Home | Products | Services | Case Studies | Technical Information | Press Room
 

 

  
CONTENTS    

1. INTRODUCTION

A definition of LANs

A brief history of LANs

2. MAIN TYPES OF LAN

Carrier Sense Multiple Access with Collision Detect (CSMA/CD) – Ethernet

Carrier Sense Multiple Access with Collision Detection

Token Ring

Token Bus

Fibre Distributed Data Interface (FDDI)

Other types of LAN

Apple Talk

ARCnet

3. PHYSICAL MEDIA

Copper Cabling

Co-axial

Thick Ethernet

Thin Coax

Twisted Pair

Crossover wiring

Backwards compatibility

Power over Ethernet

Fibre Optic Cabling

Types of Fibre

Structured Wiring

Wireless LAN

Introduction

802.11

Wireless LAN In PCs

The future of wireless networks

4. NETWORK COMPONENTS

PC Cards

Intelligent PC cards

Terminal Servers

Host Servers

Resources

File Servers

Printers

5. NETWORKING LANs

Network Repeaters

Network Hubs

Network Bridges

Spanning Tree

Network Routers

Transport of WAN Protocols Over Routers

Ethernet Switches

Ethernet Switch Introduction

Forwarding Methods

Gateways

6. LIMITATIONS OF LANS

Capacity

RMON

7. SOFTWARE ARCHITECTURES

Netware

IBM APPC

Netbios

LAN Manager

Windows NT

OSI – Open Systems Interconnection

Introduction

OSI Standards

MAP – Manufacturing Automation Protocol

TOP – Technical and Office Protocols

GOSIP (Government Open Systems Interconnection Profile)

8. ETHERNET & TCP/IP – DE FACTO STANDARDS

Introduction

TCP/IP Architectures

Transmission Control Protocol

Layer 1 – The Physical Layer

Layer 2 – The Data Link Layer

Layer 3 – The Network Layer

Layer 4 – Transport Layer

Layer 7 – Application layer

9. NETWORK FEATURES

Quality of Service

Why do we require a Quality of Service?

Applications requiring QoS

Obtaining QoS

Types of QoS

IntServ

DiffServe

MultiLayer Network Equipment

MPLS (Multiprotocol Label Switching)

10. VIRTUAL LANS

Introduction

VLAN Standards

Types of VLAN

Virtual Private Networks

What is a VPN?

Types of VPN

IP Sec- IP Security

Introduction to Ipsec

IP Sec and IPV6

IP Sec Protocols Operate at Layer 3

11. ENCRYPTION

Introduction

What is encryption?

Types of Cipher

Encryption Algorithms

12. PRODUCT TRENDS

Industry Standard Hardware and Open Source Software

Why Don’t All Organisations Purchase Open Source products?

 

SUMMARY

GLOSSARY

SUMMARY OF STANDARDS AND RECOMMENDATIONS

BIBLIOGRAPHY

WEB REFERENCES
 

10. VIRTUAL LANS

Introduction

A virtual LAN, commonly known as a VLAN, is a logically segmented network mapped over physical hardware. IEEE 802.1Q is the predominant protocol. Prior to this, Cisco was one of many companies which had a proprietary protocol: Cisco used a variant of IEEE 802.10 called Inter-Switch Link (ISL).

VLAN technology allows network managers to group switch ports and users connected to them into logically defined communities of interest. These groupings can be co-workers within the same department, a cross-functional product team, or diverse users sharing the same network application or software (such as Lotus Notes users). Grouping these ports and users into communities of interest, referred to as VLAN organizations, can be accomplished within a single switch, or more powerfully, between connected switches within the enterprise. By grouping ports and users together across multiple switches, VLANs can span single building infrastructures, interconnected buildings, or even wide-area networks (WANs).

Early VLANs were often configured to reduce the size of the collision domain in a large single Ethernet segment to improve performance. When Ethernet switches made this a non-issue (because they have no collision domain), attention turned to reducing the size of the broadcast domain at the MAC layer. Another purpose of a virtual network is to restrict access to network resources without regard to physical topology of the network, although the strength of this method is debatable.

Virtual LANs operate at layer 2 of the OSI model. However, a VLAN is often configured to map directly to an IP network, or subnet, which gives the appearance it is involved in layer 3.

Switch to switch links and switch to router links are called trunks. A router serves as the backbone for traffic going across different VLANs.

VLANs can be configured in various ways:

  • Protocol level, IP, IPX, LAT, etc
  • MAC address based.
  • IP subnet based.
  • Port based, and therefore real world based, say by accounting versus marketing departments.

VLAN Standards

IEEE 802.1Q was a project in the IEEE 802 standards process to develop a mechanism to allow multiple bridged networks to transparently share the same physical network link without leakage of information between networks. IEEE 802.1Q is also the name of the standard issued by this process, and in common usage the name of the encapsulation protocol used to implement this mechanism over Ethernet networks.

IEEE 802.1Q defines the meaning of a virtual LAN or VLAN with respect to the specific conceptual model underpinning bridging at the MAC layer and to the IEEE 802.1D spanning tree protocol.

Types of VLAN

VLANs can be static, dynamic, or port-centric and there are two methods of establishing a VLAN: frame-tagging and frame-filtering. Frame-tagging changes the information that is contained within the layer 2 frame, so that switches may forward the VLAN traffic to their correct VLAN destination and return the frame to its normal format. Frame-filtering involves the switch looking for certain criteria in the layer 2 frame and using this matching system to forward the traffic to its correct VLAN and destination.

A layer 2 device can implement VLANs in different ways:

  • Open VLANs have a single MAC address database for all VLANs
  • Closed VLANs have a separate MAC address database for each VLAN
  • Mixed Mode VLANs can be configured as Open or Closed on a VLAN basis.

Closed VLANs are generally considered more secure than Open VLANs.

Top 

Virtual Private Networks

What is a VPN?

Where LANs are interconnected via a common IP network (such as over the Internet) a common cost saving method is to form a Virtual Private Network, or VPN. In effect this is a tunnel through the Internet, which emulates a private network for the organisation.

Types of VPN

Secure VPNs use cryptographic tunneling protocols to provide the necessary confidentiality (preventing snooping), sender authentication (preventing identity spoofing), and message integrity (preventing message alteration) to achieve the privacy intended. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks.

Because such choice, implementation, and use are not trivial, there are many insecure VPN schemes on the market.

Secure VPN technologies may also be used to enhance security as a 'security overlay' within dedicated networking infrastructures. Secure VPN protocols include the following:

  • Ipsec (IP security), an obligatory part of IPv6.
  • SSL used either for tunneling the entire network stack, such as in OpenVPN, or for securing what is essentially a web proxy. Allthough the latter is often called a “SSL VPN” by VPN vendors, it is not really a fully-fledged VPN.
  • PPTP (point-to-point tunneling protocol), developed by Microsoft.

Trusted VPNs do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic. Multi-protocol label switching (MPLS) is commonly used to build trusted VPNs. Other protocols for trusted VPNs include:

  • L2F (Layer 2 Forwarding), developed by Cisco
  • L2TP (Layer 2 Tunnelling Protocol), including work by both Microsoft and Cisco
  • L2TPv3 (Layer 2 Tunnelling Protocol version 3).

Top 

IP Sec – IP Security

Introduction to Ipsec

IPSec is an abbreviation of IP security, is a standard for securing IP communications by encrypting and authenticating all IP packets. IPsec provides security at the network layer.

IPsec is a protocol suite (i.e., a set of interdependent protocols) consisting of

1. Protocols for securing packet flows

There are two:

a. Encapsulating Security Payload (ESP) provides authentication, data confidentiality and message integrity;

b. Authentication Header (AH) provides authentication and message integrity, but does not offer confidentiality (which is why it is not used as pervasively as ESP).

So why keep AH if EPS can do the same and even more? The answer lies in the past. Originally AH was only used for integrity and ESP was used for encryption.

2. Key exchange protocols used for setting up those secure flows

Currently only one key exchange protocol is defined, the IKE protocol.

IP Sec and IPV6

IPsec is an obligatory part of IPv6 the new IETF Internet standard for Internet Protocol packet traffic, and is optional for use with IPv4. As a result, IPsec is expected to become more widely deployed as IPv6 becomes more popular. IPsec protocols are defined by RFCs 2401-2412. Work is progressing to release updated replacement documents.

IP Sec Protocols Operate at Layer 3

IPsec protocols operate at layer 3 of the OSI model, which makes them suitable for protecting both TCP and UDP-based protocols when used alone. This means that, compared with transport layer and above protocols such as SSL (OSI Layer 6), which cannot protect UDP level traffic, the IPsec protocols must cope with reliability and fragmentation issues, adding their complexity and processing overhead. SSL/TLS, in contrast, rely on a higher level layer TCP (OSI Layer 4) to manage reliability and fragmentation.

 

Top 

 

< Previous section Next section >

 

    
Technical Information > Case Pocket Books > This page  
 Top Copyright © Case Communications 2005