The Illustrated Network- P77

Chia sẻ: Cong Thanh | Ngày: | Loại File: PDF | Số trang:10

Thêm vào BST

Báo xấu

60
lượt xem 3
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

The Illustrated Network- P77:In this chapter, you will learn about the protocol stack used on the global public Internet and how these protocols have been evolving in today’s world. We’ll review some key basic defi nitions and see the network used to illustrate all of the examples in this book, as well as the packet content, the role that hosts and routers play on the network, and how graphic user and command line interfaces (GUI and CLI, respectively) both are used to interact with devices.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: The Illustrated Network- P77

CHAPTER 29 IP Security 729 OAKLEY—This extends ISAKMP by describing a specific mechanism for key exchange through different defined “modes.” Most of IKE’s key exchange is directly based on OAKLEY. SKEME—This defines a key exchange process different from that of OAKLEY. IKE uses some SKEME features, such as public key encryption methods and the “fast rekeying” feature. IKE takes ISAKMP and adds the details of OAKLEY and SKEME to perform its magic. IKE has the two ISAKMP phases. Phase 1—The first stage is a “setup” process in which two devices agree on how they will exchange further information securely. This creates an SA for IKE itself, although it’s called an ISAKMP SA. This special bidirectional SA is used for Phase 2. Phase 2—Now the ISAKMP SA is used to create the other SAs for the two devices. This is where the parameters such as secret keys are negotiated and shared. Why two phases? Phase 1 typically uses public key encryption and is slow, but technically only has to be done once. Phase 2 is faster and can conjure different but very secure secret keys every hour or every 10 minutes (or more frequently for very sensitive transactions).
This page intentionally left blank
731 QUESTIONS FOR READERS Figure 29.10 shows some of the concepts discussed in this chapter and can be used to answer the following questions. Protocol UDP 17 Hdr UDP Datagram (17) IPv4 Hdr IP Data Original IPv4 Packet Protocol Protocol UDP Next Hdr 50 ESP 17 Hdr UDP Datagram 4 ESP Hdr (17) Auth IPv4 Hdr (50) IP Data Data IPv4 Hdr Original IPv4 Packet ESP Trlr Encrypted Fields Authenticated Fields FIGURE 29.10 IPSec ESP used with an IPv4 packet. 1. Which IPSec ESP mode is used in the ﬁgure—transport or tunnel? 2. Which IP protocol is being tunneled? 3. What does the ESP trailer next header value of 4 indicate? 4. Could NAT also be used with IPSec to substitute the IPv4 addresses and encrypt them? 5. Is the SPI ﬁeld encrypted? Is it authenticated?
PART Media VII The Internet is not just for data anymore. This part of the book examines how voice communication has transitioned to the Internet. ■ Chapter 30—Voice over Internet Protocol
CHAPTER Voice over Internet Protocol 30 What You Will Learn In this chapter, you will learn how VoIP is becoming more and more popular as an alternative to the traditional public switched telephone network (PSTN). We’ll look at one form of “softphone” that lets users make “voice” calls (voice is really many things) over an Internet connection to their PC. You will learn about the protocols used in VoIP, especially for the “data” (RTP and RTCP) and for signaling (H.323 and SIP). We’ll put it all together and look at a complete architecture for carrying media other than data on the Internet. In November 2006, when a person in Cardiff, Wales, made a local telephone call, no part of the British Telecom (BT) PSTN was involved. Only the “last mile” of the circuit was the same: No telephone central ofﬁce, voice switches, or channelized trunks were used to carry the voice call. Instead, the calls were handled by multiservice access nodes (MSANs) and carried with IP protocols over the same type of network that handles BT’s Internet trafﬁc. BT was so happy with the results that by 2011 they say their entire PSTN will be replaced with an IP network using MPLS to both secure and provide QoS for the calls. Many countries use IP voice on their backbones (such as Telecom Italia), but this is the ﬁrst time a national system has decided to spend a huge amount of money (almost US$20 billion, BT says) to convert everything. It’s old news that many people, both around the world and in the United States, use the Internet to talk over the telephone. Not many of these customers know it, however, because various factors combine to make the use of voice over IP (VoIP) technology a sensitive subject. There are those who intentionally use the Internet for voice calls, and many software packages (such as those from Vonage and Avaya) are available. But not many people know that a percentage of calls (perhaps the majority) made over the PSTN are carried for part of their journey over the Internet using VoIP. The cellular tele- phone network is converging on IP protocols even faster than the landline network.
736 PART VII Media bsdclient lnxserver wincli1 winsvr1 em0: 10.10.11.177 eth0: 10.10.11.66 LAN2: 10.10.11.51 LAN2: 10.10.11.111 MAC: 00:0e:0c:3b:8f:94 MAC: 00:d0:b7:1f:fe:e6 MAC: 00:0e:0c:3b:88:3c MAC: 00:0e:0c:3b:87:36 (Intel_3b:8f:94) (Intel_1f:fe:e6) (Intel_3b:88:3c) (Intel_3b:87:36) IPv6: fe80::20e: IPv6: fe80::2d0: IPv6: fe80::20e: IPv6: fe80::20e: cff:fe3b:8f94 b7ff:fe1f:fee6 cff:fe3b:883c cff:fe3b:8736 Ethernet LAN Switch with Twisted-Pair Wiring LAN1 fe-1/3/0: 10.10.11.1 Los Angeles CE0 MAC: 00:05:85:88:cc:db Office lo0: 192.168.0.1 (Juniper_88:cc:db) IPv6: fe80:205:85ff:fe88:ccdb 50. /3 0/0 2 ge- Ace ISP Wireless in Home P9 so-0/0/1 0 lo0: 192.168.9.1 79.2 /0/ -0 DS so 9.2 so- 0/0 50. /3 LL 5 so-0/0/3 29. /2 0/0 ink 1 2 ge- 49.2 0 /0/ -0 .1 so PE5 59 lo0: 192.168.5.1 so -0 45 /0/2 .2 so-0/0/3 /0 so 0/0 -0 /0/ 49.1 so- 1 45 .1 2 47. P4 so-0/0/1 lo0: 192.168.4.1 24.2 Solid rules SONET/SDH Dashed rules Gig Ethernet Note: All links use 10.0.x.y addressing...only the last AS 65459 two octets are shown. FIGURE 30.1 VoIP setup on the Illustrated Network, showing the host using an Internet telephony package.
CHAPTER 30 Voice over Internet Protocol 737 bsdserver lnxclient winsvr2 wincli2 eth0: 10.10.12.77 eth0: 10.10.12.166 LAN2: 10.10.12.52 LAN2: 10.10.12.222 MAC: 00:0e:0c:3b:87:32 MAC: 00:b0:d0:45:34:64 MAC: 00:0e:0c:3b:88:56 MAC: 00:02:b3:27:fa:8c (Intel_3b:87:32) (Dell_45:34:64) (Intel_3b:88:56) IPv6: fe80::20e: IPv6: fe80::2b0: IPv6: fe80::20e: IPv6: fe80::202: cff:fe3b:8732 d0ff:fe45:3464 cff:fe3b:8856 b3ff:fe27:fa8c Ethernet LAN Switch with Twisted-Pair Wiring LAN2 fe-1/3/0: 10.10.12.1 New York CE6 MAC: 0:05:85:8b:bc:db Office lo0: 192.168.6.1 (Juniper_8b:bc:db) IPv6: fe80:205:85ff:fe8b:bcdb ge- .2 0/0 16 /3 Best ISP Avaya Server so-0/0/1 P7 (172.24.45.78) lo0: 192.168.7.1 so 79.1 -0 / 17 0/2 .2 ge- /0 0/0 so-0/0/3 0/0 so- .2 16. /3 47 27.2 1 so -0 / 17 0/2 .1 PE1 0 lo0: 192.168.1.1 /0/ -0 so 2.1 1 so- so-0/0/3 0/0 29. /2 27.1 /0/ 0 1 -0 so 2.2 so-0/0/1 P2 1 24.1 lo0: 192.168.2.1 Global Public Internet AS 65127
738 PART VII Media The exact percentage of PSTN trafﬁc using VoIP is very difﬁcult to pin down because some telephony carriers are relatively open about this fact and others are not, and all are as wary of their competitors as they ever were. The use of VoIP is also controversial because not too long ago the voice quality of such calls was (might as well admit it) horrible. This chapter concerns voice, not audio, a distinction often glossed over by users but never by engineers. Voice is concerned primarily with comprehension of the spoken word, that is, of what is said rather than how it “sounds.” Audio is generally a stereo representation of more than just speech. Think of audio as a motion picture soundtrack. The telephone system is “tuned” to the frequencies used in human speech, not music or special effects explosions. And that makes all the difference. VOIP IN ACTION It’s a little too much to expect seeing a full-blown VoIP server and gateway on the Illustrated Network, although Juniper Networks does indeed make such software. Nevertheless, we can “borrow” an Avaya IP Softphone server for our network and install the client software on wincli2 (10.10.112.222). Then we can use the VoIP software to place a call to a desk phone and capture the exchange of signaling and voice packets. This is shown in Figure 30.1. Naturally, the server can place the call anywhere in the world, but having a con- versation with a telephone in a local cubicle makes it easier to complete the call, talk, hang up, and so on. Figure 30.2 shows the main screen for the Avaya VoIP software. It doesn’t look much like a phone, and some VoIP clients make an effort to make the user FIGURE 30.2 Avaya IP Softphone client interface. Note that this is not very “phone-like.”