WAN – Wide Area Network is a communication network that make use of existing technology to connect local area network into a larger working network which may cover both national and international location.
Wide Area Network allows a company to make use of common resources in order to operate, internal functions such as sales, production, development, marketing and accounting can be shared with authorized locations through this sort of network application. So that’s why it is so important today.
In this paper, I am going to demonstrates the techniques required for computer network from technology, architecture, media, protocol and routing algorithm based on the OSI seven layer model.
Bambi Co., Ltd. decided to implement a Wide Area Network between their two site in two different countries. As the network engineer of the company, is responsible to study, plan, design and implementation of a Wide Area Network for connecting two site’s local area network. The requirement by the company that made the WAN a necessity are enumerated. The choice of WAN, hardware and the software is explained within the context of the needs of the company. Finally the benefits accruing to the company are identified and determined.
3. Company Background
Bambi Co., Ltd. has two sites located in two different countries. Site A, the main office which located in Hong Kong and Site B, a factory which located in Shenzhen, the mainland China.
In Site A, there are around 10 client workstations and Site B around 40 client workstations.
There are three servers located in Site A, they are the domain server, email server and content management server. Another domain server also located in Site B, it mainly provide the services for Shenzhen users.
4. User requirement
On most of the users, their main concern is application available from the network. This including the following matters:
4.1.1 Fast response time
Response time is the time between entering a command or keystroke and the execution of the command deliver a response. For users on Bambi Co., Ltd. environment, response time is the response running application or access from/to the servers, transmission of information as well as access to Internet.
4.1.2 High throughput
The throughput environment on the company can be expected to be high. It can be expected that the throughput usage on the network will involve many users frequently access to the server and also to the Internet at same time.
The WAN implementation is expected to be function for a minimum of 5 years without the needs of upgrade the network equipments or rewiring the horizontal or vertical cable.
The WAN implementation must be flexible enough to meet the demand of ever-growing needs of technologies when they become available. It might included with newer switching technology, more secure or faster router incorporating with new routing protocols and etc. Therefore, the WAN solution should be modular which allow added or swapped new network equipment with a minimum of network downtime.
The information transfer must be protected through the WAN environment. This is very important as to prevent the company data from stolen from their competitors.
The WAN implementation must be manageable and able to monitor by the network administrator.
Reliability of the WAN is important. The WAN must include fault-tolerance function and elements to give the stability of the network to reduce any unnecessary network downtime.
5. WAN solution
5.1 Regional Private Network
Service Provider: Pacnet
Type: MPLS VPN
Description: Connect between Bambi Co., Ltd. Site A and B
5.1.1 Introducing of MPLS and architecture
MPLS stands for Multiprotocol Label Switching. It has been around for several years. It is standardized by IETF. (The Internet Engineering Task Force) Why multiprotocol? Since at the OSI 7 layer model, it operates between the layer 2 (Data Link Layer) and the layer 3 (Network Layer), so it often view as a 2.5 layer protocol.
Conventional data packets are routed based on IP address and other information in the header. MPLS simplifies the forwarding function by taking a total different approach by introducing a connection oriented mechanism inside the connectionless IP network. Label switching indicates that the packets switched are no longer IPv4 or IPv6 packets and even Layer 2 frames when switched, but they are labeled. Below showing the MPLS header format.
First 20-bits: Label value
20 – 22 bits: Three Experimental (EXP) bits, use for quality of service (QoS)
23 bit: Bottom of Stack (Bos) bit, 1 for bottom label, 0 otherwise
24 to 31 bits: Time To Live (TTL)
5.1.2 MPLS components and operation
MPLS network comprise the following elements:
Label Edge Router (LER): Router placed at the edge of the MPLS network
Label Switching Router (LSR): MPLS capable router
Label Switch Path (LSP): An ordered sequence of LSRs
Label Distribution Protocol (LDP): Set of procedures by which LSRs establish LSPs
In MPLS network, an optimal path is firstly determine and tag. When packets enter the MPLS network, the input router and switch uses the layer 3 header to assign the packets to one of this predetermine path. MPLS using a label stacking process to better handle the traffic. A label is attached to the end to end path information in the packet. The label together with the data packet as it cross the network. All other routers along the path use the label to determine the next hop address instead of the IP address. Since this device only operates on the information in the label, processor-intensive analysis and classification of the layer 3 header occur only at the entrance to the network. This remove much of the overhead used in the network and therefore, speed up the overall processing of data.
5.1.3 MPLS Protocols
MPLS use 2 protocols to establish the LSP, they are:
MPLS Routing protocol – Distribute topology information only. Interior gateway protocol such as OSPF, IS-, BGP-4 is normally use.
MPLS Signaling protocol – Information for program the switching fabric. RSVP-TE and LDP is used.
5.1.4 MPLS VPN
MPLS Virtual Private Networks (VPN) is the most popular and widespread implementation of MPLS technology. A VPN provide communication at OSI layer 2 or 3. VPN is protected by strong encryption. In general, the data travel across the VPN is not visible and encapsulated. MPLS is well suited for VPN because of its characteristics.
5.2 Internet Connection
Service Provider: Pacnet
Bandwidth: 4Mbps downstream/4Mbps upstream
Description: Applied at Site A. By the way, the WAN connection will be allowed the Internet share with Site B office.
In order to fulfill both site’s demand, Single High Speed Digital Subscriber Line (SHDSL) has chosen. SHDSL is one of the DSL family technology. Similar with other SDSL service, the upstream and downstream data rates are equal. One of its advantage of SHDSL is its high symmetric data rates with guaranteed bandwidth and low interference. In Bambi Co., Ltd. a 4M/4M speed line is using for their Internet connection.
6. Ethernet Standard
CAT 6 (Category 6) twisted-pair UTP is using under Bambi Co., Ltd. LAN environment. It’s Gigabit Ethernet cable standard which bandwidth up to 400MHz and over a range of 100 m. It meet up the ANSI/TIA-568-B.2-1 performance specification.
7. Network Environment Overview
7.1 Entire Network Diagram
7.2 Hardware/Software description
7.3 Network configuration
7.3.1 Protocol and LAN segments
With the popularity of the Internet, TCP/IP become the most popular protocol. In Bambi Co., Ltd. only TCP/IP protocol allowed to be implement on the network environment. All servers and desktop PCs located on Site A and B will have static addresses, while notebook PCs will obtain addresses by utilizing Dynamic Host Configuration Protocol (DHCP).
IPv4 will be chosen as the type. Compare with IPv6, IPv4 had been around for many years, there are much more hardware and software supports.
The following is the security arrangement for protect company’s data:
Each staff sign an individual login id for access their workstation and server resource like the email. The password establishes complexity level with minimum length of 5 characters. The password will enforce change every 3 months.
Only some authorize staffs with Internet connection. This prevent the data disclose by FTP, web mail or any online storage.
The email server is able to keep logging which allow the administrative staff trace whether any company important data disclose by email.
The firewall and switch are able to monitor the network for suspicious activity. For example, if the firewall detect heavy traffic or overload session, it will send email alert to the network administrator.
8.5 Virus Protection
Some kind of computer virus will steal infected computer’s data. So every servers and client workstations has install a memory resident antivirus software for protection. The UMT firewall also provide gateway antivirus function which prevent virus from the layer 2 level.
The MPLS VPN deployed to be high security network tunnel. The data transmit between site A and B office with strong encryption.
In the user requirement chapter, 6 requirements were outlined. We summarize the benefits from applying the MPLS as below:
- No performance bottleneck of CPE VPN devices
- Reduced network latency
- Guaranteed SLA (Service level agreement) for time critical applications
- Supports the delivery of services with QoS (Quality of service) guarantees
Highly scalable since no site to site peering is required and reconfiguration of VPN devices.
Multiple connection type and bandwidth selection (e.g. ATM, Metro Ethernet, Broadband, etc.)
Private network completely isolated from Internet.
Customer is able to complete control their own routing.
Enable fast restoration from failures
The network design presented here meets all those objectives. Both for today and in the future.
- Rosen, E., Viswanathan, A. and Callon, R. (2001) ‘Multiprotocol Label Switching Architecture’, IETF Documents, [Online] Available from: http://tools.ietf.org/html/rfc3031, [accessed on 07/03/10]
- PACNET 2010: ‘Pacnet Domestic IP VPN” Available on: http://hk.pacnet.com/network/domestic-ip-vpn/, [accessed on 13/03/10]
- Bates, R. (2002) Broadband Telecommunications Handbook. 2nd edition. McGraw-Hill Professional, Columbus.
- Guichard, B. PepeInjak, I. and Apcar, J. (2003) MPLS and VPN Architectures, Volume II. Cisco Press, Indiana.
- Ghein, L. (2007) MPLS Fundamentals. Cisco Press, Indiana.
- Jamison, S. Cardarelli, M. and Hanley, S. (2007) Essential SharePoint 2007. Pearson Education, Inc., Boston.