Remote Access Service Options

Building remote access networks is not only related to management, but also to some fundamental technical choices that include last mile decisions, WAN technologies, and subscribed services. These choices can be made based on capacity planning analysis, expected functionality, baselines, and simulative models.

The viable service options offered by practically all service providers include dial-in, ISDN, and Frame Relay. During the last several years in the U.S. market, new technologies, such as xDSL, cable modems, and wireless broadband services, have emerged. Literally all available narrowband and broadband services can be used for future remote access designs. A wireline and wireless classification of the offered services is another possible way of reviewing remote access offerings.

NOTE

Narrowband, or baseband, service offerings refer to subvoice channels that can carry data starting from 64 kbps, fractions of T1, and T1. The term is used for legacy plain old telephone systems (POTS) and non-video-capable systems. Broadband refers to systems that are capable of carrying a wide range of frequencies and services. The cable systems are a classic example.

Figure 1-1 depicts several Cisco remote access services. The scope of enterprise remote access can be broad. The lower portion of Figure 1-1 shows traditional solutions, and the upper portion of Figure 1-1 shows the available VPN options. (In Figure 1-1, the reason that there are two separate dial designs is not technical, but cost-based.)

A more recent approach to remote access is the VPN, which is making significant progress in the market by replacing the permanent circuit offering typical of all legacy technologies. In a sense, the VPN offering (VPNs are covered in Part V of this book) became a super vehicle, and the service now includes VPN over ISDN, VPN over dial-in, and so on, where enterprises are not necessarily ordering permanent circuits, but instead are taking advantage of the existing baseband or broadband services of remote users to build VPN tunnels to corporate intranets. VPN is an evolving technology, and some analysts predict it will become a $10 billion market by 2005. Although today, most legacy and some new services compose the bulk of the service provider's offering to the enterprise market.

Table 1-1 provides a summary of each remote access technology option.

For more information, see ADSL and DSL Technologies, by Walter Goralski.

Analog Dialup Services

The analog modem dialup service gained popularity because of constant increases in speed and support from modem manufacturers. The initial offering started with speeds from 300 to 2400 bps, then to 9600 bps, 14.4 kbps, and so on. The term modem is an abbreviation for modulatordemodulator. Because the modem operates in the 4-kHz bandwidth, it requires analog to digital and digital to analog conversion on both ends. Part of this technology uses extended code correction and compression, which allows the speed to increase up to a factor of 4.

A significant event of the modem offering was in 1968, when the Federal Communications Commission (FCC) regulations permitted CPE to be connected to the Public Switched Telephone Network (PSTN). Another major event in the history of network communications was a paper written in 1948 by Claude Shannon, which established the theoretical limits of the speed that the modem can operate. The equation (see Chapter 2, "Telecommunication Basics") is called Shannon's limit, or Shannon's Law, and defines the upper theoretical limit of the data rate if proper technology is used.

The first attempt for standardization occurred in 1968, where the Comité Consultatif International Téléphonique et Télégraphique (CCITT), which is today called the International Telecommunication Union Telecommunication Standardization Sector (ITU-T), established a recommendation known as V.21, which defines the 200 (300 bps) modem speed. V.21 is still in use today as part of the V.34 and V.8 handshake that establishes basic modem compatibility. In 1984, the V.32 standard defined echo-cancellation and trellis coding. These standards provide some degree of forward error correction (FEC) techniques, and V.32b defines data rates of up to 14.4 kbps. The V.34 standard supports data rates of 24, 28.8, and 33.6 kbps, and coding 10 bits in one sinusoid (10 bits/Hz), which approaches the theoretical limit of Shannon's Law.

The announcement of 56 k modems by US Robotics, based on using T-carriers for dial-in service, was a major breakthrough. Analog modems operate over non-conditional circuits; not all 256 levels of pulse code modulation (PCM) coding are recognizable. The modems use 7 instead of 8 bits, which yields 128 levels of PCM and consequently 7 bits x 8000 = 56 kbps. Without any special requirements, this service requires a T1 or ISDN digital trunk on one end that supports 56/64 kbps, and a regular analog line on the other end. Both ends of the connection are usually asymmetric. From the modem side, the downstream connection has a fairly good chance to achieve 56 kbps most of the time because quantizing digital to analog is not susceptible to noise and interference on the line (see the section, "PCM" in Chapter 2).

Nevertheless, such things as local loop issues, bridge taps, crosstalk, and so on usually decrease the data rate to a more common 48 to 50+ kbps. The upstream direction is different. Analog to digital transformation is susceptible to different types of interference. Regardless of the connection speed reported by the dial management applications, the upstream speed is usually 28.8 or 33.6 kbps. This fact is not visible to the end user because the Internet is more of a downstream than upstream service.

A remote access implementation is usually based on access servers, or remote access servers, from which the remote user connects to the corporate network access server (NAS) by using a designated phone number(s). (See more about access servers at www.cisco.com/warp/public/44/jump/access_servers.shtml.)

Some telecommunication companies that provide global dialup service from all over the world use global dialer software, where the user chooses the country and the available phone numbers within the country to connect to the corporate network. The dial numbers are predefined and populated in a dial manager application that is standard on a user's laptop or PC.

In the U.S., an option for dial services is to use 800 toll-free numbers, where the enterprise owns the toll-free number, and pays a fixed per-minute usage fee. The 800 numbers eliminate the need for a more expensive and cumbersome calling card option to connect from long distance locations. Be aware that many hotels now charge a usage fee for 800 calls made from the room, which can significantly increase the dialup cost.

Another analog dial option is to use any ISP to connect to the Internet and use VPN-based solutions to connect to the corporate network. This solution is the most cost-effective and all signs in the dial market show that VPN will be the preferable dial solution in the near future. One significant feature of using a dedicated concentrator for VPN over dial is the option to use compression (LZS, STAC), so that the overhead of VPN packets can be overcome and yield better performance. Also, today's VPN client software is built right into many popular operating systems.

You learn more about dialup technologies in Part II, "Dial."

Benefits of Analog Dialup Services

Today, the dialup solution is the most common solution for remote users, road warriors traveling on business, and home teleworkers. Dialup technology does not require any changes to the CPE side, even if the remote user is using a 56-kbps modem. Plenty of tools exist, including web tools, which are offered by manufacturers to measure the maximum connection speed in any particular location.

Another feature of the technology is that when the maximum speed cannot be achieved, the 56-kbps flex modem can use its backward compatibility. If, for any reason, the maximum speed is not achievable, the 56 k technology can decrease the speed and perform V.34 data connections of 33.6 kbps, which is achievable from many locations around the world. One of the most successful aspects of this technology is that many users have some experience with modems, which significantly decreases enterprise support costs. The high availability for minimum cost is the main advantage so far.

Limitations of Analog Dialup Services

When considering the drawbacks of the technology, the data rate needs to be mentioned first. At this point in technology development, connection speeds under 100 kbps seem outdated and can be ineffective with some types of applications. At the same time, competing technologies, such as 3Com's X2 and 56 k flex that is supported by Lucent Technologies, Motorola, and Rockwell, result in a lack of unified standards and interoperability problems. The dialup modem technology has reached its theoretical maximum.

There was an attempt to unify the X2 and K-flex technologies under V.90, and now there is V.92. In today's market, however, V.90 is much more common for high-speed dialup than X2 or K-flex, especially because a lot of those were software flash upgradable to the V.90 standard when it was released.

ISDN Services

ISDN is considered to be the first advancement from analog dialup service. The ISDN standard is well developed and there are a variety of solutions that make ISDN the most commonly available service offering from telecommunication companies.

The T sector of the ITU-T is responsible for issuing protocols for the E-Series, I-Series, and Q-Series, and for components of the X-series that are related to ISDN, broadband ISDN (B-ISDN), and Signaling System 7 (SS7).

E-Series protocols cover the standardization of the recommended telephone network for ISDN. ITU-T recommendation E.164 (I.331), for example, defines the formats of ISDN addresses. I-Series protocols cover the standardization of concepts, terminology, and general methods. I.431, for example, defines the Primary Rate Interface (PRI), and I.432 defines the Basic Rate Interface (BRI). Q-Series protocols deal with the standardization of switching and signaling schemes and techniques. The Q.921 protocol describes the ISDN data-link processes of LAPD, which functions like Layer-2 processes in the International Organization for Standardization/Open System Interconnection (ISO/OSI) reference model. Q.931 specifies ISO/OSI reference model Layer-3 functions.

Because of the level of standardization in ISDN, the technology has a significant presence in the U.S., Canada, Japan, Europe, and all over the world. The fast setup of calls, sometimes referred to as fast-dial, has a call setup phase of less than one second. Some ISDN switches were developed before the standards and there are a variety of ISDN switches in different parts of the world. This diversity requires special attention in the design, configuration, and operational phases of remote access solutions.

From an enterprise perspective, the technology is fully suited for most remote access objectives, offering BRI services (2B+D channels) for end users, with an overall band-width of 112/128 kbps for user data. Service providers usually offer ISDN service with two data/voice channels for the end user.

You learn more about ISDN in Part III, "ISDN."

Benefits of ISDN Services

Some older Cisco routers do not have voice capable ports, such as the 1000 series routers. Also, the 770 and 800 series routers provide analog phone ports and the 1600s provide an S-bus port for ISDN phones but not analog phones. Also, video conferencing is an embedded function because ISDN is designed for voice, data, and video. The technology is defined as a viable alternative when the end user requires more bandwidth than dial-in, a variety of data and voice services, and administrative functions such as exchanging data, sending e-mails, and surfing the Internet. The technology supports corporate connectivity for a small office, home office (SOHO) environment, or a remote office, branch office (ROBO) environment.

Cisco's ISDN solutions are cost effective because of the scalable nature of ISDN that allows you to scale in increments of 64 kbps, or incremental B channels. The most common design solutions include the following:

• Dial-on-demand routing (DDR)

• Snapshot routing

• ISDN backup solution

• Multilink Point-to-Point Protocol (PPP) and multichasis PPP

• Callback solutions

The head end or back end of the enterprise ISDN service is usually developed by using PRIs, or channelized T1/PRIs. Cisco's IOS capability offers more advanced features including the following:

• Non-Facility Associated Signaling (NFAS) with a D channel backup feature ISDN NFAS allows a single D channel to control multiple PRI interfaces. A backup D channel can be configured for use when the primary NFAS D channel fails.

• Bandwidth Allocation Control Protocol (BACP) The BACP provides multilink PPP peers with the ability to govern link use. The Bandwidth Allocation Protocol (BAP), a subset of BACP, provides a set of rules that govern dynamic bandwidth allocation through call control. It also defines a method for adding and removing links from a multilink bundle for multilink PPP.

In the U.S., the local providers that offer ISDN include both local ISDN and Centrex services. A flat rate is offered only in some areas. Typically, the providers charge a per minute rate, at least for data usage. The Centrex solution is possible and preferred when the service is local or an inter-local access and transport area (LATA), as defined in Chapter 3, "The Cloud." Centrex is preferred in a remote access environment because of the significant reduction in cost from a usage-based service. If the inter-exchange carrier (IXC) is involved, the better solution is to subscribe for local ISDN service for Internet access, and VPN to connect to the corporate network. In this scenario, only the voice portion of the bill can cause high usage, not the data part. To date, no drawbacks or problems are identified for ISDN with IPSec VPN solutions.

ISDN is also well suited for multicasting, voice over IP (VoIP), compression, and if the LEC and IXC can commit a rate, a quality of service (QoS) solution can also be implemented.

Limitations of ISDN Services

One of the concerns of ISDN is related to standards. Besides the differences in ISDN switch type, there are interface compatibility limitations. The U-interface, which is available in the U.S. and Canada where the end terminator (NT1) is part of the CPE, is not available in other parts of the world where the S and T reference points, or S/T interface, is the termination solution and the NT1 devices are governed by the local carriers. This difference requires two types of routers to be produced, one suitable for each particular market, or two interfaces in Cisco's 77x ISDN routers (see the Cisco 804/1604 and the Cisco 803/1603 at www.cisco.com).

Another limitation is cost. Initially conceived with huge enthusiasm, the technology has proven to be expensive because of the dialup nature of ISDN. It is usually based on a usage rate; the carriers use metrics on which to base the rate. Usually, the metrics are based on the number of outgoing calls and their duration. When the IXC portion is included in the design, the ratio bandwidth/price can be unfavorable for this solution.

Frame Relay Services

Frame Relay technology is considered to be a derivative of ISDN. It is a connectionless service, however, which means that the frames traveling the network do not require the initial phase of establishing the connection, because the frames carry the address information. This solution is referred to as a permanent virtual circuit (PVC).

Frame switching is the other alternative, where the call setup phase of the connection is necessary, and consequently the technology is based on switched virtual circuits (SVCs). However, the vast majority of existing service offerings are PVC-based.

The requirement for higher connection speeds is one of the reasons for developing Frame Relay technology. The data transmission shift from mainly text exchanges to graphics is one of the driving factors, because graphics and video require peak bandwidth availability and lower response time. The requirement for dynamic bandwidth is another factor in Frame Relay development. The demand for more reliability and less overhead from existing digital facilities, and the requirement for handling bursty traffic are other factors that influenced the creation of the new technology at the end of the 1980s.

You learn more about Frame Relay in Part IV, "Frame Relay."

Frame Relay Standards

A specific feature of Frame Relay technology is the ability to use packet sizes that are greater than 1500 bytes, which are common in LAN environments. Some estimates show that the packet size can be up to 16 kilobytes, remembering that the embedded frame check sequence (FCS) can handle up to 4-kilobyte packets. (See Part IV for more information.)

Frame Relay combines the statistical multiplexing and port sharing of X.25 with the high-speed and low-delay characteristics of time-division multiplexing (TDM) circuit switching. X.25 is considered the predecessor of Frame Relay, but unlike X.25, Frame Relay eliminates the Layer-3 protocols of X.25 and concentrates the addressing and multiplexing in Layer 2. The architecture model is more compliant with the OSI model, where the second layer deals with frames but not with packets. And of course what's really going on to improve efficiency is removing the store and forward/error correction out of the picture (Layer 2), something that modern network technology has allowed. As a result, Frame Relay achieves 45 Mbps and it is available even in 155 Mbps service.

NOTE

Frame Relay and ISDN have common roots. Other derivatives of ISDN are Switched Multimegabit Digital Service (SMDS) with typical speeds of 155 Mbps, and Asynchronous Transfer Mode (ATM) with target rates of 622 Mbps. All fall under the category of B-ISDN services. Today, 10 Gbps (9953 Mbps) and 2.5 Gbps ATM links are available, and soon there will be a 40 Gbps capable interface.

Only a few Layer-2 functions, the so-called core aspects, are used in the most common PVC-based networks. These functions include checking for valid error-free frames, but not requesting retransmission if any error is found. Thus, many high-level protocol functions, such as sequencing, windowing, acknowledgments, and supervisory frames are not duplicated within a Frame Relay network. The omission of these functions dramatically increases the throughput because each frame requires much less processing time.

Benefits of Frame Relay

Enterprise remote access solutions are composed of a variety of components, including technology, hardware, software, standards, and architecture to provide Frame Relay services within the enterprise environment. Examples of these components include data, voice over Frame Relay, Frame Relay multicast, IP multicast, and compression.

Frame Relay technology poses fewer issues when covering longer distances for the remote user who is far from the central office (CO). The technology is fully compatible with T1/T3 carrier systems; however, existing distance limitations apply.

The ability to provision services from 56 kbps, or fractions of a T1 starting from 64 kbps, gives a sense of flexibility to the network designers. Although the ability to order 256-kbps and 384-kbps circuits is possible, the user requirements must be justified to warrant the additional cost because Frame Relay pricing depends on distance. The number of PVCs, the committed information rate (CIR), and port rate all factor into that final cost.

Limitations of Frame Relay

The pricing of Frame Relay services can range from $250 to over $1000 per month, and in many circumstances this does not justify the cost for providing such services to remote access users. When run over T1 circuits, it inherits the limitations of T1s because of repeaters placed in every mile.

VPN Services

VPN is not a new term in the computer and communication world. However, the new phase of VPN is due to new IP-based solutions and a set of protocols, such as L2TP, Point-to-Point Tunneling Protocol (PPTP), and IPSec. The new VPN technology can be thought of as a wire in the cloud, which changes the way enterprises approach remote access challenges. Generally speaking, the most common challenges are as follows:

• A fast growing number of mobile computing devices, demanding ubiquitous access

• A growing demand for home and branch office connectivity

• An emerging requirement to deploy extranets that support unpredictable relationships between enterprises and their business partners

VPN offers solutions for these dilemmas by providing immediate remote access to the corporate Intranet, and by taking advantage of the services provided by ISPs, application service providers (ASPs), and others.

You learn more about VPNs in Part V, "VPN."

Benefits of VPNs

In general, VPN solutions follow two basic models: service-provider dependant and service-provider independent. From a remote access perspective, both models are available, and of course, ISPs and telecommunication companies actively promote the first model. As for which model the enterprise should choose, the following considerations must be analyzed first:

• Expected (committed) performance

• Security requirements

• Network management and access control solutions

• Customer support and service-level agreements (SLAs)

• Billing requirements

• Cost

The expected cost reduction of migrating users from legacy remote access services such as ISDN, Frame Relay, and dialup to VPN can be at least 20 to 50 percent. Another driving factor here is unprecedented mobilitythe user with VPN software can establish a tunnel to corporate from many different locations. The demand for VPN solutions is what drives the industry toward more and faster last-mile solutions, such as faster xDSL and more flexible wireless solutions.

Limitations of VPNs

From a desktop perspective, several software products can interfere with the proper functioning of a VPN client solution. Software distribution and management becomes more critical for VPN client solutions than any other remote access medium. Hardware-based and IOS-based VPN clients are less susceptible to incompatibilities with other network applications, but they pose different sets of limitations. (See Part V for more details about this topic.)