BEGINNER LEVEL

History of Computer Networks

The Beginning

Computer networking is a very recent phenomenon. Although computer networks have been in use for about 30 years, their impact on our daily life and work increased dramatically in the late 1980s and early 1990s with the integration of desktop systems. In the 1960s the development of mainframes and minicomputers created a technological explosion of ideas concerning the way computers were to be used. Engineers and researchers started developing new applications and techniques for using computers, including the possibility of having computers communicate directly with each other directly over telephone lines. In the early 1970s new technology to connect computer systems was developed which proved that computer systems could be linked together effectively, using long distance communications media. As technology progressed, several different approaches emerged, each driven by different assumptions and goals. Some approaches primarily addressed the need to connect terminals to central concentrations of computers or mainframes, while others focused on a flexible interconnection of computers. Due to the increasing complexity and importance of computer networks, computer manufacturers began developing comprehensive network architectures. Examples of such network architectures are IBMs SNA (Systems Network Architecture), DECs DNA (Digital Network Architecture) and TCP/IP.

1970 - 1990

In the late 1970s and early 1980s, the emergence of several new technologies made the concept of networking both an opportunity and a requirement. The introduction of new local area networking (LAN) and wide area networking (WAN)

technologies made the communication between computer systems simpler, faster and more cost-effective. Typical examples for such WAN and LAN technologies are X.25, Ethernet and Token Ring. During the early 1980s another new concept was introduced: desktop systems and personal computing. With desktop hardware and software becoming cheaper and at the same time more powerful, it became necessary to develop possibilities to integrate these systems into the traditional computing environment. In the mid 1980s the first "real" networking solutions for desktop systems appeared on the market. At that time these networks were targeted strictly to homogeneous (single vendor) environments. Typical examples of such networks are the early versions of AppleTalk (just for Apple computer systems) and Novell NetWare (just for IBM PCs and compatibles). These early networks for desktop systems have several principles in common. First of all they are mainly based on LAN technology, and second they are typically based on the client-server type of computing. The client-server type of computing permits the desktop system to act as a client in requesting services from other computer systems (servers) across the network.

1990 - Today

During the 1980s and the early 1990s the trend was clearly to incorporate other systems and architectures into what were formerly homogeneous networks. Novell for example, incorporated networking technology into NetWare that allows Apple Macintosh computers to take part in a Novell NetWare network. Many vendors of computer systems also started to offer protocols like TCP/IP to allow connectivity between systems. The last 10 years brought a lot more consolidation and standardization in regards of networking hardware and protocols with the Internet becoming the by far largest open WAN infrastructure and TCP/IP as the networking protocol of choice to interconnect computer systems. Also in regards of LAN technology there has been a visible trend towards the simpler and cost effective Ethernet infrastructures, where the demand for more bandwidth led to the development to Fast Ethernet and Gigabit Ethernet technology.

Terminology and Concepts

Terms and Definitions

There are a number of basic networking terms and concepts that form the basis of the theory of computer networks:

LAN (Local Area Network), WAN (Wide Area Network) Nodes and node addresses Packets (or frames) Different communication media and technologies Internetworking

A general problem when dealing with networking" in general is the existence of many different networking solutions, technologies, products and concepts. In order to be able to position and compare these different alternatives, it is important to have a basis with which to relate. One way to achieve this is to analyse the overall structure, or in networking terms, the network topology. An other way of understanding and describing different networking solutions is to introduce the very abstract concept of network architectures". The so called OSI-Model (or OSI architecture) is typically used as the reference model to describe and compare different networking architectures. Other attempts to describe and explain networking concepts focus on implementation and functional principles and divide networking solutions into client-server or peer-to-peer solutions.

Packet or Frames

Data being sent between computer systems is broken down into smaller pieces called packets or frames. The specific structure and content of these packets very much depends on the communication technology. In general there is information needed in addition to the to be communicated data to ensure proper delivery of that data. This additional information typically consists of the sender and the receiver address, protocol specific parameters and data that ensures data integrity. Ethernet packets or frames for example are composed of three sections:

Packet header - contains information like sending and receiving station and protocol type Payload or data section - holds the to be transmitted data Trailer - contains status information about the packet and error checking information

Network. Architecture / OSI Model

Fundamentals

Already in the early days of networking it became clear that due to the complexity of inter-connecting computers and the steadily changing and improving technology, computer networks would have to be designed in a highly structured way. This overall structure is what we call a network architecture. Definition: A network architecture specifies common communication mechanisms and interfaces that computer systems of different types must adhere to, when passing data between systems. Network architectures are neccessary for several reasons:

Communication technolgy is continuously changing A broad variety of operating systems, communication devices and computer hardware exists Network management, error recording and maintenance become simpler tasks when standardized Networks need to be adaptable to different communication situations and requirements

To reduce the complexity of their design, most network architectures are built as a set of layers with each layer performing a different function - this means each layer has a specific set of tasks that it has to accomplish.The function of the different layers, their names, and the actual number of layers differ among the network architectures. One reason is that computer networks from different vendors have been designed to solve their specific communication needs. Other attempts to describe and explain networking concepts focus on implementation and functional principles and divide networking solutions into client-server or peer-to-peer solutions.

The OSI Reference Model

The Open Systems Interconnection (OSI) model is the basis for a set of international communication standards established by the International Standards Organization (ISO). The OSI Model is an internationally accepted framework of standards for communication between computer systems. The OSI model will help us to get a basic understanding of how network architectures are structured, and will be used as a reference for comparing different architectures. There are two important aspects to be understood about the layers of the OSI model: Each layer communicates with its peer on another node using a specific protocol - and - each layer represents a defined set of services to the layer above it. Within the OSI model there are seven defined layers:

Layer Layer Layer Layer Layer Layer Layer

7 6 5 4 3 2 1

Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer

Networking Protocols

A protocol is simply a set of rules for communicating. This set of rules determines how data is transmitted in a network, such as:

How the data will be transmitted

Size of the packet Error control Recovery procedures

Within a layered network architecture, every layer uses its own specific set of protocols. This is done by adding some control information (header, trailer) to the actual user data. To understand how different protocols at different layers in our network architecture work it is best to look at similar principles when people communicate with each other. A good example is the communication between two people by phone. Certain layers or levels" of the communication must use certain protocols to work properly:

Telephone line (communication media) Language Syntax Context Conventions of telephone conversations, i.e. only one person talks at a time

The Seven OSI Model Layers

The Physical Layer is concerned with the mechanical and electrical (optical, ...) transmissions of signals between computer systems. Physical layer standards control such matters as connector specification, modulation, encoding techniques. The Data Link Layer establishes a communication path over the physical channel, manages access to the communications channel, and ensures the proper transmission of data at this level. The Network Layer has as its most critical function with the allocation and interpretation of network addresses. The Network Layer sets up the path between communicating nodes, routes messages through intervening nodes to their destination, and controls the flow of messages between nodes. The Transport Layer provides end-to-end control of a communication session once the path has been established. This layer allows processes to exchange data reliably and sequentially independent of the systems which are communicating, or their location in the network. Session Layer is concerned with dialogue management. It establishes and controls system dependant aspects of communications sessions. The Presentation Layer masks out the variation in data formats between systems from different vendors. This layer works by transferring data in a system-independent way, performing appr. conversions within each system. The Application Layer provides services that directly support user and application tasks such as file transfer, remote file access and mail.

Network Topologies
Introduction

Mesh (point-to-point) Multipoint Star Ring (Loop) Bus

A computer network can be configured in an almost endless variety of ways. The particular user requirements and chosen media are the most important factors in determining the shape" of a network. Despite the variety among networks, there are general categories of network shapes, called topologies. The Topologies are helpful when discussing or comparing various networks and their design goals.

Mesh Topology

The simplest network structure is based on point-to-point connections. A point-to-point link connects two (and only two) nodes without passing through an intermediate node. A mesh topology is built of just point-to-point links.

Multipoint Topology

In a multipoint configuration, several remote nodes share the same physical link. One node is designated as the control node which asks the other nodes in turn (polling) to send data.

Star Topology

In a star, or centralized network, all nodes communicate via a central node that controls the network. All data flows toward or outward from this central device, node or computer

Ring Topology

In a ring topology the nodes are arranged to form an unbroken circular configuration. Transmitted messages travel from node to node around the ring.

Bus Topology

The bus topology works to some extent in the same way as a multipoint network - a single communication media which is shared by a number of nodes. However, in the event of node failures, network operation will continue due to the passive role nodes play in transmissions on the bus. There is no single device or node controlling or prioritising the transmissions.

Peer-to-Peer vs. Clients-Server

Peer-to-Peer Networking

In peer-to-peer networks users share information between each other in a de-centralized way. Individuasl systems have all necessary capabilities. Typical advantages of peer-to-peer networks are:

Easy to install Inexpensive No dedicated server - no single point of failure

Typical disadvantages are:

Difficult to manage Limited security Reduced performance as the number of users increases

Client-Server Networking

In client-server networks users access and share information in a centralized way. Servers and clients have very different capabilities.The asymmetric implementation of functions allow simple less overhead end user applications while concentrating advanced functions in the servers. Typical advantages of client-server networks are:

Easy to manage Easy to maintain, backup Good performance Security measures are easily implemented

Typical disadvantages are:

Dedicated server - single point of failure Management necessary

Introduction
The first two OSI Layers
9

The lowest two layers of the OSI model are not always easy to separate when it comes to group them into LAN and WAN standards. Most importantly the first two layers build the basis for all protocols of the higher layers by specifying what kind of language" is used on what type of media. Many different types of transmission media and access protocols have been and are used in computer networks, ranging from two wire cables to satellite links. Each transmission media uses specially designed protocols that specify how it is to be accessed

WAN Protocols

In the early days of data communication computer networks were built upon point-to-point connections (serial lines). Because of the bad quality of the media that were available at that time (i.e. telephone lines) WAN protocols like HDLC and DDCMP were designed to ensure sequencing and integrity of data in the event of transmission errors. The need for more reliable WAN connections then lead to the development and implementation of packet switching networks such as X.25, Frame Relay and ISDN. Many of the WAN standards and specifications are older than the OSI reference model wich makes it often difficult to precisely assign them to a specific OSI model layer. The grouping is relatively easy when it comes to standards and specifications like V.35, RS232, X.21 that describe interfaces and signalling which clearly is OSI Physical Layer related. The same is true for Data Link protocols like PPP, PPPoE or DDCMP these standards and specifications fulfill exactly the functions described in the OSI Data Link Layer. A clear decision of whether protocols like ISDN, X.25 or Frame Relay should be seen as pure Data Link protocols is somehow difficult. These standards and specifications include many functions, interface descriptions, etc. that could be seen as OSI model layer 1 (for example ISDN signalling) or even OSI model layer 3 (for example addressing and forwarding of packets in X.25, ISDN) related.

LAN Protocols - IEEE 802.x

10

In the last 25 years the work place has been filled more and more with increasingly intelligent machines such as personal computers, workstations, scanners, plotters, printers, and so on. These machines assist in carrying out the day to day tasks and communications; therefore there has been an increasing need to interconnect these separate machines within a limited area. This has led to the development of what we call Local Area Networks (LAN). Typical characteristics of LANs are:

Limited to a small area (i.e. building, factory, campus) High bandwidth compared to WANs Relatively low cost for high bandwidth Usually owned by the user (company)

Due to the fact that lots of different devices and applications from different vendors should be able to access the same media, standardization within the LAN environment was, and is, a crucial issue. Most of the widely used LAN technologies are either part of the ANSI / IEEE 802.x standards or are tightly related to ensure compatibility and easy integration of different LANs. Examples for such protocols are:

IEEE 802.3 (Ethernet) IEEE 802.5 (Token Ring) IEEE 802.11 (Wireless LAN) FDDI

11

Transmission Media Types

Transmission media are the physical paths over which information flows from sender to receiver. Transmission refers to the method of carrying data from one place to another. In computer networks a broad range of different media is used, from simple two wire cables to radio or microwaves. There are three main media types used in LANs:

Coaxial cable (ARCNet, Ethernet) Shielded / unshielded twisted pair cable (ARCNet, Ethernet, Fast Ethernet, Token Ring, FDDI/CDDI) Fibre optic cable (Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI)

Ethernet / IEEE 802.3

The ALOHA Network

The idea of Ethernet grew out of the packet radio broadcast network, known as the ALOHA network. This system, designed in the early 1970s for the University of Hawaii, used a distributed radio transmission network. The special thing about ALOHA is the fact that it did not use FDM (Frequency Division Multiplexing) which is used by conventional broadcast systems to give each site its own share of the communication bandwidth. Instead it uses a special contention scheme in which a node simply transmits on the single channel when it needs to. If one node is already transmitting, or starts to transmit, while an other node is also beginning to transmit, a collision" occurs.These collisions can be detected and retransmits can be initiated.

12

In approximately 1976 the Xerox PARC experimental Ethernet was developed, in which the techniques used for ALOHA were improved and applied to a coaxial cable medium. In 1980, a new version was introduced in a specification document published jointly by Digital Equipment, Intel and Xerox. This specification, called DIX-Ethernet became then quickly a de facto industry standard. The DIX-Ethernet was later adopted with minor changes and enhancements in the IEEE 802 local area networks standards committee and became the IEEE 802.3 (CSMA/CD) standard.

Ethernet / IEEE 802.3

History
1973 Xerox develops Ethernet, named after the "luminiferous ether", a medium once thought to fill all space and control the transmission of electromagnetic waves (operated at 2 Mbps) 1980 - First formal specifications created in a joint effort by Digital, Intel and Xerox named DIX Ethernet (operated at 10 Mbps) 1985 IEEE modifies DIX and creates 802.3 standard 1995 IEEE creates 802.3u standard for Fast Ethernet 1998 IEEE creates 802.3z standard for Gigabit Ethernet 2002 - IEEE releases the 802.3ae standard for 10 Gigabit Ethernet

Topologies / Transm. Medias

Ethernet not only has evolved over time to deliver more and more bandwidth but also to support a broad variety of transmission media. Some of the implementations are listed below:

10Base5, or (DIX) Ethernet, Thickwire 10Base2, or Thinwire, Cheapernet 10BaseT, or Twisted-pair Ethernet 10Broad36, or Broadband Ethernet 100BaseT, or Fast Ethernet (twisted-pair cables) 1000BaseT, or Gigabit Ethernet (twisted-pair cables)

Connector Types

Connectors typically found in Ethernet installations:

13

AUI (Attachment Unit Interface) used to connect to external transceivers BNC RJ45 SC, ST, VF45, MTRJ

An Ethernet transceiver is a device that transmits and receives information to and from the wire. When you plug into an RJ45, BNC or Fiber port on a NIC, you are connecting to a transceiver. Transceivers are also available as an external device that attach to the AUI port of the network computer.

CSMA/CD

Although there are minor differences between (DIX) Ethernet and IEEE 802.3, both use the same basic scheme, called CSMA/CD to control the access to the communication channel.

CSMA/CD is an abbreviation for: CS - Carrier Sense. The node constantly monitors the cable to see if there is any activity on the Ethernet. If some other node is already transmitting, then the node waits (defers its transmission) until the other node has finished transmitting. MA - Multiple Access. Any station connected to the Ethernet can transmit as soon as it is free. This means all nodes have equal access to the communication channel CD - Collision Detection. Most of the time the carrier sense works well, however on occasion, two nodes might start transmitting at the same time. In this case, they both interfere with each others signals and generate a collision. When a collision is detected, the transmission is aborted and started again at a random time.

Configuration Rules

In order to ensure that all nodes, including the one that is transmitting, are able to detect a collision on the channel, packets must be of a certain minimum length. The minimum time a node has to send (minimum packet length) is called slot time, which is slightly greater than the round trip propagation delay between two furthest points in the network. This is the reason why it is this important to follow the configuration rules to be found in the IEEE 802.3 specifications. The configuration rules are based on a worst case" calculation which takes all components causing propagation delays into account. Violation of configuration rules can have severe effects on performance and stability of the Ethernet network.

14

Round Trip Prop. Delay

The Ethernet configuration rules are based on a worst case" calculation which takes all components causing propagation delays into account. The above calculation is from the early Ethernet V2.0 spec and is only meant to visualize the calculation.

Ethernet Collision Domain

Ethernet bandwidth is 10Mbps. In an environment using only hubs, the entire network is on a single collision domain. As a consequence of this all users are sharing the 10Mbps bandwidth. As more users connect to the LAN, the number of collisions in the domain rises, and the bandwidth available per user is reduced. This mechanism is called contention. It is also important to remember that an Ethernet collision domain is limited in "size" because of CSMA/CD and therefore Ethernet configuration rules have to be followed precisely.

15

Typical Ethernet Activity

Ethernet uses CSMA/CD a contention protocol that resolves a collision after it occurs. It executes the collision resolution protocol after each collision. A sending node on the Ethernet attempts to avoid contention with other traffic on the channel by monitoring the carrier sense signal and deferring to passing traffic. When the traffic is clear, the frame transmission is started(after a brief interframe delay). At the receiving station, the arriving frame is detected, synchronizes with the incoming preamble. The frame's destination address field is checked to decide whether the frame should be received by the station. If yes the contents of the frame is passed to the next higher layer. If multiple stations attempt to transmit at the same time, it is possible that they interfere with each other's transmissions, in spite of their attempts to avoid this by deferring. When two station's transmissions overlap, the resulting contention is called a collisison. As soon as a collision is detected the transmission is stopped and attempted after a short delay again. Minimum time a host must transmit for before it can be sure that no other host's packet has collided with its transmission is called contention slot. Typical Ethernet activity therefore shows between the ransmission periods, idle periods (where no transmission is attempted) and contention periods.

Ethernet Addressing

Node addressing provides a means of uniquely identifying each node connected to the local area network. An Ethernet address is 48 bits in length. It is represented by six pairs of hexadecimal digits. For example: F0-2E-25-6C77-3B These digit pairs are typically separated by single hyphens. The order of transmission on the Ethernet is from the leftmost octet to the rightmost octet. The order of bits within the octets is from the least significant bit of the rightmost digit to the most significant bit of the leftmost digit. Normally, one address is permanently associated with each interface. This means that each Ethernet device is manufactured with an unique address stored in ROM. This individual address is called the Hardware Address.

16

These (globally administered) unique addresses are allocated in address blocks to organizations in a centralized manner. SMC for example has the following ranges of addresses (and others) assigned to it:

00-80-0F-xx-xx-xx 00-E0-29-xx-xx-xx

There are specific types of addresses that are essential for some of the higher layer protocols:

Multicast Address - a multi-destination address ( for one or more nodes) Broadcast Address - a single Multicast address intended for all nodes

MAC - Media Access Control

Due to the fact that IEEE did introduce some changes to the original Ethernet V2.0 specification, we know today two slightly different Ethernet MAC frames. The MAC Protocol adds address information to the packet, and checks to see that the packet arrives intact. For this purpose the vendor's hardware address (3 bytes) from the NIC is read. This information is used to create a 6 byte MAC Address. To transmit a packet, the source MAC Address and the destination MAC Address are added to the packet, creating a new packet. This process is called encapsulation. In addition to adding address information, the MAC Protocol also adds: A 2 byte field. In Ethernet V2.0 it contains frame type information that tells the OS what protocol is being used (IP, IPX, etc.) In IEEE 802.3 these 2 bytes specify the length of the data field in bytes. A 4 byte CRC (Cyclic Redundancy Check) field that is used to check for errors in the received data

Once the packet is encapsulated, it is send out on the "wire". As the packet passes by a computer attached to the LAN, the NIC in that computer checks the packet's destination address. If the packet is addressed to that NIC, the driver copies the packet and the OS decodes the packet and delivers the data to the appropriate application

Fast Ethernet
Introduction

Fast Ethernet transmits at 10 times the speed of Ethernet and as with Ethernet, signal loses strength and coherence as it travels the wire. The developers of Fast Ethernet had to ensure compatibility at the frame level with Ethernet. CSMA/CD relies on a minimum time that every station on the network is sending a frame. This is guaranteed by the minimum packet length. The speed of transmission can therefore be increased by decreasing the signals worst

17

case round trip delay. This means reducing also the maximum allowed distance between any two stations in the network. As a result the maximum allowed distance between any two stations with Fast Ethernet (copper) is only 205m compared to 2.5km with Ethernet.

Physical Layer

The Physical Layer of Fast Ethernet uses a mixture of proven technologies from the original Ethernet and the ANSI FDDI Specification. The physical media types are defined in 802.3u. Fast Ethernet works with category 3,4 and 5 unshielded twisted pair (UTP), type-1 shielded twisted pair (STP), and fiberoptic cables.

The MII provides a media-independent interface and performs the same function in Fast Ethernet as the AUI in 10 Mbps Ethernet. The Fast Ethernet standard also offers a media-independent interface. This interface is called MII (Media Independent Interface) and performs the same function in Fast Ethernet as the AUI in 10Mbps Ethernet.

Gigabit Ethernet
Introduction

Gigabit Ethernet transmits at 100 times the speed of Ethernet. The developers of Gigabit Ethernet had to ensure compatibility at the frame level with Ethernet and Fast Ethernet. This and the requirement to support still transmission distances that are acceptable results not only in the use of switching technology but also in changed layer one operation. The use of Gigabit Ethernet switches instead of repeaters also means that there are hardly any configuration rules besides max cable length to be followed.

18

Physical Layer

The Physical Layer of Gigabit Ethernet uses a mixture of proven technologies from the original Ethernet and the ANSI X3T11 Fibre Channel Specification. The physical media types are defined in 802.3z (1000Base-X) and 802.3ab (1000Base-T). The 1000Base-X standard is based on the Fibre Channel Physical Layer. Fibre Channel is an interconnection technology for connecting workstations, supercomputers, storage devices and peripherals. Three types of media are include in the 1000Base-X standard:

1000Base-SX 850 nm laser on multi mode fiber. 1000Base-LX 1300 nm laser on single mode and multi mode fiber. 1000Base-CX Short haul copper "twinax" STP cable

1000Base-T is a standard for Gigabit Ethernet that utilizes long haul copper UTP. Up to 100m over 4 pairs of Category 5 UTP are possible. Some Gigabit Ethernet switching devices offer a modular standardized media interface called GBIC. The Gigabit interface converter (GBIC) allows the network administrator to configure each gigabit port on a port-by-port basis for short-wave (SX), long-wave (LX), long-haul (LH), and copper physical interfaces (CX). Media Access Control / Frame Format

The developers of Gigabit Ethernet had to ensure compatibility at the frame level with Ethernet. The general structure of a Gigabit Ethernet frame and a 10Mbps or 100Mbps Ethernet frame are identical. Todays Gigabit Ethernet networks are nearly entirely implemented using switched full-duplex connections. But due to the fact that also Gigabit Ethernet was designed to work in (half duplex) shared media implementations the developers of the standard had to ensure that the sending station still can sense collisions.CSMA/CD relies on a minimum time that every station on the network is sending a frame. In Ethernet and Fast Ethernet this is guaranteed by the minimum packet length. Because of the speed of transmission with Gigabit Ethernet this would result in a maximum allowed distance between any two stations of only about 10m. In order to overcome this severe length limitation in Gigabit Ethernet the frame length has to be artificially increased by appending an extension field at the end of the frame, right after the frame check sequence (FCS). To minimize the waste of

19

bandwidth introduced with the extension field, the Gigabit Ethernet standard allows the sending station to send a sequence of frames (frame bursting) for a pre defined period of time.

10 Gigabit Ethernet
Introduction

10 Gigabit Ethernet (10GBASE-T) as standardized in IEEE 802.3an, is a telecommunication technology that offers data speeds up to 10 billion bits per second - or - 1000 times the speed of Ethernet. Built on the Ethernet technology used in most of today's LANs, 10-Gigabit Ethernet offers a more efficient and less expensive alternative for backbone connections while also providing a consistent technology end-to-end. 10 Gigabit Ethernet uses the familiar IEEE 802.3 Ethernet media access control (MAC) protocol and its frame format and size. Additionally, this standard is moving away from half-duplex design, with broadcasting to all nodes, towards only supporting switched full-duplex networks. Unlike earlier Ethernet systems, 10-Gigabit Ethernet is mainly based on the use of optical fiber connections. However, the IEEE is working on a standard for 10-Gigabit Ethernet over Cat-6 or Cat-7 twisted pair cable.

IEEE 802.3ae Physical Layer

The IEEE 802.3ae* standard describes a physical layer that supports specific link distances for fiber-optic media. To meet the distance objectives, four PMDs (physical-media-dependent devices) were selected:

1310nm serial 1550nm serial 850nm serial 1310nm WWDM (wide-wave division multiplexing)

There are two types of optical fiber, multimode and singlemode fiber, that are currently used in data networking and telecommunications applications. The IEEE 802.3ae* standard, supports both optical fiber types. However, the distances supported vary based on the type of fiber and wavelength (nm) is implemented in the application.

20

IEEE 802.3* has formed two study groups to investigate 10 Gigabit Ethernet over copper cabling. The 10GBASE-CX4 group is working on a standard for transmitting and receiving via a 4-pair twinax- cable. The 10GBASE-T group is working on a standard for the transmission and reception of 10 Gigabit Ethernet via a Category 5 unshielded twisted pair (UTP) copper cable up to 100 m.

Media Types
The 10 Gigabit Ethernet standard includes several different media types, that are currently specified by a supplementary standard, IEEE 802.3ae:

10GBASE-SR (short range) 10GBASE-CX4 (Copper interface) 10GBASE-LX4 10GBASE-LR (long range) 10GBASE-ER (extended range) 10GBASE-LRM 10GBASE-SW 10GBASE-LW 10GBASE-EW 10GBASE-LR 10GBASE-ER

10GBASE-SR ("short range") is designed to cover short distances using existing multi-mode fiber cabling. It has a range of between 26m and 8 m depending on the used cable type. With a new developed multi-mode fiber distances with up to 300m are possible. 10GBASE-CX4 describes a copper interface using twinax-cable ( InfiniBand) for short-reach (15 m maximum) applications. 10GBASE-LX4 uses wavelength division multiplexing to support ranges of between 240m and 300m over multi-mode cabling and also supports distances of up to 10km over single-mode fiber. 10GBASE-LR (long range) and 10GBASE-ER (extended range) are standards that allow distances of up to 10 km and 40km respectively over single-mode fiber. 10GBASE-LRM describes 10 Gbps on FDDI-grade 62.5 m multi-mode cable. 10GBASE-SW, 10GBASE-LW and 10GBASE-EW use the WAN PHY, designed to interoperate with OC-192/STM-64 SONET/SDH equipment. They relate at the physical layer to 10GBASE-SR. 10GBASE-LR and 10GBASE-ER respectively, and therefore use the same types of fiber and support the same distances.

Wireless Networks

Applications

Alternative and/or extension of wired infrastructures Simple integration into existing networking infrastructures Solutions for environments and applications where conventional wired infrastructures are not feasible:

Temporary networks

21

Architectural reasons (building codes, protection of-histhistoric buildings, ) Mobile applications Flexible networking solutions Interconnecting LANs

Quite often communication infrastructures based on standard wiring schemes are not feasible because of cost or technical reasons. In this case wireless products offer flexible alternatives to wired network solutions. Wireless technology also provides excellent solutions where there is a need for temporary networking installations. In many cases where more traditional communication solution cannot be envisioned with conventional wired technologies, wireless technology makes the seemingly impossible quite feasible, easy to implement, and cost effective. Implementing wired infrastructures into existing building structures can present complex problems. Building codes or city ordinances that seek to protect historic buildings from any structural damage can create severe costs and technical problems for the network designer implementing wired technologies.

Overview Technologies
In general we can separate the different wireless technologies into the following categories:

WPAN (Wireless Personal Area Networking) Bluetooth / IEEE 802.15.1 IEEE 802.15.3 WLAN (Wireless Local Area Networking) IEEE 802.11a/b/g WMAN (Wireless Metropolitan Area Networking) WiMAX / IEEE 802.16 WWAN (Wireless Wide Area Networking) GPRS UMTS GSM

Today different wireless(mostly RF) technologies have been developed or are under development to address a broad range of wireless communication applications and scenarios. The requirements for these applications are mainly based on a varitey of variables including the needed bandwith, the distances that have to be covered, the geographic reach, power consumption and the kind of services offered. In general we can separate the different wireless technologies into the following categories: Each categoriy shows one (or more) corresponding wireless technologies that solve the specific communication issues of that category or application. Although overlaps (WPAN/WLAN, WLAN/WMAN) exist, the deployed technologies are extremely different and supplement each other to a very high degree.

Overview Scenarios

WPAN (Wireless Personal Area Netwrking) technologies like Bluetooth / / IEEE 802.15 solve connectivity problems between devices and systems in a very limited geographical area. Typical network coverage in the WPAN is up to 10m, the data transfer rates depend on the standards emplyed. Applications are for example the synchronisation of data and file transfers between PDAs, laptops and mobile phones but also the wireless

22

connection of peripherals and devices like head sets, printers, etc. WLAN (Wireless Local Area Networking) applications typically solve wireless data communication problems in an building, enterprize or campus environment. The dominant technology used is absed on the IEEE 802.11 standards. WMAN (Wireless Metropolitan Area Networking) infrastructures are designed to overcome "last mile" access issues by providing wireless connectivity in an metropolitan environment. Example for an emerging WMAN standard is WiMAX (IEEE 802.16) WWAN (Wireless Wide Area Networking) technologies offer wireless mobility solutions, typically offering lower bandwitdth but covering large geographical areas. Typical examples for such technologies are GPRS, UMTS and GSM.

Standards - WPAN/WLAN/WMAN

The Bluetooth technology standard was originally deveolperd as an industry standard driven by a group of manufacturers but the standardisation process is now also taken care of by an IEEE working group (802.15). The first version IEEE 802.15.1 was derived from the original Bluetooth specification and is compatible to Bluetooth V.1.1. This standard supports data rates up to 1Mbps and is primarily used for wireless connectivity with computer peripherals and other devices like printers, headsets, mobile phones and PDAs. IEEE 802.15.3 (also called ultra-wide band or UWB) is designed for much higher speeds and multimedia services. This standard supports speeds up to 400Mbps, allowing the transmission of video (of DVD quality) and audio signals throughout the home. Within the IEEE the 802.11 working group is responsible for developing standards for WirelessLocal Area Networks (WLANs). WLANs typically serve a lot more users than WPANs and cover a larger area. The IEEE 802.11 standard is based on the same framework and principles that also form the basis for Ethernet (IEEE 802.3). This ensures a high level of compatibility and interopearbility between 802.11 and 802.3 devices and infrastructures. Until now three major revisions or versions of the physical layer have been released supporting speeds up to 54Mbps. The Wireless Metropolitan Area Network (WWAN) typically covers areas up to 50km and competes directly with other access technologies like xDSL or (DOCSIS) cable. WiMAX is an example for a new generation of standardized wireless broadband internet access technologyies. WiMAX is aworldwide certification adddressing interoperability issues across IEEE 802.16 products.

PSTN / Modem
Introduction
The word modem is a contraction of the words modulator-demodulator. A modem is typically used to send digital data over a phone line. The sending modem modulates the data into a signal that is compatible with the phone line, and the receiving modem demodulates the signal back into digital data. Modems came into existence in the 1960s as a way to allow terminals to connect to computers over the phone lines. Once people started transferring large programs and images 300 BPS became intolerable.

23

Modem speeds increased in a series of steps at two year or so intervals:

300 bit per second - 1960s through 1983 or so 1200 bit per second - gained more popularity in 1984 and 1985 2400 bit per second 9600 bit per second - ( late 1990 and early 1991) 19.2K bit per second 28.8K bit per second 33.6K bit per second 56K bit per second - became the standard in 1998

Modems use a hand-shaking sequence to negotiate the best modulation technique supported on both ends of the communication path.

ISDN
Introduction
Telephone networks around the world have been evolving toward the use of digital transmission facilities and switches for many years. The CCITT which is largely responsible for todays international ISDN standards, defines an Integrated Services Digital Network (ISDN) as: "A network evolved from the telephony Integrated Digital Network (IDN), that provides end-to-end digital connectivity to support a wide variety of services, to which users have access by a limited set of standard multipurpose user-network interfaces." In other words, an ISDN is a network designed to carry many different types of data over medium-to-large distances, and between a wide variety of equipment types, such as computers, telephones, facsimile and telex machines. Features and functions associated with ISDN include:

End-to-end digital service Standardized access interface Well defined basic services and supplementary services like telephone (voice) 2B+D for small users (B=64 KB/sec, D=16 KB/sec) 23B+D (30B+D) for large users (B=64 KB/sec, D=64 KB/sec)

More than a "Digital Network"

ISDN has some very important advantages as a technology to be used for data communication:

Standardised Flexible, 2 available simultaneous channels Bandwidth (2 x 64 Kbps) High transmission quality (digital) Attractive pricing (in many countries) Availability, good geographical coverage

24

Fast call establishment Integral security functions

Standards are the basis for the development of attractively priced communication solutions for large markets. ISDN is more than Digital Network". Integrated Services" stands for the seamless integration of voice and data. A variety of advanced communication services, tele-services and fast and reliable connections into the Internet or to other remote networks today rely on ISDN. All this and the ability to use two individual communication channels with a single S0 connection explain the flexibility of ISDN. For small and medium-sized enterprises ISDN is very attractive. ISDN delivers to customers attractive tariffs for lines and high quality digital transmission in combination with relatively large bandwidth. ISDN is also available in most European countries. Functions like dial-on-demand" or bandwidth-on-demand" are only possible because of the short times needed for call establishment when using ISDN. ISDN is also popular because of its built-in security features. Typical examples for such functions are calling line identification or closed user group.

Broadband WAN Services

Introduction
The demand for high performance WAN services - also for small and medium enterprises - grows steadily. Both old and new "bandwidth hungry" applications require more WAN bandwidth. Groupware and other Client Server solutions Multi media solutions Video streaming and video conferencing Internet Access for individual systems and complete LANs The Internet used as company WAN backbone

The number of subscribers for broadband services is growing rapidly. Many different tariff models, technological alternatives and attractive pricing attract a large number of users to change their existing Internet access technology to one of the new broadband alternatives. There are a number of important factors causing this fast development: Cost efficient use and upgrade of existing communication infrastructures Standardized products and technologies Competing service providers in most markets A large number of manufacturers of broadband products

Overview
There are currently several alternative and competing broadband technologies available or under development:

xDSL (Digital Subscriber Line) Cable network (cable modem) Satellite Transmission Wireless (RF) Networks Communication solutions utilising the electrical power infrastructure

25

xDSL (Digital Subscriber Line) today clearly has the largest market share of all broadband internet access technologies. Other technologies and solutions have nevertheless also a large growth potential because of the specific features and advantages some of theses technologies offer. Still there are criteria to be met to gain broad market acceptance which are not all met by current xDSL alternatives:

Complete geographical coverage Different services and tariff models to optimally solve specific customer requirements Low cost for both subscriber and service provider (equipment, installation, service, tariffs, operational costs) Standards, compatible products and solutions

xDSL - Digital Subscriber Line

xDSL services clearly have today the largest market share of all broaband internet access services offered. xDSL is a term used to describe a whole range of different DSL (Digital Subscriber Line) technologies. xDSL - with very few exceptions - utilizes existing telephone infrastructures (last mile). xDSL is based on new advanced modem-technologies that allow very high transmission rates.

Advantages:

Disadvantages:

Complete geographical coverage Different services and tariff models offered Low cost, good price performance ratio

many different standards and therefore only partial compatibility of products and solutions

Cable Modem Solutions

Cable modem solutions utilize existing Cable TV infrastructures. Early standardisation efforts led to commonly accepted specifications and modem products. (DOCSIS - Data Over Cable Service Interface Specifications). Cable modem solutions allow only asymmetrical data streams. They offer higher bandwidth downstream (from the Internet) connections and are therefore suitable for Internet access applications for SME networks or individual systems (home).

26

Advantages:

Disadvantages:

Theoretically complete geographical coverage. (Not all cable networks support bi-directional transmissions) Low costs Standards and compatible products

Very restricted service offerings (only usable for asymmetrical traffic)

Shared medium

Satellite Communication

Affordable satellite solutions typically allow only asymmetrical data streams. They offer higher bandwidth downstream (from the Internet) connections and are therefore suitable for Internet access applications for SME networks or individual systems (home). Advantages: Theoretically complete geographical coverage. Appropriate solution where huge down link capacities are required

Disadvantages:

Relatively high costs (dial-up back channel) Hardly any standards or compatible products Very restricted service offerings (only usable for asymmetrical traffic) Shared medium

Wireless (RF) Solutions

Affordable wireless solutions are not based on a single standard. Some solutions only allow asymmetrical data streams while other solutions have severe transmitting distance limitations. Whether wireless technology is an acceptable alternative to other broadband technologies largely depends on the local service offerings. Advantages: Several different services and tariff models are possible Easy to deploy - no existing infrastructure is necessary

27

Disadvantages:

No broad geographical coverage Hardly any standards or compatible products Very restricted service offerings Shared medium

Utilising the Electrical Power Infrastructure

Internet access solutions utilizing the electrical power infrastructure are in very early development phases. These kinds of services are today only available in field test environments. Advantages: Theoretically complete geographical coverage. Relatively low cost because it is using the power lines to cover the "last mile".

Disadvantages:

installations Hardly any standards or compatible products Very restricted service offerings

Currently only available in test

Internetworking
Overview

The major components that provide extended connectivity capabilities between LANs or LANs and WANs are:

Repeaters Bridges / Switches Routers Gateways

These devices have very different functions and capabilities. The easiest way to define these terms is to use the OSI model for reference.

28

Repeater / Hub
Definition

Repeaters operate within the physical layer of the OSI model and provide connectivity normally between similar media. Technical features of repeaters are:

They repeat and amplify electrical signals (also noise) All LANs connected by repeaters sense the same traffic LAN segments that are connected by a repeater are still on the same network

With Ethernet, hubs are multi-port repeaters.

Bridge / Switch
Definition

Bridges connect networks of similar technology. They work at the Data Link layer of the OSI model. Typical features / functions of bridges are:

29

They typically connect similar hardware networks like an Ethernet network to an Ethernet network As repeaters connect (cable) segments together within a LAN, a bridge can connect LANs together to form an extended LAN Bridges are able to connect networks regardless of the high level protocols (TCP/IP, AppleTalk, IPX, ) being used. Bridges can filter traffic so that only the intended traffic passes through. They also do not forward faulty packets and noise on the lines Some special bridges can connect LANs based on different technologies. Examples for such bridges are Ethernet / FDDI or Ethernet / Token Ring bridges.

Two fundamentally different kind of bridging technologies have been used to interconnect / extend local area networks:

Source Routing Transparent Bridging

Of these two techniques only transparent bridging has significant relevance as it is used in todays Ethernet networks a lot.

Bridge / Switch
Basic Transparent Bridge Operation

The bridge learns with each received frame the source address (MAC address) of the frame and the interface (port) via which the frame has been received. This information is stored in the bridges station cache. ( MAC Address Table) Each received frame also contains a destination address (MAC address). This address is compared to the entries in the bridges station cache. Afterwards the following forwarding rules are applied: If the address is not found in the station cache then the frame is forwarded on all bridge interfaces, except the interface where the frame was received. If the address is found in the station cache then the frame is forwarded to the interface associated wit the address. If the specified interface is the one from which the packet was received, the bridge drops the frame.

In order to accomodate dynamic changes in the network and to keep the tables at an appropriate size, each entry in the station cache is aged". This means entries in the station cache are deleted after a specified period of time (aging timer) if no frame with this address (source address) is received.

30

Bridge / Switch
Bridges - Multiple Path

For this example we assume that all station caches are empty and that station F sends the first fame. Initially each of the three bridges (A, B, C) receives the frame that station F sends to station H. Each of the bridges then notes that station F resides on LAN 1 and queue the frame for forwarding to LAN 2. One of the bridges (in our example bridge A) will be the first to successfully forward the frame to LAN 2. Because bridge operation is transparent (also to other bridges) the frame appears on LAN 2 exactly as if the originating station is on LAN 2. Therefore the bridges B and C will receive the packet, note in their tables that station F now resides on LAN 2 and queue the packet for forwarding to LAN 1. This looping of frames will occur forever with an exponentially increasing number of frames. To ensure proper operation of learning bridges in a topology with loops an algorithm has been introduced that automatically changes the topology into a loop free structure called a "spanning tree".

Bridge / Switch
The Spanning Tree Protocol

The Spanning Tree protocol / algorithm takes care of link management and loop prevention in extended LANs. The Spanning Tree Algorithm is used by bridges in redundantly configured networks to dynamically block ports to avoid network loops and open them again if a changed network situation makes this necessary. In order to implement the process, the bridges exchange special messages with each other that allow them to calculate a spanning tree. The bridges perform the following steps:

Among all briges on the extended LAN one bridge is elected to be the Root Bridge. All other bridges then calculate the shortest path from themselves to the Root Bridge. On each LAN the one bridge that is closest to the Root Bridge is elected to be the Designated Bridge for this LAN. The Designated Bridge will forward frames from that LAN towards the Root Bridge.

31

Each bridge identifies the port that gives the best path from themselves to the Root Bridge. Eventually the ports that are neccessary to build the spanning tree are selected.

Data frames are forwarded to and from ports that are included in the spanning tree. On ports that have not been selected for the spanning tree data frames are not forwarded and discarded.

Router
Definition

Routers work at the Network layer of the OSI model and are independent of the network media and LAN technology. Instead of forwarding Data Link level packets like bridges, routers forward the data based on the higher layer information in those packets. This means it uses the routing information of the higher level protocol like TCP/IP or IPX/SPX. Typical features / functions of routers are:

They work protocol oriented They can be used to link different LAN/WAN technologies

Some vendors offer devices called brouters or bridge-routers that have both bridging and routing capabilities implemented.

Routing Protocols

Routers collect and store information about the network in routing tables. These tables are used to determine the optimum path for a packet to be transmitted. Routing protocols are used to maintain and exchange information necessary to calculate these tables. Routing protocols typically fall into two main categories, Distance Vector routing or Link State routing. Distance Vector routing protocols determine the best path on how far the destination is based on

32

basic information like the number of intermediate routing systems (hops). Link State protocols are capable of using more sophisticated methods to determine the best path for a to be transmitted packet. These methods may take into consideration link variables like bandwidth, delay, reliability and load. Routing metrics and cost values are used by routers to determine the best path to the destination network or node.

Hop Bandwidth Delay Reliability Load Cost

Routing Protocols - Examples

For several decades network architectures and therefore also routing protocols have been developed an deployed. With increased numbers of networks and nodes to be connected also the routing protocols had to evolve. New levels of flexibility, performance and control were introduced with more powerful routing algorithms and techniques. Examples for routing protpocols:

RIP v1 and RIP v2 (Routing Information Protocol) OSPF (Open Shortest Path First) BGP (Border Gateway Protocol) IGRP (Interior Gateway Protocol) Cisco DECnet Phase IV DRP (DECnet Routing Protocol) RTMP (Routing Table Maintenance Protocol) a and ZIP (Zone Information Protocol) AppleTalk Novell NetWare RIP (Routing Information Protocol)

Gateway
Definition

Gateways are typically used to connect two different network architectures and therefore work at the level of the Application Layer of the OSI model. This means it can "understand" and convert between different high level protocols. Examples for such gateways are DECnet / SNA or AppleTalk / TCP/IP gateways.

33

Typical features / functions of gateways are:

They provide protocol conversion They can support different network technologies (like routers) A gateway typically has two complete architectures implemented

Architectures and Prot. Suites

Examples
Over the years a broad range of network architectures and protocol suites have been developed and deployed. Typical examples for such widely used architectures are:

TCP/IP Novell Netware (IPX/SPX) AppleTalk DNA and DECnet (Digital Equipment) LAT (Digital Equipment) SNA (IBM) OSI NetBIOS/ NetBEUI (Microsoft, IBM) Banyan Vines

In the past many manufacturers offered their own proprietary protocols and networking solutions to support their specific hardware and software in an optimum way. Over the last years there was a clear trend towards "standardised" networking solutions based on the TCP/IP protocol suite. Many network architectures now have TCP/IP protocols integrated to ensure a high level compatibility and interoperability.

Architectures and Prot. Suites

TCP/IP

TCP/IP is a widely accepted protocol suite and is the basis for the worldwide Internet. It supports a broad variety of Data Link protocols and transmission media and is implemented on a broad range of different operating systems and hardware platforms. The TCP/IP protocol suite is organized into four conceptual layers: The Network Access or Local Network Layer is the equivalent to the combined Physical and Data Link Layers of the OSI model. The architecture does not specify a particular Data Link protocol to be used, but there are existing standards to support for example Ethernet, Token Ring, X.25 and PPP. The principal protocol of the Internet Layer is IP (Internet Protocol). It is used to connect one or more networks into an internet. It offers it services to various higher layer protocols by assisting the delivery of data (packets) in one or more IP datagrams.

34

The Host-to-Host or Transport Layer has the task of providing end-to-end communication between processes rather than systems. TCP/IP provides at that level two principal protocols: TCP (Transmission Control Protocol) that provides reliability with a high overhead and UDP (User Datagram Protocol) which provides unreliable services with less overhead. The Application Layer is the equivalent to the three highest layers of the OSI Model.

Architectures and Prot. Suites

Win NT Network Architecture

The network architecture which is part of the overall Windows NT system architecture provides a good example for Microsoft networking solutions. A broad range of server and workstation applications and services can use (alternatively) different widely available networking protocol suites. Besides IPX/SPX (NWLINK), TCP/IP and DLC (Data Link Control), Microsoft networking solutions often rely on the NetBEUI protocol. NetBEUI was developed to work effectively with LAN technologies and provides therefore no routing functionality.

The Internet and TCP/IP

History

In the US, government agencies already recognized in the late 1960s the need for a technology that would interconnect many different networks in order to make them all function as one unit with a high level of redundancy. The internet technology that resulted from research funded by the Defense Advanced Research Projects Agency (DARPA) was a set of layered protocols called TCP/IP named after two of its main protocols. (Transmission Control Protocol and Internet Protocol).

35

In about 1983, TCP/IP became the standard protocol suite used on the DoD Internet (Department of Defence Internet) including the ARPANET which was the first available packet switching network. The ARPANET research resulted in the establishment of additional networks that are referred to as the DARPA Internet or simply the Internet. (The term Internet written with a capital "I" is used when referring to the DARPA Internet. If it is written with a small "I" then the term is used in a generic way.) The Internet is today a worldwide grouping of networks, all of which use TCP/IP. These networks include large and small private networks, science and research networks and military networks like the DDN (Defence Data Network). Since years the Internet grows at an incredible speed. In January 1993 only about 1.3 million hosts were connected to the Internet. January 2008 already close to 550 million hosts have been counted by the ISC (Inernet Software Consortium) an organization that regulary determines the approximate number of computer systems connected to the Internet.

Reference Model

The TCP/IP protocol suite contains a large number protocols at all layers within the architecture. Some of the more common protocols are:

IP Internet Protocol ICMP Internet Control Message Protocol ARP Address Resolution Protocol RARP Reverse Address Resolution Protocol RIP Routing Information Protocol TCP Transmission Control Protocol UDP User Datagram Protocol FTP File Transfer Protocol RPC Remote Procedure Call NFS Network File Server SMTP Simple Mail Transfer Protocol Ping Packet Internet Groper HTTP Hypertext Transfer Protocol

IP Characteristics
IP datagrams are sent from one host to another, possibly through interconnecting routers. These routers (in IP terminology also called gateways) forward IP packets from one network to another. IP service is unreliable, connectionless, best-effort packet delivery system

36

The IP service does not guarantee the delivery of packets. The packets may be duplicated, lost or delivered in wrong order. Error detection is only provided for the IP header not for the payload portion of the packet. The IP service is called connectionless because each packet is processed independently from all others. IP datagrams contain all the information necessary for intermediate routers to process the packets and forward them accordingly. The IP service which is used by all other protocols of the TCP/IP protocol suite provides network level services like:

Host addressing Routing Packet fragmentation and reassembly (if necessary) All other protocols use IP services

TCP/IP Protocol Suite

IP Datagrams

To send an IP datagram , the sending machine encapsulates the datagram inside a network frame for transmission across a directly connected network. If for example the network technology used is Ethernet, then the IP datagram is placed in the data portion of the Ethernet frame, and the frames type field is set to IP. After the network delivers the frame to the destination, the receiver uses the type field to identify data portion of the frame as an IP datagram and forwards the datagram to the software that processes them. The IP service is called connectionless because each packet is processed independently from all others. IP datagrams contain all the information necessary for intermediate routers to process the packets and forward them accordingly. The IP service which is used by all other protocols of the TCP/IP protocol suite provides network level services like:

Host addressing Routing Packet fragmentation and reassembly (if necessary) All other protocols use IP services

TCP and UDP Characteristics

The Transport Layer identifies which processes (programs) are active on each host and provides either connection-oriented or connection-less services to these processes. Connection-oriented services ensure a reliable transmission of data. TCP (Transmission Control Protocol) provides such reliable services to upper layer protocols like FTP or HTML. Connection-less services provide faster, less overhead transmissions but offer no reliability. UDP (User Datagram Protocol) is used to provide connection-less services to upper layer protocols like NFS or TIME.

37

The Transport layer uses ports to identify upper-layer processes or programs. Port addresses are used to distinguish between the different programs running within a system. The combination of an end systems IP address and transport layer port is called socket and uniquely identifies a process running on a specific host. A socket pair includes each end systems IP address and port address and identifies a logical communication channel between the systems (processes). Client- and server-based addresses are used (with TCP and UDP) to identify processes running on a host. Server ports have a range of 1 to 1023. Industry wide recognized port addresses are within the range of 1 through 255. Client port addresses can be anywhere between 1024 to 65536.

Addressing in IP
Binary-to-Decimal Conversion

To understand the derivation of network addresses it is important to get a basic understanding of decimal and binary numbering. The example below shows the "translation" of the binary number 10101101 (1octet) into its decimal representation

The decimal number system consists of the 10 unique digits of 0 to 9. Decimal numbering uses therefore powers of 10. This number system is also referred to as the base-10 system. The binary number system consists only of two unique numbers 0 and 1. Unlike decimal numbering, the binary numbering systems uses power of 2 rather than power of 10. This number system is also referred to as base-2 system. A byte or octet is composed of 8-bit positions with possible values ranging from 0 (all bits are 0) to 255 (all bits are 1).

Internet Addresses (1)

An Internet host address is a 32 bit number that identifies both the network on which a host is located and the host on that network. Network addresses (Internet addresses) are assigned by a central agency, while host numbers are assigned individually by the local network administrator.

38

The most significant bits of the network portion of the Internet address determine the class of an address. There are three classes defined:

A, with high-order bit "0", 8 bits network portion B, with high-order bits "10", 16 bits network portion C, with high-order bits "110", 24 bits network portion

Each class has fewer bits for the host part of each Internet address and therefore supports fewer hosts than the higher classes.

Addressing in IP
Internet Addresses (2)

The example below shows the Internet Address 130.44.79.34 converted into binary format The numeric representation of an Internet address is as follows: Each 8 bit field of the address is denoted by a decimal number, separated from the other fields with a period.

Reserved Internet Addresses

Class D addresses have the first four bits set to "1110" and are reserved for use as multicast addresses and are not for use by individual hosts. Class E addresses have the first five bits set to "11110" and have been reserved for future use. 255.255.255.255 is the decimal representation of an IP address with all binary digits set to 1. It identifies a message sent to all nodes on all networks and is therefore used for broadcast purposes. The address 0.0.0.0 is the decimal representation of an IP address with all binary digits set to 0. This number typically represents an unknown network/host. The address 127.0.0.1 is a special address (Class A) used for internal loop-back testing. It designates the the local node and does not generate any traffic on the network. Private addresses defined in RFC 1918 may be used internally by private networks. The reserved address ranges are:

10.0.0.0 - 10.255.255.255 (Class A) 172.16.0.0 - 172.31.255.255 (Class B) 192.168.0.0 - 192.168.255.255 (Class C)

39

These Addresses are not routable through the Internet. These addresses are used to overcome addressing issues in the current Internet (IP V4 ) address space and give companies more flexibility by providing larger usable address ranges. To communicate with the Internet subnets using RFC 1918 addresses need to be connected using some form of address translation with registered Internet addresses like NAT (Network Address Translation) or PAT (Port Address Translation).

Subnetting

In 1985, RFC 950 defined a standard procedure to support the subnetting, or division, of a single Class A, B, or C network number into smaller pieces. Subnetting was introduced to overcome some of the problems that parts of the Internet were beginning to experience with the classful two-level addressing hierarchy:

growing internet routing tables local administrators had to request another network from the Internet before a new network could be installed at their site.

Subnetting divides the addressing hierarchy into three levels. Adding another level makes it unnecessary to have a knowledge of the internal subnet structure outside of the organization. Since the subnets for a given network number all use the same network prefix, the route in from outside to any subnet is the same. This means that for one entry in the global routing tables, there can exist many individual sub-networks. The network prefix is effectively extended - the most significant bits after the network number and the next most significant bits to the subnet.

Subnet Mask (Examples)

The subnet mask is used to define the host part of the IP address. The bits in the mask are set to 1 for the digits that are to be a part of the extended network prefix and are set to 0 for the digits that are part of the host number.

40

IP Routing
RIP
RIP v.1

RIP v.2

Distance Vector 15 Hops or less Best for Star Topologies Cannot do load balancing

Extensions to carry subnet mask and next hop information

Routing Information Protocol (RIP) is described fully in RFC 1058. Extensions for RIP version 2 are described in RFC 1723. Extensions for RIP on demand is described in RFC 1582. RIP is a fairly simple distance vector protocol which defines networks based on how many hops they are from the router. Once a network is more than 15 hops away (one hop is one link) it is not included in the routing table. The possible routes (there may be more than one) to a particular host are selected on the basis of the shortest one. If two routes have the same metric (hop count) or cost, the first one found will be chosen. RIP does not cope very well with a meshed (multiply connected) network. It suits star topologies very well. Each router configured for RIP maintains a relatively simple route table as described earlier. The router will periodically broadcast its routing information to other routers. Similarly it will need to obtain this information from neighbouring routers to improve its own picture of the network. Routes are removed from the table if they are not kept up to date (refreshed) by the neighbouring routers. The RIP version 2 extensions allow the RIP updates to contain subnet masks and next hop information. The ability to carry subnet masks allows the use of different sized subnet masks on different subnets within the same network.

OSPF (1)
The Open Shortest Path First (OSPF) protocol is a relatively recent standard which is documented in RFC 1247. It has a number of significant benefits over older distance vector based protocols like RIP, including: OSPF is an open, published specification. It is not proprietary to any manufacturer. OSPF supports the concept of areas to allow networks to be administratively partitioned as they grow in size. Load balancing, in which multiple routes exist to a destination is also supported. OSPF distributes traffic over these links. OSPF routes IP packets based solely on the destination IP address and IP Type of Service found in the IP packet header. OSPF is a dynamic routing protocol. It quickly detects topological changes in the network and calculates new loop-free routes after a period of convergence. This period of convergence is short and involves a minimum of routing traffic. OSPF supports the concept of areas to allow networks to be administratively partitioned as they grow in size.

OSPF (2)

In an OSPF-based routing protocol, each router maintains a database describing the Autonomous System's topology. Each participating router has an identical database. Each individual piece of this database is a particular router's local state (e.g., the router's usable interfaces and reachable neighbours). The router distributes its local state throughout the Autonomous System by flooding. All routers run the exact same algorithm, in parallel. From the topological database, each router constructs a tree of

41

shortest paths with itself as root. This shortest-path tree gives the route to each destination in the Autonomous System. Externally derived routing information appears on the tree as leaves. OSPF calculates separate routes for each Type of Service (TOS). When several equal-cost routes to a destination exist, traffic is distributed equally among them. The cost of a route is described by a single dimensionless metric. OSPF allows sets of networks to be grouped together. Such a grouping is called an area. The topology of an area is hidden from the rest of the Autonomous System. This information hiding enables a significant reduction in routing traffic. Also, routing within the area is determined only by the area's own topology, lending the area protection from bad routing data. An area is a generalization of an IP subnetted network.

Address Resolution
ARP (Address Res. Protocol)

Whenever the IP process running on a source node is attempting to send an IP datagram, it examines whether the destination internet address is on its own physical network. If the IP datagram is destined for a host on its own local network the IP process delivers the IP datagram directly. If the IP datagram is destined for a host on some other network it sends it to a router on the local network. To make this direct delivery possible, each node maintains an ARP (Address Resolution Protocol) cache (or table) containing the mappings of internet addresses to physical (hardware) addresses. To add an entry to the ARP table for a destination host that has not been contacted for some time, ARP multicasts an ARP Request packet containing the destination nodes internet address. The destination node (or router) replies with an ARP Response packet containing its physical (hardware) address. RARP (Reverse ARP) allows a host that only knows its physical (hardware) address to obtain the internet address that it should use in communicating with other systems.

Dynamic Host Configuration

DHCP
IP networks require each node in the network to be provided with:

IP address Subnet mask DNS address Domain name Gateway

DHCP (Dynamic Host Configuration Protocol) enables network servers to assign a range of IP addresses automatically to client stations logging into a TCP/IP network eliminating the need to manually assign permanent IP addresses to each node. It is also a

42

means to provide other necessary IP setup information automatically. Whenever a computer supporting DHCP is switched on, it sends out a DHCP request to obtain TCP/IP setup information.

Domain Name System

Domain Names / Host Names
Examples for top-level domains: .com Commercial organizations .edu Educational organizations .gov US Government and government agencies .net Network providers (like ISPs, etc.) .org Misc. organizations .mil US military organizations .int International organisations such as UNO, NATO, etc. Countries are assigned domains that start with their ISO country code: .de Germany .ch Switzerland . Before 1984 when there were only a few hundred machines connected to the ARPANET. A simple file called "hosts.txt" was maintained to provide name to address information. This file was then copied to the individual hosts. In the mid 1980s it became clear that this method would soon be unworkable. The Internet was growing at a very fast rate and new system were connected every day. The names used with the Domain Name System (DNS) are constructed hierarchically, so that responsibility for portions of the namespace can be assigned to different organisations. These parts of the namespace are called "Domains". The domain names can be read from right to left, with each portion of the domain being more specific. The top-level domains (.com, .edu, .net, .int, etc.) are administered by the Internic (Internet Network Information Centre). National organizations in each country manages name assignment for the respective domains (.fr, .de, .at, etc.).

Domain Name System

DNS (Domain Name System)

The Domain Name System (DNS) is the distributed Internet service that provides translation from hostnames to the numeric addresses used to uniquely identify a host in the Internet. To perform a name to address translation two elements/functions are involved. One element is part of the operating system requesting the translation and is called the "resolver". In order to perform the translation the resolver has to interact with name servers. Name servers store and distribute the information about what address corresponds with which name. When the resolver needs an IP address, it sends a query to the name server. The name server may have the answer, and if so, it returns the information to the resolver. If the server does not know the answer, it asks a neighbouring name server.

43

TCP/IP Tools and Applications

Overview
The Transport layer uses ports to identify upper-layer processes or programs. Port addresses are used to distinguish between the different programs / applications running within a system. Well known ports reserved for use with specific applications / protocolls are for example:

TCP Port 80, HTTP (WWW Server) TCP Port 23, TELNET TCP Port 25, SMTP TCP Port 110, POP3 TCP Port 20, FTP Data TCP Port 21, FTP Command UDP Port 69, TFTP (Trivial File Transfer Protocol) UDP Port 123, NTP (Network Time Protocol) UDP Port 53, DNS Request TCP Port 53, DNS Table Exchanges

The combination of an end systems IP address and transport layer port is called socket and uniquely identifies a process (application) running on a specific host. A socket pair includes each end systems IP address and port address and identifies a logical communication channel between the systems processes (applications). Client- and server-based addresses (16 bit code, from 0 to 65535) are used (with TCP and UDP) to identify processes (applications) running on a host. The server ports have a range of 1 to 1023 and are assigned by the IANA (Internet Assigned Numbers Authority) and reserved for the specific server application. Industry wide recognized (well-known) port addresses are within the range of 1 through 255. Client port addresses can be anywhere between 1024 to 65536.

HTTP

HTTP (Hypertext Transfer Protocol) is the basis for a very popular Internet application - the World Wide Web (WWW). It contains the set of rules for transferring files (text, graphic images, sound, and other multimedia data) fromn a Web server. As soon as a Web user opens their Web browser, the user is indirectly making use of HTTP. HTTP concepts include (as the Hypertext part of the name implies) the idea, that files contain references to other files whose selection will lead to automatically access those files. Any Web server contains, in addition to the Web page files it can serve, an HTTP server program, that is designed to listen for HTTP requests and respond to them as soon as they arrive. A Web browser is basically a HTTP client, sending requests to server machines. As soon as the browser user enters file requests by either typing in a Uniform Resource Locator (URL) or by clicking on a hypertext link, the browser sends an HTTP request to the IP address indicated by the URL. The HTTP server process receives the request and sends back the requested files associated with the request. The HTML session uses the TCP transport layer protocol for connecting the client and server processes. The standard wellknown port that clients connect to at the WWW server side is port 80.

44

TELNET
TELNET is a simple text-based remote terminal protocol that allows an user to log in on a remote host. Using a telnet session to another computer is like using a lokal terminal of that system. TELNET is typically used with Unix-oriented systems and to access many networking devices for management and configuration purposes. TELNET is based on a client/server principle in which one host (the telnet client) negotiates opening a session on another computer (the remote host, running the TELNET server ). During the negotiation process, the two computers agree on the parameters relating the session including the terminal type (virtual terminal) to be used. In this context virtual terminal refers to a set of terminal characteristics and functionalities that both sides of a TELNET connection agree to use to transmit data across the network. The TELNET session uses the TCP transport layer protocol for connecting the client and server processes on the system. The standard well-known port for TELNET terminal access is port 23 on the server side.

FTP

The File Transfer Protocol (FTP) allows the user to transfer data in both directions between the local host (FTP client) and a remote host (FTP sever). FTP is a TCP based service. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port although depending on the FTP mode, the data port may be on an other port than 20. In active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server's command port, port 21. Then, the client starts listening to the next higher port (N+1) and sends the FTP command PORT N+1 to the server. The server will then connect back to the client's specified data port from its local data port, which is port 20. In order to resolve the issue of the server initiating the connection to the client an other method for FTP connections - called "passsive mode" was introduced. In passive mode FTP the client initiates both connections to the server. This solvies the problem of some firewalls filtering the incoming data port connection from the server. When opening an FTP connection, the client opens two random unprivileged ports locally. As in the example with active mode before the first port contacts the server on port 21, but instead of then allowing the server to connect back to its data port, the client will send the passive mode instruction. Because of this is, the server then opens a random unprivileged port (P) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.

45

Email

Electronic mail is one of the most commonly used networking applications resulting in a number of different protocols that have beed developed over time to transfer emails across TCP/IP networks (and the Internet). The Simple Mail Transfer Protocol (SMTP) is the classic Internet standard for transfering emails between computers. SMTP deals with the exchanges that occur between a process with mail to be sent (SMTP client) and a SNMP process that receives mail (SMTP server). Other standards define extensions to SNMP that enable it to transport any type of information. Multipart messages are described in Multipurpose Internet Mail Extensions (MIME) standards that allow the transfer of word processor documents, binary files or multimedia data. The Post Office Protocol (POP) enables a desktop mail client to retrieve mail from a mail server. An alternative technology is the Internet Message Access Protocol (IMAP), that enables a user to work with his emails actually stored at a server.

PING
Packet Internet Groper (PING) is a protocol that uses ICMP as a transport mechanism. It is used to send a message to a host and wait for that node to respond to the message. PING is a helpful tool on TCP/IP networks, where it is used to determine if a node or network can be reached. PING will also report the round trip delay time for the connection.

Address Translation
NAT / PAT

NAT Firewall/ IP Sharing (Network Address Translation) allows a LAN to connect to the Internet using one purchased IP address. NAT converts the outgoing IP address of each LAN device into one IP address for the Internet and vice versa. It also serves as a network firewall by keeping node IP addresses hidden from the outside world. One of the main reasons for NAT (Network Address Translation) is because of the depletion of IP address space on the Internet. Network managers need Internet access for their entire networks, but have only limited IP addresses to

46

work with. NAT allows them to have an internal IP addressing scheme using one of the ranges allocated for private networks in RFC 1918. Any traffic leaving the private network would go through a router with NAT(PAT) which would replace the source address of the IP header with a registered Internet address. However, a comprehensive solution of the Internet address problem will only become possible in the future, with the implementation of new addressing schemes (IPv6). Experience has shown that the implementation of new technologies and standards takes a considerable time, so technologies like NAT and PAT will provide good pragmatic solutions for current problems.

Address Translation
NAT (Netw. Address Transl.)
The first attempt to solve the issues with Internet Address space was a technology called Network Address Translation (NAT) and described in RFC 1631. NAT was seen as a process whereby private addresses (defined in RFC 1918) could be masked with an authorized or registered IP address or a number of addresses. NAT is based on the assumption that not all users on a private LAN will need to access the Internet at the same time. A small pool of IP addresses are registered and assigned to the local "inside" network. All systems on this network are given RFC 1918 defined addresses. The registered IP addresses can then be dynamically assigned and reassigned, as appropriate, by the NAT router to computers accessing the Internet. A special version of NAT is a many-to-one" scheme with just one single registered IP address. The abbreviation NAT is used today in a more generic way and typically includes more advanced address translation techniques like PAT (Port Address Translation).

PAT / NAPT (1)

IP addresses became a scarce resource. Most Internet Service Providers (ISPs) will only allocate one address to a single customer. In majority of cases this address is assigned dynamically, so every time a client connects to the ISP a different address will be provided. Because such users are given only one IP address, they can have only one computer connected to the Internet at a time. A variation of NAT, called enhanced NAT (ENAT) or PAT (Port Address Translation) or NAPT (Network Address Port Translation), uses only a single global Internet IP address that is globally unique and assigned by the ISP to the WAN interface. The advantage of this scheme is that only a single IP address is required from an

47

Internet Service Provider (ISP) to connect an entire private network. The private network can easily be shifted to another ISP simply by changing the one global IP address.

PAT / NAPT (2)

PAT (Port Address Translation) or NAPT (Network Address Port Translation), uses only a single global Internet IP address that is globally unique and assigned by the ISP to the WAN interface. This IP address can be either static or dynamic and can either be configured in the router manually or automatically while dialling into the ISPs router or access concentrator. Each new session crossing the access router is assigned a set of unique TCP/UDP port numbers. For example, consider a TELNET packet sent from a private network to a host on the Internet. The source IP address is changed to the single global IP address and the source TCP port number is substituted for one that is unique. The router maintains a list of all current sessions using the IP source address, original source port, substituted port, destination port and destination IP address information.

"Inverse" PAT / NAPT

PAT (Port Address Translation) or NAPT (Network Address Port Translation) requires a system connected to the local (or "internal") network to initiate a connection through the PAT/NAPT router. This is one of the reasons why access router using PAT/NAPT already provide a relatively high level of security against attacks from the Internet. There are nevertheless applications where access from the Internet may be necessary. To address this issue, some access routers support "inverse" PAT/NAPT functions. This functionality permits a limited translation function in the opposite direction. When accessing the Internet from the local or "internal" network the router itself makes the entry in the port and IP address information table. For example, a computer system sends a packet from the Internet to a HTTP server on the Intranet. From the point of view of this system the "inverse" PAT/NAPT router appears to be the HTTP server. The router knows the Intranet address of the server to which the packet is forwarded from the entry in the service table. All packets that come from the HTTP server in the local network (answers from the server) are hidden behind the IP address of the router. In order to access to a service (port) in the local network from outside it is necessary to define in advance a service table entry in the router by specifying a port number. The destination port is specified with the local network address of, in our example, the HTTP server.

48

TCP/IP Network Security

Firewalls

A firewall is a security device designed to allow safe access between networks by enforcing a set of access rules between the various interfaces connecting them. Typically a firewall has two interfaces one interface is attached to the public network and the other interface is attached to an internal private network (intranet) which requires protection. The firewall prevents unrestricted access to the private network and protects the computer systems behind the firewall from attack. There are two main types of technologies used in firewalls. The traditional firewall is an Application Gateway where the firewall functions as a proxy between networks for certain applications. The proxy is designed with the knowledge of how a protocol works and what is to be allowed or disallowed. This methodology is CPU intensive and very restrictive. Only protocols that have specific proxies configured are allowed through. The second type of firewall methodology is Stateful Inspection. Stateful inspection is also referred to as dynamic packet filtering or context-based access control (CBAC). In this technology, an inspection module understands data in packets from the network layer (IP headers) up to the application layer. The inspection module checks every packet passing through the firewall and makes access decisions based on the source, destination and service requested. The term stateful refers to the firewall's ability to remember the status of a flow, for example, whether a packet from the public Internet is returning traffic for a flow originated from the private intranet. Stateful inspection firewalls are generally faster, less demanding on hardware and more adaptive to new Internet applications.

TCP/IP Network Security

VPN (Virtual Private Networks) (1)
Definition: A VPN (Virtual Private Network) is a network consisting of virtual connections over which non-public and company internal data are securely transmitted". A VPN (Virtual Private Network) physically shares a backbone connection with other data traffic and links over a secure connection via access control and encryption. One of the main reasons for the implementation of a secure VPN (Virtual Private Network) across the Internet is to provide secure and private business data links with good performance at low cost. VPNs are also implemented to allow remote users and mobile users a low cost secure connection to the internal company network over the Internet infrastructure. In order to maintain privacy in a public environment, VPNs use access control and encryption. Internet virtual private networks are the latest evolution of private networks. Internet VPNs establish local dedicated or dialup Internet connections with a local service provider and rely on that provider to ensure that one's packets are properly routed through the public Internet to the appropriate destination. VPN implementations are implemented using several different methods. These include PPTP (Point to Point Tunnelling Protocol), L2TP (Layer 2 Tunnelling Protocol), GRE (Generic Router Encapsulation) with SA (Security Associations), and IPSec. PPTP is a simple Layer 2 VPN. L2TP is used for VPNs that need protocols other than IP. GRE with SA is a simpler configuration for IP only VPNs. IPSec is a very popular IP centric solution.

49

VPN (Virtual Private Networks) (2)

Over the last years, several partly standardized methods have been developed, that represent the technical basis for VPN solutions today. By using the OSI layer model, these methods can be divided into two groups, which operate on the OSI Layer 2 (Link layer) and Layer 3, respectively. PPTP (Point-to-Point Tunnelling Protocol) and L2TP (Layer 2 Tunnelling Protocol) are typical examples of the OSI Layer 2 protocols. PPTP is a point-to-point tunnelling protocol, which was originally developed for RAS (Remote Access Server) hardware and software (in particular Windows NT). Efforts to combine the technical principles of other manufacturers of router and RAS components with PPTP and hence to create a wider standard, led to the development of L2TP. As layer 2 protocols (in accordance with the OSI model), PPTP and L2TP can also be used for multi-protocol applications. IPSec is regarded in many quarters as the most comprehensive VPN technology (for IP networks). The standards relating to IPSec contain comprehensive security functions, serving as methods for the authentication and administration of Keys" in addition to encoding. Since IPSec is an OSI layer 3-based protocol, IPSec can only be used in IP networks.

IPv6
Next Generation IP

IP version 6 (IPv6) is the next generation of the Internet Protocol, designed as a successor to IP version 4 (IPv4). Many enhancements to the IP protocol suite have been developed over the years to overcome many of the IPV4 limitations and shortcomings. The changes and enhancements from IPv4 can be grouped into the following categories:

Extended addressing Header format optimisation Improved flexibility (extensions and options) Flow Labelling Improved multicast & streaming

50

Security (authentication and encryption) Increased maximum packet size Better support for mobile applications & devices Improved neghbor discovery protocol - replacing ARP

The extended addressing capabilities solve most of the problems with the restricted address range in IPv4. IPv6 increases the IP address size from 32 bits to 128 bits. To optimise the header format, some IPv4 header field have been removed or made optional, to reduce processing of packet handling and to limit IPv6 header overhead. Changes in the way IP header options are encoded allow for more efficient forwarding and greater flexibility for introducing new options. A new capability is added to enable the labelling of packets belonging to particular traffic "flows" for which the sender requests special handling. Examples are quality of service or real-time services. Besides several performance enhancements compared to IPv4 also the maximum packet size has been. IPv6 offers now a "jumbopackets" option allowing payloads up to 4 billion octets. IPv6 also incorporates major security (authentication and encryption) enhancements. Extensions to support authentication, data integrity and data confidentiality are defined. IPSec (VPN) is an integral part of IPv6. In addition other protocols like an improved neighbor discovery protocol (using ICMPv6) to replace ARP, have been implemented.

Extended Addressing

The extended addressing capabilities solve most of the problems with the restricted address range in IPv4. IPv6 increases the IP address size from 32 bits to 128 bits. In IPv6 addresses are not assigned to nodes but to interfaces. Any of a nodes interfaces unicast adresses may be used as an identifier for the node. It is also possible to assign multiple IPv6 addresses to a single interface. In IPv6 there are three types of addresses used:

unicast addresses multicast addresses anycast addresses

Unicast addresses identify a single interface. Multicast addresses identify a group of interfaces in a way that a packet sent to a multicast address is delivered to all of the interfaces in the group. In IPv6 the multicast address replaces the IPv4 broadcast address. The third address type in IPv6, the anycast address also identifies a set of interfaces, but a packet sent to such an address will only be delivered to one member of the set.

51

IPv6
Example Address Format

Best example to show the addressing logic in IPv6 is looking at the structure of an IPv6 Global Unicast Address, which is characterized by a Format Prefix of "001". The Top-Level Aggregation IDentifier (TLA ID) field is typically assigned not to a private organization but to an organization providing a public transit infrastructure. The IANA will assign small blocks of TLA ID to IPv6 registries. Examples for such registries are IANA (Multiregional), RIPE-NCC (Europe), INTERNIC (Northern America) and APNIC (Asia and Pacific). The Next-Level Aggregation IDentifier (NLA ID) field is to create an addressing hierarchy and to identify sites respectively the ISPs. The Site-Level Aggregation IDentifier (SLA ID) field is used by users that got a TLA ID assigned to create an addressing hierarchy within the sites, which usually includes the subnet identifier. The Interface ID identifies a single interface among the interfaces identified by the subnet prefix. The IP standards also introduce a new format for presenting the IPv6 addresses. That format splits the address into eight 16 bit parts. Colons separate the parts, which are shown in hexidecimal notation.

Header Format Optimization

The optimised header format is one important enhancement in IPv6. Some IPv4 header field have been removed or made

52

optional, to reduce processing of packet handling and to limit IPv6 header overhead. The result is that the IPv6 is much simpler to process and reduces the time taken to process IP headers in hosts and intermediate routers. Changes in the way IP header options are encoded allows for more efficient forwarding and greater flexibility for introducing new extensions and options. The elements (fields) of the IPv&6 header in some more details: Version (4 bits) that contains the IPv6 version number. Traffic Class (8 bits) - Internet traffic priority delivery value. Flow Label (20 bits) used for specifying special router handling from source to destination(s) for a sequence of packets. Payload Length (16 bits) specifies the length of the data in the packet. Next Header (8 bits)specifies the next encapsulated protocol. (The values are compatible with the IPv4 protocol field values). Hop Limit (8 bits) replaces the TTL field in the IPv4 header. Source address (16 bytes) containing the IPv6 address of the sending node. Destination address (16 bytes) containing the IPv6 address of the destination node.

Improved multicast & streaming

In IPv4, multicast was simulated by broadcasting to all devices in the neighborhood. IPv6 provides multiple groups of multicast addresses so that multicast streams can be pinpointed to the required hosts and only those hosts. Improved multicast methods means that applications such as video and audio streaming, online gaming and Internet telephony will expand and prosper with IPv6. Besides multicast addressing and protocols also quality of service features and functions are implemented in IPv6. One new capability is added to enable the labelling of packets belonging to particular traffic "flows" for which the sender requests special handling. Also the IPv6 Header contains traffic class information. This allows to support quality of service or real-time services for various applications.

Integrated Security
In IPv4, the only way to implement secure communications such as IPsec-based VPNs has been to terminate the IPSec tunnels at a firewall and de-encrypt the packet before passing it in the clear to the host over the local network. IPv6 also incorporates major Security (Authentication and Encryption) enhancements. Extensions to support authentication, data integrity and data confidentiality are defined. IPSec (VPN) is an integral part of IPv6 which provides true end-to-end secure communication and will enable new security mechanisms to prevent spoofing, interception and tampering with IP packet data.

53

Better Support for Mobile Devices

As more 3G mobile networks and orther wireless networks are deployed, the opportunities to use mobile phones, PDAs and many other embedded systems as true data communication devices will increase. Each mobile device also requires multiple addresses as they move between cells and base stations. In IPv4 the technology to implement true mobile and transport media independent solutions is called Mobile IP. IP mobility allows packets sent to a home address to be delivered to the mobile node. In addition, mobile IP can hide any address changes from the transport and application layers, enabling the mobile device to move without interruption between different access networks using different access technologies. IP mobility is a part of the IPv6 standards and therefore includes built-in features which allow IP addresses to change as a mobile user moves between base stations which can reconfigure and reassign IP addresses. Mobile IPv4 and Mobile IPv6 protocols are based on similar concepts, but the implementations are different. In Mobile IPv6, each mobile node is identified with a static Home Address, independent of where and how it is connected to the Internet. The Home Address is known by the Home Agent (HA) router in the home network of the mobile node. When the mobile node is connected to a new link, it is addressable by a "care-of address", in addition to its home address. It is the care-of address that holds information about the mobile node's current location.

Migrating from IPv4 - Overview

Most network migrations are accomplished by shutting down the network, upgrading or replacing the network devices to use the new protocol and then turning the network back on. But with the Internet as in enterprise networks this is just not possible or desirable. The huge investment in IPv4 based devices including routers and hosts means that simply flipping the protocol version over is not a viable option. IPv6 migration will take years to complete; in reality it may never be completed as many IPv4 devices will never migrate. During this migration, various methods have been recommended to handle the transition and allow coexistence between the two protocol versions: In order to migrate as smoothly as possible the following technology approaches have been developed:

Dual Stack / Dual Layer Tunneling Translating IPv4/IPv6

54

Migrating from IPv4 - Dual Stack / Layer Approach

In order to participate in both an existing IPv4 and a newer IPv6 network, a host must support both protocol stacks in its operating system. This may be by using a dual stack or a dual layer approach as shown in the figure above. Although from a networks point ov view the two approaches are similar, the difference between these approaches is in its implementation. The dual layer approach does not implement a second parallel transport layer where the dual stack solution does exactly that. Most current operating systems support one of these methods. For instance Microsoft Windows XP and Server 2003 support the dual stack approach while Sun Solaris, HP True64 Unix and most Linux implementations support a dual layer integrated stack.

Migrating from IPv4 - Tunneling / Translating

Currently there is very small number of islands of IPv6 capable devices attached to the Internet. To communicate with each other, the IPv6 traffic is normally carried over the IPv4 network using tunnelling techniques. At the other end, the tunnel device de-encapsulates the IPv6 packet and delivers it to the local Ipv6 host as shown in Figure. There are various methods for tunnelling IPv6 data over an IPv4 network. These are dependent on the type of traffic being tunneled and the configuration of the host/router network. The main tunneling techniques are: 6to4 is a router-to-router tunneling technology that provides automatic address assignment and connectivity between IPv6 sites and hosts across an

IPv4 Internet ISATAP is designed for campus environments and supports automatic tunneling between IPv6 hosts that do not have a direct connection to an IPv6 capable router across an IPv4 intranet. Teredo, uses UDP datagrams to encapsulate IPv6 traffic over an IPv4 Internet. It is designed to punch holes through existing IPv4 NAT devices and is especially suited to consumer applications such as multi-player gaming.

Translators on the other hand can be seen as an intermediate component between a native IPv6 system (interface) and a native IPv6 system (interface). They are designed to enable direct communication between such systems by performing header translation, without the necessity of any modifications at the hosts. Although this approach is completely transparent it very probably will be only used to incorporate remaining IPv4 systems into IPv6 networks.

55

ADVANCED NETWORK
NIC - Network Interface Card

Introduction

The network interface card (NIC) provides the physical connection to the LAN. Software residing on the PC provides a way for the OS (Operating System) to communicate with the NIC. This hardware specific software is commonly referred to as a driver. The NOS breaks down the information to be transmitted into small pieces of information called packets. To send the packet, the NOS needs to know where the data is going. Every computer on the LAN is assigned an address to facilitate delivery. This address is called the MAC (Media Access Control) Address. MAC is actually a protocol that determines how the data gets from origin to destination.

NIC - Network Interface Card

"Anatomy" of a NIC

To choose the appropriate network interface cards it is necessary to decide on:

Bus type Media Speed (N)OS support, drivers Special features Remote boot Wake-On LAN

SMC offers a broad range of network interface cards to connect portable computers, desktop systems and servers to the network. In order to be able to solve the typical connectivity "problems" SMC offers network interface products for different LAN technologies, several standard bus systems and various connector types.

56

Rich driver support and special software and hardware additions enables the network manager to design reliable, powerful networks.

NIC - Network Interface Card

Ethernet Connector Types

Connectors typically found in Ethernet installations:

AUI (Attachment Unit Interface) used to connect to external transceivers BNC RJ45 SC, ST, VF45, MTRJ

An Ethernet transceiver is a device that transmits and receives information to and from the wire. When you plug into an RJ45, BNC or Fiber port on a NIC, you are connecting to a transceiver. Transceivers are also available as an external device that attach to the AUI port of the network computer.

Speed and Throughput

The actual "speed" of the network connection depends largely on LAN type and the available bus type. Most efficient use of Fast Ethernet can be achieved with a 32-bit PCI Bus Type (PCI or CardBus). Gigabit Ethernet NICs need a 64-bit PCI Bus to perform optimally. When connecting a computer or server directly to a switched port, supported devices can transmit and receive simultaneously. This feature is called Full Duplex.

57

(N)OS Support

In order for a NIC to work with a given (N)OS, the Vendor must develop a driver to interface with the (N)OS. Examples for popular (Network) Operating Systems:

Windows 95/98/ME/2000/XP Windows NT Mac OS Novell NetWare Unix, Linux OS/2

PC Bus-Types
Introduction

The development of desktop hardware during the last 20 years not only led to more powerful processors and computer architectures. Also bus systems changed and evolved continuously from the early 8 and 16 bit ISA bus to modern PCI and CardBus architectures.

ISA EISA MCA PCI PCMCIA/PC Card CardBus Compact Flash (CF) USB

58

PCI Bus

The PCI (Peripheral Component Interconnect) bus was developed by Intel.

32-bit bus, 66Mhz clock speed Not backward compatible with ISA Up to 264MB/sec maximum DMA transfer Supports Bus-Mastering Easy to configure Inexpensive New version supports 64-bit bus

PCMCIA / PC Card / CardBus

PCMCIA / PC Card

CardBus

Developed by the PCMCIA in 1991 16-bit Bus, 10MHz Clock Speed Up to 20 MB/sec maximum transfer rate

Developed by the PCMCIA in 1995 32-bit Bus, 33Mhz Clock Speed Up to 132MB/sec maximum DMA transfer Supports Bus-Mastering Backwards compatible with PC Cards Notebook or Laptop must support CardBus Supported on most newer systems

59

Compact Flash

CompactFlash (CF) technology was originally developed by SanDisk Corporation in 1994 for data storage devices, used in portable electronic devices. The physical format is now used for a variety of devices and many different device options are offered today including LAN and WLAN interface cards. There are two main versions of CF cards, Type I and the slightly thicker Type II cards that are used by Microdrives and some other devices. There are three, main standards including the original CF, CF High Speed (using CF+/CF2.0), and a even faster CF3.0 standard.

Workstation NIC Features

Additional Features

Advanced hardware design and powerful additional features guarantee optimal performance and functionality:

32-bit Bus-Mastering Boot ROM Wake-On LAN ACPI (Advanced Configuration and Power Interface)

32-bit Bus-Mastering is available on PCI and CardBus cards and increases throughput by offloading work from the system processor. An optional Boot ROM is a chip that can be installed on the NIC. This technology provides a means for a system to boot up and connect to a network without the need for an internal drive. Wake-On LAN functionality provides a means for the network manager to power up and down systems and perform routine maintenance using a 5V cable which attaches from the NIC to the motherboard. To instruct the system to power on/off a special packet is sent to the NIC. ACPI (Advanced Configuration and Power Interface) is a new industry specification proposed by Intel, Microsoft and Toshiba to provide functionality for detailed power management. This technique allows the automatic powering of the system and peripherals. When combined with latest PCI specification, it can power the machine ON or OFF through the NIC without the need for a WOL cable.

60

Remote Boot

A computer system performing a remote-boot does not reliy on local resources (such as its hard disk) to start, but uses centralized resources (through the network) instead. Remote-booting is generally a three phase process that is directed by a chip installed on the network interface card, called a Boot-ROM (PROM, EPROM).: In the first phase the remote-boot system requests basic information about its configuration. In an IP environment the client computer establishes a communication with a server, using either the BOOTP or the DHCP protocol, in order to get the basic information needed to proceed to the next stages. This critical information includes the IP address, subnet mask, default gateway and the name of the bootstrap program to load. In the second phase the actual bootstrap program is loaded. The bootstrap program is the core of the remote-booting process. It is stored on the server and is transferred to the client computer to prepare the system to run the actual operating system. The third phase leads to the download of the operating system.

Wake On LAN

Wake on LAN (WOL) is a technology that allows a network or system manager to remotely power on a system or to wake it up from sleep mode. By remotely triggering the computer to wake up and perform scheduled maintenance tasks, the technician does not have to physically visit each computer on the network. To use Wake On LAN function, you must have a network card with chipset that supports this feature, and connect a cable from LAN card to motherboard WOL connector. Wake on LAN works by sending a wake-up frame to a client machine from a server machine that has remote network management software installed. The Wake on LAN network adapter installed in the client receives the wake-up frame and turns on. The scheduled tasks then begin. The Wake on LAN network adapter continually monitors the network looking for wake-up frames. The adapter must have a constant power source in order to boot up, which is usually from a special power supply that delivers a certain amount of power continually. The Wake on LAN adapter also decodes the wake-up frame to determine if it is a wake-up.

61

High Perf. and Server Features

Connecting Servers and WS

As applications require more and more network bandwidth, network performance has to be increased. A solution to this problem can be approached in one of three ways: Increase throughput on workstation NICs Development of NICs optimised specifically for network servers and high performance workstations Increase network bandwidth

Advanced Performance features provide extra levels of increased throughput and performance. Especially the use in powerful servers requires NICs designed differently from standard workstation products. Offloading the servers CPU, buffering and advanced bus management are essential especially if more than one NIC is to be installed. Depending of the used operating system drivers are offered to provide load balancing and fault tolerance for increased throughput and reliability. Bandwidth can also be increased using Gigabit Ethernet. The use of Gigabit Ethernet NICS provides the maximum throughput and can eliminate bottlenecks in LANs with heavy traffic. Some NICs for servers offer in addition powerful techniques like VLAN and CoS/QoS.

High Perf. and Server Features

Load Balancing
Each additional port provides more bandwidth to the Server. Even so, you could have a majority of the Server traffic going to one port, while the other port is idle. For best performance across multiple ports, the Server should be able to perform load balancing between these ports. With load balancing, a special secondary software driver is loaded that groups all available ports and treats them as a single fast interface. As traffic comes in to the server, it is distributed evenly across all ports, resulting in maximum performance and avoids congestion problems. In the above example the traffic is balanced across both full duplex Fast Ethernet ports creates a 400Mbps switch-server pipeline. The availability of such load balancing functionality and drivers largely depending on the used operating system and hardware platform. Often such drivers are offered by third party vendors specialised in high level server solutions

High Perf. and Server Features

62

Fault Tolerance
With multiple NICs or a multi-port NIC, fault tolerant network connections can be designed into the network. Should one port (or card) fail, the driver detects the failure and routes all data to the remaining available ports. This ensures that the server continues to provide service until the fault can be corrected. In the above example the server has two full duplex Fast Ethernet ports installed that are configured to provide fault tolerance. With the first link failing , all traffic is re-routed through the second link. The availability of such fault tolerance functionality and drivers is largely depending on the used operating system and hardware platform. Often such drivers are offered by highly specialised third party vendors.

Gigabit Ethernet NIC Features

A number of advanced techniques in Gigabit Ethernet network interface cards can increase performance in the network and computer system significantly:

Packet Propulsion Jumbo Frame Support Intelligent Interrupt Management TCP/IP Checksum Quality of Service (QoS) VLAN Tagging

Packet Propulsion minimizes arbitrations by bursting small packets across the PCI bus, increasing throughput by freeing up the PCI bus, allowing it to process additional tasks. This eliminates the need to make a logical to physical address translation. If the system supports a faster clock rate or wider bus (64-bit as opposed to 32-bit), the NIC adjusts packet size and speed accordingly. Interrupts are minimized by combining several smaller transfers into one large transfer across the PCI bus. Jumbo Frame Support reduces the overhead required to process packets.By using a larger frame, processing can be reduced to 1/3 of that required to process standard frame sizes. With Intelligent Interrupt Management implemented, the NIC schedules it's interrupt calls instead of interrupting the bus for every received frame. This allows data to be streamed, improving throughput and system performance. TCP/IP Checksum offloads the task of examining the TCP, IP or UDP checksum onto the NIC. This allows the NIC to filter packets based on the checksum information returned. It reduces CPU utilization and improves efficiency. Support for Quality of Service (QoS) and VLAN Tagging offers the network administrator new levels of functionality, flexibility and control.

Qos and VLAN Tagging

63

VLAN Tagging is a switch feature that allows groups of users to be segmented. Adding VLAN support to the NIC gives the network manager the ability to configure which VLAN groups can "see" the server and vice-versa. Quality of Service (QoS) allows the NIC to prioritise data. Mission critical data can receive a higher priority setting, allowing it to be processed first.

Incr. Throughput and Perf.

A number of advanced techniques in network interface cards can increase performance in the network and computer system significantly:

Pipeline Data Transfer (SimulTasking) Programmable InterPacket Gap Transmit Chaining Preemptive Interrupt

Pipelined Data Transfer improves performance by increasing the data throughput between the network and the system. Without Pipelined Data transfer, packets must be received fully into the NIC's memory buffer before they are forwarded. Pipelined Data Transfer forwards the packet before it has been fully received, allowing the buffer to begin receiving the next packet. This process decreases the latency period between data transfers. SMC's method is called SimulTasking. With a functionality called Programmable InterPacket Gap the NIC intelligently monitors network traffic and based upon the level of congestion, the NIC dynamically increases or decreases the spacing between packet transmissions. This minimizes packet collisions and increases overall network performance. Transmit Chaining and Preemptive Interrupt are two features that are incorporated into the EPIC chip used on some of SMC's high-performance NICs. Together, they offload some of the CPU load onto the NIC which results in better system response time and performance.

SMC LAN Adapter Cards

64

SMC1255TX-1 PCI 10/100

SMCs EZ Card 10/100 PCI Card SMC1255TX-1 supports full-duplex communication, auto-negotiation, Wake-on-LAN (WOL), flow control, and a 32-bit data transfer mode to provide a simple and cost effective solution for your home or office networks. Features and Benefits:

Supports 32-bit data transfer 32-bit Bus-Mastering PCI -> Bus-mastering reduces CPU utilisation and improves throughput Dual-speed 10/100 Mbps Ethernet Full-duplex, flow control and auto-negotiation Auto-configures on power-up Diagnostic LEDs Socket for optional Boot ROM Wake-on LAN Etherguard Personal Firewall and WinEtool Personal Sniffer Simple, quick and easy installation Remotely managed PCs through WFM (v2.x) feature Ships with drivers for all popular network operating systems

SMC1255FTX-SC PCI 10/100

65

SMCs Combo EZ Card 10/100 PCI network card is fully auto-configurable upon power-up through the host computers BIOS setup program. Features and Benefits:

10BASE-T/100BASE-TX (RJ-45) and 100BASE-FX (Fibre-SC) 32-bit PCI (v.2.2) bus-master architecture Dual-speed 10/100 Mbps Ethernet Full-duplex, flow control and auto-negotiation Auto-configures on power-up Diagnostic LEDs Socket for optional Boot ROM (PXE/ RPL) Wake-on LAN Supports 32-bit data transfer Bus-mastering reduces CPU utilisation and improves throughput Simple, quick and easy installation

This product is no longer available. This product represents a technology.

SMC9462SX V.2 PCI 1000

The SMC9462SX V.2 TigerCard 1000 is a Gigabit Ethernet network interface card for 32- and 64-bit PCI local bus computers. Operating under the 1000BASE-SX short-wavelength laser specification, this card provides up to ten times the bandwidth of Fast Ethernet over multimode fibre links. Features and Benefits:

Full duplex operation provides 2Gbps of network bandwidth 32-bit and 64-bit PCI bus-master operation Packet Propulsion Intelligent Interrupt Management TCP/ IP Checksum off-loading minimises CPU time Independent receive and transmit buffers Jumbo Frame support Configurable 16 entry VLAN table with eight levels of priority Plug and play installation Auto Negotiation of duplex mode and flow control Complies to IEEE 802.3z, IEEE 802.3x, IEEE 802.1Q, IEEE 802.1p Support for popular (Network) Operating Systems

66

SMC9452TX1 PCI 1000

The EZ Card 1000 SMC9452TX-1 is SMC Networks 32-bit 10/100/1000 Mbps copper Gigabit PCI interface card designed for higher bandwidth system applications. Features and Benefits:

Industry-Leading Performance Provides 2Gbps of network bandwidth Auto-Negotiation, full-duplex, and flow control support 32-bit data transfer rate (PCI v2.2) High-speed 32-bit full-duplex performance for the desktop TCP/ IP Checksum off-loading minimize CPU utilization Wake-on LAN Plug-and-play installation Supports Advance Configuration and Power Interface (ACPI) Diagnostic LEDs IEEE 802.3ab, 802.3u, 802.3x, 802.1Q Support for all popular (Network) Operating Systems

SMC8036TX CardBus 10/100

SMCs SMC8036TX is designed for CardBus compatible notebook computers and provides high-speed 32-bit PCI bus performance.

67

Features and Benefits:

High-speed 32-bit CardBus performance for notebooks and laptops Auto-sensing 10/100 Mbps Ethernet/ Fast Ethernet CardBus technology eliminates the interface bottleneck of 16-bit Cards Innovative fixed-port (dongle-less) design Plug-and-play installation - easy to install and use Supports hot-swap function

This product is no longer available. This product represents a technology.

TigerCard 10G

For data intensive environments such as data centres, server farms or storage area networks, the TigerCard 10G network interface cards provide full 10 Gigabit connectivity with any 10G enabled device such as the 8700 or 8800 families of Tiger Switches and Tiger Stacks. Available with copper or fibre connectors, they can operate with both Windows and Linux server operating systems. They are ideal for high bandwidth demanding applications and provide Jumbo frame support to give even higher packet throughput. SMC10GPCIe-10BT

PCIe x8 Interface IEEE802.3an 10GBASE-T connector (RJ-45)

SMC10GPCIe-XFP

PCIe x8 Interface 1 XFP module cage (10 Gigabit Ethernet)

Features and Benefits:

Full Duplex Flow Control Priority Queuing VLAN TCP checksum upload TCP segmentation/ large send and receive offload RSS Jumbo Frames Remote Boot Virtual NIC support

SMC WLAN Adapter Cards

SMCWPCI-G2 PCI Card (54Mbps)
68

SMCs EZ Connect G 54Mbps Wireless PCI Card SMCWPCI-G2 is 802.11g-compatible and is five times faster than 802.11b devices. Because it is wireless, the SMCWPCI-G2 eliminates the need for installing Ethernet cabling. For security, the SMCWPCI-G2 supports the highest available level of industry-standard WEP encryption and Wi-Fi Protected Access (WPA). Features and Benefits:

Up to 54Mbps high data rate 2.4GHz frequency band 64-bit and 128-bit WEP encryption, Wi-Fi Protected Access (WPA), 802.1x for authentication Site survey utility Ability to define multiple profile settings EZ installation wizard Supports major Windows operating systems Wi-Fi certified: Compatible to IEEE 802.11g, IEEE 802.11b

SMC2642W Compact Flash Card (11Mbps)

The SMC2642W V.2 EZ Connect 2.4GHz 11Mbps Wireless Compact Flash Card is a Type I Compact Flash Adapter that is based on IEEE 802.11b technology. This Wireless Compact Flash (CF) Card supports wireless communication at speeds up to 11Mbps with a maximum connection range up to 1,320 feet. Supporting Windows CE 3.0 and Windows 98SE/ ME/ NT/ 2000/ XP/ Pocket PC 2002, this Wireless Compact Flash Card provides an easy-to-use configuration and is the perfect solution for integrating PDAs into already existing wireless LANs. Features and Benefits:

interface

Compact Flash V1.4, CF+ I/O interface,Type I host

69

802.11b wireless LAN connection 64-bit/ 128-bit WEP encryption Plug-and-Play Configuration Up to 11Mbps high data rate Automatic fallback feature (1, 2, 5.5, or 11Mbps) Supports both ad-hoc mode (peer-to-peer) and infrastructure mode Low power consumption and power save mode Supports major OS

This product is no longer available. This product represents a technology.

SMC WLAN Adapter Cards

SMCWCB-G2 CardBus (54Mbps)

The EZ Connect g Wireless CardBus Adapter SMCWCB-G2 adds 802.11g wireless to notebook computers, providing a simple and secure way to access your wireless router, office network or public Wi-Fi hotspots. The SMCWCB-G2 is standard 802.11b/g compliant and supports the latest wireless security standards which prevent unauthorized access, and ensure your data is secure.

Features and Benefits:

Compliant with IEEE 802.11b and IEEE 802.11g Data rates up to 54Mbps 64-bit and 128-bit WEP encryption, Wi-Fi Protected Access (WPA/WPA2) Ad-hoc or Infrastructure mode Site survey utility Ability to define multiple Profile settings EZ installation wizard Supports major Windows operating systems

SMC WLAN Adapter Cards

SMCWEB-N Wireless Access Point/ Ethernet Client

The EZ Connect N Pro Draft 11n SMCWEB-N is a multi-function Wireless-N networking device: Access Point and Ethernet Client modes. Designed for multimedia applications SMCWEBN can be used in Access Point mode to add high-speed wireless connectivity to your network, or Client mode to simultaneously connect multiple Ethernet enabled devices such

70

as a game console, digital media player or Network Attached Storage. The SMCWEB-N is 802.11n draft v2.0 compliant while maintaining full backwards compatibility with the Wireless-G (802.11g) and Wireless-B (802.11b) standards. Features and Benefits: High Data Rates at up to 300Mbps 2.4GHz frequency band 4-port 10/100 LAN switch with auto MDI-MDIX Wi-Fi Protected Setup (WPS): Makes wireless security setup easy with push button and PIN configuration methods Wireless Intelligent Stream Handling Technology: Automatically manages and prioritizes the flow of time sensitive data in your wireless network without the need for end user configuration Plug-and-Play, no drivers needed, EZ Installation Wizard Converts any Ethernet-equipped device to wireless Extends the range of your wireless network Repeating (Wireless Distribution System - WDS) and Access Point modes Supports highly secure wireless connections 64-bit and 128-bit WEP encryption, Wi-Fi Protected Access (WPA/ WPA2), 802.1x for authentication Disable SSID broadcast and MAC address filtering Simple Creation or Extension of a Wireless Network Complies to IEEE 802.3, IEEE 802.3u, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n draft v2.0

USB (Universal Serial Bus)

Introduction

USB was designed to overcome many of the problems associated with connecting different peripherals to PCs in the past:

Universal Easy extendable and flexible Low cost Reduce the amount of cabling and the types of cables "Hot-plugging" High level of compatibility

USB (Universal Serial Bus) was developed in 1995 by a consortium of manufacturer's, including Microsoft, Intel, Compaq, DEC, IBM and others.

71

USB offers several benefits such as low cost, expandability, auto-configuration and outstanding performance. It allows adding and removing of devices without the need to re-power the system. It also provides power to the bus, enabling many peripherals to operate without the added need for an AC power adapter. USB is standardized, therefore third-party hardware is compatible for all platforms - only the specific driver software is required for a specific OS. USB can operate at 1.5 Megabits per second (Mbps), or 12 Mbps, or both at the same time. Typical USB devices include keyboards, mice, joysticks, digital cameras, scanners, printers, modems, networking adapters and other low-bandwidth, lowcost devices.

Topology

The physical topology of the USB is a tree structure. The USB host controller is at the root of this tree. USB hubs are used to provide connection points to attach USB devices. Cascading of hubs is possible but only to a depth of 5 hubs. The overall number of devices that can be connected to any root interface is 127. The logical topology of an USB "network" is always a star. All end devices are connected to the host. This host controller manages the traffic on the bus. A unique address is assigned by the host to every USB device which is used by the host for communication with the device. There is a logical point-to-point connection between the device and the host that is always initiated by the host which acts as the bus master.

Cables and Connectors

There are two different USB connectors defined in the standards: Type "A" connector. This connector is used to connect USB devices with upstream hub ports. The hub contains the receptacle while the plug is on the cable. Type "B" connector. This type of connector is used for USB connections to end devices. Again the plug is on the cable while the end device contains the receptacle. The standard USB peripheral cable refers to a cable with an A-male connector and a B-male connector. This cable connects on one end

72

(using the A-male connector) to the host computer or hub and on the other end (using the B-male connector) to the USB device. Its length can be from 0.5 up to 15m. Another type of USB cable is the "USB Extension Cable" referring to an A-female connector to A-male connector cable. This type of cable extends the length of the standard cable (above). An "Active Extension Cable" is basically a 5 meter cable with a built-in 1-port hub. Four of these special cables plus a single 5 meter USB peripheral cable allow 25 meter maximum reach. USB Host to USB Host Adapters have some additional electronics built-in that allow the direct link of two PCs using USB although this was not included in the USB specs.

Features
Devices attached to the USB bus are automatically assigned resources by the bus. Automatic configuration ensures that any new connected device does not conflict with any currently installed hardware. When a new device is attached to the USB bus, it is assigned an address through a process called enumeration. Every time a new Plug-and-Play devices is connected to the USB, the systems performs the following steps:

Device is attached to the USB bus USB bus checks power requirements of the device, and allocates resources for the device USB bus checks to see if the device requires drivers If drivers are requires, the USB bus checks the OS to see if they are present, and installs them If drivers are not present in the OS, the user is prompted to install the drivers If the device is later removed, the USB bus removes the driver

Universal Connectivity provides the same logical and physical connections, regardless of the device Bus Power eliminates the need for bulky external power supplies on many units

Bus Power

The USB Specification allows devices attached to the USB bus to obtain power directly from the bus, eliminating the need for an external power supply While this is a benefit, it does impose certain restrictions Devices drawing power from the USB bus are limited to 2.5 Watts These devices can be divided into two power categories: High Power and Low Power High Power Devices are between 0.5 and 2.5 Watts Low Power Devices are .5 Watts or less When adding multiple USB Hubs, every other hub must be self-powered, in order for the bus to be able to provide power to the attached devices

73

USB 2.0
Like the original USB spec, USB 2.0 lets you easily connect PCs and notebooks to peripherals with data transfers rates, about 40 times as fast as its predecessor. USB 2.0 is a rather new standard, compatible with the original USB standard. It provides a common interface for thousands of existing peripherals.

Some facts about USB 2.0: We should see broader product availability through 2002 Designed to increase speed from 12 Mbps to 480 Mbps Backward compatible with USB 1.1 devices Capable of auto-sensing speed and version of attached device For full compatibility USB 2.0 hubs and devices need to be placed between the USB 1.1 hubs and the system

SMC2208USB-Ethernet
The SMC 10/100 Mbps USB Fast Ethernet Converter is very compact device that attaches to the desktop or mobile PC via the computers Universal Serial Bus (USB) port. Once attached, the adapter is automatically recognized and no further configuration is required. No external power is needed since the adapter draws power from the bus, and the device includes energy saving suspend and resume features for reduced power consumption. The USB to Ethernet Adapter has a USB Type-A connector on one side and an RJ45 Ethernet connector on the other side. This USB device allows you to connect to a 10BASE-T or 100BASE-TX LAN using your computer's USB interface. Features and Benefits:

Plug&play installation (Windows) No need to open the PC Automatic speed sense (10/100 Ethernet) Provides energy saving suspend and resume functions No external power supply needed. Small and light weight USB 1.0 and 1.1 LED indicators show connection, speed and activity

This product is no longer available. This product represents a technology.

SMCWUSBS-N USB 2.0 Adapter (300Mbps)

The EZ Connect N Draft 11n Wireless USB 2.0 Adapter SMCWUSBS-N enables Wireless-N connectivity to your desktop or notebook computer and provides improved throughput and range than existing 802.11g technology. Upgrading to Wireless-N is an excellent solution for browsing the Internet and sharing files such as video, music and photos. The SMCWUSBS-N is Wi-Fi CERTIFIED for full compliance with the 802.11n draft v2.0 standard, as well as 802.11g and 802.11b standards. This next generation standard utilizes advanced MIMO technology to deliver incredible speed and range.

74

Features and Benefits: USB 2.0 High data rates at up to 300Mbps 2.4GHz frequency band Wi-Fi certified: compliant with IEEE 802.11g, IEEE 802.11b and IEEE 802.11n draft v2.0 Wi-Fi Protected Setup (WPS): Makes wireless security setup easy with push button and PIN configuration methods Internal antenna Ad-hoc, Infrastructure mode or Soft Access Point mode 64-bit and 128-bit WEP encryption, Wi-Fi Protected Access (WPA/ WPA2), 802.1x for authentication Supports major Windows operating systems Profile management and Site Survey EZ Installation Wizard, Plug-and-Play

SMC2621W-U/P Printserver
SMCs EZ Connect Wireless-Ready Print Servers offer a versatile way to connect to your printer. Two models are available to make network printing easy and convenient. The SMC2622W-U connects directly to your printer via USB port while the SMC2622W-P connects via its Parallel port. With a built-in Ethernet port and 11Mbps 802.11b wireless client on board, SMCs Wireless Ready Print Servers allow users access to a printer through a regular wired Ethernet LAN connection or by 802.11b Wireless LAN connection. The Wireless Print Server supports up to 4 protocols: TCP/IP, SMB (Service Message Block), AppleTalk (EtherTalk), and NetBEUI. It features an Ethernet interface port and operating system support includes Unix, Linux, AppleTalk, NetWare (NDPS LPR printing), and Microsoft Windows. Internet Printing Protocol (IPP) is also supported.

features and Benefits:

Easy Installation and Setup Windows and Web-based management interface Remote Management Tools Compact Size Integrated Ethernet and WLAN (IEEE 802.11b)

This product is no longer available. This product represents a technology.

Ethernet Hubs

Introduction

Ethernet Hubs are used in Ethernet LANs implementing a Star Topology to support structured wiring installations.

75

Hubs provide a central connection point between computers on a LAN. Sometimes these devices are called concentrators, because multiple connections are concentrated in a single device. They are also referred to as multi-port repeaters, because the incoming signal is repeated (refreshed with only minimal delay) on all ports. As the Ethernet signal travels the wire, it loses signal strength. A repeater re-generates this signal, then forwards it to adjacent segments.

Ethernet Hubs The "5-4-3 Rule"

Ethernet Hubs re-generate and repeat incoming signals. As a result, distortion and noise present in the signal are re-generated. Multiple regenerations and distance further degrade the signal until eventually, the signal is "unreadable" at the destination. To prevent this from happening, the 5-4-3 rule defines Ethernet repeater configuration rules: Between any two stations on the network, there may be up to:

4 repeaters, or hubs (4 repeater hops) 3 "populated" segments

5 cable segments in series

On the remaining two segments no taps are allowed. These segments are also called inter-repeater links or IRLs. These IRLs are used to extend the reach of the network and connect exactly two repeaters or hubs. These inter-repeater links do not have to be twisted pair cables. All Ethernet media types including fibre optic cables and coax cables can be used

Ethernet Collision Domain

Ethernet bandwidth is 10Mbps. In an environment using only hubs, the entire network is on a single collision domain. As a consequence of this all users are sharing the 10Mbps bandwidth. As more users connect to the LAN, the number of collisions in the domain rises, and the bandwidth available per user is reduced. This mechanism is called contention. It is also important to remember that an Ethernet collision domain is limited in "size" because of CSMA/CD and therefore Ethernet configuration rules have to be closely followed.

76

Introduction
Fast Ethernet transmits at 10 times the speed of Ethernet and as with Ethernet, signal loses strength and coherence as it travels the wire. The developers of Fast Ethernet had to ensure compatibility at the frame level with Ethernet. CSMA/CD relies on a minimum time that every station on the network is sending a frame. This is guaranteed by the minimum packet length. The speed of transmission can therefore be increased by decreasing the signals worst case round trip delay. This also means reducing the maximum allowed distance between any two stations in the network. As a result the maximum allowed distance between any two stations with Fast Ethernet (copper) is only 205m compared to 2.5km with Ethernet. As a consequence of this also the configuration rules for building LANs with Fast Ethernet hubs have to change.

Repeater Rules

In principle the standard defines 2 types of Fast Ethernet hubs: Class I

Class II

Designed to connect different Fast Ethernet media types (100Base-TX to 100Base-FX) Limited to 1 repeater per collision domain

77

Designed to connect identical media types Limited to 2 repeaters per collision domain

3-2 and 2-1 rules: Class II: Between any two PCs or other stations on the network there may be up to:

3 cable segments in series 2 repeaters, or hubs (2 repeater hops)

Class I: Between any two PCs or other stations on the network there may be up to:

2 cable segments in series 1 repeater, or hub (1 repeater hop)

Dual-Speed Hubs
Ethernet and Fast Ethernet

Dual-Speed Ethernet Hubs incorporate a separate Ethernet and Fast Ethernet segment in one device. When a system gets connected to the hub, the hub senses (auto-sensing) the speed and "connects" it to the appropriate segment. Communication between the segments is typically performed through an internal or external bridge or switch.

Building Networks with Hubs

Cascading/Crossover Cables
78

To interconnect network resources with LAN infrastructure devices like hubs and switches only standard straight-through cables are required. In order for two hubs (or switches) to communicate with each other properly, the transmit connections (TX) from one device must connect to the receive connections (RC) on the other device. This cross-over connection ensures proper bi-directional communication between the devices. There are two methods to connect hubs (or switches) together: either by using a properly wired cross-over cable or by connecting a standard patch cable to a crossover or uplink port. Some hubs and switching devices provide special ports to also allow connections with normal patch cables (MDI-MDIX ports). Connecting two hubs (or switches) together using a cross-over cable or port is called cascading, a technique also referred to as daisy-chaining or up-linking. Today most products are equipped with Auto MDI/ MDI-X. With this feature to the type of cable (cross/ straight through) is irrelevant. The switch will automatically detect the signals from the wire as either send" or receive" and adapt to the cabling accordingly. It is important to understand that cross-over and patch cables specifically designed for 10Base-T and 100Base-TX will not necessarily work for 100Base-T4 or 1000Base-T. 10Base-T and 100Base-TX only require two pairs of wires in the cable whereas 100Base-T4 and 1000Base-T require four pairs of wires.

Stacking

Stacking extends the number of physical hubs that can exist between two computers Groups of hubs or switches are connected by a backplane or bus which provides a single bus for routing data and management through the stack. This appears to the network as one large hub.

Segmentation

Single collision domain versus 3 individual collision domains (smaller workgroups per Ethernet LAN).

79

Segmenting creates individual collision domains within a (switching) hub or (switching) hub stack. This reduces the amount of users in a single collision domain and reduces contention. Since the users are segmented, they can no longer see each other and therefore must be interconnected via a switch or router.

Cascading/Crossover Cables
To interconnect network resources with LAN infrastructure devices like hubs and switches only standard straight-through cables are required. In order for two hubs (or switches) to communicate with each other properly, the transmit connections (TX) from one device must connect to the receive connections (RC) on the other device. This cross-over connection ensures proper bi-directional communication between the devices. There are two methods to connect hubs (or switches) together: either by using a properly wired cross-over cable or by connecting a standard patch cable to a crossover or uplink port. Some hubs and switching devices provide special ports to also allow connections with normal patch cables (MDI-MDIX ports). Connecting two hubs (or switches) together using a cross-over cable or port is called cascading, a technique also referred to as daisy-chaining or up-linking. Today most products are equipped with Auto MDI/ MDI-X. With this feature to the type of cable (cross/ straight through) is irrelevant. The switch will automatically detect the signals from the wire as either send" or receive" and adapt to the cabling accordingly. It is important to understand that cross-over and patch cables specifically designed for 10Base-T and 100Base-TX will not necessarily work for 100Base-T4 or 1000Base-T. 10Base-T and 100Base-TX only require two pairs of wires in the cable whereas 100Base-T4 and 1000Base-T require four pairs of wires.

Introduction to Switching
Ethernet Performance
Traditional Ethernet networks only offer a total theoretical bandwidth of 10Mbps using CSMA/CD. Problems arise as the number of users increase. The available bandwidth per user gets smaller while more collisions occur and the potential for broadcast storms increases. There are many ways to "measure" Ethernet performance. Some indicators for Ethernet contention problems are:

Less than 20% utilization and less than 0.1% collisions indicate a well "performing" Ethernet More than 40% utilization and a collision rate of more than 5% indicate congestion problems If a NIC experiences more than 16 unsuccessful attempts to send a frame, this frame will be discarded

Possible solutions to this problem include increasing bandwidth and reducing contention.

80

Although for example the use of Fast Ethernet instead of 10Mbps Ethernet increases bandwidth, the performance is still susceptible to collisions and high traffic. Reduced contention optimises traffic and the number of collisions and therefore increases the available bandwidth to the user. Switching reduces contention. A switch is a multi-port device that interprets frames to be forwarded to determine where it is supposed to be delivered. The Switch matches the frames destination address to a table (called MAC Address Table) and sends the information towards the destination using the appropriate port.

Shared vs. Switched

Switching provides dedicated bandwidth per port. Each switched connection has full bandwidth and represents a separate collision domain. This relieves congestion situations and substantially improves performance. Even more bandwidth can be achieved using Full Duplex connections. In the switching example above on the right, the nominal aggregate bandwidth of the systems is calculated as 1.0Gbps. This value results from adding up all individual segments bandwidth values. (The switch has 8 Fast Ethernet interfaces and the two full duplex 100Mbps connections are counted as 200Mpbs each).

Terms and Techniques

Switching is implemented in various different ways. It is important to understand the differences in technology and methods in order to choose appropriately for different applications. For example the requirements for backbone switches will be much higher (throughput, buffers, etc.) than requirements for less expensive floor distribution systems. Some of the terms and technologies essential to understand the capabilities of a switching device are: - MAC Address Table - Flow Control - Forwarding Method

Store and Forward Cut Through

81

Fragment Free Adaptive Switching

Every switch has to maintain a MAC Address Table. This table is used to store the physical hardware address of every device on the network. It is automatically maintained and updated as devices are added or removed. The size of the MAC address table for backbone switching devices should be large enough to ensure effective operation. Flow control generates signals that help to ensure the smooth flow of data. Flow control is used to control the transmission to the switch in order to prevent the overflow of buffers in the switching device. Backbone switching devices therefore typically have more buffer memory, which is one reason for the higher prices. There is a number of different forwarding techniques or forwarding methods a switching device can have implemented. "Store and Forward" is the most common forwarding method used. The switch stores the complete incoming packet before it is forwarded to the destination address. This makes it possible to eliminate bad packets. "Cut Through" describes a technique in which the switch reads the arriving frame up to the destination address and immediately forwards it to the destination. This method is very fast but does not allow identification of bad packets which are propagated through the network. "Fragment Free" is a method that combines Store and Forward with Cut Through methods. The switch reads up to the first 64 bytes (minimum frame size as defined by IEEE) before starting to forward it. With "Adaptive Switching" the switch adjusts itself automatically. The switch receives a frame and makes a decision on the best forwarding method.

Ethernet Performance
Traditional Ethernet networks only offer a total theoretical bandwidth of 10Mbps using CSMA/CD. Problems arise as the number of users increase. The available bandwidth per user gets smaller while more collisions occur and the potential for broadcast storms increases. There are many ways to "measure" Ethernet performance. Some indicators for Ethernet contention problems are:

Less than 20% utilization and less than 0.1% collisions indicate a well "performing" Ethernet More than 40% utilization and a collision rate of more than 5% indicate congestion problems If a NIC experiences more than 16 unsuccessful attempts to send a frame, this frame will be discarded

Possible solutions to this problem include increasing bandwidth and reducing contention. Although for example the use of Fast Ethernet instead of 10Mbps Ethernet increases bandwidth, the performance is still susceptible to collisions and high traffic. Reduced contention optimises traffic and the number of collisions and therefore increases the available bandwidth to the user. Switching reduces contention. A switch is a multi-port device that interprets frames to be forwarded to determine where it is supposed to be delivered. The Switch matches the frames destination address to a table (called MAC Address Table) and sends the information towards the destination using the appropriate port.

Introduction to Switching
Shared vs. Switched

82

Switching provides dedicated bandwidth per port. Each switched connection has full bandwidth and represents a separate collision domain. This relieves congestion situations and substantially improves performance. Even more bandwidth can be achieved using Full Duplex connections. In the switching example above on the right, the nominal aggregate bandwidth of the systems is calculated as 1.0Gbps. This value results from adding up all individual segments bandwidth values. (The switch has 8 Fast Ethernet interfaces and the two full duplex 100Mbps connections are counted as 200Mpbs each).

Terms and Techniques

Switching is implemented in various different ways. It is important to understand the differences in technology and methods in order to choose appropriately for different applications. For example the requirements for backbone switches will be much higher (throughput, buffers, etc.) than requirements for less expensive floor distribution systems. Some of the terms and technologies essential to understand the capabilities of a switching device are: - MAC Address Table - Flow Control - Forwarding Method

Store and Forward Cut Through Fragment Free Adaptive Switching

Every switch has to maintain a MAC Address Table. This table is used to store the physical hardware address of every device on the network. It is automatically maintained and updated as devices are added or removed. The size of the MAC address table for backbone switching devices should be large enough to ensure effective operation. Flow control generates signals that help to ensure the smooth flow of data. Flow control is used to control the transmission to the switch in order to prevent the overflow of buffers in the switching device. Backbone switching devices therefore typically have more buffer memory, which is one reason for the higher prices. There is a number of different forwarding techniques or forwarding methods a switching device can have implemented. "Store and Forward" is the most common forwarding method used. The switch stores the complete incoming packet before it is forwarded to the destination address. This makes it possible to eliminate bad packets. "Cut Through" describes a technique in which the switch reads the arriving frame up to the destination address and immediately forwards it to the destination. This method is very fast but does not allow identification of bad packets which are propagated through the network. "Fragment Free" is a method that combines Store and Forward with Cut Through methods. The switch reads up to the first 64 bytes (minimum frame size as defined by IEEE) before starting to forward it.

83

With "Adaptive Switching" the switch adjusts itself automatically. The switch receives a frame and makes a decision on the best forwarding method.

Flow Control
The term "Flow Control" means the control of data transmission at the "sender" to avoid overloading buffers and loss of data at the recipient. Depending on the type of link between the switch and the attached device different technologies are used to implement flow control in Ethernet switches. The standard 802.3x describes flow control support for full-duplex operation by defining Ethernet frame start/stop requests and timers. For half-duplex operation typically a technique called "Backpressure" is used. Backpressure avoids frame loss by impeding external traffic from sending frames to congested interfaces.

Building Switched LANs

Typical Performance Design
During periods of growth, small and medium businesses and enterprises are continually: Increasing the number of computers Switching to faster servers and workstations Implementing new business critical applications

The steadily increasing demand for more bandwidth led to the evolution of Ethernet technology. Gigabit Ethernet and 10 Gigabit Ethernet offer dramatically higher performance than 10/100 Ethernet and allow the implementation of scalable Ethernet networks from the desktop to the data center. Due to the fact that today's enterprise networks are mainly built on client server applications a typical "performance design" for such a network will appear as shown in the diagram above. Normal users are connected via 10/100 workgroup switches to the LAN. These 10/100 switches (with Gigabit uplinks) are typically aggregated into Gigabit Ethernet switches that also offer connections for power users requiring high bandwith connections. The Gigabit switches (with 10 Gigabit uplinks) are then often, together with high performance servers, aggregated into 10 Gigabit Ethernet core switches. Selecting the architecture and products for the network has become more challenging than ever. The changing business environment, application demands, and technology forecasts make it necessary to choose solutions that address current needs whilst providing sufficient capacity and growth for unknown future requirements.

84

Typical Physical Layout

At the core level, Ethernet became the most common interconnection between the collapsed backbone switch/router or the distributed backbone and the rest of the network infrastructure. Non-blocking switching technology delivers wire-speed throughput to all network users, end-to-end. For future expansion, these scalable solutions fit perfectly into next generation technology of higher speed Ethernet and networking. With fiber connectivity using Gigabit Ethernet and 10 Gigabit Ethernet, users can substantially increase bandwidth, distance, and redundancy where needed. Gigabit Ethernet is also available in copper interfaces. These options come with managed and unmanaged switches, and other features. Customers finally have the ability to combine and aggregate Ethernet ports for higher bandwidth and faster throughput (multi-port trunking) as they need. The above drawing shows a small backbone for a network located in 2 buildings with several floors in each. The backbone consists of the switches/routers that connect between the floors and the ones that connect between the buildings.

Advanced Switch Features

Overview
Depending on the size, complexity and specific user requirements networking devices like switches have to support a broad range of advanced features and functionalities such as:

Management Link Aggregation Redundancy / Fail-Over Broadcast Storm Control Rate Limiting Port Mirroring Security Features Policy Based Networking Layer 3 Switching

Most of these advanced switch features are found in managed enterprise switching products. Management, policy-based networking and layer 3 switching are discussed in detail in later chapters.

Power over Ethernet (PoE)

Introduction

85

Traditionally, network devices like WLAN access points, IP phones, or Web cameras require, besides the data connection also a local power connection to work. The IEEE 802.3af specification eliminates the need for additional power outlets. 802.3af, also known as Power over Ethernet, defines a way to build Ethernet power-sourcing equipment and powered terminals. The standard describes how to deliver 48 volts of DC power over unshielded twisted-pair wiring. Power is carried on two wire pairs, to comply with safety standards and existing cable limitations. 802.3af equipment contains a detection mechanism to prevent sending power to non-802.3af devices. In respect of the pins/wires that are required in the LAN cables the standard offers two pinout alternatives, A and B. In alternative A, pins 1&2 (pair #2 in TIA-568B wiring) and pins 3&6 (pair #3 in TIA-568B) are selected to transmit power using therefore the same two pairs that are used for data transmission in 10Base-T and 100Base-T. In alternative B a 4-pair cable is required, using the pairs that are unused in 10Base-T and 100Base-TX.

Power over Ethernet (PoE)

Power Sourcing Equipment

Network devices such as IP phones, wireless access points, and network cameras, typically consume less than 10 W of power, so they are ideal for Power over Ethernet applications. The standard describes two types of devices: Power Sourcing Equipment (PSE) and Powered Devices (PD). Power Sourcing Equipment (like for example switches with 802.3af support) provides power to the powered devices. For implementing PoE for single end devices (for example a limited number of access points in an facility) single line PoE adapters (like for example the SMCPWR-INJ3 - Power over Ethernet Power Injector) can be used. They are inserted into the cable between the hub/switch and the to be powered end device. To support a larger number of PoE devices, switches are offered that support directly the IEEE 802.3af Power over Ethernet (PoE) standard that enables DC power to be supplied to attached devices using wires in the connecting Ethernet cable. Any 802.3af-compliant device attached to a port can directly draw power from the switch over the Ethernet cable without requiring its own separate power source. This capability gives network administrators centralized power control for devices such as IP phones and wireless access points, which translates into greater network availability.

86

For each attached 802.3af-compliant device, the switch automatically senses the load and dynamically supplies the required power. SMC PoE switches (like the SMC6824MPE) deliver power (standard -48 VDC voltage) to a device using the two wire pairs in UTP or STP cable that are not used for 10Base-T/100Base-TX connections.

SMC Unman. Switching Prod.

SMC-EZ108DT

This EZ Switch 10/100 products feature 8 10BASE-T/100BASE-TX ports. Its outstanding performance and reliability makes this plug and play switch an ideal choice for integrating Fast Ethernet and boosting LAN bandwidth for small to medium sized workgroups. Features and Benefits:

1.6Gbps aggregate bandwidth Filtering and forwarding at full wire speed on all ports Buffered "store and forward" architecture Half/ full duplex flow control Plug and Play, nothing to configure, auto-negotiation, autosensing Supports Auto MDI/ MDI-X feature Complies to IEEE 802.3, IEEE 802.3u, IEEE 802.3x LEDs for "at a glance" monitoring of traffic on all segments Daisy chain port for convenient uplink connections Desktop and rack mountable

SMC-EZ1024DT
This EZ Switch 10/100 product features 24 10BASE-T/100BASE-TX ports. Outstanding performance and reliability makes this plug and play switch an ideal choice for integrating Fast Ethernet and boosting LAN bandwidth for small to medium sized workgroups. Features and Benefits:

4.8Gbps aggregate bandwidth Filtering and forwarding at full wire speed on all ports Automatic address learning with a 4K entry address table Buffered "store and forward" architecture Half/ full duplex flow control

Plug and Play, nothing to configure Latest version supports Auto MDI/ MDI-X feature Auto-Negotiation Complies to IEEE 802.3, IEEE 802.3u, IEEE 802.3x LEDs for "at a glance" monitoring of traffic on all segments 1u rack mountable (brackets included)

SMC Unman. Switching Prod.

87

SMCFS5/ SMCFS8
The SMCFS5/ SMCFS8 lets you add five or eight computers or peripherals to your network. Just attach the cables and power cord to this plug-and-play switch and you're ready to go. The switches work with Windows and Macintosh operating systems, and connects virtually any Ethernet device. All five or eight 10/100 Mbps ports auto-detect computer speed and support Auto MDI/MDI-X. Features like store-and-forward and flow control ensure data delivery and network integrity. Features and Benefits:

Up to 1.0/ 1.6Gbps of aggregate bandwidth Dual-Speed 10/100 Mbps with 5/ 8 auto-sensing ports Receives & transmits traffic at full wire speed on all ports Automatic address learning with 2K Mac address table Half-/ Full-Duplex Flow Control Plug-and-play - no software necessary to configure the switch Auto-negotiation, autosensing and Auto-MDIX on all ports At-a-glance LEDs for system and network monitoring Buffered store-and-forward switching between 10Mbps and 100Mbps Fully compatible with Ethernet and Fast Ethernet networks Complies to IEEE 802.3, IEEE 802.3u, IEEE 802.3x

SMCFS26
The SMC EZ Switch 10/100, SMCFS26, is a high-performance Fast Ethernet switch designed for delivering 100Mbps connectivity to the desktop. It provides 24 full duplex 100BASE-TX ports and two 1000BASE-T uplink ports that significantly improve network performance and boost throughput for high-bandwidth applications. With 8.8Gbps of aggregate bandwidth, the switch provides a simple solution to meeting the growing demands on your network's limited resources. Features and Benefits:

Supports 24x 10/100 Mbps with 2 Gigabit copper ports in 1U chassis 2 Gigabit uplinks for high bandwidth connections 8.8Gbps aggregate bandwidth Half-/ Full-Duplex Flow Control Auto-negotiation for automatic selection of speed and operating mode LEDs for network and activity monitoring Complies to IEEE 802.3, IEEE 802.3u, IEEE 802.3ab/z, IEEE 802.3x

SMC8508T

The EZ Switch 10/100/1000 8-port unmanaged Gigabit Switch SMC8508T is a high-performance Gigabit Ethernet switch designed for the network core. It provides 8 full-duplex 1000BASE-T ports and delivers 16Gbps aggregated non-blocking bandwidth needed to support a broad range of advanced network applications. Features and Benefits:

Full-duplex on all 8 RJ-45 1000BASE-T ports

88

Auto MDI/ MDI-X on all ports 16Gbps aggregate bandwidth Jumbo Frame Support LEDs for port and system status monitoring Complies to ANSI, IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3x Desktop and rack mountable (brackets included)

SMCGS5/ SMCGS8
The EZ Switches 10/100/1000 SMCGS5/ SMCGS8, 5-/ 8-port Gigabit Ethernet Switches are the perfect solution for bottlenecks on your home or SOHO network. These unmanaged Gigabit switches support Plug-and-Play installation, with autoMDIX on every port. These switches do not require fans making it ideal for home and SOHO networks. Features and Benefits:

Auto MDI/MDI-X on each port Support to handle Jumbo Packets Support to handle up to 8K MAC addresses Store-and-Forward mode with wire-speed filtering and forwarding rates Complies with IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, and IEEE 802.3x IEEE 802.3x compliant full duplex flow control Broadcast storm control and CRC Filtering LEDs for port and system status monitoring

SMCGS24
The EZ Switch 10/100/1000 SMCGS24 is a feature-rich, high-performance 24port 10/100/1000 unmanaged switch designed for power applications used in enterprise and SOHO environments. Delivering a combination of Ethernet, Fast Ethernet, and Gigabit connectivity in one compact solution, the SMCGS24 removes server bottlenecks and speeds up access time for your users in just one move. Each port supports auto-MDI/ MDI-X to simplify integration into a network. Features and Benefits:

Auto MDI/ MDI-X on each port Store-and-Forward mode with wire-speed filtering and forwarding rates Support to handle up to 8K MAC addresses Complies with IEEE 802.3, IEEE 802.3u, and IEEE802.3ab IEEE802.3x compliant full duplex flow control LEDs for port and system status monitoring

SMCGS8P-Smart

The SMC EZ Switch 10/100/1000 SMCGS8P-Smart is an 8-port Gigabit smart switch with PoE that brings the speed of Gigabit Ethernet to the desktop and the flexibility of PoE. Equipped with 8 auto- MDIX ports and 1 Combo SFP port this Gigabit switch is suitable for enterprise or SMB environments that demand high performance and flexible PoE installation.

89

Features and Benefits:

8 Gigabit Copper ports and 1 Combo ports Power over Ethernet on non-Combo Copper ports Auto MDI/ MDI-X on each port Jumbo Frame Support Support to handle up to 4K MAC addresses Complies with IEEE 802.3af, IEEE 802.3, IEEE 802.3u, IEEE 802.1Q, IEEE 802.1p, and IEEE 802.1ac LEDs for port and system status monitoring

SMCGS24C-Smart
SMC Networks' EZ Switch 10/100/1000 SMCGS24C-Smart is a 24-port Gigabit smart switch with 4 Combo ports that bring the speed of Gigabit copper to the desktop with the added flexibility of fiber. SMCGS24C-Smart provides a flexible web based management interface to enable the configuration of switch features, port settings including security, QoS with 4 priority queues, link aggregation and VLAN's. These features allow traditionally unmanaged networks to increase throughput and flexibility. Features and Benefits:

24 Gigabit Copper ports and 4 Combo SFP ports Auto MDI/ MDI-X on each port Jumbo Frame Support

Media Converter
Introduction

With 10 Mbps Ethernet media converters are available as either so called transceivers or as modules for network devices. Transceivers use a standardised interface (AUI) that allows the flexible adaptation to different media types and connectors. Media converters are available not only as standardised media independent interfaces but also as stand-alone devices, modules for network devices or large chassis systems. Fast Ethernet implements a similar concept. The MII provides a media-independent interface and performs the same function in Fast Ethernet as the AUI in 10 Mbps Ethernet. Also some Gigabit Ethernet devices offer a modular standardized media interface. They come in two different versions GBIC (Gigabit interface converter) and Mini-GBIC. The GBIC (Mini-GBIC) concept allows the network administrator to configure each gigabit port on a port-by-port basis for different physical interfaces.

90

With XFP and XENPAK technology there are now also two standards evolving that specify interfaces for 10Gigabit Ethernet transceiver modules that convert electrical signals to externa optical or electrical signals.

SMC Media Converter Prod.

Single Media Converter

The SMCFXSC media converter is a compact, cost-effective and feature-packed solution for expanding an existing Ethernet/ Fast Ethernet network. For total reliability the converter boasts enhanced features such as remote and local loop back testing, auto negotiation, and link fault sign-align. It also features seven DIP switches for manual activation of the enhanced features. This gives the SMCFXSC the ability to be quickly integrated into a network configuration. Its compact modular design facilitates deployment in a narrow desktop location or wall-mount to save space. The converter comes with 1x AC adapter, 4x self-adhesive feet, manual. SMCFXSC: 10/100BASE-TX to 100BASE-FX (SC, multi-mode)

SME Networking
Requirements (WAN)

There are some common requirements when offering networking products and solutions for the SME market:

High bandwidth Low cost of ownership Complete geographical coverage Dependable (quality, availability) Low level of maintenance (know how, installation) Low risk (investment) Secure and safe

Especially important for SMEs is that a low total cost of ownership is combined with ease of use. Networking products for SMEs have to be serviceable by basically untrained staff and the chosen channel partner. These requirements lead to access router technology as can be found in the SMC Barricade product line. Rich in features for the market they are designed for, with easy to use management interfaces, these access routers ensure optimal Internet access for several users at the same time. In addition they offer a broad range of security features which reduce the risk of hacker attacks from the Internet significantly. Some of SMCs access routers even offer additional functionality like VPN support, switched LAN ports or an integrated print server.

SME Router Solutions

91

Broadband and ISDN router technology allow SME customers to make efficient use of the available bandwidth they get from their ISP: All stations on the local network can access the Internet at the same time through the same connection Access routing technology (including NAT, PAT) allow users to connect local LANs to the Internet using low cost dial-up services or services that only assign one dynamic Internet-address. Access router technology typically provides already a good level of security. Installation, configuration, maintenance is kept very simple.

SME Networking
NAT/PAT

NAT Firewall/ IP Sharing (Network Address Translation) allows a LAN to connect to the Internet using one purchased IP address. NAT converts the outgoing IP address of each LAN device into one IP address for the Internet and vice versa. It also serves as a network firewall by keeping node IP addresses hidden from the outside world. One of the main reasons for NAT (Network Address Translation) is because of the depletion of IP address space on the Internet. Network managers need Internet access for their entire networks, but have only limited IP addresses to work with. NAT allows them to have an internal IP addressing scheme using one of the ranges allocated for private networks in RFC 1918. Any traffic leaving the private network would go through a router with NAT(PAT) which would replace the source address of the IP header with a registered Internet address. However, a comprehensive solution of the Internet address problem will only become possible in the future, with the implementation of new addressing schemes (IPv6). Experience has shown that the implementation of new technologies and

92

standards takes a considerable time, so technologies like NAT and PAT will provide good pragmatic solutions for current problems. A more detailed explanation about NAT/PAT techniques can be found in the "Intoduction to TCP/IP", "Network Translation" chapter.

ISDN
Introduction

Telephone networks around the world have been evolving toward the use of digital transmission facilities and switches for many years. The CCITT which is largely responsible for todays international ISDN standards, defines an Integrated Services Digital Network (ISDN) as: "A network evolved from the telephony Integrated Digital Network (IDN), that provides end-to-end digital connectivity to support a wide variety of services, to which users have access by a limited set of standard multipurpose user-network interfaces." In other words, an ISDN is a network designed to carry many different types of data over medium-to-large distances, and between a wide variety of equipment types, such as computers, telephones, facsimile and telex machines. Features and functions associated with ISDN include:

End-to-end digital service Standardized access interface Well defined basic services and supplementary services like telephone (voice) 2B+D for small users (B=64 KB/sec, D=16 KB/sec) 23B+D (30B+D) for large users (B=64 KB/sec, D=64 KB/sec)

More than "Digital Network"

ISDN has some very important advantages as a technology to be used for data communication:

Standardised Flexible, 2 channels Bandwidth (2 x 64 Kbps) High transmission quality (digital) Attractive pricing Availability, good geographical coverage Fast call establishment Integral security functions

Standards are the basis for the development of attractively priced communication solutions for large markets. ISDN is more than Digital Network". Integrated Services" stands for the seamless integration of voice and data. A variety of advanced communication services, teleservices and fast and reliable connections into the Internet or to other remote

93

networks today rely on ISDN. All this and the ability to use two individual communication channels with a single S0 connection explain the flexibility of ISDN. For small and medium-sized enterprises ISDN is very attractive. ISDN delivers to customers attractive tariffs for lines and high quality digital transmission in combination with relatively large bandwidth. ISDN is also available in most European countries. Functions like dial-on-demand" or bandwidth-on-demand" are only possible because of the short times needed for call establishment when using ISDN. ISDN is also popular because of its built-in security features. Typical examples for such functions are calling line identification or closed user group.

Access Interfaces

The ISDN standards provide the rules for interfacing with the network, they do not describe the network itself. The standards also describe the services that may be offered by an ISDN. ISDN access interfaces differ somewhat from traditional access interfaces (as in the single line used for the telephone). First, one goal of the ISDN, is to provide all services over a single network connection regardless of equipment or service type. Second, the ISDN access interface comprises different channels for signalling and for data. Currently there are two different access interfaces to the network defined as:

The Basic Rate Interface (BRI) The Primary Rate Interface (PRI)

Funkt. Devices / Ref. Points

94

Due to the fact that a broad variety of different devices may be connected to the network, like telephones, and fax machines or computers, there are several device-to-device interfaces, with each requiring a standardized interface. The different functional devices described in the standards are: The ISDN central office or Local Exchange (LE). ISDN protocols are implemented in the LE which is also responsible for physical interface operation, maintenance, and the providing of user services.

A Network Termination Type 1 (NT1) device is the termination of the physical connection between the customer site and the LE and is responsible for multiplexing of the B- and D-channels, power transfer and timing.

Network Termination Type 2 (NT2) devices provide switching, multiplexing and concentration like PBX or terminal concentrators.

The Terminal Equipment Type 1 (TE1). TEs are end-user devices like an ISDN telephone or a PC equipped with an ISDN card.

A Terminal Adapter (TA) is a device that allows non-ISDN devices (TE2) like dumb terminals (VT100) or analogue telephones to be connected to the network.

The four ISDN reference points, called R,S,T and U, define the communication between the different functional interfaces.

The S0 Bus

The ISDN BRI can be implemented as a true bus system. This bus also is referred to as the S0bus. In a typical installation the network terminating device provides one or two RJ 45 connectors to connect up to two ISDN devices directly. Alternatively to the RJ 45 connectors some network terminating devices also provide an interface consisting of 4 screw. This interface is used to connect to the actual bus (twisted pair cable, 4 wires) that allows to install up to 12 outlets where up to 8 devices can be connected simultaneously. The maximum length in such an installation depends on the actual quality of the cable and typically is between 120m and 200m. The bus has to be terminated at the last outlet. This done by installing one 100 resistor between the pins 4 and 5 and an other 100 resistor between the pins 3 and 6.

Addressing
95

The ISDN Address or ISDN Number looks much like an ordinary telephone number or a X.25 DTE number. An international ISDN number uniquely identifies every ISDN subscriber. It can be up to 17 digits in length and consists of two fields, the country code and the National (Significant) number or N(S)N. The country code is based on an international numbering plan and is used to identify the subscribers country. The N(S)N is used to address the end user and includes the National Destination Code and subscriber numbers. Subaddresses (to up to 40 digits in length) may also be included in an ISDN number. Subaddresses provide additional addressing outside of the ISDN numbering plan.

Broadband Internet Access

Introduction

The demand for high performance WAN services - also for small and medium enterprises - grows steadily. Both old and new "bandwidth hungry" applications require more WAN bandwidth:

Groupware and other Client Server solutions

96

Multi media solutions Video streaming and video conferencing Internet Access for individual systems and complete LANs The Internet used as company WAN backbone

The number of subscribers for broadband services is growing rapidly. Many different tariff models, technological alternatives and attractive pricing attract a large number of users to change their existing Internet access technology to one of the new broadband alternatives. There are a number of important factors causing this fast development:

Cost efficient use and upgrade of existing communication infrastructures Standardized products and technologies Competing service providers in most markets A large number of manufacturers of broadband products

Broadband Internet Access

Overview

There are currently several alternative and competing broadband technologies available or under development:

xDSL (Digital Subscriber Line) Cable network (cable modem) Satellite Transmission Wireless (RF) Networks Communication solutions utilising the electrical power infrastructure

There are currently several alternative and competing broadband technologies available or under development. xDSL today clearly has the largest market share of all broadband internet access technologies. Other technologies and solutions have nevertheless also a large growth potential because of the specific features and advantages some of theses technologies offer. Still there are criteria to be met to gain broad market acceptance which are not all met by current xDSL alternatives:

Complete geographical coverage Different services and tariff models to optimally solve specific customer requirements Low cost for both subscriber and service provider (equipment, installation, service, tariffs, operational costs) Standards, compatible products and solutions

ADSL Introduction

Since second half of the 1980s scientists and engineers have been working on concepts and technology to allow customers to run video and multi media applications using simple telephone lines. Many of these applications show asymmetric traffic patterns - especially in consumer and SOHO markets. Most of these applications tend to create and demand much more traffic from

97

the server or Internet side (downstream) than in the opposite direction (upstream). As a result of this, an asymmetric design of transmission techniques is feasible which allows high bandwidth throughput over long distances. ADSL and analogue or ISDN (digital) signal can be transmitted at the same time with the use of so called "splitters" on both sides of the telephone line connecting the subscriber to the local exchange of the PTT. Due to the fact that this broadband technology is relatively easy and requires only minor investments, ADSL is the preferred technology of the traditional (national) PTTs to offer broadband internet access services to consumers and SME customers. ADSL has today by far the largest market share compared with the other DSL technologies.

SDSL Introduction
Although SDSL offers bit-rate symmetric data streams it still uses only single pair of wires (telephone cabling). With transmission rates up to 2.3 Mbps, SDSL becomes an interesting low cost alternative to the currently offered E1 services. Depending on the quality of the wiring, the distances and specific requirements for bandwidth, the transfer rates can be accordingly adjusted. Some ISPs use this feature to offer asymmetric servcies using SDSL. SDSL best serves customers that need to solve one or more of the following applications:

example large HTTP servers) Interactive multi media applications

Interconnection of remote LANs Connecting servers to the Internet (for

Other xDSL Technologies

Besides ADSL and SDSL that are the most commonly used xDSL technologies there are other xDSL variants offered by ISPs:

G.shdsl - Single-pair High-speed DSL HDSL - High bit-rate DSL HDSL2 - HDSL 2nd Generation VDSL - Very high bit-rate DSL

G.shdsl is a rather new broadband standard and supports both bit-rate symmetric and asymmetric transmissions. It supports both 2 and 4 wire connections. Throughput rates between 192 Kbps and 2312 Kbps are possible when used in combination with 2 wire connections. HDSL stands for High bit-rate DSL and is an older ETSI standard for bit-rate symmetric transmission using 4 wire cables. HDSL supports throughput rates of up to 2 Mbps. HDSL2 overcomes many shortcomings of HDSL and allows bit rate symmetric transmission of data using only 2 wire cables. Given the same distances and conditions, HDSL2 will deliver higher throughput rates as HDSL.

98

VDSL delivers throughput rates of up to 25Mbps but supports only rather short distances (several hundred meters). Longer distances require a hybrid fibre optic network.

Broadband Internet Access

XDSL Techn. Comparison

SME WAN Security

Introduction

Access to the Internet brings besides all the benefits it offers, also considerable risks. Due to the fact that the Internet is an open public network infrastructure, also people with "bad intentions" are connected and can potentially affect or disturb data transmissions and connected systems. The threats are real and can be grouped the following way:

Theft, manipulation or destruction of confidential information

99

Damage to reputation and image (for example Web sites) Vandalism Interruption of network traffic, jamming of servers, etc. Theft of resources (processing time, mass storage, etc.) Use one site to launch an attack to another site

In order to protect companies and users against these threats, new network security technology is constantly under development. Firewalls for example have been specifically designed to protect private networks against attacks from the Internet. VPN technology is used to ensure data integrity and privacy while communicating across the Internet.

Intro. to Firewall Technology

A firewall is a security device designed to allow safe access between networks by enforcing a set of access rules between the various interfaces connecting them. Typically a firewall has two interfaces one interface is attached to the public network and the other interface is attached to an internal private network (intranet) which requires protection. The firewall prevents unrestricted access to the private network and protects the computer systems behind the firewall from attack. There are two main types of technologies used in firewalls. The traditional firewall is an Application Gateway where the firewall functions as a proxy between networks for certain applications. The proxy is designed with the knowledge of how a protocol works and what is to be allowed or disallowed. This methodology is CPU intensive and very restrictive. Only protocols that have specific proxies configured are allowed through. The second type of firewall methodology is Stateful Inspection. Stateful inspection is also referred to as dynamic packet filtering or context-based access control (CBAC). In this technology, an inspection module understands data in packets from the network layer (IP headers) up to the application layer. The inspection module checks every packet passing through the firewall and makes access decisions based on the source, destination and service requested. The term stateful refers to the firewall's ability to remember the status of a flow, for example, whether a packet from the public Internet is returning traffic for a flow originated from the private intranet. Stateful inspection firewalls are generally faster, less demanding on hardware and more adaptive to new Internet applications.

Introduction to VPN (1)

A VPN (Virtual Private Network) is a network consisting of virtual connections over which non-public and company internal data are securely transmitted". Examples for VPN Technologies are:

PPTP (Point to Point Tunnelling Protocol) L2TP (Layer 2 Tunnelling Protocol) GRE with SA (Generic Router Encapsulation with Security Assoc.) IPSec

A VPN (Virtual Private Network) physically shares a backbone connection with other data traffic and links over a secure connection via access control and encryption.

100

One of the main reasons for the implementation of a secure VPN (Virtual Private Network) across the Internet is to provide secure and private business data links with good performance at low cost. VPNs are also implemented to allow remote users and mobile users a low cost secure connection to the internal company network over the Internet infrastructure. In order to maintain privacy in a public environment, VPNs use access control and encryption. Internet virtual private networks are the latest evolution of private networks. Internet VPNs establish local dedicated or dialup Internet connections with a local service provider and rely on that provider to ensure that one's packets are properly routed through the public Internet to the appropriate destination. VPN implementations are implemented using several different methods. These include PPTP (Point to Point Tunnelling Protocol), L2TP (Layer 2 Tunnelling Protocol), GRE (Generic Router Encapsulation) with SA (Security Associations), and IPSec. PPTP is a simple Layer 2 VPN. L2TP is used for VPNs that need protocols other than IP. GRE with SA is a simpler configuration for IP only VPNs. IPSec is a standardized IP centric solution which gained broad acceptance over the last years.

Introduction to VPN (2)

Over the last years, several partly standardized methods have been developed, that represent the technical basis for VPN solutions today. By using the OSI layer model, these methods can be divided into two groups, which operate on the OSI Layer 2 (Link layer) and Layer 3, respectively. PPTP (Point-to-Point Tunnelling Protocol) and L2TP (Layer 2 Tunnelling Protocol) are typical examples of the OSI Layer 2 protocols. PPTP is a point-to-point tunnelling protocol, which was originally developed for RAS (Remote Access Server) hardware and software (in particular Windows NT). Efforts to combine the technical principles of other manufacturers of router and RAS components with PPTP and hence to create a wider standard, led to the development of L2TP. As layer 2 protocols (in accordance with the OSI model), PPTP and L2TP can also be used for multi-protocol applications. IPSec is regarded in many quarters as the most comprehensive VPN technology (for IP networks). The standards relating to IPSec contain comprehensive security functions, serving as methods for the authentication and administration of Keys" in addition to encoding. Since IPSec is an OSI layer 3-based protocol, IPSec can only be used in IP networks.

SME WAN Security

IPSec - Application Scenarios

101

There are three basic IPSec application scenarios, that differ in the way where and how IPSec connections are initiated and terminated: Gateway-to-Gateway configurations ensure the secure transmission of IP datagrams between two gateways. Although there are dedicated IPSec VPN Gateways available this functionality is often also implemented on more sophisticated routers and firewall systems. The most common application of a Gateway-to-Gateway configurations is the secure interconnection of private networks while using a public network infrastructure (like the Internet) as a WAN backbone. Typical Host-to- Gateway applications are remote access scenarios where single (also mobile) users need a secure connection to private network using a public network infrastructure like the Internet. Examples for such applications are the connection of employees working from home or "nomadic" users (sales, support, etc.) that need access to central network resources regardless from where they are. Host-to-Host configurations allow a secure IPSec connection to be established between two end systems (hosts). Typical examples for such scenarios are the secure interconnection of servers.

IPSec - Operating Modes

Basically, the IPSec specifications provide two operating modes:

Transport Mode Tunnel Mode

In the so-called Transport Mode, security protocol information fields (Headers) are inserted into the existing IP packet. In addition,

102

in the case of encryption, the user data is coded in accordance with the selected algorithm. In the Tunnel Mode, the complete IP packet is packed" into a new IP packet, including the original IP protocol information. The new" IP package is then provided with an appropriate security protocol information field (Header). If encryption is chosen, coding of the complete enclosed IP package is undertaken. Tunnel Mode therefore has a huge advantage if IP networks, which are not operating with valid registered Internet addresses, are to be connected together via the Internet. Typical examples of such networks are Intranets, which use a private" addressing scheme and are connected to the Internet via routers which perform NAT/PAT address conversion.

IPSec - AH Protocol

The modular design of the AH and ESP protocols enables the use of various encoding and authentication techniques. It is thus easy to integrate appropriate new algorithms and methods in the AH and ESP protocols. The AH (Authentication Header) protocol takes care of the authentication of the data and protocol information that are to be transferred. It is not merely a case of ensuring that the data packages contain the correct" sender, but also that no changes are undertaken during the data transmission. All algorithms and mechanisms to ensure data integrity are not specified in the AH protocol but have been either manually configured or negotiated by the IKE protocol. Data integrity is ensured for the complete IP packet, including the IP header. This means that AH cannot be used in situations where NAT/PAT (Network Address Translation / Port Address Translation) is used. This problem can be overcome by using ESP instead of AH. An other clear disadvantage of AH is that although the integrity of the transmitted data is guaranteed, unauthorized reading by a third party cannot be prevented.

IPSec - ESP Protocol

The ESP-Protocol (ESP stands for Encapsulating Security Payload) basically offers all the security functions of AH and in addition the privacy of communicated information. ESP protocols are used when it is necessary to secure protected values and information in IP packages by encryption. Parts of the IP packets are encrypted and header/trailer information added. Depending on the encryption algorithm, the privacy and integrity of transferred data can be significantly increased.

103

Contrary to the AH protocol, checking for data integrity and authentication is not performed on the complete IP packet, excluding the IP header. As with the AH protocol, all algorithms and mechanisms to ensure data integrity and to perform encryption are not specified in the ESP protocol but have been either manually configured or negotiated by the IKE protocol. ESP has to be configured for either encryption or authentication or both. It is not recommended to configure ESP to perform encryption without authentication because it introduces certain security risks.

IPSec - Security Associations

In order now to be able to construct a secure connection between two end points, many parameters must be compatible or matched together on both sides of the communication connection. The communication partner must, for example, agree the type of secure transmission (Authentication and/or encoding), the coding algorithm and the matching key. It must also be established how and how often the used key is replaced. All the parameters needed for a secure connection are described in accordance with the IPSec architecture through a so-called Security Association" (SA). Each individual secured connection needs a Security Association for each IPSec protocol that is used, at each end of the logic connection. Thus, for example, an SA (in one direction) is required for the encoding of a data package. An additional SA is required for the return path. Even if the IPSec RFC documents provide standard algorithms for authentication and encoding, other methods can be used. Many IPSec implementations also only have sub-sets of the various encryption and authentication methods implemented. This might lead in some situations to interoperability problems when trying to build VPN solutions with IPSec products from different vendors.

IPSec - Key Management

Key management mechanisms:

Manual distribution of pre-shared keys Automatic distribution of keys using IKE / ISAKMP

On the basis of the many keys that are required For the successful construction of an IPSec connection, the key management must be ascribed a high significance. At present there are two commonly used methods of ensuring the management and distribution of keys in an IPSec environment. In addition to manual key management, the Internet Key Exchange Protocol (IKE) can be employed. With manual key management the keys have to be "transported" to the opposite site using a "secure medium". This can be achieved by "storing" the key on a piece of paper or on removable media like floppy disks or CDs. The actual exchange of

104

keys then has to be done either face-to-face or by using e-mail, mail and courier services. These methods certainly are relatively complex, slow and are not feasible for larger installations. Although manual key management might be suitable for a small number of sites, an automated key management is required in many instances. The default automated key management protocol for use with IPSec is IKE (Internet Key Exchange). IKE combines ISAKMP (Internet Security Association and Key Management Protocol), which provides the framework for authentication and key exchange, with the Oakley protocol, which describes various modes of key exchange. This combination of methods and protocols provides a means for secure creation of keys while exchanging certain information using insecure (public) communication infrastructures.

IPSec - IKE / ISAKIMP Modes

IKE knows three different modes of exchanging information and setting up ISKAMP SAs. Two of these modes are for phase one communication and one is for phase two exchanges:

Main Mode (Phase 1) Aggressive Mode (Phase 1) Quick Mode (Phase 2)

IKE operates in in two phases, as originally defined in the ISAKMP standard documents. In the first phase two ISAKMP peers establish a secure communication channel for performing ISAKMP operations . In the second phase those two peers negotiate general purpose SA`s. IKE knows three different modes of exchanging information and setting up ISKAMP SAs. Two of these modes (Main Mode, Aggressive Mode) are for phase one exchanges and one (Quick Mode) is used for phase two exchanges. Main Mode accomplishes a phase one ISAKMP exchange by establishing a secure communication channel. Aggressive Mode is also a way of accomplishing a phase one communication. It is faster and simpler than main mode and does not provide identity protection for the negotiating systems. This means that someone monitoring an aggressive exchange can find out who has just formed a new SA. One advantage of Aggressive Mode is that because of the way the exchange is performed, the IP address of the initiating system does not have to be known. This is the case with ISP dial-up connections, where the IP address is assigned dynamically to the connecting system. Quick Mode accomplishes a phase two exchange by negotiating SAs for general-purpose (AH, ESP) communications.

IPSec - Concepts and Stand.

105

IPSec is regarded in many quarters as the most comprehensive VPN technology (for IP networks). Due to the fact that IPSec is an OSI layer 3-based protocol, IPSec can only be used in IP networks. With the various aspects of work by the IETF (Internet Engineering Task Force) on the subject of IP Security", abbreviated to IPSec, the standardization of IP-based VPN solutions has made great progress. A large part of the development of IPSec was originally designed as an integral component of the next generation of IP protocols (IPv6). However, since IPv6 could not be implemented as quickly as planned, it was ensured that IPSec methods and protocols are also usable with IPv4, to be able to address current problems with security in IP networks. This compatibility with IPv4 protocols means that network applications can use the IPSec security advantages transparently, providing that they apply an implementation of TCP/IP which supports IPSec. Even if basic statements are made on the architecture with RFC 2401, IPSec is not a "single" standard. Individual security aspects of IP networks have been addressed in various dedicated documents. The relationships between these different standardization documents and therefore the most important elements of the IPSec architecture are described in the IP Security Document Roadmap" in RFC 2411. The central function in the IPSec architecture is taken care of by the AH protocol (Authentication Header), the ESP protocol (Encapsulating Security Payload) and the key management.

IPSec - Cryptographic Prot.

Although there is certainly no necessity for somebody implementing IPSec VPNs to understand the mathematical foundations of crypto-graphic methods, it is necessary to know the very basic concepts and terminology. A private key ( symmetric) cryptography system uses the same key for both encryption and decryption. If information is encrypted with a particular secret key, it can be decrypted by anyone with the same key. Symmetric encryption schemes typically are very fast. The most common used symmetric key algorithms are DES, Triple-DES and AES. A public key (asymmetric) cryptography system uses a pair of related keys. One of the keys is kept secret and a second public key that is made available to the public. In a public key cryptography system, users obtain their communication counterparts public keys to encode messages sent between them. The most popular public key encryption methods are named after their inventors Diffie-Hellmann and RSA (Rivest-Shamir-Adleman). Cryptographic Hash functions are used for authenticating packets or information. A hash function is a one way operation that takes a data stream ov variable length and computes a fixed length value that represents the data. It is mathematically infeasible to find two different sets of data that produce the same hash value. The most common used hash functions in IPSec implementations are MD5 (Message Digest 5) and SHA-1 (Secure Hash Alorithm 1).

106

IPSec - IKE / ISAKIMP Prot.

Before the construction of a secure connection, it is not known which algorithms are to be used for encoding and authentication. First, the opposite position of an SA (Security Association) must be dealt with. This determines in detail how the transmitted data packets are to be handled. The first packet triggers the negotiation. The gateway now makes proposals to the opposite partner on the algorithms that are to be used for encoding and authentication. These proposals are in the list of used proposals, which is pre-configured. Typically, the first proposal from the proposal list of the initiator, which both sides have in common, is used. For reasons of security, the negotiation takes place in two phases. First there is an identification phase, in which the two sides agree to a proposal from the IKE proposal list. After both sides have agreed on an IKE proposal, the negotiation of the actual SA for the data traffic (IPSec-SA) can take place in the second step by using the known shared secrets of both sides. As a rule, other algorithms are used in the data traffic than those used in the negotiation. The keys for the algorithms are automatically generated. The basis of the key generation is the Shared Secret of the IKE Keys. The Shared Secret, as the name implies, is known to both sides and must otherwise be kept secret under all circumstances. If it is now clear which algorithms are to be used to deal with the data traffic, the gateway devises new filters, i.e. the appropriate rules for in and outgoing packets. These rules have only a particular configurable life (SA Lifetime). After their expiry, a new negotiation takes place automatically for the IPSec connection.

SMC Barricade Features

Overview

SMC offers a broad range of Barricade access router systems to address the needs of virtually any SME that needs to be connected to the Internet. The portfolio ranges from simple access router products that support broadband technology (cable modem, DSL modem) and/or ISDN/PSTN on the WAN side to very sophisticated communication devices that combine a broad set of different LAN and security technologies. Connectivity to the local network can be either a 10/100 Ethernet interface, an integrated 10/100 switch or an additional integrated WLAN access point. Advanced security features like an integrated Stateful Inspection Firewall or VPN Gateway functionality (PPTP, IPSec) are also available in some Barricade systems. Again other

107

Barricade systems offer VoIP in combination with other advanced networking features.

The Barricade broadband routers all have a broad range of features in common:

Equipped with a 3-, 4- or 7-port, 10/100 Mbps Switch Built-in network print server (not in the SMC7301TA) Connects up to 253 PCs to the Internet (using NAT/PAT) DHCP server and client functionality VPN Support through PPTP / IPSec Pass-through IPSec Gateway and firewall functionality ( Barricade Plus) Supports dynamic and static IP addresses Supports MAC address cloning Configurable through any networked PC's web browser Compatible with all standard internet applications

SMC Barricade Features

Advanced Router Features

Advanced networking and security functions provide protection and usability beyond the typical feature set of access routers. Some examples for such functions and technologies offered by SMC are:

Firewall protection VPN support (IPSec / PPTP client and server) Support for Dynamic DNS DMZ (Demilitarised Zone) Host Remote Administrator Host Access Control Special Applications Filter VoIP Support (SIP, H.323)

Many of the SMC Broadband access routers offer advanced networking and security functionality. Some routers are offered that include a stateful inspection firewall that offers protection against attacks from the Internet. To ensure data integrity and privacy when sending information across the Internet these routers also support VPNs based on IPSec or PPTP. Support for Dynamic DNS allows to alias a dynamic IP address to a static hostname, allowing a computer to be more easily accessed from various locations on the Internet. DMZ (Demilitarised Zone) Host functionality allows a computer to be exposed to unrestricted 2-way communication. The Remote Administrator Host feature allows to perform administration tasks from a remote host. With this feature turned on, only from the system configured with the specified IP address remote administration can be performed. The Access Control function allows the administrator to assign access rights for each user that allow or block the users specified TCP and UDP ports. Some applications require multiple connections, such as Internet games, video conferencing, Internet telephony and others. Special Applications Filter allows some of these applications to work with a NAT/PAT router. Some variants of the barricade access router have been developed to support VoIP functionality.

108

SMC Barricade Features

Integrated Print Server

Many of the SMC Barricade Broadband routers feature an 1-port Integrated Network Print Server. The print server allows all users on the network to print to a single printer connected to the Barricade parallel or USB port. The print server can be accessed through provided Windows XX/NT drivers and supports also the Unix LPR protocol.

SMC SME WAN Products

SMC7004VBR

The SMC7004VBR broadband router combines a 4-port 10/100 Mbps dual-speed switch, full-featured Stateful Packet Inspection (SPI) firewall, and web-based management into one convenient device. Compatible with PC, Macintosh, and Linux, this multifunctional router also supports Network Address Translation (NAT), which provides simultaneous Internet access for up to 253 PCs using a single IP address. To manage these connections, the SMC7004VBR has a built-in DHCP server that auto-assigns IP addresses to devices on your network. Features and Benefits:

Simultaneous Internet access for up to 253 PCs using NAT LAN and IP addresses auto-assigned by the DHCP server Connects to an external cable modem or xDSL modem 4-port 10/100 Mbps Auto MDI/ MDI-X switch plus one WAN port Hacker Attack Logging VPN tunnelling via L2TP, PPTP and IPSec pass-through Platforms independent - all OS that support TCP/IP and Ethernet

109

Web-based utilities allow configuration through any Web browser

SMC SME WAN Products

SMC7904WBRA2/ SMC7904WBRB2 (ADSL)

The SMC7904WBRA2/ SMC7904WBRB2 combine an ADSL2/2+ modem, router, 4-port 10/100 LAN switch, 802.11g wireless access point & robust SPI firewall making it the complete solution for securely connecting & sharing your high speed ADSL connection, wired or wirelessly. It gives you instant always on internet connectivity with download speeds up to 24Mbps ideal for streaming multimedia content to the home. The EZ Installation Wizard with on-screen help configures your ADSL connection & WLAN in 5 easy to follow steps. Features and Benefits: Available with Annex A or Annex B Universal Plug and Play support and web-based management 4-port LAN-Switch, 10BASE-T/100BASE-TX (RJ-45), Auto-MDIX ADSL (RJ-11)* for direct connection to the splitter Supports PPPoE, PPPoA, DNS Built-in Stateful Packet Inspection (SPI/ NAT) firewall security Denial of Service protection Wireless operation with up to 54Mbps Security features include 802.1x , Wi-Fi WPA/ WPA2, 64-bit/ 128-bit WEP Disable SSID broadcast, MAC address filtering, URL Blocking Access control (IP address filtering, MAC address filtering) Hacker prevention and logging capability with email alerts Platform independent works with PC, Mac, or Linux Complies to IEEE 802.3, IEEE 802.3u, IEEE 802.11g and IEEE 802.11b Annex B (Deutsche Telekom), TI 1.413, G.DMT, G.Lite for direct connection to the splitter (BBAE Deutschen Telekom)

SMC SME WAN Products

SMCWBR14-G2

110

The Barricade g 802.11g 54Mbps Wireless Cable/DSL Broadband Router (SMCWBR14-G2) is the perfect networking solution for the user that is looking for a simple, all-in-one home or small office network product. This platform independent multifunctional router combines a 4-port 10/100 Mbps dual-speed switch with Automatic MDI-MDIX feature, a high speed 54Mbps wireless access point, Stateful Packet Inspection (SPI) firewall security, Web-based network management, and support for Virtual Private Network (VPN) pass-through into one convenient device. Features and Benefits:

WAN interface 10BASE-T/100BASE-TX 4-port 10/100 Mbps Ethernet Switch WLAN AP with data rates up to 54Mbps Supports 100 simultaneous users Complies with IEEE 802.3, IEEE 802.3u, IEEE 802.11b, and IEEE 802.11g 2dBi Dipole antenna Dynamic IP Address Configuration DHCP, DNS Wireless Security 64-/ 128-bit WEP, WPA/ WPA2 802.1x, SSID broadcast disabled, MAC address filtering SPI Firewall, Access Control, Event Logging Virtual Private Network PPTP, L2TP Intrusion Detection, Email Alerts, Parental Control Wireless Distribution System (WDS) DDNS, UPnP, Port Forwarding Simple installation with Web-based Management

SMC SME WAN Products

SMCWHSG14- Hotspot Gateway

The EliteConnect 2.4GHz 802.11g Wireless Hotspot Gateway SMCWHSG14-G is a multi-functional, all-in-one, hotspot solution that provides: 1) a secure gateway to the Internet 2) high-speed wireless access within the Local Area Network 3)

111

authentication, authorization and accounting services for wireless or wired clients and 4) support for point-of-sale ticket/ receipt printing. As an xDSL/ Cable modem gateway, the SMCWHSG14-G offers 1 WAN port and 4 Fast Ethernet LAN ports (Switch). In addition, the WAN port supports IEEE 802.3af compliant PoE. Features and Benefits:

5-port 10/100 Mbps Fast Ethernet (RJ-45) for LAN/ WAN connections IEEE 802.11b/g WLAN Static-IP, PPPoE RS-232 (ticket-printer interface) 802.1x, RADIUS AAA authentication Built-in 1024-user authentication database Access Point Detachable 2dBi antennas VPN pass-through: PPTP, L2TP Stateful packet inspection (SPI) Firewall DHCP Server/ Relay Hardware Watchdog Timer Web-based management GUI, SNMP v1/ v2, Syslog, System Log, IP Plug and Play

SMC SME WAN Products

SMC7904BRA2/ SMC7904BRB2 (ADSL)

The SMC7904BRA2/ SMC7904BRB2 combine an ADSL2/2+ modem, router, 4-port 10/100 LAN switch & robust SPI firewall making it the complete solution for securely connecting & sharing your high speed ADSL connection. It gives you instant always on Internet connectivity with download speeds up to 24Mbps - ideal for streaming multimedia content to the home. The EZ Installation Wizard with onscreen help configures your ADSL connection in 4 easy to follow steps. The product is available with Annex A or Annex B connection. Features and Benefits: ADSL (RJ-11) for direct connection ADSL 4-port 10/100 Mbps Ethernet Switch Simple installation with Web-based Management Quality-of-Service prioritizes real-time, delay sensitive applications like Voice-over-IP and video-on-demand NAT firewall with Stateful Packet Inspection (SPI), Intrusion Detection System (IDS) & Denial-of-Service (DoS) provides robust security from hackers URL blocking Built-in DHCP Server and DNS Proxy/ Relay Management access via SNMP v.1/ v.2, Telnet, TFTP, SNTP Easy installation Complies to G.DMT,ADSL2, ADSL2+ Complies to IEEE 802.1d, IEEE 802.3, IEEE 802.3u

112

SMC SME WAN Products

SMCBR21VPN

The Barricade Broadband Router SMCBR21VPN is an ideal networking solution for the SMB. This multi-function router combines load balancing WAN ports, a DMZ port and a 10/100 LAN port. It has a built in robust Stateful Inspection (SPI) firewall to protect your network from the edge. The Barricade supports protocols such as TCP/IP, while also providing support for VPN connections with PPTP, L2TP, and IPSec. SMCBR21VPNs Stateful Packet Inspection Firewall provides a high level of security against Denial of Service (DoS) attacks. Features and Benefits:

Dual WAN port brings load balancing and redundancy 1 10/100 Mbps LAN port, 1 10/100 Mbps DMZ port Simple installation with Web-based Management

Support up to 50 VPN connections Syslog and Virtual Server DynDNS Built-in PPTP and IPSec VPN Server Authentication (MD5/ SHA-1) NULL/ DES/ 3DES Encryption Algorithm Internet Key Exchange (IKE) authentication Key Management Dynamic VPN

SMC SME WAN Products

SMC7908VoWBRA2 VoIP

The Voice Connect Broadband Router with integrated ADSL-Modem SMC7908VoWBRA2 is an all-in-one solution for connecting and sharing an ADSL-Broadband connection, including LAN switching (4-port 10/100 Mbps), Voice over IP and a 54Mbps Wireless Access Point (IEEE 802.11b/g). Extensive security features include an integrated NAT-/ SPI-Firewall, VPN Passthrough (IPSec, L2TP, PPTP), MAC address filtering, URL Blocking, Hacker-Attack-Logging with E-Mail-Alert, WEP Encryption and Wi-Fi Protected Access (WPA/ WPA2) and port based authentication (IEEE 802.1x). Features and Benefits:

Functions as a Bridge and/ or Router DHCP-Server, Virtual Server, DMZ-Host, Static Route, RIP v.1/ v.2c Universal Plug-and-Play (UPnP), Dynamic DNS

113


VoIP Features:

54Mbps Wireless LAN ADSL2/ 2+ (RJ-11) for Annex A, TI 1.413, G.DMT, G.Lite 1x FXO (RJ-11) for automatic fail-over to PSTN, 2x FXS port (RJ-11) Web based Management (configuration, Firmware Update)

Supports SIP v.2 voice protocols PSTN sup. services: Call Hold/ Waiting/ Transfer, Caller ID, Call Transfer Multiple voice codec: G.711 A/U Law, G.729a, G.723.1, G.168 T.38 Fax relay and modem relay Quality of Service, Echo cancellation, Jitter buffer Mapping of voice and data to separate PVCs DTMF: in-band and out-band

114

Wireless LAN Introduction

The Wireless LAN Standard

The IEEE 802.11 committee is responsible for developing wireless local area networking standards. IEEE 802.11 is based on the same standards framework as Ethernet. This ensures a high level of interoperability and ensures that Ethernet / WLAN internetworking functions and devices can easily be implemented.

Applications
Quite often communication infrastructures based on standard wiring schemes are not feasible because of cost or technical reasons. In this case wireless products offer flexible alternatives to wired network solutions. Wireless technology also provide excellent solutions where there is a need for temporary networking installations. Typical examples for WLAN applications are:

Temporary networks Architectural reasons (building codes, protection of historic buildings, ) Mobile applications Flexible networking solutions Interconnecting LANs

In many cases where more traditional communication solutions cannot be envisioned with conventional wired technologies, wireless technology makes the seemingly impossible quite feasible, easy to implement, and cost effective. Implementing wired infrastructures into existing building structures can present complex problems. Building codes or city regulations that seek to protect historical buildings from any structural damage can create severe costs and technical problems for the network designer implementing wired technologies.

IEEE 802.11 Wireless LAN

Standard and Workgroups

115

The IEEE committee responsible for local area networking technology developed the first standard for wireless LANs (IEEE 802.11). The IEEE revised the standard in October of 1999 to address RF communication at higher data rates. The resulting IEEE 802.11b describes the characteristics of RF LAN communications at 11 Mbps. The IEEE 802.11 standard is permanently under development. A number of workgroups are assigned to propose and define new enhancements and additions to the WLAN standard:

Transmission Techniques

In the OSI Reference Model the responsibility of the Physical Layer is to transmit bits over the to be used medium. 802.11 defines several different transmission methods and technologies for Wireless LAN implementations. The standard covers not only RF but also IR technology. The standard further includes different transmission techniques like:

Frequency Hopping Spread Spectrum (FHSS) Direct Sequence Spread Spectrum (DSSS) Orthogonal Frequency Division Multiplexing (OFDM)

116

These different approaches all have the same MAC layer implemented. SMC 11Mbps WLAN products use RF technology and rely on DSSS for communication. 54 Mbit/s and 108 Mbit/s WLAN products are based on OFDM technology.

DSSS Introduction

DSSS (Direct Sequence Spred Spectrum) works by simultaneously transmitting across several different frequencies. This increases the probability that transmitted data will reach the destination. In addition, redundant bit patterns, called "chips," are included in the signal. At any given time parts of the signal are received simultaneously on the different frequencies at the receiver. In order to receive and decode the complete signal successfully, the receiving station must know the correct decoding pattern. To trace and decode data during the transmission is extremely difficult. With the 11-chip spreading code used in 802.11b WLAN products the bit-stream occupies 11 times the bandwidth that is actually needed to transmit the user data. An other disadvantage of DSSS relative to FHSS is its higher vulnerability to narrowband interferences.

FHSS Introduction

FHSS (Frequency Hopping Spread Spectrum) - the second important spread spectrum transmission technique - is actually a narrowband signal that rapidly and continuously changes frequency.

117

In order not to interfere with other signals using the ISM band, the FHSS system must "hop" its signal over the band of frequencies. The above simplified example supposes that 8 frequency slots exist in the band. The system using channel 1 sends the information signal in frequency slot 7 for the first time slot and frequency slot 4 for the second time slot using a frequency hopping pattern. In order to receive this channel the receiver has to be tuned in to the appropriate frequency slots using exactly the same frequency hopping pattern. Channel 2 is distinguished by channel 1 through a different frequency hopping pattern. FSSS is still being used today in Bluetooth products.

OFDM Introduction
OFDM (Orthogonal Frequency Division Multiplexing), is an FDM modulation technique for transmitting large amounts of digital data over a radio wave. In FDM (frequency-division multiplexing), multiple signals, (or carriers,) are sent simultaneously over different frequencies. However, FDM has an inherent problem with wireless signals that can travel via multiple paths from transmitter to receiver (by bouncing off buildings and other obstacles) in such a way that receivers can have trouble dealing with all the resulting negative effects out. Orthogonal FDM handles this multipath problem by splitting carriers into smaller subcarriers, and then broadcasting those simultaneously. This reduces multipath distortion and reduces RF interference allowing for greater throughput. (A mathematical formula ensures that the subcarriers' specific frequencies are "orthogonal," or non-interfering, to each other.) The IEEE 802.11a subcommittee has decided to use the transmission technique for their standard in the 5 GHz UNII (Unlicensed National Information Infrastructure) bands. OFDM is also used in the 2.4 GHz ISM band as the physical layer standard for the 802.11g standard.

Freq. Allocation and EMC

Every electronic product on the market must conform to stringent regulations on electromagnetic radiation. National, international and European standardisation bodies carefully define these regulations to ensure that wireless technologies have no negative impact on different systems using RF technology. SMC WLAN products comply with all these safety standards and EMC regulations. SMC WLAN products use the frequency bands 2.4GHz and 5GHz that are reserved for RF applications and products. This operating range of frequency ensures that there are no conflicts with other widely used RF devices. For example, there is no RF interference with wireless phone systems like the popular European DECT phones. The same is true for many remote control applications that typically use a 433 MHz frequency technology.

118

SMC Wireless LAN products are safe to use not only with other network and electronic products, but very importantly with humans. Wireless LAN products as standardised by IEEE 802.11, have been designed for use in offices and other working environments. Therefore, they transmit with a low energy level, which is harmless. In fact, the energy levels are significantly lower than the transmission power of typical GSM telephones that operate at about 2 W for GSM Class 2 Phones (frequency range 880-960 MHz).

Freq. Allocation and EMC

Every electronic product on the market must conform to stringent regulations on electromagnetic radiation. National, international and European standardisation bodies carefully define these regulations to ensure that wireless technologies have no negative impact on different systems using RF technology. SMC WLAN products comply with all these safety standards and EMC regulations. SMC WLAN products use the frequency bands 2.4GHz and 5GHz that are reserved for RF applications and products. This operating range of frequency ensures that there are no conflicts with other widely used RF devices. For example, there is no RF interference with wireless phone systems like the popular European DECT phones. The same is true for many remote control applications that typically use a 433 MHz frequency technology. SMC Wireless LAN products are safe to use not only with other network and electronic products, but very importantly with humans. Wireless LAN products as standardised by IEEE 802.11, have been designed for use in offices and other working environments. Therefore, they transmit with a low energy level, which is harmless. In fact, the energy levels are significantly lower than the transmission power of typical GSM telephones that operate at about 2 W for GSM Class 2 Phones (frequency range 880-960 MHz).

WLAN Media Access Control

MAC Layer

119

IEEE 802.11 MAC layer functions not only manage and coordinate the access to the transmission channel, it is to some degree also responsible for authentification and other management and security duties. Compared to shared Ethernet there are some specific notable differences we have to look at: CSMA/ CA is used to avoid collisions in actual data packets CS = Carrier Sense MA = Multiple Access (Shared Medium) CA = Collision Avoidance

Hidden station problem

CSMA/CA
At the MAC sublayer of the Data Link layer, 802.11b uses the carrier sense multiple access with collision avoidance (CSMA/CA) media access control (MAC) protocol. Wireless station (station 1) with a frame to transmit first listens (LBT - Listen Before Talk) on the wireless medium to determine if another station is currently transmitting (carrier sense). If the medium is being used, the wireless station calculates a random back-off delay. Only after this back-off time elapsed may wireless station 1 listen again for a transmitting station. By instituting a random delay time, multiple stations that are waiting to transmit do not end up trying to transmit at the same time (collision avoidance). After reading the complete frame the wireless station 2 sends an acknowledgment (ACK) signal to ensure that a frame is successfully transmitted and received.

"Hidden Station Problem"

Station Station Station Station

1 2 3 1

sees Station 2 sees Station 1 and Station 3 sees Station 2 cannot see Station 3!

120

The hidden node problem occurs in a point to multi-point network. The problem can occur when three (or more nodes) are present. In our example Station 1, Station 2 and Station 3. It is possible that in this example Station 2 can hear Station 1 (and vice versa) and Station 2 can hear Station 3 (and vice versa) but Station 3 cannot hear Station 1. In a CSMA/CA environment Station 1 and Station 3 would both properly transmit (they cannot hear each other on the 'listen' phase therefore could both simultaneously and properly transmit a packet) but Station 2 would receive corrupted data. Station 1 and Station 2 are said to be 'hidden' from each other.

WLAN Media Access Control

Use of RTS / CTS

Hidden Nodes are solved by the use of a RTS (request to send) / CTS (clear to send) protocol prior to packet transmission. In our three node network above, Station 1 sends a small RTS packet which is "heard" by Station 2 which then sends a small CTS packet in response. This packet is "heard" by both Station 1 and Station 3. Station 3 will back off and not transmit in this case.

WLAN Media Access Control

RTS / CTS Threshold

Although the use of RTS/CTS solves the "Hidden-Station-Problem" and avoids collisions it also introduces additional protocol overhead and reduces throughput. This is the reason why the RTS/CTS protocol is only activated when a certain packet size is reached.

121

On some WLAN systems this packet size (RTS/CTS Threshold) can be adjusted by the network administrator.

WLAN Media Access Control

Fragmentation Threshold
Bit error rates on wireless networks are substantially higher than in traditional wired networks. Large frames may approach the number of bits where the probability of an error occurring may be 100%. This means that every block could fail including the re-transmission. To reduce the possibility of this to happen, large frames may be fragmented by the transmitter and re-assembled by the receiver node. While there is some overhead in doing this, the probability of an error occurring and, in the event of an error, the re-transmission time is reduced. On some WLAN systems the largest packet size (Fragmentation Threshold) can be adjusted by the network administrator.

High-speed WLAN Standards

Introduction
Strong demand for wireless solutions that offer more bandwidth lead to the development of new competing IEEE 802.11 standards. Two new Wireless LAN standards are now emerging and promise to deliver speeds up to 54Mbps to WLAN users. These new standards are defined in the IEEE working groups 802.11a (ratified 1999) and 802.11g (ratified 2003). 802.11a/g products have now been available for some time. New developments are under way that increase the available WLAN bandwidth even further. New - but not yet standardized 108Mbps technologies have been developed by major players in the industry. Products equipped with chip sets (such as the Atheros Super G) significantly increase the actual throughput in 802.11a/b/g networks. MIMO technology - an other new technology approach to increase WLAN bandwidth uses multiple antennas (smart antenna technology). MIMO technology has become the widely accepted technology for providing the next evolutional step in replacing wires with wireless LAN technology and has led to the creation of the IEEE 802.11n standards group. IEEE 802.11n will include besides MIMO technology many other functions and techniques that will allow to create wireless solutions with transmit rates of up to 600 Mbps and more.

122

High-speed WLAN Standards

Comparing WLAN Standards

IEEE 802.11g products offer a high level of backward compatibility (to products conforming to IEEE 802.11 and IEEE 802.11b) and still use the ISM (2.4 GHz) frequency band. This also means that transmitting distances are about the same for 802.11b and 802.11g products. On the other hand IEEE 802.11a products transmit at 5 GHz. 802.11a technology results in smaller RF cells (shorter effective distances) and higher power consumption. Without special dual-band chip solutions, IEEE 802.11a products offer no backward compatibility. In Europe 802.11a utilizes 455 MHz of bandwidth in the 5 GHz (U-NII) band. The ETSI has divided the total 455 MHz into three distinct domains, with a different legal maximum power output. The "low" bands operate from 5.15 5.25 GHz and 5.25 5.35 GHz, and have a maximum power of 200 mW for indoor and outdoor use. The "high" band utilizes 5.470 5.725 GHz, with a maximum power of 1 W for outdoor use. (Because of this high power output, devices transmitting in the high band will typically be used in building-to-building scenarios - therefore this band is not included in the calculation of channels.) 802.11a defines a total of 8 non-overlapping 20 MHz channels across the 2 lower bands. Each of these channels is divided into 52 sub-carriers, each approximately 300 KHz wide. National regulations allocate different amounts of the 5GHz frequency spectrum, so the geographic location will determine how much of the 5 GHz band is available. IEEE 802.11n is building on 802.11a/b/g and enhances the performance and reach of wireless solutions, using the same frequency ranges, basic transmission techniques and transmit power limitations.

IEEE802.11a/IEEE802.11h
By moving to the 5 GHz frequency band and by using OFDM modulation, the IEEE 802.11a standard provides two important benefits over 802.11b. It increases the maximum data transfer rate per channel (from 11 Mbps to 54 Mbps) and increases the number of nonoverlapping channels. The 5 GHz band (UNII band) consists of three sub-bands, UNII1 (5.15-5.25 GHz), UNII2 (5.25-5.35 GHz) and UNII3 (5.4705.725 GHz). Up to 8 non-overlapping channels are available when UNII1 and UNII2 are both used, versus 3 in the 2.4 GHz band. The total bandwidth available in the 5 GHz band is also higher than in the 2.4 GHz band up to 455 MHz versus 83.5 MHz. Therefore, an 802.11a-based WLAN can support a larger number of simultaneous high-speed users without the potential for conflict. One disadvantage of using the 5 GHz band is, that the used frequencies are not internationally standardized.

123

Also some tradeoffs in terms of compatibility and range have to be made. Given that 802.11a and 802.11b operate in different frequency bands products are not compatible. To complicate even further, compatibility issues with European (ETSI) requirements are not reflected in IEEE 802.11a. Therefore technologies like Dynamic-Frequency-Selection (DFS) and Transmit-Power-Protocol (TPC) are covered in the standard IEEE 802.11h. The higher operating frequency of 802.11a results in a relatively shorter range. A larger number of 802.11a access points will be needed to cover the same area. But even with these disadvantages, initial tests show that 802.11a products still maintain about a 3 to 1 performance improvement versus 802.11b when compared with typical indoor ranges.

High-speed WLAN Standards

IEEE802.11g

The IEEE 802.11g standard offers higher speeds, while maintaining backward compatibility with existing 802.11b equipment. 802.11g works in the same 2.4 GHz frequency band and with the same DSSS modulation types as 802.11b at speeds up to 11 Mbps, but uses more efficient OFDM modulation types at higher speeds. This backward compatibility protects the customers investments in various ways. An IEEE 802.11g NIC, for example, will work with an 802.11b access point and vice versa at speeds up to 11 Mbps. To benefit from higher speeds up to 54 Mbps, both the access point and network card have to be 802.11g compliant. The standard also specifies optional modulation types (like OFDM/CCK) that are intended to improve efficiency in mixed 802.11b/g installations. In larger installations the benefit of having approximately the same effective transmission ranges means that existing 802.11b WLAN infrastructure can easily be upgraded to higher speeds without having to install additional access points in many new locations for covering a given area. Compared to IEEE 802.11a the tradeoff with 802.11g is in a lower usable bandwidth resulting in a lower number of highspeed WLAN users. Although the OFDM modulations allow for higher speed, the total available bandwidth in the 2.4 GHz frequency band remains the same. This is because IEEE 802.11g is still restricted to three channels in the 2.4 GHz band.

Offers the same operating distances as IEEE802.11b

IEEE802.11b/g Compatibility
OFDM has been developed for use with 802.11a systems already operating in the 5 GHz bands. The main problem in bringing OFDM to the 2.4 GHz band was making it work well with legacy 802.11b products. The main channel sharing mechanism for 802.11 systems is CSMA/CA. In order for this method to work, each radio must be able to hear all of the other radios associated with the same access point (including of course, the AP itself). But with 802.11g systems using OFDM, legacy 802.11b radios would be effectively unable to hear the newer devices.

124

The IEEE 802.11g Task Group solved this issue by use of a request-to-send/clear-to-send (RTS-CTS) feature that is already supported by every 802.11 device. In an IEEE 802.11 network to work properly, all nodes must be within range of the access point, even though they might not be within range of each other. This is often referred to as the "hidden node" problem. In such situations, the RTS-CTS mechanism can be set to reduce the probability of a collision. In IEEE 802.11g, the RTS-CTS functionality can be used to facilitate network operation when a mixture of 802.11g and legacy 802.11b clients are operating within the same BSS (Basic Service Set). DSSS is used as the signalling method for the transmission of RTS/CTS frames. Every 802.11g client and access point must be capable of "falling back" and operating exactly like a legacy 802.11b device. Therefore, migration to 802.11g technology can be smooth and easy. As new 802.11g access points are brought installed, legacy 802.11b access point's can remain in service and will be fully interoperable with newer 802.11g clients.

High-speed WLAN Standards

IEEE802.11a/g Ranges
While OFDM is an excellent technology for indoor WLAN applications, simple laws of physics indicate that the communication range is proportional to the wavelength. In other words, objects scatter and attenuate the RF energy more effectively the higher the used frequency. For a line-of-sight situation, propagation differences should not be much of a problem. However, most WLAN systems operate indoors where line-of-sight scenarios are limited and nearly all radio signals have to pass through walls, furniture and other obstructions. The above example was derived from several published test scenarios and its only purpose is to show what typical comparison tests reveal. Actual results will of course differ depending on the actual test environment. Typically IEEE 802.11a equipment achieves high data rates at short range, or like in the example, down a hallway where line-of-sight propagation is possible. However, data rate decreases rapidly when the signal must pass through walls and other obstructions. IEEE 802.11g products are capable of higher data rates at longer ranges than 802.11a technology. The combination of OFDM and the better wall-penetrating power of 2.4 GHz give 802.11g products a clear advantage over other high-speed WLAN technologies. The ability to provide high throughput coverage for a comparatively large area from a single AP is an important cost factor.

IEEE802.11a/g Co-existence
A 2.4 GHz 802.11b access point, for example, will not be able to work with a 5 GHz 802.11a network interface card. However both standards can certainly co-exist. For example, an 802.11a user and an 802.11b user, that are connected to the same LAN but are using separate access points and clients, can operate in the same physical space and share network resources including broadband Internet access.

125

108Mbps - 802.11g Turbo Mode

New - but not yet standardized 108Mbps technologies have been developed by major players in the industry. Products equipped with chip sets (such as the Atheros Super G) significantly increase the actual throughput in 802.11a/b/g networks. The techniques to increase the bandwidth/ throughput are:

Bursting Negotiation of frame sizes (fast frames) Using two channels (Dynamic Turbo) Compression

Bursting mechanisms and adjustable frame sizes (fast frames) both improve the bandwidth of WLAN systems by reducing the overhead at the link level. With bursting a transmitting device can send multiple frames (burst) instead of just single frames at a time. Systems capable of negotiating (larger) frame sizes (fast frames) can also transmit information more effectively. With technologies like the Atheros Dynamic Turbo multiple channels are combined into one channel doubling the actual bandwidth. At the frame level compression methods are used to increase the throughput.

g-MIMO / Turbo MIMO Products

MIMO (Multiple Input Multiple Output) is an established wireless technology now being introduced to the WLAN market. It was originally developed for use in point-to-point microwave links. This technology applied to WLAN solutions of today greatly improves the reliability, range and robustness of WLAN connections and allows to multiply the achievable bandwidth in wireless communication solutions (> 100Mbps). To achieve these new levels of improved wireless performance and reliability, multiple antennas (smart antenna technology) are being used. Given the time it will take to finalize the IEEE 802. 11n standards that also includes MIMO technology, several players in the WLAN market develop and offer g-MIMO versions of 802.11g products. MIMO-enabled 802.11g products deliver the same maximum data rate as nonMIMO 802.11g products but offer much better actual throughput and range by using smart antenna technology. Further increase of data rate and throughput (up to 108 Mbps) can be achieved by implementing in addition the same prorietary techniques which are used in Turbo A/G products. These products are typically referred to as Turbo MIMO products.

126

High-speed WLAN Standards

"pre-n" or MIMO-Products
MIMO technology has become the widely accepted technology for providing the next evolutional step in replacing wires with wireless LAN technology and has led to the creation of the IEEE 802.11n standards group. Basis for the standardization process are currently proposals of two different groups (Tgnsync and WWiSE) that differ mainly in spectrum configurations, and the achievable data rates. The standard is supposed to be finalized in 2006 and will most likely be a compromise of both proposals. Already before the IEEE 802. 11n standard will be finished, pre-standard ("pre-n") versions of MIMO products will be offered. These products will be featuring many of the technologies and features the standards group is working on. These products will be backward compatible with existing IEEE 802.11a/b/g but will provide the advantages offered by 802.11n MIMO techniques when used with the same vendors pre-n products and chipsets. Full interoperability between different vendors is anticipated by mid-2007 once the Wi-Fi Alliance has made available the 802.11n certification tests.

High-speed WLAN Standards

MIMO Technology Overview
MIMO technology uses 2D transmission to greatly improve the speed per channel. Two data pipes result in twice the data rate and an increased signal reliability. Instead of sending out a single stream of data like most base stations, MIMO sends out multiple data streams simultaneously and uses multiple antennas to sort out the signals. MIMO is compatible with existing IEEE 802.11a/b/g networks as only a single radio stream is used. Multi-mode, smart antenna chipsets improve the performance of 802.11a/b, and g Wi-Fi systems. Backward-compatible MIMO products simultaneously interoperate with existing Wi-Fi systems in the same channel, improving the power and intensity of the beam with techniques such as beamforming and receive-forming. When operating with conventional IEEE 802.11a/b/g equipment, MIMO still improves performance and coverage by having the effect of focusing the radio beam and amplifying the wireless power reception. This is a process (known as beamforming) that can effectively quadruple the transmit performance when using double antennae. When receiving the signals, the multiple antennas of a MIMO device can combine the various signals it is receiving to improve the quality and gain of the overall received signal. This is known as receive- forming and can significantly improve the reception of signals in an existing IEEE 802.11a/b/g network.

127

MIMO Advantages

MIMO technology provides several great advantages over traditional IEEE 802.11a/b/g technology, offering backward compatibility and interoperability with IEEE 802.11a/b/g solutions:

Improved Performance / Throughput Increased Range Improved Signal Reliability

The initial deployment of MIMO products is likely to happen with the upgrading of wireless access points to achieve more efficient transmission rates and better coverage. The new MIMO wireless devices will now support new applications which though feasible, were suspectible of disruption and disturbance with conventional wireless technologies. With the popularity of music streaming and other multimedia applications, home computers are turned into true media entertainment centers. High speed wireless means that music and films can be enjoyed anywhere in the house. The increased range of MIMO based high speed wireless products means that more parts of a building can be reached without the need for additional access points or wireless repeaters. Improved performance and reliability also means that new applications like VoIP (Voice over IP) can be deployed more easily without the limitations of a cable based infrastructure or the costs to extend this infrastructure accordingly.

High-speed WLAN Standards

IEEE 802.11n Overview

IEEE 802.11n will incorporate several new technology approaches to improve performance and reliability of WiFi networks. Some of the technologies that are likely to be part of the final standard include:

Multiple smart antenna technology (MIMO)

128

Increased number of spatial streams (up to 4) MIMO Power-Save mode Beam-forming Frame Aggregation and Packet Bursting Reduced Inter-frame Spacing Channel width 20 MHz or 40 MHz

One of the important components of the draft standard is MIMO (Multiple Input Multiple Output) technology. MIMO exploits a radio-wave phenomenon called "multipath". Transmitted signals are reflected by walls, doors, and other objects, reaching the receiving antenna multiple times via different routes and at slightly different times. Uncontrolled multipath negatively affects the original signal resulting in degraded Wi-Fi performance. MIMO combines multipath with a technique known as space-division multiplexing. As a result the transmitting device splits a data stream into multiple parts, called spatial streams, and transmits each spatial stream through separate antennas to corresponding antennas on the receiving end. The current 802.11n draft allows up to four spatial streams. In order to further enhance MIMO and to overcome some trade-offs to be made because of this technology (higher power consumption, etc.) additional techniques will be implemented. The draft-n specification includes a MIMO power-save mode, which reduces power consumption by using multiple paths only when it would result in additional performance. Transmit beam-forming and receive(-forming?) combining are techniques that focus radio signals directly on the target antenna, thereby improving range and performance by reducing interference. Frame aggregation, packet bursting and reduced inter-frame improve performance efficiency by allowing transmission bursts of multiple data packets and by providing a shorter delay between OFDM transmissions. Another optional mode in the 802.11n-draft effectively doubles data rates by doubling the width of a WLAN communications channel from 20 MHz to 40 MHz.

WLAN Planning and Design

Planning Considerations

In order to implement wireless LAN networks or infrastructures careful planning and design is essential. The following questions have to be answered and the appropritate decisions have to be made: 1. What kind of network topology should be implemented (ad-hoc or infrastructure network)? 2. What is the ideal location for the access points taking into account:

the bandwidth (capacity) requirements environmental conditions (open space, building, construction materials) existing infrastructure (power, LAN)

3. Which frequencies should be used taking into account factors like:

interference number of parallel" WLANs

4. How can an approriate level of security in wireless LANs be guaranteed

129

Ad-hoc Mode

The IEEE 802.11 standard describes the transmission protocols and techniques for two fundamentally different ways to build and use a RF wireless LAN. One part of the standard looks at the communication in simple "ad-hoc" networks. In these networks, a number of workstations with a limited transmission range are connected with each other. However, these topologies require no central transmission or control system. For example, a wireless LAN might be set up in a conference room to connect portable systems for use in a meeting. Advantages:

Disadvantages:

Peer-to-Peer communication without Access Point Fast installation and minimal cost of ownership Simple configuration

Limited distances Limited number of users No integration in existing LAN infrastructures

WLAN Planning and Design

Infrastructure Mode (1)

The 2nd more important application described in the IEEE 802.11 standard uses Access Points". Access Points are networking components that control and manage all the communication within a wireless LAN cell, between wireless LAN cells, and between wireless LAN cells and other LAN technologies. Access Points ensure the optimal use of the available transmission time in the wireless network. Advantages: Even stations that cannot "see" each other directly can communicate Simple integration in existing wired infrastructures

Disadvantages:

130

Higher equipment costs More complicated installation and configuration

The minimal setup including a single access point and connected wireless systems is called a Basic Service Set (BSS).

Infrastructure Mode (2)

If the wireless LAN setup includes more than one single access point that are interconnected through a wired or wireless network it is called Extended Service Set (ESS). Access Points not only ensure the optimal use of the available transmission time in the wireless network. These components also control and enable the movement of mobile workstations from one wireless LAN cell into the next without interruption of the ongoing connections. This functionality is called, Roaming" or Handover".

Planning Considerations

In order to implement wireless LAN networks or infrastructures careful planning and design is essential. The following questions have to be answered and the appropritate decisions have to be made: 1. What kind of network topology should be implemented (ad-hoc or infrastructure network)? 2. What is the ideal location for the access points taking into account:

the bandwidth (capacity) requirements environmental conditions (open space, building, construction materials) existing infrastructure (power, LAN)

3. Which frequencies should be used taking into account factors like:

interference number of parallel" WLANs

4. How can an approriate level of security in wireless LANs be guaranteed.

131

Ad-hoc Mode

The IEEE 802.11 standard describes the transmission protocols and techniques for two fundamentally different ways to build and use a RF wireless LAN. One part of the standard looks at the communication in simple "ad-hoc" networks. In these networks, a number of workstations with a limited transmission range are connected with each other. However, these topologies require no central transmission or control system. For example, a wireless LAN might be set up in a conference room to connect portable systems for use in a meeting.

Advantages:

Disadvantages:

Peer-to-Peer communication without Access Point Fast installation and minimal cost of ownership Simple configuration

Limited distances Limited number of users No integration in existing LAN infrastructures

Infrastructure Mode (1)

The 2nd more important application described in the IEEE 802.11 standard uses Access Points". Access Points are networking components that control and manage all the communication within a wireless LAN cell, between wireless LAN cells, and between wireless LAN cells and other LAN technologies. Access Points ensure the optimal use of the available transmission time in the wireless network.

Advantages:

Even stations that cannot "see" each other directly can communicate Simple integration in existing wired infrastructures

132

Disadvantages:

Higher equipment costs More complicated installation and configuration

The minimal setup including a single access point and connected wireless systems is called a Basic Service Set (BSS).

Infrastructure Mode (2)

If the wireless LAN setup includes more than one single access point that are interconnected through a wired or wireless network it is called Extended Service Set (ESS). Access Points not only ensure the optimal use of the available transmission time in the wireless network. These components also control and enable the movement of mobile workstations from one wireless LAN cell into the next without interruption of the ongoing connections. This functionality is called, Roaming" or Handover".

Roaming

Many Access Points can control and enable the movement of mobile workstations from one wireless LAN cell into the next without interruption of the ongoing connections. This functionality, called, "Roaming", requires the Access Points to be interconnected and that the WLAN RF cells do partly overlap. Due to the fact that a routing protocol for roaming is not standardized yet, it is important to only install access points from a single vendor. The following configuration rules have to be followed: Access Points:

133


Mobile systems:

Identical SSID Different channels to avoid interference in overlapping RF cells, for example 1, 7, 13 If MAC Address Filtering is used, the mobile systems MAC address has to be configured in all access points

SSID as configured in the access points (or ANY") If WEP is configured, the mobile system has to use the same key as the access points

Repeating

In general, a repeater simply refreshes a signal in order to extend the range of the existing network. A WLAN repeater does not physically connect by wire to any part of the network. Instead, it receives radio signals from an access point, network adapter, or another repeater and re-transmits the frames. This enables a repeater located in between an access point and a distant mobile user to act as a relay for frames traveling back and forth between the user and the access point. To work properly, the RF cell of the repeater must overlap with the RF cell of the access point and the RF cell of the mobile user (s. diagram above). When access points communicate to each other directly (not via the wired LAN) is referred to as a Wireless Distribution System.

WDS Links

In general, a repeater simply refreshes a signal in order to extend the range of the existing network. A WLAN repeater does not physically connect by wire to any part of the network. Instead, it receives radio signals from an access point, network adapter, or another repeater and retransmits the frames. This enables a repeater located in between an access point and a distant mobile user to act as a relay for frames traveling back and forth between the user and the access point. To work properly, the RF cell of the repeater must overlap with the RF cell of the access point and the RF cell of the mobile user (s. diagram above). When access points communicate to each other directly (not via the wired LAN) is referred to as a Wireless Distribution System.

134

Interconnecting LANs
A popular application for RF (radio frequency) technology is interconnecting LANs. Typically Wireless Bridges offer two types of configuration modes: Point-to-Point Bridge and Point-to-Multipoint Bridge. Some WLAN bridging devices in addition also support standard access point operation. With two bridge configuration options, the Wireless Bridge device can connect two or more wired LANs together over a wireless connection. This solution is perfect for connecting many different applications, including difficult-to-wire locations, branch offices, school or corporate campus environments, frequently changing workplaces, temporary LANs, hospitals and warehouses. Depending on the distances the wireless connection has to bridge and the specific environmental conditions, special highgain, point-to-point, and point to multi-point antennas provide the perfect solution for those applications where greater distance or structural penetration is necessary.

WLAN Security

Introduction
SMC WLAN products use a transmission technique called "Direct Sequence Spread Spectrum". DSSS was specifically designed to ensure secure and robust transmissions, that are less prone to interference. Wireless based on RF transmission can be considered a secure technology and is not particularly vulnerable to "tapping" (Sensitive data transmissions scrutinised by unauthorized personnel) if security functions are implemented and configured correctly. A first step in securing IEEE 802.11 wireless LANs is to use and configure the SSID (Service Set ID). IEEE 802.11 also describes the use of other mechanisms to enhance security with authorisation and encryption methods. As an example, the WEP (Wired Equivalent Privacy) is an additional encryption technique that is based on the RC4 algorithm. New standards like IEEE 802.11i (formerly WEP2) provide even stronger security levels. The implementation of these and other authorisation and encryption methods ensure that security in WLANs is comparable or even better than that of conventional LAN technologies. We can also add security techniques based on MAC addresses to the already powerful mechanisms of DSSS and authorisation techniques in IEEE 802.11 standard. These filters can be configured in the Access Point where they allow an effective control of all the communication that passes via the Access Point.

135

If customers require additional levels of security, supplemental security mechanisms and solutions can be installed. Examples for such technologies include software for authorisation, VPNs or extensive firewall systems.

Service-Set-ID (SSID)

The SSID (Service Set ID) can be interpreted as the name of the wireless network

Select "hard to guess" SSIDs Disable SSID broadcast

Authentification and WEP

The IEEE802.11 standard offers two authentication methods: The Open System Authentification offers hardly any authentication and basically allows unrestricted access to the WLAN. The Shared Key Authentification on the other hand uses WEP keys for authentication. Clients without a valid WEP key cannot connect to the access point.

136

The access point generates a random 128-bytes text and sends it to the client without encryption (Challenge). The client uses his WEP key to encrypt the text and sends it back to the access point (Response). The client has been successfully authenticated if the access point is able to decrypt the response. Due to the fact that this authentication method can be easily broken it is recommended to work with Open System Authentication and to advise the users accordingly. Strong authentication can be added using port-based authentication as defined in IEEE 802.1x.

Wired Equivalent Privacy (1)

WEP (Wired Equivalent Privacy) is a security protocol for wireless local area networks defined in IEEE 802.11b. WEP is designed to provide the same level of security as that of a wired LAN. WEP aims to provide security by encrypting data so that it is protected as it is transmitted from one end point to another. WEP works at the two lowest layers of the OSI reference model. WEP Encapsulation:

Encryption Algorithm = RC4 Per-packet encryption key = 24-bit IV concatenated to a pre-shared key WEP allows IV to be reused with any frame Data integrity provided by CRC-32 of the plaintext data Data and ICV are encrypted under the per-packet encryption key

Wired Equivalent Privacy (2)

Advantages using WEP: 40-Bit WEP Encryption (RC4) is part of the WiFi certification Safer than using no encryption!*

WEP weaknesses:

128-Bit encryption is a proprietary

solution

137

Algorithm may generate weak" keys (RC4) Static shared key Static keys have to be changed manually Several tools exist that break WEP Same static key is used for encryption and authentication (in Shared Key mode)

IEEE 802.11i and WPA

Several long awaited changes and enhancements are covered in the IEEE 802.11i standard. This set of standards provides strong encryption and authentication for WLAN networks and overcomes the early flaws with Wired Equivalent Privacy (WEP). It now allows the design and deployment of very secure Wi-Fi networks. The early adoption of the core set of 802.11i standards was known as Wi-Fi Protected Access (WPA) and the now-finalized (2004) 802.11i standards are referred to as WPA-2. Some of the new features and functions are:

Temporal Key Integrity Protocol (TKIP) ensures that temporary keys are changed every 10.000 packets Per-packet-mixing means that key information is inserted in different locations in the packet Continuous re-sequencing of packets A Message Integrity Check (MIC) guarantees that packets have not been tampered with Instead of RC4 AES (Advanced-Encryption-Standard a more powerful 256-bit encryption technique is used Authentification using IEEE802.1x

The Wi-Fi Alliance, working closely with the IEEE, defined in the meantime a strong interoperable Wi-Fi security specification in the form of Wi-Fi Protected Access (WPA). WPA removes all known weaknesses of Wired Equivalent Privacy (WEP), the original security mechanism in the 802.11 standard. As a subset of 802.11i (also known as WPA2), WPA is both forward and backward-compatible and is designed to run on existing Wi-Fi devices as a software download. The Wi-Fi Alliance is a nonprofit organization that encourages manufacturers to use standardized 802.11 technologies in their wireless networking products and to test and certify Wi-Fi product interoperability.

138

IEEE 802.1X (1)

IEEE 802.1x is a port-based network access control method for wired, as well as wireless, networks. With EAP, 802.1x client workstations mutually authenticate with an authentication server in the network. This authentication prevents users from accidentally connecting to wrong or unauthorized access points on the wireless network and also ensures that users who access the network are the ones that are supposed to be there. When a user requests access to the network, the client sends the user authentication information to the authentication server via the access point. If the server accepts the user, a master key is sent to both the client and to the access point. In a next step client and access point acknowledge one another and install the keys to complete the process

IEEE 802.1X (2)

WPA uses 802.1x authentication with one of several Extensible Authentication Protocol (EAP) types available today:

EAP ( Extensible Authentication Protocol) EAP-MD5 (EAP Message Digest 5) LEAP ( Lightweight EAP) EAP-TLS (EAP - Transport Layer Security) EAP-TTLS (EAP - Tunneled TLS / RF) PEAP (Protected EAP - Cisco, MS, RSA)

139

A brief comparison shows the differences between some of the EAP types mentioned:

MAC Address Filtering

With MAC address Filtering the network administrator can use a very simple mechanism to control which wireless devices are allowed to connect to the WLAN. As part of the IEEE 802 standards, also every WLAN device (interface) has its unique Media Access Control (MAC) address allocated by the manufacturer. To increase WLAN security, it is possible for an IT manager to maintain access lists (or tables) on access points to accept only certain MAC addresses and filter all others out. Advantages:

Disadvantages:

Only systems entered in the ACLs can connect to the AP Simple mechanism Can be an effective method in small networks

MAC addresses can be changed / modified / spoofed Management overhead - MAC addresses are maintained manually

140

WLAN Hotpots

Introduction
Wireless networks are everywhere. Most laptops now ship with a standard wireless connection. Wireless networks are enabling new flexible ways of working and conducting business that were not possible before. Not only can people work where they want, but they can also keep in touch while they are on the move. Wireless hotspots are springing up all over the world. They are typically located in areas where travelers need to wait or want to take a break. These include but are not limited to: motorway service areas, railway stations, airport lounges, hotel lounges, coffee shops and internet cafes. Anyone with a broadband connection and a wireless device can set up an open wireless area. People on the move want to stay in touch. Businessmen on the road or students on their travels both want access to their email and the internet. A wireless hotspot is an excellent way to allow your guests to access the Internet over a shared broadband connection. It will attract visitors to your premises and encourage them to stay longer and spend more money with you. And best of all, it will generate a revenue stream which will typically pay for the equipment and running costs as well as generating a healthy profit within months of installation.

Important Features

It is simple to set up an open wireless network that can be used by anyone with a wireless card in the vicinity. The key differences between a wireless hotspot and an open wireless network are the following important features: Only paying guests can gain access. A flexible billing mechanism is to sell access by the hour or minute. At the point of sale, a ticket is issued with the appropriate login details. The user enters these details when they connect to the wireless gateway

141

and can use the facilities for the amount of time purchased. Free access to some sites should be set up to allow clients to login and to provide demonstration opportunities. Only registered users are allowed to use the network. When a client first tries to access the Internet in a wireless hotspot, the client's browser is re-directed to a registration screen where they enter their login details. The session is closed either when their pre-paid time has elapsed or when the client closes the connection. The network must be secure and not allow users to see each other's data or access each other's machines. The wireless network must be able to cover a large area and the reach of the network should be controllable to prevent signal leakage. The wireless equipment must be able to support roaming over bridged wireless domains and support detachable antennas so that the coverage area can be configured to the required shape and size.

SMC Hotspot Solutions

The EliteConnect 2.4GHz 802.11g Wireless Hotspot Gateway (SMCWHSG44-G) combines a wireless AP/Bridge with Authorization, Authentication and Accounting features and a NAT router with firewall to provide an all-in-one Hotspot solution. Mini-POS Ticket Printer option is included. The SMCWHSG44-G Hotspot Gateway supports an external ticket printer/ keypad, so a Hotspot Venue can print a ticket for temporary users that will only need a short time for Internet access. SMC also provides the optional Mini-POS Ticket Printer (SMCWHS-POS) for ticket printing and device control. The EliteConnect Power Injector (SMCPWR-INJ3) is an IEEE 802.3af Power Injector that provides power to wireless devices using a standard Category 5 cable. It reduces installation costs, as a dedicated power outlet is not required for the wireless hotspot gateway.

142

Example: Coffe Shop / Internet Cafe

Many coffee shops, bars and restaurants are offering wireless Internet access as a way of not just attracting but also keeping visitors for longer. Visitors that stay longer will also spend more on drinks and food. Add the extra sales to the money made from selling the wireless Internet access and it becomes a win-win business proposition. The wireless hotspot can also be combined with an existing Internet caf installation using fixed PCs and ordinary wiring.

Example: Hotel Lobbies and Lounges

Hotel lobbies and lounges are one of the favorite watering holes for road warriors. A wireless hotspot can increase the appeal for hotel facilities and encourage guests to stay longer and spend more on food and beverages. In addition, the wireless hotspot can be combined with a business centre facility to offer both wired and wireless access for traveling professionals. It can also be combined with an in-building VDSL solution which provides high speed Internet access to guest rooms using the hotels internal telephone wiring. The same accounting and authorization system can be used for all three types of users. This helps spread the investment costs and increases the revenue potentials of each solution.

143

Example: Transportation Hub

Business travelers on the road can catch up with their email or download important documents for their next sales meeting while having a break at a motorway service area equipped with a wireless hotspot. Depending on the size and layout of the terminal, the wireless area can be extended using wireless bridges so that users can roam from caf to restaurant to lounge while still logged in to the single wireless gateway account.

WLAN Antenna Technology

Characteristics

Most important WLAN antenna characteristics are:

Frequency Gain Direction Polarization Return loss (VSWR) Impedance

Antennae are designed to transmit information (data/ voice) using a precisely defined frequency spectrum, for example 2.4 GHz 2.5 GHz (IEEE802.11b/g) or 5.150 5.825 GHz (IEEE802.11a/h). As a result of this it is not possible to use 5 GHz antennae with 2.4 GHz products and vice versa. Antenna designs can be grouped in two variants: antennae with or without directional radiation. An omni-directional antenna has no specific directional orienation. Directional antennae direct the energy in a particular direction. If we use light sources to visualize the different concepts the omni-directional antenna can be compared to a light bulb or candle, a directional antenna to the beam of a flashlight. With directional antennae it is also interesting to note how the actual orientation (horizontal and vertical beamwidth) and polarization (linear vertical/ horizontal vs. circular) are designed. The gain of an antenna is simply the factor of how much the energy fed to the antenna is bundled in a certain direction. It describes the relative increase in power or magnitude of a signal and is measured in decibels.

144

Another important antenna characteristic is VSWR (Voltage Standing Wave Ratio), a measure of the reflection, resulting from a ratio of the input signal to the reflected signal. A measure of VSWR is the return loss which is expressed in decibels. Cables, connectors and antennae used in WiFi/WLAN installations do have 50 impedance. Impedance, is an expression of the opposition that an electronic component or cable offers to electric current. It is a two-dimensional quantity consisting of two independent factors, resistance and reactance and is espressed in Ohm ().

Types of Antennas
Overview

The different types of antennae for WLAN applications can be split into the following groups: Omni-directional Antennae provide coverage in all directions and are therefore ideal to cover large indoor / outdoor areas.

Beamwidth: 360 (horizontal) Gain: 2 8 dBi

(An example for an omnidirectional antenna and its typical radiation pattern can be seen in the picture above)

Directional Antennae (like the SMCANT-DI135) bundle the energy of the RF signal in a specific direction and are therefore ideal for Point-to-Point applications.

Beamwidth: 15-25 or less Gain: 12 dBi and more

(An example for a directional antenna and its typical radiation pattern can be seen in the picture above)

Sector Antennae (like the SMCANT-DIFP11) represent a special form of directional antennas and are ideal to cover large areas (or corners) from the side.

Beamwidth: 50 80 (horizontal/ vertikal) Gain: 6 12 dBi

145

(An example for an omni-directional antenna and its typical radiation pattern can be seen in the picture above)

Antenna Deployment

Reciprocity

An antenna both transmits and receives radio frequency (RF) energy. The physical design of an antenna determines how the RF signal is radiated. A law of physics (called the "Law of Reciprocity") causes an antenna to send signals with the same ability as it can receive signals. This means that a high-gain or directional antenna both transmits and receives with the same increased directionality and gain. Therefore to increase the coverable distance in an WLAN installation even the deployment of a single "better" external antenna only on one side will improve the maximum distance between access point and WLAN station because it increases the output power as well as the receive sensitivity.

146

Antenna Deployment
Antenna Diversity
Most Wi-Fi wireless LAN devices are typically equipped with a common short straight black antenna. Many 802.11 access points ship with two antennas, called "diversity antennae". One of these is used as the primary transmitting and receiving antenna, while the other is periodically checked to see if it is receiving a stronger signal than the primary antenna. The purpose of diversity antennae is to eliminate multi-path interference from the network. Signalling problems like multipath interference happen, when a signal arrives at the receiving station on more than one path (for example because of reflections from obstacles). Antenna diversity is a solution to this problem and means that devices with two antennae automatically switch to the antenna with the better signal quality. It can help to reduce variations in signal strength as the location of access point and client is varied. In order to do this properly diversity antennae should cover the same area from slightly different positions with only a short distance ( 0.5x wave-length, ~ 6 cm for IEEE 802.11b) betweeen the antennas. Antenna diversity is not designed to use the antennae to cover different areas, like for example two different floors.

P-2-P Bridging

Most Wi-Fi wireless LAN devices are typically equipped with a common short straight black antenna. Many 802.11 access points ship with two antennas, called "diversity antennae". One of these is used as the primary transmitting and receiving antenna, while the other is periodically checked to see if it is receiving a stronger signal than the primary antenna. The purpose of diversity antennae is to eliminate multi-path interference from the network. Signalling problems like multipath interference happen, when a signal arrives at the receiving station on more than one path (for example because of reflections from obstacles). Antenna diversity is a solution to this problem and means that devices with two antennae automatically switch to the antenna with the better signal quality. It can help to reduce variations in signal strength as the location of access point and client is varied.

147

In order to do this properly diversity antennae should cover the same area from slightly different positions with only a short distance ( 0.5x wave-length, ~ 6 cm for IEEE 802.11b) betweeen the antennas. Antenna diversity is not designed to use the antennae to cover different areas, like for example two different floors.

P-2-M Bridging

In Point-to Multipoint applications, slave bridges can only communicate with the bridge master using individual point-to-point links. Only the master bridge is operating in a multipoint configuration.

Common Connectors

Commonly used connectors used in WLAN installations to interconnect with antennae:

RP-SMA (RP = reverse polarity) RP-TNC (RP = reverse polarity) N MMCX

148

Reverse polarity means that the jack at the product has a male pin and the plug at the cable a female jack!

WLAN Management and Planning Tools

Introduction

SMC Wireless LANPlanner solution enables accurate visualization for large scale wireless networks. It allows to design and predict coverage for wireless network deployments using SMC solutions, without performing on-site measurements! The planning software allows to create a wireless network model that incorporates the bandwidth requirements of different groups of users. It can be adjusted to account for heavy use requirements in specific areas of a facility and displays potential channel interference beforehand. With this tool it iseasily possible to simulate any potential adjustments and changes in the WLAN environment. The impact of changing the channel, moving equipment or increasing user load is clearly visualized. With the help of this software suite it is easy to predict how the installation of an additional access point impacts the current deployment.

149

AP Placement
Working with the SMC Wireless LANPlanner typically is a three phase process. In a first step or phase the initial facility floorplan is entered into the system. Walls, windows and support beams each have a unique impact on wireless signals and need to be taken into account. The next step is to also enter the user requirements. With the SMC Wireless LANPlanner, the unique user requirements of each part of the facility can be documented to ensure proper coverage. In the third step the software automatically recommends an optimal AP placement. The SMC Wireless LANPlanner software evaluates the impact of BOTH the floorplan and the proposed user requirements to recommend the best placement of access points in the facility. A network designer can then adjust the placement and view/simulate the impact of any potential changes.

Contour Coverage Output

Contours show the coverage and raditation pattern based on SMC access point configuration and SMC antenna choice and orientation.

150

Functionality Details

Prediction: You can predict vital information such as RSSI (Received Signal Strength Indicator), SIR (Signal to Interference Ratio), SNR (Signal to Noise Ratio), and visualize the impact of these measurements on a map of your facility. 2D/3D Modeling: Wireless Valley's software quickly constructs a 2D or 3D representation of the environment that conveniently captures and organizes all relevant information regarding both the wireless network and the physical environment in which it resides. Performance Verification: Verification and recording of real-time network performance statistics directly from any wireless LAN client device. These real-time measurement statistics are displayed in a site-specific manner. Asset Documentation: Export of SMC access point positioning, channel, and power information for simplified network management and deployment. Bill of Materials: Project documentation is also stored and can be easily shared and e-mailed. A highly accurate bill of materials can also be generated for the purchase of equipment and materials avoiding time consuming implementation delays, additional unplanned purchases, budget overruns and excessive paperwork.

SMC WLAN Adapter

SMCWPCI-G2 PCI Card (54Mbps)

The EZ Connect g Wireless PCI Adapter SMCWPCI-G2 adds IEEE 802.11g wireless to desktop computers, providing a simple and secure way to access your wireless router and office network. The SMCWPCI-G2 is standard IEEE 802.11b/g certified and supports the latest wireless security standards which prevent unauthorized access, and ensure your data is secure. The SMCWPCI-G2 package also includes a low-profile bracket, which makes it flexible for your PC installation. The EZ Installation

151

Wizard guides you step-by step which makes installation quick and easy. Once installed the WLAN utility allows you to scan for available wireless networks and manage multiple network profiles so connecting becomes instantaneous. Features and Benefits:

Up to 54Mbps high data rate 2.4GHz frequency band 64-bit and 128-bit WEP encryption, Wi-Fi Protected Access (WPA/ WPA2), IEEE 802.1x for authentication Site survey utility Ability to define multiple profile settings EZ installation wizard Supports major Windows operating systems Wi-Fi certified: Compatible to IEEE 802.11g, IEEE 802.11b

SMC WLAN Adapter

SMCWPCI-N2 PCI Card (300Mbps)

The EZ Connect N Pro Draft 11n Wireless PCI Adapter SMCWPCI-N2 is another cutting edge introduction in 2.4GHz wireless communication for desktop computers with the MIMO technology. Designed for the home and office, this wireless PCI adapter provides the speed, coverage and security expected by todays wireless users. The SMCWPCI-N2 is Wi-Fi CERTIFIED for full compliance with the IEEE 802.11n draft v2.0 standard, as well as the popular Wireless-G (802.11g) and Wireless-B (802.11b) standards. Features and Benefits: 3x 2dBi detachable antennas with RP-SMA connector IEEE 802.11g, IEEE 802.11b and IEEE 802.11 draft v2.0 compliant High data rates at up to 300Mbps 2.4GHz frequency band Uses MIMO technology Ad-hoc or Infrastructure mode Wi-Fi Protected Setup (WPS): Makes wireless security setup easy with push button and PIN configuration methods Wi-Fi Multimedia automatically prioritizes traffic according to four different traffic categories without user interaction 64-bit and 128-bit WEP encryption, Wi-Fi Protected Access (WPA/ WPA2) IEEE 802.1x for authentication WLAN utility Supports major Windows operating systems

SMC WLAN Adapter

152

SMC2642W Compact Flash Card (11Mbps)

The SMC2642W V.2 EZ Connect 2.4GHz 11Mbps Wireless Compact Flash Card is a Type I Compact Flash Adapter that is based on IEEE 802.11b technology. This Wireless Compact Flash (CF) Card supports wireless communication at speeds up to 11Mbps with a maximum connection range up to 1,320 feet. Supporting Windows CE 3.0 and Windows 98SE/ ME/ NT/ 2000/ XP/ Pocket PC 2002, this Wireless Compact Flash Card provides an easy-to-use configuration and is the perfect solution for integrating PDAs into already existing wireless LANs. Features and Benefits:

Compact Flash V1.4, CF+ I/O interface,Type I host interface IEEE802.11b high speed wireless LAN connection 64-bit /128-bit WEP encryption Plug-and-Play Configuration Up to 11Mbps high data rate Automatic fallback feature (1, 2, 5.5, or 11Mbps) Supports both ad-hoc mode (peer-to-peer) and infrastructure mode Low power consumption and power save mode Supports major OS

This product is no longer available. This product represents a technology

SMC WLAN Adapter

SMCWCB-N CardBus (300Mbps)

The EZ Connect N Pro Draft 11n Wireless CardBus Adapter SMCWCB-N is another cutting edge introduction in 2.4GHz wireless communication for your notebook computer. Designed for both the home and office, this Wireless CardBus adapter provides the speed, coverage, and security expected by today's wireless users. The SMCWCB-N is compliant with the next generation IEEE 802.11n draft v2.0 specification while maintaining full backwards compatibility with the IEEE 802.11b/g standards.

153

Features and Benefits: IEEE 802.11n draft v2.0, IEEE 802.11b and 802.11g compliant Data rates up to 300Mbps 2.4GHz frequency band Uses DSSS, CCK, OFDM and MIMO technology Wi-Fi Multimedia automatically prioritizes traffic according to four different traffic categories without user interaction Automatic data rate and channel selection Ad-hoc or Infrastructure mode WLAN utility Supports major Windows operating systems

SMC WLAN Adapter

SMCWEB-N Wireless Access Point/ Ethernet Client (300Mbps)

The EZ Connect N Pro Draft 11n SMCWEB-N is a multi-function Wireless-N networking device: Access Point and Ethernet Client modes. Designed for multimedia applications SMCWEB-N can be used in Access Point mode to add high-speed wireless connectivity to your network, or Client mode to simultaneously connect multiple Ethernet enabled devices such as a game console, digital media player or Network Attached Storage. The SMCWEB-N is IEEE 802.11n draft v2.0 compliant while maintaining full backwards compatibility with the Wireless-G (802.11g) and Wireless-B (802.11b) standards. Features and Benefits: High Data Rates at up to 300Mbps 2.4GHz frequency band 4-port 10/100 LAN switch with auto MDI-MDIX Wi-Fi Protected Setup (WPS): Makes wireless security setup easy with push button and PIN configuration methods Wireless Intelligent Stream Handling Technology: Automatically manages and prioritizes the flow of time sensitive data in your wireless network without the need for end user configuration Plug-and-Play, no drivers needed, EZ Installation Wizard Converts any Ethernet-equipped device to wireless Extends the range of your wireless network Repeating (Wireless Distribution System WDS) and Access Point modes Supports highly secure wireless connections 64-bit and 128-bit WEP encryption, Wi-Fi Protected Access (WPA/ WPA2), IEEE 802.1x for authentication Disable SSID broadcast and MAC address filtering Simple Creation or Extension of a Wireless Network Complies to IEEE 802.3, IEEE 802.3u, IEEE 802.11b, IEEE 802.11g, IEEE 802.11n draft v2.0

SMC WLAN Adapter

SMCWUSBS-N USB 2.0 Adapter (300Mbps)

154

The EZ Connect N Draft 11n Wireless USB 2.0 Adapter SMCWUSBS-N enables Wireless-N connectivity to your desktop or notebook computer and provides improved throughput and range than existing 802.11g technology. Upgrading to Wireless-N is an excellent solution for browsing the Internet and sharing files such as video, music and photos. The SMCWUSBS-N is WiFi CERTIFIED for full compliance with the IEEE 802.11n draft v2.0 standard, as well as IEEE 802.11g and IEEE 802.11b standards. This next generation standard utilizes advanced MIMO technology to deliver incredible speed and range. Features and Benefits: USB 2.0 High data rates at up to 300Mbps 2.4GHz frequency band Wi-Fi certified: compliant with IEEE 802.11g, IEEE 802.11b and IEEE 802.11n draft v2.0 Wi-Fi Protected Setup (WPS): Makes wireless security setup easy with push button and PIN configuration methods Internal antenna Ad-hoc, Infrastructure mode or Soft Access Point mode 64-bit and 128-bit WEP encryption, Wi-Fi Protected Access (WPA/ WPA2), IEEE 802.1x for authentication Supports major Windows operating systems Profile management and Site Survey EZ Installation Wizard; Plug-and-Play

SMC WLAN Infrastructure Products

SMC2555W-AG2 Access Point

The EliteConnect Universal 2.4GHz/ 5GHz Wireless Access Point SMC2555W-AG2 provides a secure, high-performance enterprise class wireless LAN supporting up to 64 users. The reliability, security, and manageability of the SMC2555WAG2 make it an ideal solution for any organization looking to satisfy its workforces mobile computing needs. New features include Multiple SSID support, Wireless Distribution System (WDS), VLAN tagging, and Wireless Multimedia (WMM) support. It provides enterprise level security and management features. Features and Benefits:

Data rates up to 54Mbps in IEEE 802.11a/g, and up to 11Mbps in IEEE 802.11b Supports up to 64 users

155

Wi-Fi Multimedia automatically prioritizes traffic according to four different traffic categories without user interaction 64-/ 128-/ 152-bit WEP encryption, Wi-Fi Protected Access (WPA/ WPA2), IEEE 802.1x for authentication Command Line Interface (CLI), Web-based management, Telnet, SSH, TFTP SNMP, Syslog, and Event Logging Detachable antennas for optional external 2.4GHz/ 5GHz high gain antenna Power over Ethernet Anti-Theft mechanism Complies to IEEE standards 802.11a, 802.11b, 802.11g, 802.3, 802.3u, 802.3af, 802.1x

SMC WLAN Infrastructure Products

SMC2890W-AG/ SMC2891W-AG WLAN Bridge

The EliteConnect Universal 2.4GHz/ 5Ghz Outdoor Access Point/ Bridge is designed to bridge two or more wired LANs, while simultaneously providing wireless access to local or mobile users. The SMC2890W-AG/ SMC2891W-AG incorporate a dual radio architecture to bridge over one wireless band and provide wireless client access over the other band. The DualBand Outdoor Access Point/ Bridge is also completely weatherproof and capable of being installed in a wide variety of different environments. SMC2890W-AG/ SMC2891W-AG use Wireless Distribution System to allow bridging between remote locations. Features and Benefits:

IEEE 802.11b, IEEE 802.11g, IEEE 802.11a certified Up to 54Mbps in IEEE 802.11g Connects up to 6 remote LANs, supports up to 64 users 64-bit/ 128-/ 152-bit WEP encryption, Wi-Fi Protected Access (WPA/ WPA2), IEEE 802.1x for authentication Flexible Management (HTTP, Telnet, TFTP, SNMP, Syslog, and Event Logging) Wireless Distribution System (WDS) Power over Ethernet

. SMC WLAN Antennas

156

High-Gain direct. Antennas

The SMC range of high-gain universal, point-to-point, and point to multi-point antennas provide the perfect solution for those applications where greater distance or structural penetration is necessary. The SMCANT-00M8 8dBi Omni-Directional Antenna is an optimal solution for midrange, point-to-multi-point, and building-to building applications. The SMCANT-DI105 is a high-gain wide dispersion antenna perfect for wireless LAN solutions or customer premise equipment. The SMCANT-DI135 is a perfect universal antenna that can be used in a wireless LAN, point-to-point, or customer premise environment. This multi-purpose antenna provides superior structural penetration , point - to -point ranges of up to 11km, and can act as a general-purpose point-to-multi-point antenna. The SMCANT-DI145 is the market's premier point-to-point antenna that does not require line-of-sight (LOS). Its narrower beam and higher gain provide seamless connectivity up to 14,5km. When greater structural penetration is needed, the SMCANT-DI145 is also the choice for indoor/ outdoor wireless build-out applications. The SMCANT-DI215 has the narrowest beam and highest gain which is ideal for long-range point-to-point applications. Antenna cables, mounting arms, and desktop stands are available for the full line of SMC high-gain antennas. Note: Out-door might require notification or approval of local or government authorities. Some of the products are no longer available. They represent a technology.

Antennas Comparison Chart

157

Some of the products are no longer available. They represent a technology.

SMC WLAN Antennas

5GHz Antennas

SMC's Wireless High Gain 10dBi Omni-Directional Antenna SMCANT-OOM10 is an optimal solution for midrange, point-topoint and point-to-multipoint applications. The SMCANT-OOM10 is designed to work with SMC's wireless outdoor bridge and only supports the 5GHz frequency. SMC's Wireless High Gain 18dBi flat panel antenna SMCANT-DIFP18 is an optimal solution for mid-to-long range point-topoint or point-to-multipoint applications. The SMCANT-DIFP18 is designed to work with SMC's wireless outdoor bridge and only supports the 5GHz frequency. Some of the products are no longer available. They represent a technology.

158

Home/ Indoor Antennas

The EZ Connect 2.4GHz Omni-Directional Home Antenna (SMCHMANT-4) provides an extended range solution for wireless network hardware. This new 6dBi directional antenna supports all 2.4GHz Wi-Fi standards, including IEEE 802.11b, IEEE 802.11b+, and IEEE 802.11g. Adding this antenna to a Barricade Router with detachable antennas or to a wireless PCI adapter with detachable antenna it will improve signal strength and signal quality while increasing the total coverage area up to 20%. The EZ Connect 2.4GHz Directional Home Antenna (SMCHMANT-6) provides an extended range solution for wireless network hardware. This 6dBi directional antenna supports all 2.4GHz Wi-Fi standards, including IEEE 802.11b, IEEE 802.11b+, and IEEE 802.11g. Adding this antenna to a Barricade Router with detachable antennas or to a wireless PCI adapter with detachable antenna it will improve signal strength and signal quality while increasing the total coverage area up to 50%.

SMCPWR-INJ3 Power Injector

The SMCPWR-INJ3 is an IEEE 802.3af Power Injector that provides power to EliteConnect Access Point/ Bridge using a standard Category 5 cable. It reduces installation cost, as a dedicated power outlet is not necessary to be near where the EliteConnect Access Point/ Bridge is installed. It is convenient, simple, and easy to install.

159

Introduction
What is VoIP?

The fundamental idea behind Voice over IP (VoIP) is that a phone call is sent via a series of data packets using an IP communication infrastructure. This is done to achieve a better total bandwidth utilization by allowing voice and other digital data to be "mixed" on the same IP network.

The term Voice over IP is used to describe the fundamental technology, concepts and standards. The terms IP Telephony and Internet Telephony or LAN Telephony describe specific implementations of VoIP. IP Telephony provides traditional and new advanced telephony functions over a managed or private network that can guarantee the necessary quality, predicatbility and low packet delay from one end of an network to the other. These networks are typically owned and run by a single organization like carriers and ISPs. Internet Telephony or Voice On the Net (VON) refers to an implementation of the same kind of technology using the Internet as a replacement for PSTN services. But although the Internet is a communication infrastructure based on IP it is a patchwork of many, mostly unmanaged networks, owned and operated by disparate organizations. The resulting network infrastructure therefore does not guarantee the quality, low delays and predictability necessary to provide high quality voice services. The idea of making almost cost free calls all over the Internet nevertheless has found an constantly increasing number of users all over the world even if Internet telephony still lacks many of the traditional PSTN capabilities. LAN Telephony refers to technical solutions where VoIP technology is used to replace conventional PBX technology in a high bandwidth local area network.

Advantages of VoIP

There is one main motivation for implementing VoIP: cost reduction. But it is not only about cheaper phone calls there are many advantages for customers and providers: Advantages for end users / companies:

Dramatic cost reduction for telephony Only one communication infrastructure internally (companies) Better scalability of the communication infrastructure New integrated voice / video / data applications Better and reduced management of the infrastructure Future proof

Advantages for providers and carriers:

Dramatic cost reduction (infrastructure) New integrated and value add services New business models

160

Comparison PSTN / VoIP

VoIP technology is very young compared to the traditional technology behind the PSTN. VoIP technology promises dramatic cost reduction for voice communication and is the basis for the development of new powerful services and applications. But there are also some trade-offs when we compare the fundamental technologies. Although the PSTN infrastructure and technology is relative complex (and expensive) the PSTN delivers very reliable voice services at a very high quality with minimal delays. The technology is proven, reliable and generally accepted.

It is the underlaying packet oriented networking technology that makes VoIP the more efficient solution for voice communication. But this is also the reason for significantly higher delays, variable data flows, sometimes unpredictable network bandwidth and most of the time lower quality. This technology approach is very flexible and allows a broad range of different implementations. These range from simple Internet Telephony solutions with no guarantes for acceptable quality for the voice communication to reliable high quality IP Telephony services or LAN Telephony that offer advanced and supplementary (CTI) services.

VoIP Scenarios

There are three fundamentally different VoIP scenarios when looking at typical telephony usage:

VoIP device to VoIP device VoIP device to telephone Telephone to telephone

The scenaro "VoIP device to VoIP device" is referring to applications that are only using an IP network as means to interconnect the end devices. These are computers of some kind. Classic Internet Telephony and also enterprise LAN Telephony are typical examples for this scenario.

161

In many instances it will be necessary to establish communication with end users (devices) that are not connected to the IP network but to are conventional telephone (or other devce) connected within a PSTN. In this "VoIP to telephone" scenario the two very different communication infrastructures (IP network vs. PSTN) have to be interconnected to allow calls to pass from one side to the other. The devices used to connect these fundamentally different working networks are called (interconnection) gateways.

A third VoIP communication scenario whch we best describe as "telephone to telephone" is becoming more and more important although, in most cases invisible (transparentely deployed by the voice carier) to the users. In this scenario a "communication channel" is established between conventional access infrastructures for analogue or ISDN telephones (or other devices) using an IP network infrastructure to typically to reduce cost for long distance calls.

Building Blocks and Elements

Overview

To describe the VoIP environment it is best to identify first the fundamental elements or building blocks, to be able to understand their principal structure and functions.

The above picture shows on the left side a typical IP based network used for VoIP applications. It can be basically any kind of IP network offering acceptable performance and reliability. On the user side VoIP endpoints (such as IP telephones or PCs) are attached to the network and can be used for voice, video and other communication applications. Special devices (switches, software PBXes, etc.) are used to provide call control and other important functions in the network. Several application scenarios require communication between VoIP users/devices and the users/devices connected to traditional PSTN infrastructures. A PSTN works fundamentally in a different way to an IP networks when it comes to

162

establishing and providing communication channels for communication endpoints. Because of this it is necessary to implement (interconnection) gateway systems that convert signalling and data formats and therefore can "bridge" between the fundamentally different communication infrstructures.

PSTN / GSTN Overview

PSTN (public switched telephone network) is the worlds collection of interconnected voice oriented public telephone networks that are often also referred to as the Plain Old Telephone Service (POTS). Today, these networks are almost entirely digital in technology. The final link from the central (or local) telephone office to the user (subscriber) can be digital (ISDN) but in the majority of cases still analogue. End devices connected to the PSTN have to comply to the technology used on this final link to the user. Although the PSTN today is typically digital it is by no means packet oriented(like IP networks are). From a communication technology point of view the PSTN is based on TDM (Time Division Multiplexing) a type of multiplexing technology. TDM repeatedly transmits a fixed sequence of time slots over a single transmission channel and combines multiple voice or data streams by assigning each stream a different time slot in the sequence. Adressing is also different between a PSTN and an IP network. In a PSTN a telephone numbers consists of up to 15 digits, in IP networks IP addresses are used to identify individual nodes. To ensure efficient and secure worldwide telecommunications a special network and protocol named SS7 (Signaling System 7) is used in the PSTN to perform call control functions (setup, closing, etc.). It also provides enhanced call features and services (toll-free and toll services, call forwarding, local number portability, etc.) SS7 is a telecommunications protocol defined by the International Telecommunication Union (ITU) and is characterized by high-speed circuit switching and out-ofband signaling. Out-of-band signaling is signaling that does not take place over the same path as the data transfer but uses a separate digital channel (signaling link), where messages are exchanged between network elements such as telephone switches.

IP Network Overview
The above picture shows a typical IP based network used for VoIP applications. It can be basically any kind of IP network which offers acceptable performance and reliability. Depending on the requirements and expectations of the users these IP networks can be either a managed or private MAN/WAN (IP Telephony), a companies internal

163

network (LAN/WAN) or the worldwide Internet (Internet Telephony, VOI). Addressing is based on IP addresses. This makes it necessary to provide special directory services to translate names (for example e-mail addresses) or "real" assigned telephone numbers to the IP addresses, which are used to identify an individual VoIP endpoint. On the user side VoIP endpoints like IP telephones or PCs with VoIP communicateion software and hardware (for example softphones) are attached to this infrastructure. They can be used for voice, video and other communication applications. Special intelligent devices (switches, software PBXes, etc.) are used to provide call control and other important functions in the network. Due to the fact that there are different ways to implement a VoIP network, names and functions of individual devices in the network differ. The two predominant technology alternatives are either based around H.323 or SIP standards (recommendations, RFCs, etc.).

VoIP Endpoints / Devices

A broad range of VoIP products are today available not only as VoIP endpoints (or devices) for the user that wishes to communicate via VoIP. Also there are systems that provide an increasing number of advanced communication services to the users: Examples of VoIP endpoints / devices for users:

PC with VoIP hardware and software (soft client) PC with headset, handset, etc. Laptop with sound system and microphone IP telephones VoWLAN phones (IP phones) VoIP adapter (to connect analogue phones, etc.) VoIP PBX (Private Branch Exchange) IAD with integrated VoIP gateway (Barricade) CPEs

Examples for VoIP endpoints that provide additional services:

VoIP gateways (interconnection between TDM and VoIP networks) Media server (voice mail, interactive voice response applications, network announcements) Proxies (interconnection between private and public IP networks)

Interconnection Gateways
(Interconnection) gateway systems convert signalling and/or data formats and therefore can "bridge" between fundamentally different communication infrastructures. Typical examples for such gateways are:

H.323-to-SS7 gateway SIP-to-SS7 gateway SIP-to-H.323 gateway

164

Gateway functionality can also be found incorporated into other devices like VoIP access router (IAD) or PBX solutions.

VoIP / PSTN Addressing

A numbering plan is a type of numbering scheme that defines the structure and use of the telephone numbers used for intrasite, inter-site and outbound telephone calls. In the PSTN the numbering plan is clearly defined. A telephone number consists of up to 15 digits, made up of a one to three digit country code (CC), followed by the subscriber number (SN). The ITU recommendation E.164 specifies the number structure and functionality/service of the numbers used for international public telecommunication. E.164 also defines all international country codes are defined. Within IP networks IP addresses are used to identify individual systems. When connected to the Internet every addressable node has to have its own unique IP address. An additional level of complexity is created by the fact many users are conneted to the Internet through dial-up services where the address is dynamically assigned. For plain VoIP solutions techniques based on DNS or other directory services technologies are available. In most cases it will be necessary to dials out of the VoIP network into the PSTN and vice versa. There are solutions and services available that offer gateways to the PSTN from a VoIP phone. By simply dialing a conventional telephone number the telephone call will be routed over the IP network to the defined gateway. Electronic Numbering (ENUM) makes it possible to dial traditional E.164 phone numbers, but be connected entirely over the Internet. This allows E.164 adresses to be used iwithin a DNS. Directory structure. ENUM allocates a specific zone (suffix) for use with E.164 numbers. Any phone number, can be then transformed into a hostname by reversing the numbers, separating them with dots and adding the suffix. DNS can then be used to look up internet addresses for VoIP telephony services.

VoIP Protocols
Overview
The predominant VoIP technology alternatives today are H.323, SIP (Session Initiation Protocol) and a very popular non-standard technology called Skype. Although fundamentally trying to solve the same problem - to deliver voice and other multimedia services over IP - these technology approaches differ in some ways.

165

H.323 a "product" of the telecommunication industry. It is today an ITU (International Telecommunication Union) umbrella standard, defining a broad range of audio, video and data compression standards and protocols. Being an ITU standard the technology is sound and reliable but also very complex. SIP on the other hand was and is still being developed by the IETF. SIP is a fast and simple signalling and application layer control protocol for IP (Internet) multimedia applications and telephony. It is gaining fast in popularity and has be come a very attractive alternative to the much older and previously widely implemented H.323 technology. H.323 and SIP although designed by very different standardization bodies have nevertheless a lot in common. They differ fundamentally in signaling / call control and management but both rely on RTP (Real-Time Transport Protocol) for transporting the voice (multimedia) information. They also share many of the fundamental technologies for digitizing analogue signals. H.323 and SIP are by no means the only protocols to build VoIP solutions. There are a broad range of technology alternatives including many proprietary solutions of individual manufacturers as well as standards like Megaco/H.248 or MGCP. MGCP (Multimedia Gateway Control Protocol) is typically used in VoIP solutions utilizing TV cable network infrastructures. Also worth mentioning at this point is a very popular Internet telephony solution named Skype. Skype is a combination of free software and a service that allows users to make free calls to anyone else using Skype software (and the Skype service). Skype is using a not-standardized, highly effective and secure communication technology.

Signaling Protocols
H.323 Introduction

H.323 is an interoperability standard that describes the modes of operation required for various audio, video, and/or data terminals to work together.It is one of the important standards for IP / Internet voice and video applications including IP/Internet phones as well as audio and video conferencing equipment. The development of H.323 originally was focussed on LAN video conferencing applications. When it was ratified in 1996 by the ITU (International Telecommunication Union) it became an umbrella standard, defining a broad range of audio, video and data compression standards and protocols. The H.323 standard specifies the following protocols and technologies:

Codecs for audio and video Registration, admission and status (H.225) Call signalling (H.225) Control signalling (H.245)

166

RTP (Real-time Transfer Protocol) RTCP (Real-time Control Protocol)

H.323 can be implemented in various different ways. Depending on the application it can be used for audio/voice only (telephony), audio and video (video conferencing, video telephony), audio and data (whiteboaarding), or all of these applications combined (full video and data conferencing).

Signaling Protocols

H.323 Architecture

The architecture of H.323 contains several componente (or elements) that perfom specific functions in the network: Endpoint Terminals are used for bidirectional multimedia communications. They are either a PC or a dedicated device supporting H.323 and one or more applications (like an IP phone for example). A H.323 terminal consists of at least a network interface, a System Control Unit (SCU), the H.255 Layer and an audio codec unit for voice applications. Video codecs and other user data applications are optional components. H.323 terminals are compatible with H.324 terminals on POTS, H.320 terminals on ISDN, H.310 terminals on B-ISDN, H.322 terminals on guaranteed QoS LANs and V.70 GSTN (Global Switched Telephone Network) terminals. H.323 Gateways are used to interconnect various different telephony (and video conferencing) technologies. These gateways convert digitized voice into IP packetand, translate call control information. H.323 Gatekeeper function as virtual PBX or switch. H.323 does not require a Gatekeeper to be implemented. If deployed it acts as the central point for switching all calls within its domain. Terminals will first contact the Gatekeeper, which then controls the calls by granting (or denying) permission for the call and by instructing endpoints about how to perform call control and other functions. Although multipoint conferencing on the H.232 network can be done in a decentralized way, often Multipoint Control Units (MCUs) or Multipoint Controllers (MCs) are used for centralized multipoint conferences. MCUs perform audio mixing and voice switching between several endpoints and coordinate the call control and codec negotiation between all participating devices.

167

Signaling Protocols

SIP Introduction

The Sesssion Initiation Protocol (SIP) is a relatively new Internet standard that basically is a simple signaling and application layer control protocol for multimedia conferencing and telephony. It is today besides H.323 the most important standard for IP / Internet voice applications. SIP is defined in RFC 2543, as part of the MMUSIC (Multiparty Multimedia Session Control) working group of the IETF. This group is working on a complete framework of protocols to solve abroad range of multimedia conferencing and communication solutions. These include SDP (Session Description Protocol), SAP (Session Announcement Protocol), RTSP (Real-Time Stream Protocol), SCCP (Simple Conference Control Protocol) and SIP. SIP is a simple, low-level protocol for establishing, modifying or terminating multimedia sessions or Internet telephony calls between two or more users. Such sessions can include voice, video, chat, other multimedia data (such as interactive games).The protocol can also invite participants to unicast or multicast sessions. SIP supports name mapping and redirection services. This makes it possible to identify users regardless where they are and allows users to initiate and receive connections and services from any location. SIP is a simple request-response protocol, dealing with requests from clients and responses from servers. Users are identified by SIP URLs. SIP determines the end system to be used for the session, the communication media and media parameters. It then initiates the communication. It establishes call parameters at each end of the communication, and handles call transfer and termination. Like H.323 SIP uses the RTP (Real-Time Transport Protocol) for transporting the voice (multimedia) information.

168

Signaling Protocols
SIP Architecture

The SIP architecture contains several componente (or elements) that perfom specific functions in the network: SIP Endpoint Terminals are used for bidirectional multimedia communications and are either a PC or a dedicated device supporting SIP and one or more applications (like an IP phone for example). SIP terminals are compatible with H.324 terminals on POTS, H.320 terminals on ISDN, H.310 terminals on B-ISDN, H.322 terminals on guaranteed QoS LANs and V.70 GSTN (Global Switched Telephone Network) terminals. A Location Server maintain the IP addresses of all users and is, for example responsible for translating alias names to IP addresses. The SIP Server is responsible for call handling and call establishment. Call control can be implemented in one of two ways either in proxy mode or in redirect mode. Just like H.323 Gateways, SIP Gateways are used to interconnect various different telephony (and video conferencing) technologies. These gateways convert digitized voice into IP packets and translate call control information.

Signaling Protocols
Skype Introduction

Skype is a very popular free software and service that provides free VoIP calls to users of the Skype software and service. Skype allows free calls from anywhere in the Internet within the Skype network. In addition it offers cost effective calling to fixed lines or mobile phones using Skype's SkypeIn and SkypeOut services.

169

SkypeOut is a cheap way to call from Skype to landlines and mobile phones. SkypeIn is a number the calling party can dial from any phone and connects as a call with in Skype. It is possible to get country prefixes in some of the locations offered, and receive calls from anywhere in the world when connected to the Internet, and of course Skype. Skype is based on a peer-to-peer (P2P) architecture to handling all Skype communications. Contrary to client-server models there is no big central server to ensuring the performance and services of the communication applications. Skype (software) clients directly interact with each other, not only for the actual communication but also to provide other essential services in the network like call relaying or keeping the network directoy (Global Index) up to date. The Global Index is a distributed directory service that provides information about the users (availability for example) and is the basis for call establishment and successful communication. A Skype user is identified by a Skype username. Authentication of an user is based on a password that is defined when the Skype account is created. This password is used for accessing the web-based Skype account management systems and also for logging in to the Skype software. Once a user has been successfully authenticated, a time-limited electronic credential (which is digitally signed by Skype) will be given to the user. All communication between Skype users is encrypted in the Skype "session". This is established between the communicating systems before any actual data or voice is exchanged.

Signaling Protocols

Skype
Skype is based on peer-to-peer (P2P) supernode architecture to handle all Skype communications. Skype (software) clients directly interact with each other, not only for the actual communication but also to provide other essential services in the network like call relaying or keeping the network directory (Global Index) up to date. A supernode is a normal Skype client that provides additional services to the Skype network. It handles contact lists and performs if necessary - to other Skype clients call routing (relay) functions. These services or functions are entirely transparent to the Skype user. A Skype client that is unable to receive incoming network connections - for example a user behind a NAT router or a firewall - cannot become a supernode and will also not be asked to relay calls. Such a Skype client relies on other Skype nodes (with unrestricted communication capabilities) to relay their calls. Every time Skype users try to communicate with one another, the caller tries to communicate with the called party directly. If the called party is hidden behind a firewall or a NAT router, then the computer of the called party is asked (by the Global Index) to establish a connection in the reverse direction. In the case where both parties cannot be reached from the Internet directly, the call has to be sent via a relay node, that is reachable by both computers.

Media Transport Protocols

RTP

170

RTP (Real-time Transport Protocol) in conjunction with RTCP (Real-Time Transport Control Protocol) has been used by the research and university community for years on the Mbone. This network is the Internet's still somewhat experimental multicast backbone, for video conferencing and telephony over IP. It never gained general acceptance because of its very limited signalling capabilities. The (RTP) was specifically designed to allow the transport of isochrounous data across a packet network. It addresses some of the problems occuring in such networks such as jitter and desequenced packets. Typically it is used in combination with UDP. On top of UD,P it can be sent in multicast IP packets, which means that a RTP stream originating from a single source node can be simultaneously sent to multiple destination nodes.

Codecs
Introduction

In order to be transmitted across computer networks voice (the same is true in principle for video) has to be converted from its analogue form into a digital format. This digitizing of data is done by discretizing the signal in time (sampling) and then discretizing the signal in amplitude.

The systems that perform this conversion process (in both directions) are called codecs. In adition to the actual digitalization of analogue signals these codecs further processes the data to further reduce the amount of data further and to optimize it for the transmission. Parameters like the sampling rate, the number of bits used to encode the data and the methods used to optimize the transmission greatly influence the quality of the digitized speech. VoIP systems may have several different codecs implemented. This means that negotiating and agreeing on the codec actually used is part of any VoIP communication.

171

Typical examples of codes are:

G.711 PCM G.723.1 MP-MLQ G.729 CS-ACELP G.726 ADPCM G.723 MP-MLQ G,728 LD-CELP

Quality of Service
Introduction
When it comes to quality expectations for telephony applications, the digital PSTN of today sets a very high standard. Short delays, a clear signal and high reliability is what we expect of our daily used telephone services. Although VoIP solutions have the potential to deliver comparable communication quality in theory, the actual quality we get depends on many differrent factors. To improve the communication quality in packet oriented networks many technical solutions are either already available or under development. QoS technologies play an increasing role in improving the acceptance of VoIP. "Qualty of Service" (QoS) might be best defined as the ability of a (communication) system or network to guarantee specific parameters or values when it comes to uptime, throughput, delays, error rate, etc. To transmit voice with an apropriate quality several requirements have to be met:

Enough bandwidth has to be provided reliably and any time Delay has to be kept constantly below a certain level Changes in the delay (jitter) have to be kept to a minimum Good voice codecs (appropriate to the avail. bandwidth) Echo cancellation Miminal or no packet loss

The term QoS as used in the context of IP networks and VoIP refers to a broad collection of networking protocols, technologies and techniques that provide and control buffering, voice packet priorization, echo cancellation and guaranteed bandwidth.

Quality of Service
Networking Technologies
QoS can be implemented at very different levels in the network. Solutions largely depend on the underlaying network technology and structure. QoS solutions can be roughly divided into the following groups:

WAN/MAN technologies with QoS capabilities Layer 2 switching technologies Layer 3 switching and routing protocols and technologies Internet / IP QoS protocols Rate control solutions

WAN MAN protocols and technologies used by carriers and other providers of WAN/MAN services quite often have comprehensive QoS functionality built in. Typical examples of such technologies are ATM (Asynchronous Transfer Mode, SONET (Synchronous Optical Network) and Frame Relay.

172

Layer 2 as well as Layer 3 switching technology is available today to deliver QoS functionality in typical enterprise, but also some carrier networking infrastructures. These technologies range from simple CoS (Class of Service) implementations in LAN switches (different priority queues) to sophisticated layer 2/3 switching solutions. Typical examples for such QoS switching solutions are either prorietary approaches like IP Switching or Tag Switching or standards based technologies such as MPLS (Multiprotocol Label Switching). Of special interest for VoIP solutions in general are technologies and protocols providing Layer 3 QoS solutions that allow the limitations and problems in (also large) IP network including the Internet to be overcome. Typical examples for such QoS solutions or approaches are RTCP (Real-Time Transport Control Protocol), RSVP (Resource ReServation Protocol) and RTSP (Resource Reservation Protocol). In order to be able to solve some QoS problems at specific bottlenecks in the network infrastructure, special rate control solutions have been developed. These bandwith management and traffic shaping solutions typically work transparently and allow the priorization, reservation, limitation and blocking of IP communication at an application

Internet / IP QoS Protocols

Before multimedia and VoIP applications can be widely used, the IP networks must be modified to support real-time QoS and provide controlled end to end delays. This is especially true for the Internet infrastructure. In typical VoIP communications RTP (Real-Time Transport Protocol) will be used for transporting the actual voice (multimedia) information. Because RTP does not provide the QoS functionality needed various protocols have been developed or are under development. These offer additional levels of control and better QoS for RTP communications in IP networks and the Internet.

RTCP (Real-Time Transport Control Protocol) is a protocol to exchange control information from time to time bewteen the participants of a particular RTP session. RTCP control packets can include information about the mapping of participants to specific single stream sources and about the quality of the transmission in the network. The Resource ReServation Protocol (RSVP), is an Internet control protocol specially designed to enable applications to request a specific quality of service from the network. It is used by both network hosts and routers. RSVP treats an application flow as a one-way connection sending QoS request from the sender to the receiver. RSVP is a transport layer protocol that uses IP as its network layer and is designed to operate with other unicast and multicast routing protocols.

Security
Overview

173

The fast deployment of VoIP solutions not only offers new possibilities and opportunities but also introduces new risks. The fundamental technology changes for voice communication introduce new threats and new challenges for security specialists and network administrators. Eavesdropping on conversations in the network by intercepting a VoIP connection is only one example of the new security threats. However, security measures in general to not differ very much from networks without VoIP. Whether the goal of the attacker is to gain information, steal resources or to disrupt business processes, the used approaches and tools are pretty much the same. But there are certainly security issues to be adressed that result from the specific VoIP technology implemented. The SIPstandard for example does include functions to enhance media security (encryption), message exchange security and authentication. Also in H.323 there are functions and protocols (described in H.235) that are designed to provide better levels of authentication, privacy and integrity. In situations where higher levels of privacy and security are needed, technologies like firewalls, authentification systems and VPN technology can be implemented. Some of the "classic" attack patterns or techniques like DDoS attacks, will probably also be directed at VoIP servers and gateways. Firewall systems need to be configured or even upgraded to be able to prevent damage to the network and its components.

Security
VoIP and Firewalls / NAT
Although not a security problem, special attention has to be given to communication issues and problems . In particular, those that have to do with techniques (mainly network address translation) used in many firewall solutions and IADs (Internet Access Devices) such as access routers. NAT (Network Address Translation) techniques allow more than one system (for example a LAN) to be connect to the Internet using a single (often even dynamically assigned) IP address. The address translation device converts the outgoing IP address of each LAN device into its single Internet address and vice versa. Because of serious limitations related to incoming connections that cannot be simply directed to the individual systems in the internal network, these network address translation devices need special software that work at an application/protocol level (for example SIP signaling proxies and H.323 proxies) to overcome these issues. Other issues or problems that have to be taken into account when using systems like firewalls or VPN gateways in VoIP solutions have to do with the additional latency that these systems would cause. This means that a lot of attention has to be given to the overall network design and the selection of network and security devices that are in the communication path between VoIP systems to keep latency at a minimum.

174

VoIP Scenarios
Introduction

VoIP can be deployed and implemented in many different ways and application scenarios. The complexity of VoIP results to some degree from the fact that several different VoIP technologies, standards and implementations are often combined.

The terms on-net and off-net for example refer to two different levels of complexity in VoIP communications. An on-net call originates and terminates within a single enterprises or providers network. Off-net calls on the other hand cross the bounbdaries of the providers respectively enterprise network and require therefore special technology (gateways, etc.) and have other compatibility aspects (signaling, coding, etc.) taken into account. A good way of simplifying the subject further is to look at specific application scenarios or implementations. Typical VoIP scenarios or applications are for example:

Residential user / branch office with ITSP (On-net) Internet Telephony solutions Long distance call services (PSTN to PSTN) LAN Telephony / small PBX replacement WLAN hotspot with ITSP VoIP access router / IAD for SME networks

Internet Telephony Services

An ITSP (Internet Telephony Service Provider) interconnects the PSTN with the Internet by implementing interconnection gateways. Residential users as well as enterprise users can make very cheap (sometimes cost free) on-net calls within the provider IP network, or the Internet. Most ITSPs offer telephony services that allow their users/subscribers to establish telephone communications also with subscribers that are connected to the PSTN (off-net calls) at comparatively low charges. Most ITSPs therefore assign a normal telephone number to their customers. Every call that is made from the PSTN to that number will be routed by the interconnection gateway to the

175

customer's IP phone. The same technology approach is the basis for special long distance call service offerings where an IP network infrastructure is used to interconnect two PSTN users/subscribers. Extreme cost reduction for long distance services/calls are possible in these cases.

SIP Wi-Fi Phone

For many users that are within reach of a wireless LAN a mobile Wi-Fi Phone that supports SIP is a perfect solution. It is a wireless phone that enables the user to make VoIP calls without using a computer. With a SIP Wi-Fi Phone users can have access to both PSTN and VoIP networks as long as users have a SIP account with the relevant services as offered by a large number of ITSPs. The phone allows the user to access his VoIP service with complete mobility: unlike other devices that must connect with a computer, a SIP Wi-Fi Phone will work anywhere where wireless Internet connections can be found, such as: at home, work or campus, without the trouble of turning on the computer.

LAN Telephony

LAN Telephony refers to VoIP solutions that are designed to replace conventional PBX technology in both the small office or enterprize environment. LAN Telephony is today a well accepted technology. This is mainly because of its easy implementation and management and the dramatic cost reduction by not having to implement an expensive completely separate communication for telephony solutions next to the data network. But cost reduction is only one good reason for LAN Telephony. This technology allows much faster implementation of new and advanced communication applications (CTI, whiteboarding, etc.) and plays in many businesses an important role in increasing competitiveness and efficiency. Many problems and difficulties that only have been partly solved in large IP WAN infrastructures and the Internet can be ignored in todays switched high bandwidth local area networks. There are hardly any constrains when it comes to delay, network error rate or bandwidth in a well designed switches Ethernet LAN. The actual technical implementation will depend on the choosen VoIP technology. SIP and H.323 solutions for example differ in architecture and setup.

176

LAN Telephony solutions not necessarily have to be connected to the Internet or an IP network. In many cases the VoIP PBX systems are connected to the PSTN - exactly the same way as conventional PBX systems are. Often the VoIP PBX is connected to both, the PSTN and an IP network (Internet). In this cases the user is able to benefit from the low costs of Internet or IP Telephony solutions but still can leverage the specific benefits that PSTN technology offers (availability, special services, etc.).

VoIP Scenarios

SME VoIP IAD / Access Router

For SME customers and smaller offices the perfect VoIP solution consitst of an IAD (internet access device) or access router with integrated VoIP gateway functionality. These devices offer all the IP routing, NAT, security and management functions to provide Internet access for one or more computer systems in the local network. Additional QoS features and the necessary server and gateway functions allow the customer to quickly configure a complete VoIP (LAN Telephony, IP Telephony, Internet Telephony) solution. These VoIP IADs will support one or several of the VoIP standards (H.323, SIP, MGCP, etc). For users that wish to use existing analogue devices (telephones, DECT wireless phones, fax machines, etc) in their VoIP solution, some access devices have integrated VoIP adapters that provide one (or more) analogue ports.

Complete SME IP-PBX Solution

An ideal solution for small and medium size companies is the combination of several of the technologies described previously. Central element of this solution is an IP-PBX especially designed to solve the needs and requirements of SMEs. The IP-PBX contains besides a featurerich VoIP-PBX an access router for secure and reliable connectivity to the Internet. The IP-PBX offers the advantages of LAN telephony and provides in addition analogue telephone ports. These analogue ports not only allow the use of analogue devices like phones or fax machines, but provide connectivity to the PSTN to access services that are either difficult or impossible to be used from within a plain VoIP solution. Examples for such services are service and/or toll-free numbers and also emergency numbers.

177

Depending on the company requirements VoIP devices can be installed for the different work places and connected with the IP-PBX through the local network. These VoIP devices can be either simple PCs that are equipped with SIP-software to become VoIP phones, professional Desktop SIP Telephones (like the SMC Desktop SIP Phones SMCDSP-200 / SMCDSP-205) or even mobile SIP WLAN phones (like the SMC SIP Wi-Fi Phone SMCWSP-100). Additional analogue devices like analogue phones or fax machines can be integrated into the VoIP solution by using special terminal adapters.

Internet Telephony using Skype

This scenario refers to on-net call applications that are only using the Skype network as means to interconnect the end devices. These calls remain within the Skype network and are free of charge.

Skype - Off-net Calls

This scenario is referring to so called off-net call applications. These calls cross the boundaries of the Skype network and traditional public telephone networks and require special services to connect and convert the encoded calls.

178

In order to make calls from within the Skype network to a phone outside the Skype network (like the PSTN), it is necessary to register with Skype's SkypeOut service and buy SkypeOut credits to make cost-effective calls from a Skype phone to ordinary landline and mobile phones. To be able to make calls from a mobile phone or a fixed phone (from the PSTN) it is necessary to register with Skype's SkypeIn service to receive a Skype phone number. This number can be from any of the countries where SkypeIn currently offers this service. Calls from landline and mobile phones to this number will then be routed automatically to the corresponding Skype account.

Wi-Fi Phone for Skype

For many users that are within reach of a wirelesss LAN a mobile Wi-Fi Phone for Skype is a perfect solution. It is a wireless phone that enables the user to make Skype calls without using a computer. The phone allows the user to access his Skype account with complete mobility: unlike other devices that must connect with a computer, a Wi-Fi Phone for Skype will work anywhere where wireless Internet connections can be found, such as: at home, work or campus, without the hassle of turning on the computer. A Wi-Fi Phone for Skype (like the SMC WSKP100) allows:

Free calling from anywhere in the world within the Skype network, and cost effective calling to fixed lines or mobile phones using Skype's SkypeIn and SkypeOut services.

Integrated IEEE 802.11b/g wireless connectivity and an easy to configure, pre-installed, Skype User Interface allowing easy configuration and use.

Quality of Service (QoS) function that prioritizes voice traffic, ensuring good consistent voice quality.

SMC VoIP Products

SMC7908VoWBRA2 VoIP

179

The Voice Connect Broadband Router with integrated ADSL-Modem SMC7908VoWBRA2 is an all-in-one solution for connecting and sharing an ADSL-Broadband connection, including LAN switching (4-port 10/100 Mbps), Voice over IP and a 54Mbps Wireless Access Point (IEEE 802.11b/g). Extensive security features include an integrated NAT-/ SPI-Firewall, VPN Pass-through (IPSec, L2TP, PPTP), MAC address filtering, URL Blocking, Hacker-Attack-Logging with E-Mail-Alert, WEP Encryption and Wi-Fi Protected Access (WPA/ WPA2) and port based authentication (IEEE 802.1x). Features and Benefits:

VoIP Features:

Functions as a Bridge and/ or Router DHCP-Server, Virtual Server, DMZ-Host, Static Route, RIP v.1/ v.2c Universal Plug-and-Play (UPnP), Dynamic DNS 54Mbps Wireless LAN ADSL2/2+ (RJ-11) for Annex A, TI 1.413, G.DMT, G.Lite 1x FXO (RJ-11) for automatic fail-over to PSTN, 2x FXS port (RJ-11) Web based Management (configuration, Firmware Update)

Supports SIP v.2 voice protocols PSTN sup. services: Call Hold/ Waiting/ Transfer, Caller ID, Call Transfer Multiple voice codec: G.711 A/U Law, G.729a, G.723.1, G.168 T.38 Fax relay and modem relay Quality of Service, Echo cancellation, Jitter buffer Mapping of voice and data to separate PVCs DTMF: in-band and out-band

Introduction
Overview and Applications

More and more households not only own a PC but use it frequently not only for work but also for entertainment. Home PCs today are powerful multimedia systems. They are quite often used to:

store and edit pictures taken with digital cameras digitize and store pictures and images using scanners download and replay audio and video clips from the internet listen to Internet Radio

180

As much as PCs did become also home entertainment products, they typically lack the comfort and (output) quality consumers are used to. State of the art home entertainment solutions allow to combine the benefits of existing HiFi stereo systems and video / TV sets with the power and flexibility of increasingly powerful personal computers. The solution are devices like the SMCWMR-AG EZ-Stream Universal Wireless Multimedia Receiver that delivers a networked PC's collection of MP3 songs, digital photos, digital music video or movies to the Home Entertainment Center or Audio System. It also makes it possible to comfortably listen to Internet radio on the HiFi stereo system, using the broadband home network connection.

Introduction

PC / TV / Audio Integration
The EZ-Stream Wireless Multimedia Receiver (SMCWMR-AG) is designed to distribute entertainment media, audio, pictures and streaming video, throughout the home. The SMCWMR-AG connects to the existing TV or HiFi system, allowing to play MP3 music, listen to Internet radio, watch MPEG films and view digital images that reside on the home PC via a simple-to-use remote control. Quite often the Home PC is not situated in the living room but the large screen TV and the HiFi stereo system is. This is why the SMCWMR-AG in addition to a 10/100 Ethernet interface - has the latest wireless 802.11a/b/g technology implemented. This means the Home PC that is used as a media server can be situated anywhere in the home. No cables between the PC and the TV/Audio system are necessary. The SMCWMR-AG automatically shares digital multimedia content from one or more PCs. Easily the user can create customizable slide shows, load MPEG videos, listen to Internet radio stations or configure a home juke-box playing the preferred music. For configuration and setup the SMCWMR-AG both a user-friendly Web-based management and a TV user interface is implemented

Elements and Building Blocks

The Basic Setup
To implement a Home Entertainment solution with the SMCWMR-AG the following components are necessary: The SMCWMR-AG for converting digital image, audio and video formats into high quality analogue audio and video signals.

181

For video streaming and still image applications, the SMCWMR-AG has to be connected to a video/TV system using a standard video cable. For playing audio clips and streams, the SMCWMR-AG has to be connected to an (HiFi) audio system (or alternatively a video/TV system), using a standard audio cable. An infrared remote control together with the connected TV set is used to comfortably control and configure the SMC home entertainment solution. A personal computer is needed to install and run the Media Server Software. From this server the SMCWMR-AG gets the files and digital audio and video streams that need to be converted and sent to the audio respectively video/TV system. For live Internet Radio streaming a broadband internet access is required. In order to allow continuous audio streaming to the SMCWMR-AG while also accessing the Internet with other systems like the Media Server or other home PCs the use of a broadband access router is recommended. In order to interconnect SMCWMR-AG, access router, media server and other networked systems, a wireless or wired LAN has to be implemented. The SMCWMR-AG can be connected to either wired (10/100 Ethernet) or wireless (IEEE802.11 a/b/g) local area networks. Depending on the LAN connection to be used also the Media Server and the access router have to be equipped accordingly.

The decision whether to use a wireless or a wired connection with the SMCWMR-AG will very much depend on the local circumstances. Wireless technology clearly offers more flexibility and hardly any installation effort. Wired LAN infrastructures on the other hand provide highest performance and signal quality.

Elements and Building Blocks

The Media Receiver
The SMCWMR-AG EZ-Stream Universal Wireless Multimedia Receiver is the heart of the SMC home entertainment solution. It is designed to convert various digital still image (graphics) and streaming formats into analogue audio and video signals. It is this device that makes it possible to use traditional HiFi stereo and TV systems to play MP3 music, listen to Internet radio, watch MPEG films and view digital images that reside on the home PC via a simple-to-use remote control.

182

Elements and Building Blocks

Streaming Media Server

The SMCWMR-AG relies on a PC system called media server to store and - as requested - send the data files and data streams to be converted by the media receiver to analogue video and audio signals. Easy to be used and configured Media Server software has to be installed on a networked PC. It allows music, photos, and video to stream from the PC to the Wireless Multimedia Receiver for listening/viewing on a stereo system/ TV. The Media Server provides a comfortable interface to share (with the SMCWMR-AG) directories and devices that are used to organize the multimedia content. The Media Server software is also used to configure the list of Internet radio stations displayed on the SMCWMR-AG.

Although the SMCWMR-AG recognizes only one host PC as media server at any given point in time, two or more SMCWMRAG Wireless Multimedia Receivers can be installed in one network.

Elements and Building Blocks

TV User Interface

The SMCWMR-AG can be controlled and configured through a TV User Interface, using the supplied infrared remote control. During the initial setup and configuration of the SMCWMR-AG the user is guided through simple menus and questions. Using the remote control the user selects options and enters configuration parameters. The same TV User Interface is also used to control the Home entertainment solution. Menus and options are selected using the remote control that provides short-cuts to quickly access audio or video clips, still image presentations or Internet radio stations.

183

Web-based Management

In addition to the TV User Interface, there is also a Web User Interface implemented for quick and easy configuration from a networked PC. If the SMCWMR-AG is connected to the network using the default settings, the URL will be "http://192.168.2.45/conf.shtml". To access the system the user has to simply launch a web browser and type the URL in the Address bar.

(Note: If a DHCP server is used on the network, and if the SMCWMR-AG is configured to obtain an IP Address automatically, it will be necessary to find out the assigned IP Address. It is then necessary to enter "http://IP_Address/conf.shtml" in the web browser in order to access the web user interface. Depending on the network setup, it might also possible to obtain the IP Address, by using the "Search for Media Link" option in the Media Server software.)

Connectivity / Communication
Overview

The SMCWMR-AG is a multi-talent when it comes to interfacing and communication with other devices. For video streaming and still image applications, the SMCWMR-AG has to be connected to a TV or video system using a standard video cable. For playing audio clips and streams, the SMCWMR-AG has to be connected to an (stereo) audio system(or alternatively video/TV system), using a standard audio cable. Integrated infrared technology is allows the SMCWMR-AG to receive commands sent by the remote control.

184

In order to interconnect SMCWMR-AG with access router, media server and other networked systems, wireless and wired LAN technology is implemented. The SMCWMR-AG uses then TCP/IP protocols for communication with other systems and the Internet.

The SMCWMR-AG EZ-Stream Universal 2.4GHz/5GHz Universal Wireless Multimedia Receiver is equipped with the following interfaces and connectivity options:

1 1 1 2 1

x x x x x

RJ-45 connector for 10/100 Mbps Ethernet Infrared receiver (for the signals sent by the remote control) Integrated WLAN (IEEE802.11a/b/g) Analogue RCA Connectors (for stereo audio signals left and right) Analogue RCA Connector (for analogue video / TV signals)

Connectivity / Communication

Infrared Remote Control

Infrared technology is used for communication between the supplied remote control and the SMCWMR-AG. The SMCWMR-AG Universal Wireless Multimedia Receiver Remote Control works much like other remotes already found with other products (like DVD players, VCRs, TVs, etc.) with several extra features to make your digital content-oriented environment much easier to navigate. Utilizing the TV User Interface Home entertainment solution can be configured and controlled. Menus and options are selected using the remote control buttons that provide short-cuts to quickly access audio or video clips, still image presentations or Internet Radio stations.

185

Composite Video RCA

Most TV and Video products have some very basic interfaces that allow flexible and simple connectivity. Although the physical layout of these interfaces (RCA connector, coaxial cables) typically is the same everywhere in the world the actual signals differ. Due to technical, economical and political reasons we have today 3 different systems (NTSC, PAL and SECAM) to transfer TV / Video signals. NTSC (National Television Standards Committee) is a standard used in North America and Japan. It has the ability to display up to 525 lines of resolution, at a rate of 30 fps (frames per second). PAL (Phase Alternating Line), a standard used almost everywhere else in the world, has the ability to display 625 lines of resolution, at a rate of 25 fps. SECAM (Sequential Color Memory) is used sparingly around the world and can be found in France, Eastern Europe, Russia, Africa and a few other parts of the world. The RCA Connector is a standardized, low-level connector featuring a single, cylindrical metal rod and an outer, round metal belt. RCA interconnects are unbalanced designs used in almost all systems and between almost any type of audio/video component. They are for example used for coaxial digital data interconnects in addition to coaxial composite video cables. On many many products RCA connectors are color coded. Connectors used for Composite Video signals are typically coded in yellow.

Analog Audio RCA

Most HiFI Stereo products have some very basic interfaces that allow flexible and simple connectivity between these systems. The physical layout of these interfaces (RCA connector, coaxial cables) typically is the same everywhere in the world. The RCA Connector is a standardized, low-level connector featuring a single, cylindrical metal rod and an outer, round metal belt. RCA interconnects are unbalanced designs used in almost all systems and between almost any type of audio/video component. They are the standard type of interconnect for audio purposes. On many many products RCA connectors are color coded. Connectors used for Analogue Audio (stereo) signals are often coded using the colors red and white, where red identifies the "right" audio channel and white identifies the "left" audio channel

186

10/100 Ethernet - RJ45

Ethernet is the name for a technology used in Local Area Networks (LAN). Ethernet uses a principle by which each frame is broadcasted onto a medium such as wire or fiber. All computers, on the network, are listening. The computer with the matching destination address, accepts the frame and checks for errors. 10BaseT describes the Physical Layer Specification for Twisted-Pair Ethernet using Unshielded Twisted Pair wire at 10Mbps. There is also a specification for 100Mbps Ethernet (100BaseT, Fast Ethernet) allowing to built LANs with higher quality cabling (Cat.5) that run at 10 times the speed of 10BaseT. With its 10/100 Ethernet RJ-45 auto-sense interface the SMCWMR-AG does support both 10BaseT and 100BaseT speeds. The RJ-45 Connector is a 8 pins connector for twisted pair cables. It is larger in size but it looks similar to a typical telephone wire connector (RJ-11) that usually only has 4 or 6 pins.

WLAN IEEE802.11
A Wireless LAN as described in IEEE802.11is a local area network that transmits over the air typically in an unlicensed frequency such as the 2.4GHz band. A wireless LAN does not require lining up devices for line of sight transmission like IrDA (infrared technology). 802.11 is the name of a family of IEEE standards for wireless LANs first introduced in 1997, providing then 1 or 2 Mbps transmission in the 2.4GHz Band. Since then the standard has been substantially extended to support higher transfer rates (up to 54Mbps) in different frequency ranges (2.4GHz and 5GHz bands). The IEEE 802.11 standard describes the transmission protocols and techniques for two fundamentally different ways to build and use a RF wireless LAN. - The SMCWMR-AG does support both modes: Ad-hoc" and Infrastructure" An "Ad-hoc" network is a peer to peer network where all the nodes are wireless clients. As an example, two PC's with wireless adapters can communicate with each other as long as they are within range. Infrastructure" or network mode" uses Access Points". Access Points are networking components that control and manage all the communication within a wireless LAN cell, between wireless LAN cells, and between wireless LAN cells and other LAN technologies. Access points are typically attached to the local network using standard Ethernet cable. Wireless systems can then communicate to wired Ethernet systems through this access point.

187

Internet Access
The SMCWMR-AG uses TCP/IP protocols for communication with other systems and the Internet, regardless whether the user chooses wireless or wired LAN technology to interconnect the networked systems in the home. In order to allow continuous audio streaming to the SMCWMR-AG while also accessing the Internet with other systems like the Media Server or other Home PCs, the use of an Internet access router is recommended. Broadband and ISDN router technology allow the users to make efficient use of the available bandwidth they get from their ISP:

access the Internet at the same time through the same connection

All stations on the local network can

Access routing technology (including NAT, PAT) allow users to connect local LANs to the Internet using low cost dial-up services or services that only assign one dynamic Internet-address. Access router technology typically provides already a good level of security. Installation, configuration, maintenance is kept very simple.

The "Barricade" SMC Broadband Access Router family offers a wide variety of features and options. Users for example that wish to implement their home network (entirely) on wireless technology can use one of SMCs access router products with integrated WLAN technology.

Home Multimedia Applications

Still-Image Applications

Home PCs did become over the last years powerful multimedia systems. Photos taken with digital cameras or scanned images can not only be stored and viewed on the PC as bit maps but can also be edited and modified maintaining a high quality. Quickly also the Internet developed into a platform not only to present and/or look at low resolution digital images but also to exchange high quality digital images. In order to reduce the size and make the exchange and storing of high resolution digital images more effective, new compression techniques and graphic formats like JPEG and GIF had to be developed.

188

The SMCWMR-AG is capable to convert several graphic (bit map) formats into analogue video signals for display on TV screens. To do so the SMCWMR-AG retrieves the data from a media server using the TCP/IP protocol.

Still-Image Technology

Digital imaging technologies and data formats supported with the SMCWMR-AG:

JPEG BMP

Other digital imaging technologies and data formats will be made available in future releases of the SMCWMR-AG.

In general electronic graphic formats can be grouped into "vector graphics" or "bit map graphics". Vector graphics images, are typically used to produce high quality electronic images and drawings and are designed to be quickly rescaled. CAD programs and high sophisticated design programs usually work with these formats. In order to display such images on the WWW or with the SMCWMR-AG they are typically first converted into bit map graphics. A bit map (often spelled "bitmap") defines a display space and the color for each pixel or "bit" in the display space. BMP and JPEG are examples of graphic image file types that contain bit maps. Because a bit map uses a fixed or raster graphics method of specifying an image, the image cannot be rescaled by a user without losing definition. Digital photos and scanned images are automatically stored in bit map formats. JPEG (Joint Photographic Experts Group) is a standard (ISO) for compressing still images that provides compression with ratios up to 100:1. A JPEG graphic image file is created by choosing from a range of compression qualities. Since the highest quality results in the largest file, a trade-off will be made between image quality and file size. JPEG is one of the image file formats supported on the WWW. File extensions used with JPEG files are ".JPG" or ".JPEG". BMP (Bit MaP) format is a format for storing device-independent and application-independent images in Windows. The format is simple and has no compression algorithms. This results in BMP files that are quite large but can be decoded/encoded quickly. The file extension used is ".BMP".

Home Multimedia Applications

Still-Image Technology
Digital imaging technologies and data formats supported with the SMCWMR-AG:

JPEG BMP

Other digital imaging technologies and data formats will be made available in future releases of the SMCWMR-AG.

In general electronic graphic formats can be grouped into "vector graphics" or "bit map graphics". Vector graphics images, are typically used to produce high quality electronic images and drawings and are designed to be quickly rescaled. CAD programs and high sophisticated design programs usually work with these formats. In order to display such images on the WWW or with the SMCWMR-AG they are typically first converted into bit map graphics. A bit map (often spelled "bitmap") defines a display space and the color for each pixel or "bit" in the display space. BMP and JPEG are examples of graphic image file types that contain bit maps. Because a bit map uses a fixed or raster graphics

189

method of specifying an image, the image cannot be rescaled by a user without losing definition. Digital photos and scanned images are automatically stored in bit map formats. JPEG (Joint Photographic Experts Group) is a standard (ISO) for compressing still images that provides compression with ratios up to 100:1. A JPEG graphic image file is created by choosing from a range of compression qualities. Since the highest quality results in the largest file, a trade-off will be made between image quality and file size. JPEG is one of the image file formats supported on the WWW. File extensions used with JPEG files are ".JPG" or ".JPEG". BMP (Bit MaP) format is a format for storing device-independent and application-independent images in Windows. The format is simple and has no compression algorithms. This results in BMP files that are quite large but can be decoded/encoded quickly. The file extension used is ".BMP".

Home Multimedia Applications

Internet Radio

Internet Radio is one of the most fascinating developments made possible by the incredible growth rate and acceptance of the Internet. Its potential and dynamic are truly astonishing. The number of stations, the quality of content and transmission is developing constantly at high speed. The combination of traditional radio programs with the reach of the Internet creates a completely new dimension and changes the radio into something more powerful, more actual and more targeted. Programs can be created for any special interest group, minority or taste. Everybody on the Internet can tune in on any of these stations and programs worldwide and any time. The SMCWMR-AG now makes it possible to comfortably listen to Internet radio on an audio (stereo) system, using the broadband Internet connection at home. As soon as the option "IRadio" is pressed on the SMCWMR-AG remote control the user can select any of the Internet radio stations then displayed on the TV screen. New Internet radio stations and programs can be configured using the Meda Server software on the Home PC. The name for the radio station and the complete URL (or internet address) has to be added to the list of radio stations. For example, possible Internet Radio URLs would be "http://66.111.61.58:10500 or "http://www.radioname.com:10500". The SMCWMRAG also supports the playlist formats with the file extensions ".m3u" and ".pls. An example for such an URL could be "http://www.radioname.com:7500/listen.pls"

Streaming Technology

To provide a high level of flexibility and usability, the SMCWMR-AG supports several multimedia technologies and formats. Audio streaming technologies and data formats supported with the SMCWMR-AG:

MP3 (64-320kbps) Internet Radio (MP3 and PLS)

Video streaming technologies and data formats supported with the SMCWMR-AG:

190

MPEG-1 MPEG-2 MPEG-1 MPEG-2

Video Video Video Video

(PAL) 25fps, 352x288, 2Mbps (PAL) 25fps, MP@ML Full D1 720x576, 4Mbps (NTSC) 30fps, 352x240, 2Mbps (NTSC) 30fps, MP@ML Full D1 704x480, 4Mbps

Other digital streaming technologies and data formats like MP3++, Dolby Surround (5 Channels), Windows Media (Audio / Video) and MPEG-4 will be made available in future releases of the SMCWMR-AG. MPEG (Moving Picture Experts Group), is the name of family of standards used for coding audio and video information (e.g., movies, video, audio) in a digital compressed format. The major advantage of MPEG compared to other video and audio coding formats is that MPEG files are much smaller for the same quality. The standards MPEG-1 and MPEG-2 provide interoperable techniques of representing audiovisual content, commonly used on digital media and on the air. MPEG-4 extends this to many more application areas through features like extended bit rate range, better scalability, error resilience, interfaces to digital rights management systems and powerful ways to build interactivity into content. MP3 is the abbreviation for MPEG Audio Layer 3. This is an audio compression technology that is part of the MPEG-1 and 2 specifications. MP3 encoding allows to compress CD-quality sound by a factor of 10-12 which corresponds to 128-112 kbps for a stereo signal. Factors of 24 and even more still maintain a sound quality that is significantly better than what can be achieved by just reducing the sampling rate and the resolution of the audio recordings.

SMC Home Entert. Products

SMCWMR-AG Multimedia Rec.

The EZ-Stream Universal 2.4GHz/ 5GHz Wireless Multimedia Receiver SMCWMR-AG is a product designed for home users that delivers wirelessly from networked PC's MP3 songs, digital photos and digital video/ audio to TV and Audio Systems. It is also possible to listen to Internet radio using a broadband connection to the Internet. Features and Benefits:

16Mb flash RAM, 32Mb SDRAM 10/100 Mbps standard Ethernet interface (RJ-45) IEEE 802.11a/b/g, "Ad-hoc" or "Infrastructure" mode Composite Video (PAL/ NTSC/ SECAM) RCA connector Analog Audio RCA connector Installation Wizard to install the MediaServer SW (Win 98SE/ ME/ 2000/ XP) Frees you from the wires between your PC and TV/ Audio System Infrared Remote Control User-friendly Web-based management and TV user interface Universal Plug-and-Play (UPnP) File Formats: MP3 (16-320Kbps), Internet Radio MP3, MPEG-1 (352x288, max 2Mbps), MPEG-2 (352x480, max 4Mbps), Still Image support: JPEG, BMP
This product is no longer available. This product represents a technology

191

SMCWAA-B Audio Adapter

The SMCWAA-B 11Mbps Wireless Audio Adapter lets the user listen to MP3 and WMA music files on a PC from any room of the house. The SMCWAA-B provides seamless integration into existing 802.11b or 802.11g wireless networks. It also allows to specify favorite audio tracks to access the songs listened to most. Support for the RHAPSODY Digital Music Server gives access to Internet Radio and a virtually unlimited collection of music albums. Features and Benefits:

16Mb flash RAM, 32Mb SDRAM 10/100 Mbps standard Ethernet interface (RJ-45) IEEE 802.11b (1/ 2/ 5.5/ 11Mbps), built-in antennas 64-bit/ 128-bit Wired Equivalent Privacy (WEP) File Formats: MP3: up to 320kbps (CBR or VBR), WMA-9, ID3 v1 or v2 Internet Radio: Streams via RHAPSODY (or Shoutcast, PLS, MP3 streams via SMC Media Server software) Analog Audio > 100dB 1.5m length 1/8" TRS jack to dual RCA audio L/R Infrared Remote Control Firmware upgradable (via utility on host PC) Universal Plug-and-Play (UPnP)

This product is no longer available. This product represents a technology.

192

NAS Overview
Introduction

Due to an ever increasing need for more mass storage, new and more effective technologies have been developed to ensure performance, scalability and data protection. Mass storage (disk space) may be accessed by computer users in different ways, depending on whether the storage device is directly attached to a computer or connected using a network or special storage communication infrastructure:

Directly Attached Storage (DAS) Network Attached Storage (NAS) Storage Area Network (SAN)

DAS, NAS and SAN are only partially competing alternatives. These technology approaches differ very much when it comes to scalability (capacity, number of concurrent users), performance and data protection features. They are therefore to be seen as complementary solutions, each of them designed to address specific customer requirements.

NAS Overview
Comparison DAS, NAS, SAN
Directly Attached Storage (DAS) describes configurations where the storage devices (disks) are installed in a computer and appear as a hard drive on that computer. A DAS device may be accessed by network users by mapping it as a network drive. Network Attached Storage (NAS) systems use network file systems and protocols (mostly TCP/IP based) such as CIFS, NFS, HTTP or FTP to communicate over the network. Although such solutions provide effective and professional features (automatic backup/mirroring, error recovery, performance, etc.), they do not require the installation and configuration of a Network Operating System and typically do

193

support different client systems such as PCs, MACs and UNIX based computers. Storage Area Network (SAN) uses a combination of special hardware (switches, disks, media) and protocols that ensure high performance and basically unlimited scalability. Examples for technologies used in SAN solutions are iSCSI, FibreChannel or InfiniBand. SAN solutions are typically used with high-end workstations, mainframe systems and supercomputers. They require special know-how and are generally considered to be too complicated and expensive for small to medium-sized companies.

Comparison Chart - DAS, NAS, SAN

This comparison chart describes in some detail DAS, SAN and NAS.

NAS - Network Attached Storage

Network-attached storage (NAS) is hard disk storage that is used/accessed through a network rather than being attached to a workstation or computer that is serving applications and files. Network Attached Storage is not a technology in itself; instead it is a collection of different technologies all used together to provide a network storage solution. It consists of hard disk storage, typically including multi-disk RAID systems, and software for configuration and management of file systems, user rights and system setup. NAS systems typically support a number of network protocols, like Microsoft's Server Message Block (SMB), also known as Common Internet File System (CIFS), FTP and Sun Microsystems' Network File System. Configuration, including the setting of user access priorities, is usually possible using a Web browser. NAS represents an affordable and expandable solution for end-users who require a central network data resource offering common shared storage. It is a cost-effective strategy reducing the number of disks needed in each PC/Laptop in the office or home environment.

194

NAS-based storage is easy to install and expand and needs no IT management expertise to look after it. It offers ease-of-use administrative features that simplify or eliminate manual disk expansion and archiving functions, user and application management, data protection, and other complex and/or time-consuming storage maintenance activities.

NAS Building Blocks

Overview
In a NAS solution, file level access to the centrally stored data for applications and users is provided by either a file transfer protocol like FTP or through a network file system that supports sharing of files (and sometimes other resources like printers) over a computer network. The NAS server / appliance has to translate network file system formats and instructions into ist own file system. The NAS server software provides a comfortable user interface to manage and configure the system and server applications. The NAS server also contains hardware and software components that provide block level access to the attached mass storage devices. Typically the user can chose between different technologies or methods (RAID, JBOD, BIG) that define how the connected disks are used in order to optimize performance and/or data protection.

RAID Overview

The term RAID is an acronym for: Redundant Array of Independent (or Inexpensive) Disks. RAID is a data storage technology where multiple hard disk drives are combined in an array to share or replicate data across the drives. This array of drives appears to the host computer as a single logical drive. There are a number of different RAID levels (different methods), each optimized to specific user requirements like increasing storage capacity and/or improving fault-tolerance to protect valuable data from corruption. This way it is possible to achieve levels of performance, capacity and reliability that exceed that of a single large drive. Each of these methods uses a version of data striping which writes consecutive blocks of data to different drives in the RAID set as shown in the graphic. Since the drives can be written and read simultaneously, data striping can improve disk I/O performance by a factor of the number of RAID devices used. The different RAID levels are used to determine the order in which the data is striped; whether data is duplicated on different drives for redundancy and what error detection and correction methods are used to safeguard the integrity of the data. The RAID level used should be determined by the trade-off between: data capacity; data integrity and data redundancy.

195

The most common RAID levels used are:

RAID RAID RAID RAID

0 1 4 5

(fully striped, minimum 2 disks) (mirrored / duplexed, only 2 disks) (shared parity, minimum 3 disks, 1 disk parity infomation) (distributed parity over all disks, minimum 3 disks)

RAID Levels

There are many different ways to implement a RAID array, using a combination of striping, mirroring/duplexing and parity technologies. Several standardized methods were defined over time with the following RAID levels as the most common used ones: RAID 0 (fully striped, minimum 2 disks) is the simplest RAID level, and offers no redundancy. Files are cut down into stripes of a user-defined stripe size of the array, and are sent to each disk in the array. This RAID level offers the best overall performance of the single RAID levels, at a very low cost.

RAID 1 (mirrored / duplexed, only 2 disks) is usually implemented as mirroring where a drive has its data duplicated on two different drives If one of the drive fails, the other drive continues to function as a single drive until the failed drive is replaced. A special variant of RAID 1 is duplexing, where both the controller card and the drive are redundant.
RAID 4 (shared parity, minimum 3 disks, 1 disk parity) improves performance by striping data across many disks in blocks, and provides fault tolerance through a dedicated parity disk. RAID 5 (distributed parity over all disks, minimum 3 disks) is one of the most popular RAID levels. RAID 5 stripes both data and parity information across three or more drives and writes data and parity blocks across all the drives in the array. This avoids performance issues that might arise with a dedicated parity drive. Fault tolerance is implemented by writing the parity information for any given block of data on a drive which is not being used to store the data itself.

196

JBOD / BIG

BIG or JBOD are alternative storage techniques to RAID level 0. BIG and JBOD do not offer the data striping used by RAID 0. They simply combine multiple disks into one large disk and write data sequentially across all disks. JBOD (just a bunch of disks) is a storage technique that offers the host computer direct access to a disk drive. With JBOD, the number of available virtual drives is equal to the number of physical drives which means that the disks are still seen as multiple drives by the host. BIG is a storage configuration in which multiple physical hard disk drives are combined (concatenated) and are perceived as one large single virtual disk. This configuration allows the end-user to increase logical volume size beyond the capacity of individual hard disk drives. BIG provides the maximum amount of storage space, but no additional performance or data redundancy. BIG and JBOD do not provide the performance increase of RAID 0 but can be more fault-tolerant than RAID 0. With BIG or JBOD, if a drive fails, only the data on that drive is lost. With RAID 0, due to the data striping, a failed drive could potentially corrupt the whole data set.

Network File Systems and Protocols

Examples for Network File Systems and Protocols:

Microsofts Server Message Block (SMB), also known as Common Internet File System (CIFS) Sun Microsystems Network File System (NFS) Apple Computers AppleTalk Filing Protocol (AFP) Netware Core Protocol (NCP) FTP (File Transfer Protocol)

A network file system is any computer file system that supports sharing of files (and sometimes other resources like printers) over a computer network. Network file systems provide (in many cases) a completely transparent access to remote mass storage. Not as transparent but widely used for sharing files even between different client operating systems are file transfer protocols like FTP. A file server provides file services to clients. On the client side special client software provides access to basic file operations, such as creating, deleting,renaming, reading from a file, and writing to a file. The file server controls a set of local storage devices on which files are stored and/or retrieved according to requests from file sharing clients. The first file servers were introduced in the 1970s and became very popular with the concept of personal computing in the 1980s. Important examples for network file systems are Sun Microsystems Network File System (NFS), Apple Computers AppleTalk Filing Protocol (AFP), Microsofts Server Message Block SMB, also known as Common Internet File System (CIFS) or Novells NetWare Core Protocol (NCP) that is used in networks based on NetWare. NAS servers typically support several of the more widely used network file systems and protocols like FTP, SMB/CIFS and NFS thus ensuring a broad support of different client platforms and operating systems.

197

NAS Applications
Overview
A Network Attached Storage (NAS) solution allows users to share and protect their data in a various ways. It is easy to install and manage, and provides a simple, centralised backup solution. More capacity can be added when needed by simply connecting extra removable media devices. Added to this is the flexibility of different RAID options, that allow the optimisation of disk space usage, data backup/restoration and whilst maintaining data integrity, depending on the specific users requirements. A NAS device can be used to provide storage solutions in many environments for both the office and the home including:

Shared storage in an office environment Storage backup and disaster recovery Home media server for music, video and photos

In each of these solutions, different disk storages strategies can be deployed depending on whether the priority is to use the maximum capacity of the available disks or whether redundancy and error correction is required to protect and ensure that the data is intact.

NAS Applications
Office File Server

In an office environment, a NAS solution can be used as a central network data resource offering common shared storage in addition to protected storage with user defined access rights, such as:

company databases shared file storage email archives data archives

All these options can be accessed by users on the network only with the appropriate access rights. For example, an employee has been working on an important document saved locally on his PC. The following day, he is not in the office which means that none of his colleagues can access the file. Had the document been saved on a NAS server, the file would have been available during the employee's absence.

198

Backup and Disaster Recovery

NAS technology allows even SMEs to implement cost effective and easy-to-maintain storage backup solutions for both local and remote offices. With potential disasters such as fire, flood, theft, hardware failure, human error, virus attacks to name but a few, these features can help you to protect your data. After all in todays world, these are your companys most important assets. A NAS device is an excellent choice for data backup and disaster recovery applications for the following reasons:

The built-in disk redundancy, error detection and recovery means that the backup data is protected even if a drive crashes or data becomes corrupted. A NAS device can be accessed from any part of the network; not just the local area network (LAN). In particular, it allows remote backup from other sites as part of a disaster recovery strategy. The user-friendly backup software makes it easy to protect the critical business data and in the case of disaster recovery, it makes it simple to restore archived data. USB devices such as iPodsTM, memory sticks, external hard disks and many more can be backed up as well. Support for USB-based Uninterrupted Power Supplies (UPS) protects the storage device even during a power loss of the mains electricity.

Home Media Server

In the home environment more and more people are storing their music, video and family pictures on their home computers. A NAS solution, as a Home Media Server, not only allows everyone in the family to share all this information, but it more importantly allows these valuable files to be protected and backed up properly. For instance, losing the complete family photo album would be a personal tragedy for many families. In particular, a NAS solution for the home can provide: An iTunesTM jukebox to share music with the whole family A central storage area for digital photo albums allowing all family members to access

and view family photos Central storage for digital music and videos which can be streamed to suitably enabled TVs and Hi-Fi equipment A backup solution with sufficient capacity to fit all of the familys files without the need for separate backup devices for each family member Local attachment and backup of USB storage devices such as iPodsTM or other MP3 players, memory sticks, digital cameras and external USB disk drives.

199

SMC NAS Products

SMCNAS02/ SMCNAS04 - Network Attached Storage Server

The SMC TigerStore SMB series NAS Storage Server (SMCNAS02/ SMCNAS04) is a complete storage solution for SMB and home network environments. System management and security are extremely simplified through the web-based User Interface (UI). Advanced file security, fault tolerant data options, and 1-/ or 4-ports of Gigabit Ethernet networking allow users to quickly and easily deploy additional data services in their office. Up to three USB 2.0 devices can be connected to expand network storage, provide additional backup services, or connect to a USB-UPS to provide temporary backup power in the event of a power failure. Additionally users can insert and backup the contents of their SD/ MMC/ MC or USB Storage devices to SMCNAS02 with just a push of a button. Features and Benefits:

Up to two or four 3.5-inch SATA (Serial ATA) hard disks SMCNAS02: Standard RAID 0, 1, and BIG configurations SMCNAS04: Standard RAID 0, 1, 4, 5, JBOD and BIG (future option) configurations SMCNAS02: Up to 2.0TB SMCNAS04: Up to 4.0TB TCP/IP, HTTP, NTP FTP server, SMB/ CIFS, NFS Disk space quota management, event logging, media server capabilities Full SMB backup software application USB Print Server

200

IP Camera/ IP Video
Introduction

IP camera or network camera systems digitize video streams at each camera on the network, which is then transferred over a standard wired or wireless network. Unlike traditional analogue video systems that transport analogue signals back to a centralized video recording device, IP camera systems digitize and compress the video at each camera. With a pure digital recording system the video stream can by viewed from any PC with an IP network connection to the control centre. This opens up the possibilities of remote viewing of both live and archive video streaming from anywhere with a suitable network connection. For businesses with remote or international locations, this allows them to have centralised security-monitoring. Since digital networked video is IP-based, users can monitor, store, and archive video and audio streams over the Internet or any IP network. Network camera systems today are more flexible and cheaper than traditional video systems and allow to build cost-effective and scalable video surveillance and remote monitoring solutions using flexible and reliable IP components that integrate seamlessly with existing network infrastructures.

IP Camera/ IP Video

Video Surveillance Market Development

The Video Surveillance market started in the 1970-80s with the deployment of analogue video cameras aimed at security and surveillance applications. The second generation of equipment for the Video Surveillance market introduced a variety of hybrid (a mix of analogue and digital) systems. The market is now entering its third generation. We are seeing the introduction of IP cameras which capture the video sequences directly into a digital video stream and transmit them over IP networks.

201

Comparison Analogue/ Hybrid/ Digital

Early Video Surveillance applications consisted of analogue video cameras and transmission systems. The video streams were recorded onto videotape using banks of video recorders (VCRs). Cameras were connected using coaxial cables and monitoring suites used shelves of TVs connected to the VCR machines. The next generation of equipment for the Video Surveillance market introduced a variety of hybrid (a mix of analogue and digital) systems. A perfect example for a hybrid approach appeared in the mid 1990s with the introduction of digital cameras for video capture and digital video recorders (DVRs) for recording and playback. The video network still uses coaxial cabling so digital-to-analogue encoders and decoders were required at either end of the connections. The latest generation of DVRs uses industry standard hard disk drives (HDD) for data storage and can be connected to standard PCs for monitoring and playback. Other hybrid solutions leveraged existing analogue cameras which were connected using coxial cabling to so called video servers which converted the analogue video signal much like modern IP cameras. Modern IP cameras capture the video sequences and convert them directly into a digital video stream to be transmitted over IP networks using standard twisted pair cabling or even wireless networks. The use of digital video streams obviates the need for the expensive encoder/ decoder equipment which is used in 2nd generation DVR solutions to convert to and from the analogue streams used for video transmission and display.

IP Video System Components & Aspects

IP Video Systems are a combination of several components that have to be selected carefully, taking into account many different aspects and requirements depending largely on the specific application and environmental conditions.

202

The environment in which especially the cameras will have to be placed already will lead to certain decisions with regards to camera design and options. Typical factors that have to be taken into account are:

The specific image/ video quality required for each camera (position) The size of the object that has to be on the image The distance of the object from the camera Light conditions Indoor or outdoor installation (rugged design, weatherproof design) Special requirements/ features (audio, motion detection, etc.) Available options with regards to provisioning of power/ electricity The available/ feasible local area network connectivity options

With regards to the storage, management and viewing of video data appropriate solutions have to be selected.

IP Camera/ IP Video
Storage of Video Data

IP Video/ Surveillance applications typically not only require the ability to view live video but also have to archive video data for later use. With regards to mass storage, new and more effective technologies have been developed in the last years to ensure excellent performance, scalability and data protection. Mass storage (disk space) may be accessed by computer users and systems in different ways, depending on whether the storage device is directly attached to a computer or connected using a network or special storage communication infrastructure:

Directly Attached Storage (DAS) Network Attached Storage (NAS) Storage Area Network (SAN)

DAS, NAS and SAN are only partially competing alternatives. These technology approaches differ very much when it comes to scalability (capacity, number of concurrent users), performance and data protection features. They are therefore to be seen as complementary solutions, each of them designed to address specific customer requirements. For most IP Video/ Surveillance applications the use of NAS technology will be the most appropriate solution. NAS-based storage is easy to install and expand and needs no IT management expertise to look after it. It offers ease-of-use administrative features that simplify or eliminate manual disk expansion and archiving functions, user and application management, data protection, and other complex and/ or time-consuming storage maintenance activities.

203

IP Camera Building Blocks

Introduction

IP Cameras are built up from three major parts: the camera housing (or enclosure), the electronic parts (including CPU, memory, network interfaces, image processor, image sensor) and the objective lens. Depending on the environment the camera has been designed for, the camera enclosure provides appropriate protection against temperature, humidity and even mechanical strain. Special camera designs will allow an active control of the positioning of the camera. Such cameras are called pan/ tilt cameras. Basically the electronic parts of the camera are like a small but complete networked computer system with extra components to perform the imaging functions. The two main components that perform image capture and conversion are the image sensor and the image processor. There are two different types of image sensors - CCD or CMOS. Both sensors require specific image processors with specific electronic components in order to improve performance and image quality. The third mayor part of any camera system is the objective lens. An objective lens may be permanently fixed to a camera, or it may be interchangeable for more flexibility.

IP Camera Building Blocks

Optical System

The objective lens is another major part of any camera system. Objectives as used in camera systems are arrays of simple lenses (elements) with a common axis. There usually is an aperture selection mechanism for adjusting the amount of light getting through the lens, and a focusing mechanism. Depending on the type of camera, there may also be an integrated shutter. An objective lens may be permanently fixed to a camera, or it may be interchangeable for more flexibility. Special objective lenses are for example telephoto lenses or wide-angle lenses.

204

A telephoto lens is a lens where the focal length is significantly longer than the focal length of a normal lens. Telephoto lenses make objects appear closer than they are. A wide-angle lens is a lens whose focal length is substantially shorter than the focal length of a normal lens, giving a wider angle of view. For some applications it might be necessary to use so called zoom lenses. A zoom lens has a continuously variable focal length from wide-angle to telephoto. Depending on the camera and application, the focal length can be set either manually or remotely. By increasing or decreasing the lens's magnifying power, the lens allows the user to make his display images smaller or larger. The amount of light reaching the image sensor is known as the exposure and is controlled by two camera elements - the aperture and the shutter. The aperture adjusts to let more or less light through and the shutter controls the period of time the light enters the camera.

IP Camera Building Blocks

Zoom Lens

For some applications it might be necessary to use so called zoom lenses. A zoom lens has a continuously variable focal length from wide-angle to telephoto. Depending on the camera and application, the focal length can be set either manually or remotely. By increasing or decreasing the lens's magnifying power, the lens allows the user to display images smaller or larger. There are two types of zoom: optical and digital. Optical zoom lenses actually alter the throw ratio while digital literally enlarges the digital image. Digital zoom enlarges a portion of the image, in a way 'simulates' an optical zoom. The camera selects a portion of the image and then enlarges it back to size. This magnification is achieved through interpolation. This may result in a loss in image quality. Digital cameras can be equipped either with an optical zoom lens, only a digital zoom, or optical and digital zoom combined.

Objective Lens Mount

There are two commonly used objective lens mount types: C- or CS-Mount. C-Mount type objective lenses typically consist of 7 optical lenses and show a distance between the objective lens and the image sensor of 17,5mm. CS-Mount type objective lenses normally consist of 5 optical lenses. The distance between the

205

objective lens and the image sensor measures 12,5mm. C-Mount objectives can be used with cameras designed to accept CS-Mount type of objective, if a C-/ CS-Mount adapter (5mm high) is inserted. It is not possible to use CS-Mount objectives with cameras designed to accept C-Mount objectives.

Sensor Technology CCD/ CMOS

CCD (Charge Coupled Device) and CMOS (Complementary Metal Oxide Semiconductor) image sensors are two different technologies for capturing images digitally. Each has unique strengths and weaknesses giving advantages in different applications. Today the performance differences became very small allowing the use of both technologies with most applications. Both types of sensors convert light into electric charge and process it into electronic signals. In a CCD sensor, every pixel's charge is transferred through one or more output nodes to be converted, and sent off-chip as an analogue signal. All pixel can be used to capture light, and the output's uniformity is high. In a CMOS sensor, each pixel has its own charge-to-voltage conversion, and the sensor often also includes other components and functions, so that the chip outputs digital bits. These other functions result in a higher design complexity of the chip, but it can be built to require less other components for basic operation. With each pixel performing its own conversion, uniformity, a key factor in image quality, is lower. Both CCD and CMOS image sensors can offer good performance, which means high quality images, supporting a broad range of light conditions and short shutter times. CCDs have traditionally provided best performance in photographic, scientific, and industrial applications that demand the highest image quality. Compared to CMOS sensors, CCD image sensors typically show advantages in bad light situations (like in twilight) where in especially bright light the image quality degrades earlier. CMOS image sensors allow to integrate more functions on the chip but have often resulted in tradeoffs between image quality and device cost.

Control/ Mounting (Stationary, Pan/ Tilt, Zoom)

Cameras may have pan/ tilt and zoom capabilities so that they can be used to focus on distant or wider angled areas to get a better view of any person, object or area which may demand closer inspection. Pan, tilt, and zoom cameras (PTZ cameras) are some of the most versatile cameras on the market. They can pan (move left and right), tilt (move up and down), and

206

zoom in or out. Some PTZ cameras are even able to rotate 360 degrees or display an object directly below them. The cameras motion can be remotely controlled via the network. For some surveillance applications the movements can often be programmed. This allows users to pan, tilt, and zoom into a specific area with just a push of a button or view certain areas in preset intervals. Motion Detection allows a camera to detect motion such as the opening of a door or a passing car and activate itself or to transmit at a higher frame rate.

Housing (Indoor, Outdoor, Rugged)

Outdoor Video Surveillance demands cameras with special features to withstand the exposure to the varying temperatures and weather conditions. Weatherproof cameras (quite often dome cameras) are therefore a popular choice for outdoor surveillance. They are an ideal solution for monitoring entrances, driveways, or open spaces. Outdoor camera housing are available in many different variants. For outdoor surveillance applications the housing might not only be of waterproof design but could optionally contain built-in heaters and fans. To ensure a clear image in all weather conditions some offer additional wiper function, and/ or special coated optical glass. Some camera housing are even filled with special gas to avoid fogged optics resulting from high temperature fluctuations. A special housing design is the so called dome housing, where a hemispherical formed plastic (or glass) dome protects the camera. These dome housings are often used in combination with pan/ tilt and zoom cameras. Dome cameras are relatively small and in many cases their design makes it hard to tell exactly in which direction the camera is pointing. This feature makes dome cameras a good choice for many different surveillance needs and applications. For some applications even weatherproof housings are not sufficient. Special ruggedized enclosures are designed with extra durable housings that are capable of withstanding also a great deal of mechanical abuse and vandalism.

Other Elements/ Building Blocks

Additional camera features and functions:

General I/ O Motion Detection/ Passive Infrared Sensors Heat Sensors Sound Sensors Audio Support Low Light Support/ IR Support/ Day/ Night Cameras Power Options (PoE) LAN / Wireless LAN Network Interfaces

Many of the modern IP cameras have advanced features built-in to support a variety of situations and applications: Some cameras offer a simple general I/ O interface to be able to attach a variety of sensors that then can be used to trigger actions like activating the camera. Motion Detection allows a camera to detect motion such as the opening of a door or a passing car and activate itself or to transmit at a higher frame rate. Some cameras are equipped with passive Infrared (PIR) sensors. A PIR sensor is an

207

electronic component which measures infrared light radiating from objects in its field of view. Motion is detected when an infrared source passes in front of a second infrared source having a different temperature. Heat Sensors can be used to detect and report overheating and potential fire hazards. Sound Sensors can be used to activate the camera by sounds such as doors slamming, people talking or sirens sounding. One-way audio support can be used to record sounds with the video sequence. With two-way audio the system also allows operators to send a spoken messages to the camera loud speaker (or audio out port). Low Light Support can be used at night time and in bad light conditions. Day/ Night cameras are able to switch at low lighting automatically between colour and b/w (Infrared) modes. Some of these cameras even have an integrated infrared light source. IP cameras which support the IEEE 802.3af Power over Ethernet standard (PoE) can be powered directly from a PoE capable switch without the need for an additional local power source. IP cameras typically have one or more LAN interfaces integrated. Most IP cameras can be directly connected to any Ethernet LAN infrastructure using twisted pair cables. Many cameras come with a built-in Wireless LAN interface so that they can be located in places where Ethernet cabling is not available or not feasible.

IP Camera Building Blocks

Selecting Cameras

Today a broad range of IP Camera types are available in the market that offer different features and functions to support different applications. Examples for such camera types are: Black and white (b/w) cameras Colour cameras Infrared (IR) cameras Day/ Night cameras Dome cameras Pan-Tilt-Zoom cameras (PTZ) Compact cameras, for example with integrated IR light source

The selection of the appropriate camera type mainly depends on the application it is intended for. Features and functions will be mainly influenced by factors like:

208

Place of installation (indoor, outdoor) Light conditions, lighting Distance of the object to the camera Velocity/ speed of the object Requirements with regards to the resolution Available power and network infrastructures (wireless, cable) Special requirements like motion detection, audio support, etc.

IP Camera Building Blocks

Lighting/ Overview
Sufficient lighting is a requirement for a good image capture and recording. Especially the extreme changes in outdoor applications require the selection of appropriate cameras and lenses. The light intensity has to be taken into account in the design of IP camera solutions. Light intensity - or to use a more precise term luminance is measured in Lux. It is a measure of the intensity of the light wavelength adjusted by the luminosity function to correlate with human brightness perception. The decision for the best positioning of cameras therefore depends to a high degree on lighting conditions like reflections, glare, light irritation or back light. Wrong or bad lighting may result in picture-rush or blurred images. Extreme overexposure (direct back light, sun) may even damage the image sensor of the camera.

Lighting (Light Intensity/ Luminance)

Examples for Light Intensity/ Luminance in Lux: Bright Sun: 10.000 - 1.000.000 Clouded sky (day): 100 - 10.000 Offices, shops: 100 1.000 Twilight: 1 - 10 Street lighting: 5 Full moon: 0,1 - 1 Starry sky: 0,001 0,01 Clouded sky (night): 0,0001 0,001

Average lighting level indoor and outdoor: Daylight: Winter noon cloudy, approx. 2.000 Lux Winter noon cloudless, approx. 20.000 Lux Summer noon cloudy, approx. 20.000 Lux Summer noon cloudless, approx. 100.000 Lux

209

Artificial light: Major street in city, approx. 30 Lux Living quarters, approx. 150 Lux Workplace, approx. 600 Lux

Day/ Night Cameras

In bad lighting conditions images from colour cameras become blurred and noisy. To be able to use a camera in a wide range of light conditions, some cameras are able to switch from colour into b/w (black and white) operation. Such cameras offer colour images during the day and change to b/w operation at night that offer a much higher photosensitivity. The advantages of such day/ night cameras are obvious - only one camera is needed for all light conditions. This feature can be implemented in two different ways. Either this feature is implemented in a way that the infrared spectrum of the light is filtered out by software or that the IR blocking filter is swayed away mechanically. Limit range light conditions like twilight (at dawn) might prevent a switching between the day/ night modes at the right moment, therefore day/ night cameras should offer a way to configure thresholds appropriately.

Network Connection

IP cameras typically have one or more LAN interfaces integrated. Most IP cameras can be directly connected to any Ethernet LAN infrastructure using twisted pair cables. IP cameras which support the IEEE 802.3af Power over Ethernet standard (PoE) can be powered directly from a PoE capable switch without the need for an additional local power source. Many cameras come with a built-in Wi-Fi radio so that they can be located in places where Ethernet cabling is not available or not feasible. For instance, external cameras can be placed halfway up a building without the need for structured wiring, and the extra weather and vandal proofing that would be required for the cables. IEEE 802.11g networks can operate at speeds up to 54 Mbps so certainly have enough capacity for the 2-3 Mbps video streams generated by a typical IP camera.

210

PoE

Traditionally, network devices like WLAN access points, IP phones, or IP cameras require, besides the data connection also a local power connection to work. The IEEE 802.3af (Power over Ethernet) specification eliminates the need for additional power outlets and power cabling. The standard describes two types of devices: Power Sourcing Equipment (PSE) and Powered Devices (PD). Power Sourcing Equipment (like for example switches with 802.3af support) provides power to the powered devices. For implementing PoE for single end devices (for example a limited number of access points in an facility) single line PoE adapters can be used. They are inserted into the cable between the hub/ switch and the to be powered end device. To support a larger number of PoE devices, switches are offered that support directly the IEEE 802.3af Power over Ethernet (PoE) standard that enables DC power to be supplied to attached devices using wires in the connecting Ethernet cable.

Image Quality
Introduction

Many factors contribute to the quality of a displayed (live) or archived image respectively video stream. Important factors are:

Camera features like sensor resolution and lens quality/ design Codecs used, for example video compression with MPEG/ MJPEG Video stream bandwidth/ network bandwidth (and quality) Lighting/ illumination

211

Depending on the application many other factors might become relevant. The distance to the observed object as well as its size and also the velocity of the observed object might have a direct influence on the required camera technology, image sensor technology as well as lens design.

Image Quality
Sensor Resolution

Analogue cameras are limited to the standard line resolutions dictated by the PAL and NSTC TV formats. With IP Cameras, since no intermediate analogue encoding or decoding is required, the video resolution is only limited by the capability of the camera itself. Image sensor resolution can be defined as the number of pixels used to capture an image. Image sensor resolution is typically expressed as numbers such as 640x480. To get the resolution in megapixels these numbers just have to be multiplied and divided by 1 million. Usually the higher the image sensor resolution, the better the image quality. A high resolution image sensor can capture much more variation in light than a low resolution image sensor, and can therefore reproduce an image more realistically. But also the size of an image sensor contributes to the quality of the captured images. In general, the larger the image sensor, the less noise in the images, the higher the quality. Already we are starting to see IP cameras with resolutions of 1 to 2 megapixels appearing on the market. These cameras will provide much clearer pictures and will enable better analysis of the images for applications such as number plate recognition or identifying individuals even by their facial features.

Video Stream Bandwith & Compression

Video streams can be encapsulated and compressed using either the MPEG-4 or MJPEG encapsulation techniques. Both provide efficient compression especially for fixed cameras where not a lot of the scene is changing.

212

MPEG-4 can compress a typical 720x480 pixel video stream running at 30 frames per second into a bit stream of 3.5 Mbps. A typical 100 Mbps Fast Ethernet connection can therefore handle up to 24 consecutive video streams (assuming a maximum usable capacity of 80 Mbps). If the frame rate can be reduced, the amount of available bandwidth increases proportionately. For example, if the frame rate could be reduced to 15 frames per second, then 48 consecutive video streams could be supported on a 100 Mbps Ethernet segment. Similarly, a Gigabit Ethernet trunk has 10 times the capacity of a 100 Mbps Ethernet segment and could handle 240 consecutive video streams at 15 fps as shown in the table above.

Video Compression Technologies/ MPEG

MPEG (Moving Picture Experts Group), is the name of family of standards used for coding audio and video information (e.g. movies, video, audio) in a digital compressed format. The major advantage of MPEG compared to other video and audio coding formats is that MPEG files are much smaller with the same quality. The standards MPEG-1 and MPEG-2 provide interoperable techniques of representing audiovisual content, commonly used on digital media. MPEG-4 includes many of the features of MPEG-1 and MPEG-2 and other related standards, to support many more application areas through features like extended bit rate range, better scalability, error resilience, interfaces to digital rights management systems and powerful ways to build interactivity into content. MJPEG (Motion JPEG) is a video technology by which every single picture is stored separately as a JPEG image. Video streams that have been compressed with MJPEG deliver an image quality independent from the changes (due to movements, etc.) in the images. Each image can be viewed individually which is very different from MPEG video streams. IP cameras often provide a stream of JPEG pictures. Many client applications - web browsers like Firefox can display such a HTTP video stream directly. Most Internet browsers can display M-JPEG streams only with the help of special software options. Although MJPEG offers many advantages specially for simple IP Camera applications, it has also disadvantages. These disadvantages mainly are in compression factors that can be - depending on the situation - a lot lower than with MPEG. MPEG also has a clear advantage when it comes to including audio data.

IP Camera Applications
Overview
IP Cameras can be used in a broad range of applications like:

Surveillance/ Retail Monitoring/ Transport Campus/ Building Surveillance Home Monitoring Applications Monitoring in Data Centres

213

IP Video has been available now for quite some time. It is used in many different applications and the concept and benefits are well understood. In transportation, video cameras help to keep traffic moving and highlight potential congestion before it occurs. In retail environments, surveillance reduces shoplifting and improves store operations by identifying queue build-ups at checkouts. In public places the site of a camera makes people feel more secure from crime and helps to protect buildings from vandals. In the finance world cameras in banks and ATM machines help providing an audit trail of transactions to prevent fraud and reduce theft. Advances in digital camera technology mean that many new applications are now feasible. Features such as: motion detection, sound and heat activation, advanced pattern recognition and low light operation, all allow new intelligent applications to be developed. Whats more, with the use of industry standard components and advanced digital circuitry, the price of the components is falling drastically making a video surveillance application feasible for smaller companies or even for domestic applications in the home. This technology shift means that sophisticated IP video surveillance solutions are now becoming affordable for even the smallest companies or private users. With their industry standard components, they can be installed and integrated with the existing network infrastructure using wired or wireless Ethernet connections. Monitoring the cameras no longer requires expensive video recording and viewing suites; camera output can be stored on standard disk arrays and viewed on standard PC monitors either locally or remotely wherever there is a good network connection.

Surveillance: Retail

In retail or commercial environments, IP Video Surveillance can be used to extend an existing analogue or hybrid analogue systems. For instance, a shop which has existing analogue or hybrid equipment that it uses for security, can add new Wireless IP Cameras to provide activity analysis. As shown in the graphic above, the existing analogue/ hybrid equipment can still be used and the video it generates can be encoded into MPEG-4 format so that it is available to the PC monitoring stations. The new wired or wireless IP cameras can be connected directly to the Ethernet network without the need to replace the existing equipment. This offers an extremely scalable and cost effective solution. Unlike existing analogue switching equipment, which can only control cameras in banks of up to sixteen channels, IP cameras can be added as required without the need to add extra encoders/ decoders.

214

Monitoring: Example Transport

With the ever-increasing need for security to reduce the problems associated with traffic congestion, IP Video Surveillance allows traffic arriving at transportation hubs such as airports, bus terminals and railway stations to be continuously monitored. This permits operators to respond quickly to traffic build-up or to notify security of any suspicious items, vehicles or people. As shown in the graphic above, external IP cameras are used to monitor arrivals and departures at a transportation hub. The cameras are connected using standard twisted pair cables which are connected to a Fast Ethernet switch. The video streams are then transmitted back to the Control Centre using Gigabit Ethernet over high grade twisted pair cables. In the Control Centre, the Video Management Software processes the incoming video streams and stores them in the Video File Store which is a standard disk array. Finally the video streams can be monitored in real time or as archive footage using standard PCs. More recent uses of video cameras have been in the implementation of traffic charging schemes where advanced number plate recognition software is used to record and bill road users as they enter a charging zone. It can also improve the road conditions for other road users such as cyclists and pedestrians.

Surveillance: Example Wireless Campus/ Buildings

Wireless LAN technology allows IP Cameras to be deployed in places where LAN cabling is not feasible or even impossible. Regardless whether WLAN capability is an integral part of the IP camera or whether a larger WLAN infrastructure is implemented, this technology is perfect for connecting many different applications, including difficult-to-wire locations, branch offices, school or corporate campus environments, frequently changing workplaces, temporary LANs, hospitals and warehouses. Depending on the distances the wireless connection has to cover and the specific environmental conditions, special high-gain antennas provide the perfect solution for those applications where greater distance or structural penetration is necessary

Monitoring: Home
215

In the home, video surveillance is now becoming affordable for providing security applications such as remote monitoring while on vacation and keeping an eye on the kids while at work. The wide availability of high-speed always-on broadband connections has enabled this new market. In fact some larger broadband service providers are starting to offer IP surveillance as an enhanced feature of their broadband service. For example, with a wireless IP camera strategically installed where valuable items are located, the owner can keep an eye on their home even when they are halfway around the world; all they need is a reasonable high speed internet connection. If the IP Camera includes a motion detection sensor, then the camera can be programmed to compare images taken at given intervals. If there is a major change between compared images, the camera will generate an alert to the owner using either a mobile SMS message, an automated phone call or an email.

IP Camera / IP Video Products

SMCWIPCFN-G - Wireless IP Camera
The SMC Wireless IP Camera SMCWIPCFN-G is a compact sized IP network camera with advanced integrated features. Features include infrared night vision and motion detection enabling both day & night surveillance. Notifications of triggered events (alerts) can be sent via email and images can be stored on the PCs or Network Attached Devices (NAS) on the local network. Features and Benefits: Number of effective pixels 307,200 Pixels (VGA) CMOS based board lens, focal length (f= 3.6mm/ F-number= F2.0) CPU ARM9 / MPEG4 encode chip 16M DDR/ 8M SDRAM/ 2M flash memory Network: 100Base-TX/ 10Base-T (RJ-45), IEEE 802.11 b/g Built-in Microphone Motion Detection Status LED power , LAN , WLAN Night Vision IR LEDs x 6 (auto/manual) MPEG4 video compression, ADPCM 40 ~ 16 kbit audio compression Image size (HxV) 640x480 (VGA), 320x240 (QVGA) 3 levels image quality (high, medium, low) Frame rate: up to 30fps (VGA) Protocols supported: TCP/IP, ICMP, HTTP, SMTP, FTP, DHCP, DNS, DDNS, PPPoE, DDNS, SNTP

216