VPN Service Vehicles

Cable Modem Services

Cable modem technology has been in the market for a long time, but the Internet generation has imposed new features on it. The technology uses cable, which has been used by cable TV operators to deliver TV services. The cable modem converts the digital signals over the cable into analog signals, and it also carries data packets on radio frequencies (RFs), which enables it to carry video streams. When the network includes a fiber segment, the systems are called hybrid systems. When the network consists of fiber and coaxial cable, it is called a hybrid fiber-coaxial (HFC) network. Cable networks use bandwidth much greater than 4-kHz narrowband and most systems operate at 1 GHz (broadband). These systems can perform full-duplex communications and add analog voice to the spectrum of services.

To deliver data services over a cable network, one television channel (of about 6 MHz) in the 50 to 750 MHz band is allocated for downstream traffic to remote users, and another channel (of about 6 MHz) in the 5 to 42 MHz band carries upstream signals to the host routers. A single downstream channel of 6 MHz can support up to 27 Mbps by using 64 quadrature amplitude modulation (QAM) transmission technology. Upstream channels can deliver 500 kbps to 10 Mbps from homes by using 16 QAM or quadrature phase-shift keying (QPSK) modulation technique.

Benefits of Cable Modem Services

The most significant benefit of cable is the enormous bandwidth that can be shared between many users. Active subscribers that are connected to a given cable network segment typically include 500 to 2000 homes on a modern HFC network. An individual cable subscriber can easily use bandwidth up to 10 Mbps downstream. FCC regulations have restricted the bandwidth to between 5 to 50 MHz for interactive services only.

Another advantage of cable modems that are based on coax cable is that most traditional copper -based network problems are eliminated. These problems include analog loops and coils, trunking capacity, and switching resources. The coax cable from a user 's home is aggregated in remote fiber units, and from there they can be terminated directly to the Internet routers in the cable TV headend equipment. If voice services are provided concurrently, only the voice traffic is directed to the PSTN networks. The best alternative is when the cable provider is also a LEC, and the voice switch is next to the cable router in the CO.

Another benefit is that the analog nature of the signals provide one type of signaling for all data, voice, and video services, which creates fewer signal transformations from type A-D and D-A, and improves the quality. The cable can connect to the user's LAN environment by using a standard 10Base-T Ethernet card, a Universal Serial Bus (USB) connection, or a transparent combination of them. Internal standard PCI modems are also available in the market. The integration of PC and TV in services such as Internet TV and PC-TV provide the convergence of voice, video, and data. The relatively inexpensive RF devices and the ability of service providers to easily transform the type of services they deliver is another advantage of cable.

Manufacturers can provide a wide range of services, available at the headend, which are based on modularity and service compatibility. The Cisco ubr7200 Series routers (www-search.cisco.com/pcgi-bin/search/public.pl?q=cable&searchselector=0&num=10) support cable telephony, streaming video, data services, VPN, telecommuting , and multiple dwelling units (high-speed integrated data, voice, and video services within apartment buildings and business complexes). Supported standards include all major standards such as Data-over-Cable Service Interface Specifications (DOCSIS) 1.0, EuroDOCSIS, and the upcoming DOCSIS 1.1 standard. Cable operators can choose the appropriate services and devices to optimize their capital investment with a single platform. A variety of radio frequency modem cards provide multiple downstream and upstream port densities over hybrid fiber-coaxial networks, and the fixed wireless card uses next-generation wireless technology to deliver the highest available data rates over obstructed links.

Cable technology for enterprise remote access using a fully outsourced model is possible but rarely used. Cable providers typically focus on the consumer market. The headend routers atypically are at the Internet provider's premises.

Limitations of Cable Modem Services

On the CPE side, most home-owned splitters and drop cables need to be re-installed because of the ingress noise that can cause serious performance degradations. The 5 to 42 or 5 to 50 MHz band is susceptible to interference from appliances such as refrigerators, vacuums, or other home devices that create concentrated radiation in this bandwidth, making it unusable. To address this situation, cable providers prefer to use filters, or normal PSTN modems to provide upstream communication. In turn , the latter solution creates problems when using a VPN over cable service.

Maybe the most serious drawback for cable technology is the lack of a committed rate and contention . Depending on the subscription and usage in a particular area, an overabundance of concurrent users who are using the same upstream direction creates congestion and over-use concerns. For enterprises , this creates a next to impossible situation for capacity planning, where consequently all planning and management of the available bandwidth cannot be handled successfully.

Cable technologies raise another concern about security. In a shared-media environment, the security design requires extra attention because transmissions can be intercepted within the neighborhood. However, VPN solutions are changing this situation by enabling the remote user to securely connect to the corporate network over VPN (refer to Figure 1-1). Instruct users to clearly understand the terms and conditions of their ISP contract because many providers are now restricting the use of IPSec-based solutions over their consumer grade services, which requires the user to upgrade to business-class service.

xDSL Services

Historically, the vast majority of residential copper lines were installed with the presumption of only carrying narrowband (4 kHz) voice signals. The access network consists of the local loops and associated equipment that connects the user's location to the CO. This network typically consists of cable bundles that carry thousands of twisted wire pairs to Feeder Distribution Interfaces (FDIs). FDIs are points where dedicated cable is extended out to the individual user's neighborhood. Some homes are located a long way from the CO and require a long local loop, which creates attenuation problems with the signals that must be corrected. LECs have three primary ways to deal with long loops:

• Use loading coils to modify the electrical characteristics of the local loop, which allows better quality voice frequency transmission over extended distances (typically greater than 18,000 feet). In this extended distance scenario, loading coils are placed every 6000 feet on the line.

• Set up remote termination points where the signals can be terminated at an intermediate point, and aggregated and backhauled to the CO where the switching equipment is located.

• Build a serving wire center (SWC) that does not have switching equipment, but does have the transmission equipment that connects to other central offices. The backhaul to the CO or SWC through T1/E1 circuits can be based on copper or fiber-based technologies.

Ironically, the same techniques later prevented high-speed features over the same copper circuits. Re-inspection of long loops is based on a technique called local loop qualification, which was created to significantly increase the bandwidth of available copper loops. The techniques that conduct loop qualification include the following:

• Accurately testing the length of the loop is important. Even if the loop does not contain shorts, opens, and bridged taps, the wire itself has loss. The longer the loop, the more loss, which affects the transmission rates. The transmission rate is in inverse relationship to the length of the loop, so it is imperative to know the length of the subscriber loop. The techniques are single-ended capacitive or resistance measurement (based on Ohm's law). Because the latter technique requires a short on the CPE, the preferred option is the tone measurement.

• Determining if loading coils are present is essential. Loading coils are in-line inductors, which are used as a low bandwidth filter to balance voice transmission. They are installed in all local loops longer than 18,000 feet. In many cases, they still exist and are DSL-killers because by balancing the line, they also reduce the available bandwidth.

• Detecting the presence of bridged taps is necessary. They are lengths of open wire that are connected in parallel with the loop. They can exist anywhere and can be part of unused pairs, loose pairs, or they can exist between the CO and the CPE.

• Testing for crosstalk is necessary. Long cables, power cables, or cables running side by side with other cabling systems are susceptible to crosstalk. This is because crosstalk-induced signals combine with signals that are intended for transmission over the copper wire loop. The result is a slightly different shaped waveform than was originally transmitted. Crosstalk can be categorized in one of two forms. Near-end crosstalk (NEXT) is the most significant because the high-energy signal from an adjacent system can induce relatively significant crosstalk into the primary signal. Far-end crosstalk (FEXT) is typically less of an issue because the far-end interfering signal is attenuated as it traverses the loop.

A standard device for evaluating the subscriber line is called a time domain reflectometer (TDR) , which can detect short and open circuits, loading coils, and bridged taps. The best way to visually analyze the quality of the loop is to use a spectrum analyzer, which provides a clear picture of the feasibility of using a particular loop for xDSL service.

These measures ensure that the typical local loop, which is well designed for low voice bands, can achieve a broader spectrum at 1000 kHz and higher. ADSL uses frequency-division multiplexing (FDM) or echo-cancellation techniques to divide the available bandwidth. In the case of FDM, if the band is 1000-kHz wide, it is divided into three bands: The lower end (0 to 20 kHz) is designated for POTS, the 25 to 200-kHz band is used for upstream transmission, and the last portion is used for downstream transmissions. Two guard bands at 5 kHz and 50 kHz separate them. In the case of echo cancellation, the 25 to 1000 kHz-band is designated for data communications and the upstream direction is part of the downstream band. Both techniques have advantages and disadvantages, but it is important to know that ADSL provides a range up to 5.5 km (18,000 feet), depending on the cable quality.

The following are brief descriptions of the established xDSL technologies, where one of the differentiators is symmetric (the same speed in both directions) and asymmetric (refer to Table 1-1).

IDSL

IDSL technology is the first DSL technology, based on the 2B1Q coding scheme (see Chapter 2), to bundle two 64-k channels and to use the D channel for data transfer, which yields 144 kbps. It runs over one pair of copper wires up to a maximum of 18,000 feet.

ADSL

This is an asymmetric type of broadband service, which usually uses different coding schemes to reach 18,000 feet. The Cisco 827 series ADSL router, for example, uses the following coding schemes:

• ANSI-DMT ANSI full rate mode

• Auto Auto detect mode

• ITU-DMT ITU full rate mode

• Splitterless G.lite mode

SDSL

SDSL is the best opportunity to reuse the existing one pair analog lines. The line is typically provisioned for 768 kbps. It is expected to be replaced by SHDSL.

RADSL

RADSL contains adaptive features. When lines are tested but do not behave in an expected way, the Discrete Multi-Tone (DMT)-based technology of RADSL is preferred.

CDSL

CDSL is a relative of RADSL and ADSL. It is more modest in terms of data rates, especially in the upstream direction. It is a no-splitter type of DSL, where the splitters and the extra wiring are not necessary. This differs from ADSL and RADSL, where splitters split the frequency bands and prevent interference between different frequency bands, which ultimately protects the standard 4-kHz voice frequency band from interference.

HDSL/HDSL2

HDSL is deployed over T1 in the U.S., and E1 in Europe. A combination with DMT is also available. The HDSL technology runs over 2 copper pairs, and HDSL2 runs over 1 copper pair. Both provide service if the user's home is closer than 15,000 feet from the CO.

VDSL

VDSL is the fastest of all DSL technologies, but has distance limitations of 4500 feet using copper pairs, and requires ATM over fiber for distances greater than 4500 feet.

Benefits of xDSL Services

From a remote access perspective, xDSL offers great data rates, a variety of services, and future integration with all available carriers in the market, including Frame Relay and ATM networks, T1/E1, and T3/E3- carriers .

Limitations of xDSL Services

The availability of xDSL, even in the U.S. market, is limited and the ability of ILECs to deliver xDSL service remains to be proven. Loop limitations are preventing existing copper pairs from running higher frequency data transmissions and, according to some sources, more than 700 to 800 thousand U.S. households experience these limitations with their DSL service. Some estimates show that, in any given LATA, more than 20 percent of local loops need to be reinspected. (See www.dsl.com.)

Wireless Broadband Services

Fixed wireless technologies are emerging wireless alternatives that offer high-speed broadband access for data services. The decision to deploy broadband wireless services, whether the choice includes Local Multipoint Distribution Service (LMDS), Multichannel Multipoint Distribution System (MMDS), or unlicensed spectrum systems, also depends on the availability of other broadband access solutions and the suitability of these solutions to customer bandwidth and service requirements. Broadband wireless offers a high-speed alternative for bridging the critical last mile between high-speed IP backbones and customers of high-speed data services.

MMDS

MMDS includes various services and bandwidths. Deployed in a point-to-multipoint topology, MMDS generally provides a maximum of 10 Mbps speeds per customer. MMDS signals generally carry 30 to 35 miles from the transmitter with single cell coverage of 2800 to 3800 square miles. The service comprises 33 channels, which are broken down in a way to provide different types of services. Twenty out of 33 channels are used for a component, called Instructional Television Fixed Service (ITFS), where the service provider maps the channels to the subscriber's CPE by transparent switching. In turn, the subscriber must be eligible for the service, and subscribe for a certain amount of hours of service.

The next 11 channels are assigned to MMDS and the remaining 2 channels to Multipoint Distribution System (MDS). The U.S. market primarily uses this technology, combined with cable, which is referred to as wireless cable. As for the international market, the demand is greater and growing faster for pure MMDS. Coax cable is the most expensive way of delivering TV signals. MMDS offers an alternative by delivering a complete package of services in the 2.5 to 2.7 GHz frequency range. It is important to install the antennas at the highest peaks in the area, to ensure maximum coverage. At the receiver side, the remote user uses a small antenna or parabolic reflector. The transformation of UHF and VHF signals to microwave and vice versa occurs on both the sender and receiver side.

Across the U.S., only a handful of operators have started to provide broadband services over a MMDS infrastructure. Recently, carriers such as Sprint, Verizon, and SBC have invested in these solutions and, as a result, the market and variety of services are expected to grow.

The Cisco uBR7246 Universal Broadband Router combines the functionality of the Cisco 7200 router and a headend wireless modem in one integrated platform. An end-to-end wireless architecture is also constructed to support residential locations. Cisco Aironet 350 Series wireless local-area products can be combined with a MMDS broadband wireless local loop to provide an end-to-end wireless architecture that supports high-speed Internet access for the consumer located in multidwelling units. Using this architecture, Cisco Aironet wireless products connect to broadband wireless enabled routers.

Cisco solutions also include a wireless line card (uBR-MCW-MDA), which fits in a 7223 or 7246 uBR or VXR router, and a MMDS transverter (SX11127A) with duplexor. CPE gear includes either a 2600 or 3600 family router for MxU, or a 950 family router for smaller SMB prospects. Wireless technology gives service providers an alternative last-mile access solution that complements more traditional broadband access technology offerings such as DSL and cable. Cisco MMDS-based solutions are part of the Architecture for Voice, Video and Integrated data (AVVID).

LMDS

On the horizon is LMDS, a multi-cell, point-to-multipoint wireless distribution system, which operates initially in the 27.5 to 29.5 GHz frequency band in the U.S., and the 24 to 40 GHz band overseas. Using a higher than MMDS frequency band, LMDS covers areas only 3 to 6 miles in diameter and can be deployed in asymmetric and symmetric configurations. Compared with two-way communications, LMDS has smaller coverage area, but it can provide faster data rates.

LMDS provides bandwidth in the OC-1 to OC-12 range, which is considerably greater than other wireless services. It is designed to provide the last mile from a carrier of data services to a large building or complex, where it is less costly to set up LMDS transceivers on rooftops than to dig up the ground to install optical fiber. Cells cover the area, and the technology can be considered cellular cable TV. The cell structure overcomes some of the line-of-sight issues of MMDS. Passive and active repeaters and passive reflectors cover the shadow areas. The adjacent cells use the same frequencies but with different polarization.

LDMS uses frequency modulation (FM), not the standard amplitude modulation (AM) that is typical for cable systems. FM provides higher quality, and combined with the cell structure, requires only a small six-inch square antenna for signal exchange.

Benefits of Wireless Broadband Services

From a remote access point of view, it is important to consider these technologies as a viable alternative to the existing environment. It is clear that the future belongs to wireless technologies. The current MMDS and LMDS solutions provide data rates of 40 to 54 Mbps downstream. If MMDS and LMDS are the future technologies for wireless, what future advancements should you expect? The price and innovation of these technologies are expected to play a major role in defining future remote access solutions.

Limitations of Wireless Broadband Services

Both technologies are focused in urban areas where population concentrations are high. They also inherit the limitations of line-of-sight technologies, which results in limited availability.

Scalability of this service is not easy. It depends on the density of the population in the area and their willingness to subscribe to a new technology that traditionally offers one-way (downstream) data delivery, with a voice option still not available.

Using VPN over MMDS and LMDS should not create any issues because the technologies do not have any impact on the third-layer protocols and they create a transparent environment for IPSec-based solutions. (See www.sprintbroadbanddirect.com/.) However, the increased latency (many times more than in a wired network) creates some issues when used for time-sensitive applications, including interactive, terminal-based designs, Voice over IP, and multicast. Also, security and QoS/contention issues associated with cable are also present with wireless.

Unlicensed Frequencies

Based on wireless LAN equipment, unlicensed point-to-point radios capable of 100 Mbps throughputs currently exist. At these speeds, however, distance limitations are great. Twenty-mile links are currently possible with unlicensed spectrum radios on a point-to-point basis. Time and cost savings, in the absence of licensing, favor the use of these frequencies. However, the possibility of signal interference and various technical limitations make these systems less appealing. Unlicensed spectrum radios have been deployed (approximately 200 deployments) by ISPs in the US in rural areas, where broadband service might be otherwise unavailable. The Cisco WT-2750 system operates not only at MMDS, but Unlicensed National Information Infrastructure (U-NII) bands as well. The Cisco WT-2710 system operates in the U-NII band only. U-NII provides both point-to-point (up to 20 miles) and point-to-multipoint solutions (up to 7 miles), and operates in the 5.7 GHz band.

Satellite Services

Direct Broadband Satellite (DBS) is a typical service for satellite communications. The system is capable of delivering downstream data at a rate of 23 Mbps by using one-way communication. All solutions are based on MPEG I Layer II audio encoding and use extensive compression methods . The upstream directions in early deployment for data were based on PSTN-wired modems, which was not a successful solution, especially combined with VPN technology. The most common speed offering is 400 kbps to 1 Mbps for a single user (www.directpc.com), or 400 kbps to 1 Mbps downstream and 64 to 128 kbps upstream (www. starband .com). The satellites are in geosynchronous earth orbit (GEO) and evidently for remote access purposes, there are latency issues. From measurements taken of the latter provider's service, a latency of 0.7 seconds for one-way is typical.

Reliability and latency are factors that concern most satellite providers. Most of today's satellite systems are reliable; however, satellite links also suffer a 1 to 2 percent packet loss. (See www.internettrafficreport.com/.) The satellite round-trip time (RTT) is 540 ms and the terrestrial side is about 150 ms; thus, the total RTT for the TCP connection is about 700 ms.

 ... XXX.78.249.254 (misc-XXX-78-249-254.pool.starband.net)     Partial loss:     12 / 138 (  8%)  Partial char:     rtt =  813.546203 ms  , (b = 0.189682 ms/B), r2 = 0.149781                       stddev rtt = 99.374317, stddev b = 0.070578     Partial queueing: avg = 0.369341 ms (133278 bytes)     Hop char:         rtt = 739.066865 ms, bw = 42.346064 kbps     Hop queueing:     avg = 0.362248 ms (1917 bytes) 

Measurements show that regardless of the latency and reliability factors, the service can achieve speeds in the range of 500 kbps to 1 Mbps download, and approximately 128 kbps upload. The solution, implemented by StarBand, is based on an upper-layer solution called Internet Page Accelerator (IPA). In terms of the client/server technology, the Remote Page Accelerator (RPA) client is installed on the computer and connects to the satellite modem. The server side is located in the Network Operations Center (NOC), and is called the Host Page Accelerator (HPA). Together, these two individual units make up the IPA (see Figure 1-2). (See www.starband.com.)

A possible solution for acceleration of the performance characteristics is based on Flash Networks' proprietary protocol, called Boosted Session Transport (BST) and its product line NettGain. NettGain products are implemented by organizations such as StarBand, VSAT, NASA, and SAT-TEL.

The BST protocol is a TCP-like reliable protocol that replaces TCP over the path where performance optimization is needed. TCP packets from a source location are transformed from TCP to BST and sent to the destination. There they are transformed back into TCP and sent to the originally intended target. NettGain manages both BST and TCP flow control and data queues to allow a full protocol conversion.

Another possible solution is the Cisco Content Engine 500 Series. Different techniques are combined in Cisco Application and Content Networking Software, which offer more complex solutions and allow certain content to be boosted and achieve better throughput times in high-latency networks. (See www.cisco.com/univercd/cc/td/doc/product/webscale/content/ce500/index.htm.)

The accelerators are not always compatible with IPSec-based VPNs because the Integrity Check Value (ICV) is calculated based on the immutable fields of the TCP/IP stack. A satisfactory resolution is not available so far and research continues.

Satellite-based solutions with IPSsec VPN have proven to be a good solution for applications such as web browsing, e- mails , and data transfer. If used for time-sensitive applications, such as VoIP or interactive client/server applications, they are not the best remote access solution. Cost is another concern when this solution is chosen for remote access services because of higher hardware cost.

The next generation of low earth orbit satellites (LEO), driven by companies such as Hughes Communications, CyberStar and Motorola, are designed to reduce latency issues, but not to replace the GEO satellites.

Another alternative satellite solution is described in Chapter 2 in the section, "Modulation and Line-Coding Techniques in Hybrid Networks."