VoIP over VPN Design and Security Considerations

VoIP over VPN Design and Security Considerations

-

Documents
50 Pages
Read
Download
Downloading requires you to have access to the YouScribe library
Learn all about the services we offer

Description

_____________________________________________________________
Application Note
LANs and VLANs
A Simplified Tutorial
Version 3.0
Avaya Labs
May 2002
COMPAS ID 90947
1 Companion document

IP Addressing: A Simplified Tutorial
COMPAS ID 92962
2 Introduction
As the name implies, the purpose of this presentation is to
provide a simplified tutorial on local area networks (LANs) and virtual
local area networks (VLANs).
The instructions and terminology used in this presentation attempt
to comply with industry practices and written standards. They represent
the generally accepted implementations of the written standards.
It is important to understand that written standards are sometimes
ambiguous, and are thus implemented differently among various
vendors. This tutorial seeks to balance between the two and does not
rely solely on written standards or specific implementations.
All IP addresses and numbering schemes in this tutorial are
hypothetical, and used for illustration purposes.
3 First, the basics
4 OSI and TCP/IP
O
S
I R
e
fe
r
e
n
c
e
T
C
P
/
IP
T
e
r
m
s
u
s
e
d

i
n
t
h
i
s
tu
to
r
i
a
l
M
odel
7 – Appl
i
c
a
t
i
o
n
A
p
p
lic
a
tio
n
6 – Pr
e
s
ent
a
t
i
o
n
5 – Se
ss
i
o
n
4 – Tr
ans
port
H
os
t

t
o
– H
o
s
t
(
T
CP
/
U
DP
)
r
out
er
,
s
u
bnet
,
I
P
a
ddr
ess
3 – N
e
t
w
or
k
I
nt
er
net
(I
P)
sw
i
t
ch,
VL
A
N
,

M
A
C
addr
ess,
2 – D
a
t
a
Li
nk
N
e
tw
o
r
k
In
te
r
f
a
c
e
Et
her
n
et
1 – Phy
s
i
c
a
l
hub

This table is presented for ...

Subjects

Informations

Published by
Reads 118
Language English
Report a problem
_____________________________________________________________ Application Note _____________________________________________________________
LANs and VLANs A Simplified Tutorial
Version 3.0 May 2002 COMPAS ID 90947
Avaya Labs
1
Companion document
IP Addressing: A Simplified Tutorial
COMPAS ID 92962
2
Introduction
As the name implies, the purpose of this presentation is to provide a simplified tutorial on local area networks (LANs) and virtual local area networks (VLANs).
The instructions and terminology used in this presentation attempt to comply with industry practices and written standards. They represent the generally accepted implementations of the written standards.
It is important to understand that written standards are sometimes ambiguous, and are thus implemented differently among various vendors. This tutorial seeks to balance between the two and does not rely solely on written standards or specific implementations.
All IP addresses and numbering schemes in this tutorial are hypothetical, and used for illustration purposes.
3
First, the basics
4
OSI and TCP/IP
OSIReference Model 7  Application 6  Presentation 5  Session 4  Transport 3Network 2  Data Link
1  Physical
TCP/IP
Application
Terms used in this tutorial
Host  to  Host (TCP/UDP) Internet (IP)router, subnet, IP address Network Interfaceswitch, VLAN, MAC address, Ethernet hub
This table is presented for reference purposes.  The first column shows the 7-layer OSI Reference Model, which is a model used to design protocols that make networking possible.  The second column shows the TCP/IP protocol stack in reference to the OSI model. TCP/IP is the prevalent protocol stack for data networking.  The third column shows the terms that will be used in this tutorial, in reference to both OSI and TCP/IP.
5
Hub (a collision domain)
Ahubis a L1 (physical layer) multi-port repeater.  It receives a signal on one port, regenerates it, and transmits it out all ports.  All devices connected to a hub receive any transmission on that hub, regardless of the intended recipient.  Note: Simple hubs have a single bus that is capable of operating at either 10Mbps or 100Mbps, but not both. These are pure L1 devices, no smarter than the original coax Ethernet bus they replaced. The very common 10/100 hubs actually have two buses, a 10M bus and a 100M bus, which are bridged. This bridging function is a L2 function, so technically speaking 10/100 hubs are not pure L1 devices. Two or more devices on a hub cannot transmit at the same time.  When two or more devices simultaneously transmit, there is a collision.  The devices must back off and re-transmit at dispersed intervals, so that only one device is transmitting at any given time. Because of these characteristics, a hub (or a group of hubs connected together) is known as acollision domain. Hubs operate only at half duplex; attached devices cannot transmit and receive at the same time. Generally speaking, only four 10M hubs or two 100M hubs can be connected together.
6
Switch (a broadcast domain)
Aswitchis more than just a repeater. is a L2 (data link layer) bridge, It which means that it is aware of L2 MAC addresses.  MAC addresses and Ethernet frames will be discussed in more detail later. A switch keeps track of which devices are connected to which ports by maintaining a table of the MAC-address-to-switch-port mapping.  Well simply call this theMAC table. It is populated by recording the source MAC addresses of incoming Ethernet frames on each port.  MAC table entries are designed to time out, typically after a few minutes, if no other frame from the same source is not received on that port. Transmissions on a switch are sent only to the intended recipients, determined by the destination MAC address.  The exception to this is if the destination MAC address is not already in the MAC table, in which case the Ethernet frame is transmitted out all ports. Broadcasts are sent to all recipients, as they are intended to be. For this reason, a switch (or a group of switches connected together) is known as abroadcast domain. Switches can operate at full duplex; multiple attached devices can transmit and receive at the same time.
7
An overview of LANs
8
A single hub or switch is a physical LAN segment.  Ethernet segment is more precise, but well use the general term. An IP endpoint (PC, server, IP phone, etc.) is ahostand has an IP address.  In this diagram the hub or switch itself is also a host, with an IP address.
A LAN segment typically contains one IP network or sub-network. There is a difference between the two, but the term subnet is generally used.  We will not address in detail the case of two or more subnets residing on one LAN segment, which is a valid but uncommon case. This subnet is 10.1.1.0 withsubnet mask255.255.255.0, which implies  Host addresses are 10.1.1.1 through 10.1.1.254.  Broadcast address is 10.1.1.255, which is the IP address used to transmit to all hosts on the subnet. All hosts are aware of their individual subnet and mask, and what that implies.
9
Two or more hubs or switches connected together still constitute one physical LAN segment. The only differences between this diagram and the previous are  Having two hubs or switches increases the port density.  The up-link between the two devices may be a bottleneck. Note: It is not required that a hub or switch have an IP address. However, the device is very likely to have an IP address if it is remotely manageable (ie, configure, troubleshoot, view statistics, upgrade firmware, etc). Otherwise, the device must be managed via a console port or not at all.
10
Now weve added a second LAN segment, which contains a different IP subnet.
All hosts on the second subnet have addresses pertaining to that subnet.
Hosts on one subnet cannot communicate with hosts on the other subnet.  The obvious reason is that the two LAN segments are physically separated.  However
11