4.5 Describe WAN access connectivity options

  • 4.5.a MPLS

I couldn’t find a concisce definition  from the text books:

Multiprotocol Label Switching (MPLS) is a type of data-carrying technique for high-performance telecommunications networks. MPLS directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. The labels identify virtual links (paths) between distant nodes rather than endpoints. MPLS can encapsulate packets of various network protocols, hence its name “multiprotocol”. MPLS supports a range of access technologies, including T1/E1, ATM, Frame Relay, and DSL. -Wikipedia.org

  • 4.5.b Metro Ethernet

Metro Ethernet is a layer 2 service that acts like ethernet links between busineses. There are many Metre Ethernet configuration options:

  • Ethernet Line Service (Point-to-point): Two customer premise equipment (CPE) devices can exchange Ethernet frames, similar to a leased line.
  • Ethernet Lan Service (Full mesh): Acts like a LAN, in that all devices can send frames to each other.
  • Ethernet Tree Service (Hub-and-spoke): A central side can communicate to all nodes, but individual nodes can not communicate directly.
  • 4.5.c Broadband PPPoE

Broadband Ethernet like Australia’s NBN fibre to the node – provide a high speed internet connection using Ethernet technologies.

  • 4.5.d Internet VPN (DMVPN, site-to-site VPN, client VPN)

VPNs allow for secure traffic over insecure lines (such as the internet), VPNs have the following security features:

  1. Confidentiality – All data is encrypted and can not be read if intercepted
  2. Authentication – There is a guarantee that the client/server on the other end isn’t a hijacker or imposter
  3. Data integrity – All data sent as it is encrpyted is therefore verifed to be non-corrupted or tampered

VPNs also overcome the data playback vulnerability which stops someone from capturing authentication data and replaying it.

Site to site VPNs can be constructed with GRE tunnels and IPsec.\

Multi-site or multi-client VPNs can use Cisco’s Dynamic Multipoint VPN (DMVPN) which allows sites to communicate with other and the hub – creating a virtual LAN.

Note: Open Source protocols like OpenVPN can also be configured to do this. I currently use OpenVPN with OSPF (quagga) to route between my Digital Ocean droplet and my home’s LAN.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s