15.13 LAN Internets

LANs at distributed locations can be interconnected in a variety of ways—private lines, IP, frame relay, and ATM. When cost savings is the overriding factor, IP is used to exchange files between LANs at any location—even between the LANs of different companies. But there are serious security concerns that must be addressed, if sensitive information must be exchanged. When there are only two locations involved, a point-to-point private line will usually suffice and be more secure than IP. When more than two locations are involved, frame relay is the best choice, especially over long distances and when a fully meshed topology is required. Frame relay is as secure as private lines. When high-speed connectivity at 45 Mbps and above is required and real-time applications are involved, ATM is the appropriate choice and it is also as secure as private lines.

Routers are used for LAN-to-LAN connectivity and they can be configured to send traffic over another path when they sense that they can no longer send to the next nearest router or switch. However, they are less effective for rerouting a second time based on circuit congestion. The reason is that when primary circuits fail, secondary circuits often fill up quickly. This underscores the need to plan ahead for a network failure by giving the designated backup circuits enough bandwidth to handle the overload.

There are ways to address this problem. Carriers’ data services—IP, frame relay, and ATM—can be configured to deliver their traffic over alternate routes if the primary routes become unavailable. On the access links to the carrier’s network, however, it is still advisable, in many cases, to provide facility backup, if only to ensure that there is a local path always available between the company and the carrier.

Some access routers and IADs use inverse multiplexing to ensure continuous traffic flow despite the failure of one or more access links. IMA, for example, offers an efficient and economical way to tap into ATM networks for all types of traffic, providing scalable bandwidth over multiple T1 access lines ( N × T1) for extending PBX services and interconnecting LANs and private networks for voice, data, and video.

First generation multiport ATM routers and IADs that supported IMA, however, did not offer failure protection. In fact, if one of the T1 access links went down, the entire virtual connection went down, leaving the customer without communications. Today’s equipment not only provides bandwidth scalability, many IMA units feature built-in failure protection as well. Should one of the T1 links in a trunk group fail, traffic continues to be distributed over the remaining links (see Figure 15.5). When the failed link is restored to service, traffic is automatically distributed across the entire trunk group.

Figure 15.5: Devices that provide IMA now support trunk group failure protection, allowing communication to continue despite the failure of one or more access lines in the trunk group. (In the bottom diagram, the failed line is indicated with an X.)

This feature—the ability to maintain traffic flow in the event of a T1 circuit failure-—has proven attractive to customers of ATM services. IMA is built on redundant T1 circuits, and the probability of multiple T1 access lines failing at the same time is low compared to the possibility of a single T3 access line failure. Local circuit redundancy is a significant and sought-after benefit of IMA, especially among smaller companies considering ATM services. To prevent an equipment failure from making the access lines unavailable, many IMA devices are offered with optional redundant control logic, ports, power supplies, and fans.

In addition to N × T1 IMA, the access equipment may have a T3 (45 Mbps) or OC-3 (155 Mbps) ATM interface, so that if a company grows to the point of needing more than eight T1 access lines, the same system can support it without the company having to buy a whole new system. If the equipment does not come with the higher-speed interface, a plug-in module can be added at an incremental cost.

Today’s IADs offer carriers graphical interfaces for provisioning, configuration, and management. From a central network operations center, technicians can configure the device, perform diagnostics and troubleshooting, and gather and analyze performance statistics. These remote management capabilities are especially important for smaller companies, since they are not likely to have technical expertise on staff. The proactive monitoring capabilities of the carrier’s 24/7 NOC means that most problems will be discovered and fixed before the customer is even aware that a trouble condition exists with the equipment or access lines.

When backing up WAN circuits—regardless of the type of service or the applications running over them—the disaster recovery options boil down to the following:

• Diversify the carriers and the routes that circuits will take;

• Diversify just the route;

• Have redundant facilities and extra bandwidth already in place;

• Rely on the carrier to recover the circuits;

• Use a combination of protective measures.

The mission criticality of the data, response-time requirements of the applications, and budget constraints will determine the choice of disaster recovery options for the WAN, as well as the access links.