, other available solutions, such as ATM, can provide the same features.The main disadvantage of leased lines is their cost—they are the most expensiveWAN solution

Leased lines use synchronous serial connections, with their data rates ranging from2,400 bps all the way up to 45 Mbps, in what is referred to as a DS3 connection A

Know about the four types

of WAN connections: leased lines,

circuit-switched connections, packet-circuit-switched

connections, and cell-switched connections.

synchronous serial connection allows you tosimultaneously send and receive informationwithout having to wait for any signal from theremote side Nor does a synchronous connectionneed to indicate when it is beginning to sendsomething or the end of a transmission Thesetwo things, plus how clocking is done, are thethree major differences between synchronousand asynchronous connections—asynchronousconnections are typically used for dialup connections, such as modems.

If you purchase a leased line, you will need the following equipment:

■ DTE A router with a synchronous serial interface: this provides the datalink framing and terminates the WAN connection

■ DCE A CSU/DSU to terminate the carrier’s leased-line connection: thisprovides the clocking and synchronization for the connection

Figure 15-2 shows an example of the equipment required for a leased-line connection.The CSU/DSU is responsible for handling the physical layer framing, clocking, andsynchronization of the connection Data link layer protocols that you can use for

Wide Area Networking Overview 5

FIGURE 15-2 Leased line example

Remember that leased lines are used for short-distance connections

and when you have a constant amount

of traffic between sites with a need

of guaranteed bandwidth.

dedicated connections include PPP, SLIP, and HDLC SLIP is rarely used and isrestricted to IP traffic SLIP has been replaced by PPP.

to as Plain Old Telephone Service (POTS) by the telephone carriers

■ Synchronous serial connections These include digital ISDN BRI and PRIdialup connections; they provide guaranteed bandwidth

Asynchronous serial connections are thecheapest form of WAN services but are alsothe most unreliable of the services For instance,every time you make a connection using an analogmodem, there is no guarantee of the connectionrate you’ll get With these connections, the topconnection rate in the U.S is 53 Kbps, but depending on the quality of the connection,you might get something as low as 300 bps The Federal Communications Commission(FCC) restricts analog data rates to 53 Kbps or less Other countries might supporthigher data rates

The main problem with circuit-switched connections is that they are expensive

if you need to make connections over long distances, with a per-minute charge thatvaries, depending on the destination Therefore, the more data you have to send,the more time it will take, and the more money it will cost

Asynchronous circuit-switched connections are typically used for home officeand low-speed backup connections, as well as temporary low-speed connections foradditional boosts in bandwidth when your primary link becomes congested or when

it fails ISDN (discussed in Chapter 17) provides a digital circuit-switched connectionwith guaranteed data rates

With leased lines, as soon as the circuit is installed and you have configured yourDTE, the line remains up unless there is a problem with the carrier’s network or the DCEequipment This is different from circuit-switched connections These connectionsare temporary—you make a phone call to the remote DTE and when the line comes

up, you transmit your data Once you are done transmitting your data, the phoneconnection is terminated

Analog connections are restricted by the FCC to 53 Kbps.

If you will be using a circuit-switched analog connection, you’ll need this equipment:

■ DTE A router with an asynchronous serial interface

■ DCE A modem

If you will be using a circuit-switched digital connection, you’ll need this equipment:

■ DTE A router with an ISDN interface

■ DCE An NT1 for a BRI or a CSU/DSUfor a PRI

Figure 15-3 shows an example of an analogcircuit-switched connection With thisconnection, you’ll typically use PPP or HDLCfor the encapsulation: SLIP is rarely used

Packet-Switched Connections

With leased lines and circuit-switched connections, a physical circuit is used to makethe connection between the two sites With a leased line, the same circuit path isalways used With circuit-switched connections, the circuit path is built every time aphone call is made, making it highly probable that the same circuit path will not beused for every phone call

Packet-switched connections use logical circuits to make connections between two

sites These logical circuits are referred to as virtual circuits (VCs) One advantage that

Wide Area Networking Overview 7

FIGURE 15-3 Analog circuit-switched connection

Remember that switched connections are typically used

circuit-to back up primary connections, provide

additional bandwidth boosts, and afford

remote access to dialup users.

a logical circuit has over a physical one is that a logical circuit is not tied to anyparticular physical circuit Instead, a logical circuit is built across any available physicalconnection Another advantage of logical circuits is that you can build multiple logicalcircuits over the same physical circuit Therefore, with a single physical connection

to a carrier, you can connect to multiple sites This is not possible with leased lines:

for each location you want to connect to, you need a separate physical circuit, making

the cost of the solution much higher that one that uses logical circuits Technologiesthat use packet switching and logical circuits include ATM, Frame Relay, SMDS, andX.25 From a cost perspective, packet-switched solutions fall somewhere betweencircuit-switched solutions and leased lines

The oldest of these four technologies is X.25, which is an ITU-T standard X.25

is a network layer protocol that runs across both synchronous and asynchronousphysical circuits, providing a lot of flexibility for your connection options X.25 wasactually developed to run across unreliable connections It provides both error detection

and correction, as well as flow control, at both the data link layer (by LAPB) and the

network layer (by X.25) In this sense, it performs a function similar to what TCP, atthe transport layer, provides for IP Because of its overhead, X.25 is best delegated toasynchronous, unreliable connections If you have a synchronous digital connection,another protocol, such as ATM or Frame Relay, is much more efficient

Frame Relay is a digital packet-switched service that can run only across synchronousdigital connections at the data link layer Because it uses digital connections (whichhave very few errors), it does not perform any error correction or flow control as X.25does Frame Relay will, however, detect errors and drop bad frames It is up to a higher-layer protocol, such as IP’s TCP, to resend the dropped information

If you are setting up a Frame Relay connection, you’ll need the following equipment

■ DTE A router with a synchronous serial interface

■ DCE A CSU/DSU to connect to the carrierFigure 15-4 shows an example of a Frame Relay connection In this example, therouter needs only a single physical connection to the carrier to connect to multiplesites: this is accomplished via virtual circuits Frame Relay supports speeds fromfractional T1 or E1 connections (56–64 Kbps) up to a DS3 (45 Mbps) Frame Relay

is discussed in Chapter 16

ATM and SMDS are also packet-switched technologies that use digital circuits

Unlike Frame Relay and X.25, however, these services use fixed-length (53 byte)

packets, called cells, to transmit information Therefore, these services are commonly

called cell-switched services They have an advantage over Frame Relay in that they

can provide guaranteed throughput and minimal delay for a multitude of services,including voice, video, and data However, they do cost more than Frame Relay services.

SMDS, which was developed by BellCore,

is precursor to ATM and has been replaced bythe latter service ATM (sort of an enhancedFrame Relay) can offer a connection guaranteedbandwidth, limited delay, limited number oferrors, Quality of Service (QOS), and more.Frame Relay can provide some minimal guarantees

to connections, but not the degree of precisionthat ATM can Whereas Frame Relay is limited

to 45 Mbps connections, ATM can scale to very high speeds; OC-192 (SONET), forinstance, affords about 10 Gbps of bandwidth

WAN Interfaces on Cisco Routers

Cisco supports a wide variety of serial cables for their serial router interfaces Here aresome of the cable types supported for synchronous serial interfaces: EIA/TIA-232,

Wide Area Networking Overview 9

FIGURE 15-4 Frame Relay packet-switched connection

Remember that switched and cell-switched services are

packet-typically used when a router has only

a single WAN interface but needs to

connect to multiple remote sites.

EIA/TIA-449, EIA/TIA-530, V.35, and X.21.

The end that connects to the DCE device isdefined by these standards However, the endthat connects to the Cisco router is proprietary

in nature Cisco’s cables have two different endconnectors that connect to the serial interfaces

of their routers:

■ DB-60 Has 60 pins

■ DB-26 Has 26 pins and is flat, like a USB cableNote that these connectors are for synchronous serial connections Cisco has othercable types, typically RJ-45, for asynchronous connections

Encapsulation Methods

There are many different methods for encapsulating data for serial connections

Table 15-2 shows the most common ones

The following sections cover HDLC and PPP

in more depth

Synchronous serial interfaces have either a DB-60 or DB-26

connector for connecting to Cisco routers.

Link Access Procedure Balanced (LAPB) Used in X.25, it has extensive error detection and correction

Link Access Procedure D Channel

Point-to-Point Protocol (PPP) Based on RFC standards, PPP is the most common

encapsulation used for dialup It provides for authentication,handling multiple protocols, compression, and error detection

TABLE 15-2 Common Encapsulation Methods

Know the data link encapsulation types listed in Table 15-2.

CERTIFICATION OBJECTIVE 15.02

HDLC

Based on ISO standards, the HDLC (High-Level Data Link Control) protocol can beused with synchronous and asynchronous connections and defines the frame type andinteraction between two devices at the data link layer The following sections cover howCisco implements HDLC and how it is configured on serial interfaces

Frame Type

Cisco’s implementation of HDLC is based on ISO’s standards, but Cisco has made achange in the frame format, making it proprietary In other words, Cisco’s HDLC willwork only if the remote end also supports Cisco’s HDLC Figure 15-5 shows examples

of some WAN frame formats, including ISO’s HDLC, Cisco’s HDLC, and PPP Noticethat the main difference between ISO’s HDLC and Cisco’s frame format is that Ciscohas a proprietary field One of the problems with ISO’s HDLC is that it does not definehow to carry multiple protocols across a single link, as does Cisco’s HDLC Therefore,ISO’s HDLC is typically used on serial links where there is only a single protocol to

transport The default encapsulation on Cisco’s synchronous serial interfaces is HDLC.

Actually, Cisco supports only its own implementation of HDLC

FIGURE 15-5 WAN frame types

Configuring HDLC

As mentioned in the preceding section, the default encapsulation on Cisco’s synchronousserial interfaces is HDLC You need to use the following configuration only if you changedthe data link layer protocol to something else and then need to set it back to HDLC:

Router(config)# interface serial [module_#/]port_#

Router(config-if)# encapsulation hdlc

Notice that you must be in the serial interface to change its data link layerencapsulation If you had a different encapsulation configured on the serial interface,executing the preceding command would set the frame format to HDLC Note that theother side must be set to Cisco’s HDLC or the data link layer will fail on the interface

After you have configured HDLC, use the show interfaces command to view

the data link layer encapsulation:

Router# show interfaces serial 1

Serial1 is up, line protocol is up Hardware is MCI Serial

Internet address is 192.168.2.2 255.255.255.0 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec)

Last input 0:00:02, output 0:00:00, output hang never Last clearing of "show interface" counters never Output queue 0/40, 0 drops; input queue 0/75, 0 drops

< output omitted >

Notice in this example that the physical and data link layers are up and that the

encapsulation is set to HDLC (Encapsulation HDLC).

HDLC is the default encapsulation on synchronous serial

interfaces of Cisco routers Use the

show interfacescommand to

see the encapsulation type Use the

encapsulation hdlccommand

to change the serial interface’s encapsulation to Cisco’s HDLC Please note that if one router is a Cisco router and the other a non-Cisco one, the physical layer will be up, but the data link layer will fail (down).

15.01 The CD contains a multimedia demonstration of configuring HDLC

on a router.

PPP

Where Cisco’s HDLC is a proprietary protocol, PPP (the Point-to-Point Protocol) isbased on a standard, defined in RFCs including 1332, 1661, and 2153 PPP works withasynchronous and synchronous serial interfaces as well as High-Speed Serial Interfaces(HSSI) and ISDN interfaces (BRI and PRI) The following sections offer an overview

of PPP and how to configure PPP, including authentication

PPP Components

PPP has many more features than HDLC Like HDLC, PPP defines a frame type and howtwo PPP devices communicate with each other, including the multiplexing of networkand data link layer protocols across the same link However, PPP also

■ Performs dynamic configuration of links

■ Allows for authentication

■ Compresses packet headers

■ Tests the quality of links

■ Performs error detection and correction

■ Allows multiple PPP physical connections to be bound together as a singlelogical connection

PPP has three main components:

■ Frame format

■ LCP (Link Control Protocol)

■ NCP (Network Control Protocol)

Each of these three components plays animportant role in the setup, configuration, andtransfer of information across a PPP connection.The following sections cover these components

PPP 13

Memorize the preceding list of features of PPP.

Frame Type

The first component of PPP is the frame type that it uses The frame type defines hownetwork layer packets are encapsulated in a PPP frame as well as the format of the PPPframe PPP is typically used for serial WAN connections because of its open-standardcharacter It works on both asynchronous (modem) and synchronous (ISDN, point-to-point, and HSSI) connections If you are dialing up to your ISP, you’ll be using the PPPprotocol PPP’s frame format is based on ISO’s HDLC, as you can see in earlier Figure 15-5.The main difference is that the PPP frame has a protocol field, which defines the protocol

of the network layer data that is encapsulated

■ Authentication method used (PAP or CHAP), if any

■ Compression algorithm used (Stacker or Predictor), if any

■ Callback phone number to use, if defined

■ Multilink: other physical connections to use, if configuredThere are three steps that LCP and NCP go through in order to establish a PPPconnection:

1 Link establishment (LCP)

2 Authentication (LCP)

3 Protocol negotiation (NCP)The first step is the link establishment phase In this step, LCP negotiates the PPPparameters that are to be used for the connection, which may include the authenticationmethod and compression algorithms If authentication has been configured, theauthentication type is negotiated This can either be PAP or CHAP These are discussedlater, in the section “PPP Authentication.” If authentication is configured and there

is a match on the authentication type on both sides, then authentication is performed

in the second step If this is successful, NCP, in the third step, will negotiate the layer protocols, which can include network layer protocols such as IP and IPX as well

upper-as data link layer protocols (bridged traffic, like Ethernet, and Cisco’s CDP) that will

be transmitted across the PPP link

NCP defines the process for how the two PPP peers negotiate which network layerprotocols, such as IP and IPX, will be used across the PPP connection Once LCP andNCP perform their negotiation and the connection has been authenticated (if thishas been defined), the data link layer will come up.

Once a connection is enabled, LCP uses error detection to monitor dropped data

on the connection as well as loops at the data link layer The Quality and MagicNumbers protocol is used by LCP to ensure that the connection remains reliable

Configuring PPP

The configuration of PPP is as simple as that of HDLC To specify that PPP is to be used

on a WAN interface, use the following configuration:

Router(config)# interface type [slot_#]port_#

Router(config-if)# encapsulation ppp

As you can see, you need to specify the ppp parameter only in the

encapsulationInterface Subconfiguration mode command With the exception

of authentication, other PPP options are not discussed in this book These configurationcommands are covered on Cisco’s CCNP Remote Access exam

15.02 The CD contains a multimedia demonstration of configuring PPP

on a router.

Troubleshooting PPP

Once you have configured PPP on your router’s interface, you can verify the status of the

interface with the show interfaces command:

Router# show interfaces serial 0

Serial0 is up, line protocol is up Hardware is MCI Serial

Internet address is 192.168.1.2 255.255.255.0 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255

PPP 15

LCP is responsible for negotiating and maintaining a PPP

connection, including any optional

authentication NCP is responsible for negotiating upper-layer protocols that will be carried across the PPP connection.

Encapsulation PPP, loopback not set, keepalive set (10 sec) lcp state = OPEN

ncp ccp state = NOT NEGOTIATED ncp ipcp state = OPEN ncp osicp state = NOT NEGOTIATED ncp ipxcp state = NOT NEGOTIATED ncp xnscp state = NOT NEGOTIATED ncp vinescp state = NOT NEGOTIATED ncp deccp state = NOT NEGOTIATED ncp bridgecp state = NOT NEGOTIATED ncp atalkcp state = NOT NEGOTIATED ncp lex state = NOT NEGOTIATED ncp cdp state = OPEN

Last input 0:00:00, output 0:00:00, output hang never Last clearing of "show interface" counters never

In this example, only two protocols are runningacross this PPP connection: IP (ncp icp state

= OPEN) and CDP (ncp cdp state = OPEN)

If you are having problems with the data link layer coming up when you’ve

configured PPP, you can use the following debug command to troubleshoot the

connection:

Router# debug ppp negotiation

PPP protocol negotiation debugging is on

Router# configure terminal

Enter configuration commands, one per line End with CNTL/Z.

Router(config)# interface serial 0 Router(config-if)# no shutdown

%LINK-3-UPDOWN: Interface Serial0, changed state to up ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 4FEFE5 PPP Serial0: received config for type = 0x5 (MAGICNUMBER) value = 0x561036 acked

PPP Serial0: state = ACKSENT fsm_rconfack(0xC021): rcvd id 0x2 ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 4FEFE5 ipcp: sending CONFREQ, type = 3 (CI_ADDRESS), Address = 192.168.2.1 ppp Serial0: Negotiate IP address: her address 192.168.2.2 (ACK) ppp: ipcp_reqci: returning CONFACK.

ppp: cdp_reqci: returning CONFACK PPP Serial0: state = ACKSENT fsm_rconfack(0x8021): rcvd id 0x2 ipcp: config ACK received, type = 3 (CI_ADDRESS), Address = 192.168.2.1 PPP Serial0: state = ACKSENT fsm_rconfack(0x8207): rcvd id 0x2

ppp: cdp_reqci: received CONFACK

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up

If one side is configured for PPP and the other side is configured

with a different encapsulation type (like

HDLC), the physical layer will be up, but

the data link layer will be down.

In this example, debug was first enabled and then the serial interface was enabled.

Notice that the two connected routers go through a negotiation process They firstverify their IP addresses, 192.168.2.1 and 192.168.2.2, to make sure they are not thesame, and then they negotiate the protocols (ipcp_reqci and cdp_reqci) Inthis example, IP and CDP are negotiated and the data link layer comes up after thesuccessful negotiation

15.03 The CD contains a multimedia demonstration of troubleshooting PPP

on a router.

PPP Authentication

PPP, unlike HDLC, supports device authentication You have two methods to choosefrom to implement authentication: the PPP Authentication Protocol (PAP) and theChallenge Handshake Authentication Protocol (CHAP) Both of these authenticationmethods are defined in RFC 1334; RFC 1994 replaces the CHAP component ofRFC 1334 The authentication process is performed before the network and data linklayer protocols are negotiated for the PPP connection by NCP If the authenticationfails, then the serial data link connection will not come up Authentication is optional andadds very little overhead to the connection As you will see in the following PAP andCHAP sections, the setup and troubleshooting of PAP and CHAP are easy

PAP

Of the two PPP authentication protocols, PAP is the simplest, but the least secure.During the authentication phase, PAP goes through a two-way handshake process Inthis process, the source sends its username (or hostname) and password, in clear text, tothe destination The destination compares this information with a list of locally stored

usernames and passwords If it finds a match, the destination sends back an accept message.

If it doesn’t find a match, it sends back a reject message The top part of Figure 15-6 shows

PPP 17

Use theencapsulation pppcommand to change a serial interface’s

encapsulation to PPP When you

look at the output of theshow

interfacescommand, any

protocol listed as “OPEN” has been negotiated correctly If you are having problems with the LCP negotiation, use thedebug ppp negotiation

command.