I learned about some common access network technologies, So I studied the functions and features of VPN in the access network technology. I would like to share with you here and hope it will be useful to you. As an effective extension of the enterprise network platform, the remote access technology has always played a very important role in our network applications. However, the remote access network technology requires both regional limitations and flexibility as well as sufficient bandwidth. VPN can play a role in this aspect.
As the name suggests, the first problem solved by remote access technology is the limitations of the region. Users no longer need to be in the scope of the enterprise's local network platform, and access enterprise network application services through LAN access. In addition, another problem solved by the remote access technology is flexibility. No matter where the user is-at home or on a business trip in another city, the remote access technology can be used to access the enterprise's internal network platform. To achieve these goals, remote access technology must use public transmission media. In other words, enterprise private network platforms cannot implement this function, although some network technologies can break through the LAN coverage, so that the transmission distance can reach several kilometers or even dozens of kilometers. Regardless of the construction cost, the requirement of Flexibility alone cannot be met by the private network.
◆ Various access channels are emerging
For these reasons, remote access technology has long been using the most common and ubiquitous transmission media-PSTN (public telephone network ). Use Modem analog dialing technology to achieve remote connection. Using PSTN for remote access network technology, users only need to use a telephone line and a common Modem, for users, a one-time investment is very small. Of course, if you want to obtain both the data service and the analog telephone fax service, you have to apply for another number, because in this communication mode, both data and analog communication require an exclusive Channel. Enterprises need to set up remote access devices on the edge of the LAN and provide a certain number of voice relay lines for remote access users to dial in.
Despite years of development, the technology of PSTN remote dial-up access network is a helpless choice for a large number of remote access users. Problems such as insufficient bandwidth, slow access speed, and poor service quality severely impede the development of remote network applications. User complaints are increasing, and remote users need fast and high-quality access methods. Especially with the emergence of emerging network applications in recent years, the requirements for network bandwidth and the sensitivity to latency are getting higher and higher. The maximum speed of PSTN dial-up access is 56 kbps, which is far from meeting today's application requirements. Therefore, some access technologies have emerged. From the use of telephone lines as the transmission media xDSL, to the use of Cable Modem by Cable TV cables, to Ethernet access by man, various new technologies emerge one after another, and the upgrade is extremely fast.
XDSL broadband access includes ADSL, CDSL, HDSL, IDSL, UDSL, and so on. A typical example is ADSL, which is an asymmetric digital user line. ADSL is considered to be one of the access technologies with broad application prospects in the 21st century. It will replace the traditional Modem analog access method and become the mainstream access technology for household and small business applications. Cable Modem is a Cable Modem that modulated data on a Cable, then, the receiver transmits the modulated signal within a certain frequency range of the wired network, parses the data, and transmits it to the receiver within the same frequency range. The transmission mechanism on the physical layer is no different from that on the modem on the telephone line. It also uses FM or am to encode data. As the cable TV network has the advantages of four channels and eight channels, shared media, good line quality and multi-frequency bandwidth, access to the Internet through the cable TV network has become one of the development directions of Access Technology in the next century.
With the widespread promotion of metro construction and information community, Ethernet, as the most mature and economical network technology, is widely used in the area of Metro access. With its bandwidth advantages and breakthroughs in service quality and security, Ethernet technology is extremely competitive in the bandwidth access field. The above broadband access technology is widely used in Internet access, but it cannot be directly used for CEN remote access due to its dependence on the transmission media. For example, if you want to use ADSL technology to achieve remote access to the enterprise network, you must provide your own end-to-end telephone lines to access remote users, rather than using the PSTN Public telephone network. This completely loses the meaning of remote access.
◆ Suitable Remote Access Network Technology for VPN
So can the above broadband access network technology be used for CEN remote access? The answer is yes. The solution is to use the Internet as the transmission carrier and VPN technology to achieve CEN remote access. This solution has the following advantages:
◆ High flexibility
A user can access the Intranet securely at home, on a business trip, or in any other environment as long as the user can access the Internet. It is neither restricted by regions nor by access methods.
◆ High bandwidth
Users can choose to use any broadband access technology provided by the local service provider, whether it is ADSL, Cable Modem, or Ethernet access in the information community or hotel.
◆ High Security
All traffic is encrypted and compressed and transmitted over the network, providing the highest security guarantee for user information. Today's encryption technology has evolved to use the most advanced computer, and it takes more than a century to decrypt it. Therefore, even if your data information may be stolen during transmission, you do not have to worry about leakage of company secrets. In contrast, the traditional PSTN dial-up access method only has regional flexibility, but does not have access flexibility, so the bandwidth is naturally unnecessary. The only thing worth mentioning is that many users believe that point-to-point circuit switched PSTN dial-up connections have higher security than open Internet. As a matter of fact, the telephone eavesdropping technology is almost closely following the appearance of the telephone, and user data may also be stolen in the PSTN network. In addition, do not forget that the data stolen at this time is completely unencrypted.
Therefore, using advanced and mature VPN technology, our enterprise network users can not only remotely access the enterprise network platform anytime and anywhere, but also get rid of the bandwidth restrictions of PSTN dial-up access, fully enjoy the new experience brought about by Internet broadband access. This is indeed an ideal CEN remote broadband access solution.
◆ Achieve remote broadband access
Although the implementation methods may be different, all VPN technologies provide privacy on the shared network infrastructure. The channel creates a logical end-to-end connection in the unconnected IP network. Encrypted channels provide network data and privacy by scrambling data, so that only the specified sender and receiver can understand. As a new industry standard, IPSec provides a scalable layer-3 solution for network encryption. It uses verified encryption technologies such as the secure Encapsulation Protocol (ESP) and Data Encryption Standard (DES) to provide Net Load protection when data is uploaded and transmitted over the network.
Remote Access Network Technology VPN includes two architecture: client-driven connection or Network Access Network Technology Server NAS)-driven connection. With the customer-driven connection, users can establish an encrypted IP channel from their clients through the shared network of service providers to the enterprise network. Using this architecture, users do not need service providers to provide value-added services related to VPN applications.
Another architecture of Remote Access Network Technology VPN defines a NAS-driven channel. In this case, the remote user accesses the service provider's business point POP ). The service provider establishes a secure and encrypted channel to connect to the enterprise network. Using the NAS-Driven Architecture, service providers Verify the identity of users so that they can initially access the enterprise network. However, enterprises still have the right to control their own security policies, authenticate users, grant users access permissions, and track user activities on the network. Using this architecture requires the support of service providers, and there is a problem-the data before the remote users access the service provider's business point is unencrypted. Therefore, if enterprise users want to implement a complete remote Broadband Access VPN solution, we recommend that you use the first architecture, enterprises deploy and control security policies and authenticate, authorize, and monitor remote users.
The VSU products, VPNManager, and VPNRemote of Avaya form the topology of the remote Broadband Access VPN. The enterprise network center uses VPNManager to establish the LDAP authentication directory service system for the entire network or use the RADIUS Authentication System. When a remote user needs to access resources in the enterprise network after accessing the local ISP, the user is installed on the mobile user computer. The VPNremote Client is the LDAP server or RADIUS server that logs on to the network center for verification, then you can access the resources with the corresponding permissions. Then, the remote host sends encrypted information to the VPN device in the enterprise network center over the Internet. When the data packet arrives at the target VPN device, the data packet is unwrapped, and the digital signature is verified and decrypted.
Remote broadband access through VPN
In this solution, VPN devices choose Avaya VPN gateway products, network center using VSU-2000 for high-speed data exchange to meet the needs. VPN devices and mobile users are managed using VPNManager and VPNRemote software. VPNManager can manage the entire VPN network to meet user authentication, and to formulate and modify encryption policies. VPNRemote is installed on a mobile user's computer to provide users with the function of establishing a VPN connection at any location by using any ISP of the access network technology, meeting the needs of mobile users. The Enterprise Network Center no longer needs to establish a dial-in service system to provide dial-in services for remote users.
- Discussion on the Development Trend of optical fiber access technology
- Optical fiber access technology will accelerate the development of broadband
- Broadband Access Technology GPON + VDSL2 will be standard
- Optical fiber access technology learning notes
- Development History and prospects of broadband wireless access technology