Individual Computers: The personal computer is typically a desktop computer, a workstation or a notebook for individual users. The individual computers are the most common type of microcomputer and is found in the majority of organizations.

Server: A computer on a network or other network device that stores all necessary information and is dedicated to provide a particular service. For example, a database server would store all data and software related to a certain database and allows other network devices to access and process database queries. A file server is a computer and storage device dedicated to storing files for any user on the network to store files on the server. A print server is a device that manages one or more printers, and a network server is a computer that manages network traffic.

Network Interface Card: Network Interface Cards (NIC) are adaptors attached with a computer or other network device to provide the connection between the computer with the network. Each NIC is design for a specific type of network such as Ethernet, Token Ring, FDDI or wireless LAN. The NIC operates using the physical layer (layer 1) and data link layer (layer 2) specifications. NIC basically defines the physical connection methods with the cable and the framing methods used to transmit bit streams over the network. It also defines the control signals that provide the timing of data transfers across network.

Hubs: Hubs are the simplest network devices. Computers connect to a hub via a length of twisted-pair cabling. On a hub, data is forwarded to all ports, regardless of whether the data is intended for the system connected to the port. In addition to ports for connecting computers, even a very inexpensive hub generally has a port designated as an uplink port that enables the hub to be connected to another hub to create larger networks.

Switches: Switch is a layer 2 and multi-port device. Switch provides similar functions as a hub or a bridge but has more advanced features that can temporarily connect any two ports together. It contains a switch matrix or switch fabric that can rapidly connect and disconnect ports. Unlike Hub, a switch only forward frame from one port to the other port where the destination node is connected without broadcast to all other ports.

Routers: Routers route data around the network from data senders to receivers. A router is able to determine the destination address for the data and determines the best way for the data to continue its journey. Unlike bridges and switches, which use the hardware-configured MAC address to determine the destination of the data, routers use the logic network address such as IP address to make decisions.

Gateway: The term gateway is applied to any device, system, or software application that can perform the function of translating data from one format to another. Gateway will not change the data itself. For example, a router that can route data from an IPX network to an IP network is, technically, a gateway. The same can be said of a translational switch that converts from an Ethernet network to a Token Ring network and back again.

Modems: Modems are access devices that translate digital signals from a computer into analog signals that can travel across conventional phone lines. The modem modulates the signal at the sending end and demodulates at the receiving end. Modems are required for many access methods such as 56k data modern, ISDN, DSL etc. They can be as internal devices that plug into expansion slots in a system; external devices that plug into serial or USB ports; PCMCIA cards designed for use in laptops; and specialized devices designed for use in systems such as handheld computers. In addition, many laptops now come with integrated modems. For large-scale modem implementations, such as at an ISP, rack-mounted modems are also available.

A router is a device or a piece of software in a computer that forwards and routes data packets along networks. A router connects at least two networks, commonly two LANs or WANs or a LAN and its ISP network. A router is often included as part of a network switch. A router is located at any gateway where one network meets another, including each point-of-presence on the Internet.

Layer 2 Switch

Layer 2 switch is a local area network switch that forwards traffic based on MAC layer (Ethernet or Token Ring) addresses.

Layer 3 Switch

Layer 3 switch is a network device that forwards traffic based on layer 3 information at very high speeds. Layer 3 switch uses the same routing algorithms as traditional routers do. However, Layer 3 switch performs its operations using application specific integrated circuit (ASIC) hardware, while a router does it using software in a microprocessor. A Layer 3 switch goes beyond the Layer 2 MAC addressing and routing. The Layer 3 switch looks at the incoming packets networking protocol. Layer 3 switching is more effectively used to segment a LAN than to provide a WAN connection. Traditionally, routers, which inspect layer 3, were considerably slower than layer 2 switches.

Layer 4 Switch

Layer 4 switch, based on the OSI "transport" layer, allows for policy-based switching such as limiting different types of traffic on specific end-user switch ports, or for prioritizing certain packet types, such as database or application server traffic. Layer 4 switches also offer a powerful combination of Network Address Translation (NAT) with higher-layer address screening. Actually, layer 4 switch may make forwarding decisions based upon information at any OSI layer from 4 through 7, depending upon the particular product. In fact, some of the so-called "Layer 4 Switches" even monitor the state of individual sessions from beginning to end, just as firewalls do, in which case they're referred to as "session switches." Therefore, it is called Layer 4 - 7 switch.

Layer 7 Switch

A Layer 7 Switch performs wire-speed processing of packet header content, not only at Layer 2 or Layer 3, but also at the transport layer (Layer 4) up through the application layer (Layer 7). Layer 7 switch integrates routing and switching by forwarding traffic at layer 2 speed using layer 7 information. For example, an XML switch can analyze the XML tags at the application level and make forwarding decisions.

802.1 IEEE protocols suite for internetworking of LAN, MAN and WAN; LAN security, and management.

802.12
100 VG-Any LAN IEEE standard

802.1ad
This standard, also referred to as ?Q-in-Q? tag stacking, builds on the IEEE?s 802.1Q (Virtual LANs) to enable stacked VLANs IEEE

802.1D
Spanning Tree Protocol IEEE

802.1P
LAN Layer 2 traffic prioritization (QoS) specification IEEE

802.1Q
Virtual LAN (VLAN) Switching IEEE protocol

802.1s
Multiple Spanning Tree Protocol IEEE

802.1w
Rapid Spanning Tree Protocol, an evolution of the Spanning Tree Protocol, provides for faster spanning tree convergence after a topology change. IEEE

802.1X
LAN/WLAN Authentication and Key Management (EAPOL) IEEE

802.2
Logical Link Control IEEE protocol

802.3
Ethernet LAN IEEE protocol suite

802.5
IEEE Token-passing access on ring topology using unshielded twisted pair

802.6
Metropolitan Area Network (MAN) layer 2 IEEE standard (DQDB)

802.3ab
Gigabit Ethernet over twisted pair (1000BaseT) IEEE

802.3ad
Ethernet link aggregation IEEE

802.3ae
10 Gigabit Ethernet IEEE standard

803.3ah
Ethernet OAM: link monitoring, fault signaling, and remote loopback IEEE

802.3u
Fast Ethernet - 100 Mbps LAN IEEE

802.3z
Gigabit Ethernet over fiber IEEE standard (1000BaseX)

The components in a Local Area Network can be connected in a few ways, which is call LAN topologies. There exit 4 basic LAN topologies:

Star: All stations are connected by cable (or wireless) to a central point, such as hub or a switch. If the central node is operating in a broadcast fashion such as a Hub, transmission of a frame from one station to the node is retransmitted on all of the outgoing links. In this case, although the arrangement is physically a star, it is logically a bus. In the case of the central node acting as switch, an incoming frame is processed in the node and then retransmitted on an outgoing link to the destination station. Ethernet protocols (IEEE 802.3) are often used in the Star topology LAN.

Ring: All nodes on the LAN are connected in a loop and their Network Interface Cards (NIC) are working as repeaters. There is no starting or ending point. Each node will repeat any signal that is on the network regardless its destination. The destination station recognizes its address and copies the frame into a local buffer as it goes by. The frame continues to circulate until it returns to the source station, where it is removed. Token Ring (IEEE 802.5) is the most popular Ring topology protocol. FDDI (IEEE 802.6) is another protocol used in the Ring topology, which is based on the Token Ring.

Bus: All nodes on the LAN are connected by one linear cable, which is called the shared medium. Every node on this cable segment sees transmissions from every other station on the same segment. At each end of the bus is a terminator, which absorbs any signal, removing it from the bus. This medium cable apparently is the single point of failure. Ethernet (IEEE 802.3) is the protocols used for this type of LAN.

Tree: The tree topology is a logical extension of the bus topology. The transmission medium is a branching cable with no closed loops. The tree layout begins at a point called the head-end, where one or more cables start, and each of these may have branches. The branches in turn may have additional branches to allow quite complex layouts.

• 10 Mbps - 10Base-T Ethernet (IEEE 802.3)  
• 100 Mbps - Fast Ethernet (IEEE 802.3u)
• 1000 Mbps - Gigabit Ethernet (IEEE 802.3z)  
• 10-Gigabit - 10 Gbps Ethernet (IEEE 802.3ae) 

Fast Ethernet (100BASE-T) offers a speed increase ten times that of the 10BaseT Ethernet specification, while preserving such qualities as frame format, MAC mechanisms, and MTU. Such similarities allow the use of existing 10BaseT applications and network management tools on Fast Ethernet networks. Officially, the 100BASE-T standard is IEEE 802.3u.

Like Ethernet, 100BASE-T is based on the CSMA/CD LAN access method. There are several different cabling schemes that can be used with 100BASE-T, including:

• 100BASE-TX: two pairs of high-quality twisted-pair wires
• 100BASE-T4: four pairs of normal-quality twisted-pair wires
• 100BASE-FX: fiber optic cables

The Fast Ethernet specifications include mechanisms for Auto-Negotiation of the media speed. This makes it possible for vendors to provide dual-speed Ethernet interfaces that can be installed and run at either 10-Mbps or 100-Mbps automatically.

Fast Ethernet standard is defined by IEEE (http://www.ieee.org ) in 802.3 & 802.3u.

Ethernet protocols refer to the family of local-area network (LAN) covered by the IEEE 802.3 standard. The Gigabit Ethernet is based on the Ethernet protocol, but increased speed tenfold over the fast Ethernet, using shorter frames with carrier Extension. It is published as the IEEE 802.3z and 802.3ab, supplement to the IEEE 802.3 base standards.

Carrier Extension is a simple solution, but it wastes bandwidth. Packet Bursting is "Carrier Extension plus a burst of packets". Burst mode is a feature that allows a MAC to send a short sequence (a burst) of frames equal to approximately 5.4 maximum-length frames without having to relinquish control of the medium.

The Gigabit Ethernet standards are fully compatible with Ethernet and Fast Ethernet installations. It retains Carrier Sense Multiple Access/ Collision Detection (CSMA/CD) as the access method. It supports full-duplex as well as half duplex modes of operation. Single-mode and multi mode fiber and short-haul coaxial cable, and twisted pair cables are supported.

• The IEEE 802.3z defines the Gigabit Ethernet over fiber and cable, which has a physical media standard 1000Base-X (1000BaseSX - short wave covers up to 500m, and 1000BaseLX - long wave covers up to 5km). The IEEE 802.3ab defines the Gigabit Ethernet over the unshielded twisted pair wire (1000Base-T covers up to 75m).

• The Gigabit interface converter (GBIC) allows network managers to configure each gigabit port on a port-by-port basis for short-wave (SX), long-wave (LX), long-haul (LH), and copper physical interfaces (CX). LH GBICs extended the single-mode fiber distance from the standard 5 km to 10 km.

Gigabit Ethernet is defined by IEEE (http://www.ieee.org) 802.3z and 802.3ab.

10-Gigabit Ethernet, being standardized in IEEE 802.3ae, offers data speeds up to 10 billion bits per second.Built on the Ethernet technology used in most of today's local area networks (LANs), it offers similar benefits to those of the preceding Ethernet standard. 10-Gigabit Ethernet is used to interconnect local area networks (LANs), wide area networks (WANs), and metropolitan area networks (MANs). 10-Gigabit Ethernet uses the familiar IEEE 802.3 Ethernet media access control (MAC) protocol and its frame format and size. However, it supports full duplex mode but not the half-duplex operation mode and it only functions over optical fiber. So it does not need the carrier-sensing multiple-access with Collision Detection (CSMA/CD) protocol as it is used in other Ethernet standards.

The 10 Gigabit specifications, contained in the IEEE 802.3ae supplement to the 802.3 standard, provides support to extend the 802.3 protocol and MAC specification to an operating speed of 10 Gb/s. In addition to the data rate of 10 Gb/s, 10-Gigabit Ethernet is able to accommodate slower date rates such as 9.584640 Gb/s (OC-192), through its "WAN interface sublayer" (WIS) which allows 10 Gigabit Ethernet equipment to be compatible with the Synchronous Optical Network (SONET) STS-192c transmission format.

The 10GBASE-SRand 10GBASE-SWmedia types are for use over short wavelength (850 nm) multimode fiber (MMF), which covers a fiber distance from 2 meters to 300 meters.. The 10GBASE-SR media type is designed for use over dark fiber, meaning a fiber optic cable that is not in use and that is not connected to any other equipment. The 10GBASE-SW media type is designed to connect to SONET equipment, which is typically used to provide long distance data communications.

The 10GBASE-LRand 10GBASE-LWmedia types are for use over long wavelength (1310 nm) single-mode fiber (SMF), which covers a fiber distance from 2 meters to 10 kilometers (32,808 feet). The 10GBASE-LR media type is designed for use over dark fiber, while the 10GBASE-LW media type is designed to connect to SONET equipment.

The 10GBASE-ERand 10GBASE-EWmedia types are for use over extra long wavelength (1550 nm) single-mode fiber (SMF), which covers a fiber distance from 2 meters up to 40 kilometers (131,233 feet). The 10GBASE-ER media types is designed for use over dark fiber, while the 10GBASE-EW media type is designed to connect to SONET equipment.

Finally, there is a 10GBASE-LX4media type, which uses wave division multiplexing technology to send signals over four wavelengths of light carried over a single pair of fiber optic cables. The 10GBASE-LX4 system is designed to operate at 1310 nm over multi-mode or single-mode dark fiber. The design goal for this media system is from 2 meters up to 300 meters over multimode fiber or from 2 meters up to 10 kilometers over single-mode fiber.

10 Gigabit Ethernet is defined by IEEE (http://www.ieee.org).

Open Systems Interconnection (OSI) model is a reference model developed by ISO (International Organization for Standardization) in 1984, as a conceptual framework of standards for communication in the network across different equipment and applications by different vendors. It is now considered the primary architectural model for inter-computing and internetworking communications. Most of the network communication protocols used today have a structure based on the OSI model. The OSI model defines the communications process into 7 layers, which divides the tasks involved with moving information between networked computers into seven smaller, more manageable task groups. A task or group of tasks is then assigned to each of the seven OSI layers. Each layer is reasonably self-contained so that the tasks assigned to each layer can be implemented independently. This enables the solutions offered by one layer to be updated without adversely affecting the other layers.  

The OSI 7 layers model has clear characteristics. Layers 7 through 4 deal with end to end communications between data source and destinations. Layers 3 to 1 deal with communications between network devices. 

On the other hand, the seven layers of the OSI model can be divided into two groups: upper layers (layers 7, 6 & 5) and lower layers (layers 4, 3, 2, 1). The upper layers of the OSI model deal with application issues and generally are implemented only in software. The highest layer, the application layer, is closest to the end user. The lower layers of the OSI model handle data transport issues. The physical layer and the data link layer are implemented in hardware and software. The lowest layer, the physical layer, is closest to the physical network medium (the wires, for example) and is responsible for placing data on the medium.

The specific description for each layer is as follows:

Layer 7: Application Layer

Defines interface to user processes for communication and data transfer in network

Provides standardized services such as virtual terminal, file and job transfer and operations

Layer 6: Presentation Layer

Masks the differences of data formats between dissimilar systems

Specifies architecture-independent data transfer format

Encodes and decodes data; Encrypts and decrypts data; Compresses and decompresses data

Layer 5: Session Layer

Manages user sessions and dialogues

Controls establishment and termination of logic links between users

Reports upper layer errors

Layer 4: Transport Layer

Manages end-to-end message delivery in network

Provides reliable and sequential packet delivery through error recovery and flow control mechanisms

Provides connectionless oriented packet delivery

Layer 3: Network Layer

Determines how data are transferred between network devices

Routes packets according to unique network device addresses

Provides flow and congestion control to prevent network resource depletion

Layer 2: Data Link Layer

Defines procedures for operating the communication links

Frames packets

Detects and corrects packets transmit errors

Layer 1: Physical Layer

Defines physical means of sending data over network devices

Interfaces between network medium and devices

Defines optical, electrical and mechanical characteristics

There are other network architecture models, such as IBM SNA (Systems Network Architecture) model . Those models will be discussed in separate documents.

The OSI 7 layer model is defined by ISO in document 7498 and ITU X.200, X.207, X.210, X.211, X.212, X.213, X.214, X.215, X.217 and X.800. The protocols defined by ISO based on the OSI 7 layer mode.

SNA (Systems Network Architecture) is one of the most popular network architecture models, in addition to the OSI Model, proposed by IBM. Although SNA model is now considered a legacy networking model, SNA is still widely deployed. SNA was designed around the host-to-terminal communication model that IBM's mainframes use. IBM expanded the SNA protocol to support peer-to-peer networking. This expansion was deemed Advanced Peer-to-Peer Networking (APPN) and Advanced Program-to-Program Communication (APPC). Advanced Peer-to-Peer Networking (APPN) represents IBM's second-generation SNA. In creating APPN, IBM moved SNA from a hierarchical, mainframe-centric environment to a peer-to-peer (P2P) networking environment. At the heart of APPN is an IBM architecture that supports peer-based communications, directory services, and routing between two or more APPC systems that are not directly attached.

IBM SNA model has many similarities with the OSI 7 layers model. However, SNA model has only 6 layers and does not define specific protocols for its physical control layer. The physical control layer is assumed to be implemented via other standards. The functions of each SNA layer are described as follows:

Data link control (DLC)- Defines several protocols, including the Synchronous Data Link Control (SDLC) protocol for hierarchical communication, and the Token Ring Network communication protocol for LAN communication between peers. SDLC provided a foundation for ISO HDSL and IEEE 802.2.

• Path control- Performs many OSI network layer functions, including routing and datagram segmentation and reassembly (SAR)

• Transmission control- Provides a reliable end-to-end connection service (similar to TCP), as well as encrypting and decrypting services

• Data flow control- Manages request and response processing, determines whose turn it is to communicate, groups messages, and interrupts data flow on request

• Presentation services- Specifies data-transformation algorithms that translate data from one format to another, coordinate resource sharing, and synchronize transaction operations

• Transaction services- Provides application services in the form of programs that implement distributed processing or management services

VoIP is a packet technology allowing the analog waves of our spoken words to be converted to digital signals and then packetized. Packets are sent over the IP network to the end point for reassembly and conversion to sound.

Using VOIP protocols, voice communications can be achieved on any IP network regardless it is Internet, Intranets or Local Area Networks (LAN). In a VOIP enabled network, the voice signal is digitized, compressed and converted to IP packets and then transmitted over the IP network. VOIP signaling protocols are used to set up and tear down calls, carry information required to locate users and negotiate capabilities. The key benefits of Internet telephony (voice over IP) are the very low cost, the integration of data, voice and video on one network, the new services created on the converged network and simplified management of end user and terminals.

here are a few VOIP protocol stacks which are derived from various standard bodies and vendors, namely H.323, SIP, MEGACO and MGCP.

• Audio (digitized) voice
• Video (digitized)
• Data (files or image)
• Communication control (exchange of supported functions, controlling logic channels, etc.)
• Controlling connections and sessions (setup and tear down)

The H.323 was first published in 1996 and the latest version (v5) was completed in 2003.

H.323 is an ITU-T (http://www.itu.int/ITU-T/ ) standard.

SIP is an Internet Engineering Task Force (IETF) standard for managing the handshake procedures for beginning and ending real-time communications between IP network end points.

SIP is a text-based protocol, similar to HTTP and SMTP, for initiating interactive communication sessions between users. This makes SIP easy to troubleshoot, enables fast application development, and presents a stable framework for establishing interoperability between devices, applications, call controllers, and gateways. SIP is used to enable human-to-human communications that might include voice, video, chat, interactive games, and virtual reality. 

SIP is defined by IETF (www.ietf.org ) in RFC 3261, 3262, 3263, 3264, and 3265.

Megaco/H.248 is defined by IETF (www.ietf.org ) and ITU-T.

Media Gateway Control Protocol (MGCP) is used for controlling telephony gateways from external call control elements called media gateway controllers or call agents. A telephony gateway is a network element that provides conversion between the audio signals carried on telephone circuits and data packets carried over the Internet or over other packet networks.

MGCP assumes a call control architecture where the call control intelligence is outside the gateways and handled by external call control elements. The MGCP assumes that these call control elements, or Call Agents, will synchronize with each other to send coherent commands to the gateways under their control. MGCP is, in essence, a master/slave protocol, where the gateways are expected to execute commands sent by the Call Agents.

MGCP is defined in RFC: 2705 by IETF (www.ietf.org ) and ITU-T.

PPPoE is defined by IETF (http://www.ietf.org ) RFC 2516.

Basic Network Address Translation (Basic NAT) is a method by which IP addresses are mapped from one group to another, transparent to end users. Network Address Port Translation, or NAPT is a method by which many network addresses and their TCP/UDP ports are translated into a single network address and its TCP/UDP ports. Together, these two operations, referred to as traditional NAT, provide a mechanism to connect a realm with private addresses to an external realm with globally unique registered addresses.

The need for IP Address translation arises when a network's internal IP addresses cannot be used outside the network either for privacy reasons or because they are invalid for use outside the network. Network topology outside a local domain can change in many ways. Customers may change providers, company backbones may be reorganized, or providers may merge or split. Whenever external topology changes with time, address assignment for nodes within the local domain must also change to reflect the external changes. Changes of this type can be hidden from users within the domain by centralizing changes to a single address translation router. Basic Address translation would allow hosts in a private network to transparently access the external network and enable access to selective local hosts from the outside. Organizations with a network setup predominantly for internal use, with a need for occasional external access are good candidates for this scheme.

There are limitations to using the translation method. It is mandatory that all requests and responses pertaining to a session be routed via the same NAT router. One way to ascertain this would be to have NAT based on a border router that is unique to a stub domain, where all IP packets are either originated from the domain or destined to the domain. There are other ways to ensure this with multiple NAT devices.

This solution has the disadvantage of taking away the end-to-end significance of an IP address, and making up for it with increased state in the network. As a result, end-to-end IP network level security assured by IPSec cannot be assumed to end hosts, with a NAT device enroute. The advantage of this approach however is that it can be installed without changes to hosts or routers.

NAT is defined by IETF (http://www.ietf.org ) RFC3022.

Internet Protocol Virtual Private Network (IP VPN) is a group of technologies that are widely used by corporations and service providers to provide secured, private and scalable communications with proper QoS, over a public IP based infrastructure such as the Internet and Service Provider shared IP networks. IP VPN is replacing the traditional VPN technologies such as ATM VPN, Frame Relay VPN and TDM based VPN to become the main stream of the VPN services, though interfaces to the existing technologies exist in some cases.

The core technology of VPN is the encapsulation or tunneling algorithms. Primarily, there are three types of IP VPN technologies: IPsec based IP VPN, MPLS based IP VPN and SSL base IP VPN. Different technologies may have different focus of benefits and serve different business purposes. The following are summaries of the three types of technologies, their main applications and limitations:

MPLS based IP VPN:

MPLS-based Layer 3 VPNs uses MPLS labeling algorithms and signaling protocols to encapsulate IP packets and distribute VPN-related information. MPLS based IP VPN can seamlessly interface with traditional VPN technologies such as ATM, Frame Relay and TDM etc. It can be an alternative or a complementary VPN solution to the legacy deployment. A primary advantage of MPLS is that it provides the scalability to support both small and very large-scale VPN deployments. It can support end-to-end QoS, rapid faultcorrection of link and node failure, bandwidth protection, and a foundation for deploying additional value-added services. MPLS technology also simplifies configuration, management, and provisioning, helping service providers to deliver highly scalable, differentiated, end-to-end IP based services. The service provider can offer SLAs by enabling MPLS traffic engineering and fast reroute capabilities in the core network. MPLS based IP VNP is a network based VPN technology for site-to-site VPN communications only.

IPsec Based IP VPN:

IPSec protocol provides the framework for CPE-based Layer 3 VPNs. IPSec supports 1)Data confidentiality by encrypting packets before transmission; 2)Data integrity through authenticating packets 3)Data origin authentication; 4) Anti-replay; 5) Encapsulating Security Payload (ESP), for confidentiality. IPSec parameters are communicated and negotiated between network devices in accordancewith the Internet Key Exchange (IKE) protocol.The IPSec protocol provides protection for IP packets by allowing network designers to specify the traffic that needs protection, define how thattraffic is to be protected, and control who can receive the traffic. IPSec VPNs is a replacement technology to the traditional VPNs such as leased-line, Frame Relay, or ATM. The advantage of IPSec is that it meets network requirements more cost effectively and with greater flexibility byusing the public IP network such as the Internet and service providers¡¯ IP-based networks.IPSec is suitable for both site-to-site and remote-access VPNs.

SSL based IP VPN:

Secure Sockets Layer (SSL) is for remote-access VPNs, instead of site-to-site VPNs. In the SSL based VPN, the Secure Sockets Layer protocol is used for packet encapsulation and user authentication. SSL provides access to Web-based applications from any location with a Web browser, an Internet connection, and without special clientsoftware. It provides secure connectivity by authenticating the communicating parties and encrypting the traffic that flows between them.SSL-based VPNs only support applications coded for SSL, including standard e-mail clients, Telnet, FTP, IP telephony, multicastapplications, and applications requiring QoS.

In MPLS, data transmission occurs on Label-Switched Paths (LSPs). LSPs are a sequence of labels at each and every node along the path from the source to the destination. There are several label distribution protocols used today, such as Label Distribution Protocol (LDP) or RSVP or piggybacked on routing protocols like border gateway protocol (BGP) and OSPF. High-speed switching of data is possible because the fixed-length labels are inserted at the very beginning of the packet or cell and can be used by hardware to switch packets quickly between links.

MPLS is designed to address the network problems such as networks-speed, scalability, quality-of-service (QoS), and traffic engineering. MPLS has also become a solution to meet the bandwidth-management and service requirements for next-generation IP-based backbone networks.

IPsec provides security services at the IP layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services. IPsec can be used to protect one or more "paths" between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

The set of security services that IPsec can provide includes access control, connectionless integrity, data origin authentication, rejection of replayed packets (a form of partial sequence integrity), confidentiality (encryption), and limited traffic flow confidentiality. Because these services are provided at the IP layer, they can be used by any higher layer protocol, e.g., TCP, UDP, ICMP, BGP, etc.

These objectives are met through the use of two traffic security protocols, the Authentication Header (AH) and the Encapsulating Security Payload (ESP), and through the use of cryptographic key management procedures and protocols. The set of IPsec protocols employed in any context, and the ways in which they are employed, will be determined by the security and system requirements of users, applications, and/or sites/organizations.

When these mechanisms are correctly implemented and deployed, they ought not to adversely affect users, hosts, and other Internet components that do not employ these security mechanisms for protection of their traffic. These mechanisms also are designed to be algorithm-independent. This modularity permits selection of different sets of algorithms without affecting the other parts of the implementation. For example, different user communities may select different sets of algorithms (creating cliques) if required.

A standard set of default algorithms is specified to facilitate interoperability in the global Internet. The use of these algorithms, in conjunction with IPsec traffic protection and key management protocols, is intended to permit system and application developers to deploy high quality, Internet layer, cryptographic security technology.

Virtual Private LAN Services (VPLS) is a solution that can provide layer 2 Virtual Private Network (VPN) services over Ethernet networks. It uses a combination of Ethernet and MPLS to meet the needs of carriers and customers alike. VPLS allows customer networks at geographically diverse locations to communicate with each other as if they were in the same LAN. The WAN and MAN becomes transparent to all customer locations. Ethernet VPN based on VLPS and MPLS provides more benefits than other alternative layer 2 or 3 VPN technologies:

• Lower capital expenditure required for deploying Ethernet infrastructure by the Service Providers and customers
• Better scalability due to unlimited scalability of MPLS
• Better reliability because MPLS provides many advantageous reliability features
• Better QoS management because the traffic engineering capabilities in MPLS allow providers to support service level guarantees across the entire network.
• Improved OAM: MPLS' dynamic signaling is instrumental in providing quicker changes and reconfigurations of service.
• Protection of investment on existing technologies because VPLS can be used to offer not only Metro Ethernet services but can also interconnect with existing ATM and Frame Relay access networks and IP-VPN core networks running over various core technologies such as Next Generation SONET/SDH and Dense Wave Division Multiplexing (DWDM).

VPLS Standards

VPLS is currently being defined in the Internet Engineering Task Force (IETF) with the broad support of carriers and vendors. Most of VPLS related standards are still in the drafting stage by the l2vpn and pwe3 working groups of IETF. There are primaried two groups of technologies to address point-to-point communication and point-to-multi-point commnucation.

Pseudowires are point-to-point connections setup between pairs of Provider Edge routers. Their primary function is to emulate services like ATM, Frame Relay, Ethernet and TDM over an underlying common MPLS network. To achieve this, each of these technologies is encapsulated into a common MPLS format. These encapsulation standards were previously known as the martini drafts. By encapsulating services into a common MPLS format, pseudowires allow carriers to converge their services to an MPLS network. Ethernet encapsulating pseudowires are the building blocks of VPLS. The pseudowire encapsulation standards are being defined in the IETF's pwe3 working group.

For the point-to-multipoint communication network, the customer sites are connected through a service provider network, which appears as a Layer 2 switch capable of learning and aging. Customer sites are connected to the service provider network at the Provider Edge (PE). All PEs in the network are connected together in a full mesh of tunnels with each tunnel carrying multiple pseudowires. Depending on the location and the number of customer sites, the number of pseduowires setup for a customer/service may range from one (for a customer with only two locations) to a full mesh (for a customer who has locations connected to every PE). All unknown unicast, multicast and broadcast packets are flooded to all the PEs participating in a customer VPN. This network model assumes that all PEs in a service (or VPLS instance) are connected in a full mesh of pseudowires which obviates the need to keep the network loop free. The VPLS network model is being standardized as part of the VPLS drafts in the IETF's l2vpn working group.

To improve its scalability, Hierarchical VPLS (HVPLS) is introduced. The HVPLS standards allow the creation of hierarchies with a hub-and-spoke arrangement. The full mesh of tunnels is maintained between the hub sites (designated as PEs). The CE equipment is connected to an MTU-s router, which is connected to a PE router, thus providing the hierarchy.

The traditional VPN technologies have been widely deployed in the field by Service Providers and Enterprises. However, due to their high cost and less features, new VNP technologies such as IPsec VPN, SSL VPN and MPLS VPN are becoming more and more popular. These new VPN technologies are fully compatible with TCP/IP, the choice of technology for data routing and transportation of the world.

The key technology for VPN is the security of data over a public network. The three types of security: authentication, encryption and encapsulation, forms the foundation of virtual private networking. However, authentication, encryption and encapsulation can be performed by many different technologies. In addition, these three sets of technologies can be combined in different ways.

For data encapsulation in VPN, many tunneling technologies are developed, such as Layer 2 Tunneling Protocol (L2TP), Layer 2 Forward protocol (L 2F ) and Point to Point Tunneling Protocol (PPTP). PPTP provides remote users encrypted, multi-protocol access to a corporate network over the Internet. Network layer protocols, such as IPX and NetBEUI, are encapsulated by the PPTP for transport over the Internet. However, PPTP can support only one tunnel at a time for each user. Therefore, its proposed successor, L2TP (a hybrid of PPTP and another protocol, L 2F ) can support multiple, simultaneous tunnels for each user. PPTP and L2TP are the layer 2 VPN technologies from CPE (customer premise equipment) to CPE. 

Internet Protocol Security (IPSec), the most widely deployed VPN technology, is a set of authentication and encryption protocols developed by the Internet Engineering Task Force (IETF), to address data confidentiality, integrity, authentication and key management in the IP networks. The IPSec protocol typically works on the edges of a security domain, which encapsulates a packet by wrapping another packet around it. It then encrypts the entire packet. This encrypted stream of traffic forms a secure tunnel across an otherwise unsecured IP network. IPsec is the primary layer 3 VPN technology providing a CPE to CPE tunnel.

SSL/TLS, a technology popularly used for secured communication of web traffic (HTTPS), can also be also used for VPN. SSL VPNs use the highly mature and widespread SSL/TLS protocol to handle the tunnel creation and cryptographic elements necessary to create a VPN. SSL/TLS is much easier to implement than IPSec and provides a simple and well-tested platform. The RSA handshake (or DH) is used exactly as IKE in IPSec, and the SSL crypto library is used to secure the symmetric tunnel after that, again using similar encryption techniques to those protecting IPSec tunnels. This tunnel can pass arbitrary traffic, just like an IPSec VPN.

The VPN technologies popular among service providers are the border gateway protocol/multiprotocol label switching (BGP/MPLS) VPN. BGP/MPLS VPN is introduced to solve the scalability problems in the traditional ATM and Frame Relay VPNs. In addition, the MPLS VPN, a connectionless VPN, is fully compatible with the TCP/IP technologies and the Internet world, which has significantly lower cost of deployment and operations. The BGP/MPLS VPN standard is defined in the IETF RFC 2547bis to provide Layer 3 VPN solutions using BGP to carry route information over a MPLS core. This Layer 3 MPLS-VPN solution achieves all of the security of the Layer 2 approach, while adding enhanced scalability inherent in the use of Layer 3 routing technology.

Unified Messaging brings voice mail, e-mail, and fax mail services together. It can be unified at the end user client (Outlook or Notes for example), at the server, or at both locations.

eMail, an integral component of most time-share computing services in the 1960s and 1970s, only connected the users of the computer that hosted the service. Not until 1971 when Ray Tomlinson wrote SNDMSG and READMAIL as a network service did eMail assume the appearance of today's requisite messaging tool.

Most Internet users know Instant Messaging through services such as AOL Instant Messaging (AIM) or Microsoft Messenger. AIM was derived from the ICQ model developed in 1996 as the service of Mirabillis (acquired by AOL in 1998). According to IDC, by 2006 there will be 255 million users worldwide—both consumers and enterprises—of instant messaging, almost three times the number of users in 2002. The phenomenal growth within enterprises is equally impressive. Businesses are integrating presence management with their IP telephony system.

Instant message (IM) technologies allow people to talk online real time . To s end a message, you need to open up a small window where you and your friend can type in messages that both of you can see. Most of the popular instant-messaging programs provide a variety of features:

Instant messages - Send notes back and forth with a friend who is online
Chat - Create your own custom chat room with friends or co-workers
Web links - Share links to your favorite Web sites
Images - Look at an image stored on your friend's computer
Sounds - Play sounds for your friends
Files - Share files by sending them directly to your friends
Talk - Use the Internet instead of a phone to actually talk with friends
Streaming content - Real-time or near-real-time stock quotes and news

There are many IM systems, such as AOL IM, Yahoo IM and MSN IM, which use different technologies and they are often not compatible with each other. There have been several attempts to create a unified standard for instant messaging: IETF's SIP (Session Initiation Protocol) and SIMPLE (SIP for Instant Messaging and Presence Leverage), APEX (Application Exchange), Prim (Presence and Instant Messaging Protocol), and the open XML-based XMPP (Extensible Messaging and Presence Protocol), more commonly known as Jabber.

• 802.11 -- applies to wireless LANs and provides 1 or 2 Mbps transmission in the 2.4 GHz band using either frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum (DSSS).
  
• 802.11a -- an extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5GHz band. 802.11a uses an orthogonal frequency division multiplexing (OFDM) encoding scheme rather than FHSS or DSSS. The 802.11a specification applies to wireless ATM systems and is used in access hubs.
  
• 802.11b (also referred to as 802.11 High Rate or Wi-Fi) -- an extension to 802.11 that applies to wireless LANS and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. 802.11b was a ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet.
  
• 802.11g -- offers wireless transmission over relatively short distances at 20 - 54 Mbps in the 2.4 GHz band. The 802.11g also uses the OFDM encoding scheme.
  
• 802.11n - builds upon previous 802.11 standards by adding MIMO (multiple-input multiple-output). IEEE 802.11n offers high throughput wireless transmission at 100Mbps ? 200 Mbps.

WLAN protocols are defined by IEEE (http://www.ieee.org ) 802.11 specifications.

Registered Jack (RJ) is a general term for electrical connector designs registered with the US Federal Communications Commission, including the RJ-11, RJ-14, RJ-25, RJ-48, RJ-61 and RJ-45 connectors. The most familiar registered jacks are the 4-conductor and the 6-conductor connectors known variously as RJ-11, RJ-12 and RJ-14, and the 8-conductor RJ-45, all sometimes simply called RJ connectors. These are commonly used in building wiring for telephone and local area networks. They were originally invented and patented by Bell Labs.

RJ-11: Registered Jack-11
Registered Jack-11 (RJ-11), also called plug, is a four- or six-wire connector used to connect telephone equipment, modems, fax to a famle RJ-11 jack on the wall. It is occasionally used to connect some types of local-area networks (LANs) in some cases.

RJ-22: Registered Jack-22
Registered Jack-22 (RJ-22) is a four wire modular jack used for connecting telephone handsets to telephone instruments.

RJ-25C: Registered Jack-25C
Registered Jack 25C (RJ-25C) is a standard for a modular connector using 6 conductors. It is usually used to implement a 3-line telephone connection.

RJ-45: Registered Jack-45
Registered Jack-45 (RJ-45) is an eight-wire connector used to connect computers onto a local-area networks (LAN), especially Ethernet. RJ-45 comes in two types: keyed and non-keyed.

Simple Mail Transfer Protocol (SMTP) is a protocol designed to transfer electronic mail reliably and efficiently. SMTP is a mail service modeled on the FTP file transfer service. SMTP transfers mail messages between systems and provides notification regarding incoming mail.

SMTP is independent of the particular transmission subsystem and requires only a reliable ordered data stream channel. An important feature of SMTP is its capability to transport mail across networks, usually referred to as "SMTP mail relaying". A network consists of the mutually-TCP-accessible hosts on the public Internet, the mutually-TCP-accessible hosts on a firewall-isolated TCP/IP Intranet, or hosts in some other LAN or WAN environment utilizing a non-TCP transport-level protocol. Using SMTP, a process can transfer mail to another process on the same network or to some other network via a relay or gateway process accessible to both networks.

In this way, a mail message may pass through a number of intermediate relay or gateway hosts on its path from sender to ultimate recipient. The Mail eXchanger mechanisms of the domain name system are used to identify the appropriate next-hop destination for a message being transported.

Streaming is a technique for transferring data such that it can be processed as a steady and continuous stream. Streaming technologies are widely used in transmit large multimedia (voice, video and data) files quickly. With streaming, the client browser or plug-in can start displaying the multimedia data before the entire file has been transmitted.

Video streaming technology is developed based on (2) key technologies, the video coding technology and scalable video distribution technology.

Bandwidth efficiency, scalability and flexibility between a video server and client machine is a key issue in the video stream the Internet is the best effort network. The scalable video distributing technology can automatically adjust the amount of data according to the change in bandwidth. Video streaming system consists of an encoder, distribution server and a client that receives the video data. The distribution server stores the encoded video data and begins to distribute it on the client's demand. People can watch the video whenever and wherever by accessing the server on the Internet. Encoding and distribution is carried out in real time in the case of live distribution. Load balance is considered by placing the relay server in the appropriate location on the network.

The most important video codec standards for streaming video are H.261, H.263, MJPEG, MPEG1, MPEG2 and H.264/MPEG4. Compared to video codecs for CD-ROM or TV broadcast, codecs designed for the Internet require greater scalability, lower computational complexity, greater resiliency to network losses, and lower encode/decode latency for video conferencing. In addition, the codecs must be tightly linked to network delivery software to achieve the highest possible frame rates and picture quality.

The transport protocols used in the video streaming are TCP, UDP, RTP and RTSP. For reliable document (such as HTTP files) transfer, TCP is required. UDP provides un-reliable transport of information which can be used to stream video. However, th most porpular transport is the Real Time Transport Protocol (RTP), which is specially designed for the transport of real-time data, including audio and video. The Real Time Streaming Protocol (RTSP) is another open standard for delivery of real-time media over the Internet. It defines the connection between streaming media client and server software, and provides a standard way for clients and servers from multiple vendors to stream multimedia content.

RTP itself does not provide any mechanism to ensure timely delivery or provide other quality-of-service guarantees, but relies on lower-layer services to do so. It does not guarantee delivery or prevent out-of-order delivery, nor does it assume that the underlying network is reliable and delivers packets in sequence. The sequence numbers included in RTP allow the receiver to reconstruct the sender's packet sequence, but sequence numbers might also be used to determine the proper location of a packet, for example in video decoding, without necessarily decoding packets in sequence.

RTP is defined by IETF (http://www.ietf.org ) in RFC 3550 and 3551.

• RTSP introduces a number of new methods and has a different protocol identifier.

• An RTSP server needs to maintain state by default in almost all cases, as opposed to the stateless nature of HTTP.

• Both an RTSP server and client can issue requests.

• Data is carried out-of-band by a different protocol, in most cases.

• RTSP is defined to use ISO 10646 (UTF-8) rather than ISO 8859-1,consistent with current HTML internationalization efforts.

• The Request-URI always contains the absolute URI. Because of backward compatibility with a historical blunder, HTTP/1.1 carries only the absolute path in the request and puts the host name in a separate header field.

RTSP is defined by IETF (http://www.ietf.org ) in RFC 2326.

Multiplexing in TCP: numerous simultaneous upper-layer conversations can be multiplexed over a single connection.

TCP is defined by IETF (http://www.ietf.org ) RFC793.

The TCP/IP protocol suite establishes the technical foundation of the Internet. (UDP/IP is part of the the family). Development of the TCP/IP was started by DOD projects and now, most protocols in the suite are developed by the industry non-for-profit organization named Internet Engineering Task Force (IETF) under the Internet Architecture Board (IAB), an organization initially sponsored by the US government and now an open and autonomous organization. The IAB provides the coordination for the R&D underlying the TCP/IP protocols and guides the evolution of the Internet. The TCP/IP protocols are well documented by the Request For Comments (RFC), which are drafted, discussed, circulated and approved by the IETF committees. All documents are open and free and could be found online in the IETF site listed in the reference.

TCP/IP protocols cover 6 layers in the OSI network architecture 7 layer model and providing functions from switching (layer 2) such as MPLS to applications such as mail services (POP3 and SMTP ). Its core functions are addressing and routing (IP /IPv6 in the networking layer) and transport (TCP , UDP in the transport layer). 

IP - Internet Protocol

Addressing of network components is a critical issue in the network communications for information routing and transmission.Each technology has its own convention for transmitting messages between two machines within the same network. On a LAN, messages are sent between machines by supplying the six byte unique identifier (the "MAC" address). In an SNA network, every machine has Logical Units with their own network address. DECNET , Appletalk , and Novell IPX all have a scheme for assigning numbers to each local network and to each workstation attached to the network.

On top of these local or vendor specific network addresses, IP assigns a unique number to every network device in the world, which is called IP address. This IP address is a four byte value in IPv4 that, by convention, is expressed by converting each byte into a decimal number (0 to 255) and separating the bytes with a period. In IPv6, the IP address has been increased to 16 bytes.

TCP - Transmission Control Protocol

TCP provides a reliable stream delivery and virtual connection service to applications through the use of sequenced acknowledgment with retransmission of packets when necessary. Among the services TCP provides are stream data transfer, reliability, efficient flow control, full-duplex operation, and multiplexing.

TCP/IP is defined by IETF (http://www.ietf.org ) RFC793.

TCP is defined by IETF (http://www.ietf.org ) RFC768.

• The Well Known Ports are those from 0 through 1023.
• The Registered Ports are those from 1024 through 49151.
• The Dynamic and/or Private Ports are those from 49152 through 65535

Advanced Peer-to-Peer Networking (APPN) is an enhancement to the original IBM SNA architecture . APPN, which includes a group of protocols and processors, handles session establishment between peer nodes, dynamic transparent route calculation, and traffic prioritization. Using APPN, a group of computers can be automatically configured by one of the computers acting as a network controller so that peer programs in various computers will be able to communicate with other using specified network routing.

APPN features include:

• Better distributed network control; because the organization is peer-to-peer rather than solely hierarchical, terminal failures can be isolated
• Dynamic peer-to-peer exchange of information about network topology, which enables easier connections, reconfigurations, and routing
• Dynamic definition of available network resources
• Automation of resouce registration and directory lookup
• Flexibility, which allows APPN to be used in any type of network topology

An APPN network is composed of three types of APPN node:

• Low Entry Networking (LEN) Node - APPN LEN node provides peer to peer connectivity with all other APPN nodes.
• End Node- An End Node is similar to a LEN node in that it participates at the periphery of an APPN network. An End Node includes a Control Point (CP) for network control information exchange with an adjacent network node.
• Network Node - The backbone of an APPN network is composed of one or more Network Nodes which provide network services to attached LEN and End Nodes.

The APPN network have the following major functional processors:

Connectivity- The first phase of operation in an APPN network is to establish a physical link between two nodes. When it has been established, the capabilities of the two attached nodes are exchanged using XIDs. At this point, the newly attached node is integrated into the network.

Location of a Targeted LU- Information about the resources (currently only LUs) within the network is maintained in a database which is distributed across the End and Network Nodes in the network. End Nodes hold a directory of their local LUs. If the remote LU is found in the directory, a directed search message is sent across the network to the remote machine to ensure that the LU has not moved since it was last used or registered. If the local search is unsuccessful, a broadcast search is initiated across the network. When the node containing the remote LU receives a directed or broadcast search message, it sends back a positive response. A negative response is sent back if a directed or broadcast search fails to find the remote LU.

Route Selection- When a remote LU has been located, the originating Network Node server calculates the best route across the network for a session between the two LUs. Every Network Node in the APPN network backbone maintains a replicated topology database. This is used to calculate the best route for a particular session, based on the required class of service for that session. The class of service specifies acceptable values for session parameters such as propagation delay, throughput, cost and security. The route chosen by the originating Network Node server is encoded in a route selection control vector (RSCV).

Session Initiation - A BIND is used to establish the session. The RSCV describing the session route is appended to the BIND. The BIND traverses the network following this route. Each intermediate node puts a session connector for that session in place, which links the incoming and outgoing paths for data on the session.

Data Transfer- Session data follows the path of the session connectors set up by the initial BIND. Adaptive pacing is used between each node on the route. The session connectors on each intermediate node are also responsible for segmentation and segment assembly when the incoming and outgoing links support different segment sizes.

Dependent LU Requestor- Dependent LUs require a host based System Services Control Point (SSCP) for LU-LU session initiation and management. This means that dependent LUs must be directly attached to a host via a single data link.

High-performance routing (HPR)- HPR is an extension to the APPN architecture. HPR can be implemented on an APPN network node or an APPN end node. HPR does not change the basic functions of  the architecture. HPR has the following key functions:

• Improves the performance of APPN routing by taking advantage of high-speed, reliable links
• Improves data throughput by using a new rate-based congestion control mechanism
• Supports nondisruptive re-routing of sessions around failed links or nodes
• Reduces the storage and buffering required in intermediate nodes.

When making a business phone system decision, businesses first need to determine which type of phone system best meets their business needs. Will a traditional phone system or an IP phone system provide the benefits that are key to business operations?

IP phones systems can provide unique advantages:

Lower total cost of ownership. An IP phone system can lower total cost of ownership for businesses. Long distance charges for remote offices, the expense of teleworking, and international travellers' phone charges can be dramatically reduced with an IP business phone system. Moving an employee is as simple as unplugging a telephone and plugging it in at a new location—as opposed to costly service calls from legacy phone system vendors. IP phone system business owners can converge their data and voice communications, avoiding the need to deploy and manage two separate networks and infrastructure. For example, running a traditional phone line to each employee's desk can cost over $100 per line. When setting up a new office, why pay the hundreds or thousands of dollars in cabling?

In addition to the hard dollar savings, an IP phone system can make workers more productive. A unified dial plan gives employees easy and fast access to each other, regardless of their location, saving time every day for every employee. Over the course of a year that savings can add up. And overworked IT staff can easily configure the IP phone system using a web browser instead of the complicated interfaces from legacy vendors.

Enhance business revenue. The abundance of applications supported by an IP phone system can enhance customer service and improve business performance. And integrating the IP phone system with business software such as call center and conferencing applications can boost top-line revenue.