The Network as a Platform (1.3)
The network has become a platform for distributing a wide range of services to end users in a reliable, efficient, and secure manner.
The Converging Network (184.108.40.206)
Modern networks are constantly evolving to meet user demands. Early data networks were limited to exchanging character-based information between connected computer systems. Traditional telephone, radio, and television networks were maintained separately from data networks. In the past, every one of these services required a dedicated network, with different communication channels and different technologies to carry a particular communication signal. Each service had its own set of rules and standards to ensure successful communication.
Consider a large school in the early 1990s. Back then, classrooms were cabled for the public announcement network, the telephone network, a video network for televisions, a data network, and perhaps a security network. These separate networks were disparate, meaning that they could not communicate with each other, as shown in Figure 1-15a.
Figure 1-15 Multiple Networks Versus Converged Networks
Advances in technology are enabling us to consolidate these different kinds of networks onto one platform, referred to as the converged network. Unlike dedicated networks, converged networks are capable of delivering voice, video streams, text, and graphics among many different types of devices over the same communication channel and network structure, as shown in Figure 1-15b. Previously separate and distinct communication forms have converged onto a common platform. This platform provides access to a wide range of alternative and new communication methods that enable people to interact directly with each other almost instantaneously.
In a converged network, there are still many points of contact and many specialized devices, such as personal computers, phones, TVs, and tablet computers, but there is one common network infrastructure. This network infrastructure uses the same set of rules, agreements, and implementation standards.
Planning for the Future (220.127.116.11)
The convergence of the different types of communications networks onto one platform represents the first phase in building the intelligent information network, as shown in Figure 1-16. We are currently in this phase of network evolution. The next phase will be to consolidate not only the different types of messages onto a single network but to also consolidate the applications that generate, transmit, and secure the messages onto integrated network devices.
Figure 1-16 Intelligent Information Network
Not only will voice and video be transmitted over the same network, but the devices that perform the telephone switching and video broadcasting will also be the same devices that route the messages through the network. The resulting communications platform will provide high-quality application functionality at a reduced cost.
The pace at which the development of exciting new converged network applications is occurring can be attributed to the rapid growth and expansion of the Internet. With only about 10 billion of potentially 1.5 trillion things currently connected globally, there is vast potential to connect the unconnected through the IoE. This expansion has created a wider audience for whatever message, product, or service can be delivered.
The underlying mechanics and processes that drive this explosive growth have resulted in a network architecture that is both capable of supporting changes and able to grow. As the supporting technology platform for living, learning, working, and playing in the human network, the network architecture of the Internet must adapt to constantly changing requirements for a high quality of service and security.
The Supporting Network Architecture (18.104.22.168)
Networks must support a wide range of applications and services, as well as operate over many different types of cables and devices, which make up the physical infrastructure. The term network architecture, in this context, refers to the technologies that support the infrastructure and the programmed services and rules, or protocols, that move messages across the network.
As networks evolve, we are discovering that there are four basic characteristics, as shown in Figure 1-17, that the underlying architectures need to address in order to meet user expectations:
- Fault tolerance (Figure 1-17a)
- Scalability (Figure 1-17b)
- Quality of service (QoS) (Figure 1-17c)
- Security (Figure 1-17d)
Figure 1-17 Characteristics of a Reliable Network
Fault Tolerance in Circuit-Switched Networks (22.214.171.124)
With our reliance on networks, certain precautions must be taken to ensure that the network functions as designed, even if things go wrong.
The expectation is that the Internet is always available to the millions of users who rely on it. This requires a network architecture that is built to be fault tolerant. A fault-tolerant network is one that limits the impact of a failure so that the fewest number of devices are affected by it. It is also built in a way that allows quick recovery when such a failure occurs. These networks depend on multiple paths between the source and destination of a message. If one path fails, the messages can be instantly sent over a different link. Having multiple paths to a destination is known as redundancy.
Circuit-Switched Connection-Oriented Networks
To understand the need for redundancy, we can look at how early telephone systems worked. When a person made a call using a traditional telephone set, the call first went through a setup process. This process identified the telephone switching locations between the person making the call (the source) and the phone set receiving the call (the destination). A temporary path, or circuit, was created for the duration of the telephone call. If any link or device in the circuit failed, the call was dropped. To reconnect, a new call had to be made, with a new circuit. This connection process is referred to as a circuit-switched process and is illustrated in Figure 1-18.
Figure 1-18 Circuit Switching in a Telephone Network
Many circuit-switched networks give priority to existing circuit connections at the expense of new circuit requests. After a circuit is established, even if no communication is occurring between the persons on either end of the call, the circuit remains connected and resources used until one of the parties disconnects the call. Because there are only so many circuits that can be created, it is possible to get a message that all circuits are busy and a call cannot be placed. The cost to create many alternate paths with enough capacity to support a large number of simultaneous circuits, and the technologies necessary to dynamically re-create dropped circuits in the event of a failure, is why circuit-switched technology was not optimal for the Internet.
Fault Tolerance in Packet-Switched Networks (126.96.36.199)
Because of the technical issues and cost associated with building a fault-tolerant circuit-switched network, network designers turned their attention to packet-switched technologies.
In the search for a network that was more fault tolerant, the early Internet designers researched packet-switched networks. The premise for this type of network is that a single message can be broken into multiple message blocks, with each message block containing addressing information to indicate the origination point and final destination. Using this embedded information, these message blocks, called packets, can be sent through the network along various paths, and can be reassembled into the original message when reaching their destination, as illustrated in Figure 1-19.
Figure 1-19 Packet Switching in a Data Network
The devices within the network itself are typically unaware of the content of the individual packets. Only visible is the address of the final destination. These addresses are often referred to as IP addresses, which can be represented in a dotted-decimal format, such as 10.10.10.10. Each packet is sent independently from one location to another. At each location, a routing decision is made as to which path to use to forward the packet toward its final destination. This would be like writing a long message to a friend using ten postcards. Each postcard has the destination address of the recipient. As the postcards are forwarded through the postal system, the destination address is used to determine the next path that postcard should take. Eventually, they will be delivered to the address on the postcards.
If a previously used path is no longer available, the routing function can dynamically choose the next best available path. Because the messages are sent in pieces, rather than as a single complete message, the few packets that might be lost can be retransmitted to the destination along a different path. In many cases, the destination device is unaware that any failure or rerouting occurred. Using our postcard analogy, if one of the postcards is lost along the way, only that postcard needs to be mailed again.
The need for a single, reserved circuit from end to end does not exist in a packet-switched network. Any piece of a message can be sent through the network using any available path. Additionally, packets containing pieces of messages from different sources can travel the network at the same time. By providing a method to dynamically use redundant paths, without intervention by the user, the Internet has become a fault-tolerant method of communication. In our mail analogy, as our postcard travels through the postal system, it will share transportation with other postcards, letters, and packages. For example, one of the postcards might be placed on an airplane, along with lots of other packages and letters that are being transported toward their final destination.
Although packet-switched connectionless networks are the primary infrastructure for today’s Internet, there are some benefits to a connection-oriented system like the circuit-switched telephone system. Because resources at the various switching locations are dedicated to providing a finite number of circuits, the quality and consistency of messages transmitted across a connection-oriented network can be guaranteed. Another benefit is that the provider of the service can charge the users of the network for the period of time that the connection is active. The ability to charge users for active connections through the network is a fundamental premise of the telecommunication service industry.
Scalable Networks (188.8.131.52)
Not only must a network be fault tolerant, but it must also be able to grow to accommodate new users and services.
Thousands of new users and service providers connect to the Internet each week. For the Internet to support this rapid amount of growth, it must be scalable. A scalable network can expand quickly to support new users and applications without impacting the performance of the service being delivered to existing users. Figure 1-20 shows the structure of the Internet.
Figure 1-20 Internet as a Scalable Network
The fact that the Internet is able to expand at the rate that it is, without seriously impacting the performance experienced by individual users, is a function of the design of the protocols and underlying technologies on which it is built. The Internet has a hierarchical layered structure for addressing, for naming, and for connectivity services. As a result, network traffic that is destined for local or regional services does not need to traverse to a central point for distribution. Common services can be duplicated in different regions, thereby keeping traffic off the higher-level backbone networks.
Scalability also refers to the ability to accept new products and applications. Although there is no single organization that regulates the Internet, the many individual networks that provide Internet connectivity cooperate to follow accepted standards and protocols. The adherence to standards enables the manufacturers of hardware and software to concentrate on product development and improvements in the areas of performance and capacity, knowing that the new products can integrate with and enhance the existing infrastructure.
The current Internet architecture, while highly scalable, might not always be able to keep up with the pace of user demand. New protocols and addressing structures are under development to meet the increasing rate at which Internet applications and services are being added.
Providing QoS (184.108.40.206)
As new Internet applications and services are added, it becomes increasingly apparent that some mechanism is required to handle the different types of traffic encountered in a converged network.
Quality of Service
Quality of service (QoS) is an ever-increasing requirement of networks today. New applications available to users over internetworks, such as voice and live video transmissions as shown in Figure 1-21, create higher expectations for the quality of the delivered services. Have you ever tried to watch a video with constant breaks and pauses?
Figure 1-21 Types of Traffic Found in a Converged Network
Networks must provide predictable, measurable, and at times, guaranteed services. The packet-switched network architecture does not guarantee that all packets that comprise a particular message will arrive on time and in their correct order, or even that they will arrive at all.
Networks also need mechanisms to manage congested network traffic. Network bandwidth is the measure of the data-carrying capacity of the network. In other words, how much information can be transmitted within a specific amount of time? Network bandwidth is measured in the number of bits that can be transmitted in a single second, or bits per second (bps). When simultaneous communications are attempted across the network, the demand for network bandwidth can exceed its availability, creating network congestion. The network simply has more bits to transmit than what the bandwidth of the communication channel can deliver.
In most cases, when the volume of packets is greater than what can be transported across the network, devices queue, or hold, the packets in memory until resources become available to transmit them, as shown in Figure 1-22. Queuing packets causes delay because new packets cannot be transmitted until previous packets have been processed. If the number of packets to be queued continues to increase, the memory queues fill up and packets are dropped.
Figure 1-22 Using Queues to Prioritize Communication
Achieving the required QoS by managing the delay and packet loss parameters on a network becomes the secret to a successful end-to-end application quality solution. One way that this can be accomplished is through classification. To create QoS classifications of data, we use a combination of communication characteristics and the relative importance assigned to the application, as shown in Figure 1-23. We then treat all data within the same classification according to the same rules. For example, communication that is time sensitive, such as voice transmissions, would be classified differently from communication that can tolerate delay, such as file transfers.
Figure 1-23 Importance of Quality of Service (QoS)
Examples of priority decisions for an organization might include
- Time-sensitive communication: Increase priority for services like telephony or video distribution
- Non-time-sensitive communication: Decrease priority for web page retrieval or email
- High importance to organization: Increase priority for production control or business transaction data
- Undesirable communication: Decrease priority or block unwanted activity, like peer-to-peer file sharing or live entertainment
Providing Network Security (220.127.116.11)
As new users and services are added to the network, it becomes important that measures be taken to ensure that information access is strictly controlled.
The Internet has evolved from a tightly controlled internetwork of educational and government organizations to a widely accessible means for transmission of business and personal communications. As a result, the security requirements of the network have changed. The network infrastructure, the services, and the data contained on network-attached devices are crucial personal and business assets. Compromising the integrity of these assets could have serious consequences, such as
- Network outages that prevent communications and transactions from occurring, with consequent loss of business
- Intellectual property (research ideas, patents, or designs) that is stolen and used by a competitor
- Personal or private information that is compromised or made public without the users’ consent
- Misdirection and loss of personal or business funds
- Loss of important data that takes significant labor to replace or is irreplaceable
There are two types of network security concerns that must be addressed: network infrastructure security and information security.
Securing a network infrastructure includes the physical securing of devices that provide network connectivity and preventing unauthorized access to the management software that resides on them.
Information security refers to protecting the information contained within the packets being transmitted over the network and the information stored on network-attached devices. Security measures taken in a network should
- Prevent unauthorized disclosure
- Prevent theft of information
- Prevent unauthorized modification of information
- Prevent denial of service (DoS)
To achieve the goals of network security, there are three primary requirements, as shown in Figure 1-24:
- Ensuring confidentiality: Data confidentiality means that only the intended and authorized recipients—individuals, processes, or devices—can access and read data. This is accomplished by having a strong system for user authentication, enforcing passwords that are difficult to guess, and requiring users to change the passwords frequently. Encrypting data, so that only the intended recipient can read it, is also part of confidentiality.
- Maintaining communication integrity: Data integrity means having the assurance that the information has not been altered in transmission, from origin to destination. Data integrity can be compromised when information has been corrupted—willfully or accidentally. Data integrity is made possible by requiring validation of the sender as well as by using mechanisms to validate that the packet has not changed during transmission.
- Ensuring availability: Availability means having the assurance of timely and reliable access to data services for authorized users. Network firewall devices, along with desktop and server antivirus software, can ensure system reliability and the robustness to detect, repel, and cope with such attacks. Building fully redundant network infrastructures, with few single points of failure, can reduce the impact of these threats.
Figure 1-24 Importance of Network Security