Chapter 13: Network Design and Management

INTRODUCTION

For a computer network to be successful, it must be able to support both the current and future amounts of traffic, pay for itself within an acceptable period of time, and provide the services necessary to support users of the system. However, all these goals are difficult to achieve. First, computer networks are constantly increasing in complexity. Second is the difficulty for a business or person to define the future of computing within a company. Finally, computer network technology changes at high speed. Therefore, performing network management is also difficult. Network manager must possess computer and people skills, management skills, financial skins, and be able to keep up with changing technology

SYSTEMS DEVELOPMENT LIFE CYCLE

• Every company has number of major goals, therefore system planners and management personnels within company try to generate set of questions or problems to help company achieve those goals
• Systems development life cycle (SDLC) is a structured approach to the development of a business system, often include several phases:
• planning: identify problems, opportunities and objectives
• Analysis: determine information requirements, analyze system needs and prepare a written systems approve
• design: design and build the system
• implementation: install the system
• Maintenance: correct and update
• These phases are cyclical and usually never ending

NETWORK MODELING

• When updating or creating a new computer system, analyst will create set of models for both existing system and proposed system
• Network models can either:
• Demonstrate current state of network
• Model desired computer network
• Series of connectivity maps are network modeling tools that depict various locations involved over wide and local areas and interconnections between those locations

1. Wide Area Connectivity map

• In order to create the map, modelers should begin by identify each site or location in which the company has an office
• Each fixed site is denoted by a circle, mobile or wireless sites are indicated by circles containing letter M; and external sites are denoted by circles containing letter E
• A solid line between 2 sites a desire path for data transmission

• To identify each connection between sites, the following link characteristics can be applied to each connection
• d = distance of the connection (usually shown in either miles or kilometers)
• s = security level (high, medium, low, or none)
• du = duplexity (full duplex, half duplex, or simplex)
• dr = data rate desired (in bps)
• l = latency, or acceptable delay time across the network (usually in milliseconds, or ms)
• QoS = Quality of Service
• CBR - constant bit rate, VBR - variable bit rate, ABR - available bit rate, UBR - unreliable bit rate, or none
• de = delivery rate (sometimes called throughput percentage)

2. Metropolitan Area Connectivity Map

• Share some of the characteristics of wide area maps and local area maps
• data rate, quality of service and security are important parameters
• Failover time also have a strong impact on metropolitan area map

3. Local Area Connectivity Map

• Show the big picture design of a local area network
• Entire physical groups such as workstations are denoted in a single node
• Links between the nodes are defined by factors such as distance, security, data rate,  QoS duplexity, and throughput

• Local area detail connectivity map: can show how individual workstation or groups of workstations are clustered with switches, routers, hubs, and server farms

FEASIBILITY STUDIES

• There are a number of ways to determine if a proposed system is going to be feasible
• Technically feasible: proposed system can be created and implemented using currently existing technologies
• Financially feasible: system can be built given the company's current financial ability
• Operationally feasible: system operates as designed implemented
• Time feasible: system can be constructed in an agreed upon time frame
• Payback analysis:  a technique to use to determine a proposed system's costs and benefits
• To calculate payback analysis, you must know all expenses that will be incurred to create and maintain system, as well as all possible income derived from system
• You must also be aware of time value of money
• A dollar today is worth more than one dollar promised a year from now because dollar can be invested

CAPACITY PLANNING

• capacity planning: involves trying to determine the amount of network bandwidth necessary to support an application or a set of applications
• A number of techniques exist for performing capacity planning, including linear projection, computer simulation, benchmarking, and analytical modeling
• Linear projection involves predicting one or more network capacities based on the current network parameters and multiplying by some constant
• Computer stimulation: involves modeling an existing system or a proposed system using a computer-based stimulation tool and subjecting the model to varying degrees of user demand (called load)
• Benchmarking: involves generating system statistics under a controlled environment and then comparing those statistics against known measurements
• Analytical modeling: involves the creation of mathematical equations to calculate various network values

CREATING A BASELINE

• Baseline: involves measuring and recording a network's state of operation over a given period of time
• Baseline can be used to determine current network performance and to help determine future network needs
• Baseline studies should be on going projects and not something started and stopped every so many years
• To perform a baseline study, you should:
• Collect information on number and type of system nodes, including workstations, routers, bridges, switches, hubs, and servers
• Create an up-to-date roadmap of all nodes along with model numbers, serial numbers and any address information such as IP or Ethernet addresses
• Collect information on operational protocols used throughout the system
• List all network applications, including the number, type and utilization level
• Create a fairly extensive list of statistics to help meet your goals
• These statistics can include average network utilization, peak network utilization, average frame size, peak frame size, average frames per second, peak frames per second, total network collisions, network collisions per second, total runts, total jabbers, total CRC errors, and nodes with highest percentage of utilization

NETWORK ADMINISTRATOR SKILLS

A good network administrator should have:

• computer skills
• people skills
• Management skills
• Financial planning skills
• knowledge of statistics
• Speaking and Writing skills

Certifications that network administrator can obtain:

• Microsoft Certified Solution Associate (MCSA)
• Cisco Certified Network Associate (CCNA)
• IBM Certified Systems Expert (CSE) and Certified Administrator (CA)

GENERATING USABLE STATISTICS

• Statistics, properly generated can be an invaluable aid to demonstrating current system demands and predicting future needs
• Mean time between failures (MTBF): average time a device or system will operate before it fails
• Mean time to repair (MTTR): average time necessary to repair a failure within the computer system
• Availability: probability that a particular component or system will be available during a fixed time period
• Availability % = (total available time - downtime)/ total available time
• Reliability: calculates the probability that a component or system will be operational for the duration of a transaction of time t.
• reliability equation: R(t) = e^-bt
  in which : b = 1/MTBF
                   t = the time interval of the operation

NETWORK DIAGNOSTIC TOOLS

1. Tools that test and debug network hardware

• Three common testing devices are:
• electrical testers (the simplest)
• cable testers
• local area network testers ( the most elaborate)

2. Network Sniffers

• Protocol analyzer or sniffer: monitors a network 24 hrs a day, seven day a week and captures and records all transmitted packets

3. Managing operation

• To assist network administrators and information technologies in doing their jobs, business have control center for their computing services
• one important elements of a control center is the help desk that answers all telephone calls and walk in questions regarding computer services

4. Simple network management protocol

• Network management protocol: facilitates the exchange of management information between network devices
• Simple Network Management protocol (SNMP): industry standard designed to manage network components from a remote location
• Agent: a managed element has management software
• SNMP manager: controls operations of a managed element and maintains a database of information about all managed elements
• A manager can query an agent to return current operating values, or can instruct an agent to perform a particular action
• Management Information base (MIB): collection of information that is organized hierarchically and described the operating parameters of all managed agents
• Remote network monitoring (RMON) a protocol that allows a network administrator to monitor, analyze and troubleshoot a group of remotely managed elements

Chapter 12: Network Security

INTRODUCTION

Computer network security has reached a point at which it can be best be characterized by two seemingly conflicting statements: Never has network security been better than it is today, and never have computer networks been more vulnerable than they are today. The internet allows anyone in the world to access or attempt to access any computer system that is connected to the internet. It allows us to download web pages from anywhere in the world, but it also exposes all internet attached systems to invasion

COMMON SYSTEM ATTACKS

Some standard methods of system attacks are:

1. Socially engineered attacks: occurs in a form of a link in a web page that contains malicious code (malware) that could erase sensitive data, erase hard disk, or even make you pay for software to remove malware
2. Exploiting know vulnerabilities in operating systems and application software (unpatched software)

• Virus: a small program that alters the way a computer operates without knowledge of the users and often does various types of damage by deleting and corrupting data and program files, or by altering operating system components, so that computer operation os impaired or even halted
• Macro virus
• Boot sector virus
• Polymorphic virus
• File infector virus
• Botnes: malicious programs that take over operations on a compromised computer
• Worm: a program that copies itself from one system to another over a network, without the assistance of a human being
• User's computer is constantly vulnerable to malicious software programs on the internet that are scanning for unprotected computers and trying to exploit known operating system and application vulnerabilities
• Typically, a virus or a worm is transported as a Trojan horse
• hiding inside is a harmless looking piece of code such as an email or an application macro
• Other standard attacks
• Denial of service attacks, or distributed denial of service attacks
• Bombard computer site with so many messages that site is incapable of answering valid request
• E-mail bombing
• User sends an excessive amount of unwanted e-mail to someone
• Smurfing
• Nasty technique in which a program attacks a network by exploiting IP broadcast addressing operations
• Ping storm
• Condition in which the Internet ping program is used to send a flood of packets to a server
• Spoofing
• When a user creates a packet that appears to be something else or from someone else
• Trojan Horse
• Malicious piece of code hidden inside a seemingly harmless piece of code.
• Stealing, guessing, and intercepting passwords is also a tried and true form of attack
• Pharming
• Hacker redirects unknowing user to bogus look-alike website
• Phishing
• Hackers create emails which look as if they are coming from a legit source when in reality the hacker is trying to get the user to give up ID and password info
• Rootkit
• A program that has been installed deep within a user’s operating system; defies detection and takes over the user’s computer
• Keylogger
• A software system that secretly captures and records keystrokes made at a user’s keyboard

PHYSICAL PROTECTION

• Physical protection of a computer system consists of protecting the equipment from physical damage such as fire, floods, earthquakes, power surges, and vandalism
• Physical security such as locking rooms, locking down computers, keyboards and other devices
• To prevent electrical damage, high quality surge protectors should be used on all devices
• Noise protection from placing computers away from devices that generate electromagnetic interference
• Surveillance: a good deterrent of computer vandalism and theft
• Proper placement of security cameras can deter theft and vandalism
• Cameras can also provide a record of activities
• Intrusion detection is a field of study in which specialists try to prevent intrusion and try to determine if a computer system has been violated
• Honeypot is an indirect form of surveillance
• Network personnel create a trap, watching for unscrupulous activity

CONTROLLING ACCESS

• Involves deciding and then limiting who can use the system and when the system can be used
• Access right: defines the network resources that a user or set of users can acess

1. Password and ID Systems

• Password is the most common form of protection, however, it is the weakest form
• Because there are so many weakness to the password, other forms of identification emerged
• Biometric techniques: observe and record some aspect of the user such as voiceprints, fingerprints, eye prints and face prints

2. Access Rights

• Most access rights have two basic parameters: Who and How?
• The Who parameter lists who has access rights to the resource
• typically include the owner, a select group of users, and the entire user population
• The How parameter can specify how a user may access
• read, write, delete, print, copy or execute

3. Auditing

• Creating a computer or paper audit can help detect wrongdoing
• Auditing can also be used as a deterrent
• Many network operating systems allow the administrator to audit most types of transactions
• Many types of criminals have been caught because of computer-based audits

SECURING DATA

1. Basic encryption and decryption techniques

• Cryptography: the study of creating and using encryption and decryption techniques
• Plaintext: data before any encryption has been performed
• Encryption algorithm: the computer program that converts plaintext into an enciphered
• Ciphertext: data after encryption has been performed
• Key: the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext

• Monoalphabetic Substitution - based ciphers: replace a character or characters with a different character or characters, based upon some key
• Replacing:  abcdefghijklmnopqrstuvwxyz
• with:  POIUYTREWQLKJHGFDSAMNBVCXZ
• The message: how about lunch at noon
• encodes into:    EGVPO GNMKN HIEPM HGGH
• Polyalphabetic Substitution - based Ciphers: similar to monoalphabetic ciphers except multiple alphabetic strings are used to encode the plaintext
• Example: Vigenere cipher - matrix of strings, 26 rows by 26 characters or columns can be used
• A key as COMPUTERSCIENCE is place repeatedly over the plaintext
• COMPUTERSCIENCECOMPUTERSCIENCECOMPUTER
• thisclassondatacommunicationsisthebest
• To encode the message, take the first letter of the plaintext, t, and the corresponding key character immediately above it, C
• Go to row C column t in the 26x26 matrix and retrieve the ciphertext character V
• Continue with the other characters in plaintext

• Transition-based ciphers: the order of the plaintext is not preserved
• Example: select a key such as COMPUTER
• Number the letters of the word COMPUTER in the order they appear in the alphabet
• 1 4 3 5 8 7 2 6
• C O M P U T E R
• Now take the plaintext message and write it under the key
• 1 4 3 5 8 7 2 6
  C O M P U T E R
  t h i s i s t he b e s t c l a
  s s i h a v e e
  v e r t a k e n
• Then read the ciphertext down the columns, starting with the column numbered 1, followed by column number 2
• TESVTLEEIEIRHBSESSHTHAENSCVKITAA
• Public Key Crytography
• Very powerful encryption technique in which two keys are used
• First key (the public key) encrypts the message
• Second key (the private key) decrypts the message
• Not possible to deduce one key from the other
• Not possible to break code given public key
• If you want someone to send you secure data, give them your public key, you keep the private key
• Secure Sockets Layer on the Internet is a common example of public key cryptography
• Data Encryption Standard and Advanced Encryption Standard
• Data encryption standard (DES) is a commonly employed encryption method used by business to send and receive secure transaction
• The standard came in effect in 1977 and was re-approved in 1983, 1988, and 1993 and took a 64-bit block of data and subjected it to 16 levels of encryption
• the choice of encryption performed at each of the 16 levels depends on the 56-bit key applied

• Triple-DES: data is encrypted using DES three times: first time by the first key, second time by a second key, third time by first key again
• While virtually unbreakable, triple-DES is CPU intensive
• Advanced Encryption standard (AES): was selected by the US government to replace DES
• Digital Signatures
• Document to be signed is sent through a complex mathematical computation that generates a hash
• Hash is encoded with owner’s private key then stored
• To prove future ownership, stored hash is decoded using the owner’s public key and that hash is compared with a current hash of the document
• f the two hashes agree, document belongs to the owner
• U.S. accepts digitally signed documents as legal proof (for some types of documents)
• Pretty Good Privacy (PGP): high quality encryption software that create secure email messages and encrypting other types of data files
• Kerberos: an authentication protocol designed to work on client/server networks that used secret or symmetric cryptography
• Employs both private key cryptography (one key both encrypts and decrypts) and public key cryptography (two separate keys)
• Another free software for use in the U.S.
• Many operating systems provide Kerberos for authentication of users and services
• Public Key Infrastructure: the combination of encryption techniques, software, and services that involves all the necessary pieces to support digital certificates, certificate authorities, and public key generation, storage, and management
• Certificate: is an electronic document, similar to a passport, that establishes your credentials when you are performing transactions
• A digital certificate contains your name, serial number, expiration dates, copy of your public key, and digital signature of certificate-issuing authority.
• Certificates are usually kept in a registry so other users may check them for authenticity
• Certificates are issued by a certificate authority (CA)
• A CA is either specialized software on a company network or a trusted third party 
• A certificate revocation list is used to “deactivate” a user’s certificate
• Applications that could benefit from PKI:
• Web transactions
• Virtual private networks
• Electronic mail
• Client-server applications
• Banking transactions
• Steganography: the art and science of hiding information inside other, seemingly ordinary message or documents
• examples include watermark over an image or taking random pixels from an image and replacing them with the hidden data

SECURING COMMUNICATIONS

1. Spread Spectrum Technology

• takes the date and rather transmitting it in a fixed bandwidth, spread it over a wider bandwidth
• two basic spread spectrum technologies:
• Frequency hopping spread spectrum: transmission is to bounce the signal around on random frequencies rather than transmit it on one fixed frequency
• direct sequence spread spectrum: spreads the transmission of a signal over a wide range of frequencies using mathematical values

2. Guarding Against Viruses

• Signature-based scanners look for particular virus patterns or signatures and alert the user
• Terminate-and-stay-resident programs run in the background constantly watching for viruses and their actions
• Multi-level generic scanning is a combination of antivirus techniques including intelligent checksum analysis and expert system analysis
• integrity checking: an antivirus technique that is used in conjunction with signature-based scanning and terminate-and-stay-resident monitoring

3. Firewalls

• a system or combination of systems that supports an access control policy between two networks
• Can limit users on the internet from accessing certain portions of a corporate network and various portions of the internet
• three types of basic firewalls
• Packet filter firewall: essentially a router that has been programmed to filter out or allow to pass certain IP addresses or TCP port numbers
• Proxy server:  more advanced firewall that acts as a doorman into a corporate network
• Any external transaction that requests something from the corporate network must enter through the proxy server
• Proxy servers are more advanced but make external accesses slower
• Application layer: inspects all packets coming into or leaving a connection using the application layer of the TCP/IP protocol suite
• Goes beyond IP addresses and TCP port numbers and inspects packet to see to which application it belongs

4. Wireless Security

• Wired Equivalency Protocol (WEP): first security protocol for wireless LANs
• It had weak 40-bit static and was too easy to break
• Wifi Protected Access (WPA): replace WEP
• Major improvement including dynamic key encryption and mutual authentication for wireless clients
• IEEE 802.11i (WPA2)
• Allows keys, encryption algorithms, and negotiation to be dynamically assigned
• AES encryption based on the Rijndael algorithm with 128-, 192- or 256- keys is incorporated

SECURITY POLICY DESIGN ISSUES

• What is the company’s desired level of security?
• How much money is the company willing to invest in security?
• If the company is serious about restricting access through an Internet link, what about restricting access through all other entry ways?
• The company must have a well-designed security policy

Chapter 11: Voice and Date Delivery Networks

THE BASIC TELEPHONE SYSTEM

Plain old telephone service (POTS) was an analog system capable of supporting a voice conversation

Telephone lines, Trunks, and Numbers

• The local loop is the telephone line that leaves your house or business and consists of either four or eight wires and connects to the local telephone company's central office
• Central office – building that houses the telephone company’s switching equipment and provides a local dial tone on your telephone
• As long as the phone call remains within LATA, the call is handled by a local telephone company
• Local access transport area (LATA) is a geographic area such as a large metropolitan area or part of a large state
• If you place a long-distance call, the central office passes your telephone call off to a long-distance provider

• Trunk: special telephone line that runs between central offices and other telephone switching centers
• Usually digital, high-speed, and carries multiple telephone circuits
• Typically a 4-wire circuit, while a telephone line is a 2-wire circuit
• Not associated with a single telephone number like a line is

The Telephone Network Before and After 1984

• In 1984, U.S. government broke up AT&T
• Before then, AT&T owned large majority of all local telephone circuits and all the long-distance service
• With Modified Final Judgment (MFJ) of 1984, AT&T had to split off local telephone companies from long-distance companyThe local telephone companies formed seven Regional Bell Operating CompaniesToday, there are only 3 left: AT&T (Southwestern Bell, Bell South, Ameritech, Pacific Telesis), CenturyLink (US West), and Verizon (Bell Atlantic, NYNEX)
• Another result of the Modified Judgment was creation of LATA (local access and transport area)
• Local telephone companies became known as local exchange carriers (LECs), and long distance telephone companies became known as interexchange carriers (IEC, or IXC)
• Centrex (central office exchange service) is a service from local telephone companies in which up-to-date telephone facilities at the telephone company's central office are offered to business users so they do not need to purchase their own facilities
• Private branch exchange (PBX) is a computerized, self-contained telephone system that sits in a telephone room on a company's premises
• Private line and Tie Lines are lease telephone line that require no dialing

Telephone Networks After 1996

• Another landmark ruling affecting the telephone industry was the Telecommunications Act of 1996
• Opened up local telephone market to competitors
• Now cable TV companies (cable telephony), long-distance telephone companies, or anyone that wants to start a local telephone company can offer local telephone service
• Local phone companies that existed before the Act are known as incumbent local exchange carriers (ILEC) while the new companies are competitive local exchange carriers (CLEC)
• ILECs must give CLECs access to their telephone lines, telephone numbers, operator services, and directory listings; access to poles, ducts, and rights-of-way; and physical co-location of equipment within ILEC buildings- and they must give these services at wholesale price

Limitation of Telephone Signals

• Telephone network was engineered to transmit signals of approximately 3100 Hz
• A telephone conversation requires two channels, each occupying 4000 Hz

• A 4000 Hz analog signal can only carry about 33,600 bits per second of information while a 4000 Hz digital signal can carry about 56,000 bits per second
• If you want to send information faster, you need a signal with a higher frequency or you need to incorporate more advanced modulation techniques

Dial Up Internet Service

• once upon a time, a majority of computer users accessed the internet via a dial-up internet service
• DSL and cable modem essentially have taken over the dial-up market, but can still find in rural areas where DSL or cable modem are available
• Current fastest dial-up modem is the 56k modem
• 56k modem stands for a data transfer rate of 56000 bits per second combining digital signaling with analog signaling
• Would actually achieve 64k except:
• Local loop is still analog, thus analog signaling
• Analog to digital conversion at the local modem introduces noise/error
• Combined, these shortcomings drop the speed to at best 56k
• Doesn’t even reach 56k due to line noise and other factors

• Based upon one of two standards:
• V.90: Upstream speed is maximum 33,600 bps
• V.92
• Newer standard
• Allows maximum upstream speed of 48 kbps (under ideal conditions)
• Can place a data connection on hold if the telephone service accepts call waiting and a voice telephone call arrives

DIGITAL SUBSCRIBER LINE

• DSL is a technology that allows existing twisted pair telephone lines to transmit multimedia materials and high-speed data
• Transfer speeds can range from hundreds of thousands bits per second up to several million bits per second

DSL Basic

• Transmission speed can be affected by one of the following:
• Carrier providing the service
• Distance of your house from the central office of the telephone company
• Asymmetric connection
• It is an "always on" connection
• uses permanent circuit instead of a switched circuit
• The DSL provider uses a DSL access multiplexer (DSLAM) to split off the individual DSL lines into homes and businesses
• A user then needs a splitter to separate the POTS line from the DSL line, and then a DSL modem to convert the DSL signals into a form recognized by the computer

DSL Formats

• A DSL service comes in many different forms:
• ADSL (Asymmetric DSL)
• DSL Lite
• Slower form than ADSL
• VDSL2 (Very high data rate DSL2)
• RADSL (Rate-adaptive DSL)
• Speed varies depending on noise level

CABLE MODEM

• Cable modem is a high-speed communications service that allows high-speed access to wide area networks such as the Internet via a cable television connection
• Most are external devices that connect to the personal computer through a common Ethernet card
• Can provide data transfer speeds between 500 kbps and 25 Mbps

T1 LEASED LINE SERVICE

• DSL and cable modems are great for home users and small commercial users.  But what else is there for commercial users?
• T-1 – digital service offered by the telephone companies that can transfer data as fast as 1.544 Mbps (both voice and computer data)
• To support a T-1 service, a channel service unit / data service unit (CSU/DSU) is required at the end of the connection
• A T-1 service
• Is a digital, synchronous TDM stream used by businesses and telephone companies
• Is always on and always transmitting
• Can support up to 24 simultaneous channels
• These channels can be either voice or data (PBX support)
• Can also be provisioned as a single channel delivering 1.544 Mbps of data (LAN to ISP connection
• Requires 4 wires, as opposed to a 2-wire telephone line
• Can be either intra-LATA (local) which costs roughly $350-$400 per month, or inter-LATA (long distance) which can cost thousands of dollars per month (usually based on distance)
• A customer may also be able to order a 1/4 T-1 or a 1/2 T-1 (fractional T-1)

FRAME RELAY

• Frame relay is a packet-switched network that was designed for transmitting data over fixed lines
• Leased service that can provide a high-speed connection for data transfer between two points either locally or over long distances
• A business only has to connect itself to local frame relay port
• Once data reaches local frame relay port, the frame relay network, or cloud, transmits the data to the other side

• Permanent virtual circuit (PVC) – connection between two endpoints
• Created by the provider of the frame relay service
• The user uses a high-speed telephone line to connect its company to a port, which is the entryway to the frame relay network
• The high-speed line, the port, and the PVC should all be chosen to support a desired transmission speed

Committed Information Rate (CIR) or Service Level Agreements

• The user and frame relay service would agree upon a committed information rate (CIR)
• The CIR states that the carrier agrees to transfer the customer's data at the agreed rate, the customer agrees that it will not exceed the agreed rate, and the frame relay network becomes saturated, the carrier may drop any of the customer's frames that are in excess of the committed information rate.
• The burst rate allows customer to exceed the committed information rate by fixed amount for a brief moments of time

ASYNCHRONOUS TRANSFER MODE 

• asynchronous transfer mode (ATM) is a very high speed packet-switched service that is offered by a number of communications companies similar to frame relay
• transfer rates are as fast as 622 Mbps
• All data is sent in small 53-byte packages called Cells
• Cell size is kept small so that it will quickly pass through the node in an ATM network and continues its way to its destination
• Designed to simultaneously support voice, video, and data
• Similar to frame relay, data travels over a connection called a virtual channel connection (VCC)
• To better manage VCCs, a VCC must travel over a virtual path connection (VPC)
• One of ATM’s strengths (besides its high speeds) is its ability to offer various classes of service

ATM Classes of Service

• A Class of service is a definition of a type of traffic and the underlying technology that will support that type of traffic
• Four classes of service determine the type of traffic an ATM network can carry:
• Constant bit rate (CBR)
• Variable bit rate (VBR)
• Available bit rate (ABR)
• Unspecified bit rate (UBR)

Advantages and Disadvantages of ATM

• Advantages of ATM include very high speeds and the different classes of service
• Disadvantages include potentially higher costs (both equipment and support) and a higher level of complexity

MPLS AND VPN

• Frame relay and ATM are declining in popularity due to more people using the Internet
• But you can’t just send potentially important data over the Internet without doing something first
• One thing businesses are doing is applying MPLS labels to the IP packets
• The use of MPLS routes data packets quickly through the Internet
• And as we have also seen, VPNs (virtual private networks) create secure tunnels

SUMMARY OF THE DATA DELIVERY SERVICES

CONVERGENCE

• Big issue in the voice and data delivery industry
• Phone companies are buying other phone companies
• Older technologies are falling by the wayside as newer technologies take over a larger share of the market
• Newer devices are incorporating multiple applications
• Computer telephony integration is one large example of convergence

Computer-telephony Integration

• Computer-telephony integration (CTI) is a field that combines more traditional voice networks with modern computer network
• Has three advantages:
• creates new voice/data business application that can save time
• makes optimal use of current resources
• saves money
• CTI applications could include the following:
•  Unified messaging
•  Interactive voice response
•  Integrated voice recognition and response
•  Fax processing and fax-back
• Text-to-speech and speech-to-text conversions
• Third-party call control
• PBX graphic user interface
• Call filtering
• Customized menuing systems

Unified Communications

• Just as CTI is a convergence of multiple technologies and applications, unified communications is the convergence of real-time and non-real-time communications
• Unified communication os the convergence of real-time and non-real-time communication services such as telephony, instant messaging, video conferencing, speech recognition, voice mail, email and something called presence information into a unified interface

Chapter 10: The Internet

INTRODUCTION

During the late 1960s, US government called the Advanced Research Projects Agency (ARPA) created one of the country's first wide area packet-switched networks, the ARPAET. Select research universities, military bases and government labs were allowed to access to the ARPANET. In 1983, the Department of Defense broke the ARPANET into two similar networks: the original ARPANET and MILNET, which was for military use only. During the time the ARPANET was phasing out and replacing with newer technology, the National Science Foundation funded the creation of a new high speed, cross-country network backbone called the NSFNET. The backbone is the main telecommunications line through the network, connecting major router sites across the country. In 1990s, the government essentially withdrew all direct support for the internet and turned it over to private industries and universities. There was no longer one single backbone but multiple supported by different businesses and organizations

INTERNET PROTOCOLS

The internet depends on many protocols, several commonly used are:

• Internet Protocol (IP)
• Transmission Control Protocol (TCP)
• Address Resolution Protocol (ARP)
• Dynamic Host Configuration Protocol (DHCP)
• Network Address Translation (NAT)

Recall that the Internet with all its protocols follows the TCP/IP protocol suite (Internet model)An application, such as e-mail, resides at the highest layerA transport protocol, such as TCP, resides at the transport layerThe Internet Protocol (IP) resides at the Internet or network layerA particular media and its framing resides at the network access (or data link) layer

1. The Internet Protocol

• Provides a connectionless data transfer service over heterogeneous networks by passing and routing IP datagrams
• IP datagrams or packets that are passed down from the transport layer to the network layer are encapsulated with an IP header that contains the information necessary to transmit the packet

• There are currently two versions of IP
• Version 4, which has been in existence for many years
• Version 6, which has been available for several years but is only now starting to see a substantial move towards replacing version 4

IPv4 Diagram and Format

• Makes routing decision based on the 32-bit destination address
• May have to fragment the datagram into smaller datagrams using Fragment Offset
• May determine that current datagram has been hopping the network too long and delete it (time to live)

IPv4 Addresses

• All devices connected to Internet have a 32-bit IP address
• Think of the IP address as a logical address (possibly temporary), while the 48-bit address on every NIC is the physical, or permanent address
• Computers, networks and routers use the 32-bit binary address, but a more readable form is the dotted decimal notation
• When IP addresses were originally created, they were called classful addresses
• That is, each IP address fell into particular class
• A particular class address has a unique network address size and a unique host address size
• There are basically five types of IP addresses: Classes A, B, C, D and E

• Each IP address can consist of three parts:
• A 1-, 2-, 3- or 4-bit identifier field (beginning bit pattern)
• A net ID, which indicates a particular network
• A host ID, which indicates a particular host, or computer on that network
• IP multicasting : the capability of a network server to transmit a data stream to more than one host at a time
• IP multicasting suffers from lack of security
• Subnet masking: take the host ID portion of an IP address and divide it into a subnet ID and host ID. each subnet can support a smaller umber of hosts
• Today, IP addresses are considered classless addresses
• With classless addressing, companies (users) do not apply for particular class of addresses 
• Instead, company will get its IP addresses from an Internet service provider (ISP)
• Most ISPs have already applied for a large number of IP addresses and are willing to lease those addresses to companies
• The addresses are not identified by any class – they are simply a contiguous block of IP addresses
• Classless addressing has led to a much more efficient allocation of the IP address space
• A company can lease only as many addresses as it needs 
• An IP address in slash notation has all the info we need about the block of addresses assigned to a user/company

Internet Protocol Version 6

• IPv6 was created as the demand o the internet began to grow
• Main feature include:
• Simple header
• 128-bit IP address
• Priority levels and quality of service parameters
• No fragmentation

IPv6 Adresses

• IPv6 addresses are 128-bits in size (2128)
• They are also classless addresses, similar to IPv4 addresses
• Because of their size, a number of conventions have been adopted
• Binary addresses are written using the short-hand hexadecimal form:
• 0110 1010 0011 1110 1011 1010 ... 1110 1111
• 6A3E : BA91 : 7221 : 000 : 01FC : 922C : 877B : FFEF
• Four hex 0s in a row are truncated as:
• 6A3E : BA91 : 0 : 01FC : 922C : 877B : FFEF
• Longer strings of 0s can be abbreviated further:
•  6A3E : BA91 : 0 : 0 : 0 : 0 : 877B : FFEF
• Can be abbreviated as 
• 6A3E : BA91 : : 877B : FFEF

2. The Transmission Control Protocol (TCP)

• primary function is to turn an unreliable network (such as the one created in IP) into a reliable network that is free from lost and duplicate packets
• Performs 6 following functions:
• Create a connection
• release a connection
• Implement flow control
• Establish multiplexing
• Perform error recovery
• Establish priority

3. The Internet Control Message Protocol

• ICMP used by routers and nodes
• Perform error reporting for the Internet Protocol

4. User Datagram Protocol

• No frills transport protocol that does not establish connections, does not attempt to keep data packets in sequence and does not watch for datagrams that have existed for too long
• Its header contains 4 fields: Source port, Destination port, Length, and Checksum and is used by a small number of network services such as DNS that do not establish connection before sending data

5. The address Resolution Protocol

• Takes an IP address in an IP datagram and translates it into the appropriate medium access control layer address for delivery on a local area network
• When an IP packet has traversed the Internet and encounters the destination LAN, how does the packet find the destination workstation?
• Even though destination workstation may have an IP address, a LAN does not use IP addresses to deliver frames
• ARP translates IP address into MAC layer address so frame can be delivered to proper workstation

6. Dynamic Host Configuration Protocol

• An IP address can be assigned to a workstation permanently or dynamically
• Dynamic IP address assignment is a more efficient use of scare IP addresses
• When DHCP client issues an IP request, DHCP server looks in its static table
• Of no entry exists, server select an IP address from available pool
• The address assigned by DHCP server is temporary
• Part of agreement includes specific period of time
• DHCP clients may negotiate for a renewal before the time expires

7. Network Address Translation

• NAT lets router represent entire local area network to Internet as single IP address
• All traffic leaving LAN appears as originating from global IP address
• All traffic coming into this LAN uses this global IP address
• A level of security has been added because the outside world never sees any of the IP addresses used within the corporate network
• Company doesnt need to use purchased IP addresses
• A number of IP addresses have been designated as "phony" IP addresses
• NAT allows multiple workstations to access the internet with only one IP address

8. Tunneling Protocols and Virtual Private Networks 

• Virtual Private Network (VPN) is a data network connection that makes use of the public telecommunications infrastructure but maintains privacy through the use of a tunneling protocol and security procedures
• Tunneling protocol such as the Point-to-Point Tunneling Protocol (PPTP) is the command set that allows an organization to create secure connections using public resources such as the Internet
• Point-to-Point Protocol (PPTP) is used for communication between two computers using a serial connection such as DSL or cable modem connection between user's workstation and an internet service provider

THE WORLD WIDE WEB

• the world wide web (WWW) is a vast collection of electronic documents that are located on may different web servers, and contain text, images, videos and more that can be accessed by simple clicking links within a browser's web page
• Hypertext Markup Language (HTML) can be generated manually with a text-based editor such as Notepad, or through the use of a web page authoring tool
• Hypertext Transfer Protocol (HTTP) is an application layer protocol to transfer a web page

Locating A Document on The Internet

• Every document on the internet has a unique Uniform Resource Locator (URL)
• To find the document, part of the object's URL has to be translated into the IP address that identifies the web server where the object is stored
• This translation is performed by the domain name system (DNS)

Uniform Resource Locator:

• Uniquely identifies files, web pages, images or any other types of electronic documents that reside on the internet
• All URL consists of 4 parts:
• Service type: identifies the protocol that is used to transport the requested document
• Domain Name: specifies a particular server at a particular site that contains the requested item
• Directory or Subdirectory Information: specifies that the requested item is located in the subdirectory
• Filename: the document title

Domain Name System:

• is a large, distributed database of internet addresses and domain names
• The first operation performed by DNS is to query a local database for URL/IP address information
• If local server does not recognize address, the server at next level will be queried
• Eventually root server for URL/IP addresses will be queried
• If root server has answer, results are returned
• If root server recognizes domain name but not extension in front of domain name, root server will query server at domain name’s location
• When domain’s server returns results, they are passed back through chain of servers (and their caches)

INTERNET SERVICES

Electronic Mail (email)

• Computerized version of writing a letter and mailing it at the local post office
• Most email programs offer the following services:
• Create an email message
• Sending an email message to one or multiple recipients
• Receiving, storing, replying and forwarding email messages
• Attaching a file
• Multipurpose Internet Mail Extension (MIME) is used to send e-mail attachments
• Simple Mail Transfer Protocol (SMTP) is used to transmit e-mail messages
• Post Office Protocol version 3 (POP3) and Internet Message Access Protocol (IMAP) are used to hold and later retrieve e-mail messages

The File Transfer Protocol

• The first services offered on the internet
• allow user to download a file from a remote site to the user's computer and to upload a file from the user's computer to a remote site
• The three most common ways to access an FTP site are:
• Through a browser
• Using a canned FTP program
• Issuing FTP commands at a text-based command prompt

Remote Login (Telnet)

• A terminal emulation program for TCP/IP networks such as the Internet that allows users to log in to a remote computer
• the Telnet program runs on your computer and connects the workstation to a remote server on the internet
• once connected to a server or host, you can enter command through Telnet program and those commands will be executed as if your were entering them directly at the terminal of the remote computer

Voice Over IP

• The transfer of voice signals using a packet-switched network and the IP protocol
• Voice over IP (VoIP) can be internal to a company (private VoIP) or can be external using the Internet
• VoIP consumes many resources and may not always work well, but can be cost-effective in certain situations
• Three basic ways to make a telephone call using VoIP:
• PC to PC using sound cards and headsets (or speakers and microphone)
• PC to telephone (need a gateway to convert IP addresses to telephone numbers)
• Telephone to telephone (need gateways)
• Three functions necessary to support VoIP:
• Voice must be digitized (PCM, 64 kbps, fairly standard)
• 64 kbps voice must be compressed
• Once the voice is compressed, the data must be transmitted 
• ENUM
• A protocol that supports VoIP
• Converts telephone numbers to fully qualified domain name addresses
• Example – telephone number (312) 555-1212 will be converted to 2.1.2.1.5.5.5.2.1.3.1.e164.arpa

Listservs

• A popular software program used to create and manage internet mailing lists
• When an individual sends an email to a listserv, the program sends a copy of the message to all listserv members
• Listservs can be useful business tools for individuals trying to follow a particular area of study 

Streaming Audio And Video

• The continuous download of a compressed audio or video file, which can be heard or viewed on the user’s workstation
• Streaming audio and video consume a large amount of network resources
• Real-Time Protocol (RTP) and Real-Time Streaming Protocol (RTSP) support streaming audio and video

Instant Messaging, Tweets, and Blogs

• IM allows a user to see if people are currently logged in on the network and to send short messages in real time
• Consumes less resources than e-mail, and faster
• Tweets occur when you Twitter.  Max 140 character messages
• Blogs are online web logs that people maintain

THE INTERNET AND BUSINESS

• E-Commerce – the buying and selling of goods and services via the Internet
• Many agree that e-commerce consists of four major areas:
• E-retailing:  the electronic selling and buying of merchandise using the web
• Electronic data interchange (EDI): electronic commercial transaction between two or more companies
• Micro-marketing: gathering and use of the browsing habits of potential and current customers
• Internet security: security systems that support all internet transactions

Cookies and State Information

• A cookie is data created by a Web server that is stored on the hard drive of a user’s workstation
• This state information is used to track a user’s activity and to predict future needs
• Information on previous viewing habits stored in a cookie can also be used by other Web sites to provide customized content
• Many consider cookies to be an invasion of privacy

Intranets and Extranets

• An intranet is a TCP/IP network inside a company that allow employees to access the company’s information resources through an Internet-like interface
• When an intranet is extended outside the corporate walls to include suppliers, customers, or other external agents, the intranet becomes an extranet

THE FUTURE OF THE INTERNET

• Various internet committees are constantly working on new and improved protocols
• Some committees and groups include:
• The internet society (ISOC)
• The internet architecture Board (IAB)
• The internet engineering task force (IETF)
• the internet research task force (IRTF)
• the world wide web consortium (W3C)
• Internet Corporation for assigned names and numbers (ICANN)
• A new form of the Internet is being developed by a number of businesses and universities
• Internet2 will support very high-speed data streams
• Applications might include:
• Digital library serviceS
• Tele-immersion
• Virtual laboratories