Cisco CCNA 200-301 – WAN – Wide Area Networks Part 2

4. WAN Connectivity Options

In this lecture you’ll learn about the different Wan connectivity options and there’s multiple wide area network options available. Not all options are going to be available in all locations. It really depends what region, what country you’re in. What is commonly used in one region may be considered legacy in another. Like you might be in one part of the world where frame relay connections are still being used, but in other countries that would be considered legacy.

Also, different providers will use different terminology. Here I’m going to use the terminology that Cisco use for the CCNA exam. So looking first at our primary one connectivity options, and when I say a primary option, this is going to be used by a corporation for their main connectivity to the Internet or to their other offices. So the options here are leased lines, MPLS, multiprotical label switching, and satellite.

And I’m going to have separate lectures for these later to give you more detail on them. Now if it’s a really large company, they might actually own the entire Wan infrastructure, but far more often your Wan connections are going to be offered by a service provider. So what options are available? It really depends what country you’re in and what the service provider is there can do with these primary connections.

The service provider will typically provide an SLA, but it’s a service level agreement and it’s going to have guarantees for the uptime of the line and also for the traffic quality, meaning the delay and the loss on the link list. Lines and satellite can be used for connectivity to the Internet, for direct connectivity between offices and or connectivity a between offices over VPN.

MPLS uses a shared core infrastructure at the service provider, so it can be used for connectivity to the Internet and or connectivity between offices over VPN. If it was a really large company and they owned their own MPLS infrastructure, that could also give direct connectivity between offices. Okay, so those were our primary options. Again, we’re going to cover those in more detail later on in this section.

Optical fiber is more suitable for long distances than copper wire, and it’s commonly used for service provider backhaul connections, meaning the connections between a service provider’s main locations, so those are internal to the service provider, require a lot of bandwidth.

But optical fiber services can also be offered to the service provider’s customers. And in North America you’ll often see this being described as FTTx services. That’s fiber to the home, to the premises, the building and the neighborhood. Sonnet in North America and SDH in the rest of the world are the standards used in service provider optical fiber networks. So you can see the terminology you get sonnet, Sts and OC can be used basically interchangeably.

Sts One or OC One gives 51. 84 megabits per second up to Sts 192 for example, giving nine nine 5328 megabits per second. So really high bandwidth and in rest of the world. It is using SDH STM. So those are typically used for service provider backhaul connections, definitely the larger bandwidth ones. But if you are a large enough organization, you can also be using optical fiber with high bandwidth for your connections between your offices. DWDM is dense wavelength division multiplexing, and it combines or multiplexes multiple optical signals into one optical signal transmitted over a single fiber strand.

And the way it works, the way it does the multiplexing is that each signal is assigned a different wavelength because you’ve got now the multiple signals that would normally require different fiber strands, that allows more capacity and more bandwidth to be added to existing infrastructure without requiring expensive upgrades. And DWDM is used in all modern long haul optical connections in the service providers. Many service providers delayed optical fiber cabling in the past and then found that they didn’t actually need it. And DWDM was a major reason for this because it did provide much more bandwidth with much less actual cabling.

So there is a lot of unused cabling out there and that is referred to as dark fiber. It’s dark fiber because it hasn’t been lit up and it is possible, depending on where you are in the world, that maybe you can buy dark fiber from a service provider as an organization to use for your own Wan links. We will also have a look at our Wan backup and small office solutions. So less expensive options which are often aimed at home user Internet access, can also be used as Internet VPN.

Wan Backup Options in corporate environments there will typically be no corporate level SLA with those services because they’re going over the Internet and the service provider can’t control what happens there. These can be used as the primary one connection method to the corporate network from smaller offices and for home users. So leased lines, MPLS and satellite connections, they’re more expensive. So in a large office we would use one of those and we’d probably use a backup solution there as well.

If we’ve got a small office with just a handful of users there, maybe we can’t justify using one of those more expensive options. So we would use one of these instead. Our options here are DSL digital subscriber line cable and wireless. For example, 4g So those are the kind of options that you knew about already because you can get them at home. There’s also legacy options as well, like PSTN going over the public switch telephone network.

If you’re as old as me, you’ll remember those old 56K dial up modems that would be using the PSTN for your wand. Obviously nobody would use those anymore. There was also Istn, which is integrated services, digital network. This is similar using those 56K modems, but it was aimed at the corporate market and it’s got higher bandwidth than a single analog phone line. Other options frame really frame really is still used in some parts of the world, but in western countries it’s usually seen as a legacy option.

Also ATM asynchronous transfer mode, similar characteristics to Frame Relay and even older X 25. So these are legacy as far as Cisco is concerned. But like I said right on the first slide, it really depends where you are in the world about what options will be available, maybe where you are. The service providers don’t offer MPLS, but they still do offer Frame Relay. Okay, the last thing to cover here is our Wan interface cards. Routers will typically come with onboard ethernet ports, and additional Ethernet interface cards can be added if you need more ports. Ethernet is commonly used for Wan connections today. Other Wan interface types are modular and fit into a spare slot on the router. And there’s many, many different types of Wan interface cards. You’ll see some examples coming up on the next slide. Part numbers for different cards can be very similar, and different cards are compatible with different router platforms. So be very careful when selecting your card. It’s really easy to order the wrong one. To give you an example of that, up on the top here we’ve got a couple of serial cards.

We’ve got the WIC two T, which is compatible with 1700 and the 2600 platforms. And then next to that we’ve got the HWIC two T, which is compatible with the 1819, 2829, 38 and 3900 is ours. So looking at these two, they look exactly the same. They’re both for the same type of connection, which is serial. So we would often use these for slower speed released lines or for Frame relay. But one fits into one type of platform, the other fits into other platforms. And if you order a Wick two T instead of the HWIC two T, then it won’t work. So be really careful when ordering because often there’s just like a single letter or number difference, but it’s not going to have compatibility. Down in the bottom left, this is for the newer model routers before 1000 series ISR.

And this is a NIM module, so it’s actually a larger module than the WIC modules. Here we’ve got the NIM two MFT, T one, E one, so it’s got two T one or E one ports. You can configure them as either. This can be used for data like over at least lines. We could also use this for TDM voice calls going to the public switch telephone network. I’ll speak about that a bit more when we do the least lines lecture. And down in the bottom right we’ve got a Nimvab A, which is also for the 4000 series is ours, and that is a DSL card. So you can see particularly from the two at the top part numbers can be very similar. Be careful when you order. To give you a story about that, I worked for a company before and we were opening up a new office in Africa and it was easier to source the equipment in the UK.

So we bought the equipment in the UK and the office in Africa. It was going to have PCs there and also IP phones as well. So we needed switches that provided power for the IP phones. And what happened was the person that ordered it ordered non poe switches. So we had 30 pieces of routers and switches in the warehouse in Aberdeen and it was just about to get shipped out to Africa, and luckily somebody noticed the mistake and we were able to get those replaced. But if they’d been shipped to Africa, that would have been a really, really expensive, career limiting mistake. So do be careful when you’re ordering interface cards or routers or switches. OK, see you in the next lecture.

5. Leased Lines

In this lecture you’ll learn about leased lines. A leased line is a dedicated physical connection between two locations. It has fixed reserved bandwidth which is not shared with anyone else, and the same bandwidth is available in both directions. So if you’ve got a leased line which is being used for your internet connection and it’s a two meg leased line, you’ve got two meg going up to the internet and you’ve got two meg coming down as well. That’s different than some other options. Like some versions of DSL, the company may own the cable infrastructure themselves, but far more commonly it’s going to be leased from a service provider for a monthly fee. That’s where we get the name leased line from with our leased lines.

The first location is typically a corporate office and the second location is typically either another corporate office and that provides point to point connectivity between the two offices. Or it could be going to a data center that’s connected to the company’s existing Wan that provides multi point connectivity between offices. Or it could be going to a data center that’s connected to the Internet, providing internet connectivity and optionally corporate office connectivity using Internet VPN. The data center we’re talking about here is a data center at the service provider. So an example of a leased line, this is one you saw earlier. We’ve got our office in New York and an office in Boston and we put in a point to point leased line between the those two offices. Let’s say that our servers are in New York. Our users in both New York and Boston can now access those servers over a private network connection. We’re also going to want to have Internet connectivity as well.

So for example in New York we put a leased line going out to the internet from there. Our users in New York can access the Internet from there and also our users in Boston, they could send their traffic over the least line to New York and then break out to the internet from there. Some other topology options that we have. We could put in a lease line going out to the internet in New York and also a leased line going out to the internet in Boston. That gives us internet connectivity from Bob sites. And then we could configure a VPN tunnel that’s going over the internet that gives us connectivity between Bob sites as well. So in that example, we’re using the same leased wine for both our internet and our office wine connectivity as well. Another way that we could do it similar to the last one is where we have a leased line going out to the internet in New York and Boston and we also put in a leased line directly between New York and Boston as well.

Now obviously we’ve got one extra leased line here, so this is going to be a more expensive option. The reason we would do this is that we don’t want the corporate traffic between New York and Boston going over an Internet VPN. We want it going over a direct lease line. That way we’re going to get an SLA for the traffic between the offices. We’re going to get guaranteed uptime and also delay and loss. We wouldn’t get that if we were sending the traffic over the Internet. So our leased lines use a serial connection requiring the correct physical interface card in the router. They don’t use an Ethernet port. Now, like I said at the start of this section, different service providers will use different terminology. So another service provider may offer you a leased line which is not actually using a serial connection.

But as far as Cisco are concerned for the CCNA exam, leased lines is direct point to point connections using a serial port. Common bandwidth options for our leased lines, it depends whether you are in North America or in Europe or another part of the world. In North America we’ve got the T one which is 1. 54 to one and a half megabits per second. In Europe we use an E one which is two megabits per second. Now, whichever country you’re in, it’s highly unlikely that you would have the option of a T one or an E one. If you’re in North America, you can get a T one. You can’t get an E one if you’re in Europe or Australia for example. You can get an E one if you’re in another continent like Asia.

It depends what country you’re in, whether the service provider is going to offer T ones or E ones there. We can also get higher bandwidth connections as well. For example, a T two is six megabits per second and E two is eight megabits per second. There’s also even higher bandwidths as well, the T three and the T four and the E three and the E four. Further back in the past we would get slower bandwidth connections like this like 64K or 128 or 512, et cetera. So lots of different options for the bandwidth on your leased lines. Obviously the higher the bandwidth, the more expensive it’s going to be. Now there’s benefits and drawbacks with our leased lines. Big benefit is that they have fixed reserve bandwidth for you. It’s not shared with anyone else. And because of this that means that the service provider can give you a service level agreement with guarantees for uptime and traffic delay and loss on the link. But you have to pay for that kind of service. So leased lines are typically more expensive than the other options. There can also often be a longer lead time to wait for the installation. So because of that extra cost, copper or fiber Ethernet connectivity options down to your CPE that’s the customer premises equipment are becoming more common than serial leased lines are. You can still get these, but less expensive options are often being used.

Now satellite connections share the same characteristics as our cabled leased lines. So that’s why I’m mentioning them also in this lecture. They are typically expensive and lower bandwidth. So why would you use a satellite connection? Often it’s the only option if you’re in a hard to reach area, like if you’re working in mining or oil and gas and you want to put in a one connection on an oil rig, satellite is normally going to be your only option. There there’s one last thing that I want to tell you about here that you don’t actually need to know for this CCNA exam, but I’m going to include it so that you don’t get confused when you’re working on real world deployments, and that is the T one and E one links were also commonly used for connections to the phone network. That’s the PSTN, the public switch telephone network. Just like you connect to from your phone at home if you still have one, or from your cell phone. Now the analog phone cable to your house is capable of carrying only one call. But if a company connects a T One or an E One to the phone network, they’re going to be able to carry much more than just one call over that single cable. If they’ve got a T One, it’s a digital line, it can carry 24 concurrent calls and E One can carry 30 calls.

So this is good for the company. They don’t have so many cables going into the building. Also it can come with additional phone services as well. So back in the day you would very often see T One and E One s being used for a company’s connection to the phone network. Nowadays, voice over IP using Sip, the session initiation protocol over an Ethernet one connection to the telco is more popular. So e one and t one used to be super popular. It’s being replaced by Sip connections usually going down to an Ethernet interface at the company though. So looking if we are using T One or E One going out to the phone network, we’ve got the same example company again with an office in New York and in Boston. Looking at the office in New York on the router there, they’ve got three different T One interfaces. One of the interfaces is connected out to the Internet.

Another one is a direct connection to the office in Boston and then the third connection is connected to the phone network. So now if that company, if they make a phone call, say we’ve got a user with an IP phone under our desk in New York and they call Boston, that call will go over the T One direct link between the two offices. It’s better to do it that way than sending it over to PSTN because then the company doesn’t have to pay toll charges. But the company, they’re not going to be just calling between their own internal users they need to be able to call suppliers and customers on the outside as well. So if I’m in New York and I phone a customer anywhere outside the company, then the call is going to go via my router, but then out the t one to the phone network to get to that customer. Okay, that’s everything that I needed to tell you about t ones, e ones, and the other bandwidth we can have with our list lines for now. I will see you in the.

6. MPLS Multi Protocol Label Switching

In this lecture you’ll learn about MPLS VPNs. MPLS stands for Multiprotocoll Label switching and one connectivity can be provided over an MPLS infrastructure. The MPLS network is usually going to be operated by a service provider, but you will find some large companies with their own MPLS network as well. Traffic from multiple customers when we’re using our service providers network, can travel over that providers shared MPLS network. So this is a VPN service because it’s traffic from multiple customers using the same shared underlying infrastructure. When we use MPLS VPNs, the customers are kept strictly separate from each other. So it is a virtual private network. Different levels of service level agreement for uptime and traffic, delay and loss are usually available at different price points. So this is different than a VPN going over the Internet. A VPN going over the Internet could be passing through multiple service providers. So it’s impossible to get a single unified SLA for the end to end traffic. But when you’re using an MPLS VPN, it’s going to be with one service provider that owns the MPLS network. So that service provider can give you guarantees for the uptime, for the delay and the loss.

And they will often have different guarantees at different price points. Maybe they’ll have a gold class which will get really good quality, a silver class and a bronze class. Ethernet connections are typically used to connect down to the customer router and NPLs VPNs provide a full mesh topology. By default, this is different than leased lines which use point to point links with our point to point links. If we wanted to have a full mesh connectivity, we would need to put in those point to point links going everywhere. With MPLS it’s different. Maybe you’ve already got five sites that are connected into the MPLS VPN. When you add a 6th site, it’s automatically added with fool mesh connectivity to all of the other sites. This is good because it means whenever one site is communicating with another site, the traffic is going to go over the optimum path.

So looking at our MPLS VPNs in the diagram here, we’ve got the service provider MPLS network. Obviously, real world order is going to be more than three routers. There to give you the terminology, a PE is a provider edge router which connects to a Ce, which is a customer edge router. And the routers in the middle going across the provider’s core are PE routers, provider core routers. So our PE routers connect to the Ce, which is the customer edge router. And you can see in the diagram here, over in the top left we’ve got customer A. I’ve got an office in New York. The PCs in New York are in the subnet. Ten. Then we’ve also got site one in Boston. The PCs there are 100, 124, and there’s a second site in Boston where the PCs behind the Ce router are in the subnet ten 200:24. So the example you see here is for a layer three MPLS VPN, you can also get layer two VPNs that we’ll get to in a minute. So for layer three VPN, the customer sites are all in different IP subnets.

We can also have Customer B who have also got a VPN going over that same shared core infrastructure. Customer B have got an office in New York that’s using subnet 1050 O. And Customer B have got an office in Boston with subnet 1002. Notice that both customer A and customer B have got sites that are using the same subnet 100 two. That’s fine because the different customers are kept strictly separate from each other and they’ve got separate routing tables. So you can have different customers using the same IP subnet that will work just fine. This is a VPN technology because we’ve got multiple customers going over that same shared network, and it’s layer free because each site is in a different IP subnet. When we’re using layer three MPLS VPN, MPLS runs across the provider’s core on the PE and the P routers. The customer Ce routers do not run MPLS. They don’t know anything about MLS. They’re just configured as normal IP routers. The customer Ce routers pier at layer three with the provider PE routers. You’ll see what that means on the next slide.

And static routes are a routing protocol run between the Ce and the PE. And the PE router looks just like another customer router to the customer. The provider’s core routers are transparent to the customer. So the customer can see the PE router because it connects to it, but it doesn’t know that the PE routers going across the core are there. And like I said earlier, the customer sites are in different IP subnets. So looking at our configure, you can see customer A in New York. The Ce router peers with the PE router at layer three, meaning on the Ce side, we give an IP address 109 216802, and on the PE site we give it IP address 109 216801. So the Ce router can see that it is directly connected to the PE router.

For getting traffic over to the other sites, we can either use static routes or we can use an IGP. This first example, we’re going to use static routes. So on the Ce router, we configure interface gig zero slash zero facing the PE IP address one nine two, do one six eight dot O dot 2255 dot two five five dot, two five five dot two five two. And then we’re using a summary route IP route ten 025-5255. Or the next top is the PE 1921-6801. So that summary route takes care of the 1024 network and the 100 two network. So for configuring the Ce routers, you just configure them as if the PE is another normal customer router. We have no MPLS configuration on the Ce routers at all. All of the complicated part of the config is done on the PE routers, which you don’t need to know right now because that comes under the service provider track. You will not be tested on that.

So we can use static routes or we can use an IGP here. I’m using Rip for the example because it’s nice and simple config to fit on the slide here. So on the Ce again, interface gig zero, IP address 192-16-8023, mask router rip version two network ten o. So that I’m going to advertise my internal networks and network 192, one, six, eight or so that will enable rip on the interface facing the PE. Now my internal routes will be advertised to the other sites over in Boston. I’ll also learn about the sites over in Boston as well with the next hop address of 1921-6801. So that’s how you configure it with the IGP. All of the different routing protocols are supported technically, but what you’ll often find is that the service provider won’t support them all to make their life easier. Okay, so that was our layer three MLS VPNs. You can also get layer two MPLS VPNs as well. With these.

The Ce devices do not pair with the PE devices. They don’t even see that the PES are there. The entire provider network is transparent to the customer. The provider network acts just like it’s a giant switch. And the customer sites are in the same IP subnets, not the different IP subnets that we had with our layer three VPNs. So this is what a layer two M plus VPN is going to look like. We’ve again got the provider’s core infrastructure with their PE and their P routers. A Ce device is going to connect into the PE. You’ll see for customer A in New York behind the Ce, which is a switch. Here they’re on subnet ten dot o, dot O slash 24. Then we’ve got a site in Boston. The PCs there are in the same subnet, ten O 24. And the second site in Boston, again they’re in ten O 24. So what this allows to happen is across a wide area network, it looks to the PCs like they’re all in the same network and they’re all in the same IP subnet. So we can do that for customer A. We can also do it for customer B as well. In our example here, customer B are actually overlaying layer three. On top of layer two. They’ve got a router on the left with IP address ten 00:51 slash 30. The router on the right is ten 00:52 30. So you can see from this the two routers, they appear to be on layer two adjacent. The two routers think they’re directly connected to each other. They don’t see the provider network at all.

Some reasons why we would want to use a layer two MLS VPN maybe we want to cluster an application over the Wan and to be able to do clustering for this particular application. All of the different servers need to be in the same IP subnet. So maybe I’ve got a server with IP address 100 one. I’ve got another server with IP address 100 two. That would normally mean that they have to be in the same land, but now with a layer two MPLS VPN, I can put them in different sites. So this gives me really good redundancy. Other reasons for using a layer two mPLUS, VPN maybe is a disaster recovery solution. So maybe I’ve got my main site, it’s layer two adjacent to the disaster recovery site. This makes it really easy to migrate my servers across if I do have a disaster at the main site because they can keep their same IP address.

Some terminology for our layer two m plus VPNs. VPLs is virtual private land service. This is a multipoint layer two VPN. You saw in the example I gave you earlier. We had three sites that were all in the same IP subnet that would be using VPLs because I’ve got more than two sites. VPWS is a virtual pseudo wire service. And that is a point to point layer to VPN. So they both work the same way. But with VPWS we’ve only got two sites. With VPLs we’ve got more than two sites. Okay, so that was our MPL less VPNs. I showed you the config earlier for the layer three VPN. It’s very simple from the customer side. So I don’t need to do a lab demo for that. You knew everything that was covered there already. So we will start with the next technology in the next lecture.

• Category: Uncategorized