Chương (15) Broadband Solutions - VPN

8/11/2019 Chng (15) Broadband Solutions - VPN

1/33

HC VIN BU CHNH VIN THNG

TRUNG TM O TO BU CHNH VIN THNG 1

Chapter 15

Teleworking

Comparing Broadband Solutions

VPNs

Site-to-Site GRE Tunnels


2/33

2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3

Teleworking


3/33



Benefits of Teleworking

Introduction to Teleworking

Teleworking is conducting

work by connecting to a

workplace from a remotelocation, using

telecommunications.

Efficient teleworking uses

broadband Internet

connections, a Virtual PrivateNetwork (VPN), VoIP, and

videoconferencing.


4/33




Employer Benefits of Teleworking Improved employee productivityTeleworking staff is between

8 and 40% more productive than office working staff.

Reduced costs and expensesSavings in real estate cost

equaling anywhere from 10 to 80%.

Easier recruitment and retentionBeing able to offer flexibility

can reduce staff turnover by up to 20%.

Reduced absenteeism

Improved morale Improved corporate citizenship

Improved customer service


5/33




Government Benefits of Teleworking Helps build a sustainable economy

Helps reduce contemporary problems, such as traffic

Increases productivity

Alleviates symptoms of the digital divide

Reduces costs and expenses

Improves flexibility

Attracts growth and development


6/33




Individual Benefits of Teleworking ProductivityOver 70% of teleworkers claim they are significantly

more productive.

Time savingsLess time commuting.

Cost savingsSaving money on lunch, clothing, commuting.

Better healthLess exposure to sick' buildings, traffic accidents,

stress.

Home and familyAble to spend more time with the family.

Taking controlThe teleworker can take control over when andwhere work is performed, and also over the myriad of other details

of modern life.

FlexibilityTelework can make it easier to have a more flexible

schedule.


7/33




Community Benefits of Teleworking Helps build a sustainable economyTelework is a critical

component to building a truly sustainable local economy.

Increases value of real estateLess traffic, less smog, and

lower demands for urban office space means existing greenspaces and heritage buildings can be preserved.

Helps reduce contemporary problems, such as traffic,

infrastructure needs, urban drift.

Increases productivity.

Alleviates symptoms of the digital divide.

Reduces costs and expenses.

Attracts growth and development.


8/33




Detriments to TeleworkFor the organization:

More difficult to track employee progress

Necessary to implement a new management style

For the individual:

Feeling of isolation

Slower connections

Distractions


9/33



Business Requirements for Teleworker Services

Teleworker Solution

Broadband connections

IPsec VPNs

Traditional private WAN

Layer 2 technologies


10/33



Business Requirements for Teleworker Services

Teleworker Connectivity Requirements


11/33 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12

Comparing

Broadband

Solutions


12/33



Cable

What is a Cable System?


13/33



Cable

Cable ComponentsTwo types of equipment required to send digital modem signals

upstream and downstream on a cable system:

Cable Modem Termination System (CMTS) at the headend of the

cable operator.

Cable modem (CM) on the subscriber end.


14/33



DSL

DSL DSL provides high-speed connections over installed copper wire

system.

Two basic types of DSL technologies are asymmetric (ADSL) and

symmetric (SDSL). ADSL uses a frequency range from approximately

20 kHz to 1 MHz.

ADSL provides higher downstream bandwidth to the user than

upload bandwidth.

SDSL provides the same capacity in both directions.

Local loop must be less than approximately 3.39 mi. (5.46 km) for

ADSL.


15/33



DSL

DSL Connections

Two key components required

to provide a DSL connection:

TransceiverConnects the

computer of the teleworker

to the DSL.

DSL access multiplexer

(DSLAM)Located at the

carriers central office, it

combines individual DSL

connections from users into

one high-capacity link to an

ISP.


16/33



DSL

Separating Voice and Data in ADSL


17/33



Broadband Wireless

Broadband Wireless Technology Types Municipal Wi-Fi (Mesh)

Worldwide Interoperability for Microwave Access (WiMAX)

A single WiMAX tower can provide coverage to anarea as large as 3,000 square miles.

A WiMAX receiver similar in size and shape to a

PCMCIA card, or built into a laptop or other

wireless device.


18/33



Broadband Wireless

Broadband Wireless Technology Types Cellular/mobile implementations wireless Internet:

3G/4G Wireless: Third generation and fourth generation

wireless. Long-Term Evolution (LTE): A newer and faster

technology considered to be part of the 4G technology.

Satellite Implementations

one-way multicast one-way terrestrial return

two-way satellite Internet


19/33



Selecting Broadband Solutions

Comparing Broadband Solutions CableBandwidth is shared by many users.

DSLLimited bandwidth that is distance-sensitive.

Fiber-to-the-HomeRequires fiber-access network overlay.

Cellular/MobileCoverage is often an issue, bandwidth relatively

limited.

Wi-Fi MeshMany municipalities do not have a mesh network

deployed.

WiMAXBit rate is limited to 2 Mb/s per subscriber; cell size is 1.25miles (1 to 2 km.)

SatelliteExpensive; limited capacity per subscriber.


20/33 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21

VPNs


21/33



Fundamentals of VPNs

Introducing VPNs VPNs are used to create an end-to-end private network connection over third-party networks, such

as the Internet or extranets.

To implement VPNs, a VPN gateway is necessary: Could be a router, a firewall, or a Cisco AdaptiveSecurity Appliance (ASA).


22/33




Benefits of VPNs Cost savings

Enable organizations to use cost-effective, third-party

Internet transport to connect remote offices and

remote users to the main site.

Scalability

Enable organizations to use the Internet

infrastructure within ISPs and devices, which makes

it easy to add new users.



23/33




Benefits of VPNs (cont.) Compatibility with broadband technology

Allow mobile workers and telecommuters to takeadvantage of high-speed, broadband connectivity,

such as DSL and cable, to gain access to thenetworks of their organization, providing workersflexibility and efficiency.

Provide a cost-effective solution for connectingremote offices.

Security

Can include security mechanisms that provide thehighest level of security by using advancedencryption and authentication protocols that protect

data from unauthorized access.



24/33



Types of VPNs

Site-to-Site VPNs Connect entire networks to each other, in the past, a leased line or

Frame Relay connection was required to connect sites, but because

most corporations now have Internet access, these connections can

be replaced with site-to-site VPNs.

Internal hosts have no knowledge that a VPN exists.

Created when devices on both sides of the VPN connection are aware

of the VPN configuration in advance.



25/33



Types of VPNs

Site-to-Site VPNs (cont.) End hosts send and receive normal TCP/IP traffic through a VPN

gateway.

The VPN gateway is responsible for encapsulating and encrypting

outbound traffic for all traffic from a particular site

The VPN gateway then sends it through a VPN tunnel over the

Internet to a peer VPN gateway at the target site.

Upon receipt, the peer VPN gateway strips the headers, decrypts

the content, and relays the packet toward the target host inside itsprivate network.



26/33



Types of VPNs

Site-to-Site VPNs (cont.)



27/33



Types of VPNs

Remote Access VPNs Support the needs of telecommuters, mobile users, and extranet,

consumer-to-business traffic.

Support a client/server architecture, where the VPN client (remote host)

gains secure access to the enterprise network via a VPN server device at

the network edge.

Used to connect individual hosts that must access their company network

securely over the Internet.

VPN client software may need to be installed on the mobile users enddevice (Cisco AnyConnect Secure Mobility Client).

When the host tries to send any traffic, the VPN Client software

encapsulates and encrypts this traffic and sends over the Internet to the

VPN gateway at the edge of the target network.



28/33



Types of VPNs

Remote Access VPNs (cont.)


30/33



Fundamentals of Generic Routing Encapsulation

Introduction to GRE

Basic, non-secure,site-to-site VPN

tunneling protocoldeveloped by Cisco

Encapsulates a widevariety of protocolpacket types inside IP

tunnels Creates a virtual point-

to-point link to routersat remote points, overan IP internetwork



31/33



Fundamentals of Generic Routing Encapsulation

Characteristics of GRE



32/33



Configuring GRE Tunnels

GRE Tunnel Configuration



33/33



Documents

Chương (15) Broadband Solutions - VPN