Using ISDN and DDR to Enhance Remote Access Connectivity • Chapter 5 157 figurations for the PRI. In North America and Japan, the configuration is noted as 23B+D, or 23 B-channels and one D-channel operating at 64 Kbps. The bit rate of this type of PRI is 24 × 64 Kpbs =1.544 Mbps. Another configuration of the PRI is noted as 30B+D. This PRI offers a bit rate of 2.048 Mbps and is commonly offered in Europe and Australia. PRI Reference Points and Functional Groups The reference points for PRI lines are simpler than for BRI lines. The func- tions of the reference points are the same as in the BRI line. The major dif- ference is that PRI does not support multiple ISDN devices on the same line, whereas a BRI network supports connecting multiple devices to the same line. As shown in Figure 5.3, in PRI lines the Terminal Equipment (TE) con- nects directly to the Data Service Unit/Channel Service Unit (DSU/CSU), which then connects to the Local Exchange (LE). The DSU/CSU is similar to a modem but does not convert digital signals into analog signals. Since there is no support for non-ISDN multiple devices, the reference points and functional groups for the PRI line can be kept simple. ISDN Protocol Layers ISDN uses several different protocols for both control signaling and user data. The protocols can be correlated to the Open System Interconnection (OSI) reference model. The OSI reference model regulates all communica- tion between systems to ensure interoperability between vendors. The OSI reference model consists of seven functional layers including: Physical, Data Link, Network, Transport, Session, Presentation, and Application. Since signaling protocols and user data protocols are different, yet still operate in the same OSI layers, it further divides the OSI model into pro- tocol planes. The user plane (U-plane) contains the protocols required for sending user data such as voice, video and data. The control plane (C- plane) contains the protocols necessary for exchanging control signaling. Finally, the management plane (M-plane) controls the flow of traffic www.syngress.com Figure 5.3 ISDN PRI reference points and functional groups. TE DSU/ CSU LE S/T U 93_sbcran_Ch05 10/16/00 3:03 PM Page 157 158 Chapter 5 • Using ISDN and DDR to Enhance Remote Access Connectivity between the U-plane and C-plane. All of these planes can operate on the same layers of the OSI model simultaneously. ISDN services or bearer ser- vices operate at the first three layers of the OSI model (see Figure 5.4). These services allow for processing information for user-to-user communi- cation and for transmitting all processed information. The actual pro- cessing of information takes place at Layers 4 through 7 of the OSI model, which are the responsibility of the computer, not the network. As mentioned earlier, the B-channel carries user data that directly cor- relates to the U-plane, and the D-channel carries signaling information that directly correlates to the C-plane. In the next section, we will discuss the three layers that ISDN uses and we will discuss the relevance of both the U-plane and the C-plane. U-plane At Layer 1, or the physical layer, the B-channel is specified by both I.430 for BRI functionality and I.431 for PRI functionality. At this layer, the B- channel performs circuit switching, packet switching, and leased circuitry. For both circuit-switched and leased circuits, control signals set up the circuit and the ISDN network does not need to use any Layer 2 or 3 proto- www.syngress.com Figure 5.4 OSI reference model and ISDN protocols. Application Presentation Session Transport Network Data Link Physical I.430/I.431 I.430/I.431 LAPD - Q.921 LAPB - PPP/ HDLC DSS1 - Q.931 IP/IPX OSI Model C-Plane U-Plane ISDN BRI/PRI Protocols Layer 1 Layer 2 Layer 3 93_sbcran_Ch05 10/16/00 3:03 PM Page 158 Using ISDN and DDR to Enhance Remote Access Connectivity • Chapter 5 159 cols. When a packet-switched circuit is set up, the X.25 protocols run at Layers 2 and 3 allowing the exchange of data. The Layer 2 protocol for packet-switched circuits is known as Link Access Procedure for the B- channel (LAPB). Once LAPB establishes the Layer 2 connection, the Layer 3 connection can be established. Layer 3 protocols on the B-channel can be any OSI Layer 3 protocol such as Internet Protocol (IP) or Internetwork Packet Exchange (IPX). C-plane The D-channel operates at the same physical medium as the B-channel. Because of this, its physical layer protocols are the same as B-channel on both the BRI and PRI. For the D-channel, the Layer 2 protocol for packet- switched circuits is known as Link Access Procedure for the D-channel (LAPD). LAPD is specified under ITU-T Q.920 and Q.921 standards. The CCITT did not make LAPD a requirement, only a recommendation (I.440 and I.441). The D-channel has several Layer 3 protocols to choose from. The most commonly used Layer 3 protocol is Q.931. ISDN Call Setup and Teardown Figure 5.5 shows how the call setup process takes place using the Q.931 protocol. Not every ISDN switch uses the same procedures for both call setup and teardown. Figures 5.5 and 5.6 show the setup and teardown of a typical ISDN switch. In addition to the steps shown, an optional progress message can also pass through the system. Not all of these messages are required to take place when placing an ISDN call. Dial-on-Demand Routing (DDR) DDR is a technology that routers use to dynamically initiate and close a circuit-switched session to remote routers on demand. Once these sessions have been connected, data as well as routing updates can be exchanged between routers. In order for the router to initiate this session, it must first know when to dial. This is done through what is called interesting traffic. Once the call has been established, data can pass to the other end. The DDR session is typically not broken until there is a period of inactivity called idle-time. Multiple locations can be configured to dial based on routing destination. There are several features built into DDR that enhance its operation. Most of the more popular features, such as PPP Multilink and Dial Timers, will be covered in the remainder of this section and in Chapter 6. www.syngress.com 93_sbcran_Ch05 10/16/00 3:03 PM Page 159 160 Chapter 5 • Using ISDN and DDR to Enhance Remote Access Connectivity DDR typically runs on an as-needed basis, meaning the session is not connected until necessary. By running DDR on an as-needed basis, com- panies can save significant WAN usage costs. DDR operates over circuit- switched networks like ISDN and PSTN. Some of the methods using DDR are legacy DDR, dialer profiles, dial backup, and snapshot routing. All of these methods will be covered later in this chapter. www.syngress.com Figure 5.5 ISDN D-channel call setup. Calling End ISDN Network Receiving End Setup Setup Acknowledge Call Proceeding Setup Call Proceeding Alerting Alerting Connect Connect Connect Acknowledge Connect Acknowledge Figure 5.6 ISDN D-channel call teardown. Calling End ISDN Network Receiving End Disconnect Release Release Release Complete Disconnect Released Released Release Complete 93_sbcran_Ch05 10/16/00 3:03 PM Page 160 Using ISDN and DDR to Enhance Remote Access Connectivity • Chapter 5 161 Interesting Traffic The mechanism that allows DDR to function is the definition of interesting traffic. Interesting traffic is defined as traffic the router deems important (based on access lists); all other traffic is deemed uninteresting. When interesting traffic enters the router destined for a remote network, the router establishes a call to the remote network and sends the data (see Figure 5.7). Once the circuit is connected, all traffic (including uninter- esting traffic) can flow through the circuit. In the event of uninteresting traffic coming into the router destined for a remote network, the router will not establish a new call and the uninteresting traffic will be dropped. Interesting traffic is configured on the router with the dialer-list com- mand. The dialer-list command is then associated with a protocol and then permitted, denied, or matched to an access list. An example of an inter- esting traffic definition is dialer-list 1 protocol ip permit. This would allow IP traffic entering the router and destined for the remote network or networks to trigger a DDR session. Another example is: ■ dialer-list 2 protocol ip list 101 ■ dialer-list 2 protocol ipx list 901 ■ dialer-list 2 protocol appletalk deny www.syngress.com Figure 5.7 Dial-on-demand logic. Packet destined for remote site Is interface connected? Send packet & reset idle-timer Is packet interesting? Connect DDR interface to remote site Yes No Yes No Drop packet 93_sbcran_Ch05 10/16/00 3:03 PM Page 161 162 Chapter 5 • Using ISDN and DDR to Enhance Remote Access Connectivity The previous dialer-list would deny all Appletalk traffic from initiating the DDR session, and would look at access list 101 for matches on IP traffic and access list 901 for matches on IPX traffic. If an IP or IPX match were found, the DDR interface would dial. One reason you would want to con- figure an access list permitting only specific traffic to initiate a DDR call would be for permitting only e-mail and Web traffic. In that instance, other traffic such as routing updates and broadcasts would not initiate a DDR session. If dynamic routing protocols were allowed to trigger the DDR interface, the link would stay connected all the time. The limit on the number of dialer-lists in a router is 10, but each list can have multiple entries. It is important to remember to use an access list when using DDR and dynamic routing to prevent routing updates or hello packets from opening and keeping the link active. NOTE Once a DDR connection has been made, any traffic passing through the interface (including uninteresting traffic) will keep the session open. Topologies There are three topology designs possible under DDR. The topology chosen depends on the number of sites in the design and the amount of traffic between the sites. The three possible topologies are: ■ Point-to-point ■ Fully meshed ■ Hub-and-spoke Point-to-Point Topology If there are only two sites involved in the design, point-to-point topology should be used. For point-to-point topology to work, each site is configured to dial the other. Another option is to use multiple links to give additional bandwidth. Figure 5.8 shows a point-to-point topology. Fully Meshed Topology A fully meshed network topology is only recommended for a very small DDR network. In the fully meshed design, each router is configured to dial every other router in the network. An advantage of this design is that it www.syngress.com 93_sbcran_Ch05 10/16/00 3:03 PM Page 162 Using ISDN and DDR to Enhance Remote Access Connectivity • Chapter 5 163 allows each site to communicate directly with each other site instead of going through a central site. However, with this design, the scalability is severely limited. You must also take the number of available ports and cir- cuits into consideration. If you have the network shown in Figure 5.9, and Router1 is connected to Router2, and Router3 is connected to Router4, then data cannot pass between Router1 and Router3 or Router4, and cannot pass between Router2 and Router3 or Router4. Just like any fully meshed topology, the amount of resources required to maintain a full mesh grows exponentially with the number of devices. www.syngress.com Figure 5.8 Point-to-point DDR topology. ISDN Router1 Router2 Figure 5.9 Fully meshed DDR topology. ISDN Router1 Router2 Router3 Router4 93_sbcran_Ch05 10/16/00 3:03 PM Page 163 164 Chapter 5 • Using ISDN and DDR to Enhance Remote Access Connectivity Hub-and-Spoke Topology A hub-and-spoke network topology is different from the fully meshed design, in that all traffic is sent to a central site and then re-routed to the final destination. For example, in Figure 5.10, if a computer on Spoke2’s Ethernet interface wanted to send an e-mail to a computer on Spoke3’s Ethernet segment, Spoke2 would dial Hub1 (assuming that the e-mail was configured as interesting traffic), which would then dial Spoke3 and send the data. Hub1 would be taking in the data from Spoke2 and sending it out to Spoke3. This type of design is more suitable for large-scale DDR networks. In order for this type of design to scale properly, the only site that needs to have significant available resources is the hub. Contrary to the exponential growth in resources (circuits and ports) required in a fully meshed design, the hub-and-spoke design only needs resources two times the number of DDR sites. Another advantage of the hub-and-spoke design is that it is easy to configure and troubleshoot. The complexity of the design is constrained to the hub router; the spoke routers have very simple configurations. One key disadvantage to this design (but not to the fully meshed topology) is that there is now a single point of failure in the net- work. If the hub router goes down, then none of the hub sites are able to communicate with the rest of the network. www.syngress.com Figure 5.10 Hub-and-spoke DDR topology. ISDN Hub1 Spoke2 Spoke1 Spoke3 93_sbcran_Ch05 10/16/00 3:03 PM Page 164 Using ISDN and DDR to Enhance Remote Access Connectivity • Chapter 5 165 One popular solution to overcome this potential failure issue is to design a dual-hub-and-spoke network. This works well on large networks, retains the advantages of the hub-and-spoke design, and overcomes the issue of a single point of failure. Figure 5.11 shows a dual-hub-and-spoke design. Dialer Interfaces There are a few different interfaces that Cisco routers can use as a dialer interface: ISDN BRI, synchronous serial, and asynchronous. In order to have an understanding of dialer interfaces, it is important to have an understanding of dialer profiles, dialer rotary groups, dialer addressing, dialer mapping, encapsulation, and supported interfaces. The following sections cover these concepts. www.syngress.com Figure 5.11 Dual-hub-and-spoke DDR topology. Hub 2 Spoke 4 ISDN Hub 1 Spoke 2 Spoke 1 Spoke 3 93_sbcran_Ch05 10/16/00 3:03 PM Page 165 166 Chapter 5 • Using ISDN and DDR to Enhance Remote Access Connectivity Dialer Profiles Dialer profiles were introduced into the IOS to offer design flexibility in DDR networks. They are key to the function of dialer interfaces. Dialer pro- files are based on separate logical interface configurations being bound to physical interfaces. They involve configuring a profile, which is kept sepa- rate from the physical interface. Once the profile has been configured, it is then bound to the physical interface. Multiple profiles can then be linked to one interface, allowing multiple sites to be called from the same inter- face. Additionally, one profile can be linked to multiple interfaces, allowing greater bandwidth per call. Chapter 6 gives more details on dialer profiles, including configuration examples. Dialer Rotary Groups Dialer rotary groups are used when there are multiple physical interfaces placing a call. In the event one interface is busy, the rotary group will use the next available interface to make the call. A dialer rotary group does not need to be configured for either BRI or PRI interfaces; the multiple B-chan- nels in either interface are automatically placed into a dialer rotary group. Chapter 6 gives more details. Dialer Addressing There are two different ways to assign dialer interface addresses: using unnumbered interfaces and shared subnetting. Unnumbered interfaces are similar to assigning a point-to-point line an unnumbered address; the address of another interface on the router is used on the dialer interface. Using unnumbered dialer interfaces works because the links are always point-to-point. In using shared subnetting, the dialer interface is similar to assigning a subnet to a LAN or multipoint WAN to share. For shared subnetting, each site in the dialer cloud would get a unique address from a subnetted pool. Using shared subnetting is much simpler than using unnumbered addresses; however, it consumes extra addresses. Dialer Mapping Dialer maps translate telephone numbers into next-hop addresses. DDR cannot function without statically configured dialer maps. In addition to translating telephone numbers to next-hop addresses, dialer maps control whether an interface passes broadcast messages. Dialer maps can also control the speed of the call, and can link names for PPP authentication. If a site is only going to receive calls and not make any outgoing calls, the phone number can be left off the dialer map statement. Examples B www.syngress.com 93_sbcran_Ch05 10/16/00 3:03 PM Page 166 [...]... ri = 44 940 02 :47 :03: ISDN BR0: RX SABMEp sapi = 0 02 :47 :05: ISDN BR0: RX = 0x08007B3A0A3038 INFOc sapi = 0 tei = 82 ns = 0 nr = 0 i 02 :47 :05: ISDN BR0: RX RRr sapi = 0 tei = 81 nr = 3 02 :47 :05: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 02 :47 :05: ISDN BR0: TX -> = 0x0801270F INFOc sapi = 0 tei = 81 ns = 2 nr = 3 i 02 :47 :05: ISDN BR0: RX RRr sapi = 0 tei = 82 nr = 1 02 :47 :05: ISDN BR0: RX SABMEp sapi = 0 02 :47 :02: ISDN... authentication to pass, the remote routers must have this router in their username list and have CHAP authentication configured access- list 101 permits all WWW, access- list 101 permit tcp any any eq SMTP, POP3, and ICMP traffic The www explicit Deny All will deny all other access- list 101 permit tcp any any eq types of IP traffic With this access smtp list and the dialer-list command, only access- list 101 permit... TX -> = 0x08007B3A0A303 INFOc sapi = 0 tei = 81 ns = 0 nr = 0 i 02 :47 :05: ISDN BR0: RX = 0x08012705 040 288 INFOc sapi = 0 tei = 81 ns = 1 nr = 1 i 02 :47 :05: ISDN BR0: TX -> IDREQ 02 :47 :05: ISDN BR0: RX . 64 Kbps. The bit rate of this type of PRI is 24 × 64 Kpbs =1. 544 Mbps. Another configuration of the PRI is noted as 30B+D. This PRI offers a bit rate of 2. 048 Mbps and is commonly offered in Europe. proto- www.syngress.com Figure 5 .4 OSI reference model and ISDN protocols. Application Presentation Session Transport Network Data Link Physical I .43 0/I .43 1 I .43 0/I .43 1 LAPD - Q.921 LAPB - PPP/ HDLC DSS1. as Link Access Procedure for the D-channel (LAPD). LAPD is specified under ITU-T Q.920 and Q.921 standards. The CCITT did not make LAPD a requirement, only a recommendation (I .44 0 and I .44 1). The