Wednesday, February 9, 2011

Dial UP Technology

Dial-up Technology:

Dialup is simply the application of the Public Switched Telephone Network (PSTN) to carry data on behalf of the end user. It involves a customer premises equipment (CPE) device sending the telephone switch a phone number to direct a connection to. The AS3600, AS5200, AS5300, and AS5800 are all examples of routers that have the capability to run a PRI along with banks of digital modems. The AS2511, on the other hand, is an example of a router that communicates with external modems. Since the time of Internetworking Technologies Handbook, 2nd edition, the carrier market has continued to grow, and there have been demands for higher modem densities. The answer to this need was a higher degree of interoperation with the telco equipment and the refinement of the digital modem: a modem capable of direct digital access to the PSTN. This has allowed the development of faster CPE modems that take advantage of the clarity of signal that the digital modems enjoy. The fact that the digital modems connecting into the PSTN through a PRI or a BRI can transmit data at more than 53 K using the V.90 communication standard attests to the success of the idea.

A Short Dialup Technology Background:

Dialup technology traces its origins back to the days of the telegraph. Simple signals being sent across an extended circuit were created manually by tapping contacts together to turn the circuit either on or off. In an effort to improve the service, Alexander Graham Bell invented the telephone in 1875 and changed communication forever. Having the capability to send a voice across the line made the technology more accessible and attractive to consumers. By 1915, the Bell system stretched from New York to San Francisco. Demand for the service drove technological innovations, which led to the first transatlantic phone service in 1927 via radio signal. Other innovations along the way included. microwave stations that started connecting American cities in 1948, integrated digital networks to improve the quality of service, and communication satellites, which went into service in 1962 with the launch of Telstar 1. By 1970, more than 90 percent of American homes had telephone service. In 1979 the modulator-demodulator (modem) was introduced, and dialup networking was born. The early modems were slower and subject to proprietary communication schemes. Early uses of modems were for intermittent point-to-point WAN connections. Often, the call would come into a regular phone at a data center. An operator would hear modem tones and place the handset onto a special cradle that was the modem. In the late 1980s, the ITU-T began setting up V-series recommendations to standardize communications between both data communications equipment (DCE) and data terminal equipment (DTE). Early standards included these:

• V.8—Standardized the method that modems use to initially determine the V-series modulation at which they will communicate. Note that this standard applies only to the communication session between the two DCE devices. This was later updated with V.8bis, which also specified some of the communication standards between the DTE devices going over the DCE’s connection.
• V.21, V.23, V.27ter, V.29—Defined 300, 600/1200, 2400/4800, and 9600 baud communications, respectively.
• V.25, V.25bis, V.25ter—Served as a series of standards for automated dialing, answering, and control. Modems increased greatly in sophistication in the late 1980s. This was due in part to the breakup of the Bell system in 1984. With the client premises equipment in the hands of free enterprise, competition spurred on the development of speedier connections. More recent standards include these:
• V.32bis, V.34, V.90—Standardized 14400, 33600, and up to 56000 baud communication speeds.
• V.110—Allowed an asynchronous DTE device to use an ISDN DCE (terminal adapter). The first access servers were the AS2509 and the AS2511. The AS2509 could support 8 incoming connections using external modems, while the AS2511 could support 16. The AS5200 was introduced with 2 PRIs and could support 48 users using digital modems—this represented a major leap forward in technology. Modem densities have increased steadily, with the AS5300 supporting four and then eight PRIs. The AS5800 was later introduced to fill the needs of carrier class installations needing to handle dozens of incoming T1s and hundreds of user connections A couple of outdated technologies bear mentioning in a historical discussion of dialer technology. 56
Kflex is an older (pre-V.90) 56 K modem standard that was proposed by Rockwell. Cisco supports version 1.1 of the 56 Kflex standard on its internal modems, but it recommends migrating the CPE modems to V.90 as soon as possible. Another outdated technology is the AS5100. The AS5100 was a joint venture between Cisco and a modem manufacturer. The AS5100 was created as a way to increase modem density through the use of quad modem cards. It involved a group of AS2511s built as cards that were inserted into a backplane shared by quad modem cards, and a dual T1 card. Today dialup is still used as an economical alternative (depending on the connection requirements) to dedicated connectivity. It has important uses as backup connectivity, in case the primary lines go down. Dialup also offers the flexibility to create dynamic connections as needed.

Dialup Connectivity Technology:

This section provides information from various dialup options. Also included are advanced options for dialup connectivity and various dialup methods.

Plain Old Telephone Service:

The regular phone lines used in voice calls are referred to as Plain old telephone service (POTS). They are ubiquitous, familiar, and easy to obtain; local calls are normally free of charge. This is the kind of service that the phone network was built on. Sounds carried over this service are sampled at a rate of 8000 times per second (using 8 bits per sample) in their conversion to digital signals so that sound can be carried on a 64 kbps channel at acceptable levels.The encoding and decoding of voice is done by a piece of telco gear called a CODEC. The CODEC was needed to allow backward-compatibility with the old analog phones that were already in widespread use when the digital network was introduced. Thus, most phones found in the home are simple analog devices. Dialup connectivity across POTS lines has historically been limited to about 33,600 bps via modem—often referred to as V.34 speeds. Recent improvements have increased the speed at which data can be sent from a digital source to a modem on a POTS line, but using POTS lines on both ends of the connection still results in V.34 connectivity in both directions.

Basic Rate Interface

Intended for home use, this application of ISDN uses the same copper as a POTS line, but it offers direct digital connectivity to the telephone network. A special piece of equipment known as a terminal adapter is required (although, depending on the country, it may be integrated into the router or DCE device). Always make sure to check—the plug used to connect to the wall socket looks the same whether it’s the S/T or U demarcation point. Normally, a Basic rate interface (BRI) interface has two B (bearer) channels to carry data, and one D (delta) channel to carry control and signaling information. Local telephone carriers may have different plans to suit local needs. Each B channel is a 64 K line. The individual 64 K channels of the telephone network are commonly referred to as digital service 0 (DS0). This is a common denominator regardless of the types of services offered, as will be shown later in this chapter. The BRI interface is a dedicated connection to the switch and will remain up even if no calls are placed. The T1/E1 line is designed for use in businesses. T1 boasts 24 TDM channels run across a cable with 2 copper pairs. E1 offers 32 channels, although 1 is dedicated to frame synchronization. As is the case with the BRI, the T1/E1 connection goes directly into the telco switch. The connection is dedicated, so like a BRI, the T1/E1 remains connected and communicating to the switch all the time—even if there are no active calls. Each of the channels in the T1/E1 is just a B channel, which is to say that it’s a 64-K DS0. The T1/E1 is also referred to as digital service 1 (DS1). The North American T1 uses frames to define the timing between individual channels. For T1s, each frame has 24 9-bit channels (8 bits of data, 1 bit for framing). That adds up to 193 bits per frame. So, at
8000 of those per second, the T1 is carrying 1.544 Mbps between the switch and the customer premises equipment (CPE). The E1 similarly uses frames for timing, but the E1 uses 32 8-bit channels for a 256-bit frame. Again at the 8000 Hz rate, the channel yields 2.048 Mbps of traffic between the switch and the CPE. Most of the world uses the E1. Depending on the region, various line code and framing schemes will have to be used for the CPE and the switch to understand each other. For example, in North America, the encoding scheme most often seen is called binary 8 zero substitution (B8ZS), and the most common framing done is extended super frame (ESF). The telco through which the T1/E1 service is purchased must indicate which line code and framing should be used. For dialup purposes, there are two types of T1/E1: Primary Rate Interface (PRI) and channel associated signaling (CAS). PRI and CAS T1/E1s are normally seen in central locations that receive calls from remote sites or customers.

Primary Rate Interface:

T1 Primary rate interface (PRI) service offers 23 B channels at 64 kbps at the cost of one D-channel (the 24th channel) for call signaling. Using NFAS to allow multiple PRIs to use a single D channel can minimize this disadvantage. E1 PRI service allows 30 channels, but it uses the 16th channel for ISDN signaling. The PRI service is an ISDN connection. It allows either voice-grade (modem) or true ISDN calls to be made and received through the T1/E1. This is the type of service most often seen in access servers because it fosters higher connection speeds.

Channel Associated Signaling:

T1 Channel associated signaling (CAS) lines have 24 56K channels—part of each channel is borrowed for call signaling. This type of service is also called robbed-bit signaling. The E1 CAS still uses only the 16th channel for call signaling, but it uses the R2 international standard for analog call signals. CAS is not an ISDN interface; it allows only analog calls to come into the access server. This is often done to allow an access server to work with a channel bank, and this scenario is seen more commonly in South America, Europe, and Asia,sends a call into a channel that isn’t expecting it, the switch will get back a message indicating that the channel isn’t available. An access server must maintain state information on its lines and be prepared to coordinate inward and outward calls with the switch.

Modems:

From a terminology standpoint, a modem is considered data communication equipment (DCE), and the device using the modem is called data terminal equipment (DTE). As indicated earlier, modems must adhere to a number of communication standards to work with other modems: Bell103, Bell212A, V.21, V.22, V.22bis, V.23, V.32, V.32bis, V.FC, and V.34, to name a few. These standards reflect a dual analog conversion model,Notice that the signal goes through only one analog conversion. Because the conversion is done on the client’s side, traffic generated by the client modem is limited to V.34 speeds. The traffic coming from the access server is not subject to the noise problems that an analog conversion would introduce, so it can be sent at much higher speeds. Thus, the client can receive data at v.90 speeds but can send data at only V.34 speeds.

PPP -

PPP bears mentioning because it is so vital to the operation of dialup technologies. Until PPP came along in 1989 (RFC 1134—currently up to RFC 1661), dialup protocols were specific to the protocol being used. To use multiple protocols, it was necessary to encapsulate any other protocols within packets of whatever protocol the dialup link was running. Many of the proprietary link methods (such as SLIP) didn’t even have the capability to negotiate addressing. Fortunately, PPP does this and many more things with flexibility and extensibility. PPP connection establishment happens in three phases: Link Control Protocol (LCP), authentication, and Network Control Protocol (NCP).

LCP-

LCP is the lowest layer of PPP. Because PPP does not follow a client/server model, both ends of the point-to-point connection must agree on the negotiated protocols. When negotiation begins, each of the peers wanting to establish a PPP connection must send a configure request (CONFREQ). Included in the CONFREQ are any options that are not the link default. These often include maximum receive unit, async control character map, authentication protocol, and the magic number. At this stage, the peers negotiate their authentication method and indicate whether they will support PPP multilink. In the general flow of LCP negotiations, there are three possible responses to any CONFREQ:

1. A configure-acknowledge (CONFACK) must be issued if the peer recognizes the options and agrees to the values seen in the CONFREQ.
2. A configure-reject (CONFREJ) must be sent if any of the options in the CONFREQ are not recognized (such as some vendor-specific options) or if the values for any of the options have been explicitly disallowed in the configuration of the peer.
3. A configure-negative-acknowledge (CONFNAK) must be sent if all the options in the CONFREQ are recognized, but the values are not acceptable to the peer. The two peers continue to exchange CONFREQs, CONFREJs, and CONFNAKs until each sends a CONFACK, until the dial connection is broken, or until one or both of the peers indicates that the negotiation cannot be completed.

Authentication

Authentication is an optional phase, but it is highly recommended on all dial connections. In some
instances, it is a requirement for proper operation—dialer profiles, being a case in point. The two principal types of authentication in PPP are the Password Authentication Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP), defined by RFC 1334 and updated by RFC 1994. When discussing authentication, it is helpful to use the terms requester and authenticator to distinguish the roles played by the devices at either end of the connection, although either peer can act in either role. Requester describes the device that requests network access and supplies authentication information; the authenticator verifies the validity of the authentication information and either allows or disallows the connection. It is common for both peers to act in both roles when a DDR connection is being made between routers. PAP is fairly simple. After successful completion of the LCP negotiation, the requester repeatedly sends its username/password combination across the link until the authenticator responds with an acknowledgment or until the link is broken. The authenticator may disconnect the link if it determines that the username/password combination is not valid. CHAP is somewhat more complicated. The authenticator sends a challenge to the requester, which then responds with a value. This value is calculated by using a “one-way hash” function to hash the challenge and the CHAP password together. The resulting value is sent to the authenticator along with the requester’s CHAP host name (which may be different from its actual host name) in a response message. The authenticator reads the host name in the response message, looks up the expected password for that host name, and then calculates the value that it expects the requester to send in its response by performing the same hash function the requester performed. If the resulting values match, the authentication is successful. Failure should lead to a disconnection. By RFC standards, the authenticator can request another authentication at any time during the connection.

NCP-

NCP negotiation is conducted in much the same manner as LCP negotiation with CONFREQs, CONFREJs, CONFNAKs, and CONFACKs. However, in this phase of negotiation, the elements being negotiated have to do with higher-layer protocols—IP, IPX, bridging, CDP, and so on. One or more of these protocols may be negotiated. Refer to the following RFCs for more detail on their associated protocols:

• RFC 1332 “IP Control Protocol”
• RFC 1552 “IPX Control Protocol”
• RFC 1378 “AppleTalk Control Protocol”
• RFC 1638 “Bridging Control Protocol”
• RFC 1762 “DECnet Control Protocol”
• RFC 1763 “VINES Control Protocol”

A Couple of Advanced Considerations

The Multilink Point-to-Point Protocol (MLP, RFC 1990) feature provides a load-balanced method for splitting and recombining packets to a single end system across a logical pipe (also called a bundle) formed by multiple links. Multilink PPP provides bandwidth on demand and reduces transmission latency across WAN connections. At the same time, it provides multivendor interoperability, packet fragmentation with proper sequencing, and load calculation on both inbound and outbound traffic. The Cisco implementation of multilink PPP supports the fragmentation and packet sequencing specifications in RFC1717. Multilink PPP works over the following interface types (single or multiple):

• Asynchronous serial interfaces
• BRIs
• PRIs

Multichassis multilink PPP (MMP), on the other hand, provides the additional capability for links to terminate at multiple routers with different remote addresses. MMP can also handle both analog and digital traffic. This functionality is intended for situations in which there is a large pool of dial-in users, and a single access server cannot provide enough dial-in ports. MMP allows companies to provide a single dialup number to their users and to apply the same solution to analog and digital calls. This feature allows Internet service providers, for example, to allocate a single ISDN rotary number to several ISDN PRIs and not have to worry about whether a user’s second link is on the same router. MMP does not require reconfiguration of telephone company switches.

AAA

Another technology that should be mentioned because of its importance is Authentication, Authorization, and Accounting (AAA). The protocols used in AAA can be either TACACS or RADIUS. These two protocols were developed in support of a centralized method to keep track of users and accesses made on a network. AAA is employed by setting up a server (or group of servers) to centrally administer the user database. Information such as the user’s password, what address should be assigned to the user, and what protocols the user is allowed to run can be controlled and monitored from a single. workstation. AAA also has powerful auditing capabilities that can be used to follow administratively important trends such as connection speeds and disconnect reasons. Any medium or large dialup installation should be using AAA, and it’s not a bad idea for small shops, either.

Dialup Methods

Most routers support automated methods for dynamic links to be connected when traffic that needs to get to the other end arrives. Cisco’s implementation is called dial-on-demand routing (DDR). It provides WAN connectivity on an economical, as-needed basis, either as a primary link or as backup for a nondial serial link. At its heart, DDR is just an extension of routing. Interesting packets are routed to a dialer interface that triggers a dial attempt. Each of the concept’s dialer interface and interesting traffic bear explanation.

What’s a Dialer?

The term dialer has a few meanings, depending on the specifics of the configuration, but in general, it refers to the interface where the routing is actually happening. This is the interface that knows the address and phone number where the traffic is supposed to go. When looking at the routing table, the dialer interface should be the interface referenced for the next hop to reach the network on the other side. The dialer interface does not have to be the physical interface that is doing the dialing, but it can be made so by placing the configuration command dialer in-band in a physical interface. Thereafter, the interface becomes a dialer. For example, an async interface is not a dialer by default, but placing the configuration command dialer in-band in the async interface causes dialer behavior on that interface. For example, calls received by that async interface after applying the command will have an idle timeout applied to the connection from then on. An example of a physical interface that is also a dialer by default would be the BRI interface. Beyond making physical interfaces into dialers, there are interfaces called dialer interfaces. These are logical interfaces that call upon real interfaces to place calls. The advantage of using a dialer interface is flexibility. A group of potential DDR links can share a handful of BRI interfaces. Dialer interface configuration comes in two flavors: dialer map-based (sometimes referred to as legacy DDR) and dialer profiles. Which method you use depends on the circumstances under which you need dial connectivity. Dialer map-based DDR was first introduced in IOS Version 9.0; dialer profiles were introduced in IOS Version 11.2.

Interesting Traffic

The term interesting is used to describe packets or traffic that will either trigger a dial attempt or, if a dial link is already active, reset the idle timer on the dialer interface. For a packet to be considered interesting, it must have these characteristics:

• The packet must meet the “permit” criteria defined by an access list.
• The access list must be referenced by the dialer–list, or the packet must be of a protocol that is
universally permitted by the dialer–list.
• The dialer-list must be associated with a dialer interface by use of a dialer group.

Packets are never automatically considered to be interesting (by default). Interesting packet definitions must be explicitly declared in a router or access server configuration.

Benefits and Drawbacks

The benefits of dialup are flexibility and cost savings. First, let’s look at why flexibility is important. Intermittent connectivity is most often needed in mobile situations. A mobile workforce needs to be capable of connecting from wherever they are. Phone lines are normally available from wherever business is transacted, so a modem connection is the only reasonable choice for mobile users. In long-distance situations, a user often dials into a local ISP and uses an IPSec-encrypted tunnel going back to a home gateway system that allows access to the rest of the corporate network. In this example, the phone call itself costs nothing, and an account with the local ISP could be significantly less expensive than the long-distance charges that would otherwise be incurred. As another example, a BRI attached at a central office located in an area that offers inexpensive rates on ISDN could have database servers configured to call out to other sites and exchange data periodically. Each site needs only one BRI line, which is significantly less expensive than dedicated links to each of the remote locations. Finally, in the case of a backup link, the savings are seen when the primary link goes down but business continues, albeit slower than normal. Cost savings is a two-edged sword where dialup is concerned, however. The downside of a dialup line is that connection costs for a heavily used line are higher than the price of dedicated connectivity. Going over long distance raises the price even higher. There’s also speed to consider. Dialup connectivity has a strong high-end bandwidth, particularly with the capability to tie channels together using PPP multilink, but dedicated connectivity through a serial port can outperform dialup connections. Another consideration is security. Certainly, any PPP connection should be authenticated, but this presents anyone with the dialup number an opportunity to break into the system. A significant part of any dialup system’s configuration concerns the capability to keep out unwanted guests. The good news is that it can be done, and AAA goes a long way toward dealing with this problem. However, it is a disadvantage to have potential intruders coming in through dialup lines.

No comments:

Post a Comment