The Network as a Platform (1.2)
In the past, traditional networks such as television, telephone, and computer networks worked in very different ways. This chapter explores how those differences are rapidly shrinking.
Converged Networks (1.2.1)
In this section you will learn how different types of networks are becoming increasingly alike as network technologies change.
Traditional Service Networks (1.2.1.1)
Modern networks are constantly evolving to meet user demands. Early data networks were limited to exchanging character-based information between connected computer systems. Traditional telephone and television networks were maintained separately from data networks. In the past, every one of these services required a dedicated network, with different communications channels and different technologies to carry a particular communication signal. Each service had its own set of rules and standards to ensure successful communication.
Consider a hospital built 40 years ago. Back then, hospital rooms were cabled for the data network, telephone network, and video network for televisions. These separate networks were disparate, meaning that they could not communicate with each other, as shown on the left in Figure 1-5.
Advances in technology are enabling us to consolidate these different kinds of networks onto one platform, referred to as the converged network. Unlike dedicated networks, converged networks are capable of delivering voice, video streams, text, and graphics between many different types of devices over the same communications channel and network structure, as shown on the right in Figure 1-5. Previously separate and distinct communication forms have converged onto a common platform. This platform provides access to a wide range of alternative and new communication methods that enable people to interact directly with each other almost instantaneously.
Figure 1-5 Traditional Networks (Left) and Converged Network (Right)
On a converged network, there are still many points of contact and many specialized devices, such as personal computers, phones, TVs, and tablet computers, but there is one common network infrastructure. This network infrastructure uses the same set of rules, agreements, and implementation standards.
Planning for the Future (1.2.1.2)
The convergence of the different types of communications networks onto one platform represents the first phase in building the intelligent information network. We are currently in this phase of network evolution. The next phase will be to not only consolidate the different types of messages onto a single network, but also consolidate the applications that generate, transmit, and secure the messages onto integrated network devices.
Not only will voice and video be transmitted over the same network, the devices that perform the telephone switching and video broadcasting will be the same devices that route the messages through the network. The resulting communications platform will provide high-quality application functionality at a reduced cost.
The pace at which the development of exciting new converged network applications is occurring can be attributed to the rapid growth and expansion of the Internet. This expansion has created a wider audience for whatever message, product, or service can be delivered. The underlying mechanics and processes that drive this explosive growth have resulted in a network architecture that is both capable of supporting changes and able to grow. As the supporting technology platform for living, learning, working, and playing in the human network, the network architecture of the Internet must adapt to constantly changing requirements for a high quality of service and security.
Reliable Network (1.2.2)
In this section you will learn about characteristics of a reliable network.
The Supporting Network Architecture (1.2.2.1)
Networks must support a wide range of applications and services, as well as operate over many different types of cables and devices that make up the physical infrastructure. The term network architecture, in this context, refers to the technologies that support the infrastructure and the programmed services and rules, or protocols, that move messages across the network.
As networks evolve, we are discovering that there are four basic characteristics that the underlying architectures need to address in order to meet user expectations:
- Fault tolerance
- Scalability
- QoS
- Security
Fault Tolerance in Circuit-Switched Networks (1.2.2.2)
Designing for unforeseen problems is an essential element of network design. This section explains how networks can manage unexpected equipment failure.
Fault Tolerance
The expectation is that the Internet is always available to the millions of users who rely on it. This requires a network architecture that is built to be fault tolerant. A fault-tolerant network is one that limits the effect of a failure, so that the fewest number of devices are affected by it. It is also built in a way that enables quick recovery when such a failure occurs. Fault-tolerant networks depend on multiple paths between the source and destination of a message. If one path fails, the messages can be instantly sent over a different link. Having multiple paths to a destination is known as redundancy, as shown in Figure 1-6.
Figure 1-6 Fault Tolerance
Circuit-Switched, Connection-Oriented Networks
To understand the need for redundancy, we can look at how early telephone systems worked. When a person made a call using a traditional telephone set, the call first went through a setup process. This process identified the telephone switching locations between the person making the call (the source) and the phone set receiving the call (the destination). A temporary path, or circuit, was created for the duration of the telephone call. If any link or device in the circuit failed, the call was dropped. To reconnect, a new call had to be made, with a new circuit. This connection process is referred to as a circuit-switched process and is illustrated in Figure 1-7.
Many circuit-switched networks give priority to existing circuit connections at the expense of new circuit requests. After a circuit is established, even if no communication is occurring between the persons on either end of the call, the circuit remains connected and resources are used until one of the parties disconnects the call. Because there are only so many circuits that can be created, it is possible to get a message that all circuits are busy and a call cannot be placed. The cost to create many alternative paths with enough capacity to support a large number of simultaneous circuits, and the technologies necessary to dynamically re-create dropped circuits in the event of a failure, are why circuit-switched technology was not optimal for the Internet.
Figure 1-7 Circuit-Switched Network
Packet-Switched Networks (1.2.2.3)
In the search for a network that was more fault tolerant, the early Internet designers researched packet-switched networks. The premise for this type of network is that a single message can be broken into multiple message blocks, with each message block containing addressing information to indicate the origination point and final destination. Using this embedded information, these message blocks, called packets, can be sent through the network along various paths, and can be reassembled into the original message when they reach their destination. Figure 1-8 demonstrates how packets can travel different paths and arrive at the correct destination for sorting.
The devices within the network itself are typically unaware of the content of the individual packets. The only packet information used by intermediate devices is the original source address and the final destination address. These addresses are often referred to as IP addresses, represented in a dotted decimal format such as 10.10.10.10. Each packet is sent independently from one location to another. At each location, a routing decision is made as to which path to use to forward the packet toward its final destination. If a previously used path is no longer available, the routing function can dynamically choose the next best available path. Because the messages are sent in pieces, rather than as a single complete message, the few packets that may be lost can be retransmitted to the destination along a different path. In many cases, the destination device is unaware that any failure or rerouting occurred.
Figure 1-8 Packet-Switched Network
The need for a single, reserved circuit from end to end does not exist in a packet-switched network. Any piece of a message can be sent through the network using any available path. Additionally, packets containing pieces of messages from different sources can travel the network at the same time. By providing a method to dynamically use redundant paths, without intervention by the user, the Internet has become a fault-tolerant method of communication.
Although packet-switched, connectionless networks are the primary infrastructure for today’s Internet, there are some benefits to a connection-oriented system like the circuit-switched telephone system. Because resources at the various switching locations are dedicated to providing a finite number of circuits, the quality and consistency of messages transmitted across a connection-oriented network can be guaranteed. Another benefit is that the provider of the service can charge the users of the network for the period of time that the connection is active. The ability to charge users for active connections through the network is a fundamental premise of the telecommunication service industry.
Scalable Networks (1.2.2.4)
Designing a network that will be able to efficiently expand is an important network design consideration.
Scalability
Thousands of new users and service providers connect to the Internet each week. In order for the Internet to support this rapid amount of growth, it must be scalable. A scalable network can expand quickly to support new users and applications without affecting the performance of the service being delivered to existing users. Figure 1-9 depicts a scalable network accepting additional users.
Figure 1-9 Scalability
The fact that the Internet is able to expand at the rate that it is, without seriously impacting the performance experienced by individual users, is a function of the design of the protocols and underlying technologies on which it is built. The Internet has a hierarchical, layered structure for addressing, for naming, and for connectivity services. As a result, network traffic that is destined for local or regional services does not need to traverse to a central point for distribution. Common services can be duplicated in different regions, thereby keeping traffic off the higher-level backbone networks.
Scalability also refers to the ability to accept new products and applications. Although there is no single organization that regulates the Internet, the many individual networks that provide Internet connectivity cooperate to follow accepted standards and protocols. The adherence to standards enables the manufacturers of hardware and software to concentrate on product development and improvements in the areas of performance and capacity, knowing that the new products can integrate with and enhance the existing infrastructure.
The current Internet architecture, while highly scalable, may not always be able to keep up with the pace of user demand. New protocols and addressing structures are under development to meet the increasing rate at which Internet applications and services are being added.
Providing QoS (1.2.2.5)
A well-designed network can prioritize network traffic to provide users with reliable quality of service, or QoS.
Quality of Service
Quality of service is also an ever-increasing requirement of networks today. New applications available to users over internetworks, such as voice and live video transmissions, as shown in Figure 1-10, create higher expectations for the quality of the delivered services. Have you ever tried to watch a video with constant breaks and pauses?
Networks must provide predictable, measurable, and, at times, guaranteed services. The packet-switched network architecture does not guarantee that all packets that comprise a particular message will arrive on time and in their correct order, or even that they will arrive at all.
Networks also need mechanisms to manage congested network traffic. Network bandwidth is the measure of the data-carrying capacity of the network. In other words, how much information can be transmitted within a specific amount of time? Network bandwidth is measured in the number of bits that can be transmitted in a single second, or bits per second (bps). When simultaneous communications are attempted across the network, the demand for network bandwidth can exceed its availability, creating network congestion. The network simply has more bits to transmit than what the bandwidth of the communications channel can deliver.
In most cases, when the volume of packets is greater than what can be transported across the network, devices queue, or hold, the packets in memory until resources become available to transmit them, as shown in Figure 1-10. Queuing packets causes delay because new packets cannot be transmitted until previous packets have been processed. If the number of packets to be queued continues to increase, the memory queues fill up and packets are dropped.
Achieving the required QoS by managing the delay and packet loss parameters on a network becomes the secret to providing a successful solution for end-to-end application quality. One way this can be accomplished is through classification. To create QoS classifications of data, we use a combination of communication characteristics and the relative importance assigned to the application. We then treat all data within the same classification according to the same rules. For example, communication that is time-sensitive, such as voice transmissions, would be classified differently from communication that can tolerate delay, such as file transfers.
Figure 1-10 Priority Queuing
Examples of priority decisions for an organization might include
- Time-sensitive communication: Increase priority for services like telephony or video distribution
- Non-time-sensitive communication: Decrease priority for web page retrieval or email
- High importance to organization: Increase priority for production control or business transaction data
- Undesirable communication: Decrease priority or block unwanted activity, like peer-to-peer file sharing or live entertainment
Providing Network Security (1.2.2.6)
Security is one of the most important design elements in a computer network.
Security
The Internet has evolved from a tightly controlled internetwork of educational and government organizations to a widely accessible means for transmission of business and personal communications. As a result, the security requirements of the network have changed. The network infrastructure, the network services, and the data contained on network-attached devices are crucial personal and business assets. Compromising the integrity of these assets could have serious consequences, such as
- Network outages that prevent communications and transactions from occurring, with consequent loss of business
- Intellectual property (research ideas, patents, or designs) that is stolen and used by a competitor
- Personal or private information that is compromised or made public without the user’s consent
- Misdirection and loss of personal or business funds
- Loss of important data that takes a significant labor to replace, or is irreplaceable
There are two types of network security concerns that must be addressed: network infrastructure security and information security.
Securing a network infrastructure includes physically securing devices that provide network connectivity, and preventing unauthorized access to the management software that resides on those devices.
Information security refers to protecting the information contained within the packets being transmitted over the network and the information stored on network-attached devices. Security measures taken in a network should prevent the following:
- Unauthorized disclosure
- Theft of information (see Figure 1-11)
- Unauthorized modification of information
Denial of service (DoS)
Figure 1-11 Security in a Computer Network.
In order to achieve the goals of network security, there are three primary requirements:
- Ensuring confidentiality: Data confidentiality means that only the intended and authorized recipients—individuals, processes, or devices—can access and read data. This is accomplished by having a strong system for user authentication, enforcing passwords that are difficult to guess, and requiring users to change their passwords frequently. Encrypting data, so that only the intended recipient can read it, is also part of confidentiality.
- Maintaining communication integrity: Data integrity means having the assurance that the information has not been altered in transmission, from origin to destination. Data integrity can be compromised when information has been corrupted—willfully or accidentally. Data integrity is made possible by requiring validation of the sender and by using mechanisms to validate that the packet has not changed during transmission.
- Ensuring availability: Availability means having the assurance of timely and reliable access to data services for authorized users. Network firewall devices, along with desktop and server antivirus software, can ensure system reliability and the robustness to detect, repel, and cope with such attacks. Building fully redundant network infrastructures, with few single points of failure, can reduce the impact of these threats.