Layer 2 - Network Access

Internet traffic is notorious for being full of malicious traffic (hackers) and therefore it is best practice to specifically distrust it. There are some virtual circuit technologies designed to connect two networks in such a way that all traffic that gets through can be considered internal traffic because it must have come from the other end. Because the other end is part of the same company it can be trusted. These virtual circuit technologies differ from the hardware used for internet access because they emulate a direct connection rather than actually being directly connected. Most organizations with more than one location (and/or telecommuting employees) connect all of their locations with some combination of these technology. It is common for external computer access at satellite locations to be through a WAN connection to the headquarters or data center which has a large connection for internet access.

virtual private networking VPN

The information passing between two points is encrypted to form a tunnel. Basically there are two endpoints such as a user’s laptop or the office router and a centralized router. Traffic enters one end, is encrypted and sent over the internet to the other end. The other end then decrypts the information and forwards it on to the internal destination. While the transmission passes through the internet the encryption protects the integrity and confidentiality of the transmission. It is not unreasonable for the transmission to be intercepted, but it would have to be decrypted to be of any use to a malicious individual. This requires internet access to send the information encrypted information. This does not affect the need for either reliability or throughput. Because all of the traffic is encrypted, the hardware requirements grow with the capacity used.

Frame Relay

All transmissions are forwarded through frame relay switches physically located at reasonably secure locations throughout the transmission path. Because the transmissions go through a point to point virtual circuit, and the frame relay switches force the traffic through a predetermined path to get there, it is reasonably secure. The transmission is not encrypted, but it is difficult to intercept. This service usually involves fees paid to the carrier based in part on the capacity provided. It can be more expensive than the cost of the underlying internet service. It is ordinarily considered reliable. However it should be noted that because it does force traffic through a certain path of physical connections any service interruption anywhere in the path will create an outage on the virtual circuit. This is the case even if it is a large circuit deep in the provider’s network and other redundant paths would otherwise be available. Because it does not encrypt the traffic it is able to handle more bandwidth than a VPN tunnel would be able to. A frame relay circuit can be intermeshed with the other end being an ATM circuit. It is common for frame relay circuits to be purchased from a firm other that the one who actually provides the service and for these to span more than one provider’s network. Frame relay circuits have a guaranteed bandwidth allowance and therefore have very low latency and packet loss (within the allowed capacity). A circuit used to provide frame relay is not considered to provide internet access because no traffic is allowed to go to or come from the internet without going through the ordinary route.

asynchronous transmission mode ATM

An ATM connection is a standard that operates very similarly to frame relay and involves a series of ATM switches on the carrier’s network. Because the ATM switches force traffic through a certain path it is very difficult to intercept and therefore is fairly secure. ATM is capable of handling high speeds better than frame relay. This also usually involves fees paid to the carrier based on the bandwidth provided. It is ordinarily considered reliable. However it should be noted that because it does force traffic through a certain path of network connections any service interruption anywhere in the path will create an outage on the virtual circuit. This is the case even if it is a large circuit deep in the provider’s network and other redundant paths would otherwise be available. An ATM circuit can be intermeshed with the other end being a frame relay circuit which is useful for the organization to operate it at a centralized facility. It is common for ATM circuits to be purchased from a firm other that the one who actually provides the service and for these to span more than one provider’s network. ATM circuits have a guaranteed bandwidth allowance and therefore have very low latency & packet loss.

• Like this post?
  
  • Subscribe
  • Bloglines
  • Digg
  • del.icio.us
  • Facebook
  • Furl
  • Reddit
  • StumbleUpon
  • Technorati