Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Airspan
Firepro
Radwin
The radios in frequent usage today are the Airspan, Radwin and the Firepro radios.
Each of these radios has a particular frequency range. Airspan is mostly used in a Point to
Multipoint topology and used majorly at the base station, where multiple clients’ branches
have to be handled.
In Airspan specifically, there is a modem at the Tulip end known as the BASE
STATION RADIO and the radio at the client end is know an SUBSCRIBER PREMISES
RADIO.
Firepro can be used in point to point and point to multipoint topologies and is
actually used for both as well, majorly used in Point to Point topology mostly.
Radwin is used very rarely as well, and if at all, is used in the backbone to provide
redundancy to the fiber paths in the backbone.
But yes, did we just notice the usage of the word Electromagnetic Spectrum. That is,
broadly considered as the mother of the RF. Why? Simple, because RF is part of that
spectrum only. Electromagnetic radiation is generally described as a self-propagating
wave in space with electric and magnetic components. These components oscillate at
right angles to each other and to the direction of propagation, and are in phase with each
other. Electromagnetic radiation is classified into types according to the frequency of the
wave: these types include, in order of increasing frequency, radio waves, microwaves,
infrared radiation, visible light, ultraviolet radiation, X-rays and gamma rays.
Now that we are clear with the fact that the connectivity is based upon a radio at
Tulip’s base station and one at the client site, it would be imminent enough that the
topology used between the base station and the client(/s) is either
The following would give us a brief idea of the correlation between the EM spectrum
and the radio frequency part of the spectrum.
2
3
2.2 How It’s Used
Well, let me try and give you a visual picture of how it is done.
Well, at the base station end, the router is connected to the switch which in
turn is connected to the radio modem through an SDA, which is basically the power
adapter to which we connect the CAT-5 cable of the modems as well as of the
routers/switches. Then we have the radio modem attached to the antenna, you know you
just can’t go places without an antenna. Now what do we use to attach the antenna to the
modem. That’s where a pigtail comes in. No; it’s not a pig’s tail. It is what we use to
connect the radio modem and antenna and it looks somewhat like this:
So now we have a complete picture of what’s happening. The information travels from the
router to the switch at the base station to the antenna via the radio modem. The antenna
zaps it across to the other side, where a similar but reverse process takes place, making it
possible for information to be transmitted anywhere!!! Sounds pretty neat, eh?
ROUTER: A device or setup that finds the best route between any two networks, even if
there are several networks to traverse. Like bridges, remote sites can be connected using
routers over dedicated or switched lines to create WANs.
Radio: One at each side, at the base and client sides. These radios are connected to the
antenna via the Pigtail cable.
SDA or POE: It is the power adapter to which we connect the CAT-5 cable of the modems
as well as of the routers.
4
Feeder: It is type of the stick connected to the antenna which points the waves to the
direction to which they have to travel and also provides the beam to the waves.
Antenna: It is a type of dish with which we connect the modems like BSR and SPR.
2.4 Radios
Now that we are through with knowing how it works, lets concentrate a little bit more on
the types of radio modems that are used in Tulip. Radios primarily used in Tulip are
Airspan, Radwin, and Firepro
– AIRSPAN- As said earlier, the two components making up the Airspan setup are the BSR
and the SPR.
–
BSR
The BSR, installed at the Base Station, is an encased outdoor radio module providing a 9
pin D-type port for
RS-232 serial interface and a 15 pin D-type port for data, synchronization, and power
interfaces. The BSR is available in two models: BSR with an integral antenna (BSR 900
MHz TDD V-pol); BSR with two N-type ports
(displayed below) for attaching up to two external antennas (BSR 900 MHz TDD Dual
Ext). Major cities like
NCR and Mumbai would have up to about 50 Base Stations. Medium sized towns will
have 20 Base Stations.
Very small towns could have one to three Base Stations. Total of about 2000 base
stations setup to date.
Any new city comes up in four weeks.
5
SPR
The SPR is an encased CPE outdoor radio module providing access to a 15 pin D-type
port for Ethernet, serial, and power interfaces. The SPR model is available in two models:
SPR with an integral antenna (SPRL
900MHz TDD V-pol) and SPR with an N-type port for attaching an external antenna (SPR
900MHz TDD Ext).
1. Connect the 15-pin D-type male connector, at one end of the CAT 5 cable, to the SPR’s
15-pin port.
6
2. Connect the 15-pin D-type male connector, at the other end of the CAT 5 cable, to the
SDA’s 15-pinD-type
The setup of the radio is comparatively easier. The radio can either be configured in
bridge mode or in routing mode. The following is a snapshot of Airspan SPR and BSR
being configured in bridge mode.
7
BSR and SPR being configured in
the bridge mode.
8
2.5 Site preparation and planning
1. Minimum obstructions (e.g. buildings) in the radio path between the Base Station radio
(i.e. BSR) and the subscriber radios (i.e. SPR/IDR).
-Minimum multipath fading: Some of the transmitted signals may be reflected from a
nearby building, by water under the signal path, or from any other reflectors. This
reflected ("bounced") signal can then be received by the radio receiving the signal and
superimposed on the main received signal, thereby, degrading the signal strength.
Airspan recommends installing the outdoor radios at the rear of the building’s roof instead
of the front. When you install at the rear, the front of the building blocks incoming signals
from multipath reflections.
9
- Clean frequencies selected from Spectrum Analyzer results.
- Maximum received signal strength (RSS) at CPE by antenna alignment: For the IDR,
RSS can be measured by the IDR's built-in RSS LEDs; for the SPR, RSS can be
measured by Airspan’s WipConfig program or by connecting Airspan's RSS LED Plug
Adapter.
- Radios are mounted as far as possible from sources of interference that could degrade
performance of radio. Ensure a minimum of 1-meter separation between co-located
outdoor units.
Radios mounted as high as possible to avoid obstructions and to increase link quality.
- Sufficient wiring conduit and cable ties to channel and protect the CAT 5 cable
connecting the outdoor radio to the indoor hub/switch.
10
- Higher sensitivity to multipath, resulting in the following:
- The root mean square (RMS) delay spread at the Base Station is substantially higher.
-Multipath interference at the CPE side (when using omni-directional antenna at the Base
Station) is substantially higher. In fact, when using an omni-directional antenna, the
existence of clear Fresnel zone between BSR and SPR/IDR is insufficient to eliminate
multipath interference, since multipath, in this case, can be caused by reflections
originating from obstacles outside the Fresnel zone.
11
The following table describes some of the most commonly used modes, how to enter the
modes, and the resulting prompts. The prompt helps you identify which mode you are in
and, therefore, which commands are available to you
Mode of Operation Usage How to Enter the Mode Prompt User EXEC Change terminal
settings on a temporary basis, perform basic tests, and list system information. First level
accessed.
Router> Privileged EXEC System administration, set operating parameters. From user
EXEC mode, enter enable password command
Router# Global Config Modify configuration that affect the system as a whole. From
privileged EXEC, enter configure terminal.
Router(config)# Interface
Config Modify the operation of an interface. From global mode, enter interface type
number.
Router(config-if)# Setup Create the initial configuration. From privileged EXEC mode,
enter command setup. Prompted dialog
Configuration Mode
12
Configuration mode has a set of submodes that you use for modifying interface settings,
routing protocol settings, line settings, and so forth. Use caution with configuration mode
because all changes you enter take effect immediately.
To enter configuration mode, enter the command configure terminal and exit by pressing
Ctrl-Z.
Note:
Almost every configuration command also has a no form. In general, use the no form to
disable a feature or function. Use the command without the keyword no to re-enable a
disabled feature or to enable a feature that is disabled by default. For example, IP routing
is enabled by default. To disable IP routing, enter the no ip routing command and enter
ip routing to re-enable it.
Getting Help
In any command mode, you can get a list of available commands by entering a question
mark (?).
Router>?
To obtain a list of commands that begin with a particular character sequence, type in
those characters followed immediately by the question mark (?).
Router#co?
configure connect copy
To list keywords or arguments, enter a question mark in place of a keyword or argument.
Include a
3.1What is VPN?
15
3.2Why VPN’s ?
• Customer
Provider network (P-Network): the service provider infrastructure that is used to provide
VPN services.
Provider (P) device: the device in the P-Network with no customer connectivity and
without any “knowledge” of the VPN. This device is usually a router .
16
Provider edge (PE) device: the device in the P-Network to which the CE devices are
connected. This device is usually a router and is often referred as the PE router.
3.3TYPES OF VPN:
Remote-Access VPN
There are two common types of VPN. Remote-access, also called a virtual private dial-up
network (VPDN), is a user-to-LAN connection used by a company that has employees who need
to connect to the private network from various remote locations. Typically, a corporation that
wishes to set up a large remote-access VPN will outsource to an enterprise service provider
(ESP). The ESP sets up a network access server (NAS) and provides the remote users with
desktop client software for their computers. The telecommuters can then dial a toll-free number
to reach the NAS and use their VPN client software to access the corporate network.
17
A good example of a company that needs a remote-access VPN would be a large firm with
hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted connections
between a company's private network and remote users through a third-party service provider.
1) SECURE VPNS:
Tunneling:
Tunneling is the transmission of data through a public network in such a way that
routing nodes in the public network are unaware that the transmission is part of a
private network. Tunneling is generally done by encapsulating the private network data
and protocol information within the public network protocol data so that the tunneled
data is not available to anyone examining the transmitted data frames. Tunneling
allows the use of public networks (eg, the Internet ), to carry data on behalf of users as
though they had access to a ‘private network’, hence the name. Secure VPNs use the
tunneling mechanism to carry data on public internet lines.
• IPSec (IP security) - commonly used over IPv4 , and an obligatory part of IPv6 .
• PPTP ( point-to-point tunneling protocol ) , developed jointly by a number of companies,
including Microsoft .
18
• L2TP (Layer 2 Tunneling Protocol) , including work by both Microsoft and Cisco.
• L2TPv3 (Layer 2 Tunneling Protocol version 3) .
Some large ISPs now offer “managed” VPN service for business customers who want
the security and convenience of a VPN but prefer not to undertake administering a VPN
server themselves. In addition to providing remote workers with secure access to their
employer’s internal network, sometimes other security and management services are
included as part of the package
2) TRUSTED VPN :
Trusted VPNs do not use cryptographic tunneling , and instead rely on the security of a
single provider’s network to protect the traffic. In a sense, these are an elaboration of
traditional network and system administration work. Multi-Protocol Label Switching
(MPLS) is often used to build trusted VPN. L2F (Layer 2 Forwarding), developed by
Cisco , can also be used.
Internet Protocol Security Protocol (IPSec) provides enhanced security features such as better
encryption algorithms and more comprehensive authentication.
19
A remote-access VPN utilizing IPSec
IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the header and the
payload of each packet while transport only encrypts the payload. Only systems that are IPSec
compliant can take advantage of this protocol. Also, all devices must use a common key and the
firewalls of each network must have very similar security policies set up.
IPSec can encrypt data between various devices, such as:
➢ Router to router
➢ Firewall to router
➢ PC to router
➢ PC to server
1) IPSec:
IPSec (IP Security) is a standardized framework for securing Internet Protocol (IP)
communications by encrypting and/or authenticating each IP packet in a data stream.
There are two modes of IPSec operation: transport mode and tunnel mode. In transport
mode only the payload (message) of the IP packet is encrypted. It is fully-routable
since the IP header is sent as plain text. Transport mode is used for host-to-host
communication. In tunnel mode, the entire IP packet is encrypted. It must then be
encapsulated into a new IP packet for routing to work. Tunnel mode is used for
20
network-to-network communications (secure tunnels between routers). Since
encryption and encapsulation are done by routers/gateways,end systems need not
support this. IPSec protocols operate at the network layer. This makes IPSec more
flexible, as it can be used for protecting both TCP and UDP-based protocols, but
increases its complexity and processing overhead, as it cannot rely on TCP (layer 4) to
manage reliability and fragmentation. Protocols used for securing traffic in IPSec are
AH and ESP.
2) GRE:
Generic Routing Encapsulation (GRE) is a protocol designed for performing
encapsulation of one network layer protocol (for example, IP or IPX) over another
network layer protocol (for example, IP). GRE uses the tunneling technology and
serves as a Layer 3 tunneling protocol of virtual private network (VPN).
21
A tunnel is a virtual point-to-point connection for transferring encapsulated packets.
Packets are encapsulated at one end of the tunnel and decapsulated at the other end.
Operation of GRE
A packet transferred through a tunnel undergoes an encapsulation process and a
decapsulation process. Figure 1-1 depicts the network used to illustrate these two
processes.
I. Encapsulation process
1)After receiving an IPX packet through the interface connected to IPX network Group
1, Router A submits it to the IPX module for processing.
2) The IPX module checks the destination address field in the IPX header to determine
how to route the packet.
3)If the packet must be tunneled to reach its destination, Router A sends it to the tunnel
interface.
4) Upon receipt of the packet, the tunnel interface encapsulates it in a GRE packet and
submits to the IP module.
5) The IP module encapsulates the packet in an IP packet, and then forwards the IP
packet out through the corresponding network interface based on its destination
address and the routing table.
22
These are the involved terms:
Delivery or transport protocol: Protocol used to encapsulate the GRE packet and to
forward the resulting packet to the other end of the tunnel, IP in this example.
Depending on the transport protocol, two tunnel modes are present: GRE over IPv4
and GRE over IPv6.
For the purpose of tunnel security, GRE provides two options: tunnel interface key and
end-to-end checksum. According to RFC 1701,
If the Key Present field of a GRE packet header is set to 1, the Key field will carry the
key for the receiver to authenticate the source of the packet. This key must be the
same at both ends of a tunnel. Otherwise, packets delivered over the tunnel will be
discarded.
If the Checksum Present bit of a GRE packet header is set to 1, the Checksum field
contains valid information. The sender calculates the checksum for the GRE header
and the payload and sends the packet containing the checksum to the peer. The
receiver calculates the checksum for the received packet and compares it with that
carried in the packet. If the checksums are the same, the receiver considers the packet
23
intact and continues to process the packet. Otherwise, the receiver discards the
packet.
Due to the GRE encapsulation/decapsulation process respectively executed on both
ends of the tunnels and the resulting increase in data volume, the forwarding efficiency
of routers using GRE is degraded to some extent.
GRE Applications :
24
Figure 4 Multi-protocol communications through a single-protocol backbone
In the example as shown in Figure 1-4 , Group 1 and Group 2 are local networks
running Novell IPX, while Team 1 and Team 2 are local networks running IP. Through
the GRE tunnel between Router A and Router B, Group 1 can communicate with Group
2 and Team 1 can communicate with Team 2. They will not interfere with each other.
25
In the example as shown in Figure 1-6 , Group 1 and Group 2 running Novell IPX are
deployed in different cities. They can constitute a trans-WAN virtual private network
(VPN) through the tunnel.
2. via the broker device (described earlier), PPTP creates a TCP control connection
between the VPN client and VPN server to establish a tunnel. PPTP uses TCP port
1723 for these connections.
PPTP also supports VPN connectivity via a LAN. ISP connections are not required in
this case, so tunnels can be created directly as in Step 2 above.
Once the VPN tunnel is established, PPTP supports two types of information
flow:
1) Control messages for managing and eventually tearing down the VPN connection.
Control messages pass directly between VPN client and server.
2) Data packets that pass through the tunnel, to or from the VPN client
26
PPTP supports authentication, encryption, and packet filtering. PPTP authentication
uses PPP-based protocols like EAP, CHAP, and PAP. PPTP supports packet filtering on
VPN servers. Intermediate routers and other firewalls can also be configured to
selectively filter PPTP traffic.
Description:
L2TP acts like a data link layer (layer 2 of the OSI model ) protocol for tunneling
network traffic between two peers over an existing network (usually the Internet ). L2TP
is in fact a layer 5 protocol session layer , and uses the registered UDP port 1701. The
entire L2TP packet, including payload and L2TP header, is sent within a UDP
datagram. It is common to carry Point-to-Point Protocol (PPP) sessions within an L2TP
tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPSec is
often used to secure L2TP packets by providing confidentiality, authentication and
integrity. The combination of these two protocols is generally known as L2TP/IPSec
(discussed below).
The two endpoints of an L2TP tunnel are called the LAC (L2TP Access Concentrator)
and the LNS (L2TP Network Server). The LAC is the initiator of the tunnel while the
LNS is the server, which waits for new tunnels. Once a tunnel is established, the
network traffic between the peers is bidirectional. To be useful for networking, higher-
level protocols are then run through the L2TP tunnel. To facilitate this an L2TP session
(or call) is established within the tunnel for each higher-level protocol such as PPP.
Either the LAC or LNS may initiate sessions. The traffic for each session is isolated by
L2TP, so it is possible to set up multiple virtual networks across a single tunnel. MTU
should be considered when implementing L2TP.
The packets exchanged within an L2TP tunnel are categorized as either control
packets or data packets. L2TP provides reliability features for the control packets, but
no reliability for data packets. Reliability, if desired, must be provided by the nested
protocols running within each session of the L2TP tunnel.
Tunneling Models:
An L2TP tunnel can extend across an entire PPP session or only across one segment
of a two-segment session. This can be represented by four different tunneling models,
namely
I. voluntary tunnel
II. compulsory tunnel — incoming call
III. compulsory tunnel — remote dial and
27
IV. L2TP multi-hop connection
1) In the voluntary tunnel model , a tunnel is created by the user, typically by the use of
an L2TP enabled client which is called the LAC client. The user will send L2TP packets
to the Internet Service Provider (ISP) which will forward them on to the LNS. The ISP
does not need to support L2TP; it only forwards the L2TP packets between LAC and
LNS. The LAC client acts as an L2TP tunnel initiator which effectively resides on the
same system as the remote client. The tunnel extends across the entire PPP session
from the L2TP client to the LNS.
2) In the compulsory tunnel model-incoming call , a tunnel is created between ISP LAC
and the LNS home gateway. The company may provide the remote user with a Virtual
Private Network (VPN) login account from which he can access the corporate server.
As a result the user will send PPP packets to the ISP (LAC) which will encapsulate
them in L2TP and tunnel them to the LNS. In the compulsory tunneling cases, the ISP
must be L2TP capable. In this model the tunnel only extends across the segment of the
PPP session between the ISP and the LNS.
3) In the compulsory tunnel model-remote dial the home gateway (LNS) initiates a
tunnel to an ISP (LAC) (outgoing call) and instructs the ISP to place a local call to the
PPP enabled client which is the remote user. This model is intended for cases where
the remote PPP Answer Client has a permanently established phone number with an
ISP. This model is expected to be used when a company with established presence on
the Internet needs to establish a connection to a remote office that requires a dial-up
link. In this model the tunnel only extends across the segment of the PPP session
between the LNS and the ISP.
4) An L2TP Multi-hop connection is a way of redirecting L2TP traffic on behalf of client
LACs and LNSs. A Multi-hop connection is established using an L2TP Multi-hop
gateway. A tunnel is established from a client LAC to the L2TP Multi-hop gateway and
then another tunnel is established between the L2TP Multi-hop gateway and a target
LNS. L2TP traffic between client LAC and LNS is redirected to each other through the
gateway.
28
L2TPv3, an extension of the L2TP, is a stateless protocol with no inherent signaling or
keep-alive mechanism. L2TP, originally defined in RFC 2661, was designed to provide
dynamic tunneling for multiple Layer 2 circuits across packet-oriented data networks. It
describes a standard method of tunneling that lets circuit like connections across one
or many Layer 3 networks appear as point-to-point or point-to-multipoint links between
customer locations. The base L2TP protocol consists of a control protocol for dynamic
creation, maintenance and tear-down of L2TP sessions; and data encapsulation to
multiplex and demultiplex Layer 2 datastreams between IP-connected nodes.
L2TP has been focused on narrowband dial-up protocols. L2TPv3 extends L2TP by
letting it run on higher-speed devices such as routers because of reduced overhead
and the related decrease in processing chores. It also adds important new features
such as increasing the session and tunnel ID space from 16 to 32 bits, which
dramatically increases the number of tunnels from 65,000 to more than 4 billion.
With L2TPv3, the physical interface connecting to a customer’s network becomes the
tunnel ingress/egress interface. Consequently, traffic does not need to be routed into
the tunnel by the provider’s router. As packets arrive at the interface, they are
encapsulated and forwarded directly toward the remote tunnel endpoint. Once received
and de-encapsulated, the original packet can be forwarded out of the egress interface
if the tunnel identifier is recognized by the router. If it isn’t, the packet is discarded.
With L2TPv3, companies reap lower-cost services because carriers can offer frame
relay, ATM and Ethernet over a common IP backbone - radically lowering capital and
operational costs. And because L2TPv3 adds no new requirements to the IP transport
infrastructure, it is inherently easier and simpler to implement and support, because
network staff is familiar with IP.
29