Centralized/ De-Centralized Internet Access and Inter-branch WAN Connectivity for Enterprises


Centralized/ De-Centralized Internet Access and Inter-branch WAN Connectivity for Enterprises

Most of the companies have multiple branches. And almost all of them connect to each other over WAN (Wide Area Network). Each branch needs Internet connectivity as well. So, what kind of connectivity architecture do companies adopt? Which architecture is better – MPLS WAN Connectivity and Centralized Internet Access (or) De-centralized Internet Access at each branch, while still connecting to other branches using MPLS Links (or) Virtual Private Networks using just Internet Leased Lines at all branches? We will find out, in this article.
A number of companies still have Point to Point Leased Lines to connect to other branches but we are not considering that architecture here as MPLS connectivity is clearly a better (and a more cost effective) option these days – Click here to read the advantages of MPLS Circuits over point to point Leased Lines. Also, click here if you are new to Internet Leased Lines – We have listed their advantages over broadband connectivity for Internet Access.

MPLS WAN Connectivity and Centralized Internet Access

MPLS WAN Connectivity and Centralized Internet Access - Architecture DiagramIn this architecture, each branch including the head office are connected to each other (in a mesh, actually) through the MPLS Circuits. Just one MPLS circuit is enough for one location though. The Internet Leased Line is taken at the head office and all the individual branches can access Internet by accessing the head office network first (through MPLS network) and then accessing the Internet Leased Line from there. So, the branches do not have direct (individual) Internet connections.
The main advantage of this architecture is the centralization of the Internet Access Policies and the Security Policies – They can be applied from one location in the head office, which gives more control to the head office over what is/ can be accessed over the entire network. This is also a cost effective option, as the Internet at the head office is shared between the multiple branches and since companies pay in full for the capacity ordered (2 Mbps for example), the under utilization of available bandwidth at any point of time can be minimized.
The main disadvantage is that the speed of Internet access at the branches can be quite slow (especially during peak access times). Since the same circuit is carrying both Internet traffic as well as real time traffic like voice and video, data traffic (Internet) might slow down the real time traffic, especially if end to end QoS parameters are not configured.

MPLS WAN Connectivity and De-centralized Internet Access (Internet connectivity at every branch)

De-centralized Internet Access along with MPLS Connectivity for each branch - Architecture DiagramThis WAN Connectivity architecture is similar to the previous one as each branch is connected to every other branch using MPLS circuits. But instead of having centralized Internet access, each branch has its own Internet access using Internet Leased Lines/ broadband connections. So, the inter-branch communications (ERP, VOIP, Video Conferencing, etc) travel in the MPLS circuits between the branches and the Internet traffic goes to the Internet Leased Lines from the branches itself without disturbing the MPLS circuits.
The main advantage of this architecture is, if planned well, can give the best performance for real time traffic, data traffic and Internet traffic. The users in the branches would no longer experience slow Internet access. This architecture also enables to maintain a good performance without increasing the costs too much by having broadband connections at smaller branches for Internet access instead of Internet leased lines, as broadband connections are much cheaper. This method is very effective especially if all the branches are within a single country.
The disadvantages could be the higher costs and more chances of not utilizing the bandwidth capacity paid for in each branch (for Internet Leased Lines). The costs for global MPLS connectivity is very high, and hence it is difficult to implement for companies with multiple branches across the globe.

Virtual Private Networks using Internet Leased Lines at all the branches

Virtual Private Networks using Internet Leased Lines and Routers/ UTM in all branches - Architecture DiagramThis WAN architecture is gaining a lot of traction, of late. Here, all the branches and the head office procure Internet Leased Lines and get connected to the Internet that way. A Virtual Private Network is then established using a variety of methods, with each branch connecting to all other branches securely over the Internet. For example, if Routers are used to terminate the Internet Leased Lines, then they also support a certain number of IPSec/ SSL VPN Sessions between them (two or more such devices). The number of concurrent session licenses can also be upgraded in most of the Routers. The VPN network can also be created by using UTM – Unified Threat Management devices, VPN Concentrators, Wireless LAN Controllers, etc. So, using techniques like Tunneling and Encryption, a secure network is formed over the Internet for all the inter-branch communications. The Internet traffic is allowed to go to the Internet as usual, without any encryption.
The obvious advantage of this architecture is the cost reduction as one network can do the tasks of inter-branch secure communications as well as giving Internet access, at each branch. This is architecture is especially useful for globally spread enterprises. This architecture also allows remote access of the network by workers on the field and those working from home as IPSec/ SSL VPN’s can be set up between the branches and roaming employees with proper network access credentials. The cost of Internet Leased Lines are coming down rapidly. Redundancy can be established by having multiple Internet Leased Line connections from different ISP’s and most of them give SLA – Service Level Agreements which ensures that the network is up for maximum possible time.
The main disadvantage is the performance – especially for real time applications like voice and video – The Internet is an unpredictable network and there will always be packet losses. Apart from that, there is no way of establishing End to End Quality of Service (QoS) parameters as the Internet is a public network and the connections pass through a number of Routers in between. Another disadvantage is using one connection for all the applications – if there is a lot of data traffic, the voice/video traffic gets delayed!
This article talks about the different architectures available for wide area network connectivity. You could read about the various options available for wide area network connectivity here.
What has been your experience with WAN Connectivity? Have you considered other options like 3G Networks ? Please do share your experiences in the comments section. You could also contact us using the contact form.
You could stay up to date with the various computer network technologies by subscribing to this blog – Please enter your email address in the box that’s titled “Get email updates when new articles are published” and we’ll send you the title and summary of a new article when its published.

Enterprise internet wan Link Connetivity Redundancy & load balancing


Enterprise Internet (WAN) Link Connectivity – Redundancy and Load Balancing


While taking a single 2 Mbps Internet Leased Line Link might be more cost effective than taking two 1 Mbps ILL Links from multiple service providers, the various enterprise WAN Link termination/ connectivity devices come with good redundancy and load balancing options  with multiple ILL Links, which can avoid single point failures at the most important point in the network – WAN/ Internet Gateway.

Terminating Internet (WAN) Links on a UTM Device (Unified Threat Management Device):

WAN Link redundancy and UTM device redundancy (high availability) and load balancing architecture diagramYou can terminate a WAN Link (Including Internet Leased Lines) on to a UTM (Unified Threat Management) device directly, without having to terminate it on a router first, and having the UTM device behind it. UTM’s have grown beyond just allowing termination of links – they provide device level redundancy as well as link level redundancy.
As shown in the left hand side diagram, with some UTM vendors, if two UTM devices are connected in that fashion, full device level redundancy can be achieved. That is, if one UTM device fails, the other device takes over. Mostly in such configurations, one of the devices is in passive mode./ both of them can be in active mode, as well. Its important to have such device level redundancy at the WAN gateway to avoid WAN disconnections as having just one device leads to single point of failure.
On the right hand side of the diagram, the link level redundancy and the load balancing features of the UTM devices are represented. If you have a couple of Internet links (recommended), you could terminate both of them on a UTM device (either in active-active or in active-passive mode) so that when one link fails, the Internet traffic continues to flow through the other link. If both the links are up, some vendors even allow load balancing of the Internet traffic, between them. The maximum number of links supported in this configuration can be more than just two, and depends on the UTM device vendor.
The Load balancing can be done on a per destination basis, round robin basis, percentage (50%-50%) basis or maximum threshold basis, and some vendors allow customers to choose from any of the options.

Terminating Internet (WAN) Links on a Router:

WAN device redundancy and link redundancy and link failover in Routers
Routers have been the most popular way of terminating Internet Leased Lines (and other WAN connections). So, routers have built in device level redundancy (the configuration shown in the diagram is just an example, and the connectivity may change depending on the vendor) so that even if one router fails, the Internet (WAN) traffic is forwarded through the other router. These routers can be in active-active or active-passive mode. The diagram on the right shows the link level redundancy where if one of the Internet links fail, the traffic continues to go through the other link. Load balancing can be enabled within all the links that are connected to the router.
Routers can terminate multiple types of WAN Interfaces including E1/T1/T3, DS3, FE, ADSLx (broadband), Serial, ISDN, 3G, G.SHDSL, Dial-up, etc. Many enterprise routers are modular in nature, and can accommodate specific modules at any point of time to include any of the supported WAN interfaces for that model.

Terminating Multiple Internet WAN Links on a Link Load Balancer:

Link Load Balancer architecture diagram
A Link Load Balancer is a hardware appliance which accepts multiple Internet (WAN) links from multiple service providers and allows the users to use the full capacity of all the links connected to it and fail over to other links, when a link from a particular service provider is suddenly down. This provides link level redundancy to the Internet Links terminating to an organization (assuming that each link is from a different service provider). Link Load Balancers also do load balancing of Internet (WAN) traffic across the various links connected to it, so that all the lines are optimally utilized.
Some Link Load Balancers provide even device level redundancy when two such devices are used. But this feature is available only with certain vendors. Some of them support QoS policies and bandwidth shaping policies to be applied to critical traffic like voice, video, etc to ensure that certain minimum bandwidth/ priority is allocated to real time traffic traversing over the Internet.
So, its possible to achieve both link level and device level redundancy for enterprise Internet (WAN) link connectivity to try and provide uninterrupted Internet access to all the employees, as far as possible. It is also recommended that companies use these redundancy and load balancing features for connecting WAN/ Internet links.

Mobile broadband 3g /4g LTE


A short note on 3G/4G LTE (Long Term Evolution) Mobile broadband networks


Mobile broadband networks are becoming increasingly faster and increasingly more pervasive. In this article, let us have a look at one popular technology – The 3GPP LTE (Long Term Evolution) – 3.9G/4G network which has enabled anytime/ anywhere high capacity mobile broadband access.
If you are looking to upgrade to 4G technology from 3G/3.5G today, think again! 4G technology is not available, yet. What is available in few markets (as 4G) is actually 3.9G LTE – Long Term Evolution Technology. Its also called Pre-4G technology. 4G comes with Long Term Evolution Advanced standard, which will be released shortly.
If you belong to an enterprise company, why bother about this at all – You have a huge fat pipe of Internet Leased Lines from service providers, right? Well, 3G had its share of enterprise applications. With LTE and 4G getting faster and cheaper, there is a good chance that these mobile broadband technologies might have even more applications (at the enterprise level) and replace some fixed line connections – at least in smaller/ remote branches.
So, how fast is LTE? Since this is a Pre-4G standard, the minimum data rates are –  i. 100 Mbps (Downlink peak rate), ii. 50 Mbps (Uplink peak rate). When the 4G Standard comes along (LTE Advanced), there will be data rates up to 1000 Mbps for fixed networks. The RTT (Round Trip Time) for LTE networks is (should be) less than 10 ms. So, low latency based real time applications like video and multimedia are supported on LTE networks.
LTE operates in multiple frequency bands (depending up on the continent). The commonly used frequency bands are 700/900/1800/1900/2600 Mhz. So, if you have a Quad band handset (mobile phone), there is a good chance that 4G will be supported in many countries.
LTE is forward compatible with LTE advanced standard. So, if you buy an LTE enabled mobile phone today, it would work with LTE Advanced networks of tomorrow as well, but with the speeds of LTE network.
One important aspect of an LTE network is the fact that it is an All IP network at both Core and Access levels. Even voice runs as Voice Over IP Protocol (VOIP) on LTE Networks. Because of this, LTE networks have advantages like,
  • QoS – End to End QoS (Quality of Service) settings can be applied over LTE networks to support real time applications.
  • Broadcast/ Multicast supported network.
  • Supports VPN – Virtual Private Networks.
  • LTE supports MPLS connectivity.
LTE networks uses OFDM (Orthogonal Frequency Division Multiplexing) and MIMO (Multiple In and Multiple Out) technologies to achieve cell coverage areas of around 5 to 100 KM.
LTE is a 3GPP Standard (Third Generation Partnership Project), in which a lot of telecommunications companies around the world, are a part. This enables interoperability and bulk manufacturing which decreases the overall cost of the implementation of technology.
Many devices like netbooks, laptops, tablet computers, gaming devices, etc come (or will come) with integrated LTE modules for easier access of the LTE network. Even otherwise, there are external modems/ USB dongles which can be connected, to enable LTE network access. With some vendors/ operators, it is possible to fall back to 3G/HSPA technologies in areas where there is no coverage for LTE/4G networks.
There are a lot of advantages of mobile broadband networks. Its possible to access the Internet while on the move, or from anywhere there is network coverage. There is no need (or time involved) for laying of cables to the customer premises. But there are some limitations, like the battery power (on mobile phones) that need to be improved drastically to enable prolonged access to Internet. Cost is another factor that needs to be considered – Customers may not pay more for speeds that they don’t need. It takes substantial amount of investment (on service provider side) to introduce LTE over a large area.

Accessing Internet over Power Line



Accessing Internet over Power Line

The power lines, are present in almost all the localities (including rural homes). Is it possible to access Internet through these all-reaching power lines? And more importantly, is it feasible? We’ll look at both the technology (Called as BPL – Broadband Over Power Lines / PLC – Power Line Communications) and its advantages/dis-advantages, in this article.

Is it possible to access Internet over the Power Lines?

In short, Yes. The technology for transmitting data along with power has been there for quite some time. Earlier, the SCADA signals used to be transmitted along the power lines in order to take some important readings. Now, Internet access is possible through power lines, as data (Through RF signals) can be bundled along with electric current to enable Internet access along with power, with the same power lines.
There have even been some announcements of deployments of BPL here and there. But the main reason that we do not see large scale deployments is because of the Interference issue – BPL (Broadband over Power Lines) interferes with Short wave / Low range wireless communications (Ham radio’s included).

What kind of technology is used to enable Internet over Power Lines?

The basic principle used to carry electric current and data (Through RF Signals) is that, they vibrate at different frequencies and hence don’t interfere with each other.
There are three types of Power Lines – The High Voltage Lines (that carry – Hundreds of Kilo Watts), Medium Voltage Lines (Few Kilo Watts) and Low Voltage Lines (Few hundred Watts). Power is transmitted in all the three type of lines starting from power stations to the subscriber homes.
Since power in High Voltage Lines vibrate at multiple frequencies across the spectrum, data cannot be transmitted using them. So, a separate cable (Like Optical Fiber Cable) needs to be used along this stretch to carry data, separately from the power lines.
Data can be transmitted (In the form of RF signals, the same kind used in wireless networks) over Medium Voltage lines but there is a distance limitation. So, repeaters are used to amplify these signals and they are re-transmitted from multiple locations.
Transformers convert the medium voltage current in to low voltage current that is suitable for individual home consumption. But data (RF signals) cannot travel through the transformers. Hence, some specialized equipments (like CT Couplers) are used for RF signals to bypass the transformers. From there on, they go in to the home wiring using the low voltage power lines.
Some times, wireless access points are installed in the poles itself, and the data is carried through the wireless medium (as Wi-Fi signals), in to the homes. But normally, they are taken in to homes along with the low voltage power lines.
There are power line modems that connect to the electrical power supply at one end and computers at the other – through CatV Twisted Pair Copper Cables (And RJ-45 Jacks), to enable Internet connectivity.

Are there any Standards & What are the speeds that can be achieved for Internet over Power Lines?

Earlier, it was 3.1 Mbps Internet connectivity that would be shared among multiple users. But these days, since the IEEE 1901 Standard for BPL technology has been released, speeds of up to 200/ 500 Mbps is possible and data signals can travel distances of up to 1500 meters.

What are the advantages of accessing Internet over Power Lines?

Since the power lines reach almost every home (mostly), new cables need not be laid at many locations to enable copper/ fiber based Internet connectivity. This reduces the time and cost of laying new cables. This is especially very useful in rural/ hilly areas which are not connected by copper cables for broadband access.
There are equipments available to calculate the amount of Internet bandwidth consumed by each user, over these power lines. The RF technology used to carry data over power lines is well understood and reliable. BPL technologies can be used only for the last mile connectivity, in places which are not already connected with existing cables.

What are the disadvantages of transmitting Internet over Power Lines?

The main disadvantage is the Interference caused due to the BPL technologies to Short Wave/ Low range communications, including Ham Radios. These frequencies are used even by Governments during emergencies and are reserved, in most countries. Another disadvantage is the maturity of other forms of broadband technologies.
Even in rural areas, mobile broadband technologies have started to penetrate along with copper cables (for DSL) and Satellite based Broadband access. Due to large number of subscribers for these technologies, the cost of Internet access through the alternate Internet access technologies is coming down rapidly.
If electric power is cut, the Internet (and telephony, if VOIP/ IP Telephony is used) also gets terminated. In most of the areas, power is provided using State run companies or exclusive monopoly based power companies, some of which may not be in a position to give good support/ trouble shooting.

STP , RSTP, MSTP


Understanding Spanning Tree Protocols – STP, RSTP, MSTP

STP is the short form for Spanning Tree Protocol & RSTP (Rapid Spanning Tree Protocol), MSTP (Multiple Spanning Tree Protocol) are all advanced/ improved implementations of STP. In this article, we will try to understand the basic concepts of Spanning Tree Protocols and their implementation.

What is Spanning Tree Protocol (STP) and why is it required?

Spanning Tree Protocol, and its improved versions, are required mainly for two reasons – To prevent network loops (due to multiple paths to the same destination) & to introduce redundancy in the link connections (if one link fails, the data is still routed through a different link/route).


Network loops sometimes happen inadvertently, especially in large networks. When there are two or more paths to the same destination, there is a danger of broadcast packets getting in to an infinite loop and hence causing congestion in the network. So, STP is used to identify the best path to the destination, and block all other paths (links). The blocked links are not always discarded. They are connected and kept inactive by STP, so that, when the best path fails – the next best path can be achieved by activating the blocked links.
Spanning Tree Protocol Example Diagram
Consider the above diagram. For the moment, let us concentrate on the Switch A, B & C. Switch C is connected to Switch A & Switch B via direct links. But there is another link (marked in red) that goes from Switch A to Switch B. If no Spanning Tree Protocol is applied in this scenario, there would be looping of data and hence broadcast congestion in the network.
But if STP enabled switches are employed, the link L3 is effectively blocked from transmitting any data. Its very much connected to the Switches A & B and keeps listening to the network. If either L1 or L2 links fail, this link (L3) automatically gets activated. This provides for both link redundancy and switch redundancy in the network.
Similarly, Switches C, D, E, F & G can also provide link redundancy if they are connected as shown in the above diagram & STP/RSTP enabled switches are employed.

Electing the Root:

Electing the Root bridge/ Root Switch is one important process in Spanning Tree Protocol. It is with reference to the Root Switch that all the other switches determine their best cost path. The Root Switch is the Central reference Switch. In our above diagram, Switch C could be considered as the Root bridge as it is in the central location.
Generally, the root switch is elected by selecting the switch with the lowest bridge ID. Its possible (and recommended) to manually select the root switch. If it is not selected manually, the switches will themselves elect a root switch. If the root switch fails, all the other switches repeat the election process and select a new root switch, from the available switches. The other switches in the network are called designated switches.

Link Costs:

There is a certain cost assigned to every link. For example, higher bandwidth (1000 Mbps) links that are directly connected/ close to the root are assigned a lower cost (and) lower bandwidth (10 Mbps) links that are multiple hops away from the root are assigned a higher cost. Once link costs are estimated, STP/RSTP determines the lowest cost connections from each designated switch to the root switch to determine the path with the lowest cost. It also blocks all the other higher cost links to avoid looping in the network.

BPDU Messages:

BPDU stands for Bridge Protocol Data Units. BPDU, are messages (in a certain format) that are exchanged between the switches that participate in the STP/ RSTP process. The switches pass BPDU messages between them continuously (after every two seconds, for example) to exchange their understanding of the network topology / routes/ link costs, etc. They establish the best path (least cost) connections to the root switch with the help of BPDU messages obtained from other switches.
Whenever there is a change in the network parameters (link/switch down, new link/new switch added, etc), it is detected and topology-change BPDU is sent to all the switches / switch ports by the root switch. The designated switches then adjust their filtering/ forwarding tables with this information to determine the new location/ routes to the end stations (computers).

RSTP – Rapid Spanning Tree Protocol:

The above processes are common to STP/RSTP & MSTP. With STP, the detection and reconfiguration of network topology changes (when a cable is cut/ new switch is added) takes some time – like 30-50 seconds. Since, a lot of critical / time sensitive applications are running on the LAN, this inactive period may not be acceptable. So, Rapid Spanning Tree Protocol (RSTP) was conceived to overcome this problem (RSTP takes 5-6 seconds to update and re-configure the new network topology/ routes).
In RSTP, link status of each port are monitored pro-actively (instead of waiting for the BPDU messages) to detect network topology changes. RSTP is backward compatible with STP switches.
The Switch ports that participate in RSTP have three states – Discarding (Does not accept/ forward any data but listens to BPDU messages), Learning (Once the network topology change is detected/ activation request comes via the BPDU message and filtering/ forwarding table creation is initiated) & Forwarding (RTSP ports start accepting and forwarding data packets/ frames).

MSTP – Multiple Spanning Tree Protocol:

MSTP (Multiple Spanning Tree Protocol) can map a group of VLAN’s into a single Multiple Spanning Tree instance (MSTI). Which means, the Spanning Tree Protocol is applied separately for a set of VLAN’s instead of the whole network. Different root switches and different STP parameters can be individually configured for each MSTI. So, one link can be active for one MSTI and the other link active for the second MSTI. This enables some degree of load-balancing and generally two MSTI’s are used in the network for easier implementation.

Amaravathitech.in

You could stay up to date on the various computer networking/ related IT technologies by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’