Chapter 1

Internet
Contents
• Overview of Internet
• History and Evolution of Internet
• Uses of Internet
• Internet Addresses
• Services of Internet
• Types of Internet connections
• Connecting Internet

Objectives
After completion of this module you will be able to know:
• What is Internet and how it works?
• History and Evolution of Internet
• Services of the Internet.
• Types of Internet connections
• Choose the best connection suitable for you.
• How to connect to the Internet
1.1 Overview of Internet
The Internet is a global computer network made up of smaller computer networks; it has
been called a "Network of Networks."
These smaller networks include:

ƒ Local Area Networks (like networked offices or computer labs, and campus-wide
networks)
ƒ Wide Area Networks (like city-wide networks)
ƒ State and Regional Networks (including regional service providers and others)
ƒ National and International Networks

There is no one inventor of the Internet. The Internet was created in the 1960s as a huge
network linking big university and government computers. The science behind the
Internet was invented during the Cold War, when the United States was in competition
against Russia for weapons and technology. So the Internet is actually pretty old--around
forty years. Much of Internet’s initial development was supported by American
governmental research and network development (beginning with the American military's
ARPANET in 1969).
In fact, email has been around since 1972! In 1989 that Tim Berners-Lee, a scientist at
the European Laboratory for Particle Physics in Geneva, proposed the World Wide Web.
Now Internet Service Providers (ISPs) offer Internet access to their clients, at costs
ranging from Rs 150/- per 6 months to hundreds of rupees per year, depending on the
types of service they offer.
1.2 What are the uses of the Internet?
There are three fundamental uses of the Internet:
Communication
Information Retrieval
Presentation of Information
1.2.1 Communication

The Internet is used both for one-to-one communications (email and real-time "chat"
programs) and one-to-many.

1.2.2 Information Retrieval

The Internet allows access to public domain information, bibliographic databases,
libraries, and entertainment services, as well as to proprietary information services .

1.2.3 Presentation of Information

Any organization connected to the Internet can provide access to its own in-house
information (library catalogs, faculty information, etc.) to millions of people world-wide.
Individuals can also develop and provide their own information packages via their own
home pages.
1.3 Internet Addresses
Every computer, file of information, and person on the Internet is identified by a unique
"address."
1.3.1 Computer Addresses
Computer addresses are made up of three parts (or, in some cases, two parts), separated
by "dots," like this:
computer-name.institution.domain

The computer name is a name given locally to identify a particular computer; it is, in
some cases, omitted from the address. The institution name is the name (or an
abbreviation) of the name of the school, company, or other institution housing the
computer. The domain name specifies either the type or the geographic location of the
computer.
1.3.2 Domain Names
There are several possible "domain" names, including some that identify the type of
institution, and some that identify a geographical location. They include:
edu educational institution
com commercial and profitable organizations
org non-profitable organizations
net Internet infrastructure and service providers
gov governmental agency/department
mil American military agency
int International organizations
us United States
in India
my Malaysia
ca Canada
jp Japan
biz Business
aero aeronautics

1.3.3 Personal Addresses

A person's address (or their email address) places the user's "username" (or "login") and
the symbol "@" before the computer address. For example, a user whose username is
"sundar", who is accessing email from the "bsnl" server of India, would have the
following address:
 [email protected]

1.3.4 Uniform Resource Locators (URL)

Sources of information that are on the World Wide Web or FTP server are identified by
an extended address called a "Uniform Resource Locator" (URL). Here is a typical URL:

http://www.win.org/workshops/internet.shtml

The first part of the URL ("http://") identifies the type of information or protocol (in this
case, it is a hypertext document, available from a HyperText Transport Protocol (http)
server on the World Wide Web). The middle part ("www.win.org") is the basic address,
as described above. The final part ("/workshops/internet.shtml") identifies the directories
within which the document resides ("workshops"), as well as the exact name of the
document ("internet.shtml").
1.4 Internet Services
”Internet services” serve more sophisticated and multi-purpose purposes, and
increasingly make the Internet a truly useful information resource.
1.4.1 Email
It is the Internet's version of the postal service. Using the Internet, it provides the
ability to send a message, reply to a message, send a file created in another
program and/or even send the same message to a group of people.
Some benefits of Email are:
• Speed: A message can be sent from Chennai to Australia in a matter of seconds.
• Cost: Emails are cheap. You are usually only charged for the telephone call time
(local call rate) for sending the message into the Internet, and not the cost
associated with transferring the message across the Internet.
• Flexibility: It is easy to send duplicates of your messages to other people or
groups for the cost of a single message.
• Record keeping: Messages sent and received can be easily stored for future
reference.

In order to use Email, you will need Internet access arranged through an Internet
Service Provider (ISP), who will allocate you one or a number of Email accounts. To
be able to retrieve and send mail from these addresses, a user will need what is known
as Email client software and your ISP usually provides this although nowadays most
computers come with it pre-installed.
1.4.2 Mail Lists
These use email to support discussion groups on a wide range of specific subjects.
Once you are becoming a subscriber of a mailing list, you will receive lot of emails
related to the subject covered by the mailing list.

1.4.3 FTP
FTP was the original Internet mechanism for the storage and retrieval of
information. There are still many FTP Sites around the Internet, although many of them
have been melded into the World Wide Web. In computer science, FTP stands for "File
Transfer Protocol," which is a way of transferring files between computers. A file can be
anything -- a spreadsheet, a word document, a song, or a picture. When someone says
"Please FTP me that file," for instance, that means "Please transfer that file from your
computer to mine." To FTP, you usually need to download a special program, or
application. You also usually need a password to be able to access or send information to
someone else's computer.
1.4.4 Gopher
Gopher was developed at the University of Minnesota, primarily to support its
own Campus Wide Information Server (CWIS). It provides access to information
available either locally or elsewhere on the Internet by means of a simple series of
uniformly designed menus.
1.4.5 Instant Messaging (IM)
IM is a way for you to communicate instantly with your friends over the Internet.
That might not sound so different to email. Have you ever noticed how
cumbersome it is to have a brief conversation via email? You have to click Reply
to each message, then find the right spot in the message to type something new,
then send it. Then you have to wait for the next message to arrive! IM lets you to
have a conversation almost as naturally as on the phone or face to face, by typing
messages into a window shared between you and your friend's screens.
Another difference between IM and email is that with IM you can see your
friends' presence, that is, whether they are actually on-line at the same time as you.
This lets you send messages truly instantly, instead of sending off a mail and
having to wait for your friend to check their mailbox. An IM message pops up on
the other person's screen as soon as you send it. Of course, if you'd rather not be
interrupted, you can change your own presence so others will know not to disturb
you.
There are lots of other fun and useful IM features you can explore, like group
chats, file transfers, voice calls, video conferencing and emoticons that reflect
your mood.
1.4.6 IRC
IRC stands for "Internet Relay Chat". It has been used in many countries around
the world. IRC is a multi-user chat system, where people meet on "channels"
(rooms, virtual places, usually with a certain topic of conversation) to talk in
groups, or privately. There is no restriction to the number of people that can
participate in a given discussion, or the number of channels that can be formed on
IRC.

1.4.7 Newsgroups
The Internet has a place where we can gather, question, and discuss our
experiences within a wide variety of topics. It's called Usenet News. Some users
also call it Net News.

Think of Usenet News as a giant, worldwide bulletin board. Anyone can freely
post something on this bulletin board. Everyone else can read the posted items
and add their own items. These voluntary contributions and free exchange of
 information are the foundation of the Internet. Usenet News allows people on the
Internet to share their opinions and experiences, openly and freely, on a level
playing field. No one has priority or seniority over anyone else. Usenet News
gives everyone an equal opportunity to participate in the discussions.

When you send an e-mail message, the only people who can read it are the
recipients (for the most part). When you post an article on Usenet News, every
person on the Internet could read it and respond to it. Not that they ever would,
but they could. That's a lot of people and a lot of opinions, and only a few of them
come from true experience.

There are tens of thousands of newsgroups. Some of them are applicable to a

global audience; others are more applicable to a country, city, or organization.
Most of the newsgroups are available to everyone on the Internet. However, some
of the newsgroups have a limited audience.

1.4.8 Voice over IP

Voice over IP (Voice over Internet Protocol or "VoIP") technology converts voice
calls from analog to digital to be sent over digital data networks. In Voice over IP,
or VoIP, voice, data, and video all travel along the network.

1.4.9 World Wide Web (WWW)

The newest information application on the Internet, the WWW provides
standardized access to Gopher, FTP, Telnet and more by means of home pages
designed either by institutions or by individuals. By means of the HyperText
Markup Language (HTML), it allows users to "point" at highlighted terms,
following "links" to whatever information interests them. It is a multimedia
environment, allowing Internet users access to audio and video materials. There
are a number of client software packages (or browsers), including Lynx (a text-
only browser), Netscape, and Microsoft's Internet Explorer, (which are
multimedia browsers).

1.5 Types of Internet connections

The options for providing user connectivity to the Internet are given below:

1. Terminal Dialup/Modem (Shell connection)

ƒ Most common option
ƒ User requirements limited to modem and communications software
ƒ Text-only access
ƒ Shell accounts were more popular before the advent of the Web. A shell
account lets you use your computer much as if it were a virtual console
associated with a remote computer. You can type commands, which are
interpreted by the remote computer, and view the resulting output on your
 computer. Although a few web browsers, such as Lynx, can operate via a
shell account, they don’t generally support the highly graphical,
multimedia pages which web surfers have come to expect.
2. SLIP (Serial Line Internet Protocol)
ƒ Computer is treated as though it were directly connected for the period it
is online
ƒ Utilizes telephone lines
ƒ User must have modem, TCP software, SLIP software, & software for
Internet applications
ƒ Multimedia access
3. PPP (Point-to-Point Protocol)
ƒ Computer is treated as though it were directly connected for the period it
is online
ƒ Utilizes telephone lines
ƒ User must have modem, TCP software, PPP software, & software for
Internet applications
ƒ Multimedia access
ƒ While your computer is connected to the Internet, you can use it to surf the
Web with your favorite browser. If your ISP allows, you can even run a
web server, providing pages that can be viewed by others around the
world.
4. ISDN (Integrated Services Digital Network)
ƒ Most often used to connect remote telecommuters to office LANs
ƒ Requires ISDN phone line access
ƒ Faster than analog terminal dialup/modem service
ƒ User must have ISDN phone line, ISDN card, communications software,
TCP software & SLIP or PPP software multimedia connectivity
5. DIAS
ƒ The DIAS offers a wire-line solution for high speed symmetrical Internet
access on the existing telephone lines. It provides an "always on" internet
access that is permanently available at customer's premises. DIAS
combines voice and internet data packets on a single twisted pair wire at
subscriber premises that means you can use telephone and surf internet at
the same time.
6. Cable Modem
ƒ The term “Cable Modem” is quite new and refers to a modem that
operates over the ordinary cable TV network cables. Basically you just
connect the Cable Modem to the TV outlet for your cable TV, and the
cable TV operator connects a Cable Modem Termination System (CMTS)
in his end (the Head-End).
ƒ Actually the term “Cable Modem” is a bit misleading, as a Cable Modem
works more like a Local Area Network (LAN) interface than as a modem.
ƒ In a cable TV system, signals from the various channels are each given a
6-MHz slice of the cable’s available bandwidth and then sent down the
cable to your house. When a cable company offers Internet access over the
cable, Internet information can use the same cables because the cable
modem system puts downstream data – data sent from the Internet to an
 individual computer – into a 6-MHz channel. On the cable, the data looks
just like a TV channel. So Internet downstream data takes up the same
amount of cable space as any single channel of programming. Upstream
data – information sent from an individual back to the Internet – requires
even less of the cable’s bandwidth, just 2 MHz, since the assumption is
that most people download far more information than they upload.
ƒ Putting both upstream and downstream data on the cable television system
requires two types of equipment: a cable modem on the customer end and
a cable modem termination system (CMTS) at the cable provider’s end.
Between these two types of equipment, all the computer networking,
security and management of Internet access over cable television is put
into place.
7. Digital Subscriber Line (DSL) connection.
ƒ DSL is a very high-speed connection that uses the same wires as a regular
telephone line.
ƒ Here are some advantages of DSL:
1. You can leave your Internet connection open and still use the
phone line for voice calls.
2. The speed is much higher than a regular modem
3. DSL doesn’t necessarily require new wiring; it can use the phone
line you already have.
4. The company that offers DSL (e.g. BSNL) will usually provide the
modem as part of the installation.
ƒ But there are disadvantages:
1. A DSL connection works better when you are closer to the
provider’s central office.
2. The service is not available everywhere.
ƒ Other types of DSL include:
1. Asymmetric DSL (ADSL) line – The connection is faster for
receiving data than it is for sending data over the Internet
2. Very high bit-rate DSL (VDSL) – This is a fast connection, but
works only over a short distance.
3. Symmetric DSL (SDSL) – This connection, used mainly by small
businesses, doesn’t allow you to use the phone at the same time,
but the speed of receiving and sending data is the same.
4. Rate-adaptive DSL (RADSL) – This is a variation of ADSL, but
the modem can adjust the speed of the connection depending on
the length and quality of the line.
8. Direct Connection (Leased circuit)
ƒ Most often used to connect sites within a specific organization; such as a
university or business requires owning or leasing of cable (from 64 kbps to
T-3) users typically connected via Ethernet LANs multimedia connectivity
at its fastest.
9. Satellite connections
ƒ This connection allows you to download Internet files via a satellite
connection. This is an efficient method for receiving large Web graphics
and other items, but you still need a modem connection for other features.
 You must purchase the connection hardware as well as subscribe to the
service.
10. Wireless connections
ƒ Pagers, cellular phones and personal digital assistants (PDAs) now allow
varying levels of Internet access, from notification of E-mail to limited
Web connections. Many of these services remain in the experimental stage.

The PPP connection is called as TCP/IP connection or PSTN dial-up connection.

ISDN connection is called as ISDN dial-up connection. Cable Modem, DSL and
Direct Connection are always-on connection.

The words “connection” and “account” related to Internet are interchangeable.

1.6 Comparisons of Internet accounts

You can compare the two types of Internet accounts - shell and PPP - with two
kinds of postal service.

Imagine that no mail carrier actually comes to your home to pick and deliver mail.
Instead, every time you want to conduct postal business, you go to the post office.
This resembles a shell account: The computer that connects you to the Internet is
remote, and every time you want to do something on the Internet you must open a
terminal, or telnet, session to that computer. PPP, on the other hand, is like home
delivery: The Internet comes right to your doorstep, and your computer is literally
placed on the Internet by the machine at your ISP that you connect to.

Under Microsoft Windows, you use hyperterminal to access a shell account and
Dial-Up Networking to access a PPP account. Under Linux, you can choose from
among several programs that let you access a shell account. The most commonly
used programs are minicom and seyon. To access a PPP account under Linux, you
use the PPP daemon, pppd.

If you are one of the first users to connect to the Internet through a particular
cable channel by using Cable Modem Internet connection, then you may have
nearly the entire bandwidth of the channel available for your use. As new users,
especially heavy-access users, are connected to the channel, you will have to
share that bandwidth, and may see your performance degrade as a result. It is
possible that, in times of heavy usage with many connected users, performance
will be far below the theoretical maximums. The good news is that this particular
performance issue can be resolved by the cable company adding a new channel
and splitting the base of users.

Another benefit of the Cable Modem for Internet access is that, unlike ADSL, its
performance doesn't depend on distance from the central cable office.

ADSL is a distance-sensitive technology: As the connection's length increases,

the signal quality decreases and the connection speed goes down. The limit for
 ADSL service is 18,000 feet (5,460 meters), though for speed and quality of
service reasons many ADSL providers place a lower limit on the distances for the
service. At the extremes of the distance limits, ADSL customers may see speeds
far below the promised maximums, while customers nearer the central office have
faster connections and may see extremely high speeds in the future.

1.7 Choosing an Internet Connection

(Modem, ISDN, Cable, DSL - ASDL/SDSL)

As the Internet becomes increasingly popular with every day that passes, it is now
considered as one of the best ways to do business (e-commerce), network (by
email), and build partnerships (on-line collaboration).

It is arguably, some would say, the most efficient way of gathering information
for a wide range of business uses and to interact with customers. One of the main
issues today is what is the best way to connect to and use the Internet to its full
potential with a view to speed and reliability?

Unfortunately, because of the poor quality of the existing telephone network that
connects us to the Internet, the speed at which information (web pages, images etc)
appears on your screen is slow compared to the latest technology available.

Ultimately, DSL (see below) will be the solution that will provide us all with a
connection up to ten times faster than the speed at which information arrives to
you with a regular modem.

As new technology becomes available almost every week, the awareness of the
difference between the performance (speed), costs and availability is still
unknown to many people and consequently we face problems deciding which
connection is best for our business needs.

(i) PC Modem - up to 56kbps

The PC Modem is the standard way of connecting to the Internet but is now the
slowest. The fastest type of standard modem is 56kbps, these are included as
standard with all new PC's; but if you do not have one they can be bought from
around £15-20 upwards.

If you are currently using a modem below 56k (which is unlikely) then the
difference in speed will be very noticeable. There is nothing negative about using
standard PC modems but the speed may be a crucial factor if time is valuable to
your business or if downloading large or numerous files (images, emails, etc) is
what you require.

(ii) ISDN (Integrated Service Digital Network) - 64/128kbps

 ISDN provides a solution by offering two high-speed lines capable of running at
64kbps each through your existing phone network. The advantage of this is that
each line can be connected to a different source (e.g. two computers, a computer
and a telephone/fax or two telephones). Another feature that may interest you is
that the lines can be used simultaneously from a single computer giving a speed of
128kbps. This would be useful should you need the extra speed to work quicker
over the Internet at a specific time, or for downloading large images and files.

This service requires you to remove your existing modem (if you have one) and
replace it with an ISDN card that can be found from most large PC stores.

ISDN appears expensive in comparison to ADSL/broadband, but the two phone

lines that come with it can be invaluable to a small business. If ADSL is not
available in your area, then ISDN offers an effective solution.

(iii) Cable Modem- up to 600kbps

Cable offers greater speeds but has the initial problem of availability. Just like
Cable TV, you can only receive the service if you live within a cable operator's
franchise area. Should you find that you are one of the 'chosen few' you may
consider this over ADSL (see below) because of the cheaper operating costs;
although you should check carefully because prices are always changing.

In cable Modem connection, speeds of up to 2Mbps can be achieved in the future.

In order to use cable you will need two things: A cable modem and a Network
Interface Card (Sometimes referred to as NIC's).

You do have to bear in mind the future and consider the following: Once all
subscribers in your area have all been connected to the Cable Modem connection,
the speed of the service will run at slower rates (kbps). This is because the amount
of information that the Cable can carry at one time is shared with all those
connected to it. However, you could also consider that there may be further
advances in the technology to change this.

(iv) ADSL - Over 256 kbps

This connection improves the speed at which you can download/upload

dramatically compared to the standard PC modem. ADSL uses your existing
phone line but gives you the added advantage of being able to use the phone/fax
at the same time as being connected to the Internet: the connection time to the
Internet is instant as ADSL is "always on" meaning that you can start surfing the
net as soon as you turn on your computer.

Using such a connection will involve extra hardware such as a box that fits to
your wall that you plug a USB modem (also needed) into which will then connect
to your computer.
 When you connect to ADSL you also get a new phone line, which can be
beneficial to many small businesses. The use of this line does not affect the ADSL
connection either.

Broadband is available in all cities. However, you should check availability in

your area before discounting ISDN or 56k.

ADSL gives faster downloading speeds (receiving) than uploading speeds

(sending).

(v) SDSL - upto 2Mbps

This service was released in early 2004 -- aimed at businesses -- allowing users to
enjoy the same uploading (sending) speeds as it was capable of downloading
(receiving).
This service is beneficial to businesses that frequently send large files via the
internet: the current connection may be causing the network to suffer huge strain
when transporting such files.
Subscribers can sign up for speeds varying from 256kbps to 2Mbps, depending on
preference.
This service is much more expensive than ADSL broadband and should only be
considered if there is an instant need for the service.

1.8 How to Connect to the Internet and World Wide Web

Before you can connect to the Internet and access the World Wide Web, you need
to have certain equipment. In brief, you must have a computer (preferably running
an up-to-date operating system); a modem and access to a telephone line or a local
area network (LAN) that is in turn connected to the Internet; and connection
software that will allow you to establish an account with a service provider and
access the Internet.

A modem is not needed when accessing the Internet through a LAN.

1.8.1 The Right Hardware

To operate most of the current Web browsers and on-line services, you should
have a computer with at least 32 megabytes (MB) of random access memory
(RAM) and 2 GB of free hard disk space. If you are unsure of how much RAM
and disk space your computer has, consult your user's manual.

If you are accessing the Internet outside of a LAN environment, you will need a
modem that will connect you with other computers and interpret the data being
sent back and forth. Any modem that is compatible with your computer will do,
though the higher the kilobits per second (kbps) rate of your modem, the faster it
will transmit data. Modem speed is an important consideration when accessing
 sites on the Web that contain lots of digitized data. If you are looking to purchase
a modem, buy the fastest model you can afford.

You must also have access to a live telephone line. Most modems accept the same
jacks as do ordinary household telephones, allowing you to connect your modem
to a wall jack using standard phone cord. Some cable TV providers have begun
offering Internet connections via cable. Such connections provide much faster
transmission speeds than standard phone lines, though you will need a special
modem that allows you to link your computer with the cable. If you are interested
in a cable Internet connection, contact your local cable operator to see if the
service is available in your area.

You have to purchase ADSL modem/router if you are going for ADSL Internet
connection.

You can also connect to the Internet through a LAN with Internet access. If you
are unsure as to the capacities of your LAN to do this, contact your site's systems
administrator.

1.8.2 The Right Software

For best results, make sure that your computer is running the most up-to-date
operating system that it can handle. If you have an IBM PC/PC compatible
computer, it should be running Microsoft Windows NT, Windows 95/98/Me,
Windows 2000 or Windows XP. You can use Linux Operating System also. If
you have a Macintosh, it should be running System 8 or higher.

To make your connection complete, you will need connection software that
allows your computer to dial into an Internet access provider, establish an account,
and work with the data in a straightforward manner. Many access providers will
give you software that will allow you to access their systems using an all-in-one
custom interface. Some software are bundles with Operating System also. Others
may give you a collection of separate software packages that can be used together.
But whatever software they provide, be sure that it is compatible with your
computer and operating system before attempting to use it.

1.8.3 The Browser

As you surf the Web, you will come across sites that state, "This site is best
viewed with…" and then name a particular browser. Many will even provide a
link to a site where you can download the specified browser.
Sites make these recommendations because some browsers use special protocols,
allowing site creators to offer extra features beyond the standard capabilities of
hypertext markup language (HTML). Chief among these browsers are Netscape
Navigator' Microsoft Internet Explorer, Opera and Mozilla Firefox.

1.8.4 Plug-ins
 The Netscape Navigator, Mozilla Firefox and Microsoft Internet Explorer
browsers allow for the use of plug-ins, or extra software applications that run as if
they were an integral part of the browser.

Browsers also use helper applications that, while not as integral as plug-ins,
enhance the browser's capabilities by launching when needed. Helper applications
allow your browser to play sound and video files, display animation and other
graphic formats, or access special Internet features such as TELNET. Most Web
sites that require the use of helper applications will provide links to sites where
you can download the necessary software.

Chapter 2

Internet Account Tariff

Contents

• Types of Internet connections offered by BSNL

• Tariff for the various connections

Objectives
After completion of this module you will be able to know:
• Types of Internet connections offered by BSNL
• Different tariff for different Internet connections

2.1 Internet Accounts

The different type of Internet accounts offered by BSNL is given below:

Leased line Enjoy round the clock internet connectivity at speeds varying from 64
access Kbps to 45 Mbps. various plans are available to suit different needs.
ISDN dial backup packages for Internet Leased Line Customers are
also available.

Direct Internet BSNL also provides DIAS in selected cities of the Country. The DIAS
Access (DIAS) offers a wire-line solution for high speed symmetrical Internet access
on the existing telephone lines. It provides an "always on" internet
access that is permanently available at customer's premises. DIAS
combines voice and internet data packets on a single twisted pair wire
 at subscriber premises that means you can use telephone and surf
internet at the same time.

Account free Duration based Dialup Internet Service(CLI based) is a unique

Internet dial up method providing Internet service in which the Customer can access
access based on the Internet service from any telephone through dial up. The service
CLI allows automatic registration on first LOGIN. The authentication will
be based on CLI of the telephone with the password supplied by the
caller. The charging is totally usage based and the service is a post paid
service like normal PSTN. The billing will be separating based on the
duration of use and will be charged to telephone bill (CLI based) as
Internet access charge at the prescribed rate. The service is available in
selected cities. The access no. of this service is '172222' in all cities.

CLI based dial up internet service is also available for ISDN customers
now. The access no. of this service is '172223'

BROADBAND Broadband service is based on DSL technology (on the same copper
connection cable that is used for connecting telephone). This provides high speed
internet connectivity upto 8Mbps. This is always - on internet access
service with speed ranging from 256Kbps to 8 Mbps.

SANCHARNET BSNL has also launched ”SANCHARNET CARD" recently. The

CARD Sancharnet Card" is a prepaid Internet Access Card with following
features for customers:

• Self-register for internet access with your choice of user id

• Renew your existing Sancharnet Account
• Wide Range of Internet Access Packages

2.2 Tariff for various Internet accounts

The tariff for various Internet accounts offered by BSNL is given below:

2.2.1 Tariff for Direct Internet Access Services (DIAS)

DIAS is presently available in 42 cities across India.

Tariff for the DIAS will be as detailed below (applicable from 01.06.2005):
 Plan-0
Plan-I Plan-II Plan-III
(Starter)
Activation Charges (non refundable) Rs.500 Rs. 500 Rs.500 Rs. 500
Security Deposit Nil Nil Nil Nil
Monthly Rental Per user Rs.300 Rs.500 Rs.900 Rs. 3000
Free Usages per month 0.5 GB 1.0 GB 2.0 GB Unlimited
Additional Usages charges per MB Rs.2 Rs.2 Rs.2 N.A

• The DIAS services shall be offered to the PSTN subscribers of BSNL, on the
same copper pair as is being used for their DELs at present.
• In case of disconnection of BSNL PSTN connection this DIAS connection is also
to be surrendered. In case of disconnection of telephone for non-payment etc.,
DIAS facility should also be disconnected.
• This tariff includes internet usage charges. The subscriber need not pay any
additional amount for
(i) PSTN Dialup Access for internet
(ii) Port charges for Internet Leased Line.
• This tariff is for connection of subscribers to Internet nodes of BSNL.
• Wherever it is not technically feasible to measure the usage, the present tariff will
remain applicable. However, whenever it will be technically possible to apply
usages based tariff, subscribers of DIAS should be intimated well in time by
giving time period of one month for switchover from existing tariff to the tariff
based on usage as above.
• This tariff will be reviewed after six months.

2.2.2 Tariff for Account free Internet Dial up access based on CLI

• Usage charges for Internet access through BSNL's sancharnet: 10 paise per
minute

Note: The subscribers will be charged at these usage charge over and
above normal PSTN dial up charges.

• The tariff of CLI service for ISDN (with effect from 1st September 2005):

ISDN Type Tariff for CLI (Rs. Per Minute)

64 kbps 0.20
128 kbps 0.40
192 kbps 0.60
256 kbps 0.80
 Note: The above CLI based Internet tariff is in addition to the already applicable
ISDN tariff.

2.2.3 Tariff for Internet Access Local Calls

The tariff for internet access local calls [Calls made to internet access numbers like
172XXX] are given below:

Packages Peak Hours Off Peak Hours

Period (Hr) Pulse (Seconds) Period Pulse
(Hr) (Seconds)
Standard (TRAI) 0800-2000 120 2000- 180
0800
BSNL Package 0730-2230 450 2230- 900*
(with effect from 0730
21.10.2004)
* 600 seconds for E10B exchanges
Service Tax as applicable shall be extra
2.2.4 PSTN & ISDN Limited Access Dialup packages with 4 MB
E-mail space

The uniform tariff shall be applicable for all new customers. All new connection shall be
provided as per the tariff applicable on the date of new connection/renewal. All
instructions issued from time to time by BSNL shall remain applicable.
PSTN Dialup Access - Limited Access
Free access from 1100 PM to 0800 AM on Weekdays and for full day on Sunday and
National Holidays
S.N. Brand Name Denomination Hrs Validity Charges
1. Corporate 1000 2 yr 4500
2. Gold Pass 500 2 yr 2300
3. Silver Pass 200 2 yr 1000
4. Executive 100 2 yr 500
5. Regular 50 1 yr 250
6. Temporary 25 6 months 150
ISDN Dialup Access at 64 kbps - Limited Access
S.N. Brand Name Denomination Hrs Validity Charges
1. Corporate 1000 2 yr 8000
2. Professional 500 2 yr 4500
3. Personal 100 2 yr 1000
ISDN Dialup Access at 128 kbps - Limited Access
S.N. Brand Name Denomination Hrs Validity Charges
1. Corporate 1000 2 yr 16000
2. Professional 500 2 yr 9000
3. Personal 100 2 yr 2000
• Service Tax as applicable shall be extra
• One User ID and e-mail ID per package except for Corporate Package
where it is 2.
• Simultaneous logins per user ID shall be 2.
• E-mail space per e-mail ID shall be 4 Mb
• Free web space for user ID shall be 1 MB
• Free access between 2300 hrs to 0800 hrs on weekdays and for full day on
Sundays and National Holidays.

Internet P.C.O. (BSNL.) - Rs. 10 per 20 minutes or part thereof

2.2.5 PSTN & ISDN Limited Access Dialup packages with 10 MB
E-mail space

PSTN Dialup Access - Limited Access

S.N. Package Hours Validity Charges Rs.
1. Corporate 1000 1 yr 5000
2. Gold Pass 500 1 yr 2500
ISDN Dialup Access at 64 kbps - Limited Access
S.N. Package Hours Validity Charges Rs.
1. Corporate Mail 1000 1 yr 9000
2. Professional Mail 500 1 yr 5000
ISDN Dialup Access at 128 kbps - Limited Access
S.N. Package Hours Validity Charges Rs.
1. Corporate Plus Mail 1000 1 yr 18000
2. Professional Plus Mail 500 1yr 10000
• Service Tax as applicable shall be extra
• One User ID and e-mail ID per package except Corporate Package.
• One user ID and two E-mail IDs with Corporate Package.
• Simultaneous logins per user ID shall be 2.
• E-mail space per e-mail ID shall be 10 Mb
• Free web space for user ID shall be 1 MB
• Free access between 2300 hrs to 0800 hrson weekdays and for full day on
Sundays and National Holidays.

2.2.6 PSTN & ISDN UNLIMITED ACCESS Dialup packages with

10 MB E-mail space

PSTN Dialup Access - Unlimited Access

S.N. Package Hours Validity Charges Rs.
1. Enterprise Mail Unlimited 6 months 9000
ISDN Dialup Access at 64 kbps - Unlimited Access
S.N. Package Hours Validity Charges Rs.
1. Enterprise Mail Unlimited 6 months 16000
ISDN Dialup Access at 128 kbps - Unlimited Access
S.N. Package Hours Validity Charges Rs.
1. Enterprise Plus Mail Unlimited 6 months 32000
 • Service Tax as applicable shall be extra
• One User ID and one e-mail ID per package.
• Simultaneous logins restricted to one.
• Access restricted from two specified telephone numbers (CLIP restriction).
• 10 MB e-mail space
• 1 MB webspace

2.2.7 ISDN UNLIMITED ACCESS Dialup with FIXED IP

and 10 MB E-mail space
ISDN Dialup Access at 64 kbps-Unlimited Access
Package Denomination Hrs Validity Charges Rs.
Fixed IP Address Unlimited 6 months 30,000
ISDN Dialup Access at 128 kbps-Unlimited Access
Package Denomination Hrs Validity Charges Rs.
Fixed IP Address Unlimited 6 months 54,000
• Service Tax as applicable shall be extra
• One User ID and one e-mail ID per package.
• Simultaneous logins restricted to one.
• Access restricted from two specified telephone numbers(CLIP restriction)
• Fixed IP address assigned on access (customer has to apply for IP address
separately)
• 10 MB e-mail space
• 1 MB webspace

2.2.8 Tariff for Broadband services

BSNL has decided to revise packages of ADSL Broadband Services 'DataOne' for Home and Business
users
with different Bandwidth (BW) options and download capacities with effect from 16-08-2005. The revise
offer and new packages are as under:

A. Initial and other charges:

Installation charges Rs 250 (In case of modem from BSNL)

Modem Rental

(a) Monthly Rental Rs 100 (Type I Modem)

(b) Security Deposit (Refundable) Rs 500

Shifting Charges Nil (Withdrawn w.e.f. 15/07/05)
Change of Plan Charges Nil (Withdrawn w.e.f. 09/06/05)
B. Demand Note to New Dataone Customers:

At the time of issue of Demand Note, following charges are to be collected:

a) Installation charges (As applicable)

b) Security Deposit of the Modem (If Applicable)
c) Refundable Security Deposit for One month rental as per the plan (As applicable) subject to
maximum of Rs. 5000. No Security deposit is to be collected for Home 250 & Home 500
plans.

C. DataOne - Home Plans

Particulars Tariff in Rs.

Home 250 Home 500 Home Home Home
(New) 1000
1800 3300
Bandwidth 256 Kbps 256 Kbps 384 Kbps 512 Kbps 1 Mbps
Monthly Charges (Rs) 250 500 1000 1800 3300
Annual Payment Option to 2500 5000 10000 18000 33000
Customers (Rs)
Download/ Upload Limit (GB) 0.4 GB 1.0 GB 2 GB 5 GB 10 GB
Additional Usage Charges/MB 1.40 1.20 1.00 0.80 0.80

Beyond free Download/Upload

Limit (Rs)
Free E-mail IDs/Space (Per E- 1/5 MB 1/5 MB 1/5 MB 1/5 MB 2/5 MB
mail ID)
Security Deposit NIL NIL 1 month 1 month 1 month
rental rental rental
Night Unlimited (0200- 0800 Not Available Available Available Available
Hrs) Available
Minimum Hire period Three Three One One One
months months month month month

D. DataOne - Business Plans

Particulars Tariff in Rs.

Business Business Business Business Business
700
(New) 1200 3000 5000 9000
Bandwidth 256 Kbps 256 Kbps 512Kbps 1 Mbps 2 Mbps
Single /Multi User-(SU/MU) SU SU MU MU MU
Monthly Charges (Rs) 700 1200 3000 5000 9000
 Annual Payment Option to 7000 12000 30000 50000 90000
Customers (Rs)
Download/ Upload Limit (GB) 2 GB 4 GB 10 GB 20 GB 40 GB
Additional Usage Charges/MB 1.20 1.00 0.80 0.60 0.60

Beyond free download/upload

limit (Rs)
Free E-mail IDs/Space (Per E- 1/5 MB 1/5 MB 2/5 MB 2 / 5 MB 4 / 5 MB
mail ID)
Static IP Address (On request) Not Not Not One One
Available Available Available
Web hosting space (On request) Not Not Not 5 MB 5 MB
Available Available Available
Domain Name (On request) Not Not Not One One
Available Available Available
Security Deposit 1 Month 1 months 1 month 1 month Rs 5000
rental rental rental rental
Minimum Hire period One One One One One
month month month month month
- Service Taxes extra.
- Billing for the service will be included in the normal Bfone bill. The billing cycle shall be
monthly for Dataone customers. Monthly rentals and usage charges will be billed in
arrears.

E. Modem on Outright purchase:

Only Modem Type I with One ethernet port will be available for sale / rental to customers for the
present.

F. Conditions for providing Home plan or Business plan:

1. Either Plan can be taken by the subscribers having telephones in individual names working
at homes/residences used for personal use/purpose.
2. Subscribers having telephones in the name of Company, firms, shops, educational institutes
or any other commercial entity can take only Business Plan. They are not eligible for
Home Plan.
3. Telephones working in individual names at commercial/ business/ office premises are also
not entitled for Home Plans.
4. Home plan can be taken on Bfones in name of Government/company but actually working
at residences of their employees. An undertaking shall have to be given by the customer in
this regard.

G. Registration Fees:
 A registration fee of Rs. 100 shall be charged which will be adjusted in the first demand note.

H. Waiver of Installation charges:

Installation charges of Rs. 250 are waived off for all new broadband customers between 16th August
2005 and 30th September 2005.

All other terms and conditions will remain same. The above tariff will be valid until 31/03/2006.
 Chapter 3

MODEM
Contents

• MODEM fundamental
• Types of MODEMS
• Interface
• Connections

Objectives
After completion of this module, you will be able to know:
• MODEM fundamental
• The two types of MODEMS
• Different types of interfaces
• Different types of connections
3.1 MODEM fundamental
Acronym for MODulator / DEModulator which describes the method used to convert
digital data used by computers into analog signals used by the phones and then back into
digital data once received by the other computer.

The above pictures help represent a digital signal and an analog signal. All computer data
is stored and transmitted within the computer in digital format 1s and 0s. In order for this
data to be transmitted over analog phone lines the data must be transmitted into an analog
signal which is the noise you hear when connecting to another computer. Once the other
computer receives this signal it will then translate the signal back into its original digital
format.

Typical modems are referred to as an asynchronous device. Meaning that the device
transmits data in a intermittent stream of small packets. Once received the receiving
system then takes the data in the packets and reassembles it into a form the computer can
use.

Stop Data Start Stop Data Start

1 bit 8 bits 1 bit 1 bit 8 bits 1 bit
Packet Packet
10 bits 10 bits

The above chart represents how an asynchronous transmission would be transmitted over
a phone line. In asynchronous communication 1 byte (8 bits) is transferred within 1
packet which is equivalent to one character. However for the computer to receive this
information each packet must contain a Start and a Stop bit therefore the complete packet
would be 10 bits. An example of what the above chart would transmit is the word HI
which is equivalent to 2 bytes (16 bits).
3.2 Types of MODEMs
There are two types of modems used in all computers.

Internal: Modem which would be plugged into a slot located within or on the computer.

External: Modem which is located within a box and is hooked up externally to the
computer generally VIA the Serial Ports.

3.3 Purchasing Tips

Before purchasing a modem take the following into consideration. Today with the
popularity of the Internet and multimedia over the Internet, broadband is becoming
widely available. If available in your area you may want to consider purchasing a
broadband solution such as DSL available through BSNL or third party company, Cable
available through your local cable provider, Satellite available through a third party .

If a broadband connection is not available in your area, then modem can be purchased.
The details about modems are given below:

3.3.1 Standards

Originally when the 56k connection was introduced there was not a set standard between
two major modem manufactures causing there to be two different technologies, X2 and
KFlex. Each of these technologies allowed for a modem to connect to higher speeds
however only if the Internet Provider supported the technology. Because of the
difficulties and issues with these two different technologies one technology emerged out
of the two called V.90. This technology will allow users of any brand of modem to
connect at higher speeds.

Today all modems (purchased new) are V.90 and this is no longer a concern.

3.3.2 Interface
Interface can be an important when considering purchasing a modem. It is important that
your computer has the available connections and resources when purchasing a modem.

3.3.2.1 PCI / ISA (Internal)

PCI / ISA modems are modems which are found in most computers today. These
modems are installed internally into the computer with an available connection on the
back of the modem for the phone line.

When purchasing this type of modem it is important that you verify your computer has
the available connection for this modem within the computer (PCI or ISA). In addition
verify that your computer has the available resources. You can sometimes see difficulties
installing a modem if a serial device such as a Serial mouse or Serial PDA is connected to
the computer.

3.3.2.2 Serial (External)

A serial modem connects to the serial port located on the back of the computer. These
modems are generally easy to install however cost more then an internal modem as you
can pay additional money for the plastic cover.

When purchasing this type of modem it is important that you verify your computer has an
available serial connection on the back of the computer, devices such as a serial mouse
may already be utilizing your serial port. Some computers may have two serial ports, if
this is the case and only one serial port is currently being utilize, verify that the second
port can be enabled or is already enabled in CMOS.

3.3.2.3 PC Card (PCMCIA)

Solution used with portable computers PC Card modems are fairly cheap and relatively
easy to install in the computer.

If a modem is already present in your portable computer however you wish to upgrade or
the internal modem has gone bad it is important that you verify the pre-existing modem
can be disabled before installing the new modem.

3.3.2.1 USB

A new solution USB allows a user to install up to 127 devices on the computer and is
available for PC and Mac. Before purchasing this solution verify that your computer has
a USB connection. If no USB connection is available an additional card will need to be
installed in the computer.
3.3.3 Connection

The connection can differ depending upon the type of modem purchased with the
computer.

3.3.3.1 Internal / External / USB modem

Today all modems have a RJ-11 connection which is a standard phone connection on the
modem. If important to you, verify that the modem has two available RJ-11 connections.
One of these connections will connect the modem to the phone and the other can be used
for an office phone. This can be very useful for home or office computer that may need a
phone next to it.

3.3.3.2 PC Card modem

When purchasing a PC Card modem the connection can be a very important factor
consideration. Below we have listed the pros and cons of each of these connection types.

3.3.3.3 Dongle

A commonly found solution for PC Card modems, however a very burdensome solution.
The Dongle is an additional card that connects from the PC Card to a small opening for a
RJ-11 connection. While a good thought we find that these connections get lost often.
The pro of this solution is a very sturdy connection and a solution that will allow only a
Type II slot to be used allowing and additional slot free for another card.

3.3.3.4 Standard

Standard connection like a desktop modem allows for a phone line to be connected
directly to the modem. This solution allows for no additional cables. The con to this
solution is that these cards will generally occupy your complete PCMCIA slot.
 Chapter 4

Windows XP Dialup Networking

Contents

• Configuring Dialup Networking in Windows XP

Objectives

• After completion of this module, you will be able to know how to configure
Dialup Networking in Windows XP
4.1 Configuring Dialup Networking in Windows XP
These instructions assume your modem is properly installed and configured. See
information provided by the modem manufacturer for instructions for installing the
modem.

Windows XP has multiple methods for reaching dialup settings, and your screen shots
may vary slightly from those shown below because XP allows users to customize screen
settings.

Start the "New Connection Wizard" from the start menu -

Click Start ÖAll Programs ÖAccessories Ö CommunicationsÖNew Connection Wizard.

You will get a figure like this:
Click Next and the next screen will appear like this:

Chose the radio button next to Set up my connection manually and click Next to see the
Internet Connection window.
Select "Connect using a dial-up modem and Click Next to get the Connection Name
window
For the ISP name click in the box and enter the name you want to see for the icon for the
connection, in this example we use the Sancharnet name. Click Next to continue.

Enter the phone number as you want it to be dialed for your connection. Choose Next to
continue when done.
If multiple unrelated users are sharing a connection you may want to make this setting
'My use only', but if every user of the system is allowed to use this dialup select Anyone's
use. Then click Next.
The Internet Account Information window options are left blank - doing this means you
will need to provide your id and password every time you connect. If you want to make
your connection less secure you can fill in and save the user name and password
information. Turning on Internet Connection Firewall is most likely appropriate for most
users, but users using a VPN (like an Oracle connection) may find that it will not work
with Internet Connection Firewall selected. Click Next
In the 'Finish' screen you can add a shortcut to this connection to your desktop. You may
want to do that, if not, you can reach the connection through the start menu. Click Finish
(but you may not really done.) If you are going to use the Home Directory service
continue with the Advanced configuration below.

If all you use the dialup connection for is email and web access then the connections
defined this way will probably work just fine without additional setup. To start a dialup
session go to the Start Ö Connect To Ö Sancharnet (the name you haven for the
Internet connection).
Choosing the connection from the menu will bring a login screen that will take your
Dialup Networking ID and password and will make your modem dial in to get your
connection.

4.1.1 Advanced configuration

If you have problems connecting, or if you plan to use the Home Directory service via
your dialup connection, the following steps may be required to force appropriate settings.

Go to Start Ö Connect to Ö Sancharnet (or what ever you named the connection) and
right-click to get the menu to choose properties - left click on Properties.
The Properties window will looks similar to the following:

The "Connect Using" box should have the name of your modem.

If you understand the use of dialing rules feel free to use them, otherwise uncheck the
'Use dialing rules' box and put the full number, as you want it dialed, in the "Phone
number" box. You can use the "Alternates" button to provide numbers which should be
tried if the first one fails to connect.

Choose the "Options" tab.

Your settings on the Options tab should be the same as above, in particular be sure
"Include Windows logon domain" MUST NOT be checked or your user name will be
sent incorrectly for logon. Redial attemps are optional.

Next choose the Security tab

Your securities settings should look like those above to connect to the UVA dialup.

Select the Networking tab

Advanced users may want to change some of the settings to be different than those above,
but in general the screen should match the one above. Note: for Home Directory users -
Client for Microsoft Networks MUST BE CHECKED. (If you scroll through the screen
'This connection uses the following items, no additional items need to be checked.)

Click on the Internet Protocol (TCP/IP) line and then click on the 'Properties' button on
the Network properties window.
If you have previously set up any network connections on this system some of the
settings on the TCP/IP properties window may be different (and this window may change
with later changes we will make.) The Obtain and IP address automatically is mandatory.
Click on the Advanced button, then click on the "DNS" tab for the Advanced TCP/IP
Settings.
Click on the Add button below the DNS Server address window - a window will pop up -
add 128.143.2.7 and 128.143.22.119. Only 2 can be specified so if you make an error
select the wrong entry and click on remove.

Select the Append these DNS suffix and click add and add virginia.edu (this lets you
leave off the virginia.edu part of host names when you specify them in other programs)

If you use the Home directory service, click on the WINS tab to bring up the WINS
setting window. Initially it is unlikely to look like the one below.
Home Directory users MUST click in the Enable NetBIOS over TCP/IP button. The
WINS server settings should not be necessary for Home Directory, but if you are having
difficulties, the correct servers for UVa and Home Directory are 128.143.3.199 and
128.143.22.189.

If you use a WINS server (ESERVICES users and some HSC users) on the WINS tab and
add the appropriate WINS server information. Contact your server administrator for the
correct WINS settings for your domain. (Those given above are for the ESERVICES
domain.)

When finished click OK, you will be taken back to the "Internet Protocol (TCP/IP)
Properties" window, some information may be filled in for you.
From this window click OK to get back to the main network connection properties
window, and OK again on that window to exit the configuration. Then you should be able
to retry your connection.

If you have difficulties following these directions or need any other help getting your
connection to a UVa modem, please call us at 924-3731. That's the ITC Help Desk. Have
your University Computing ID (that's your Email ID) ready and give us as clear a
description as possible of what you have done and what is not working.
 Chapter 5

ISDN Terminal Adapter

Contents

• What is Terminal Adapter

• Types of Terminal Adapters
• Features of Terminal Adapter

Objectives
After completion of this module, you will be able to know:
• What is Terminal Adapter
• What are the types of Terminal Adapters
• What are the features of Terminal Adapter
5.1 Terminal Adapter
In telecommunications, a terminal adapter is an interfacing device employed at the "R"
reference point in an ISDN environment that allows a non-ISDN terminal at the physical
layer to communicate with an ISDN network.

It performs a similar role for ISDN to that which a modem performs for the PSTN.

A terminal adapter (TA) is a hardware interface between a computer and an Integrated

Services Digital Network line. It's what replaces a modem when you are using an ISDN
connection. Unlike "plain old telephone service," which carries signal in analog (voice)
form between your computer and the telephone company's office, ISDN carries signals in
digital form so there is no need to modulate and demodulate between analog and digital
signals. The terminal adapter is what you have to install on a computer so that data can be
fed directly into the ISDN line in digital form. Since ISDN service is not available from
telephone companies in all areas, the terminal adapter is not usually built into a computer.
You purchase and install it when you sign up for ISDN service.

Some manufacturers and telephone companies use the term ISDN modem, instead.

Note: Typically, a terminal adapter will support standard RJ-11 (or other country-specific)
telephone connection plugs for voice and RS-232C, V.35 and RS-449 interfaces for data.

5.2 Types of Terminal Adapters

There are two main types of ISDN terminal adapters. You can either buy an
internal or external terminal adapter. It really depends on what features you want
supported with your ISDN line. But as ISDN becomes more common, future computers
will probably have terminal adapters built it.

5.2.1 External terminal adapters

External adapters are better if your are going to use your ISDN line for "voice"
(phone, fax, analog isdn modem, etc.). One has to be careful when purchasing an external
TA because vendors claim to give you speeds of up to 64K. However, many external
TAs cannot convert synchronous 64 Kbps data into 57.6 kbps asynchronous data. These
TAs can only communicate in asynchronous mode at 38.4 kbps.

5.2.2 Internal terminal adapter

Internal terminal adapters usually go inside your computer like any other internal
card. If you are going to be using ISDN strictly for Internet access, then an internal
adapter is the right choice. The internal models are normally cheaper than external,
because the manufacturers do not need to include a power supply or enclosure. The
internal adapters do not have the serial port bandwidth constraints that the external ones
do; hence you do not need to buy any special accessories to squeeze the maximum out of
them. However, the internals are not set up well to provide ringers, and they need an
external power connection (or your PC powered on) in order to use them to make a voice
call.
Features External TAs Internal TAs
To use voice Works as long as TA is PC must be on, or
powered additional equipment
purchased
Ringer for other devices Can usually provide for six Often requires additional
(fax, phone, etc.) devices equipment.
DTE speed Serial port speed constraint Much higher speed.
Cost More expensive Less expensive.

5.3 Some of the features to look out for in a TA

• Easy to install and use : Installation of TAs is easy and there should be an
installation wizard that walks you through the configuration and setup, making the
TA up and running in minutes with plug and play support for Windows
95/98/2000/Me/XP and NT.
• Support for WAN Protocol : TAs should support a full-range of WAN
protocols, including X.75, CLEAR (synchronous), CHAP, MD5, PPP, ML-PPP,
MP+TM, V.120, X.75 and PAP so that you can connect to a variety of servers on
the corporate LAN or Internet.
• Call Bumping : TAs should support call bumping features that automatically
adjust a data call from 128 K to 64 K. It should be able to reduce the data link to
one channel to make or receive a phone call while communicating data with two
B channels (at 128K).
• Battery back up : They should provide a built-in battery which supplies power
for 2-3 hours in case of power failure.
• Simultaneous Voice and Data : TAs should be capable of transmitting and
receiving data on your computer over one ISDN B-channel and use the other B-
channel for your phone or fax machine using the analog port.
• Call line identification : For incoming calls from digital lines, the caller's
number appears in the telephone display when the phone rings. This feature of
TAs will enable to trace anonymous calls over ISDN.
 Chapter 6

Proxy Servers
Contents

• Introduction of Proxy Server

• Functions of Proxy Servers
• Protocols of Proxy Servers
• Host Identifiers and Ports
• Configuration of browser to use Proxy Server

Objectives
After completion of this module, you will be able to know:
• What is a Proxy Server?
• What are the functions of Proxy Servers?
• Protocols of Proxy Servers
• Host Identifiers and Ports
• How to configuration of browser to use Proxy Server
6.1 Introduction of Proxy Servers
A proxy is a device which allows connection to the Internet. It sits between workstations
on a network and the Internet, allowing for a secure connection, allowing only certain
ports or protocols to remain open. When a client requests a page, the request is sent to the
proxy server, which relays it to the site. When the request is received from the site, it is
forwarded back to the user. Proxy servers can be used to log internet use and block access
to prohibited sites.

Some home networks, corporate intranets, and Internet Service Providers (ISPs) use
proxy servers (also known as proxies). Proxy servers act as a "middleman" or broker
between the two ends of a client/server network connection. Proxy servers work with
Web browsers and servers, or other applications, by supporting underlying network
protocols like HTTP.

6.2 Key Features of Proxy Servers

Proxy servers provide three main functions:

1. Firewalling and filtering

2. Connection sharing
3. Caching

The features of proxy servers are especially important on larger networks like corporate
intranets and ISP networks. The more users on a LAN and the more critical the need for
data privacy, the greater the need for proxy server functionality.

6.2.1 Proxy Servers, Firewalling and Filtering

Proxy servers work at the Application layer, layer 7 of the OSI model. They aren't as
popular as ordinary firewalls that work at lower layers and support application-
independent filtering. Proxy servers are also more difficult to install and maintain than
firewalls, as proxy functionality for each application protocol like HTTP, SMTP, or
SOCKS must be configured individually. However, a properly configured proxy server
improves network security and performance. Proxies have capability that ordinary
firewalls simply cannot provide.

Some network administrators deploy both firewalls and proxy servers to work in tandem.
To do this, they install both firewall and proxy server software on a server gateway.

Because they function at the OSI Application layer, the filtering capability of proxy
servers is relatively intelligent compared to that of ordinary routers. For example, proxy
Web servers can check the URL of outgoing requests for Web pages by inspecting HTTP
GET and POST messages. Using this feature, network administrators can bar access to
illegal domains but allow access to other sites. Ordinary firewalls, in contrast, cannot see
Web domain names inside those messages. Likewise for incoming data traffic, ordinary
routers can filter by port number or network address, but proxy servers can also filter
based on application content inside the messages.
6.2.2 Connection Sharing with Proxy Servers
Various software products for connection sharing on small home networks have appeared
in recent years. In medium- and large-sized networks, however, actual proxy servers offer
a more scalable and cost-effective alternative for shared Internet access. Rather than give
each client computer a direct Internet connection, all internal connections can be funneled
through one or more proxies that in turn connect to the outside.

6.2.3 Proxy Servers and Caching

The caching of Web pages by proxy servers can improve a network's "quality of service"
in three ways. First, caching may conserve bandwidth on the network, increasing
scalability. Next, caching can improve response time experienced by clients. With an
HTTP proxy cache, for example, Web pages can load more quickly into the browser.
Finally, proxy server caches increase availability. Web pages or other files in the cache
remain accessible even if the original source or an intermediate network link goes offline.

Figure 6.1

6.2.3.1 Proxy caching

Imagine two people at a office -- let's call them Ram and Latha -- surfing the Net for
business research. Suppose Ram has an interest in computer networking books, visits
www.oreillynet.com in an attempt to learn more about them.

Now it's Latha's turn. Latha is very interested in computer programming. She navigates to
www.oreillynet.com and, because this page was cached during Ram's very recent visit,
she is surprised at how quickly this content-rich page pops into her browser window.
With a great first impression, Latha is now ready to immerse herself in the wonderful
world of computer programming.

The potential benefits of proxy server caching loom even larger if Ram and Latha have a
few hundred coworkers that share the same proxied Internet access and similar interests
or Net surfing patterns. Yet proxy caching is not a silver bullet. Limitations exist that can
render this technology much less useful.

6.2.3.2 Drawbacks of Proxy Caching

It's reasonable to expect that proxy servers handling hundreds or thousands of Web
clients can become a network bottleneck. In addition to using servers with power
processors and large amounts of memory, administrators may also choose to deploy
multiple proxies to help avoid potential bottlenecks.

A proxy hierarchy creates multiple layers of caching support. Clients connect directly to
a first-level caching, and if a Web page is unavailable there locally, the request "misses"
and automatically gets passed to a second-level caching server, and so on.

As with many caching systems, the effectiveness of a multi-proxy server hierarchy is

very dependent on the pattern of traffic. In the worst case, all clients will be visiting Web
pages completely unrelated to each other, and proxies (the hardware and the additional
network traffic they generate) become pure overhead. One would expect that normal
traffic patterns will usually not be worst-case, but every network's use pattern will be
different.

Proxy caching differs from browser caching. Browsers automatically cache pages on the
client computer, whereas proxies can also cache pages on a remote Web server. Because
browsers already perform their own caching, introducing proxy caching into a network
will have only a second-order effect.

Proxy caches don't help much with refreshed pages. On some sites, Web pages are set
with HTML META tags to expire quickly; expired pages force the proxy cache to reload
that page. Similarly, caching is rendered ineffective by pages that change content
frequently, such as those on news sites, or weblogs.

Proxy caches also introduce measurement uncertainty into the Internet. Normally, a Web
server log will record identifying information of visiting clients such as their IP addresses
and domain names. For clients with proxy servers, all public requests are made on behalf
of the server, using its IP address and identity. Web sites that carefully track the patterns
of use of their visitors have much more difficulty in distinguishing unique client visits
through proxies.

6.3 Proxy Servers and Protocols

Proxy servers work with specific networking protocols. Obviously HTTP will be the
most critical one to configure for Web page access, but browsers also utilize these other
protocols:

• S-HTTP (also called "Secure" or "Security" in the browser)

• FTP
• SOCKS
S-HTTP (Secure Hypertext Transfer Protocol) supports encrypted HTTP communications.
This protocol is becoming more and more common as ecommerce sites; for example,
adopt it to make credit card transactions safer. S-HTTP should not be confused with SSL.
Although S-HTTP uses SSL "under the covers," SSL is a lower-level protocol that by
itself does not impact a browser's proxy setup.

FTP (File Transfer Protocol) supports the download of files over the Web. Before HTTP
was developed, FTP was an even more popular way to share files across the Internet. FTP
treats files as either simple text or binary format, and it is still commonly used to
download compressed archives of non-HTML data (like MP3 files, for example).

SOCKS is a firewall security protocol implemented in some proxy configurations.

When manually configuring a browser, clients will need to know these details of the
proxy server arrangement. Most of the time, network administrators will configure the
proxies to serve all protocols to avoid any confusion.

6.4 Host Identifiers and Ports

To manually specify a proxy server in the browser, two pieces of information are
required. First, the host identifier is either the host's network name (as configured in DNS,
NIS, or similar naming service) or the host's IP address. Second, the port number is the
TCP/IP port on which the server listens for requests.

A single port number is generally used for all of the supported protocols above. This port
should not be confused with the standard ports used by the protocols themselves (port 80
for HTTP, port 21 for FTP, and so on). This is a proxy port only, and it should never be
assigned to one of the reserved numbers.

Unfortunately, a single standard port number does not exist. Some numbers like 8000 and
8080 are used more commonly than others, but the number can be any unassigned value
up to 65535. Users manually configuring their browsers will need to be told this port
number by their network administrator.

6.5 Proxy Servers and Browsers

To take advantage of a proxy server's capabilities, Web browsers like Internet Explorer
(IE) must be configured to explicitly use it. In many proxied environments, the client
computers do not have direct Internet access, and browsers generally are not configured
to use proxies "out of the box." Clients will be unable to access public Web sites in this
scenario until proxy settings have been correctly made.
 Figure 6.2: IE5 Tools menu

For example, to configure IE to use a proxy server, first click on Tools to access the drop-
down menu. Click on the Internet Options... menu item to raise the Internet Options
dialog. This dialog is a property sheet featuring multiple tabs. Clicking on the
Connections tab makes available a dialog that includes a button in the bottom-right
corner named LAN Settings... . Finally, click this button to raise the Local Area Network
(LAN) Settings dialog; here is where proxy information must be entered.

Figure 6.3: IE5 Internet Options, Connections tab

IE6 supports both manual and automatic configuration options. As shown the Figure, the
"Use a proxy server" check box must be checked to enable the manual entering of a
proxy. Either the network host name or the IP address of the proxy server must be typed
in the "Address" field. In addition, any internal domains (such as intranet sites) that do
not need to go through a proxy can be entered here in order to bypass the server.
Figure 6.4: IE5 Internet Options, Connections tab
 Chapter 7

E mail
Contents

• Email introduction
• Types of email
• Accessing email accounts
• Working principle of email
• Email protocols
• Components of email
• Signature
• Address Book
• Mail Boxes
• Smiley
• Acronyms
• Sending/Replying/Forwarding mails
• Configuration of Outlook Express
• Different folders of Outlook Express
• Checking the incoming mails
• Reading the mails
• Deleting the mails
• Composing mails
• Replying and Forwarding mails
• Setting up a web based account
• Checking the incoming mails

Objectives
After completion of this module you will be able to know:
1. what is Email
2. what are the types of email
3. how to access email accounts
4. the working principle of email
5. the different email protocols
6. the components of an email message
7. how to introduce Signature
8. what is Address Book
9. the different Mail Boxes
10. how to introduce Smiley
11. how to introduce Acronyms
12. how to Send/Reply/Forward mails
13. how to configure Outlook Express
14. the different folders of Outlook Express
15. how to check the incoming mails
16. how to Read/Delete/Compose the mails
17. how to Reply and Forward mails
18. Set up a web based account
19. Check the incoming mails
7.1 What is email?
Email is the method of electronically sending messages from one computer to another.
You can send or receive personal and business-related messages with attachments, such
as pictures or formatted documents. You can even send music and computer programs.

Email is the one of the popular service offered by Internet. It is the replacement of Postal
mail. Postal mail is known as Snail Mail because it is very slow. Email is cheaper and
faster than Postal Mail, less intrusive than a phone call, less hassle than a FAX.
Because of its speed and broadcasting ability, Email is fundamentally different from
paper-based communication.
Using email, differences in location and time zone are less of an obstacle to
communication.
Through Email you can exchange:
• Ideas,
• Agendas,
• Memos,
• Documents and
• Attachments

Just as a letter makes stops at different postal stations along its way, email passes from
one computer, known as a mail server, to another as it travels over the Internet. Once it
arrives at the destination mail server, it's stored in an electronic mailbox until the
recipient retrieves it. It is Store and Forward System. Copies can be sent automatically to
names on a distribution list. Advise delivery a confirm message when opened by the
recipient.

This whole process can take seconds, allowing you to quickly communicate with people
around the world at any time of the day or night.

To receive email, you must have an account on a mail server. This is similar to having an
address where you receive letters. One advantage over regular mail is that you can
retrieve your email from any location. Once you connect to your mail server, you
download your messages to your computer.

7.2 Types of Email

There are two basic types of email accounts: paid and free.
• A paid account includes a mailbox and access to the Internet. You pay an Internet
Service Provider (ISP) like BSNL, AOL for this service.
• A free account includes only a mailbox. Companies like Yahoo and Hotmail
provide free mailboxes; in return, you will see advertising. To use a free mailbox,
you have to be able to get on the Internet. This type of mail is called as web-mail.

7.3 Accessing the two types of Email Accounts

If you want to send an Email you should have 2 things.

• An Email address.
• Email Programme at the client side.

To access your email account, you must be on the Internet. You can send and receive
email messages through an email program like Outlook Express or through a browser like
Internet Explorer. If you go through a browser, you are using web-mail. Most email
accounts can be accessed either way.
• If you access your mail through an email program, the messages are downloaded
to your computer and removed from the company’s mail server.
• If you access your mail through a browser (web-mail), the messages remain on
the company’s mail server until you delete them. Most web-mail accounts have a
maximum storage space. When your mailbox is completely filled, you will not be
able to receive any additional messages. You must regularly delete some
messages and empty the trash in order to free up storage space.

7.3.1 Mailers
• The following are Unix Mailers:
• Mail
• elm
• pine

• These are provided for the Shell Account Internet Users. They are Character
Based and we have to work on-line only, and no-off line working. Now all
the ISP are not providing Shell account.

• Graphical Mailers, Used by the TCP/IP Internet Account users

• Eudora
• Pegasus.
• Out Look Express

The standard protocol used for sending Internet email is called SMTP, stands for Simple
Mail Transfer Protocol. It works in conjunction with POP servers. POP stands for Post
Office Protocol.

7.3.2 Email address or Email ID

If you want to send mail to some one on a different network you need to address the
address in a specific way. Address has 2 parts separated by @

Username@domain name
[email protected]
[email protected]
First there is the user name that refers to the recipient's mailbox. User name should not
contain space or any special character except underscore. Then there's an at-sign (@).
Next comes the host name (sancharnet.in, yahoo.com), also called the domain name. This
refers to themail server, the computer where the recipient has an electronic mailbox. It's
usually the name of a company or organization.

The end of the domain name consists of a dot (".") followed by three or more letters
(such as .com and .gov) that indicate the top-level domain (TLD). This part of the
domain name indicates the type of organization or the country where the host server is
located.

7.4 How Email works?

When you send an email message, your computer routes it to an SMTP server. SMTP is
part of TCP/IP family by which delivery of mail is standardized. Sending and receiving
e- mail at Server is done by a program called Transfer Agent. The server looks at the
email address (similar to the address on an envelope), then forwards it to the recipient's
mail server, where it is stored until the addressee retrieves it. You can send email
anywhere in the world to anyone who has an email address. Remember, almost all
Internet service providers and all major online services offer at least one email address
with every account.
 SMT SMT
SMTP Mail
POP Server Client
Mail POP
Client 3

PC
SMT Mail Mail With
Serve Clien ShellA/C

ISP UNIX host

Message flow from one end to another

Transfer Agent ensures that the messages are transferred orderly fashion according to
SMTP. Mail Servers runs Transport Agent 24 hours. There are four types of programs
used in the process of sending and receiving mail. They are:

• MUA - Mail users agent. This is the program a user will use to type email. It
usually incorporates an editor for support. The user types the mail and it is passed
to the sending MTA.
• MTA - Message transfer agent is used to pass mail from the sending machine to
the receiving machine. There is a MTA program running on both the sending and
receiving machine. The MTA on both machines use the network SMTP (Simple
Mail Transfer Protocol) to pass mail between them, usually on port 25.
• LDA - Local delivery agent on the receiving machine receives the mail from its
MTA.
• Mail Notifier - This program notifies the recipient that they have mail.
Multipurpose Internet Mail Extension (MIME)
Emails are usually just text but can contain pictures, or other files. These 'attachments' or
'insertions' sometimes need special programs to be read.
SMTP cannot transmit executable files or other binary objects. There are a number of ad
hoc methods of encapsulating binary items in SMTP mail items, for example:
o Encoding the file as pure hexadecimal
o The UNIX UUencode and UUdecode utilities which are used to encode
binary data in the UUCP mailing system to overcome the same limitations
of 7-bit transport
o The Andrew Toolkit representation
 None of these can be described as a de facto standard. UUencode is perhaps the
most pervasive due to the pioneering role of UNIX systems in the Internet.

• SMTP cannot transmit text data which includes national language characters since
these are represented by codepoints with a value of 128 (decimal) or higher in all
character sets based on ASCII.
• SMTP servers may reject mail messages over a certain size. Any given server
may have permanent and/or transient limits on the maximum amount of mail data
it can accept from a client at any given time.
• SMTP gateways which translate from ASCII to EBCDIC and vice versa do not
use a consistent set of code page mappings, resulting in translation problems.
• Some SMTP implementations or other mail transport agents (MTAs) in the
Internet do not adhere completely to the SMTP standards defined in RFC 821.
• The Common problems include:
o Removal of trailing white space characters (TABs and SPACEs)
o Padding of all lines in a message to the same length
o Wrapping of lines longer than 76 characters
o Changing of new line sequences between different conventions (for
instance <CR> characters may be converted to <CRLF> sequences)
o Conversion of TAB characters to multiple SPACEs.
MIME is a standard which includes mechanisms to solve these problems in a manner
which is highly compatible. Using the MIME you can send attachments in your email.
Attachments to emails can contain viruses! Do not open an attachment in an email unless
you know what it is and who it is from.

7.5 Protocol for Incoming Mail

The POP3 mail protocol is the most commonly used mail protocol used for retrieving the
mail from the server to the client machine over PPP.

IMAP is also can be used for retrieving the mail from the server to the client machine.
But most of the Internet Service Providers support only POP3 and not IMAP.

7.6 Components of Email

Email messages are similar to letters, with two main parts:

• Header
• Body

Header consists of Number of special Lines

 Date Automatically inserted
Time Station Time and GMT
From: Automatically inserted.
To: The address of the receiver.
CC: Carbon copy. Copy to whom to be sent.( not the primary recipient)
BCC: Blind Carbon copy / Secrete copy. The primary and CC recipient
will not see the name of the people who receive the Blind Copy of
the mail.
Subject: Brief description of the message

The header contains the name and address of the recipient, the name and address of
anyone who is being copied, and the subject of the message, your name and address and
the date of the message.

The body contains the message itself.

Just like when sending a letter, you need the correct address. If you use the wrong address
or mistype it, your message will bounce back to you -- the old Return to Sender, Address
Unknown routine.

When you receive an email, the header tells you where it came from, how it was sent, and
when. It's like an electronic postmark.

Unlike a letter, which is sealed in an envelope, email is not as private. It's more like a
post card. Messages can be intercepted and read by people who really shouldn't be
looking at it. Avoid including any confidential information unless you have a way to
encrypt it.

7.7 Adding Signature to the Outgoing email

If you want to add your name and address at the end of each message that you send, you
can make use of the signature option provided. A signature is a few lines of text usually
including your name or postal address. You can store the information that you want to
attach at the end of the messages as your signature. Then you can program your system in
such a way that all out going messages will have your signature at the end of the message.
Only one signature will be added to one message at a time.

7.8 Address Book

Email programs also have address books, where you can keep a list of email addresses.
An address book is a place you can store the information about the people to whom you
want to send mail. Each time you send mail, you can just select the persons name and the
Email id will be automatically inserted.
7.9 Sending Mail to More then one person
If you want to send mail to more than one person, you can add more than one mail id in
the To: address. To separate from one mail id to another, some email program support
semi colon and some program support comma.
7.10 Replying Email
When you are reading a mail and want to send reply you can click Reply Button in your
Email program. It will automatically includes the original message preceded by a ">".
The To: address will be automatically added. The text “RE” will be added in the subject
to indicate that it is a reply for the original subject.
7.11 Forwarding mail
If you are receiving a mail from some body and you would like to send a copy of it to
someone else you can forward the mail. In the Subject the text “FW” will be added to
indicate that it is a forwarded message.
7.12 Mail Boxes
Most of the Email program will have the following Mail Boxes

Inbox It will list all the incoming messages.

Out box All out going messages composed and yet to be sent out from your
PC to SMTP Server.
Send box All the messages dispatched from your PC to the SMTP Server.
Delete box When you delete a message it will go to delete Box. You can retrieve
the messages from the Delete box at any time. If you Delete he
messages from delete Box you can not retrieve them latter.

7.13 Smiley
When we are talking to people face to face our body language, the tone of our voice,
gesture and facial expression will play important role. But through email you can
personalise your messages by using emotion icons called smileys. You can see some of
the
Smiley Meaning

:-) Smile
:-( Frown
:-| Expressionless
:-D Surprise laughing
:-/ Perplexed
:-Q Smoker
8-) Eye glass
:- Male
>- Female
:-e Disappointment
7.14 Acronym

You can use some abbreviations or acronyms in your email. The common acronyms are:

AE In Any Event
BTW By the way
FM Fine Magic
FC Fingers Crossed
FWIW For what it's worth
FYI For Your Information
FUA Frequently Used Acronyms
IAE In any event
IMO In my opinion
IMHO In my humble opinion
IMCO In my considered opinion
IOW In other words
NRN No Reply Necessary
OTOH On the other hand
PITA Pain in the butt
ROFL Rolling on floor, laughing.
RSN Real Soon Now [which may be a long time coming]
RTFM Read the Fine manual
SNAFU Situation Normal: All [bleeped] Up
SITD Still in the dark
TANSTAAFL There Ain't No Such Thing As A Free Lunch
TIA Thanks In Advance
TIC Tongue in cheek
TLA Three Letter Acronym (such as this)
YMMV Your Mileage May Vary

7.15 Draw Back in Email

Email also does not convey emotions nearly as well as face-to-face or even telephone
conversations. It lacks vocal inflection, gestures, and a shared environment. Your
correspondent may have difficulty telling if you are serious or kidding, happy or sad,
frustrated or euphoric. Sarcasm is particularly dangerous to use in email.

7.16 Getting a free Email Account and understanding the

Login Process

The procedure to get a free email account is furnished below:

1. Learn the proper formatting of an email address before you register:

Examples: [email protected], [email protected],
[email protected].
2. Select a login name that you can remember. It is NOT case sensitive, but why go to
the trouble of holding down the shift key when it isn’t necessary? You will have
several different login names and passwords to keep up with. When you are assigned
an email address, your login name will follow this pattern: first initial, last name. For
example, if your name is Rajan Sundar, your login name would be rsundar. When
you sign up for a free email account, it could be helpful to use this same pattern.
Unfortunately, some of you will find that someone else has already been assigned the
same login name. Simply add a number to the end, like rsundar26.
3. Select a password that you can remember. Usually, it should be about six characters
and contain at least one number. No spaces. Passwords are case sensitive, so if you
type in “Jupiter44,” you will always need to type the capital J. It will be helpful if you
follow this guide for login names and passwords: No caps, no spaces.
4. Get a free email account from Yahoo or Hotmail. Do not use someone else’s email
address. Free email accounts are readily available.

Configuring POP3 client

In order to get access the email server for sending and receiving the mail, you have to
configure the Email client software. There are many mail client software.

Outlook Express is most commonly used POP3 client software. It is coming along with
Internet Explorer. If you install Internet Explorer, Outlook Express will be automatically
installed in your Computer. We will see how to configure the Outlook Express in order to
send and receive mail.
7.17 Configuring Outlook Express
1. To launch the Outlook Express: Click Start Ö Programs Ö Outlook Express.
Outlook Express application will be opened as shown in figure 7-1.
 Fig 7-1

2. Now from the Tools menu select the Accounts. Internet Account Dialog Box will
be opened as shown in fig 7-2.
 Fig 7-2

3. Click the Add button; you will get a cascade menu as shown in fig 7-3.

Fig 7-3

4. Select the Mail… from the cascade menu. Internet Connection Wizard will start
as shown in fig 7-4
 Fig 7-4

5. Type your name which will display when you send a mail that will appear in the
header. Click Next button.
6. In the next step you have to type your valid Email address as shown in fig 7-5.
After entering your email address click Next Button.

Fig 7-5
7. In this step you have to tell the Outlook Express to which Mail Server it has to
contact. You have to specify the Incoming Mail Server (POP3, IMAP or HTTP)
and Outgoing Mail Server IP address or Domain name here. This will be provided
by your Internet Service Provider at the time of getting your Internet Account.
You can specify the Incoming mail and Out Going mail as shown in Fig 7-6.

Fig 7-6

8. After entering the entries for POP3 server and SMTP server click the Next button.
In this step you have to give your Mail Account User Name and Password as
shown in Fig 7-7.
 Fig 7-7

In this step don’t click Remember password check box if you computer is shared
by some body in order to avoid that others may check and read your mails. Click
next button.
9. Finally click the Finish Button to complete the configuration.

10. In the Internet Account Dialog box click the Mail tab and check that the account
you have created just now will appear as shown this the fig 7-8. If more than one
Account is created, all the accounts will be displayed. Select an account and click
Set as Default button. Now that account will become your default email account
 Fig 7-8

11. You can close the dialog box by clicking the Close button.

7.18 Checking the Mail

1. Connect your computer to the Internet.
2. Open the Outlook Express if it is not already opened. From the
3. Click Tool Ö Send and Receive Ö (your Account Name) as shown in fig 7-9.

Fig 7-9
 4. Logon dialog box will appear as shown in fig 7-10. Type your user id and
password and click OK button.

Fig 7-10

5. Your Outlook Express will contact your POP 3 Server and down load the emails
to Inbox as shown in the fig 7-11.

Fig 7-11

7.19 Folders in Outlook Express

The Outlook Express is having 5 local folders called Inbox, Outbox, Sent Items, Deleted
Items, and Drafts.
Inbox: All the incoming mail will be listed here.
Outbox: Out going mails from this PC and yet to be delivered to the SMTP
server.
Sent Items: All the out going mails sent out (delivered to the SMTP server).
Deleted Items: List of deleted messages. When you delete a message it will be
moved in this folder.
Drafts It contains the saved draft of your message (To save a draft of
your message to work on later, on the File menu, click Save).

7.20 Reading the Mail

Click the Inbox that will show the list of mails received. The List shows the mail received
from, subject and date and time of receipt of the mail. The icon in front of each mail will
indicate whether the mail is already read or not (the ‘cover’ icon will be opened/closed
condition). In the left pane next to the Inbox icon some number will be there with in
bracket in blue color which indicates that many new mails (Unread) are there in your
Inbox

Click on the mail. Outlook Express will open the mail in the bottom pane of the Inbox
Window. If you want to open the mail in a separate window double click on the mail. It
will open in a separate window as shown in fig 7-12. In this fig an undelivered message is
opened. When the message is not delivered, an undelivered message will be sent to you
from the postmaster stating the error conditions.
 Fig 7-12

7.21 Deleting the Mail

If you don’t want to keep the unwanted mail in you inbox, you can delete the mail. If you
delete a mail it will go to Deleted Items folder. For deleting the mail select the mail and
press delete key or click the Delete button in the tool bar or from the Edit menu select the
Delete command. After selecting the mail, you can delete the mail by pressing Ctrl + D
also.

You can delete a group of mails at a time. For deleting a group of mails click on the first
mail and hold the Shift key and click on the last mail. All the mails (the first and the last
and in between mails) will be selected. Now you can press Delete key to delete them. For
selecting mail at random use control key instead of shift key.

7.22 Un-deleting a mail from the Deleted Items folder

Some times you might have deleted some mails that may require for you at latter stage. In
that case you can see the deleted mails in the Deleted Items folder. Form there you can
open the mail and read by double clicking on the mail.

If you want to move the mail back to your Inbox, right click on the mail. You will get a
short cut menu as shown in fig 7-13

Fig 7-13
From the short cut menu select Move to Folder. You will get Move dialog box as shown
in fig 7-14

Fig 7-14

In the move dialog box select Inbox and click Ok button. The mail will be moved to your
Inbox. You can move a group of mails also.

7.23 Composing a new mail

For composing a new mail click the Create New button from the tool bar or from the File
menu select New Ö Mail Message. New Message Window will appear as shown in fig
7-15.
 Fig 7-15

The “From:” address will be automatically inserted. If more than one account is
configured in your PC the default account address will be inserted. If you want to change
the other address you can select from the drop down list in the “From:” address drop
down list box.

In the To: address test box, you type the email id to whom you are going to send the mail.
You can type multiple addresses also here if you want to send to more than one person. In
that case use semi colon “;” to separate each mail id.

In the Cc: text box type the email id of the person to whom you want to send the copy of
this mail. Here also you can type multiple mail id separated by semi colon incase if you
want to send the copy to more than one person.

Some times you may want to include BCC, to send blind copies of the mails to many
persons. To include the Bcc box, click the View menu, and then select All Headers.

Type the relevant information in the Subject: text box. This will help the recipient to
understand the topic of the mail so that he can decide to read the mail immediately or at
leisurely.

The bottom portion of the window is for the body of your message. You can type the
message here. You can use the formatting tool bar for formatting the message what you
have typed.
After finish typing your message, click the Send button at the left top corner of the
window to send the mail.

The mail will go to the Outbox if your computer is not connected to Internet. If your
computer is already connected to the Internet, Outlook Express will contact the SMTP
Server and send the mail. Once the mail is delivered to SMTP server, then the copy of the
mail will be moved to Sent Items folder.

7.24 Replying and Forwarding mail

If you want to reply a mail to the person who has send the mail, select the mail from the
list of Inbox and click Reply button in the Tool bar.

If you want to reply to all the persons mentioned in the To: address column and, CC:
column click Rely All button.

If you want to forward the mail click Forward button.

Web-based Mail
Some of the web sites are offering free email. Such mails are called as Web-based Mails.
With Web-based e-mail, to send and receive messages, you have to access the website.
For example the following web sites offer free email services:

http://mail.yahoo.com
http://www.mail.com
http://www.hotmail.com
http://www.rediff.com

First visit the web site from where you are having the Email account. Then log on to the
site by entering your account name and password. Now you can read your messages,
view attachments, send replies, forward messages. Most services offer online address
books to store your e-mail addresses and contact information. You can also set up folders
to manage your messages.

7.25 Setting up an Account

Establishing a new e-mail account takes only a few minutes and could be easier. First
visit the web site from which you want to create the Email account. Then click the Sign
UP button of that site. You'll have to provide information about yourself and choose an
account name and password. Your account name or ID becomes part of your e-mail
address.

7.26 Checking the Mail

To login to your web mail account, open a web browser, such as Internet Explorer and
type in the URL of the web site into the address bar. For example, if you are having an
email account in Yahoo website type the address http://mail.yahoo.com

Type your User Name (or ID) in the text field beside UserID:, and your password in
the text field beside Password:.

Note: Your user name is not necessarily the same as your e-mail address. If you do not
know your user name, please contact your system administrator.

Now you are in your inbox. If not, click the Inbox link. The list of messages you
received – which are available in Inbox ─ will be listed. See the above figure. Now click
the link of any one of the mail you received. The content of that message will be
displayed. See the figure below:

For using the web based mail, you need not have neither Internet Account nor Personal
Computer. You can go to Internet Browsing center, visit the web site where you are
having the email account and then login to your account. Since it is free account you will
be getting unwanted junk mails called spam mails. Some web sites provide the spam
guard to protect you from getting unwanted spam mails.
 Chapter 8

DNS
Contents
• Need of DNS
• Origin of DNS
• Understanding DNS
• Hierarchy of DNS
• Components of DNS
• Working of DNS

Objectives
After completion of this module you will be able to know:
• The need of DNS
• Origin of DNS
• Working method of DNS
• Hierarchy of DNS
• Components of DNS
 DNS
While DNS is one of the least necessary technologies that make up the Internet as we
know it, it is also true that the Internet would never have become as popular as it is today
if DNS did not exist. Though this may sound like a bit of a contradiction, it is true, none
the less.

DNS stands for two things: Domain Name Service (or Domain Name System) and
Domain Name Servers. One acronym defines the protocol; the other defines the machines
that provide the service. The job that DNS performs is very simple: it takes the IP
addresses that computers connected to the Internet use to communicate with each other
and it maps them to hostnames.

Sounds pretty simple, doesn't it? Well, it is. But just because it's simple doesn't make it
any less important.

Human beings tend to have a difficult time remembering long strings of seemingly
arbitrary numbers. The way that our brains work, it's difficult to make information like
that stick. And that is where DNS comes in. It allows us to substitute words or phrases for
those strings of numbers. Words are a lot easier for people to remember than numbers,
especially when they can be tied to a specific idea that is linked to the website.

But how does DNS work? What makes it operate? How did it start?

8.1 Web site address

Before we get into DNS, let’s start off with breaking down a web address. It essentially
gives where the web page is, and how you need to talk to it. Lets use the example of:

http://www.bsnl.co.in/pages/cellone.htm

The first part is "http://", and that tells your PC what protocol (what language so to speak)
to use talking with this site. In this case, you are using HTTP (HyperText Transfer
Protocol). Another very common one for web designers to use is "ftp://" or File Transfer
Protocol. You would use it to connect to your web server to put the web pages you
created onto the server. You also see "https://" quite commonly. This simply means that
the connection between you and the web server is secure (meaning the information being
sent back and forth is encrypted). You should see "https://" when you are checking out,
especially when they are entering credit card information.

The next part, "www.bsnl.co.in" is called the Domain Name. The "www" used to be more
significant than it is today. Today, the "www" is, for the most part, assumed and you can
get to the same page regardless of whether or not you type in "www" your browser.

The part "/pages/cellone.htm" tells the web server to look in the directory called "pages"
and send the file called "cellone.htm" to your browser. It is just like the directories on
your PC.

The “in” of the Domain Name “www.bsnl.co.in” is called as Top Level Domain (TLD).
It is the right extreme portion of the domain name. For example the TLD of
www.yahoo.com is com.

8.2 IP address
Before we get into DNS, we need to explain what an IP address is. Every PC and server
has an IP address on the Internet. It has the format of 4 numbers, separated by periods,
and looks like "61.1.137.84". Each number should be between 0 and 255. Think of it as
your phone number on the internet, it must be unique. It would be bad to have 2 different
houses with the same phone number, and it would be bad to have 2 different machines
(more properly known as hosts) that have the same IP address on the Internet.

8.3 Why DNS needed?

For most people, it is much easier to remember "www.bsnl.co.in" than it is to remember
"61.1.137.84". When you enter a URL into your browser, you usually use the easy to
remember name. How does your PC know where to find "www.bsnl.co.in? Remember
that each machine has a IP address? There is a way to translate from the easy to
remember domain name, and the hard to remember IP address.

Enter DNS. DNS is an acronym for "Domain Name Service". It's whole purpose in life is
to translate between the friendly "www.bsnl.co.in" and the not-so-friendly 61.1.137.84. It
handles this translation for web sites, email, FTP servers, database servers, or any
machine within a domain name. Let's dig into the process of how that works.

DNS means Domain Name Service. It is actually a service that can keep large number of
machines’ IP addresses for huge network communication. Now the question arises why is
this needed. Let’s understand this with the help of an illustration.

Example: Let’s say rose1, rose2, rose3, rose4, and rose5 are the 5 machines in a network,
then for communication between each machine, each machine’s /etc/hosts in Unix (or
hosts.txt in Windows) file should have all the five entries of the machine name. Within
this small network there would be no problem if you add another machine say rose6 in
the network. But for this too, the network administrator has to go to each machine, add
the rose6 in /etc/hosts file and then comeback to the new comer rose6 machine and add
all the other entries (rose1...rose5) including its own name also in /etc/hosts (or hosts.txt)
file.

But what if the network is setup with say 60 machines and a 61st machine has to be
added? Then administrator will have to go to each machine again and write the new
machine’s name at /etc/hosts/ (or hosts.txt) file and again comeback and write all the 60
machines name on the 61st machine’s etc/hosts file which is a tedious and time taking job.
Thus, it is better to keep a centralized server, where all the IP addresses will stay and if a
new one does enter into the network then the change will have to be done at the server
and not on the client’s machine.

8.4 The Origin of DNS

Like almost everything else originally associated with the Internet, DNS traces its origins
to ARPANET. Alphabetic hostnames were introduced shortly after its inception as a
means of allowing users greater functionality, since the numeric addresses proved
difficult to remember.

Originally, every site connected to ARPANET maintained a file called ‘HOSTS.TXT'

which contained the mapping information for all of the numeric addresses used there.
That information was shared through ARPANET. Unfortunately, there were many
problems that arose from that setup. Errors were commonplace and it was inefficient to
make changes considering they needed to be made on each and every copy of the
HOSTS.TXT file.

By November of 1983, a plan was laid out in RFCs 881, 882, and 883, also known as
‘The Domain Names Plan and Schedule,' ‘Domain Names -- Concepts And Facilities,'
and ‘Domain Names -- Implementation And Specification.' These three RFCs defined
what has developed into DNS as we know it today. Surprisingly, not a whole lot has
changed since that time.

8.5 Understanding DNS

DNS organizes groups of computers into domains. These domains are organized into a
hierarchical structure, which can be defined on an Internet-wide basis for public networks
or on an enterprise-wide basis for private networks (also known as intranets and
extranets). The various levels within the hierarchy identify individual computers,
organizational domains, and top-level domains. For the fully qualified host name
omega.microsoft.com, omega represents the host name for an individual computer,
microsoft is the organizational domain, and com is the top-level domain.

Top-level domains are at the root of the DNS hierarchy and are therefore also called root
domains. These domains are organized geographically, by organization type, and by
function. Normal domains, such as microsoft.com, are also referred to as parent domains.
They’re called parent domains because they’re the parents of an organizational structure.
Parent domains can be divided into sub-domains, which can be used for groups or
departments within an organization.

There are three types of TLDs. They are:

1. Generic or Organization based TLD (e.g com, edu, gov, mil, net, org, int, aero,
museum, etc)
 2. Geographical or country based TLD (e.g. in, us, au, etc). This TLS is having 2
letters.
3. Inverse (e.g. arpa). This TLD is to find domain name from IP address.

Sub-domains are often referred to as child domains. For example, the fully qualified
domain name (FQDN) for a computer within a human resources group could be
designated as jacob.hr.microsoft.com. Here, jacob is the host name, hr is the child
domain, and microsoft.com is the parent domain.

Domain Name System (DNS) is an Internet service that translates domain names into IP
addresses. DNS provides a database that stores a list of host names and their
corresponding IP address. This process is called name resolution or mapping. Name
resolution occurs when a program on a local computer requests a remote host for
resources. The local computer sends the host name of the server as part of the request. By
using the host name as an index, the DNS database is searched to resolve the IP address
of the host.

8.6 Domain Name Space Hierarchy

DNS is organized in a hierarchical tree structure. Each branch in the tree represents a
domain and each sub-branch in the tree represents a sub-domain. DNS consists of
multiple levels of domains. The domains are identified based on the level at which they
are placed in the hierarchical tree structure. The various levels of domains in a domain
name space hierarchy are:

• Domain root: This is the node at the highest point of the hierarchical DNS tree. In
a DNS domain name, a trailing period represents the domain root tree (.). It is also
shown as two empty quotation marks representing a null value.
• Top-level domain: This is the next level in the hierarchical tree structure. It
represents the region or the type of organization to which a domain belongs. A
top-level domain name contains two or three letters such as com, edu, and mil.
• Second-level domain: This is a domain name registered under a specific top-level
domain, such as organizations based on type and geographical locations The
Second-level domain names have names with variable length. For example,
example.com is a second-level domain name.
• Subdomain: This is a domain created under a second-level domain. Organizations
need to create additional domains to represent organizational hierarchy and
various functional groups. A second-level domain also contains a name with
variable length.
• Host or resource: A host or resource computer is the last in the DNS hierarchy. It
helps find the IP address of the computer based on its host name.

8.7 Components of DNS

The building blocks of DNS are the domain namespace, resource records, DNS server,
and DNS clients. Figure 8-1 lists the various components of the DNS:
Figure 8-1: Various Components of the DNS

8.7.1 Domain Namespace

A DNS domain is a logical group of computers that either request for DNS service or
respond to a service request. However, this logical group might also represent the
physical network. A DNS domain can represent all the computers internetworked in a
small business network. At the same time, DNS domain can also comprise physical
network that is spread across geographical locations. This logical grouping of computers
network is further grouped into smaller administrative units, called administrative
domains. An administrative domain is a group of computers in a single administrative
unit. Each administrative domain has two or more name servers for name resolution. All
administrative domains registered with the Internet form a hierarchical structure, called
the DNS domain namespace.

The domain namespace follows a hierarchical tree structure. Each node and leaf on the
tree represents either a set of resource or a DNS host. Based on the position in the
namespace hierarchy, each node is assigned a label. The root at the top of the hierarchy is
assigned the null label and is called the root domain. The nodes below the root are called
the top-level domains. The nodes below the top-level domain are called second-level
domain. An example of a second-level domain is example.com where ‘com’ is the top-
level domain. Domain created under an existing domain node is called a subdomain. For
example, resource.example.com is a subdomain of example.com. The name of a
subdomain is followed by the name of the domain that contains it. In a namespace,
domain name are read from left to right. Each label in a domain name is separated by a
dot ("."). A complete domain name also includes the root label ends with a dot.

Figure 8-2 shows the domain namespace hierarchy:

Figure 8-2: Domain Namespace Hierarchy

When an organization registers for the second-level domain, a top-level domain label is
assigned based on the type of organization. Table 8-1 lists the commonly uses top-level
domains:

Table 8-1: Commonly Uses Top-Level Domains

Top-Level Description
Domain
arpa Used by resources that belongs to the Advanced Research Project
Agency (ARPA).
com Used by businesses that uses the Internet for the commercial purposes.
edu Used by schools, colleges, and universities.
gov Used by all types of government organizations.
int Reserved for international usage.
mil Used by all types of military organizations, such as Department of
Defense (DoD).
net Used by Internet and telephone service providers.
org Used by charitable institutions.
biz Used by businesses.
name Used for registration by individuals.
info Offers unrestricted use.
Note Apart from these top-level domains, country region codes, such as uk, are used in
conjunction with the listed top-level domain names.

8.7.2 Resource Records

Resource Records (RRs) store and map domain names to the type of resources stored
within a domain. Each node in the hierarchical tree is associated with a set of resource
information.
Resource records contain information, such as the type, class, TTL, and RDATA. The
owner information is not maintained because it is very implicit to a resource record. The
variable part of the resource records maintained in a domain is the RDATA. This
differentiates between the resource records.

Note Short TTLs should be used to reduce caching in the resolver. To prohibit caching, a
zero value can be assigned to the TTL.

8.7.3 DNS Server

DNS servers, also called as name servers, are responsible for name resolution in a domain.
Each domain normally has two or more DNS name servers. The domain-specific
information, such as the list of IP addresses along with their host names, is stored in a
distributed database called the domain database. This information is distributed across the
name servers available in the domain. Name servers use this information to process
queries received from a DNS client. Each DNS server is responsible for a specific part of
the domain database. The DNS server becomes authoritative for that part of the database.
As an output, name server either sends back the IP address of the desired host or sends
referral that closely match to the address. However, the entire domain database is
replicated among the name servers to help name server continue the name resolution
process in case of communication link failure or inaccessibility of DNS hosts.

The various types of name servers are:

• Primary server: Stores the master copy of the domain-specific information.

Changes in the domain-specific information are updated on the primary name
server. As per the DNS design specification, each administrative domain should
have two authoritative name servers. One of the authoritative name servers is
designated as the primary server.

It stores the DNS database for its zone of authority. It is responsible for answering a
query from client. It is an authenticated server; hence called as Authoritative Sever

• Secondary server: Stores the copy of the master data file stored in the primary
name server. Each domain has one or more secondary name servers. A secondary
name sever is also authoritative for a domain. Secondary name servers are
delegated authority by the primary name server to perform name resolution. The
secondary name sever are immediately updated in case of a change in the master
data file.

It stores a copy of the database of the Primary server. Periodically it will collect the
database information from the Primary server. It is also an authenticated server hence
called as Authoritative Sever.

If primary server fails, then this will answer the query. Once in 3 hours (normally), it will
be updated automatically.
 • Cache-only server: Stores the information received by the name servers in the
memory till it expires. This cached information is used to resolve queries. A
caching server that is not authoritative for a domain is called a cache-only server.
However, all name servers are caching servers.

To avoid response delay for a query, Cache server is used. It is a Non-authority server.
The TTL (Time To Live) parameter is related to this server. For example TTL duration
can be a maximum of 2 days.

8.7.4 DNS Client

DNS clients are local computers that are configured to receive DNS services from a DNS
server. DNS clients are configured with a resolver that queries DNS servers. The resolver
in a DNS client works as an interface between the applications installed on the DNS
client and the DNS server. Resolver receives requests from applications such as email
programs and sends a query to the DNS server. After the DNS server resolves the query
using the resource records, the desired information is returned to the DNS client in a data
format that is compatible with the local computer. To resolve a query, DNS client either
consults several DNS servers or retrieves the information from local cache.

DNS client and enduser program reside on a single computer. The interface that works
between a DNS client and enduser program is dependent on the local DNS server.

The functions of a DNS client are:

• Name to address translation: DNS client translates user-friendly domain names to

IP addresses.
• Address to name translation: DNS client also translates IP addresses to user-
friendly computer name.
• General lookup function: DNS clients help enduser programs to retrieve arbitrary
information from a DNS server. Instead of querying a DNS server against IP
addresses or user-friendly name, DNS client can also request information
mapping to the specified type or class of a resource records.

8.8 Name Space Hierarchy on the Internet

The DNS name space hierarchy for the Internet contains two extra levels of domains than
a local domain name space hierarchy. These two extra levels form the topmost layers of
the Internet name space hierarchy are called the root domain. In the name space, the root
domain is represented by a dot (.). The root domain contains two types of subdomains,
organizational and geographical. These subdomains are called top-level domains. The
organizational top-level domains are com, net, org, mil, gov, edu, and int. The geographic
top-level domains determine the location of domains and are assigned a two-lettered or a
three-lettered word. For example, subdomains in Britain contain uk as a part of their
domain name. Figure 8-2 shows the name space hierarchies of domains on the Internet:
Figure 8-2: Name Space Hierarchies on the Internet

The governing bodies of the Internet maintain the Internet root domain, top-level
organizational and geographic domains. An organization needs to apply for membership
to join the Internet under the organizational or the geographical hierarchy.

8.9 How DNS Works?

In a nutshell, DNS translates IP addresses into hostnames and back again. The hostnames
are for the benefit of human end users. The IP addresses are the only essential thing, as
far as the computers are concerned. In a longer form, we need to begin by looking at the
different types of DNS servers.

The first type of server is called a ‘Root Name Server.' Each Top Level Domain (such
as .com, .edu, .us, .in, .sg etc) has one or more Root Name Servers which are responsible
for determining where the individual records are held. These servers are fairly static and
every machine on the internet has the capability of reaching any of them, as needed.

The servers that the Root Name Servers direct queries to are called ‘Authoritative Name
Servers'. These are the servers which hold the actual information on an individual domain.
This information is stored in a file called a ‘Zone File.' Zone files are the updated
versions of the original HOSTS.TXT file.

The final type of name server is called a ‘Resolving Name Server'. These are the servers
that do the majority of the work when you are trying to get to a machine with a certain
host name. Besides being responsible for looking up data, they also temporarily store the
data for hostnames that they have searched out in a cache, which allows them to speed up
the resolution for hostnames that are frequently visited.

The manner in which these servers work together is fairly straightforward. When you
attempt to go to a website, you type in a hostname in your web browser. Let's say, for
convenience, that you are going to www.foo.org. In your computers' settings is a list of
resolving name servers which it queries to find out what www.foo.org's IP address is.

The first thing that the resolving name servers will do is check their caches to see if the
DNS information for www.foo.org is already there. If it isn't, they will go and check with
the .org root name server to see which authoritative name server holds the zone file for
foo.org. Once they have that server's IP address, they connect to it.
Once the resolving name server has queried the authoritative name server, it replies back
to your computer with one of a number of different things. Ideally, it will report back
with the correct IP address and allow your computer to connect to the web server and
show you the web page that you were looking for. However, if the authoritative server is
down, doesn't have a record for the specific hostname that you are looking up, or if the
root server doesn't have a record that the domain name even exists, the resolving name
server will report an error to your computer.

Example:

Let's use the example that Ram types "www.bsnl.co.in" into his web browser. How does
his PC find the web server that has the page he is looking for, among the thousands of
web servers out there?

1. Ram types in www.bsnl.co.in to his browser.

2. Ram's PC looks at it's configuration. It will find something called "DNS Server"
or "name server" and there will be an IP address associated with that. Let's say it
is 198.6.1.1. Ram's PC sends a message to 198.6.1.1 and asks "I am looking for
the IP address of www.bsnl.co.in, can you tell me what it is?"

3. The DNS Server (198.6.1.1) gets the message, and assuming that the server
already knows what the IP address of www.bsnl.co.in is, it tells Ram's PC that the
IP address is 61.1.137.84.
4. Ram's PC gets the message that the IP address of www.bsnl.co.in is 61.1.137.84.
So his PC sends a message to 61.1.137.84 and asks "send me the default web page
at 61.1.137.84".
5. The web server (whose IP address is 61.1.137.84) sends the web page to Ram’s
browser.

That is a simplistic example of how your PC finds a particular web-server and web page.
The process of matching a domain name to a IP address is called resolving. So your PC
resolves the IP address from the domain name. Let's get into a little more detail.

For step 2, how does Ram's PC know that the IP address of the DNS Server is? There are
2 ways it learns what the address is. The first is that Ram asked his ISP what the address
was, and entered it himself. There are times manually entering (also known as statically
entering) the address is necessary or desirable, but usually the ISP automatically tells
your PC what the IP address of the DNS server is. This process is called "DHCP" or
Dynamic Host Configuration Protocol. When you select "Obtain IP address
automatically" in your Windows Network connections page, you are telling your PC to
use DHCP and to ask the ISP to give you the DNS Server address (among a bunch of
other things).

In step 3, we assumed that the DNS server already knew what the IP address of
www.bsnl.co.in was. What if it didn't already know? Let's assume that the DNS server
Ram's PC sent a request to, doesn't know where www.bsnl.co.in is.
Have you ever noticed that there are only so many variations of the end of the domain
name? There are .com, .gov, .net, .org, .us, .in, .biz, among others. When a DNS server
receives a request to resolve an IP address (translate from a domain name to a IP address)
for a domain that it doesn't know the answer to, it sends a message to any one of a small
number of servers. That small number of servers are responsible for knowing what the
"authoritative server" is for EVERY domain name. A realm would be .com, or .org for
example, and is properly called a top-level domain.

What is an authoritative server? An authoritative server is a DNS server that has a

Statement of Authority configured for a particular domain name. That means that the
server has absolute and total knowledge of the domain, any information that contradicts
the information that the server has is wrong, it is the final word. This becomes more
important a little later. For purposes of this discussion, let's ignore backup authoritative
servers.

The message that Ram's DNS server sends to the top-level domain server "what is the
authoritative server for bsnl.co.in?". It is important to understand, that Ram's DNS Server
is NOT asking "what is the IP address of the web server for only one creations?". It is
only asking "where do I go to find out where the web server for bsnl.co.in is?"

Once Ram's DNS server knows where to go to get the answer for Ram's request, it sends
a message to the authoritative server asking "what is the IP address of the web server for
bsnl.co.in?". The authoritative server responds, and Ram's DNS Server tells Ram's PC the
IP address it needs to connect Ram to the webpage he is looking for.

To summarize the past few paragraphs, Ram's DNS server receives a request for an IP
address that it doesn't know. That server makes a request of a top-level domain server,
and gets a response with where to go to get the information that Ram is requesting. The
DNS server then makes a request of the authoritative server, and forwards the answer it
receives to the PC that made the first request. It sounds long and complex, but it happens
very quickly. One way to speed up the process is called caching. Caching is where the
DNS server remembers the response from the authoritative server for a period of time. So
if Babu makes the same request 5 minutes after Ram did, the DNS server doesn't have to
repeat the whole process. Caching will be brought up again in a bit.

Remember that Ram's DNS server cached the address for the web server of
www.bsnl.co.in, meaning that it remembers that www.bsnl.co.in is has the IP address of
61.1.137.84. Most DNS servers are set to remember that information for 24 hours. So if
Ram requests your web page at noon on Monday, Ram's DNS server will cache the IP
address of your web server until noon on Tuesday. If you change hosts at 1pm on
Monday, Ram will get your old website until at least noon on Tuesday. His DNS server is
giving Ram's PC the information it remembers, it doesn't check to see if that is still
accurate. So if your old website is down (maybe you have moved hosts, for example),
Ram can't get to your new website, until his DNS server refreshes the information (which
will point to the new web site).
 Chapter 9

Overview of Remote Access Server

Contents
• Remote Access Connections
• Remote Access Protocols
• Remote Access Security
• RADIUS

Objectives
After completion of this module you will be able to know:
• The different Remote Access Connections
• The different Remote Access Protocols
• Security aspects of Remote Access
• What is RADIUS
Remote access clients are connected to either the Remote Access Server's (RAS)
resources only (which is sometimes called point-to-point remote access connectivity), or
they are connected to the RAS server's resources and the resources of the network to
which the server is connected (which is called point-to-LAN remote access connectivity).
The latter type of connection enables remote access clients to access network resources as
if they were directly attached to the network.

9.1 Remote Access Connections

RAS server provides two remote access connection methods:

• Dial-in remote access. A remote access client uses the telecommunications

infrastructure to create a temporary physical circuit to a port on a remote access
server. After the physical circuit is created, the two computers can negotiate the
rest of the connection parameters.
• Virtual private network (VPN) remote access. A client uses an Internet
Protocol (IP) internetwork (typically the Internet) to create a virtual point-to-point
connection with a remote access server acting as the VPN server. After the virtual
point-to-point connection is created, the two computers can negotiate the rest of
the connection parameters. (In this lesson VPN is not covered)

9.1.1 Dial-In Remote Access Connections

A dial-in remote access connection consists of a remote access client, a remote access
server, and a WAN infrastructure, as shown in Figure 9.1. The physical or logical
connection between the remote access server and the remote access client is facilitated by
dial-in equipment installed at the client and server sites and by the telecommunications
network. The nature of the dial-in equipment and telecommunications network varies
depending on the type of connection being made.

Figure 9.1: Elements of a dial-in remote access connection

The most common type of WAN connection used by RAS is the Public Switched
Telephone Network (PSTN), also known as Plain Old Telephone Service (POTS). PSTN
is the standard analog telephone system designed to carry only the frequencies necessary
to distinguish human voices. Because the PSTN was not designed for data transmissions,
the maximum bit rate that a PSTN connection can support is limited.

Dial-in equipment consists of analog modems for the remote access client and the remote
access server, as shown in Figure 9.2. For large organizations, the remote access server is
attached to a modem array that can contain dozens or hundreds of modems, each of
which can service a different client.

Figure 9.2: Dial-in equipment and WAN infrastructure for PSTN connections

Integrated Services Digital Network (ISDN) is another form of dial-up connection that
provides greater transmission speeds and an all-digital connection. It is originally
designed as a digital replacement for the analog telephone network. The standard ISDN
installation is called the Basic Rate Interface (BRI) and consists of two 64-Kbps B
channels and one 16-Kbps D channel, the latter of which is used exclusively for control
traffic. This combination is sometimes called 2B+D. It is possible to combine the two B
channels into one 128-Kbps data pipe or use them separately with different devices, such
as ISDN telephones and fax machines.

Unlike most other high-speed WAN technologies, ISDN is a dial-up service that enables
you to connect to different destinations as needed. The connection process is extremely
fast, taking about half a second, as opposed to the lengthy dial, ring, and modem
negotiation sequence on standard PSTN connections. ISDN is not a portable technology,
even though it uses the same cables as PSTN connections. An ISDN connection requires
the installation of special equipment to provide its higher speeds. Despite its attributes,
ISDN still has not achieved great popularity because of its relatively high cost-per-
megabit of transmission speed. However, it does provide a higher-speed alternative for
RAS connections that functions with RRAS (Routing and Remote Access Service) just as
PSTN dial-ups do. Generally speaking, the dial-in RAS architecture is the same;
whatever type of WAN technology is providing the connection between the client and the
server.

9.2 Remote Access Protocols

Remote access protocols control the establishment of connections and the transmission of
data over the WAN links connecting RAS clients and servers. The operating system and
LAN protocols used on remote access clients and servers dictate which remote access
protocol your clients can use. In nearly all cases, RAS connections use the Point-to-Point
Protocol (PPP) for WAN communications because PPP includes mechanisms that
provide security and support for multiple protocols at the network layer. Older RAS
protocols used with earlier Windows RAS implementations, such as the Serial Line
Internet Protocol (SLIP) and Asynchronous NetBIOS Enhanced User Interface
(NetBEUI), have fallen into disuse because they do not provide these features.

After the WAN connection is established between the RAS client and server, the client
can access server resources using PPP. For the client to access resources on the network
to which the server is attached, the server functions as a router between the PPP
connection and a standard LAN protocol, such as Ethernet or Token Ring. Both PPP and
the LAN protocols provide support for all the standard network layer protocols, such as
TCP/IP, Internetwork Packet Exchange (IPX), NetBEUI, and AppleTalk. This enables
the RAS client to access virtually any type of resource on the server's network, just as if
the computer were directly connected to the LAN. The only perceivable difference is the
speed of the connection, which is much slower than a standard LAN connection.

9.3 Remote Access Security

As with any technology that opens a network up to outside users, security is an important
consideration. Remote access offers a wide range of security features, including user
authentication, mutual authentication, data encryption, callback, caller ID, remote access
account lockout, and access control.

9.3.1 User Authentication

The most basic form of security for any network connection is authentication, which is
the exchange and verification of credentials that identify the user to the network. To
prevent credentials (such as passwords) from being intercepted by third parties, RAS
supports a variety of authentication protocols that encrypt the user's credentials before
transmitting them over the network. When a client establishes a connection with a RAS
server using PPP, the two computers negotiate the use of a specific authentication
protocol that controls how the user credentials are exchanged. The authentication
protocols supported by RAS are as follows:

• Password Authentication Protocol (PAP). An unsecured authentication

protocol, meaning that it transmits the user's credentials in clear text. Anyone
capturing network packets with a protocol analyzer (such as the Windows 2000
Server Network Monitor) can read a user's account name and password from the
PAP messages and use them to gain access to secured resources. PAP also has no
means for a client and a server to authenticate each other. PAP typically is used
only when the RAS client and server have no other authentication protocols in
common. To protect your users' passwords from being compromised, you can
disable the use of PAP on your RAS server. When you do this, clients that do not
 support one of the more advanced authentication protocols are unable to connect
to the server.
• Shiva Password Authentication Protocol (SPAP). A variant of PAP designed
for use with Shiva remote networking products (now owned by Intel). Windows
clients connecting to a Shiva server device or Shiva clients connecting to a RAS
server use SPAP to transmit their user credentials over the network connection in
encrypted form. SPAP is more secure than PAP, but it uses a reversible form of
encryption that makes the data packets containing the user credentials subject to
replay. Replay occurs when a potential intruder takes a packet containing an
encrypted password and uses it to access unauthorized resources without
decrypting the contents.
• Challenge Handshake Authentication Protocol (CHAP). An authentication
protocol that uses the Message Digest 5 (MD5) hashing algorithm to encrypt the
authentication information. The server sends a message called a challenge to the
client in encrypted form, and the client must decrypt it and transmit the
appropriate response back to the server. Because CHAP never transmits
passwords in clear text, the credentials remain secure during the authentication
process.
• Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
version 1 and version 2. An extension of the CHAP authentication protocol that
provides greater security and support for the use of Windows authentication
information. MS-CHAP is also the only authentication protocol supported by
Windows 2000 that enables users to change their passwords during the logon
process. In an MS-CHAP version 1 authentication, the server sends a challenge to
the client that contains a session identifier and an arbitrary challenge string. The
client's response contains the user's account name, plus a nonreversible encryption
of the challenge string, the session identifier, and the user's password. The server
then evaluates the response and either grants or denies access. MS-CHAP version
2 provides even greater security by supporting mutual authentication, separate
encryption keys for transmitted and received data, and keys that are based on the
user's password plus an arbitrary challenge string so that each time a user
connects with the same password, the encryption key is different. The MS-CHAP
v2 authentication process proceeds in the same way as the version 1 process,
except that the client's response to the server's challenge contains an arbitrary peer
challenge string for the authentication of the server, in addition to the other
components. When the server responds to the client's authentication attempt, it
includes an encrypted string of its own. The client then verifies the authentication
of the server, after which the connection is established.
• Extensible Authentication Protocol (EAP). A protocol that enables RAS
clients and servers to negotiate the use of any authentication mechanism that the
two have in common. EAP makes it possible for the client and server to conduct
an open-ended conversation in which the server issues individual requests for
authentication information and the client responds to each request. As the server
processes each response, it advances the client to the next authentication level.
When all the requests have been satisfied, the client is fully authenticated and
access is granted. The authentication mechanisms used by EAP are called EAP
types; for authentication to occur, the client and server must support the same type.
 You can configure a Windows 2000 RAS server to use any or all of these
authentication methods. If the remote access does not support any of the
authentication protocols that the server is configured to use, the connection is
denied.

9.3.2 Mutual Authentication

As mentioned earlier, mutual authentication is obtained by authenticating both ends of

the connection through the exchange of encrypted user credentials. This is possible
through the use of PPP with MS-CHAP version 2 or with EAP-TLS. During the mutual
authentication procedure, the remote access client authenticates itself to the RAS server,
and then the RAS server authenticates itself to the remote access client.

9.3.3 Data Encryption

Data encryption encodes the data sent between the remote access client and the RAS
server. However, remote access data encryption provides protection only on the WAN
link between the RAS client and server. If end-to-end encryption is needed, such as
between a RAS client and another computer on the server network, you can use the IP
Security (IPsec) extensions to create an encrypted end-to-end connection after
establishing the RAS connection.

Data encryption on a remote access connection is based on a secret encryption key known
to the RAS server and the client. This shared secret key is generated during the user
authentication process. Data encryption is possible over dial-in remote access links when
using PPP along with EAP-TLS or MS-CHAP. As with authentication, you can configure
the RAS server to require data encryption. If the remote access client cannot perform the
required encryption, the connection attempt is rejected.

9.3.4 Callback

With callback, the remote client dials into the RAS server, authenticates itself, and then
severs the connection. The server then calls the client back and reestablishes the
connection. You can configure the server to call the client back at a preset number or at a
number specified by the client during the initial call. This enables a traveling user to dial
in and have the RAS server call back the remote access client at the current location,
saving telephone charges. When you configure the server to always call the client back at
the same number, you prevent unauthorized users from connecting to the server using
different telephone numbers.

9.3.5 Caller ID

RAS can use caller ID to verify that a call from a client is coming from a specified phone
number. You configure caller ID as part of the dial-in properties of the user account. If
the caller ID number of the incoming connection for that user does not match the
configured caller ID, the connection is denied.
9.3.6 Remote Access Account Lockout

The remote access account lockout feature enabled in the registry on the server providing
authentication specifies how many failed remote access authentication attempts a user is
permitted before the server denies remote access. Remote access account lockout is
especially important for VPN connections over the Internet. Malicious Internet users can
attempt to access an organization's intranet by repeatedly sending credentials (a valid user
name and a guessed password) during the VPN connection authentication process. With
remote access account lockout enabled, this type of attack is thwarted after a specified
number of failed attempts.

9.3.7 Access Control

In addition to the various connection techniques described in the previous sections, you
can also control remote client access to your network in other ways. You can configure
individual Windows 2000 user accounts to permit or deny remote network access, and
you can create remote access policies to control whether remote users can access a server,
based on a variety of criteria.

9.4 What Is RADIUS?

RADIUS (Remote Authentication Dial-In User Service) provides three services to a
network: Authentication, Authorization, and Accounting. These services’ names are
beginning with letter A and hence called as 3A. For a number of reasons, it can be quite
difficult to secure a network that has many remote users. Such a network may need to
allow remote connections from other locations in the network or from users who are
dialing in from home or even while traveling. This last group—roaming users—poses a
network’s largest security risk. Allowing users to connect from any location makes it
difficult to maintain control over incoming connections to the private network. The
purpose of RADIUS is to control the actions of remote and roaming users without
allowing sensitive network information like usernames and passwords out of the private
network. RADIUS does this by using a client/server architecture that is specifically
designed for a geographically dispersed environment.

It is important to remember that RADIUS is not a full remote-access solution. It merely

adds security and accounting to a remote-access design for a network. RADIUS protects
a private network by isolating authentication of remote users from the rest of the data
exchange that occurs over lines that are not secure. In a traditional remote-access solution,
the RAS server connects users to the network, and all data transfer occurs through the
RAS server including authentication and accounting information such as transaction
logging. In a RAS solution that uses RADIUS, the RAS server still controls the transfer
of data between the remote client and the private network, but it passes to the RADIUS
service the responsibility of authenticating the user, authorizing user actions, and tracking
remote user actions.

9.4.1 Tracking Remote Connections with RADIUS Accounting

The accounting service provided by RADIUS increases control over remote connections.
Because RADIUS can log remote connections to a network, such network usage can be
monitored. The accounting service can log the IP address of the computer that requests
authentication, the time of the call, the call status (such as success or failure), which
RADIUS client sent the request and which RADIUS server accepted the request. This
accounting service, which is separate from the authentication and authorization services
provided by RADIUS, can also be used for billing or security purposes.

We’ll see how Internet Service Providers (ISPs) can use the accounting feature to charge
for RADIUS services that are provided to a network.

9.4.2 RADIUS Service Basics

Although RADIUS is a service, the term RADIUS can also refer to a protocol because
networking services are often named after the protocol that runs the service. (Just like the
FTP service is run by the FTP protocol, the RADIUS service is run by the RADIUS
protocol.)

9.5 Summary
• Remote access provides two different types of remote access connectivity: dial-in
remote access and virtual private network (VPN) remote access.
• A dial-in remote access connection consists of a remote access client, a remote
access server, and a wide area network (WAN) infrastructure.
• Remote access protocols, such as Point-to-Point Protocol (PPP), control the
connection establishment and transmission of data over WAN links.
• Generally remote access supports the following local area network (LAN)
protocols: Transmission Control Protocol/Internet Protocol (TCP/IP),
Internetwork Packet Exchange (IPX), AppleTalk, and NetBIOS Enhanced User
Interface (NetBEUI).
• Remote access offers a wide range of security features, including secure user
authentication, mutual authentication, data encryption, callback, caller ID, and
remote access account lockout.
Chapter 10

Security
Contents
• Various methods of social engineering
• Situations to watch out for
• Ways that information can be gleaned from employees.
• Various ways to secure the user’s computer and network access
• Enforced policies
• Encryption and authentication
• Firewalls.
• Incidence response plan
• Deal with an incident when it happens
• Test the plan before an actual incident occurs.

Objectives
After completion of this module you will be able to know:
1. various methods of social engineering
2. situations to watch out for
3. to reduce the number of ways that information can be gleaned from employees.
4. various ways to secure the user’s computer and network access
5. enforced policies, encryption and authentication, and properly configured and
installed firewalls.
6. how to formulate an incidence response plan
7. how to deal with an incident when it happens
8. how to test the plan before an actual incident occurs.
In a world where security has become an enormous factor and network administration
must cover everything from desktop support to business continuity planning, the scope of
IT duties has widened and budgets have narrowed.

This lesson covers several different aspects of security to help you find ways to keep your
network safe by spotting potential risks in the user environment before an incident
happens and showing you how to handle a security problem, should it occur. The lesson
also helps you evaluate your disaster recovery plan. It guides you through social
engineering, safe telecommuting, and the pitfalls of wireless LAN, and then takes you
through incident response, disaster recovery.

10.1 Social Engineering

You see new articles about network security and vulnerabilities in software and hardware
every day. This visibility has caused security to become a priority in most companies.
Efforts to make sure the network is secure generally focus on how to implement hardware
and software such as intrusion detection, Web filtering, spam elimination, and patch
installation.

One of the biggest threats of which we, as security professionals, are often unaware and
cannot control is social engineering. There's very attention paid to the person-machine
interaction. This lesson focuses on some of the methods of social engineering that are
commonly used to obtain information that can enable an intruder to penetrate the best
hardware and software network defenses.

Social engineering is a method of obtaining sensitive information about a office through

exploitation of human nature. It's an attempt to influence a person into revealing
information or acting in a manner that would disclose information that normally would
not be provided. It's based on the trusting side of human nature and people's desire to be
helpful. Social engineering is hard to detect because you have very little influence over
lack of common sense or ignorance on the part of employees. Business environments are
fast paced and service oriented. Human nature is trusting and often naive.

Before we get into the methods of social engineering, let's look at the planning of an
attack.

An intruder seldom decides to infiltrate an office randomly. The attack is usually very
methodical.

A social engineering attack is very similar to the way intelligence agencies penetrate their
targets:

1. Gather intelligence.
2. Select a specific vulnerable area as the entry point.
3. Execute the attack.
In the intelligence-gathering phase, the attacker can find readily available information
through the following:

• Dumpster diving
• Web pages
• Ex-employees
• Vendors
• Contractors
• Strategic partners

This information is the foundation for the next phase, in which the intruder looks for
weaknesses in the organization's personnel. Some of the most common targets are people
who work the following:

• Help desk
• Tech support
• Reception
• Administrative support

These employees are most likely to be affected by an intimidation type of attack

(discussed later), simply because they handle a large volume of calls and they're trained
to deliver good customer service.

The last phase is the attack, also commonly known as the con. There are three broad
categories of attacks:

• Ego attacks
• Sympathy attacks
• Intimidation attacks

These attacks are discussed in further detail a little later in this lesson.

10.1.1Attack on the physical level

There are two levels at which social engineering occurs: the physical level and the
psychological level. Let's first look at the physical level, which is looking for information
in ways other than direct contact with the office or anyone in the office. We'll start with
dumpster diving.

10.1.1.1 Dumpster diving

As humans, we naturally seek the path of least resistance. Instead of shredding

documents or walking them to the recycle bin, we often throw them in the nearest waste
basket. Equipment sometimes is put in the garbage. Intruders know this, so they often
don't even have to contact anyone in the office in order to extract sensitive information --
they can find it all in the office's dumpsters. This is known as dumpster diving. Again,
this is the path of least resistance -- no phone calls, no visits, simply look through the
garbage.

Anyone looking to extort money from the office or to steal identities could have easily
made hundreds of thousands of rupees from the information they could have gleaned in
those dumpsters. They would have had access to Social Security numbers, addresses, and
a wealth of personal and financial information. This incredible security breach not only
jeopardized the clients, but upon release of the story in news papers, the office stock
plummeted and lawsuits ensued.

In any office, the potential for this type of information access is huge. What happens
when an employee is leaving the office? He cleans out his desk. Depending on how long
the employee has been there, what ends up in the garbage could be a goldmine for an
intruder. Other potential sources of information that are commonly thrown in the garbage
include

• Old office directories

• Old QA or testing analysis
• Employee manuals
• Training manuals
• Hard drives
• Floppy disks
• CDs
• Printed e-mails

TIP
All these items should be disposed of properly. You should formulate a policy on
destruction of data. The safest policy is to physically destroy the media and the
information stored on it. Destruction is the only safe method of completely removing all
traces of information stored on a removable media device. All paper-generated
information should be shredded and/or taken away by a bonded destruction office.

10.1.1.2 Web pages

The Web pages of an office are a great place to find out information and organizational
structure. Many companies also include the biographies of top executives. This
information can be used to impersonate that person or someone who is an associate of the
executive.

For example, you could call an office and ask the receptionist for Manohar. She tells you
that Manohar is out of the office until Monday. You ask who is in charge until he returns.
You are told Mary. You leave a message for Mary, requesting information that she would
have access to, saying you're working with Manohar and he said she could fax or e-mail
the information you need while he's out of the office.

10.1.1.3 Additional methods of trickery

Another form of getting information is for an intruder to get employees to enter a contest.
Say, for example, that you got an old office directory through dumpster diving. You
could then send a contest letter to all employees asking them to register online at your
Web site. Because many users use the same password for various accounts, it's likely that
you would get some network passwords from the employees who register for the contest.

E-mail social engineering is done by tricking someone into believing that the e-mail is a
legitimate request. Social engineering involves knowing the target and this includes
knowing the e-mail addresses of your target. For instance the I LOVE YOU virus uses
the social engineering technique. This virus created so much damage because it used an
emotion-triggering subject, I LOVE YOU.

WARNING
E-mail social engineering is a much more direct means of gaining access to a system
because attachments can launch worms, viruses, and back doors.

Ex-employees are a great source of information on the inner workings of a office,

especially if they left the office under unhappy conditions. Vendors, contractors, and
strategic partners are another fantastic source of information. It's easier to impersonate
someone from another office than it is to impersonate an employee.

10.1.2 Attack on the psychological level

These categories of attacks -- ego, sympathy, and intimidation -- are all on the
psychological level of social engineering. This means that the intruder appeals to the
employee through the use of emotion.

Let's examine each of these attacks.

10.1.2.1 Ego attacks

An ego attack is perhaps one of the favorite types of social engineering attacks simply
because you know that as network administrators, we all have big egos. The attacker
appeals to the vanity, or ego of the victim. The victim wants to prove how smart or
knowledgeable he is and unthinkingly provides sensitive information. We're all anxious
to show how much more we know than the next person or how much better our
equipment is than theirs. The perfect scenario for this type of engineering is a user group
meeting held after work. You know of several groups that meet once a month or so after
work in some of the local clubs. Mix egos and guess what happens?

It's amazing what employees will reveal without a whole lot of coaxing. How many of
the employees are unwitting revealing information in social settings without realizing
who they are talking to?

This can happen in any type of social setting. For example, suppose you attend a birthday
party for a friend. Some of the other attendees are also in the field and the topic of
conversation turns to servers. Everyone is comparing equipment. You'll know what
operating systems are running, what kind of equipment is running on each, and what
issues each one is having.

Talking about our jobs and comparing problems are simply part of human nature, and ego
attack victims never realize what has happened, but the information extracted can be
extremely dangerous in the wrong hands.

Ego attackers also target those they sense are frustrated with their current job position.
Unhappy employees are very likely to reveal information with little prodding because
they feel mistreated.

Attackers also have been known to pretend to be law enforcement officials, and their
victims feel obliged and sometimes even honored to help them by providing information.

10.1.2.2 Sympathy or intimidation attacks

The following are all examples social engineering that either use intimidation or prey on
sympathy:

• You receive a call from someone saying he's a General Manager. He states that
he's in real trouble. He's attempting to do a presentation for Microsoft and has
forgotten his password; therefore he can't log into the Web site to do the
presentation. He just changed it yesterday and can't remember what it is. He needs
to have it right away because he has a room full of clients waiting and he's
starting to look incompetent. This is an extremely important client that could
mean millions of dollars in revenue for the office.
• Someone you have never seen before approaches you as you're entering a secured
building. She has her hands full carrying coffee and doughnuts. She smiles
sweetly and says she has her ID badge in her pocket, but just doesn't seem to have
an extra hand to swipe the card and still carry all she has. She asks that you please
hold the door for her.
• You receive a call from the corporate office saying that a new mail server is being
put into place and there's an immediate need to verify current user accounts and
passwords. You are told that it's not safe to send this information via e-mail, and
are asked to please print it off and fax it directly to a number given to you. You're
told that the number is a direct line for the person putting the new server into
place.

These attacks are very successful because our business needs change daily and we live in
a fast-paced world. This type of attack plays on the empathy and sympathy of the victim,
and an attacker can shop around until he finds someone who will help.

Here are some social-engineering approaches an intruder can use to get information:

• Pretends to be a fellow employee or a new hire, contractor, or a vendor.

• Insists there's some urgency to complete some task or obtain some information.
• Needs assistance or he will be in trouble or lose his job.
 • Pretends to be someone influential, an authority figure, or, in some cases, a law
enforcement official, and uses that authority to coerce the victim into cooperation.
• If met with resistance, uses intimidation and threats such as job sanctions or
criminal charges.
• If pretending to be law enforcement officer, claims the investigation is hush-hush
and not to be discussed with anyone else.

WARNING
Employees can exploit social engineering just as well as outsiders. Keep in mind that
more damage is done to a network by disgruntled employees than by outsiders.

You'll learn how to recognize a social engineering situation shortly. Here's a scenario that
actually happened:

A user came to a network administrator with his laptop and requested that it be joined to
the domain. The administrator logged the user off the laptop, logged in as himself, and
joined the laptop to the domain. So, what's wrong with that? The user had keystroke
logging software installed on the laptop. He proceeded to go back to his work area, read
the log file, log in as the administrator, browse to the main server, and copy the SAM
(Security Accounts Manager) to a file. (For those of you unfamiliar with the SAM, it
holds user account information that includes usernames and passwords.) He took the file
home and that evening ran L0phtCrack, which is password-cracking software, on the file.
The next day, he had the logins and passwords for every user in the office. He
periodically logged in as other users and accessed information he should not have. As
time went by, he got bolder, logging in as the administrator and shutting down services,
causing problems on the network. Eventually, his bragging got him into a bind and he
was dismissed for his actions. The best way to avoid this type of situation is to never join
a machine to the domain from a user's machine. The account should be created at the
server console instead.

10.1.3 Learn to recognize a social engineering situation

Well, now that you know about the methods of social engineering, it's time to look at
how to spot a potential situation. To keep from becoming a victim, you should know how
to recognize an intruder. You can be neither suspicious nor trusting of everyone, so where
do you draw the fine line?

Remember the Manohar scenario from earlier in this lesson? If the office had a policy
requiring employees to obtain contact information when a call comes in for an out-of-the-
office employee, one sign to look for would be refusal to leave contact information. In
this example, the receptionist simply states that Mr. Manohar is out of the office, and then
asks for your name and a number at which you can be reached, and what the call is in
regard to, so that your call may be properly returned. If you're an intruder, would you
leave this information? Not likely. If you're a persistent intruder, you may press the
receptionist for information such as when Mr. Brown will return and who is in charge in
his absence, and act irate. This type of behavior is also a concern. The caller is
deliberately avoiding giving out information about him while trying to push the
receptionist into giving out more information about the employee.

What about someone who is rushing or is in a big hurry? We are all busy people; you're
in as big hurry as the next person. Look out for someone who tries to breeze by you as
you're entering a secure building. She may strike up a conversation, and then say she's
late for a big meeting and doesn't have time to be fishing for her ID badge, so she'll just
come in with you. If you allow this, you may be admitting an intruder into the building. A
genuine employee understands the security issue and finds her ID badge for admittance.

Name-dropping is often used to impress the people you are conversing with. Many folks
like to drop names -- it makes them feel more important. In social situations like the ones
described earlier, many a conversation begins with, "The other day I was talking to so-
and-so." If the speaker is talking about someone in your office, you get the feeling that he
knows something about what is going on in your office and that you might trust him.
Instead of proceeding to discuss the office, which is what the intruder wants, you may
want to ask him questions such as how do you know so-and-so to get a feel for whether
the person is being truthful or not. Of lesson, if he starts acting uneasy at the questions
you're asking, you know that he's a potential intruder.

Intimidation is one of the best ways to get information out of people, especially from
people who tend to be timid by nature. Employees should be able to address intimidation
situations without fear of punishment for not giving excellent customer service if they ask
additional questions or for more information.

Odd questions or asking for classified information can also be a dead giveaway that
someone is fishing for attack information. In the situation where the vice president
needed a password, the approach should be that this is a potential intruder and not a vice
president.

Good practices can neutralize many of these social engineering situations. We'll discuss
these practices next.

10.1.4 Promote practices that prevent attacks

The impact of social engineering and the ease of an attack are usually high. Technical,
operational, and environmental controls individually will not prevent attacks. You need a
combination of all three along with user awareness training. Here's a list of items that can
be useful in preventing social engineering attacks:

• All employees should have a security mind-set and be able to question situations
that do not seem right.
• Cleaning crews should search the wastebaskets for sensitive information and turn
it over to management.
• Policies need to be in place for data destruction, including paper, hard drives, CDs,
disks, and so on.
 • Implement self-service password management to address weaknesses with help
desk and password administration.
• Employees should have continued training in security awareness.
• Require all guests to sign in, wear a guest badge, and be escorted within the office.
• Have shredders located in convenient areas or hire a reputable office to pick up
and shred documents.
• Extra security training in the area of social engineering and office security
policies should be provided for security guards, receptionists, and help desk
employees.
• Put policies in place for how to handle situations where an unknown person tries
to slip in with a legitimate employee (called tailgating). Be sure that all employees
know the policy and enforce it.
• Instruct employees on what can and cannot be discussed in social settings outside
of work.
• Encrypt information on desktops, laptops, and PDAs.
• Have polices regarding e-mail and voice mail notifications for employees on
vacation or out of the building for a period of time.
• Have incident response teams to lessen the damage if a breach occurs.
• Apply technology where possible such as biometrics or electronic security badges.
• Test your defenses periodically.

This by no means covers everything or all situations. The important factors to remember
are that there must be policies in place and that all employees must be aware of these
policies. Training must start as soon as the job begins. Employees should know they play
a part in the security of the office and that their jobs depend on their vigilance.

You're faced with customer service and courtesy issues everyday. Technology cannot
control these situations. We all must rely on each other to use our best judgment when
revealing information about our office and ourselves. Remember, the best defense is a
good set of policies, proper education, and continued awareness training.

10.2 Secure Computer and Network

We have seen the ways in which an intruder can use social engineering to attack a
network. Here, you'll see how an intruder can use a telecommuter's computer to attack
your network and how you can make that computer more secure.

Many IT professionals work from home at least part of the time. All of this makes for a
flexible work environment. That flexibility can also cause the IT professional a huge
headache, because you have no control over what goes on in the confines of an
employee's home. There were strange incidents happening on the network. A cracker had
accessed the network and was wreaking havoc. No matter what this administrator did to
change and tighten security, the cracker always got back in. Eventually it was discovered
that the cracker was getting into the network through the administrator's home machine,
which was always left on and connected to the Internet.
With information security, you cannot allow even the top leaders to sidestep or ignore
policy. An employee cannot be allowed to work at home until the home machine is
secured. This should part of the security policy and all employees should have signed a
statement to that fact when they were hired. Should you find yourself in this situation, it
must be passed to the next level of management or someone who manages security.

10.2.1 Understand the home environment

What happens employees are allowed to work from home? They're given a office
machine or allowed to use their own, IT sets them up to access the network, and then we
forget about them.

Let's consider a few factors about telecommuting employees. After all, they're doing
office work. Most of them have children or spouses who use the same computer that they
use to access the work environment. Employees who have more that one computer
usually set up a home network. Those who care about their home aesthetics or don't want
to pull wire set up wireless networks at home.

Here are a few scenarios, each of which poses a threat to the work environment:

A office engineer has a daughter and a son who each have a laptop. The engineer
purchases a wireless router and hooks up all the machines -- including the work machine
-- so that all the machines can use the high-speed Internet connection.

One of the reasons that wireless is so popular with home users is that you can just plug it
in and have it start working. In this scenario, then, there's little probability that the
engineer enabled WEP (Wired Equivalent Privacy) on the laptops, so the computers are
left vulnerable because the information is sent in clear text.

An employee's home workstation is running Windows 98. (In all operating systems prior
to Windows NT, all passwords are stored in the .pwl file.) The Internet connection is
always on, because the children want Internet access on that computer, especially in the
summer when school's out. The virus software is disabled because it interferes with the
children's favorite game.

In this situation, the always-on connection leaves the machine open to. The .pwl file can
easily be accessed for a list of passwords, and disabling the virus software leaves the
unguarded against viruses.

You've installed keystroke-logging software to track where your children have been on
the Internet, because many times they use your computer unsupervised. This software
runs constantly.

You've made it extremely easy for a cracker to get your password to the network, because
all he has to do is read the log file. This is a giveaway -- he has no work to do because
you've done it for him. Keystroke logging software should not be used on a machine that
has been supplied by the employer unless the employer had installed it and is aware that
it's on the machine.

You are constantly having issues with your computer because you let your children use it.
What do you think the chances are that someone has already penetrated the network
where he works and is slowly stealing information or planting maladies?

10.2.2 Establish effective policies

Every office should have policies in place to protect the network from attacks via home
users. These might include the following:

• Requiring the employee to notify IT immediately if he changes his home

connection from dial-up to high speed, so that policies and procedures can be
addressed.
• Not permitting an office-owned PC to be used for other purposes or by
unauthorized individuals.
• Not allowing virus protection software to be disabled, and requiring that it be
updated regularly.
• Requiring immediate disconnection from the network and immediate support
contact in the event that the machine contracts a virus.
• Requiring the use of a firewall, and not permitting it to be disabled.
• Requiring that the machine be either disconnected from the network and the
Internet or turned off completely when the employee finishes working for the day.
• Mandating that a boot disk be handy in the event a virus renders the machine
unusable.
• Requiring that data be backed up if the employee is storing office information on
a home computer.
• Requiring that the operating system and all applications on the machine be kept
up to date.

TIP
Post information about patches and updates, whether the IT department supplies them or
the employee is expected to acquire them on his own. Posting provides no excuse for an
employee failing to comply.

• Requiring strong passwords.

• Requiring that non work-related shares be turned off.
• Mandating that auditing be turned on (if the operating system allows).

Although it may seem like a lot of work, it's worth your while to periodically send
questionnaires to all employees working from home who are using office computers. The
main information you want from the employees is:

• The operating system and version

• All applications installed and their versions
• The type of Internet connection
 • The location of the emergency boot disk
• How many other machines are using the Internet connection
• Any hardware changes

Then compare the current responses with the condition in which the machine left the
office. If this is done on a regular basis, you will soon be able to tell who is using the
computer strictly for work purposes and who is not. Often, what you'll find is that
children use the computer to play games and download music files. These require the
installation of additional programs. They also take up disk space and may require better
video cards as well as extra memory.

With policies in position, let's see how machines can be set up to securely connect to the
work environment from home.

10.2.3 Secure home machines

As you learned in the previous section, you really have very little control over the home
user. Even with good policies in place, there's no guarantee that telecommuters will
follow them. What you can control is how the telecommuters connect to your network,
and that's what we'll discuss now.

When you allow telecommuters to access your network, they usually do so by first
connecting to the Internet and then connecting to the network A VPN (Virtual Private
Network) is a network connection that permits access via a secure tunnel created through
an Internet connection. Using an Internet-based VPN connection is very popular for
several reasons:

• Users in an organization can dial a local Internet access number and connect to
the corporate network for the cost of a local phone call.
• Administrative overhead is reduced with a VPN because the ISP (Internet Service
Provider) is responsible for maintaining the connectivity once the user is
connected to the Internet.
• There are various security advantages to using a VPN, including encryption,
encapsulation, and authentication.

For users who travel, a local access number usually is available. If possible, you should
provide this information to employees who travel -- it saves phone calls to the help desk
and enables them to test the numbers before they have to give presentations.

Figure 1 shows how a VPN works. Setting up the users' computers (clients) to connect to
the server is a two-step process:
Figure 1: VPN remote access over the Internet.

1. Establish an Internet connection. This can be dial-up or broadband.

2. Connect to the VPN server. This involves dialing another connection.

Once the client is setup, it can use the VPN. Here's how a client uses a VPN to access a
corporate LAN through the Internet:

1. The remote user dials into his local ISP and logs into the ISP's network.
2. The user initiates a tunnel request to the server on the corporate network. The
server authenticates the user and creates the other end of tunnel.
3. The user then sends data through the tunnel, which is encrypted by the VPN
software before being sent over the ISP connection.
4. The server receives the encrypted data, decrypts it, and forwards it to the
destination on the corporate network. Any information sent back to the remote
user is encrypted before being sent over the Internet.

VPNs provide great opportunities for employee productivity while reducing long-
distance charges, and a good VPN guarantees privacy and encryption. But it is
authentication that ensures the integrity of the data.

We've discussed the situations that home users get themselves into and how easily
passwords can be breached on unsecured machines. In order for a VPN to provide the
level of security that's intended, a solid means of authentication must be established. This
brings us to two-factor authentication.

In two-factor authentication, a user must supply two forms of ID before she can access a
resource: one is something she knows, such as a password, and the other is something she
has or is. For example, you may be required to type password and place your thumb on a
thumbprint scanner to properly identify yourself. Figure 2 illustrates this type of
authentication.
Figure 2: Two-factor authentication.

The most common form of this type of authentication is a smart card. The security in this
authentication is that both are need for validation. If the card is stolen, or the PIN is
discovered, neither one of these alone can enable someone else to log on as the user.

Smart card readers are attached to a computer port and a digital certificate is downloaded
to activate the card. Smart card logon requires the user to insert the card and enter a PIN
in order to log on.

10.2.3.1 Understand tunneling

The purpose of a VPN is to secure your network communications. There are two broad
categories of tunneling:

• Voluntary
• Compulsory

In voluntary tunneling, the situation is as described earlier and shown in Figure 2-1. The
cable modem dials the ISP, and the user is then connected to the VPN server via the
Internet.

In compulsory tunneling, the tunnel is set up between two VPN servers that act as routers
for network traffic. This type of tunnel is most useful for connecting a remote office with
its own network to a central office. Sometimes as an office is growing, it allows
employees to run offices out of their homes with those employees hiring several people to
work for them, or it may be in the situation where a contractor works out of an office that
is shared by other contractors. Figure 3 shows an example of this type of tunneling.

Figure 3: Compulsory tunneling.

This type of server would be placed in a larger office but remote users and traveling
employees could create a connection with a local or corporate VPN server instead of
connecting to an ISP first, thus eliminating the need to supply traveling employees with a
list of local numbers for the ISP.

WARNING
Tunneling should not be used as a substitute for encryption. The strongest level of
encryption possible needs to be used within the VPN.

Let's take a look at personal firewalls that can be installed to help detect intrusions in
home computers.

10.2.4 Examine personal firewalls

The potential for crackers to access data through the telecommuter's machine has grown
substantially, and threatens to infiltrate our networks. Cracker tools have become more
sophisticated and difficult to spot. Always-connected computers, typically with static IP
addresses, give attackers copious amounts of time to discover and exploit system
vulnerabilities. How can a user know when his system is being threatened?

You can help thwart attacks by making sure that all telecommuters have firewalls
installed on their systems. Firewalls come in two varieties: software and hardware. Like
most other solutions, each has strengths and weaknesses. By design, firewalls close off
systems to scanning and entry by blocking ports or non-trusted services and applications.

10.2.4.1 Software firewalls

Software firewalls are more flexible in that they enable the user to move from network to
network. Typically, the first time a program tries to access the Internet; a software
firewall asks whether it should permit the communication. You can opt to have the
firewall ask the user each time the program tries to get online. The prompts usually get so
annoying that most users end up making hasty decisions with little more information than
they originally had. Another danger is that firewall filtering can get too complicated for
the average user to fix easily, which makes users reluctant to deny permission to anything.
There should be help available to telecommuters to aid in configuring these types of
firewalls. Its one thing to say that telecommuters have firewalls, but quite another to
ensure that those firewalls are correctly configured.

Here's a list of the most commonly used software firewalls:

• McAfee.com Personal Firewall

• Norton Internet Security
• Sygate Personal Firewall
• ZoneAlarm
• BlackIce
• Tiny Personal Firewall

10.2.4.2 Hardware firewalls

Hardware firewalls provide an additional outer layer of defense that can more effectively
hide one or more connected PCs. There are inexpensive router appliances that move
traffic between the Internet and one or more machines on home networks, which simply
hide the IP addresses of PCs so that all outgoing traffic seems to come from the same
address. Recently, router manufacturers have been including actual firewalls that block
inappropriate inbound and outbound traffic making these a much better choice.

In general, the average user will like the nature of hardware solutions because they
operate in the background without generating as many queries and alerts as software
firewalls. In addition, the physical installation is easy, but the normal home user won't
know how to configure the firewall should the default settings not be strong enough.

Remember that even a good firewall cannot protect the user if he does not think before he
downloads or does not exercise a proper level of caution. No system is foolproof, but the
right combination of hardware, software, and good habits can make your telecommuters'
computing environment safer.

10.3 Intrusion Detection

We will see what actually happens when your network is invaded or damaged. We
develop and deploy hardware and software in such an extremely quick fashion to meet
the demand of business and home consumers that we don't always take the time to be
sure that these technologies are properly tested and secured. This puts our networks at
risk not only from the professional cracker but also from curious or disgruntled
employees.

Let's first look at intrusion detection and intrusion prevention systems that can help spot a
potential intrusion.

10.3.1 Examine intrusion detection systems

One of the best ways to catch an intruder before too much damage is done is through
IDSs (intrusion detection systems), which are designed to analyze data, identify attacks,
and respond to the intrusion. They're different from firewalls in that firewalls control the
information that gets in and out of the network, whereas IDSs can identify unauthorized
activity.

Intrusion-detection systems are also designed to catch attacks in progress within the
network, not just on the boundary between private and public networks. The two basic
types of IDSs are network based and host based. As the names suggest, network-based
IDSs look at the information exchanged between machines, and host-based IDSs look at
information that originates on the individual machines. Here are some specifics:

• Network-based IDSs monitor the packet flow and try to locate packets that may
have gotten through the firewall and are not allowed for one reason or another.
These systems have a complete picture of the network segment they are
 configured to protect. They see entire network packets, including the header
information, so they're in a better position to distinguish network-borne attacks
than host-based IDS systems are. They are best at detecting DoS (Denial of
Service) attacks and unauthorized user access. Figure 4 details a network-based
IDS monitoring traffic to the network from the firewall.

Figure 4: Network-based IDS.

• Host-based IDSs (sometimes called HIDSs) monitor communications on a host-

by-host basis and monitor traffic coming into a specific host for signatures that
might indicate malicious intention. They also monitor logs to find indications that
intrusions or intrusions attempts are going on, and some of the HIDSs also
monitor system calls and intercept them. These types of IDSs are good at
detecting unauthorized file modifications and user activity.

Network-based IDSs try to locate packets not allowed on the network that the firewall
missed. Host-based IDSs collect and analyze data that originates on the local machine or
a computer hosting a service. Network-based IDSs tend to be more distributed.
Host-based and network-based approaches are complementary to each other because they
have different strengths and weaknesses. Many successful intrusion detection systems are
built using mixes of both, and ultimately, this is what network administrators should
consider for their own environments.

When an IDS alerts a network administrator of a successful or ongoing attack attempt, it's
important to have documented plans for incident response already in place. There are
several forms of response, including the following:

• Redirecting or misdirecting an attacker to secured segmented areas, allowing him

to assume that he has been successful. This serves two purposes: it prevents
access to secured resources and gives you time to trace or track the intruder.
• ICE (Intrusion Countermeasure Equipment) can be used to provide automatic
response in the event of intrusion detection. ICE agents have the capability to
automatically lock down a network or to increase access security to critical
resources in the event of an alert.
• After identification of an attack, forensic analysis of infected systems can detect
information about the identity of the attacker. This information may then be used
to direct the attention of the proper authorities.

Later, analysis of successful intrusions should be used to harden systems against

additional attempts of the same nature. Planning should include access restrictions in
addition to making the network less desirable to potential attackers.

10.3.2 Explore intrusion prevention systems

IDSs alert IT system administrators to potential security breaches within the perimeter of
a network environment, which is a good start. The problem with them is that they're
passive and reactive. They scan for configuration weaknesses and detect attacks after
they occur. When an attack occurs, it's reported, and combinations of antivirus and
intrusion detection vendors develop a rapid solution to distribute, but by that time, the
attack has delivered its payload and paralyzed the network or several networks. In fact,
the damage is often already done by the time the IDS alerts you to the attack.

Intrusion prevention software differs from traditional intrusion detection products in that
it can actually prevent attacks rather than only detecting the occurrence of an attack. IPS
architectures serve as the next generation of network security software that is proactive.
Host-based IPS will become increasingly popular in the next few years, possibly pushing
host-based IDS out of the picture.

Intrusion prevention offers considerable advantages:

• It actually secures internal resources from attacks based inside the network by
restricting behavior of potentially malicious code, providing a record of attack,
and notifying enterprise security personnel when an attack is repelled.
• It defines appropriate behaviors and then enforces those behaviors on every end-
user desktop and network server across an enterprise. By looking at system and
 application behavior and defining which actions are legitimate and which are
suspect, an IPS can stop an errant system action when it attempts to do something
that is not in the realm of expected behavior.
• Rules can be configured to control which type of actions applications can perform
on files and system resources. As an intelligent agent, these run by intercepting
system actions, checking rules, and then allowing or denying the action in
question based on those rules.
• Statistical logging data can be used to generate reports that indicate overall
network health. IT staff can monitor how current rule sets are working and adjust
them, if necessary.

For an intruder, the real value of your network lies in key machines such as database
servers and the information they contain. An intruder won't celebrate breaking through
your firewall if all it gets him is access to a couple of printers. The idea of intrusion
prevention is to ensure exactly that. By allowing only certain behaviors on critical hosts,
the technology leaves an intruder with little freedom to do anything malicious.

If you have a personal firewall such as Norton Personal Firewall or ZoneAlarm, you
may've already seen intrusion prevention in its simplest form. Recall from the above that
this type of software relies on rules and scanning to spot inappropriate activity. It uses
predefined attack signatures, and it also learns what behaviors you'll allow every time
you click yes or no when an application wants to do something.

WARNING
Sometimes the data that is collected by these systems is overwhelming. When you start
trying to do something with the intrusion detection data, you realize the magnitude of
deciphering or reading the data is well beyond the resources and time you want to put in
to make it effective.

Often, incidents happen even though you have firewalls and intrusion detection. So,
you've got ten thousand alarms going off, five of them are probably valid, two of them
you really need to do something about, but you don't have the time or the resources to
find what those five are and what the two really are. You end up doing nothing because
you don't know how to respond. Please do not let this happen. Make the time and
resource to use these tools effectively.

Preventing actual damage to your company's business functionality is critical to

protecting today's open networks. Intrusion prevention technology serves as a strategy for
those who desire proactive and preventive security measures in the face of attacks.

No incident response solution is complete without a proper plan, so let's tackle that next.

10.3.3 Plan your incident response

Incident response refers to the actions an organization should take when it detects an
attack, whether ongoing or after the fact. It's similar in concept to a DRP (disaster
recovery plan) for responding to disasters. Incident response plans are needed so that you
can intelligently react to an intrusion. More importantly, there's the issue of legal liability.
You're potentially liable for damages caused by a cracker using your machine. You must
be able to prove to a court that you took reasonable measures to defend yourself from
crackers. Having an incident response plan definitely helps in this area. Unplanned
application and operating system outages have become commonplace. When an incident
occurs, the last thing you should do is panic, which, of course, is exactly what happens if
there is no plan in place or you have no idea where it is.

Don't overlook the effect an incident has on employees. The interruption to the workplace
not only causes confusion but also disrupts their schedules. Proper planning should be
beneficial to customers as well as employees.

The components of an Incidence Response Plan should include preparation, roles, rules,
and procedures.

10.3.3.1 Prepare

Although the preparation requirements may be different for each office, some of the
basics should include:

• A war room where the response team can assemble and strategize.
• A response team that will handle all facets of the incident.
• Contact information for the response team, vendors, and third-party providers.
• Change-control policies, which are useful especially when an application or
operating system needs to be rolled back.
• Software listing of the operating systems and applications being used so the scope
of the incident can be properly assessed.
• Monitoring tools to determine the health of the machines.

10.3.3.2 Assign roles

The incidence response team is responsible for containing the damage and getting the
systems back up and running properly. These steps include determination of the incident,
formal notification to the appropriate departments, and recovering essential network
resources. With this in mind, the team should comprise the following personnel:

• Technical operations: Security and IT personnel

• Internal communications support: Someone to handle management, employees,
and food for the response team (Yes, food is an important part of the response
process!)
• External communications support: Vendor, business partner, and press handling
• Applications development: Developers of in-house applications and interfaces
• Data Center operations: Database managers

10.3.3.3 Create rules

Some basic rules should apply to the response team, which could include the following:

• The entire team is responsible for the success of the incident handling.
• No one on the team is allowed to leave until the incident is handled.
• Everyone works from the war room. This is the central command post and
investigation takes place here.

Lastly, procedures need to be put into place. Let's discuss those procedures now.

10.3.4 Plan the procedures

Incidents happen from time to time in most of organizations no matter how strict security
policies and procedures are. It's important to realize that proper incident handling is just
as vital as the planning stage, and its presence may make the difference between being
able to recover quickly, and ruining business and customer relations. Customers need to
see that the company has enough expertise to deal with the problem.

Larger organizations should have an Incident Response Team. In the previous section, we
discussed the department members that should be assigned this task. Realize that this
team is not a full-time assignment; it's just a group of people who have obligations to act
in a responsible manner in case of an incident.

The basic premise of incident handling and response is that the company needs to have a
clear action plan on what procedures should take place when an incident happens. These
procedures should include:

• Conducting initial assessment: Identify the initial infected resources by getting

some preliminary information as to what kind of attack you are dealing with and
what potential damage exists.
• Initial communication: Notify key personnel, such as the security department and
the response team.
• Assemble the response team: Converge in the war room for duty assignment.
Decide who will be the lead for the incident.
• Initial containment of the incident: Diagnose the problem and identify potential
solutions. Set priorities and follow them closely. The incident response team has
to be clear about what to do, especially if the potential damage is high.
• Intrusion evaluation: Shoot the problem to additional teams if necessary. The key
is to understand what actually happened and how severe the attack was.
• Collect forensic evidence: Gather all of the information learned about the incident
up to this moment and store it in a secure location on secure media, in case it's
needed for potential legal action.
• Communicate the incident in public: Public communications may be subdivided
into several categories:
• Law enforcement: An incident of large proportion or repetitive pattern should be
relayed to municipal, provincial, or federal authorities.
• Other companies: The incident may be reported to IT security companies for help
or notification to other companies.
 • Customers: Customers should be notified as soon as there is something to be said.
• News media: If the company is large enough, and the event is worthy of a news
story, expect to be contacted by the media. There needs to be one person
authorized to speak to the media. Incident handling personnel must be aware of
this and direct all media queries to appropriate team member.
• Restore service: Implement and test a solution. If it was an unknown attack or
attack that is known to have ill effects on the system, it may be in the best
interests of the company to completely reinstall the system.
• Monitor: Be sure that recovery was successful.
• Prepare an incident report: Determine and document the incident cause and
solution. This report is an internal document that puts everything in perspective,
from the minute the incident was noticed until the minute the service was restored.
• Calculate damage: The ultimate dollar figure should look beyond actual and
obvious losses associated with service outages and business interruptions to
include all costs resulting from the incident, such as legal fees, loss of proprietary
information, system downtime costs, labor costs, hardware/software costs,
consulting fees, bad reputation, and publicity.
• Summary and updates: Gather the entire security response team for a meeting and
review the process and timelines in detail making any modifications that are
necessary to the plan.
• Periodic analysis: Check that the modifications made are appropriate.

This is a brief model and by no means is a complete plan. Every company must evaluate
its needs and plan accordingly. Once a plan is formulated, it must be tested, which brings
us to the last part of this lesson.

10.3.5 Test the plan

You formulate a plan, put it on a shelf, and when an incident happens, you realize there
are huge flaws in the plan. You forgot something or the person that you picked to do
internal communications support did an extremely poor job of handling his
responsibilities and left even though the rules for the team stated otherwise. The security
response team lead needs to be sure that every person onboard did the best they could and
performed the most appropriate action given the circumstances. This person also needs to
look at the situation to see if the overall strategy of the department is useful or where it
needs changing or fixing. The only way to do this before an actual incident is to test the
plan ahead of time.

The approach taken to test the plan depends on the strategies selected by the company.
Many times tests are conducted by what are called Tiger Teams. This can be an outside
group of consultants. The tests are often conducted without notification to the
departments involved in order to see how well the plan functions.

The following are key components of a testing plan:

• Define the test purpose and approach: Specify the incident that is to be tested.
How a virus infection is handled will be different from how to handle a Denial of
Service attack or a Web server defacement.
• Identify the test team: Specify whether employees or outside consultants will
conduct the test. No response team members should be on the test team because
they will be responsible for handling the incident.
• Structure the test: Plan exactly what you want to accomplish and set up the
equipment in a testing environment.
• Conduct the test: To be most effective, this should be done without prior
notification to the departments involved, because that is how incidents happen.
• Analyze test results: Evaluate how well or poorly everyone responded and how
easily the incident was resolved.
• Modify the plan: After a dry run, there are usually some modifications. Be sure
they're implemented.
 Chapter 11

Firewall
Contents
• Various Generations of Firewalls
• FAQ.

Objectives
After completion of this module you will be able to know:

• The different Generations of Firewalls

• Why firewall is needed?
• Answers for FAQ
 Firewall
In its most basic terms, a firewall is a system designed to control access between two
networks.

There are many different kinds of firewalls—packet filters, application gateways, or

proxy servers. These firewalls can be delivered in the form of software that runs on an
operating system, like Windows or Linux. Or, these firewalls could be dedicated
hardware devices that were designed solely as firewalls.
11.1 Understand the evolution of firewalls
Learn how firewalls have progressed from simple packet filtering to more sophisticated
application-level filtering.

Webopedia.com defines a firewall as “a system designed to prevent unauthorized access

to or from a private network.” Although technically accurate, this definition tells us only
what a firewall does and doesn’t address the more important question of how it does it.
For administrators who are continually focused on keeping their networks secure, it is
helpful to take a closer look at the way firewalls function and how they have evolved in
recent years to better protect our corporate networks.

11.1.1 First-generation firewalls: Packet filtering

11.1.1.1 Static packet filters

One of the simplest and least expensive forms of firewall protection is known as static
packet filtering. With static packet filtering, each packet entering or leaving the
network is checked and either passed or rejected depending on a set of user-defined
rules. Dealing with each individual packet, the firewall applies its rule set to
determine which packet to allow or disallow. You can compare this type of security
to the Gate-keeper at a club who allows people over 21 to enter and turns back those
who do not meet the age rule requirements. The static packet filtering firewall
examines each packet based on the following criteria:

• Source IP address
• Destination IP address
• TCP/UDP source port
• TCP/UDP destination port

For example, to allow e-mail to and from an SMTP server, a rule would be inserted into
the firewall that allowed all network traffic with a TCP source and destination port of 25
(SMTP) and the IP address of the mail server as either the source or destination IP
address. If this were the only filter applied, all non-SMTP network traffic originating
outside of the firewall with a destination IP address of the mail server would be blocked
by the firewall.
Many people have asked the question, “Is a router with an access list a firewall?” The
answer is yes, a packet filter firewall can essentially be a router with packet filtering
capabilities. (Almost all routers can do this.) Packet filters are an attractive option where
your budget is limited and where security requirements are deemed rather low.

But there are drawbacks. Basic packet filtering firewalls are susceptible to IP spoofing,
where an intruder tries to gain unauthorized access to computers by sending messages to
a computer with an IP address indicating that the message is coming from a trusted host.
Information security experts believe that packet filtering firewalls offer the least security
because they allow a direct connection between endpoints through the firewall. This
leaves the potential for a vulnerability to be exploited. Another shortcoming is that this
form of firewall rarely provides sufficient logging or reporting capabilities.

11.1.1.2 Stateful packet inspection

Within the same generation of static packet filtering firewalls are firewalls known as
stateful packet inspection firewalls. This approach examines the contents of packets
rather than just filtering them; that is, it considers their contents as well as their addresses.
You can compare this to the security screener at an airport. A ticket validates that you
must be traveling from your source to your destination; however, your carry-on contents
must be checked to get to your final destination.

These firewalls are called stateful because they can permit outgoing sessions while
denying incoming sessions. They take into account the state of the connections they
handle so that, for example, a legitimate incoming packet can be matched with the
outbound request for that packet and allowed in. Conversely, an incoming packet
masquerading as a response to a nonexistent outbound request can be blocked. By using
something known as session or intelligent filtering, most stateful inspection firewalls can
effectively track information about the beginning and end of network sessions to
dynamically control filtering decisions. The filter uses smart rules, thus enhancing the
filtering process and controlling the network session rather than controlling the individual
packets.

Basic routers typically do not perform stateful packet inspections unless they have a
special module. A dedicated firewall device or server (with software) is usually required
when the level of security demands stateful inspection of data in and out of a network.
Although stateful packet inspection offers improved security and better logging of
activities over static packet filters, it has its drawbacks as well. Setting up stateful packet
examination rules is more complicated and, like static packet filtering, the approach
allows a direct connection between endpoints through the firewall.

11.1.2 Second-generation firewalls: Proxy services

The next generation of firewalls attempted to increase the level of security between
trusted and untrusted networks. Known as application proxy or gateway firewalls, this
approach to protection is significantly different from packet filters and stateful packet
inspection. An application gateway firewall uses software to intercept connections for
each Internet protocol and to perform security inspection. It involves what is commonly
known as proxy services. The proxy acts as an interface between the user on the internal
trusted network and the Internet. Each computer communicates with the other by passing
all network traffic through the proxy program. The proxy program evaluates data sent
from the client and decides which to pass on and which to drop. Communications
between the client and server occur as though the proxy weren't there, with the proxy
acting like the client when talking with the server, and like the server when talking with
the client. This is analogous to a language translator who is the one actually directing and
sending the communication on behalf of the individuals.

Many information security experts believe proxy firewalls offer the highest degree of
security because the firewall does not let endpoints communicate directly with one
another. Thus, vulnerability in a protocol that could slip by a packet filter or stateful
packet inspection firewall could be caught by the proxy program. In addition, the proxy
firewall can offer the best logging and reporting of activities.

Of course, this security solution is far from perfect. For one thing, to utilize the proxy
firewall, a protocol must have a proxy associated with it. Failure to have a proxy may
prevent a protocol from being handled correctly by the firewall and potentially dropped.
Also, there is usually a performance penalty for using such a firewall due to the
additional processing for application-level protocols.

11.1.3 Firewalls evolved: The third generation

The newest generation of firewalls may be defined as state-of-the-art perimeter security

integrated within major network components. These systems alert administrators in real
time about suspicious activity that may be occurring on their systems. Although it's a lot
to swallow, this new generation of firewall has evolved to meet the major requirements
demanded by corporate networks of increased security while minimizing the impact on
network performance. The requirements of the third generation of firewalls will be even
more demanding due to the growing support for VPNs, wireless communication, and
enhanced virus protection. The most difficult element of this evolution is maintaining the
firewall's simplicity (and hence its maintainability and security) without compromising
flexibility.

The most recent category of firewalls attempting to meet this demand performs what has
been termed stateful multilevel inspection, or SMLI. SMLI firewalls eliminate the
redundancy and CPU-intensive nature of proxy firewalls. SMLI's unique approach
screens the entire packet, OSI layers 2 through 7, and rapidly compares each packet to
known bit patterns of friendly packets before deciding whether to pass the traffic.
Coupled with or integrated into an intrusion-detection system (IDS), SMLI offers the first
glimpse of this new definition of a firewall. Among the products that use this new
technology are Check Point’s FireWall-1, Elron Software’s Internet Manager, and
SonicWall’s line of access security products.
11.2 Frequently Asked Questions
Why would you want a firewall?
Firewalls will protect your network from unwanted traffic. Many times, the unwanted
traffic is harmful traffic from hackers trying to exploit your network. You want a firewall
to protect your network, just as you want locks on your door and windows at your home.

Is a proxy server a firewall?

A proxy server is a form of a firewall. In legal terms, a proxy is someone who goes and
performs some action on your behalf. A proxy server performs network transactions on
your behalf. The most common use for this is a Web-proxy server. A Web-proxy will
take requests from users’ Web browsers, get the Web pages from the Internet, and return
them to the user’s browser. Many times, a proxy server also performs authentication to
see who is requesting the Web pages and also logs the pages that are requested and the
user they are from.
What is NAT?
NAT is Network Address Translation. NAT is usually used to translate from
real/global/public Internet addresses to inside/local/private addresses. These private
addresses are usually IP addresses: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

NAT provides some security for your network as you do not have a real Internet IP
address and your network, usually, cannot be accessed from the Internet without some
outbound connection first being created from your private/inside network.

However, you still need a firewall to protect your network as NAT only hides your
network but doesn’t really stop any packets from entering your network.

Do firewalls stop Viruses, Trojans, Adware, and Spyware?

No, in general, firewalls do not stop Viruses, Trojans, Adware, or Spyware. Firewalls,
usually, only protect your network from inbound traffic from an outside (Internet)
network. You still need antivirus software, anti-adware and anti-spyware software
applications to protect your system when it does go out on the Internet.
How do I know that my firewall is really protecting my network?
Just like any security system, a firewall should, periodically, be tested. To test a firewall,
you could have a professional security-consulting company do a security vulnerability
scan. However, this is usually something you can do yourself. To do this, you could use a
port-scanner or a more advanced tool like a vulnerability assessment tool (such as Retina,
Saint, or ISS).

What are the different types of firewalls?

The different types of firewalls are:
Packet filter – A packet filter looks at each packet entering the network and, based on its
policies, permits or denies these packets. A Cisco IOS Access Control List (ACL) is a
basic firewall that works in this way.
Stateful packet filter – A stateful packet filter also has rules; however, it keeps track of
the TCP connection state so it is able to monitor the “conversations” as they happen on
the network. It knows the normal flow of the conversations and knows when the
conversations are over. Thus, it more intelligently is able to permit and deny packets
entering the network. Because of this, a stateful packet filter (stateful firewall) is much
more secure than a regular packet filter.
Application gateway – An application gateway is a system that works for certain
applications only. It knows the “language” that that application/protocol uses and it
monitors all communications. An example would be a SMTP gateway.
Proxy Server – A proxy server performs network transactions on your behalf. The most
common use for this is a Web-proxy server. A Web-proxy will take requests from users’
Web browsers, get the Web pages from the Internet, and return them to the user’s
browser.

What do VPNs have to do with firewalls?

Virtual Private Networks (VPN) are used to encrypt traffic from a private network and
send it over a public network. Typically, this is used to protect sensitive traffic as it goes
over the Internet. Many times, you will have a VPN encryption device combined with a
firewall as the private network traffic that is being encrypted also needs to be protected
from hackers on the public network.

If I have a firewall, do I have a DMZ?

No, you do not necessarily have a DMZ (De-Military Zone) if you have a firewall. A
DMZ is a network that is semi-protected (not on the public network but also not on the
fully-protected private network). Many hardware firewalls create a DMZ for public mail
servers and Web servers. Most small networks or homes do not have DMZ networks.
Most medium-to-large corporate networks would have a DMZ.

What are IDS and IPS? Also, what do they have to do with firewalls?
An Intrusion Detection System (IDS) monitors for harmful traffic and alerts you when it
enters your network. This is much like a burglar alarm.
An Intrusion Prevention System (IPS) goes farther and prevents the harmful traffic from
entering your network.

IDS/IPS systems recognize more that just Layer 3 or Layer 4 traffic. They fully
understand how hackers use traffic to exploit networks and detect or prevent that harmful
traffic on your network.

Today, many IDS/IPS systems are integrated with firewalls and routers.

What is a DoS attack and will a firewall protect me from it?

A Denial of Service (DoS) attack is something that renders servers, routers, or networks
incapable of responding to network requests in a timely manner.

Firewalls can protect your network and its servers from being barraged by DoS traffic
and allow them to respond to legitimate requests, thus, allowing your company to
continue its business over the network.

How do you configure, monitor, and control a firewall?

As there are many different types of firewalls, there are also many different types of
firewall interfaces. You could have a command line interface (CLI), a Web-based
interface, or some other proprietary program that is used to configure the firewall.

For example, with Cisco PIX firewalls, you can configure them with the CLI interface
(called PixOs), or the PIX Device Manager (PDM), a Java-based interface that works
with a Web browser.

How do I know what firewall I should use?

The size of the firewall you choose is usually based on the volume of traffic your network
links receive or the bandwidth of your network links. You also must take into
consideration other things for which you might be using the firewall, such as VPN, IDS,
and logging.

What are some new features to look for in firewalls?

Firewalls, today, are offering more and more features built into the firewall. Some of
them are: intrusion prevention, hardware-based acceleration, and greater recognition of
applications (moving up the OSI model towards layer 7).

How can I configure an inexpensive firewall?

There are a wide variety of firewalls available today. Perhaps the most basic firewall is
the personal PC firewall, such as that built into Windows XP. Next come more advanced
PC software firewalls, like ZoneAlarm Pro or BlackICE. There are midrange firewall
solutions like Microsoft ISA or hardware firewalls. Next on the scale are large Cisco PIX
or Checkpoint firewalls used for large businesses or Internet Service Providers.
 Chapter 12

Overview of NIB I and Types of ISP Nodes

Contents

ƒ What is NIB?
ƒ Classification of NIB Nodes
ƒ Three Tier Architecture of NIB I
ƒ Components of NIB
ƒ Connectivity Architecture
ƒ Firewall Architecture
ƒ Inter - Connectivity among nodes
ƒ Bandwidth among nodes

Objectives

After completion of this module you will be able to know:

• The architecture of NIB I

• About NIB II in future
• How to maintain the NIB I nodes
12.1 Introduction
Short for Internet Service Provider, a company that provides access to the Internet is
called ISP. Any Internet Service Provider will have several ISP nodes as Point of
Presence of Internet (POP) at various locations across the country.

BSNL is also an Internet service provider, providing Internet service throughout the
entire country except in New Delhi and Mumbai, under the brand name of "Sanchar net".
Sancharnet provides free all India roaming and enables it's users to access their accounts,
using the same access code (172233) and user ID from any where in the Country.

The Internet Access given by ISPs are:

1. Dial-up Connection
2. ISDN Connection
3. Leased Line Connection
4. DIAS Connection
5. Broadband

12.2 What is NIB?

NIB stands for National Internet Backbone of BSNL which comprises of 436 ISP Nodes
in India networked in a definite fashion.

The NIB Nodes are classified as A1, A2, B, C1, C2 & C3 on the basis of:
ƒ Functions to be carried out
ƒ International Connectivity
ƒ No. Of PSTN Subscriber
ƒ Routing (Internal & External)
ƒ Equipment Deployment
ƒ Trained Manpower Availability
ƒ Cost

It follows a Three Tier architecture for locating these nodes.

First Tier Metros and Major Cities Type ‘A’ Nodes(A1 and A2)
Second Tier Medium Towns Type ‘B’ Nodes
Third Tier District Head Quarters Type ‘C’ Nodes (C1,C2 and C3)
and Small Towns

12.3 Basic essential Components of all NIB Nodes

Basically any ISP node will essentially have the following three equipments
1. Remote Access Server
2. Router
3. Switch

12.3.1 Remote Access Server

RAS is equipment that is dedicated to handling users that are not on a LAN but need
remote access to it. The remote access server of NIB allows users to gain access to
Internet services from a remote location. For example, a user who dials into a network
from home using an analog modem or an ISDN connection or a leased line will access a
remote access server of the ISP Node. Once the user is authenticated he will get access to
all internet services.

12.3.2 Router

Router is a device that forwards data packets along networks. Routers are one of the vital
equipment of an ISP.

Basically a router is used for connecting o at least two networks, commonly two LANs or
WANs or a LAN and its ISP’s network. In the case of ISP nodes the any ISP node is
connected to another ISP Node at a remote location and hence this is WAN network and
Routers are used for routing the packets.
Routers use headers and forwarding tables to determine the best path for forwarding the
packets, and they use protocols such as ICMP to communicate with each other and
configure the best route between any two hosts.

12.3.3 Switch

A Switch is a inter-connecting component. Switches operate at the data link layer (layer 2)
and sometimes the network layer (layer 3) of the OSI Reference Model and therefore
support any packet protocol. In the ISP node, the switch is used to interconnect the RAS,
Router , Help Desk PC etc.
Connectivity among the above three components of an ISP node is as shown in the figure.

12.4 Additional Components available in specified node

types only
International gateways: In all A1 nodes
International Gateway is connectivity to the ISP of another country to route the packets
intended for any host outside our country.
www server: 1 each @ A nodes(A1 and A2)
This is a web server to host web sites
Radius server : New Delhi=1 Bombay=1 Bangalore=1
Short for Remote Authentication Dial-In User Service, an authentication, authorization
and accounting system used by Internet Service Providers (ISPs). When the Customer
dials in to the ISP he enters username and password. This information is passed to a
RADIUS server, which checks that the information is correct, and then authorizes access
to the ISP system.
DNS: At New Delhi=1 and at Bangalore=1
Short for Domain Name System (or Service or Server), an Internet service that translates
domain names into IP addresses. Because domain names are alphabetic, they're easier to
remember. The Internet however, is really based on IP addresses. Every time a domain
name is used , a DNS service must translate the name into the corresponding IP address.
For example, the domain name www.example.com might translate to 198.105.232.4
using the DNS.
Mail Server: New Delhi
Used for giving email services to our NIB customers.
Firewall Server: All A1 Nodes (A1 and A2)
A firewall is a first line of defense in protecting the NIB network.
NMS Server: All A1 Nodes
Network Monitoring System at all A1 nodes will monitor all the nodes connected them.
They will manage the nodes, ports, links and devices.
Proxy Server
This is used for caching the pages visited by their customers to avoid unnecessary
bandwidth occupation on international gateway.
Connectivity architecture of all the components is as shown in the figure.

12.5 Firewall Architecture

Firewall is an equipment used to protect the internal network from outside entrants.
The firewall architecture divides the network into the following three separate zones (sub
networks):

Secure Zone - This shall be highly protected zone. Only authorised and authenticated
personnel shall be permitted beyond this zone. DNS, NMS etc servers shall be in the zone.

Demilitarised Zone - This shall be semi-protected zone. Only users who have been
checked and authenticated shall gain access to this zone. Application servers like Proxy,
Radius, Email Server shall be in this zone.

Open Zone - These are open zones containing Remote Access Servers, Routers and
WWW servers.
12.6 Inter connectivity among various types of Nodes
Normally the C nodes are connected to B nodes and the B nodes are connected to A
nodes. But if a C node is very near to A node than to a B node then the C node will be
connected to A node.
Bareli
Kathua
Ghaziabad
Jammu
Jalland Bhopal
Jaipu Kanpur
Raj Patna Imphala
Poona Gauhati
Delhi Calcutta
Surat
Ahmedgbad
Mumbai
Baroda Chennai
Bangalore
Hyderabad
Ernakula
Madurai
Calicut Coimbatore
Type A I location Trichy
with Internet Gateway Trichur Trivandrum
Type A II locations Ooty
without
Type B
Type C I/ C II / CIII Illustration of Connectivity Diagram for
location Internet Locations of NIB
Multiple

Please see the diagram above for connectivity architecture of NIB I nodes. As far as A 1
nodes are concerned, they are mesh connected, ie each A 1 node is connected to every
other A 1 node.
12.7 Bandwidth between nodes

The bandwidth among nodes is as shown in the figure. However, based on traffic reports
and the bandwidth occupation, bandwidth between nodes will be increased as and when
requirement arises.
 Chapter 13

Overview of NIB II Project

Contents

• What is NIB II?

ƒ Various Projects in it
ƒ Connectivity Architecture of Project 1, 2.1 and 2.3
ƒ Components of NIB II
ƒ Services in EMS

Objectives

After completion of this module you will be able to know:

• The architecture of NIB II

• The implementation Strategies of NIB II
13.1 A brief on NIB-I infrastructure:

BSNL’s NIB-I is a TCP/ IP based network consisting of about 436 nodes covering most
of the district headquarters. The network comprises of a three-tier architecture with 14 A-
level nodes, 31 B-level nodes and the rest C-level nodes.

Among the 14 A-nodes, six of them are interconnected in near full mesh with link
bandwidth of 34 Mbps. These are referred to as A-1 cities. The remaining A-type cities
are referred to as A-2 nodes and are dual homed to the A-1 nodes with link bandwidths of
34 Mbps. All A-1 cities and Ernakulam (C type) have International Gateway.

The 31 B-level cities are connected to the 14 A-level nodes in a hierarchical with link
bandwidths of 4 Mbps. The C-nodes are connected to the B-nodes with link bandwidths
of 2 Mbps.

13.2 Introduction to NIB II

The National Internet Backbone (NIB-II) envisages the four Projects namely
Project 1 : MPLS based IP Infrastructure in 71 cities
Project 2.1 : Access Gateway Platform Narrowband,
Project 2.2 : Access Gateway Platform Broadband
Project 3 : Services Platform consisting of Messaging, Provisioning, Billing,
Customer Care and Enterprise Management System.

13.3 Services in NIB-II:

a) Internet Access
i) Dialup access services/ Leased Access Services
ii) Digital Subscriber Line (DSL) access services: Broadband “always-on-
internet” access over copper cables
iii) Direct Ethernet access services: Broadband “always-on-internet” access using
Fiber-to-the-building
b) Virtual Private Network (VPN) services
i) Layer 2 MPLS VPN Services: Point-to-point connectivity between corporate
LAN sites
ii) Layer 3 MPLS VPN Intranet and Extranet Services: LAN interconnectivity
between multiple Corporate LAN sites
iii) Managed Customer Premises Equipment (CPE) Services
c) Value Added services
i) Encryption services: one of the end-to-end data security features
 ii) Firewall Services: one of the security features provided to customer
iii) Network Address Translation (NAT) Services: Service that will enable private
users to access public networks
d) Messaging services
e) Data Centre Services at Bangalore, Delhi and Mumbai
f) Broadband services through DSL & Direct Ethernet
i) Fast Internet Access services
ii) Terminating Dialup and DSL/Direct Ethernet customers on MPLS VPNs
iii) Multicast Video streaming Services
iv) Video on Demand services
13.4 Node Types
The NIB-II nodes are proposed in 71 cities and categorized as A1, A2, A3, A4, B1 & B2
nodes. NIB I had B nodes and the same has been further classified as B1 and B2 in NIB
II.
The implementation of these projects will mainly include deployment of :
a. Routers, LAN switches – Project 1
b. Narrowband RAS – Project 2.1
c. BRAS, DSLAM , Tier1 and Tier2 – Project 2.2
d. Servers for different applications like Messaging, Billing, Radius, LDAP
etc. – Project 3.
e. Customer Servers in Data Centers collocated with the backbone network
nodes – at Delhi, Mumbai and Bangalore.
13.4.1 NIBII - Project1
The project 1 of NIB II envisages on provisioning of a MPLS VPN network for corporate
networks. For this MPLS VPN nodes will be installed at 71 locations in India which are
called Physical nodes. Additionally, around 200 places have been declared as Virtual
Nodes.

The VPN Service in any of the virtual nodes or any place in India requires physical
connectivity between the customer site and the nearest physical node.

As the demand for MPLS VPN grows, in addition to building connectivity of each
customer site to nearest physical node, option of aggregating the traffic from multiple
sites through an aggregation router was thought of.

In this regard, following norms for the deployment of Aggregation Router for
aggregating traffic from multiple sites of a customer in a particular city/SSA is followed.
[1] There should be dedicated Aggregation router for each customer for a
particular city /SSA
[2] The option of deployment of Aggregation router be explored under following
conditions.
 (a) The number of sites to be connected in VPN for a particular customer
in a particular city / SSA is three or more
(b) The bandwidth requirement at each site under reference is 64 kbps
/128 kbps
(c) The city/SSA under reference should not be covered under list of 71
cities where NIB-II node is planned.
[3] The Aggregation router can be any normal router with multiple low speed
sync serial ports (upto 128 kbps) and at least one high-speed sync serial port (2
Mbps) for connectivity to nearest physical node.
[4] The Aggregation router thus deployed will act as a Customer Premise
equipment (CPE) for the edge router of VPN network

13.4.1.1 Connectivity of Core router:

The Core routers in A1 nodes viz Delhi, Mumbai, Chennai, Kolkatta and Bangalore will
be connected on mesh topology on STM16. The Core routers in 9 nodes viz A2 Node
(Total 3) at Pune, Hyderabad & Ahmedabad and A3 Nodes (Total 6) at Lucknow,
Jullundhar, Jaipur, Indore, Ernakulam & Patna are connected to A1 Nodes in dual mesh
with link bandwidths of STM-16. The core routers in A4 nodes (Total 10) at Chandigarh,
Allahabad, Guwahati, Ranchi, Bhubaneshwar, Coimbatore, Raipur, Mangalore, Nagpur
and Vijayawada shall be dual homed over STM-1 links to the nearest A1/A2/A3 nodes.

13.4.1.2 Connectivity of Edge router in A1, A2, A3 and A4 Nodes

There will be four edge routers in A1 Nodes, three edge routers in A2 Nodes, Two edge
routers in A3 Nodes and one edge router in A4 Node. One of the edge router in each A1,
A2, A3 and A4 Node will be collocated with the Core router in the above node,
connected through gigabit Ethernet Interface. The remaining edge routers in A1, A2 and
A3 nodes will be geographically distributed in each city to serve different pockets
interconnected on a SDH metro-ring fibre network with STM-1 interfaces for each edge
router

13.4.1.3 Connectivity of Edge router in B1 and B2 Nodes:

One number of Edge router will be deployed in 21 B1 nodes and 26 B2 Nodes. The edge
routers in B1 and B2 nodes will be dual homed to the core at A1, A2, A3 and A4.
The core routers in A1, A2 and A3 cities are proposed to be interconnected via the
DWDM systems .
The interconnectivity of core routers in A4 nodes and edge routers in B1 and B2 cities is
via STM-1 links connected through SDH rings

13.4.1.4 Services planned to be offered under Project 1:

The following services shall be offered to customers using the MPLS based IP networks.
i.) Layer 3 MPLS VPN Services
• Intranet-Managed & Unmanaged
• Extranet Managed & Unmanaged
• Internet Access services
ii.) Layer 2 MPLS VPN Services
• Ethernet over MPLS
• Frame relay over MPLS
• PPP over MPLS
• Cisco HDLC over MPLS (Optional)
• VPLS (Virtual Private LAN service)
• Layer 2 Any-to-Any Interworking (Except ATM)
iii.) Encryption Services
iv.) Multicast Services
v.) Firewall Services
vi.) Network Address Translation (NAT) Services

The Primary objectives in setting up the MPLS based IP network

9 Building a common IP infrastructure that shall support all smaller networks and
subnetworks.

9 The platform is intended to be used for convergent services, integrating data,

voice and video and shall be the primary source of Internet bandwidth for ISPs,
Corporate, Institutions, Government bodies and retail users.

9 Making the service very simple for customers to use even if they lack experience
in IP routing, alongwith Service Level Agreement (SLA) offerings.

9 Make a service very scalable and flexible to facilitate large-scale deployment.

9 Capable of meeting a wide range of customer requirements, including security,

quality of service (QoS), and any-to-any connectivity.
 9 Capable of offering fully managed services to customers.

13.4.2 NIBII - Project2.1

13.4.2.1 Access Gateway Platform (Narrow band)

The NIB-II Access Gateway platform shall provide Internet Access at any time of
the day, from any place, using any device such as PC, analog phone, wireless or mobile
phone, or Personal Digital Assistant (PDA). The Access Gateway Platform(AGP) is built
around two distinct platforms, one supporting a unified dial network architecture that
delivers voice, data and fax services through an open programmable gateway and the
other supporting a unified always-on Internet Access platform on Ethernet-IP. The open
programmable dial gateway is dimensioned to provide 80% plain data RAS and 20%
Universal RAS ports.

The solution shall be based on open interfaces that can be configured by use of network
elements of a third party.

NIB-II Universal Access Gateway infrastructure is conceived as an open infrastructure

for carrying following services.

(i) Internet Access service

(ii) Wholesale Dial or port retailing service
(iii) Internet Call Waiting service
(iv) IP based Unified Messaging Service
(v) Teleconferencing Service
(vi) Internet Telephony Service
(vii) Hosted voice services / IP Centrex

13.4.2.2 Components of Narrow Band Access Network

• Narrow Band Remote Access Server

• LAN Switch
• eMS Server

13.4.3 NIBII-Project2.2
This Project is for the deployment of broadband services in 198 cities with 69 important
cities where Digital Subscriber Line Access Multiplexer (DSLAM) shall be deployed.
The cities are categorized under A1 (3 cites), A2 (3 cites), A3 (6 cites), A4 (10 cites), B1
(21 cites), B2 (cites), and others (129 cities). Delhi and Mumbai will not have any
broadband equipment under Project 2.2 of NIB-II.

13.4.3.1 Services of Project 2.2

• Primary source of Internet bandwidth for retail users for application such as Web
browsing, e-commerce etc
• Multicast video services, video on demad etc through Broadband Remote Access Server
(BRAS).
• Allow wholesale BRAS ports to be assigned to smaller ISPs through the franchises
model wherein the later has a separate network of DSLAMs, AAA, LDAP through a
revenue scheme of BSNL.
• Dialup VPN (VPDN) user connects to NIB-II through the Narrow band RAS and
connected to its private network through a secure L2TP tunnel established between
Narrowband RAS and Broadband RAS.
• Support for both prepaid and postpaid Broadband services.

13.4.3.2 Components of Broad Band Access Network

• Broad Band Remote Access Server (BBRAS)

• Gigabit and Fast Ethernet Aggregation Switches (LAN Switches)
• Digital Subscriber Line Access Multiplexers (DSLAMs)
• SSSS/SSSC (Subscriber Service Selection System/ Centre)
• Servers for AAA, LDAP at Pune
• Provisioning and configuration management at NOC
The city-wise deployment of DSLAM is given in Table below.
13.4.3.3 Network Architecture of Project 2.2

The Customer premises equipment (CPE) will be aggregated at

DSLAMs.The DSLAM will be collocated with the exchange (MDF), either in the
same room or as close as possible to MDF. The DSLAM traffic will then be
aggregated through a Tier 2 LAN Switch Aggregator through Ethernet on dark
fibre. The traffic from Tier 2 LAN Switch Aggregator will be further aggregated
through a Tier 1 LAN Aggregator through Ethernet on dark fibre. In B cities,
since there is no Tier1 LAN Switch Aggregator, the Tier 2 LAN Switch
Aggregator will be connected to the nearest Tier 1 LAN Switch Aggregator of A
cities through Ethernet on SDH. The BRAS will be connected to the Tier 1 LAN
Aggregator on Gigabit Ethernet Interface.

1. All 198 cities will have DSLAMs and Tier2 LAN switches (for aggregation of
DSLAM).
2. All A cities and Noida (Total 23 cities) will have one BRAS, one SSSS and one
Tier 1 LAN switch.
3. There will be no BRAS, SSSS and Tier 1 LAN switch in any other cities. All
DSLAM are initially aggregated using Tier 2 LAN switch, through one pair of
dark fibre.
4. The 240 port DSLAM will have two numbers of FE interfaces.
5. The FX or GBIC module in DSLAM and LAN switch should be capable of
driving up to 10kms on a single mode fibre. The SX or GBIC module in LAN
switch used for connecting Tier2 to Tier1 will support 40kms distance.
6. In bigger cities like A1, A2, A3 and A4, one BRAS per city will be deployed.
There will be no BBRAS at B1 and B2 cities.
7. The DSLAMs in B1, B2 and other lower hierarchical cities will be aggregated
through Layer 2 switches, and will be connected to the nearest BRAS of A cities
on Ethernet over SDH.
8. The BRAS shall terminate the PPP sessions initiated by the customer and extend
the connection further to MPLS VPN/Internet as desired by the customer.
9. The DSLAM will in general be colocated with existing PSTN exchange, which
provides last mile access to customers over copper wire up to average span
lengths of 3 kms.
10. All DSLAM will be aggregated through Fast Ethernet (FE) interface except 480
port DSLAM, which will be aggregated through Gigabit Ethernet (GigE) interface.
 Internet

Tier 1 Gigabit Ethernet LAN Switch Planned along with Interfaces per Switch

City Type No of GE aggregation Switch per city

GE
Qty FE
A1 3 1 26 24
A2 3 1 22 24
A3 7 1 16 24
A4 10 1 14 24
Total Gigabit Ethernet LAN Switch Required

• GE: Gigabit Ethernet Interface (1000 Mbps)

• FE: Fast Ethernet Interface (100 Mbps)
The number of ports requirement in Tier 2 Switch can be calculated using the following
formulae:
• 480 port DSLAM require one number of Gigabit Ethernet Interface (GE)
• 240 port DSLAM require two numbers of Fast Ethernet Interface (FE)
• 120 ports, 64 ports, 48 ports and 24 ports require one number of FE
• In addition two Gigabit Ethernet ports are required for interconnecting Tier 2 LAN
Switch to Tier 1 LAN Switch Aggregator (for A cities)
• In case of B cities, one Fast Ethernet is required for interconnecting Tier 2 LAN
Switch to Tier 1 LAN Switch of A city.
• In addition one Gigabit Ethernet and Two number of Fast Ethernet be kept as spare
So, for e.g if a particular Tier 2 LAN Switch in say A1 city aggregates seven number of
480 port DSLAM, six numbers of 240 port DSLAM, five numbers of 120 port DSLAM
and two numbers of 64 port DSLAM then the total port Requirement for this aggregation
comes to
Gigabit Ethernet = 7*1+2 + 1 (spare) = 10
Fast Ethernet = 6*2+5*1+2*1 + 2 (spare) = 21
9 While planning the deployment of Tier 2 LAN Switch Aggregator, it is to be
ensured that the distance between Tier 2 LAN Switch Aggregator and any of the
connected DSLAM should be less than 10 K.m.
9 The distance between the Tier 1 LAN Switch Aggregator and any of the connected
Tier 2 LAN Switch Aggregator can be maximum 40 K.M.
9 If the distance exceed sthe specified limits, the connectivity will be through a
medium with optical to electrical converters at both the ends.

13.4.4 NIBII-Project3
Enterprise Management System (EMS)
[Messaging and Storage Service Platform, Provisioning, Billing & Customer care,
Enterprise Management System (EMS) and Security System.]
Brief Description of the Messaging and Storage Service Platform:
1. This shall envisage design and up gradation of the current messaging system to
grow from the existing infrastructure in NIB-I supporting 650,000 users to
support the increasing user base.
 Internet

2. The Core messaging system shall be the heart of NIB-II that will enable BSNL to
add users across varied value added services. The salient aspects of the projects
are summarized as follows:
(i) Setting up proven, robust, scalable Messaging Solution with best in class
security components.
(ii) Roll out across the country supported by 5 Messaging & associated storage
systems at Delhi, Mumbai, Bangalore, Chennai and Kolkata.
(iii) Designed with High Availability architecture with no single point of failure

13.4.4.1 Components of the Solution:

The proposed solution shall consist of the following components with the items of
functionality listed below:
(i) Messaging
a) DNS, AAA
b) MMP
c) LDAP (Consumer, Replicator Hub, Primary and Secondary)
d) SMTP IN & OUT
e) Messaging Servers
f) Address Book Servers, etc.
 Internet

(ii) Storage
a) SAN Switch & SAN Storage
b) Tape Library
c) Staging Servers, etc.

13.4.4.2 Storage platform

Various Applications servers placed at the 5 Messaging Storage locations like LDAP,
AAA, EMS, Messaging, UMS & Billing etc. would require Data Storage Capacities for
storing User’ mailboxes, Billing data etc. Such huge storage requirements need to be met
with the Fast, Reliable & Scalable Storage Devices that would be deployed as “End to
End High Performance Switched Architecture Fiber Channel SAN (Storage Area
Networks) providing No Single Point of Failure”.
Such Storage Device should be compatible with all the Servers of major companies such
as HP, IBM, SUN, Dell etc. so that choice of Application Servers Platform remains
independent of the Storage Device.
Brief Description of the Billing & Customer care, Enterprise Management System
(EMS) and Security System:
The system is an integrated provisioning, billing, customer care and accounting platform
and shall support billing for the complete range of IP based services mentioned & meet
next-generation requirements as well.
Customization as and when required by BSNL is possible.
Besides meeting comprehensive, future-ready rating, billing and data collection
requirements, it shall take care of activation, suspension, deactivation and change in the
subscribed services.
The system is designed to support:
(i) On-line services such as internet, pay-per-view TV and video on demand or a
combination of all or some of the above.
(ii) Periodic charges, such as telephone line and cable TV rental.
(iii) One-time costs, such as connection fees.
(iv) Events, such as telephone calls, data service usage, pay-per-view TV
selections, home shopping purchases, utility metered usage – such as
electricity supply (live site example)
(v) Financial services
(vi) Telephony services.
(vii) Enterprise Backup Systems.

The billing system shall be capable of:

i. Providing electronic versions of bills to customers over the Internet.
ii. Creation/modification of service.
iii. Processing Service requests in real time and non-real time and accounting
in real time.
iv. Producing flexible billing depending upon the use of service.
 Internet

13.4.4.3 Security Systems.

a) Load Balancers
b) Firewall Appliances
c) Intrusion Detection System
d) Antivirus system, etc.

13.5 Network Operation Center (NOC)

The NOC shall provide facility for centralized Network Management and end-to-end
Provisioning of multiple services, giving a single view of the entire network services
being delivered countywide.
The servers for the NOC shall be connected through a Gigabit Ethernet link from Core
router with three zones of firewall within the Centre.
The network shall be centrally managed from Network Operation Centre NOC located at
two sites, one of them being master and the other the disaster recovery site. The main
NOC is at Bangalore with Disaster Recovery is at Pune. Interface to the NMS back-office
facility shall be provided along with Firewall security in the Data Centre. All customer
databases shall reside centrally at NOC.
The NMS of NIB-II project 1 is the comprehensive NMS for entire NIB-II including
NIB-I,
MPLS VPN, Project 2.1, Project 2.2, which will support entire F (Fault), C
(Configuration), A
(Accounting including Access/Inventory), P (Performance) and S (Security functionality).
 Internet

Chapter 14

Packages used in BSNL

Course Contents

• The Front end and Back end used for each package
• Salient Features in each package
• Modules

Objectives
After completion of this module you will be able to know:

• Major packages used in BSNL

• The usage of each package with its features elaborated.
 Internet

14. Packages Used in BSNL

14.1 Mobile Billing
14.1.1 Basic Details

• Front end-JAVA
• Database-Oracle 8i
• Operating System-Sun Solaris Unix.
• Language- C, C++, JAVA, JAVA Script

14.1.2 Salient features

This application is client-server based where the data or information is

contained in one or more centralized database on servers and the user
interfaces reside in the workstation. The application can be used in a local area
network (LAN) environment or WAN Network.

In BSNL there is four Billing zones namely BSNL West, BSNL East, BSNL
South, and BSNL North. For example for BSNL west Zone the billing centre is at
Pune.

14.1.3 Modules

The Billing System comprises of three main modules.

1. Arbor/OM (Order Management)
2. Mediation
3. Arbor / BP (Billing Module).
 Internet

Arbor/OM is an order entry and management system that supports order handling
and workflow management activities for products and services in converging
telecommunications markets.

Arbor/OM operates in tandem with Arbor/BP, as the completed order data is used
for the provision of products, services, and accounts for future billing activity.

Arbor/OM interface is used to

• enter and revise orders.
• view order history information.
• manage workflow processing.
• manage number and equipment inventories.

The Service Provisioning Module acts as a interface between OM and the Switch.
The Order from the OM Module is sent to the switch through the Service Provisioning
Module. SP is also part of the Mediation Module. SP is designed in CORBA.
(Component Object Request Broker Architecture)

Arbor/BP is the designated Rating and Billing Engine and will perform rating and
billing services offered by each of these circles to its subscribers.

The rating subsystem of Arbor/BP requires the mediation device to do the following:
 Internet

Send one and only one usage event for one billable call. Essentially this means
mediation device will forward all billable calls to billing system, in case of exceptions
such as long duration calls which will be consolidated and sent as one billable record to
the billing system.

The source of collecting usage records i.e. the network elements may vary based
on the functions they handle. The various network elements that BSNL has are MSC,
SMSC, VMS, WAP, and IN. Therefore, the mediation device must have the ability to
connect to every network element and collect usage from it.

The IN platform will provide Pre-Paid, VPN and ARS (Advanced Routing
Services).Pre-paid Cdr’s are pre-rated, as they will be rated on the IN platform and
passed to Arbor/BP as pre-rated CDRs. Thus, no rating will be done by Arbor/BP for pre-
paid subscribers; however the CDR is still passed through the billing system and kept for
historical reference.

VPN and ARS CDR’s will be sent to the Arbor/BP from the IN platform via the
SSP.

14.2 DoT Soft

14.2.1 Basic Details

• Front end – Developer 6i

• Back end Database- Oracle 9i
• Client Server Model- 2 layer architecture

DoT Soft is the first integrated Telecom Software Application in BSNL comprising of
Billing, Commercial, FRS & Directory Enquiry.
Developed by in-house group of Telecom Professionals of AP Telecom Circle, the
package was initially implemented at Guntur in 1997 making it the first Telecom District
in BSNL to have an integrated customer care and billing software.
Dotsoft is integrated with other systems such as call centre, BSNL portal (www.bsnl.in).
BSNL portal enables online bill payments and availability of duplicate bills for its
customers.

In addition, Dotsoft, AP has a tie-up with e-seva, the most popular e-governance project
of Andhra Pradesh government.

BSNL portal - www.bsnl.in, provides customers with a complete online delivery, review
and payment solution…all at a single mouse click.

14.2.2 Salient features

1. Application entry:- Online application entry for landline connections (Permanent,

temporary, casual, PTs, swatantra senani, senior citizens, retired BSNL employees,
working BSNL employees, gallantry award winners & service connections). Online
 Internet

application entry for WLL connections-Fixed & Mobile (permanent, service). Certain
application details can be changed. All India wait list transfer - Incoming & Outgoing.

2. Waitlist:- For all landline (except casual, temporary & service). For WLL-mobile
(permanent & service). Certain waitlist details can be changed. Out of turn and All India
shift incoming connections can be centralized / decentralized. Waitlist process for
landline connections (except casual, temporary & service). Waitlist entry is possible
through the offline mode also for landline connections.

3. Phone number store:- Phone numbers can be created for all valid levels and can be
marked reserved/blocked.

4. Messages to field:- Messages can be sent by CO to all field units for priority execution,
suspension, return back, continue etc.

5. Advice note release:- Capacity allocation to be done before bulk release. Advice notes
can be bulk released, single release, cancelled & revised by respective CO for land line
connections. For WLL, the release is single for cent/decent. Centralized release for out of
turn and AIS incoming cases is possible.

6. Advice note routing:- Routing is automatic to the concerned field officer (Outdoor /
MDF / Indoor ). For WLL mobile the routing is to Indoor only. For WLL fixed the
routing is to outdoor & indoor.

7. Advice note completion:- Completion of advice notes is online for all landline (except
ISDN) and WLL connections. However it is possible to complete manual released
/ system released advice notes through the offline mode. For ISDN connections, the
completion is only through the offline mode.

8. Subrouting:- COs, DEs-External, AEs-Outdoor, MDF, Indoor, Test desk can delegate
their work to their subordinates without disclosing their password.

9. Request registration:- Requests for working lines activities can be registered online.
The requests can be approved / suspended / cancelled by CO or referred to AO. After
approval, the advice note is generated.

10. Raise D/N:- CO or AO can raise demand note for any activity.

11. Level change:- Level change operations can be done with/without meter change.

12. Area transfer:- Area transfer can be done for a single number or in bulk.

13. Disconnections:- The disconnections for non payment are initiated centrally and flow
to AO. After approval, the flow is to Indoor. Reconnections are initiated by AO and then
flow to Indoor. No advice notes are released. These operations are possible through the
offline mode also.
 Internet

14. Closures:- The closures for non payment are initiated centrally and flow to AO and
then CO. Advice notes are generated by CO which flow to the field. Reconnections are
through the request registration module.

15. Fault booking:- This is done online centralized for the SSA. Then the complaints are
routed automatically to the respective initial testing operators at MDF.

16. Fault routing:- Based on the initial test results, the fault is routed to the corresponding
SFC position (lineman at outdoor, indoor, MDF, cable). After the fault is rectified, it is
routed to the final test position.

17. Fault clearance:- The fault is checked at the final test position. It is either cleared or
sent back to SFC position.

18. Bulk Billing:- Billing can be done for all landline, ISDN, Centrex & WLL phones
(except casual). The billing can be done for some or all exchanges. Call records error
generation and clearance is possible. Unaddressed bills are generated for phones not
listed in the commercial database. Group billing is possible for grouped phones. It is
possible to bill deposits also.

19. Single Phone billing:- This is possible for any past period, future period or from any
past date to current date.

20. Billing periodicity:- Billing can be done monthly for landline(except STD-PTs), WLL,
Centrex, ISDN phones. Bi-monthly billing possible for all landline phones (except PTs),
WLL & Centrex. STD PT billing is fortnightly.

21. Discounts:- Individual bill / Group bill discounts are possible. Discount on
installation charges possible.

22. Bill operations:- A bill can be cancelled, given instalments, disputed or written off.
Instant & Final bills possible for closed connections. Bill adjustments, pay-by-date
extension can be done before payment for a single bill.

23. Bill payment:- Online payments can be done for all bills including group bills. This is
authorized to a specific cashier for that day only. After the time expiry of the counter, the
daily list is generated and tallied. The AO will then close the counter through a counter
close module. Online payment processing is then done. Offline payments entry &
processing are also possible through batch control. Receipt cancellation is possible.
Surcharge carry forward, waival is possible through authorization.

24. Trunk calls:- Trunk call / Phonogram entry is possible. Trunk rate evaluation is
automatic.

25. Refund order:- Refund of registration deposits is possible if application is cancelled.

26. Ledgers:- Ledgers are generated for revenue, service tax and surcharge.
 Internet

27. Voluntary deposits:- These deposits are adjusted in the bill. Interest calculation
module is also available.

28. Dishonoured cheques:- Bounced cheques can be entered in dotsoft to nullify the
payment.

29. Enquiries:- Enquiries are possible on all customer related data.

30. Reports:- Various reports are possible on all customer related data.

31. Dotsoft Mail:- Dotsoft users can use this mail facility and chat even.

By this DoTSoft Package all the above steps are made online. Commercial online
reduces the headache of file management between various sections. Whenever a
Customer Pays money for new connection, Advice Note is released online without
any delay and the new connection is provided immediately on demand.
An integrated system such as DoTSoft ensures better customer satisfaction and
transparency in BSNL services.

14.3 TVARIT
14.3.1 Basic Details

TVARIT means immediate and this package is to avoid the delay provisioning of leased
lines all over the country.

Front end-ASP, JAVA Script

14.3.2 Salient Features

¾ This is a Web based Program residing in a Web Server at Mumbai

¾ TVARIT package is for Computerization of Leased Line operations – logs the
process right from registration till commissioning and Updating for Maintenance
operations including Periodic billing.
¾ All the Circles connect through Dialup or Leased Line to the Server
¾ Separate Access is given to AO, CO and Nodal Officer of each SSA.

Using this package we can do lot of things related to leased lines like

¾ Registration of New Circuits

¾ Payment of Leased charges
 Internet

¾ Issue of work order

¾ Wiring, testing and commissioning
¾ Periodic billing
¾ Accounting
¾ Management Summaries
¾ Migration of existing circuits on TVARIT
¾ Shifting, cancellation and modification
¾ Customer Queries
¾ Online help

Home Page for TVARIT

14.4 Fleet Management

g)

14.4.1 Basic details

• HTML as front end

• Java Script for client side validation
• PHP for server side scripting
• Database is Oracle 9i
 Internet

• Operating System as Linux

14.4.2 Salient Features

This software allows the user to enter the following details.

• Vehicle Detail
• Purchase Detail
• RTO Detail
• Insurance Detail
• Allotment Detail
• Scrapping Detail

Fleet Management System is a web based software application. The design and
development of Fleet (Vehicle) Management System (FMS) software for BSNL was
done by O/o CGM IT Project Circle, BSNL, Pune. The location of Web/Database server
of FMS application is at Trivandrum, IT Cell, BSNL, Kerala Circle.

This application enables the management of vehicle inventory, month wise

history of costs on oil, fuel, etc. Apart from these features, this package also contains
pages pertaining to the instructions and guidelines for the maintenance of the vehicles.
The application has the provision for guiding the process of asset management by
tracking vehicle records and planning to put scrapping/replacement schedules, working
out fleet justification for the future and the month wise record on private hiring vehicles
and the expenditure on them.

The package is designed in such a way that it aids in maintaining the hierarchical
design of SSA, Circle and BSNL HQ. All the information fed at the SSA level can be
forwarded to Circle Office. The Circle Office can feed the information about the vehicles
at Circle Office and receives the information from its SSAs/Units and then all these
collective data regarding detailed information of departmental vehicles and a brief
information about hired vehicles (no of hired vehicles and expenditure on them) in Circle
can be forwarded to the BSNL HQ.
 Internet

14.5 Trichur Billing package

14.5.1 Basic Details

• This automates SSA level billing for PSTN calls

• Front end-Unix
• Database-Oracle 9i
 Internet

14.5.2 Salient Features

This package is used to generate PSTN bills from the meter reading of the
individual exchanges. This software reads the meter reading from the binary format
CDRs. The CDRs are collected from various switches in MOD or cartridge at periodic
interval. For one SSA one Billing centre will be there.
Gross metered calls are taken from the Open Meter Reading and Closed Meter
Reading.Usage charge is calculated from the Gross Metered Calls by applying the Rating
Engine. Accordingly bill is generated for every Consumer Number.

14.6 MIS Management Information System

14.6.1 Basic Details

• HTML is used for front-end screen design.

• ASP used for necessary logic for submitting/updating/modifying the Data.
• Java script is used for data validation at client side.
• Database is implemented in Oracle on Linux.
• MIS Reports are developed in VB 6.0 using DLLs to enhance the speed and
performance of report generation.

14.6.2 Salient Features

¾ It has more than 30 input forms for submitting Management Information.

¾ System data/report as per new format of BSNL HQ Basic MOC and then MIS
data is keyed by SSA level users and data is stored at central database server
¾ For the identical fields in MOC & MIS, once entered in MOC, same fields data
entry automatically updated in MIS
¾ Application generates MOC & MIS reports dynamically based on SSA, Month
and Year of selection.

MIS deals with preparation of templates and maintaining uniform and

standardized formats for various circles. The application is Web-based and field units
 Internet

from anywhere in the BSNL network can access the system located at Trivandrum
through Internet. User-friendly interfaces are provided for entering data and any report as
per requirement can be generated. The application follows three-tier architecture for
BSNL, Circles and SSAs respectively.

14.6.3 Concepts used

h)

¾ Package is a Web based application having the two-layer Architecture (2 Layers).

¾ Layer one encompasses Business logic along with the input forms and the next
layer includes Database server. These two layers can be accommodated in a single
machine or on separate machines.
¾ It has 40 input forms for submitting Management Information System data as per
the new format of BSNL HQ.
¾ The basic MIS data is keyed by SSA level users and data is stored at central
database server.
¾ In a single window concept, user can input the data and obtain the respective
output report.

Home page of All India MIS

The menu consists of

Admin
OTE (One Time Entry)
MOC (24 point reports)
QPI (Qualitative Performance Indicator)
DP (Development Performance)
U/P (Rehabilitation /Up gradation)
 Internet

HRD (Human Resource & Development)

FP (Financial Performance)
BD & MKTG

¾ Separate input forms are available for inputting one time data (Closing status for
previous year ending) for DP, HRD, UP (Circle/SSA Administrators are only
permitted to input this data)
¾ It is a two stage process.
¾ In first stage data flow is from SSAs into central data store. In the next stage data
is processed based on the selected SSA/Circle/ BSNL HQ, Month and Year for
generating the Reports.
¾ Before storing the data (inputted by end users) into database, package takes care
of validation and correctness of the data, as it is required for generation of correct
MIS report.
¾ End users (SSA level) inputted data is stored in tables and are maintained Report
wise like. QPI, DP, UP, HRD etc., in a single MIS Database.
¾ Each SSA Data is stored in the database uniquely.
¾ Each row is identified with the Circle name, SSA name, month and year.
¾ For avoiding data duplication and maintaining data consistency normalization
techniques are used.
¾ The basic data used for generating the MIS Report at all levels and is strictly
adhering to the format of MIS supplied by BSNL HQ.
¾ Completion status of Form can be viewed and modified by Module Level users.
¾ Module can be viewed and modified by SSA Level Administrators and viewed by
users at SSA.
¾ All the Modules of all SSAs of a Circle can be viewed by respective Circle
Administrator and Users at Circle.
¾ All the reports SSAs and Circles can be viewed by Administrator and Users at HQ.
¾ Application generates MIS reports dynamically based on SSA, Month and Year of
selection.
¾ MIS report is available at the following levels:
o Form Level Report
 Internet

o Module Level Report

o SSA Level Report
o Circle Level Report
o BSNL HQ Report (Final)

14.7 HRM Package (Human Resource Management

Package)
14.7.1 Basic Details
• Operating System - Unix/Linux.
• Database- Oracle 10g.
• Front end coding-J2EE.
14.7.2 Salient Features
¾ Web based on-line application.
¾ Complete and comprehensive solution for Human Resource management of
BSNL.
¾ Integrated with Payroll.
¾ Caters to the complete employee lifecycle, from recruitment to retirement.
¾ Role based user participation.
¾ Centralized, secured database.
¾ User friendly design.
¾ Access to every employee in BSNL.
¾ On-line flexible reports for management.

The package envisages the total gamut of HR activities including staff details,
transfers, training, promotions, leave etc.
™ Staff master comprising of:
¾ Staff details
¾ Absorption details
¾ Police verification
¾ Training detail
¾ Present, Home town Address
¾ Career history
 Internet

™ Creation of Units.
™ Attaching sections to unit.
Internet
 Internet

14.8 Inventory Management Package

14.8.1 Basic Details
• The system is a web-based application.
• Oracle 9i as the back-end database.
• Client - server model
Client - A remote computer accessing Server through dialup/leased line.
Server- A high end server and associated servers Located in Trivandrum.
14.8.2 Salient Features

¾ Web enabled multi-user application.

¾ User-friendly data entry forms.
¾ Various queries/reports for master data from Admin/Circle/SSA levels.
¾ User-role based access.
¾ System logout on expiry of session ensuring security.
¾ Forced logout by user ensuring security.
¾ Forced change of password on first login.
¾ Data validation all over the circle since it resides on a single server.
¾ Multiple roles can be assigned to a single user.
¾ This system is designed for planning/accounting of Materials in BSNL up to field
units thereby bringing uniformity in Material Management.
¾ This system is designed to start operation from the Circle tier.

Connectivity Diagram:
 Internet

Inventory Management involves

¾ Project Planning
¾ Purchase order management
¾ Indenting and allotment at SSA/Field level
¾ Receipt of stores at Circle / SSA stores
¾ Checking the material for quality and taking into stock
¾ Issue of stores from Circle/SSA stores.
¾ Purchase Billing
 Internet

14.8.3 Modules

The Main Modules of this package are

1. Head of Accounts
¾ Groups
¾ Types
¾ Major Heads
¾ Minor Heads
The Head of Accounts view is provided to all users.
The privilege is given only to the system administrator.

2. Estimate Masters
¾ Group
¾ Type
The privilege is given only to the system administrator.

3. Item Masters
Item Category - Broadly classified according to inventory heads like Switching
Equipments, Lines and Wires ,UG Cables, battery etc..

4. Consignee Master
¾ Helps in the preparation of Purchase Orders released from Circle or SSA.
¾ This facility is extended to all the users with Purchase Order
Management. This is a pool of officers from which consignee to a particular
Purchase Order is selected by Circle/SSA.
¾ Consignee addition by the SSA is compulsory since this is required for Circle
Purchase Order Preparation.

5. Ordering Authorities Master

¾ Ordering authorities for Circle/SSA Purchase Orders.
¾ This facility is extended to all users with Purchase Order Management.
 Internet

6. Paying Authorities Master

¾ This is a master of paying authorities for Circle/SSA.
¾ This facility is extended to all users with Purchase Order Management.

7. Purchase Order conditions Master

¾ The general conditions of BSNL PO can be entered into PO conditions master.

8. Price Variation Master

¾ Price of the material w.e.f from a date is entered through this link.
¾ Since the variation is same through out BSNL the same can be entered by system
administrator.

9. Tax Master
¾ Different taxes applicable to BSNL and pertaining to each circle can be entered
through this link.
¾ The privilege is given to each circle administrator.

10. Tax Structure

¾ The tax structure of each circle can be copied into the system .
¾ The tax structure of the circle is very important during store receipt and billing.
¾ The privilege is given to each circle administrator.

11. Manufacturer Masters

¾ The manufacturers who are the supplier of BSNL can be entered through this link.
This privilege is given to the circle administrators.

12. Local Dealers

¾ The local dealers of each manufacturer in each circle can be entered through this
link.
¾ This privilege is given to the Circle administrator.
 Internet

13. Manufacturer item

¾ The items manufactured by the manufacturers are entered through this link.
¾ This privilege is given to the system administrator.

14. Store depot

¾ The store depots pertaining to each circle/SSA is entered through this link.

Care should be taken to see that the in charge of the store depot and the consignee of the
Purchase order released from circle/SSA should be the same, otherwise the system will
not give permission to account the items in a store depot.
 Internet

Chapter 15

ATM
(ASYNCHRONOUS TRANSFER MODE)
Contents
• Background information on ATM technology
• Difference between STM & ATM
• ATM protocol
• Different switching
• ATM interfaces and connections
• ATM network architecture
• ATM type of switches
• ATM cell format, UNI/NNI format
• ATM RM & layer functions
• ATM benefits
• ATM switch architecture
• ATM services
• Underlying transmission system for ATM

Objectives
After completion of this module you will be able to:

• Understand the background information on ATM technology

• Understand the difference between STM & ATM
• Understand the ATM protocol
• Understand the different switching
• Understand the ATM interfaces and connections
• Understand the ATM network architecture
• Understand the ATM type of switches
• Understand the ATM cell format, UNI/NNI format
• Understand the ATM RM & layer functions
 Internet

• Understand ATM benefits

• Understand ATM switch architecture
• Understand the ATM services
• Understand the underlying transmission system for ATM
 Internet

15.1 Introduction

15.1.1 Pre ISDN situation

1st generation switches are dedicated to specific purposes such as telephony, facsimile
and low speed data transfer used circuit switched telephone network. So high-speed data
transfer over this network is not possible due to lack of bandwidth, flexibility, quality of
transmission media and equipment. Then for the purpose of high-speed data transfer,
another network called packet switched network came into existence.

15.1.2 ISDN situation

ITU-T (the new avatar of CCITT) set new standards for public telecom network. In 1984,
ITU-T defined a new method called 2nd generation switch known as ISDN " a network
that provides end to end digital connectivity to support a wide range of services including
voice and non-voice service, to which users have access by a limited set of standard
multipurpose UNI". For this, 2 interfaces called BRI or BRA (192Kbps) and PRI or PRA
(2.048Mbps) are defined at the basic rate of 64Kbps. By this, maximum transmission is
restricted to 2Mbps only.

15.1.3 N-ISDN situation

With the basic bit rate of 64Kbps, the network can offer a maximum of 1.544Mbps
(called T1 link) or 2.048Mbps (called E1 link). So, such a type of working is called N-
ISDN. However with the concept of LAN, transmission of images with good resolution
may require higher bit rates. This leads the new conception and realization of 3rd
generation switch, based on B-ISDN. ITU-T in 1993, defines B-ISDN as "a service or
system requires transmission channels capable of supporting rates greater than PRA or
PRI".
 Internet

15.1.4 B-ISDN situation

So the concrete idea of B-ISDN was support to:

1. Add new high-speed channels to the existing channel spectrum.
2. Defines new broadband UNI (User Network Interface).
3. Rely on existing 64Kbps ISDN protocols and only modify or enhance them
when absolutely unavoidable.
So B-ISDN was perceived to replace the entire telephone system and all the
specialized networks with a single integrated network for all kind of information transfer.
The services offered by B-ISDN include video-on-demand, full motion picture
from many sources, full motion multimedia electronic mail, CD quality music, LAN
interconnection, high speed data transport for industry and many other services that have
not yet even been thought of, all over the telephone line.
Hence B-ISDN is defined as "an ISDN system using transmission channels
capable of supporting rates that are greater than PRA".

15.2 ATM situation

The underlying technology that makes B-ISDN possible is ATM (Asynchronous Transfer
Mode).
Mode means specific method or way.
Transfer means transmission and switching aspects. Switching by means of Cell
Switching. Transmission by means of Primary rate of 155.52Mbps or above.
Asynchronous means information packets will be transferred based an irregular
or random occurrence pattern as they are filled according to the demand.
Hence "ATM is a method of transmission & switching of information in the form
of packets which may occur an irregular occurrence pattern as they are filled according to
the demand of the user".
 Internet

15.3 STM

Y X
B Y A X
M
B A U
X

Fig-1

In the above Fig-1, even though the Cell X and B are empty, they will also be
Multiplexed and sent on the output side. By this, the bandwidth is not used effectively.

15.4 ATM

Y X
Y A
M
B A U
X

Fig-2

In the above Fig-2, the empty Cells X and B are not at all transferred towards
output side. By this, the output bandwidth is effectively used. This technique is used in
ATM switching
Packet switching technology is used.
Statistical multiplexing (another name of Asynchronous Time Division
Multiplexing) is used.
Cell Relay method is used.
Hence ATM is a standardized technology that enables the convergence of a
variety of services such as:
 Internet

Low bandwidth and Very high bandwidth.

Synchronous and Asynchronous.
Voice, Video and Data.
Constant Bit Rate (CBR) and Variable Bit Rate (VBR).
Real-Time (RT) and Non-Real-Time (NRT).
Slotted and Pocketsize.
Switched and Non Switched.
In addition, ATM is an independent of Transmission medium, which means the
medium can be Wire (Twisted Pair/Copper Pair/Co-axial/ Fiber) or Wireless.
ATM technology allows a variety of bit rates to be transported, with which
sophisticated bandwidth management enables the network to be more efficient and at the
same time, maintain a QoS (Quality of Service) that is custom suited to each other.

15.5 ATM Protocol

ATM is the protocol designed by ATM Forum and adopted by the ITU-T. ATM
can be thought of as the “Highway” of the information Super highway.
So ATM can do every thing that N-ISDN can do but with better quality.
In ATM System, the packet size is fixed to 53 octets known as a CELL. Any type
of traffic viz Voice, Data, Video, Synchronous or Asynchronous, Short or Long packets
can be converted into ATM Cells by a process known as emulation.
So ATM can also be called as Cell relaying technology or Cell switching
technology.
Can be called as B-ISDN services switch.
Primary rate of transmission in ATM is 155.52Mbps.

15.6 Cell Switching

Switching means creating a temporary connection between two or more devices linked to
the switch, a Hardware and/or Software devices. Traditionally, 3 methods of switching
have been important called Circuit Switching, Packet Switching and Message Switching.

15.7 Circuit switching

 Internet

Circuit switching create a direct physical connection between two devices such as phones
or computers. As in Fig-3, devices A & G are connected by the switches 1,2 and 4 via
path I and III. Circuit switching is mostly used at the physical layer of OSI Model

D
II 3
A
E
I
B 1 2
F
C III
4
G

Fig-3

15.8 Packet Switching

For Data communication Packet switching technology was designed. User data are
packetized and sent packet by packet using the path in shared manner. Two different
approaches are available under packet switching. One is called Datagram approach and
second is called Virtual circuit approach. The latter is used in ATM.
The identifier that is actually used for data transfer in Virtual circuit approach is
called the Virtual circuit identifier. A VCI is a smaller number that only has switch scope.
It is used by a frame.
When a frame arrives at a switch, it has one VCI. When it leaves, it has another
VCI. Fig-4 shows how the VCI in a data frame changes from one switch to another
 Internet

VCI VCI
Switch
Data 21 Data 88
X

Fig-4

15.9 ATM Interfaces

ATM has 2 interfaces namely

1. User to Network Interface (UNI)
1. Private UNI
2. Public UNI
2. Network to Network Interface (NNI)
UNI is used between user and network where as NNI is used between networks.

15.10 ATM Connections

ATM or B-ISDN offers 2 types of connections called PVC & SVC and ATM services are
connection oriented.

15.11 Permanent Virtual Connection (PVC)

A source and a destination may choose to have a dedicated virtual circuit. In this case, the
corresponding table entry is recorded for all switches by the system administrator. An
outgoing VCI is given to the source and an incoming VCI is given to the destination. The
source always uses this VCI to send frames to that particular destination. The source
always uses this VCI to send frames to that particular destination. The destination knows
that the frame is coming from that particular source if the frame carries the corresponding
 Internet

incoming VCI. In a simple word, PVC is like a Hotline/P Wire/ Point to Point/ Leased line
and the nature is static. Fig-5 shows the PVC setup.

Incoming Outgoing Incoming Outgoing

Port VCI Port VCI Port VCI Port VCI
11 14 31 34 41 44 51 54

31 41 51
A x x B
11
Data 14 21 Data 54
22
x

Data 34 Data 44
Incoming Outgoing
Fig-5 Port VCI Port VCI
21 34 22 44

15.12 Switched Virtual Circuit (SVC)

If a source needs connection with several destinations or any other destination, it needs a
PVC for each destination which is costly. An alternative approach is the SVC. So SVC
creates a temporary, short duration connection which exists only whenever data are being
transferred by the end users. In other words, this is dynamic in nature. This approach
requires a series of action called connection setup, setup acknowledgement, data transfer
and tear down phases. ATM supports both types of connections

15.13 ATM network architecture

ATM network consists of access devices called the end points, available at user end, are
connected through a interface called UNI to the ATM switch. Another ATM switch of the
network is connected through an interface called NNI. The architecture is shown in the
Fig-6.
 Internet

UNI UNI
D
NNI NNI
A
Switch Switch Switch
E
B 1 2 3
F
C ATM
Network

End End
Points Points
Fig-6

15.14 Virtual Path/Virtual Connection or channel or

circuit/Transmission Path

Connection between two end points is accomplished through transmission path (TP),
virtual path (VP) and virtual circuit (VC).
A transmission path (TP) is the physical connection (wire/wireless) between an
end point and a switch or between two switches.
A TP is divided into several virtual paths (VPs). A virtual path provides a
connection or set of connections between two switches.
Within a VP, many circuits called virtual circuits (VCs) will be available which is
used for connection.
Cell networks are based on virtual circuits. All cells belonging to single message
follow the same VC and remain in their original order until they reach their destination.
TP, VP and VC are shown in Fig-7.
 Internet

VP inside Trans Path Transmission path

VC inside VP Which is inside Trans Path

Fig-7

15.15 VPI/VCI

In a virtual circuit network, to route data from one end point to another, the virtual
connection need to be identified. For this purpose, the designer of ATM, created a
hierarchical identifier with 2 levels called virtual path identifier (VPI) and virtual circuit or
channel identifier (VCI). The VPI defines the specific VP and the VCI defines a particular
VC inside the VP. Both the connection identifier are shown in Fig-8.

VPI inside Trans Path Transmission path

VC1
VC2
VP1 VC3
VP2

VP3

VCI inside VPI Which is inside Trans Path

Fig-8

15.16 VP Switch/VC Switch

Most of the switches (Core switch) within typical ATM network are routed using VPI
(VP switch). (i.e) The switching can be taken place by changing the VPI but keeping VCI
within VPI intact. Such switches are called VP switch. If switching can be taken place by
changing both the VPI and VCI, then such switches are called VC switch. The switches at
 Internet

end points (Edge switch) of the ATM network use both VPIs and VCIs (VC switch). Both
switches are shown in Fig-9.

VP and VC Switching
VC Switch
VCI 1 VCI 2 VCI 3 VCI 4

VPI 1 VPI 3 VPI 2 Port 2

VC Switch
VPI 2 VCI 4
Port 1

VCI 1
VPI 1 VPI 3 VCI 3
VCI 2

VCI 1 VCI 1
VPI 4 VPI 5
VCI 2 VCI 2

VP Switch Port 3

Fig-9

15.17 ATM Transmission Rates

At present, rate of transmission is 155Mbps called primary rate. Higher order is also
possible in multiple of 4 times.

15.18 ATM Cell Format

ATM Cell consists of 2 fields called Header Field and Information Field as in Fig-10.

HEADER FIELD INFORMATION FIELD

5 OCTETS 48 OCTETS

Fig-10
 Internet

15.18.1 Header Field

Header field is different for UNI and NNI in the ATM network

15.18.1.1 GF
FC ( Generic Flow Control - 4 bits)

It is used to assist the customer network in the cell flow control, but not carried
through the network.

15.18.1.2 VPI/VCI (Virtual Path Identifier-8 bits/Virtual Channel Identifier-16

bits)

This label identifies a particular virtual path and virtual channel or circuit on a
transmission link. The switching nodes use this information and along with the routing
information established at connecting setup, routes the cells to the appropriate output
ports. The switching nodes changes the input value of VPI/VCI fields to new output
values. Since VPI field is 8 bits (at UNI) and VCI has 16 bits field, a host can have
theoretically 256 bundles, each containing up to 65,536 circuits.
8 VPI bits provide 28 = 256 bundles
16 VCI bits provide 216 = 65,536 circuits
 Internet

15.18.1.3 CLP (Cell Loss Priority-1 bit)

Having one of the two values ‘0’ or ‘1’, the CLP indicates priority of a cell when
the network element has to make the decision to drop the cell when its throughput
bandwidth exceeds its transfer rate.
In congestion situations, cells with CLP =1 may be dropped and not transferred at
all.

15.18.1.4 PTI (Payload Type Identifier-3 bits)

It identifies the payload type i.e. whether the cell payload contains user data or
network information and also provides congestion identification.

15.18.1.5 HEC (Header Error Control-8 bits)

HEC code detects and corrects a single bit error or detects multi bit errors in the
header field. It is based on CRC-8 with the devisor polynomial as X8+X2+X+1.
 Internet

15.18.2 Information Field (48 Octets)

CSI => Convergence Sub layer Indicator (1bit)

SN => Sequence Number (3bits)
SNP => Sequence Number Protection (3 bits)

The Information Field does not contain all the 48 octets of user data. One or two
octets are dedicated for administration and call sequence purpose.
The first octet (after the overhead bits or Header octets) consists of three sub
fields.
The first bit is known as the convergence sub layer indicator (CSI). It is used to
indicate whether the pointer is used or not.
The next three bits are sequential number (SN) from 000 to 111 used to detect the
type of cells.
The next three bits are the Sequence Number Protection (SNP). It performs error
detection on the CSI and SN sub fields.
One bit is not used at present.
The second octet is optional and is used as a pointer to mark the start of long
encapsulated messages.
48-octet information field is only scrambled.
 Internet

15.19 Format

15.20 ATM Reference Model:

ATM functionality is organized in a stack of layers; each layer assigned a specific

function. It consists of three planes called
1) User Plane 2) Control Plane 3) Management Plane
 Internet

Management Plane:
All the management functions that relate to whole system are located in the
management plane, which is responsible for providing coordination between all planes.
Two types of functions i) Layer Management ii) Plane Management.
Layer Management:
1.Management functions relating to resources and parameters residing in its
protocol entities.
2.Handles specific OAM information flow for each layer.
Plane Management
Management of all the planes for its proper functions.
Control Plane
Responsible for the call control and connection control functions.
These are all signaling functions for setup, supervise and release a call or
connection.
 Internet

User Plane
Deals with transport of user information, flow control and recovery from errors.

15.21 ATM Protocol Layers

ATM standard defined 3 layers. They are from top to bottom, the AAL (ATM Adaptation
or Application Layer), the ATM Layer and the Physical Layer as in Fig-11

AAL Layer-3
ATM Layer-2
PHYSICAL Layer-1

Fig-11

Normally the end switches use all the 3 layers while the intermediate switches use
only the bottom 2 layers as in Fig-12

ATM ATM
AAL
AAL
PHYSICAL PHYSICAL
ATM
ATM

PHYSICAL
PHYSICAL

X X
End Switch Switch End
Point Point
ATM N/W

Fig-12
 Internet

15.22 Functions Of Each Layer

15.22.1 Physical Layer

This Layer deals with issues related to physical connectivity of the transmission
medium and transmission of ATM Cells.
This layer is divided into 2 sub layers called
1.Physical Medium Dependent (PMD)
2.Transmission Convergence (TC)
Functions Of Physical Medium
It is the lowest sub layer and includes 2 functions namely
1.The PMD functions.
2.Bit timing functions.
PMD functions provide the bit transmission capability, including bit alignment.
Line coding and if necessary, electrical/optical conversions is performed by this layer. In
many cases PM will be an OFC. Other media such as coaxial and twisted pair cables are
also possible. The transmission functions are medium specific.
Bit timing functions are the generation and reception of waveforms suitable for
the medium, insertion and extraction of timing information, and line coding if required.
The TC sub layer performs 5 functions namely
1.Transmission frame generation & recovery.
2.Transmission frame adaptation is responsible for all actions to adapt the Cell
flow according to the payload structure of the transmission system (interface). Two
interfaces are defined namely (1) SDH based interface or Byte structured interface and (2)
Cell based interface.
Under SDH based interface, 155.520Mbps (STM-1) & 622.080Mbps (STM-4)
rates are recommended for UNI.
3. Cell delineation is the process, which allows identification of the Cell
boundaries.
4. HEC sequence generation/verification. This is the value for the 1st 4 octets of
the Cell header and inserts the result in the 5th octet HEC field. This is capable of
detecting and correcting single bit error & detecting certain multiple-bit errors.
 Internet

5.Cell rate decoupling. The insertion & discarding of idle Cells is called Cell rate
decoupling.

15.22.2 ATM Layer

It deals with flow issue of ATM Cells, Cell header related and path related issues.
Functions of ATM Layer
This layer is above the Physical Layer
This layer has got four functions:
1.Cell multiplex/demultiplex. VC and VP are multiplexed and demultiplexed.
2.VPI and VCI translation.
3.Cell header generation/extraction.
4.Generic Flow Control.

15.22.3 ATM Adaptation Layer (AAL)

This layer lies between ATM Layer and Higher Layer. It has two functions.
1. Segmentation And Reassembly (SAR)
2. Convergence Sub layer (CS)
1) Service Specific Convergence Sub layer (SSCS)
2) Common Part Convergence Sub layer (CPCS)
AAL can be classified by four methods namely
1. Based on Timing. Timing between source and destination required or not
required. Real time services like voice & video required timing syn where as non-real
time services like data transfer not required syn.
2. Based on Bit rate. Bit rate constant or variable. Switched speech has CBR
where as packet transfer has VBR.
3. Based on Connection. Connection oriented or not.
4. Based on Services offered. 5 layers called AAL1 to AAL5.

AAL Layer Support Acceptable CS Level Addition at Output in

data from SAR Level Bytes
 Internet

Higher
Layer
AAL1 64Kbps Bits stream Packet size One Byte 48
Voice/Video in as 47 as Header
CBR Bytes w/o
Header
AAL2 No CBR, but low Short in 44 Bytes One Byte 48
bit rate & short packets data and 3 as Header
frame traffic like bytes
mobile services Header

AAL3/4 Connection In packets 44 Bytes Two Bytes 48

oriented/Connection up to 64KB per packet as Header
less after and two
adding 4 Bytes as
Bytes each Trailer
as Header
and Trailer
AAL5 All types of traffic In packets - - 48
(SEAL) up to 64KB

15.23 ATM Switch Type

Knockout switch, cross bar switch or single stage switch, shared memory switch, shared
medium switch, fully interconnected switch, space division switch, banyan switch or
multi stage switch, batcher-banyan switch and sunshine switch are the different type of
ATM switches. Batcher-Banyan switch is widely used
 Internet

15.24 Benefit Of ATM

2 Main benefits are 1) Traffic management 2) QoS
Traffic Management
Protects the network and the end system from congestion in order to achieve
network performance objectives
Promotes the efficient use of network resources
Mechanisms are both preventive and reactive
Fairness by identification and isolation of misbehaving traffic and per flow
processing
Parameters for traffic management
1) Connection Admission Control (CAC)
2) Usage Parameter Control (UPC)
3) Network Parameter Control (NPC)
4) Cell Loss Priority (CLP)
5) Traffic Shapping
6) Frame Discard
7) Feed Back Control
8) Network Resource Management
QoS contracts parameter negotiations are defined in UNI Ver 3.0, UNI Ver 3.1
and UNI Ver 4.0 (Ver 4.0 is the latest one) and PNNI Ver 1.0 signalling for native
ATM environment and LANE Ver 2.0 (Latest one) for non-native ATM
environment.

ATM QoS Parameters

Six parameters are defined for ATM QoS. They are 1) Negotiated parameter
(Dynamic nature-Sl.No 1,2 & 3) and 2) Non-Negotiated parameter (Static nature-Sl.No 4,
5 and 6)
Sl.No Parameter Abbreviation Meaning
1 Cell Delay Variation CDV Difference between a single
observation of Cell transfer
delay and the mean Cell transfer
 Internet

delay on the same connection.

2 Cell Error Ratio CER Ratio of errored Cells to the
number of delivered Cells.
3 Cell Loss Ratio CLR Ratio of lost Cells to transmitted
Cells.
4 Cell Misinsertion Ratio CMR Number of misinserted Cells
per connection/second
5 Cell Transfer Delay CTD Arithmetic average of specified
number of Cell transfer delays.
6 Severely Errored Cell SECBR Ratio of number of Severely
Block Ratio errored Cellblocks to total
number of Cellblocks.

15.25 ATM QoS service classes

3 metrics were devised to give 3 different service classes such as Fastest traffic,
average traffic and best effort traffic under traffic contract scheme
Sl.No Metric Abbreviations Meaning
1 Peak cell Rate PCR The highest rate at
which traffic will
run for any length of
time (defined in
cells/sec)
2 Sustainable cell Rate SCR The mean rate at
which traffic ideally
will travel (defined
in cells/sec)
3 Maximum burst Size MBS The largest cell
burst that will be
tolerated by traffic
contract (defined in
 Internet

cells/sec)

15.26 ATM Signalling concepts

VPI=0 and VCI=5 is used for default signalling channel

VPI=X and VCI=Y is used for data transfer
Any VPI and VCI=5 can also be used for signalling
Switching is done according to the called number within signalling message
Signalling purpose to establish, release and maintain the user communication
channel or path

15.27 ATM Switch Architecture

The basic function of the ATM switching system is to route the cells from the input port
to the appropriate output port of the switch. The ATM switching system must contain the
function defined by the U-Plane, C-Plane and M-Plane of the B-ISDN PRM in addition
to relaying of cells. Also the ATM system should support & implement the traffic control
function based on ITU-T & ATM-F recommendations.
All these functions are distributed within the ATM system switch architecture as
in the Fig-13 with the following functional parts:
1) Input Modules (IMs)
2) Cell Switch Fabric (CSF)
3) Output Modules (OMs)
4) Connection Admission Control (CAC)
5) System Management (SM)
6) Muliplexer/Demultiplexer (Optional)
 Internet

Generic ATM Switch Architecture

Non IM M
U OM
Native
ATM IM X
Switching
Network
(CSF)
Native IM OM
ATM
IM OM

Control
Fig-13 CAC SM

Input Module (IM)

1) Handle i/c traffic
2) Conversion of optical to electrical signal
3) Extracting the digital bit stream
4) Identifying the cell boundaries
5) Extracting the ATM cells
6) Discarding the empty cells
7) Error checking the cell header
8) Traffic shapping
9) UPC/NPC verification from database & notification to SM
Cell Switch Fabric (CSF)
This is primarily responsible for transferring data cells between the IM & OM
after processing the signalling cells with the help of CAC & operation and maintenance
cells with the help of SM
It includes cell buffering, VPI and VCI translation, multicasting, broadcasting,
cell scheduling based on user priorities and congestion monitoring.
Output Module (OM)
1) It is the counter part of IM
2) Handles the outgoing traffic
3) Insertion of signalling/management cells received from CAC & SM into o/g
cell
4) New VPI/VCI allocation from database
5) Mapping of ATM cells
 Internet

6) Filling up of empty cells

7) Line coding
8) Electrical to optical conversion

CAC
The signalling/control information is routed to CAC through CSF or from IM
directly. It performs the connection admission discussion and resource allocation for all
connections in the switch
SM
It is responsible for managing the entire switching system. It includes fault
management, performance management, configuration management, security
management, accounting management and traffic management by means of congestion
control. Also responsible to support Interim Local Management Interface for each UNI.
Mux/Demux
It is an optional item. It will be available only if non-native ATM devices are to
be interconnected with ATM switch.
Numbering Convention
It is defined as per ITU-T recommendation I-361 which says that:
Octets are sent in increasing order starting with octet 1. Therefore the header field
will be sent 1st followed by the information filed.
Bits within an octet are sent in decreasing order starting with bit 8.
So, for all fields, the 1st bit is the MSB.
CELL
A Cell is a block of fixed length. It is identified by a label at the ATM layer of the
B-ISDN PRM.

15.28 Types of Cell

7 types of Cells are there namely
i) Idle Cell
ii) Valid Cell
iii) Invalid Cell
iv) Assigned Cell
 Internet

v) Unassigned Cell
vi) Meta signalling Cell
vii) OAM Cell
Idle Cell
This is inserted or extracted by the physical layer in order to adapt the Cell flow
rate to the available rate of the transmission system.
Valid Cell
This is a Cell with no header error or with a corrected error.
Invalid Cell
This is a Cell with a non-correctable header error.
Assigned Cell
This is a valid Cell that provides a service to an application using the ATM layer
service.
Unassigned Cell
This is an ATM Layer Cell, which is not an assigned Cell.
Meta Signalling Cell
This is used for establishing or releasing a switched virtual connection,
Administration and Maintenance of ATM node and the network channel connection.
Permanent Virtual Channel connection needs no Meta signalling.
OAM Cell
This is used for Operation & Maintenance.

15.29 ATM Services

ATM services are classified into 4 categories.

Sl.no Name of services Uses Application
1 Conversational services Provides the interacting, Voice services
1.Bi-directional real-time end to end.
2.Uni-directional Video telephony,
Videoconference.
 Internet

2 Retrieval services Data library services Film, high resolution

1. Selective stored in a central images, audio and video
2.All places retrieval.

3 Messaging services Not real time services. Message handling

Data may get stored in services, mail services
nodes and forwarded
from location to
location
4 Distribution services Cable TV transmission. Stock market information,
a) W/o user-individual User has no control over weather broadcast,
presentation control time or order of newspaper services and
presentation. TV programs
b) With user- individual Information is Inter active electronic
presentation control transmitted as a news paper
sequence of frames with
cyclic repetition. User
has control over time or
order of presentation.

15.30 Underlying Transmission System For ATM Switch

SDH- Asper ITU-T recommendation, follows all countries except NORTH

AMERICA and JAPAN.
SONET-Asper ANSI recommendation, follows NORTH AMERICA and JAPAN.
BSNL implemented with SDH as in the Fig-14
 Internet

ATM Switch With SDH Transmission Ring

ATM
Node

ATM
ATM SDH Node
Node RING

ATM
Node Fig-14

15.31 Conclusion
The key to efficient utilization of the ATM networks is the integration of multiple
services over a common infrastructure. Traffic management with QoS plays a significant
role. ATM is going in a big way to play in different flavor like BB etc. To support this,
various native ATM & as well as non native ATM protocols are defined.
 Internet

Chapter 16

MULTI PROTOCOL LABEL SWITCHING

And
VIRTUAL PRIVATE NETWORK

Contents
• Introduction.
• Circuit Switching.
• Packet Switching.
• Label Switching.
• MPLS Architecture.
• MPLS protocols.
• Traffic Engineering.
• Virtual Private Network.
Objectives
After the completion of the module, the trainee will be to know about
• Circuit Switching.
• Packet Switching.
• Label Switching.
• Evolution of the MPLS.
• Functions and features of MPLS.
• Function and features of VPN.
 Internet

MULTI PROTOCOL LABEL SWITCHING

16.1 Introduction
Switching is the process by which, two circuits are interconnected for exchanging
information. Information is in the form of either analog or digital. In electro
mechanical era, information was in the form of analog. Presently, information is
in the form of digital. In order to interconnect the circuits, supporting the
digitized information, suitable digital switches are designed. Digital Switches are
classified as
(1)Circuit switch
(2) Packet switch
Apart from the above models of switching, Multi Protocol Label Switching
model is configured in Packet Switch Area.

16.2 Circuit Switches

Circuit switch mainly supports the switching the voice paths. Digital spectrum is
divided into equal parts (64 kbps). Circuit switch uses these 64 kbps path for voice
switching. Voice samples of a particular conversation should reach the destination
sequentially through the 64 kbps digital path by maintaining maximum permissible delay
of 125 us, to avoid the loss of intelligence. In order to satisfy the above conditions,
switched path should be permanent until the end of the conversation. . Hence, the
routing becomes connection oriented. No other user also can intrude in that path. Also
the switched paths can be categorized according to the type of services and class of
services.
Example:-

Class of Services
Emergency Services Routes
Special Services Routes

Type of Services
Normal users (non priority users)
Prioritized users.

16.3 Packet Switches

Instead of dividing the digital spectrum, entire message is divided into packets,
addressed and numbered. Packet switch sends the addressed and numbered
packets one by one to the destination, in different routes, by using the entire
spectrum available in last week. For an example, if the packet size is 2 mb, then
the packet switch uses the 2 mbps digital spectrum for the period of one second.
At destination, packets are arriving randomly at different time. Even the first
packet may arrive lastly. Receiver has to wait until all the packets are received.
 Internet

Then packets are arranged sequentially and then converted as message. Since the
packets are routed through different routes, this routing becomes connection loss.
Routing and no dedicated path is used between source and destination. Packet
switches are presently used in ISP Network.

16.3.1 Comparison of circuit and packet switches

Circuit Switch Packet switch

1) Since this switch follows connection 1) Since this switch uses connection loss
oriented routing (dedicated path), there will routing, loss of packets may be possible
be no loss of intelligence.
2) Latency can be kept within the limit 2) Latency cannot be maintained
3) Class of services can be defined 3) Class of services cannot be defined.
4) Type of users can be defined 4) Type of users could not be defined.
5) Security is high during the transaction, 5) Security is meager. Intrusion is possible
since the switched path could not be during transaction. Eg. Receiving many
intruded. advertisements during downloads.
6) Part of the address of the destination 6) Entire address (IP address) is analyzed
(Rout code, Exchange code, etc.) is for selecting best match.
analyzed.
Hence, the limitations of the packet network are summarized as follows:
• Creation and processing of routing table is tedious.
• Class of services (Priorities) as in circuit switch is not implemented presently.
• Type of services (category) as in manual board is not available in the present IP
network.
• Loss of packet, because of the random routing of packets.
• Delayed processing at receiving end, since packets are not reaching the
destination sequentially.
• Security problem.

16.4 Label Switching

Above limitations can be overcome by using following techniques in the present
IP network.
• Connectionless IP routing is converted into connection oriented routing by
overlaying Network Layer function with Data link layer Function.
• IP address is converted as Labels (Rout codes in circuit switch), according to the
class and type of services like categories and Priorities in circuit switches.
• Intermediate Routers uses the Labels only (Rout Codes in Circuit Switch) for
further routing of destined IP packet with appropriate Label.
 Internet

The above techniques are used in Multi Protocol Label switching. Hence, MPLs
is the implementation of circuit switch model in the Packet switch area. MPLS
frame uses the various Data Link frames like ATM, Frame Relay PPP/Ethernet
etc. Since MPLS uses label switching and supports the multiple protocols, it is
called Multi Protocol Label Switching.

16.4.1 Components of MPLS IP Network

• Customer Edge, which works at IP level.

• Provider Edge is the entry point of MPLS Domain. It is called “Label Edge
Router”
• Provider Routers are working as transit switches in between LERs. These are
known as “Label Switching Routers”.
• Label switched path is the data path between two routers, through which packets
are traveling.

16.5 MPLS Architecture

 Internet

16.5.1 Customer Edge

It structures the customer message into IP Packets and sends to the entry node of
MPLS domain. While receiving the IP Packets from the egress node of the MPLS domain,
CE sends packets to Network layer of its own, after removing the IP address.
16.5.2 Label Edge Router
Label Edge Routers are working as the gateways of MPLS Domain. Ingress LER,
it receives the IP Packet from CE, assigns the appropriate Label. After wrapping label, it
sends labeled packet towards the next hop through the Label Switched Path, which is
assigned for the specific Forward Equivalence Class. Assigning the Label is known as
Label Binding. LER also acts as the egress Router. It receives the labeled IP Packets
from the previous transit router, pops up the label (removes the label) and routes the IP
 Internet

packets towards the destined CE. LER receives the multiplexed input from CE, and
extends the switched output towards the transit routers.
16.5.3 Label Switching Router
Label Switched Routers are basically working as transit switches in MPLS cloud.
It receives Labeled IP packets through the appropriate LSP. It analyses the Label bound
over the packet, consults the forwarding information table (LIB) and routes the packet
through the appropriately mapped out going LSP. When the LSR is routing the packets
from incoming LSP to outgoing LSP, it strips out the Incoming Label and assigns a new
label to same packet to ensure the security from the intruders. This process is known as
Label Swapping or Label Changing. MPLS Network architecture is as shown in the
diagram. Lines, shown between CE and LER carry the IP Packets bi-directionally.
16.5.4 Label Switched Paths
Within an MPLS domain, a path is set up for a given packet to travel based on an
FEC. The LSP is set up prior to data transmission. Lines, shown in the MPLS domain, are
the Label Switched Paths that carry labeled IP Packets between the routers. There are two
types of Label Switched Path. One is Static LSP and the other is Signaled LSP.
• Static LSPs
Static LSPs are configured manually on each LSR in the LSP. No signaling
protocol is used. To establish a static LSP, you configure the ingress LER, transit
LSRs, and egress LER, manually specifying the labels to be applied at each hop.
• Signalled LSPs
Signalled LSPs are configured only at the ingress LER. When the LSP is enabled,
RSVP signaling messages travel to each LSR in the LSP, reserving resources and
causing labels to be dynamically associated with interfaces. When a packet is
assigned to a signaled LSP, it follows a pre-established path from the LSP's ingress
LER to its egress LER.

16.5.5 How MPLS works?

 Internet

LER receives destined IP packet 61.2.1.1 from the Customer Edge and selects the
correct label (5) from its LIB. It binds the selected label (5) according to the FEC over
the IP packet and sends it through the pre programmed LSP (2) towards the LSR 1. On
receipt of labeled IP Packet, LSR1 analyses label only and it will ignore the IP address.
It will consult its LIB for further routing. As the result it removes the incoming label (5),
winds the newly assigned label (3) over the IP Packet and sends it towards the LSR2 over
the assigned LSP (7). LSR2 consults its LIB and transmits the IP Packet after swapping
the incoming Label (3) with outgoing Label (10) towards the egress LER over the pre
assigned LSP (4). Egress LER stripes the label (10), goes through the destined IP address
(61.1.2.1) and hands over it to the correct CE.

16.5.5 Forward Equivalence Class

Forward equivalence class (FEC) is a representation of a group of packets that
share the same requirements for their transport. All packets in such a group are provided
the same treatment en route to the destination. As opposed to conventional IP forwarding,
in MPLS, the assignment of a particular packet to a particular FEC is done just once, as
the packet enters the network Forward Equivalence Class is created in the LER based on
• Class of service requirement.
• Quality of Service requirement.
• Prefixes of the IP addresses.

Based on Class of service requirement: IP packets from different users are categorized
on the basis of class of services they are entitled and allotted with one Forward
Equivalence Class number .For an example, One FEC represents all the VOIP packets
received from different users and MPLS Domain a treats them equally.
 Internet

Based on Quality of Service requirement: Some online services like video

conferencing requires constant and high-speed data transmission. If delay exceeds, there
could be a loss of intelligence. Such IP packets could not be made to wait in the queue.
Such services deserve the separate FEC.

Based on the prefixes of the IP addresses: FEC is assigned on the basis of the prefixes
of the IP address of the destination.

16.5.6 Label
A label in MPLS is used as the routing code like STD code in circuit switch. It
identifies the path a packet should traverse in the MPLS domain. Label is encapsulated
in a Data Link Layer 2 header. So, new layer is formed in between Network Layer and
Data Link Layer in OSI Layer concept. The name of the new layer is MPLS SHIM Layer.
Function of this layer is to bind the MPLS Label over the IP packet received from the
customer edge. Label contains the information about next hop address. Value of the label
is having local significance. So same label number can be reused in some other area.

16.5.7 Generic MPLS Label Format

MPLS Layer works between Network layer and Data Link Layer as shown in the
Diagram. Label binding and popping is done by the ingress and egress LERs respectively
while LSR does the Label Swapping.

• VPI/VPC of ATM, DLCI of Frame Relay are used as Labels, while they are
supported by MPLS.
 Internet

• MPLS also supports the PPP. Shim Layer is created in between L3 header and L2
header in all LERs for the insertion of label to the IP packets received from
Customer Edge.

16.5.8 ATM’s header as Data Link Layer

16.5.9 Frame Relay header as Data Link Layer

16.5.10 Point-to-Point (PPP)/Ethernet as the Data Link Layer

16.5.11 Label Bindings

Once a packet has been classified as a new or existing FEC, a label is assigned to
the packet. The label values are derived from the underlying data link layer.
ATM, Frame Relay, Point-to-Point Protocol/ Ethernet, and MPLS are having
following common characteristics:
• Connection oriented protocols.
• Associated with the frame level functioning.
• Transfer the IP packets between the adjacent nodes only.
 Internet

These are the obvious reasons for MPLS supporting these protocols. So data link
layers (such as frame relay or ATM), Layer-2 identifiers, such as data link
connection identifiers (DLCIs) in the case of frame-relay networks or virtual path
identifiers (VPIs)/virtual channel identifiers (VCIs) in case of ATM networks, can
be used directly as labels. The packets are then forwarded based on their label
value.
Labels are bound to an FEC as a result of some event or policy that indicates a
need for such binding. These events can be either data-driven bindings or control-driven
bindings. The latter is preferable because of its advanced scaling properties that can be
used in MPLS. Policy of label binding is based on

• Destination unicast routing

• Traffic engineering
• Multicast
• Virtual private network (VPN)
• Quality of Service.
16.5.12 LABEL MERGING
The incoming streams of traffic from different interfaces can be merged together
and switched using a common label if they are traversing the network toward the same
final destination. Label merging is the replacement of multiple incoming labels for a
particular FEC with a single outgoing label.

16.5.13 Label Stack

In MPLS architecture different labeled IP packets bound to a common destination

can be assigned with a common label. Thereafter that common label can be used up to the
destination as shown in the diagram.
 Internet

It achieved by stacking the label at LSR based on the instant of arrival packets through
the incoming LSPs. It is organized as a last-in, first-out stack. We refer to this as a "label
stack". Last label has 1 in the stack field, while others filled with 0 in the stack field.
16.6 Different types of protocols used in MPLS Networks
• Open Short Path first (OSPF) is the routing protocol, that multicasts the change
in routing table of a host to all other hosts with in the boundary of Network. In
MPLS Network, this protocol is used as Label Distribution Protocol between
peers. This protocol is one among the Interior Gateway Protocols (IGP)
• Border Gateway Protocol is also one among the routing protocol, which
provides loop-free inter domain routing between autonomous systems. An
autonomous system is a set of routers that operate under the same administration.
Here MPLS Domain becomes autonomous system. BGP is often run among the
VPN networks and MPLS Network.
• Protocol-independent multicast (PIM), which is used for multicast states label
mapping.
• Resource Reservation Protocol is not the routing protocol and works in
conjunction with other routing protocols to keep the Quality of Service with in the
MPLS cloud. It uses exchanging of labels pertaining to the services require time
management (on line services like Video Conferencing, IP Telephony etc. RSVP
provides the creation of Tunnels in MPLS Domain.

16.6.1 Label Creation

Label is created during the following events:-
• The construction of MPLS architecture.
• The creation of new LER and LSR.
• Introduction of new user with distinguished service like VPN etc.
There are several methods used in label creation:

• Topology-based method—uses normal processing of routing protocols (such

as OSPF and BGP)
• Request-based method—uses processing of request-based control traffic (such
as RSVP)
 Internet

• Traffic-based method—uses the reception of a packet to trigger the

assignment and distribution of a label using label request and label assign
mechanism for routing the unlabeled IP packet is received.

16.6.2 Label Information Base

Label Information Base is Software database crated in both LER and LSR. It
contains the mapping information of Incoming label & LSP with outgoing Label & LSP.
This database is created during the installation of the router and subsequently updated
automatically when the new LSR and LER is added by using Label Distribution Protocol.
Label Information Base contains the following components: -
1) FEC–to-label bindings.
2) Forward Information Base.

FEC–to-label bindings
This table contains the mapping information for binding the label over the IP
Packet based on the FEC. This table resides in LIB of LER.
.

FORWARD INFORMATION BASE

FIB contains the following components of information.

Next Hop Label Forwarding Entry (NHLEF)

• Incoming Label Map (ILM)
• FEC to NHLFE Map (FTN)

Next Hop Label Forwarding Entry(NHLFE)

Entry is used for routing IP packet towards the next hop. Also it defines how the IP
packet is to be treated. Hence, this entry contains the following information: -
1) Next hop address
2) Interface number (LSP) in between the routers.
3) Label binding (LER) /swapping (LSR) information, for binding/changing the
label.
4) Layer 2-encapsulation information.
5) Label encoding procedure.
 Internet

6) Packet processing information.

NHLEF is created in all LERs and LSRs. More than one NHLFE may be created in
LER and LSR, depending upon the number of next hop LSRs connected with it.

Incoming Label Map (ILM)

When an labeled IP packet is received from the previous LSP or LER, the LSP
analyses the information available in the label. Then it will consult the ILM data base
and decides the NHLFE to which it should be handed over to decide the next hop to
which the IP packet is to be sent after changing the label. Thus ILM information is used
to map the Incoming IP packet with the NHLFE. Since LSR uses ILM, LSRs store ILM
information in their FIBs.

Forward Equivalence Class to NHLFE Map

When the destined IP Packet is received from the Customer Edge, LER assigned
the appropriate Label according to the FEC. Then it looks into the FEC to NHLFE Map
(FTN) entry to rout the labeled IP Packet further. So LERs contains the FTN information.

16.6.3 Label Distribution in MPLS Domain

MPLS architecture does not mandate a single method of signaling for label
distribution. It uses

• LDP—maps unicast IP destinations into labels. It provides hop-by-hop or

dynamic label distribution, using IGP (OSF). The resulting labeled paths, called
label switch paths or LSPs, forward label traffic across an MPLS backbone to
particular destinations. It uses the request based label distribution also. LDP uses
the following events, for distributing labels

Discovery messages – announce and maintain the presence of new router in the
network.
Session messages – establish maintain and terminate sessions between LDP peers
to exchange messages.
Advertisement messages-Create or change or delete mapping for FECs.
Notification messages – provides signaling error information.
 Internet

• RSVP—used for traffic engineering and resource reservation. When the new VPN
/Video Conferencing/IP telephony user is created this protocol supports the
distribution distinguished Labels with in the MPLS domain, resulting with the
Traffic Engineered Tunnels which carry the distinguished user’s traffic.
• Protocol-independent multicast (PIM)—used for multicast states label mapping.
Some users may want to broadcast their messages to different users, this protocol
supports the distribution of multicast labels. As a result multiple of LSPs are
formed between single users to multi-user during the broadcast period only.
• BGP— VPN functions out side of the MPLS network. But it uses the MPLS
domain. Hence distinguished label is to be used when VPN- IP packet enters in
the MPLS domain. This protocol supports the distribution of such Labels.

Request method of label distribution: - When new destined IP packet arrives at

any one of the LER in MPLS domain, that ingress LER sends Label request to all
other LERs in the MPLS cloud, specifying the new IP address. The related egress
LER to which the new destined IP address is connected, responds the request and
sends the Label for that new IP user towards requesting ingress LER in the same
route in which label request is made, but in opposite direction. In between, LSRs
will update their LIBs and forward appropriate Labels towards ingress LER.
Finally ingress LER will update its LIB. Thereafter that LER will use that label
while forwarding packets destined to that Peer Egress router.
16.6.4 Signaling Mechanisms
• Label request—Using this mechanism, an LSR requests a label from its
downstream neighbor so that it can bind to a specific FEC. This mechanism can
be employed down the chain of LSRs up until the egress LER (i.e., the point at
which the destined packet exits the MPLS domain).
• Label mapping—In response to a label request, a downstream LSR will send a
label to the upstream initiator using the label mapping mechanism.

16.6.5 Routing in the MPLS Cloud

 Internet

• Hop-by-hop routing—Each LSR independently selects the next hop for a given
FEC. This methodology is similar to that currently used in IP networks. The LSR
uses any available routing protocols, such as OSPF, ATM private network-to-
network interface (PNNI), etc.
• Explicit routing—Explicit routing is similar to source routing, that contains all
the rout information. It uses the RSVP-TE signaling protocol. The ingress LSR
(i.e., the LSR where the data flow to the network first starts) specifies the list of
nodes through which the Traffic Engineered LSP traverses. The path specified
could be no optimal, as well. Along the path, the resources may be reserved to
ensure QoS to the data traffic. This eases traffic engineering throughout the
network, and differentiated services can be provided using flows based on policies
or network management methods. It uses the signaled LSP.
• Constraint-Based routing- to maintain the QOS, while routing the IP packets in
the MPLS network characteristics of the Path and Link to be selected.
Path involves much number of Links between the ingress and egress peers. Less loaded
path with minimum hops should be selected, while selecting the path.
Link involves the selection of next Hop and associated LSP. QOS dictates as follows.
1. Bandwidth of the LSP.
2. Permissible maximum delay. Whether the IP Packet should stand in the
Queue or it should be given priority.
CB- routing mechanism takes care of all the above. It uses the source routing concept
These labels not only contain information based on the routing table entry (i.e.,
destination, bandwidth, delay, and other metrics), but also refer to the IP header field
(source IP address), Layer 4 socket number information, and differentiated service. Once
this classification is complete and mapped, different packets are assigned to
corresponding Labeled Switch Paths (LSPs), where Label Switch Routers (LSRs) place
outgoing labels on the packets.
16.7 Traffic Engineering in MPLS
Traffic engineering is essential to optimize utilization of network. Network
resources should not be wasted. At the same time QOS is to be maintained for the users.
In MPLS Layer3 is overlaid with connection oriented switching function of Layer2. By
 Internet

using this property, we can define Traffic Engineered dedicated paths for different
category of IP packets to maintain the QOS. Thus MPLS network is converted into
homogeneous to handle the heterogeneous type of traffic these dedicated paths are known
as Traffic Engineered Tunnels. MPLS uses the above concept. MPLS Tunnels are created
by using CR- Based Explicit Routing. Different type of TE Tunnels is created based on
the QOS of different users.

Sample MPLS Traffic Engineering Tunnel Configuration

16.7.1 Inferences
1. LE Routers and LS Routers are not analyzing the entire IP address to select best
matching. Only they analyze the Label and LSP details that reduce the delay in
routing the data packets. Construction of Routing Table becomes simple. It looks
like circuit switch analyses the Rout Code only for routing the call.
2. LSPs and Labels are selected for routing according to the Forward Equivalence
Class of that IP Packet (category and priority) which is followed in the Circuit
Switch by the LSRs.
3. Since it is a connection oriented transmission protocol, loss of Packet is avoided.
4. Security is ensured, because of Label Swapping.
MPLs supports the following services efficiently with full integrity

• Virtual Private Network

• Intranet
• Voice over Internet Protocol.
• Extranet.
 Internet

Virtual Private Network

16.8 Function and features of VPN.

Branches of Corporate giants are normally distributed geographically over the
entire nation at least. Since it is the competitive world, they may require their own
private, secured, faster and economical data network between Corporate Office and all
branch offices. Construction of their data network is not economical and unwise, because
it involves provision of individual paths in between their offices to ensure the safety and
authentication. Virtual Private Network comes as the solution of the above problem.
Virtual Private Network is Private Data Network, carved out from the Public Data
Network. In this concept only switched paths(virtual paths) are assigned between the
hosts. VPN can be constructed by using conventional IP network. But the users have to
encounter with the defects in present IP backbone as discussed earlier. Since MPLS
adopts the connection oriented routing, VPN can be overlaid on MPLS architecture, by
constructing Tunnels. Other users according to their FECs can share tunnels.
In case of Circuit Switch area, PBX is used for local distribution of calls, by
using the Junctions lines from the Exchange. In Telephone Exchange, only one number
is assigned as Primary Directory Number. The subscriber is expected to dial only
Primary Directory Number to get connected with any one of the Extension Telephones.
The same concept is adopted in the Virtual private Network. VP Networks are created in
the cloud of IP Network.

Each VPN sight is provided with one router at the edge, that acts as the gateway
with the service provider network. It is known as”customer Edge”. Router, that
accommodates the CE is known as” Provider Edge”. There are two types of VPN model
basically.

• Overlay VPN Model.

• Peer VPN Model.
Overlay VPN Model, which supports direct IP routing between CEs, by using
Service Provider Backbone. CE is connected with “Provider Edge” that acts as the
 Internet

gateway of IP backbone. CE is connected with PE by using from L1toL3.VPN

logic (L3 functions) resides in the customer Edge. CE performs routing between
its coordinated CEs (Hub), before it gets connected with the Provider Edge.
Hence it is also known as “CE-based VPN”. Architecture of this type is as shown
in the figure.

In this case Provider Edge performs Layer 2 Services only, since Customer
Edge performs Layer3 functions. PE and P network is used to only provide the routing
and forwarding that supports the tunnel endpoints on between CE devices.

Peer VPN Model, in which CE is not having any routing resources for having direct
routing with other CEs. It has direct routing adjacency within the HUB. Out side of the
Hub it depends upon the Provider Edge. Here Provider Edge performs Layer3 function. It
works as shown in the diagram.
 Internet

PE
PE

If the a corporate customer wants Layer3 VPN, Service Provider has to

configure the IP addresses of the all Branch Offices and Corporate Office.
Serving Customer Edge will be configured and maintained by the Service
Provider. Every VPN user is allotted with unique VPN address or tag or header,
which is represented by 8 bytes. While transmitting the IP packet from one of the
VPN member, Customer edge adds VPN header with designated IP address and
sends to LER of service provider. LER affixes appropriate Label according to the
FEC and sends those packets through the designated LSP (Tunnel) by LER. At
last the packet will reach the egress LER that will send that VPN IP packet to C.E
after removing the label. Then the C.E.checks the VPN tag and routes the IP
Packet to the destined terminal. VPN works as shown in the figure.
Customer Edge supports more than one IP Terminals. Path between CE
can be a shared one. VPN Forwarding information(VFI) is available with the
PE(LER)
 Internet

In such a way, a corporate can create his private data network by using public
MPLS network.
 Internet

Chapter 17

MANAGED LEASED LINE NETWORK (MLLN)

Contents:

• Overview of MLLN
• Structure of MLLN
• MLLN Network Management System
• Digital Cross connect
• Network Terminating Units
• Tellabs 8100 System Overview

Objectives:

After completion of this module, the participants will be able to know

• What is MLLN
• What is the structure of MLLN
• How a digital cross connect works
• What are the network terminating units
 Internet

MANAGED LEASED LINE NETWORK (MLLN)

17.1 Scope
This Module is to familiarize with the newly developed technology of managed leased
lines, its advantages, usage, basic configuration, equipments involvement, etc.

17.2 General
17.2.1 Leased Line.
A leased line is basically dedicated pair/pairs of copper wire connecting between two
points that is available 24 hours a day for use by a designated user (Individual or
Company). A synonym is non-switched line (as opposed to switched or dial up line).
A leased line can be a physical path owned by the user or rented from a telephone
company like BSNL/MTNL/VSNL. In earlier days these leased line equipment used to
be the same as that of the telecomm transmission equipment as the requirement of leased
line networks were low. With the burgeoning need for the leased line, now a days
Managed Leased Line Networks (MLLN) are being used

17.2.2 Managed Leased Line Network.

The MLLN is an integrated, fully managed, multi-service digital network platform
through which service provider can offer a wide range of services at an optimal cost to
Business Subscribers. Backed by a flexible Network Management System with powerful
diagnostics and maintenance tools, the MLLN can be used to provide high-speed leased
lines with improved QoS (Quality of Service), high availability and reliability. The
Network Management System also supports Service Provisioning, Network
Optimization, Planning and Service Monitoring. The system offers features such as end
to end circuit creation and monitoring, Circuit Loop Test and fault isolation, Alternate re-
routing of traffic in case of trunk failure, Software programmability of NTUs, etc. Due to
its wide range of applications in various sectors like banking, financial institutions, stock
markets, newspaper industry, broadcasting houses and Internet Service Providers, this
managed leased line equipment will benefit all sections of people by way of faster
Internet access, accessibility of bank accounts from anywhere, instant news coverage
etc.Various organizations like banks, ATM operators, IT companies will be using this
flexible leased line solution. The following are the few features, which are the beneficial
for the customers.

1. Customers need not to buy 2 pairs of Modems.

2. Modems will be supplied and maintained by Service Provider.
3. 24 Hours performance monitoring of the circuit.
4. Circuit fault reports generated proactively.
5. On demand the bandwidth can be increased.
6. Low lead-time for new circuit provisioning.
7. Protection against the failure of the circuit.
 Internet

8. Long drive on single pair copper.

9. Centrally managed from Network Management System.

The MLLN also supports enhanced features such as Corporate Internet Access, Point to
Point Data, Point to Multipoint Data, LAN-IC, Hotline, EPABX Inter-connect, EPABX
Remote Extension and ISDN Line Extension, Virtual Private Network, etc.
 Internet

17.3 TYPICAL STRUCTURE OF MLLN SYSTEM.

The MLLN is planned as three-tier structure of consisting of aggregation and
connectivity at two different levels:

A. Central Node: It will provide following functionality:

(i) NMS Center.
(ii) Connectivity to second stage nodes.
(iii) Leased line aggregation.
 Internet

B. Second stage Node: It will be located at major cities of a Telecom Circle, where
demand for leased line is high. It will provide following functionality:
(i) Connectivity to third stage nodes.
(ii) Leased line aggregation.
C. Third Stage Node: It will be located at smaller cities / towns of a Telecom Circle,
where demand for leased line is lower (near 10).
It will provide Leased Line aggregation.
17.3.1 Functional Requirements.

The MLLN system is able to provide the following functionality:

(i) Speedy end-to-end service provisioning.
(ii) Round-the-clock end-to-end performance monitoring.
(iii) Automated alarm / fault management.
(iv) Easy re-routing and configuration.
(v) Accounting and Security management.
(vi) On-demand bandwidth availability up to 2 Mbps.
17.3.2 Technical Requirements.
The various components of the MLLN shall be:
a) Network Management System (NMS).
b) Digital cross Connect (DXC).
c) Versatile Multiplexer (VMUX).
d) Network Termination Unit (NTU).

17.4 Network Management System.

The NMS of MLLN is centrally managing all the elements of MLLN viz. Digital Cross
Connect, VMUX and NTUs. This NMS shall be built using the open architecture
_utilizing an industry standard commercially available operating system and relational
data base management system.
The Network Management System shall allow the Network operator to configure,
Provision, manage and monitor all aspects and parameters of the remote elements of the
MLLN without the need of local intervention. It is possible to manage the entire network
from any single location.

17.4.1 The NMS is able to perform the following:

 Internet

• NMS auto recognize any change of configuration of any network element. The change
of configuration or other settings locally at NTUs shall not be provided. All local settings
on VMUX and DXC shall be password protected.

• Re-initialisation of the network element shall be possible from NMS. This shall be
equivalent to manual start-up (physical jack-out and jack-in) of the network element. This
might be required in case of a complete or partial 'network element' stoppage due to
hardware/software failures.

• NMS has the capability to configure the bandwidth on demand of any leased line for
specified time of the day. This bandwidth on demand is configurable to all possible
programmable bandwidths of NTUs.

• NMS has the capability to assign priority to the leased line at the time of configuration.
This allows the high priority customer lines to be routed first to the standby route, in case
of failure of the main route.

• The configuration of the various network elements like building, viewing, and changing
is possible remotely from the central NMS. The configurations of the network elements
are stored at some place in NMS from where it can be retrieved in case of failure.

• It supports macro command facility to carry out the same kind of operation on a group
of interface by a single command.

• The NMS is capable of placing the Network elements In or Out of service.

17.4.2 Route Management.

A predefined routing schedule is supported by NMS enabling the MLLN to route

automatically. It is possible to perform fast re-establishment of circuits within the
network across alternative paths totally automatically, in the event of failure. Point-to-
point and point-to- multipoint channel routings on an end-to-end basis.

17.4.3 Fault Management.

• It is able to inform the operator about the problems occurring in the network elements
and their modules.
• The fault events are logged in a fault log file and are accessible when required through
database style facilities for information retrieval.
• The fault information provided contains type of network element, the time at which
fault occurred, time when it corrected.
 Internet

• In addition to the fault information, it provides a brief explanation of the cause of the
fault and proposed corrective action to be taken to rectify the fault.
• The printout of active faults and fault log file is possible.
• It is possible to list:
(i) total number of active faults in the network.
(ii) Number of active faults in a specified network element.
(iii) Number of active faults in each of the faulty network elements.
• The equipments of MLLN is capable of reporting to a pre-specified destination on
detection of an alarm condition. Faults in the network elements, links & system generate
audible alarms also. The activation / inhibition of the audible alarm is controlled by the
Network Manager.

17.4.4 Performance Management.

• It supports the end –to- end performance-monitoring functionality as per ITU-T

recommendation G.821 for links and circuits.
• The information provided includes Total time, Unavailable time, Errored seconds,
SeverelyErrored seconds and degraded minutes.
• It is possible to configure the interval when this performance data is to be collected by
the NMS
• It provides information about the percentage bandwidth usage of the network elements
like VMUX, DXC for a specified period. Performance management module supports
collection, processing & presentation of the performance related data from all the
Network elements. Facility is provided for collection of the network data continuously.
• All the VMUX and DXC must be polled at least once in 5 minutes at Primary NMS
level. All other network elements must be polled at least once in every 5 minutes at
Primary NMS level. It is possible to collect network data periodically; and for definite
interval of time, as required.
• These are configurable by the Network operator through NMS. Further it is possible to
configure collection of network data for specific or all network elements. The network
data for NMS includes following information from the Network elements.
 Internet

A. Status.
B. Control parameters.
C. Performance parameters.
D. Alarm information.
E. Configuration parameters.
F. Accounting and billing information.

• Data base hard disk memory is sufficient to store all the information in para above and
any other necessary system information for at least one month duration. This information
is auto backed up (or backed up by operator action) to secondary memory devices (off
line storage devices) before deleting / overwriting any portion of this information, on
completion of one complete month. Minimum, of 16 Gb of configured secondary storage
space (secondary hard disk / cartridges / tapes etc) is supplied.

17.4.5 Security Management

• It supports the user identification and operator passwords with various privileges for
giving commands. It records all the login and logout operations done on the NMS. It is
able to set the time of expiry of the operator passwords. It supports password protection
for the for the network elements in the MLLN.
• Network Manager is able to create the operators' passwords. Network Manager is also
be able to control and limit operator's authorizations, rights and privileges. (Here
Network Manager is an account in NMS will full control, rights and privileges. Operator
created accounts by Network Manager for other personnel to help him in controlled way.)
• NMS allows changing of the password by the Network Manager for all accounts. NMS
allows Operator to change their own password. Change of password shall not required
system
• NMS provides for validation of source addresses of all the data that are coming from
the network elements. The data transport mechanism from network elements to NMS
centre has necessary in built facility for error checking and correction.

17.5 DIGITAL CROSS CONNECT (DXC or DACC).

 Internet

DACC or DXC is a large capacity cross connect device and is installed at different main
sites for providing VMUX connectivity. DACC is made up of Cluster Master control
subrack and slave subracks. Single Subrack (RXS-S) is used as slave subrack and its
units depend on the port capacity ordered. In addition to multiplexing and demultiplexing
the signal, the node takes also care of crossconnecting the signal. (The signal is first
demultiplexed into a lower level after which it is cross-connected and then multiplexed
again). A digital corss-connect (DXC) is a device used in transmission networks. It
separates channels coming from other devices and rearranges them into new channels for
output. A digital cross-connection means that the connection is set up and released by the
network operator, but not through subscriber, which is the case in switching.

17.5.1 DXC NOMENCLAUTRE:

(a) DXCs at metros (Delhi, Mumbai, Kolkata & Chennai) for maintenance regions will
be designated as Regional DXCs (R-DXC).

(b) DXCs of maintenance regions apart from Regional DXCs as above will be called
subregional DXCs (SR-DXC).

(c) DXCs in the SSAs will be called SS-DXC.

The DXC comes in the following configurations.

• DXC-256 = 256 E1 ports.
• DXC-128 Expandable to 256 = Equipped with 128 Ports.
• DXC-96 Expandable to 128 = Equipped with 96 Ports.
• DXC-64 Expandable to 128 = Equipped with 64 Ports.
• DXC- 16 Expandable to 64

DXC SS-DXC TO SR-DXC :

The DXCs of the SSA will also be connected to the subregional DXC initially by 2 E1
for each SS-DXC, for the circuit going out of the city. Additional E1s to meet the demand
 Internet

shall be connected to those SS-DXC under whose coverage area demand has grown, if
there are more than one SS-DXCs at a station.

SR-DXC to SR-DXC
Sub-Regional DXC to Sub-Regional DXC in the same region may initially be connected
by 1 E1 each.

REGIONAL NETWORK.
Multiple R-DXCs at the same station:R-DXC at metro stations consist of multiple DXCs.
Connectivity among these DXCs should be in mesh configuration of 2 E1s each to meet
the requirement of switching the time slots from a station connection at one DXC to the
destination connected on the other DXC.

Core Network of R-DXCs:

All four regional DXC stations will be connected to each other with 8E1s each. The links
may be distributed among multiple DXCs. The no. of links may increase as the demand
increases.

R-DXC to SR-DXC:
• DXCs are to be connected to SR-DXCs in the same region by 3E1s each.
• R-DXCs are to be connected to all SR-DXCs in the distant regions also by 2E1s each to
start with.
• SR-DXC links are to be distributed among multiple DXCs at the metro stations to
MIinimize use of inter-DXC links at that station. At the start up it will not be possible to
connect SR-DXC to all of such DXCs. It may be done as and when additional links are
justified in future.

R-DXCs to SS-DXCs:
SS-DXC may also be connected directly to Regional DXC if the bandwidth consumed by
the circuits from the SSA to concerned Regional is more than 8 Mb. The E1s may be
optimally distributed among DXCs at SS-DXC side as well as R-DXC side such that the
use of inter DXC connectivity at the same station is minimized.
 Internet

17.5.2 REDUNDANCY REQUIREMENT

MLLN has to provide high reliability service and it is proposed to offer SLA for 99.5%
or better efficiency. Therefore, all the E1 links should be provided as rings wherever
available. In long distance network, E1, between same stations can be split into alternate
physical path of rings to the extent feasible. This will also save on port capacity required
for providing alternate path within MLLN.

17.6 VERSATILE MULTIPLEXER (VMUX)

Versatile Multiplexer (VMUS) is a small capacity cross connect device and is installed at
different sites for providing user connectivity. VMUX is made up of Basic Node, which
is the building block of the MLLN system. The VMUX is provided with two types of
interfaces to connect STU-160 ( SDSL product family used for point- to- point
connections) and CTU-S (HDSL product family modem , with line connection rate up to
4640 Kbit/s ) modems. The number of interfaces depends on the type of VMUX
configuration supplied. There are Four types of VMUXs supplied Viz. VMUX-Type I,
VMUX-Type-II, VMUX-Type-III/DC operation, VMUX-Type-III AC operation.

• The V-MUXs also have a digital cross connect capability and additional E1 ports have
been provided in the V-MUXs. Therefore inter-connectivity among V-MUXs in the same
city can be established using the spare E1 ports for extending local circuits.

• Initially one V-MUX should be connected to a maximum of 2 other V-MUXs in the

same city directly with one E1 each. As the demand for circuits in the areas served by V-
MUXs grows, more E1 links can be directly established among the V-MUXs.

• If there are more than one VMUXs in one exchange area, then depending upon
justification, one of the VMUXs can be dedicated to provide local circuits through direct
route to other VMUXs in the city. This will save DXC ports. However, SS-DXC
 Internet

connectivity, where SS-DXC is available, shall also be maintained for setting up leased
circuits to VMUXs with which direct route is not available.

• Efforts should be made that no circuit should pass through more than three VMUXs.
However, use of more than four VMUXs in tandem for one circuit must be avoided.

• Routes shows as ‘standby’ are to be used for meeting incremental requirements of long
distance circuits from other V-MUXs if the direct routes are full and the other link has
spare capacity. This is done with the intention of saving port capacities. Protection path
can also be provided against failure of other links to SS/SR-DXC.

V-MUX to SS-DXC in the same City / SDCA.

• V-MUX to DXCs connectivity in the same city/SDCA will serve two purposes: first to
set up circuits to other V-MUXs in the city and second to set up circuits going out of the
city.

• Direct V-MUX to V-MUX connectivity should be utilized for local circuits as per the
plan indicated above. However, for local circuits to other V-MUX areas where the
requirement is, say, less than 10 in the beginning, the circuits can be routed via the E1
link established with the DXC.

• Each V-MUX site in the city should be connected by at least two E1s to the SS DXC.
This connectivity may be distributed in case of multiple SS-DXCs. Number of E1s can be
increased as the requirement grows.

• If there are more than one VMUXs in the same exchange area, DXC connectivity may
be distributed on each of them.

17.7 NETWORK TERMINATING UNITS (NTUs)

 Internet

• Base band modems (Network Terminating Units = NTUs) are usually customer
premises equipment (CPE). They are typical “last mile equipment.”

• NTUs can also be used for standalone point-to-point connections without the NMS.

• NTUs allow use of the existing telecom copper cables (twisted pair) for digital traffic
with medium distances (~5 km) and high speeds.

• NTUs must be capable of being managed from the centralised NMS for the following
essential parameters:

(i) Speed
(ii) Line loop testing
(iii) Diagnostic

• NTU on the DTE side must support the V.35/V.24/V.28/V.36/ V.11/G.703 data
interfaces.

• NTU must be functionally compatible for all features with the integrated Line drivers of
the VMUX ports.

• NTU should work with the line side interface, which is a built-in feature of the VMUX
and shall support the end to end manageability with NMS of the Managed Leased Line
Network.

• NTU must perform internal self-tests on power-up and provide a visual indication if an
internal failure is detected.

• After power-up, the NTU configurations shall be automatically downloaded from the
connected node.
 Internet

MLLN developed by M/s. Tellabs 8100

The services in the Tellabs 8100, managed by an access system can be divided into two
categories; business and mobile services. The Tellabs 8100 system provides network
elements for accesss, consolidation and backbone levels. The service can be provided
efficiently through Tellabs8100 customer Nodes and high speed NTUs (Network
Terminating Units). Each service and the entire network are controlled by the network
management system known as the Tellabs 8100 network manager. The network
management system also supports service provisioning, network optimization, planning
and service monitoring. The system offers features such as end to end circuit creation and
monitoring, circuit loop test and fault isolation , alternate re-routing of traffic in case of
trunk failure, software programmability of NTUs etc.. It also support enhanced features
such as Corporate internet access, point to point data, point to multipoint data, LAN-IC
hotline, EPABX interconnect, EPABX remote extension and ISDN line extension ,
Virtual private network etc.

Manageability
The concept of manageability is at present not a novelty, but rather a need. Today’s
leased line network is unmanaged. TRAI had advised the mandatory need of Service
Level Agreements (SLA), for every service being provided. This SLA is achieved with
statistics on an end to end status by MLLN. Today a degradation/disruption in service is
made known to the service provider on a subscriber notification. But in MLLN the
service provider can proactively detect and take corrective measures. In such an above
faulty status, MLLN feature of automatic re-routing of traffic ensures customer
satisfaction and also prevent a likely loss of revenue. Tomorrow, if the network customer
is to demand the service flexibility in SLA, the negotiable bandwidth during the different
time of the day, it can only be provided through MLLN.

DXC ( DACC ) – DIGITAL CROSS CONNECT

DXC is a large capacity cross connect device and is installed at different main sites for
providing VMUX connectivity. DXC is made up of Cluster Master control sub rack and
 Internet

Slave sub racks. The Basic Node is used as Slave sub rack to build the Cluster Node in
the MLLN system. The DXC comes in the following configurations.

Configuration Master sub rack Fully equipped Bare single sub

Slave sub rack rack

DXC 32 Ports 1 1 0
DXC 64 Ports 1 2 0
DXC 64 Expandable to 128 Ports 1 2 2
DXC 96 Expandable to 128 Ports 1 3 1
DXC 128 Ports 1 4 0
DC 128 Expandable to 256 Ports 1 4 4
DXC 160 Ports 1 5 0
DXC 192 Ports 1 6 0
DXC 224 Ports 1 7 0
DXC 256 Ports 1 8 0

The block diagram of DXC 256 Ports is shown below:-

Power Requirement
DXC operates on –48 Volts DC Power supply.
Power requirement for Cluster Master = 10 Amp.
Power requirement for each Slave sub rack = 5 Amp Max.
 Internet

Each sub rack power supply unit receives –48 Volts DC through individual MCB placed
at the top rear side of each rack.

The list of cards equipped in the Cluster Master rack is as shown.

Configuration
64 Ports 96 Ports 128 Ports
Unit
Expandable to Expandable toExpandable to 256 Ports
128 Ports 128 Ports 256 Ports
RXS-CD 1 1 1 1
PFU-A 2 2 2 2
PFU-B 2 2 2 2
CCU 1 1 1 1
CXU-M 2 2 2 2
CXU-S 2 2 2 2
CXU-A 4 6 8 16

The E1 Cables are connected from QMH / G.703 – 120Q units in the Slave sub racks and
terminated on the DDF

VMUX (Versatile Multiplexer )

 Internet

VMUX is a small capacity cross connect device and is installed at different sites for
providing user connectivity. VMUX is made up of Basic Node, which is the building
block of the MLLN system. It is provided with different types of interfaces to connect
STU-160 and CTU-S modems. The number of interfaces depends upon the type of
VMUX configuration supplied. The different types of VMUXs are shown in the table
below.

The block diagram and power requirement of a VMUX rack is given below.

VMUX
Item
Type – I Type – II Type – III DC Type – III AC
RXS-S 1 1 1 1
XCG 1 1 1 1
PFU-A 1 1 1 0
PAU-10T 0 0 0 1
IUM-8 4 2 1 1
OMH 1 0 0 0
QMH / HCQ 0 1 1 1
 Internet

QMH / G.703 2 0 0 0

N.B: The DXC and VMUX systems are installed in standard 19” coms rack with the
following dimensions.
Height: 2.048 m
Width: 0.596 m
Breadth: 0.325 m

DXC and VMUX equipments are designed to operate in a controlled environment. The
standards those are met by these equipments are as per ETSI 300019-1-3. The
environmental conditions that are required are:
1) Dust free clean environment.
2) A/c with temperature and humidity control.
3) A/c failure being exemptible for a maximum period of 2 hours at a time.
4) Operating temperature: 20 to 30°C.

Network Terminating Unit (NTU)

The NTUs are located at customer premises and work on 230 Volt AC. Copper pair
connects the NTUs to the respective VMUX. The NTUs compatible with this network is
given below.

• 64 / 128 Kbps NTU with V.35 interface.

• 64 / 128 Kbps NTU with G.703 interface.
• 64 / 128 Kbps NTU with ether net interface.
• N * 64 Kbps NTU with V.35 interface.
• N * 64 Kbps NTU with G.703 interface.
• N * 64 Kbps NTU with Ethernet interface.
Internet
Internet
 Internet

Chapter 18
 Internet

DIAS
Contents
• Introduction
• DIAS Feature
• DIAS Architecture
• Interface
• Conclusion

Objectives
After completion of this module you will be able to:
• Understand the Introduction on DIAS
• Understand the
™ DIAS Feature
™ DIAS Architecture
™ Functional Components of DIAS
™ Interconnection of DIAS Components at CPE and SPE/APE
 Internet

18.1 Introduction
The Direct Internet Access System (DIAS) jointly developed by Banyan Networks,
Madras and TeNet Group, IIT Madras, allows the Basic Telecom Service Providers to
provide simultaneously voice and always on Internet services or any one of the two over
the same copper pair of telephone lines to residential as well as corporate subscribers in
contrast to the existing PSTN (Public Switched Telecom Network) and ISDN (Integrated
Switched Digital Network) and Dial-up access.

DIAS is a high bandwidth Internet service and does not require any changes in the
existing cable network of the basic telecom system. It works with Existing Digital
Technology Switches and New Digital Technology Switches. It is scalable for advanced
applications.

This system provides the following two types of accessing speed to the customers.
a) 128 Kbps
b) 2048 Kbps

128 Kbps speed is provided by either only Internet access at a speed of 128 Kbps or
Internet access at 64 Kbps along with basic voice service at 64 Kbps.

2048 Kbps speed is provided by either Internet access at a speed of 2048 Kbps or Internet
access along with provision of 4 to 8 basic voice service. Internet speed is scaled down in
steps of 64 Kbps for off-hook condition of each phone.

18.1.1 DIAS Feature

18.1.1.1 User side Interface

i) Up to 60 BDSU (Basic Rate Digital Subscriber Unit) subs each supporting 128
Kbps per port.
ii) Up to 20 HDSU (High Bit Rate Digital Subscriber Unit) subs each supporting
2.048 Mbps per port.
iii) Any combination of BDSU & HDSU
iv) BDSU / HDSU operates on normal 220 V AC Mains
v) Telephone service (POTS) is always available even in case of 230V AC Mains
failure at Customer premises

18.1.1.2 ISP or PSPDN side Interface

i) Up to 4 Mbps speed WAN connectivity using two E1 links
ii) 10 BaseT/ 100 BaseT Ethernet interface.

18.1.1.3 PSTN Interface

i) The E1 links interface with V5.2 signalling
ii) Optional sixty 2 wire connectivity using LL2W unit or SMUX

18.1.1.4 System Capacity

 Internet

i) Four IAN’s can be Cascaded for both data and voice to support 240 BDSU
or 80 HDSU subs
ii) Data cascading through Ethernet switch
iii) Voice cascading through E1 links
iv) Control cards and Power supply cards are working in Hot-Stand-By in each
IAN

18.1.1.5 General
i) CLI for IAN configuration
ii) RADIUS Client/Server S/W for AAA functions
iii) Blue Bill S/W for billing functions
iv) MySQL Data base
v) Computation Module for billing computing
vi) NAT support
vii) PPPOE support for Access with Radius Server
viii) DIAS View- Element Manager S/W (EMS)
ix) Stacking of IAN’s during concentration for Data and voice with
proprietary stack management protocol.
x) SNMP and MIB – II support for Network and Data management.
xi) V5.2 Support for Voice management.
xii) Secret ID between DSU and DIAS Server as Private key using
proprietary protocol for secured accounting and access information
xiii) Easy S/W up gradation from remotely using TFTP
xiv) Password sending on MD5 Digest (Encrypted Format)
xv) Dual Server Concept with Pulse Server Monitoring S/W
xvi) Supports 3 Subscriber Classification called Class-1,2 & 3. BSNL uses
Class-3 method. (Dynamic IP Address Allocation)

18.1.1.6 Power requirements

i) DIAS consumes 250 W Power (48V/5A DC) per IAN
ii) 2KVA Inverter for VT 100/220 Terminal & Ethernet Switch.

18.2 DIAS Architecture

DIAS Architecture (Fig 1) may be divided as follows:

a) CPE(Customer Premises Equipments)

b) SPE(Service Provider Equipments) or APE(Access Provider Equipments)
c) Interface (Connecting CPE and SPE/APE)

Interface
SPE /
CPE APE
 Internet

Fig-1

18.2.1 CPE
Following are the equipments available at Customer Premises as in Fig 2.
a) BDSU (Basic Rate Digital Subscriber Unit)
b) HDSU (High Bit Rate Digital Subscriber Unit)

CPE

BDSU HDSU
Fig-2

18.2.1.1 BDSU

Basic Rate Digital Subscriber Unit is designed for the SOHO (Small Office Home
Office) users. It provides a permanent Internet connection at a maximum data rate of 128
Kbps, which drops to 64 Kbps dynamically when the telephone is in use for voice and
transparently goes back to 128 Kbps when the telephone goes Off-hook.
BDSU may be categorized as in Fig-3

BDSU-DA (BDSU for Data Alone) which provides always 128 Kbps speed of data and
BDSU-DV (BDSU for Data with Voice) which provides 128 Kbps/64 Kbps alternatively.
BSNL had chosen the latter one. Maximum 13 PC’s can be connected through
Hub/Switch with BDSU.
 Internet

BDSU
Local
Local AC
AC Power
Power

BDSU- DA BDSU- DV

PC PC Phone

Fig-3
BDSU will have the following terminations /LED’s as in Fig-4 & Fig-5

A) Front view of BDSU

1) Power on LED to indicate power supply is on

2) & 3) Trans & Receive LED which blinks during data Transfer/Reception between
IAN & BDSU
3) Sync LED to indicate that the BDSU is synchronized with service provider
equipment.
4) Activity LED to indicate that Data activity is going on between PC & BDSU
5) Link LED to indicate the healthy condition of the Ethernet connectivity between
BDSU and PC

Front View of BDSU

6 5 4 3 2 1

PC/Hub DSL Line status

Fig-4

All LED’s are green in colour

 Internet

B) Rear Side of BDSU

1) DC power termination - I/P – 230 V AC/50 Hz to the Adapter

- O/P- 12 V/ 1A
2) Exchange line termination - RJ11 Socket
3) Line/ Phone - RJ11 Socket
4) PC/HUB - RJ45 Socket

Rear Side of BDSU

1 2 3 4

Fig-5

18.2.1.2 HDSU

High Bit Rate Digital Subscriber Unit is designed for Corporate Subscriber with
maximum connectivity speed of 2048 Kbps.
Like BDSU, HDSU also may be categorized as (in Fig-6) HDSU- DA and HDSU-
DV. HDSU has Ethernet port (RJ45) for connecting Internet and RJ11 point for
termination of phone lines. HDSU-DV’s may be available in the following forms (as in
Fig-6) Maximum 13 PC’s can be connected through Hub/Switch with HDSU.

i) HDSU-DA with no phone instrument

ii) HDSU-D4 with 4 independent instrument
iii) HDSU-D8 with 8 independent instrument

HDSU
HDSU-D8 RJ 45 PC
RJ 45
AC power

RJ 11
Phone 1
HDSU-DA HDSU-D4
RJ 45 RJ 45 RJ 11 Phone1 RJ 11
Phone 2
RJ 45 RJ 45 RJ 11 Phone2
PC PC .
RJ 11 Phone3 .
.
RJ 11 Phone4 .

RJ 11 Phone 8
 Internet

Fig-6

18.2.1.3 Phone & PC Connection at Customer Premises as in Fig 7 & Fig8

1) Connection –I (Single PC)

BDSU- DV

HDSU-DV

PWR Phone Line PC/Hub

AC- DC
Adapter

Phone Ethernet Card

PC
Exchange
DSL cable

Fig -7

2) Connection-II(Multiple PC’s)
 Internet

BDSU- DV

HDSU-DV

PWR Phone Line PC/Hub

AC- DC
Adapter

Phone 16 Port Ethernet Hub

Exchange
DSL cable

Ethernet Card Ethernet Card

…….
PC- 1 PC -13

Fig - 8

18.2.1.4 Requirements for DIAS Connection at Customer Premises

1) Hardware
1. BDSU / HDSU
2. AC Power
3. Telephone Line
4. PC/PC’s
5. Ethernet Card
6. HUB/Switch/Router (Incase of SOHO)

2) Software
1. Username & Password
2. O.S (WIN-9X or High-end Version)
3. A.S (As per requirement)
4. Driver for Ethernet Card
5. PPPOE

18.2.2 SPE/APE
The equipments available at the Service Provider/Access Provider may be viewed as
follows:
 Internet

i) Internet Access Node(IAN)

ii) RADIUS Server (Stand alone or Integrated with Billing Server)
iii) Router
iv) Ethernet Switch
v) LifeLine 2 Wire Unit (LL2W) or SMUX (Optional)
vi) VT-100/220 Terminal (Optional)
vii) Main Rack or Cabinet
viii) Billing Server (Stand alone or Integrated with RADIUS Server)

18.2.2.1 IAN

Internet Access Node (IAN) is the most important and intelligent equipment of DIAS in
the sense that it is able to differentiate the PSTN and Internet traffic.

It is in the form of a sub rack which is mountable in a 19” cabinet (Main Rack) with
conventional cooling. The cabinet can accommodate a maximum of Four number of
IAN’s, Two number of LL2W units, a Ethernet Switch and one Router. The RADIUS
Server will be mounted on a separate Rack and provided adjacent to the cabinet.
RADIUS Server can be provided per exchange basis or as single unit for many exchanges
at a centralized basis.

BSNL provides at a centralized place called as DIAS Server or RADIUS Server. Both set
ups are shown in Fig-9 and Fig-10

Each IAN can support a maximum of 60 BDSL subs/Ports or 20 HDSL subs/ports. 60

BDSL subs are achieved by means of 5 DSL cards (one type) with each card termination
capacity as 12 ports. 20 HDSL subs/Ports are achieved by means of 5 DSL cards (another
type) with each card termination capacity as 4 ports. IAN supports any combination of
both these cards but to an extent of 5 BDSL cards only.

IAN supports redundant power supply cards so that failure of one card will not affect the
system operation. Power supply cards are working as Hot-Stand-By It is a DC-DC
converter with a -48 V + / -8 V DC as input and 5V, 3.3V as DC and 75 V AC as
output.75V AC is used as Ringing current to sub phone instrument.

IAN sub rack consists of duplicate switch card, which is the basic fundamental part of the
system, which contains all the system software. All Protocols and IP Packet forwarding is
performed by this card. Switch cards are working as Hot-Stand-By. So in the case of a
failure of one switch card, the other card will take over.
During the change over condition of switch card, in the present software version, the data
calls will get disturbed for a small amount of time where as the voice calls will be
protected. Having 10 BaseT Ethernet port to connect with ISP through Ethernet switch,
console port for debugging through PC/Laptop at locally and CLI for System
configuration/maintenance.
 Internet

E1 cards are the ones that connects the DIAS system to the PSTN, to ISP and Cascading
of other IAN’s for voice. These are achieved by 4 E1 ports of each E1 card. Working as
Hot-Stand-By operation for fault tolerant purpose.

Life Line Control card (LLC) is used to interface with PSTN on V5.2 signalling Protocol.
This card along with LLL are essential if DIAS to be interconnected with New
Technology switches for voice connectivity in V5.2 signalling.

Life Line Line card (LLL) used for V5.2 protocol connectivity. This is used to feed Dial
Tone/Power (as life line) in case of power failure of BDSU/HDSU at CPE.

One Child card in IAN separates / combines Two sets of 30 Sub ports input each, coming
from Two No. of LL2W cards into 5 sets of 12 Ports output each, & connected to each
BDSL card.
 Internet

IAN sub-rack with six different type of cards are shown in Fig-11

S S B B B B B L L L P P
W W D D D D D L L L S S
S S S S S C L L U U
C C L L L L L 1 2 1 2
A A 1 2 3 4 5
R R
D D
1 2
Child card

Fig-11

Router
Ethernet Switch
IAN 1
IAN 2
VT
IAN 3 220/100
Terminal
IAN 4 with Key
RADIUS LL2W 1 board
Server
LL2W 2

Main Rack
Fig-9
 Internet

Router
Ethernet Switch
IAN 1
IAN 2
IAN 3 VT
220/100
IAN 4 Terminal
LL2W 1 with
keyboard
LL2W 2

Main Rack

Fig-10

18.2.2.2 Block Diagram of IAN for PSTN and ISP connectivity as in Fig-12

ISP
Router Ethernet
Ethernet
Switch
Port
5 O/Ps
Each O/P is 12 ports

Data BDSL Switch

Child
+
Card Cards Card 1
Voice
Input
1-5
Switch
Card 2
PC

E1 E1
Ethernet Card 1 Card 2
2 E1 PSU
2 E1 2 E1 1&2
ISP ISP
Phone PSTN
5 V 3.3 V 75 V AC

LLC
Local cable DC
interface
BDSU/
HDSU LLL 1 LLL 2
30 Sub (2 W) 30 Sub (2 W)

Exchange MDF
 Internet

Fig - 12

18.2.2.3 LL2W

DIAS supports a unit called LL2W (Life Line 2 Wire interface) or SMUX (Sub Mux) for
direct 2 wire connectivity with PSTN exchange having Existing Digital technology
switches (Not supporting V5.2 protocol). This unit consists of 10 line cards which
provide 12 ports each for 2 IAN’s, 2 controller cards and 2 power supply cards for 120
lines, which are working as Hot Stand-By respectively.

The controller card is connected with 2 E1 links coming From E1 card of IAN and
Demultiplexed To 5 sets of 12 ports which are connected 5 line cards.

In the reverse way the controller card is connected by 2 E1 links with E1 card of IAN
after multiplexed From 5 line cards.

Dedicated 2 Wire O/P from each port of line card is going towards PSTN for voice. One
controller card supports 4 E1 links for 2 IAN’s

So the DIAS cabinet can have Two number of LL2W units for 4 IAN’s

This unit is only as optional and the card configuration of LL2W is in Fig-13.

L L L L L C C L L L L L P P
I I I I I O O I I I I I S S
N N N N N N N N N N N N U U
E E E E E E E E E E
C C
A A
R R
D D

Fig-13

18.2.2.4 RADIUS Server

It is also called as DIAS Server. It acts as a centralized user database. It performs

authentication using username and Password.

It does the authorization function to allow various Internet services for each user.

Logs the user Accounting information and pass on to Billing Server for consolidated
Billing purpose.

It allows roaming access to users.

 Internet

It listens on port 1812 for user authentication requests from DIAS (RADIUS clients)
It listens on port 1813 for accounting requests from DIAS (RADIUS clients) as
Accounting start and Accounting Stop for Accounting Log.
Client IP addresses are present in each client’s profile.
Users information are stored in MySQL Database.
User Password is exchanged in encrypted format using MD5 digest and shared key.

Connectivity of RADIUS Server is shown in Fig-14.

ISP Router

LAN

DIAS MySQL RADIUS

Client DataBase Server

Fig-14

18.2.2.5 Billing Server

Blue Bill software is running on this Server. This is used to compute data usage of user
and appropriate charge using computation module.

It interacts with RADIUS Server to

1) Provide subs information like IP address and Sub Net Mask.
2) Gets subs accounting information from RADIUS to compute usage and charging.

System administrator can admin billing S/W from his PC to define new tariff, package
name, discounts for normal day/Holiday etc., Data limit, rate and validity period.

Subs can see their account information from his/her PC.

System administrator can do Subs administration.

 Internet

Connectivity of Billing Server is shown in Fig-15.

ISP Router

LAN

DIAS MySQL Billing

Client DataBase Server

Fig-15

18.2.2.6 Router

ZYNO-220 , a versatile edge device performing the advanced routing function & for
DIAS.

ZYNO-220 is built around high performance DSP processors providing excellent

processing power for wire–speed packet forwarding and other advanced management
functions.

ZYNO-220 ensures the bandwidth is efficiently managed for optimal usage of the ISP
link.

Optional features are NAPT (IP address sharing, Bandwidth control, Access control list ),
packet filtering firewall and QOS (CB-FBC).

ZYNO View (GUI S/W) allows full remote management and local configuration through
Telnet and local console respectively.

Supports customized power working (DC 48 V instead of normal AC 230 V)

ZYNO – 220 supports one Ethernet port and 2 WAN ports. Ethernet port is used to
connect with Ethernet switch and WAN ports are used to connect with ISP from DIAS
via E1 links if required.

Alarms and Healthy condition of Router is indicated by means of LED’s. It is rack

mountable device.
 Internet

ZYNO – 220 Router is shown in Fig-16

S A S A A L E P
Y L Y L C N R W
N M N M T K R R

8 7 6 5 4 3 2 1
|_____| |_____| |_____| |_____|
WAN 0 WAN 1 Ethernet Sys

Fig-16

18.2.2.7 Ethernet Switch

16 Port Ethernet switch used in DIAS makes the network managers life easy. Gives
excellent throughput. Ensures secure communication. Two ports are connected to ZYNO
-220 WAN ports 0 & 1 for outgoing towards ISP. 2 ports are connected to both switch
card 1 & 2 of each IAN as input for switch. Incase more IAN’s are equipped, then they
also will be connected to Ethernet switch ports via switch cards of each IAN. Ethernet
switch is powered through AC 230 V drawn from 2KVA inverter. Adaptive Cut Through
Switching Techniques (Hybrid of Store & Forward and Cut Through Switch) used in this
Ethernet switch.

18.2.2.8 Main Rack or Cabinet

The Main Rack or Cabinet (as in Fig -9 & 10) is able to house a maximum of Four
number of IAN’s, one Router, one Ethernet Switch and two LL2W units (optional).
Conventional cooling mechanism is used.

18.2.2.9 VT 220/100 terminal

This is connected to RJ45 connector of active switch card through RS232 interface, by
which the DIAS could be completely managed. DIAS also supports the Telnet Protocol,
using which one could login to the IAN and the complete CLI (Command Line Interface)
could be accessed remotely. The RJ45 cable to be changed to Active Switch card
manually only if one switch goes faulty.

Power supply is given by 2KVA inverter.

 Internet

Terminal Connection shown in Fig-17.

RJ45 RJ45
VT Active
220/100 Switch
Terminal Card
in IAN

Key AC
Board 230 V

Fig-17
 Internet

18.2.2.10 PPPOE S/W usage in DIAS as in Fig 18

ISP End DIAS

End

Radius/ Ethernet Router Router

Billing Switch Supports Supports
Server PPPOE PPPOE
E1 link

Ethernet
Switch

PC DIAS
With BDSU Local cable IAN
PPPOE interface

Customer End

PPPOE Request
from user

RADIUS
Response

Fig - 18
18.3 Interface
The physical link or interface ( as in Fig-1) between BDSU/HDSU and IAN is
established using a twisted copper pair. Incase of BDSU, the maximum copper length
allowed is 4 KM when 0.4 mm twisted pair copper is used. As regards HDSU, the
maximum copper length allowed is 2 KM if 0.4 mm twisted pair copper is used.

18.4 Conclusion
DIAS provides an excellent solution for accessing both Internet and voice services
simultaneously. It is a 24 hour Internet service through copper pair but without dialing. It
 Internet

behaves like ISDN or leased circuits but it has its own characteristics. BSNL
implemented it in wider ways.
 Internet

Chapter 19

BROAD BAND ACCESS(Wired and Wireless)

Contents

• Introduction
• What is Broadband
• Broad Band Acess
• Wired Line Acess
• Wireless Acess
• Conclusion

Objectives

After completion of this module you will be able to know:

• About various Broad Band access technologies being deployed around the globe.

19.1 Introduction
Advances in telecommunications and data technology are creating new
opportunities for countries, businesses and individuals—just as the Industrial
Revolution changed fortunes around the globe. The new economy is defining how
people do business, communicate , shop, have fun, learn, and live on a global
basis—connecting everyone to everything. The evolution of Internet has come
into existence & Internet service is expanding rapidly. The demands it has placed
upon the public network, especially the access network, are great. However,
technological advances promise big increases in access speeds, enabling public
networks to play a major role in delivering new and improved
telecommunications services and applications to consumers .The Internet and the
network congestion that followed, has led people to focus both on the first and
last mile as well as on creating a different network infrastructure to avoid the
network congestion and access problems. The solution to this is Broadband.

19.2 What is Broadband?

A definition to broadband is a must as different service providers defines
in their own terms & context. TRAI (Telecommunication Regulatory
Authority of India) defines broadband as follows:-
An ‘always-on’ data connection that is able to support interactive services
including Internet access and has the capability of the minimum download speed
of 256 kilo bits per second (kbps) to an individual subscriber from the Point Of
Presence (POP) of the service provider intending to provide Broadband service
 Internet

where multiple such individual Broadband connections are aggregated and the
subscriber is able to access these interactive services including the Internet
through this POP. The interactive services will exclude any services for which a
separate licence is specifically required, for example, real-time voice transmission,
except to the extent that it is presently permitted under ISP licence with Internet
Telephony.”

19.3 Broadband Access

Broadband access technology is broadly classified into two categories. They are
Wired Line & Wireless and further classified as detailed in the following diagram.

Broadband Access Technologies

Wiredline Wireless

DSL (Digital Sub’s Line) 3G Mobile

Cable Modem Wi-Fi (Wireless Fidelity)

PLC (Power Line Communication) WiMAX

Optical Fibre Technologies FSO (Free Space Optics)

LMDS & MMDS

Satellite
19.3.1 Wired Line Access:

19.3.1.1 DSL (Digital Subscriber Line) :-

DSL uses the exisiting twisted-pair telephone lines as the access media. Over a period of
time, a number of technologies (xDSL) have been introduced to provide faster data
speeds over this medium. The various xDSL technologies are given below.
1. ADSL (Asymmetric Digital Subscriber Line)

2. VDSL (Very High-Speed Digital Subscriber Line)

3. RADSL (Rate Adaptive Digital Subscriber Line)

4. HDSL (High Data-Rate Digital Subscriber Line)

5. SDSL (Symmetric Digital Subscriber Line

 Internet

ADSL (Asymmetric Digital Subscriber Line)

Asymmetric Digital Subscriber Line (ADSL) is a form of DSL, a data

communications technology that enables faster data transmission over copper telephone
lines than a conventional modem can provide.ADSL has the distinguishing characteristic
that the data can flow faster in one direction (used for download streaming) than the
other(used for upload streaming) i.e., asymmetrically.

WHY ADSL?

ADSL is in place due to both technical and marketing reasons. On the technical
side, there is likely to be more crosstalk from other circuits at the DSLAM (Digital
Subscriber Line Access Multiplex) end (where the wires from many local loops are close
together) than at the customer premises. Thus the upload signal is weakest, while the
download signal is strongest at the noisiest part of the local loop. It therefore makes
DSLAM transmit at a higher bit rate than does the modem on the customer end. Since the
typical home user in fact does prefer a higher download speed, thus telecom companies
chose to make a virtue out of necessity, hence ADSL come to place.

HOW ADSL WORKS ?

To obtain the asymmetrical data transfer to suit requirement of Internet and LAN
access, ADSL works by firstly splitting the available bandwidth on the twisted copper
wire (telephone wires) into three different channel:

1)A high speed downstream channel (ranges from 1.5 to 8 Mbps)

2)A medium speed upstream channel (ranges from 16 kbps to 1 Mbps)
3)POTS (Plain Old Telephone Service) channel

ADSL uses two separate frequency bands. With standard ADSL, the band from
25.875 kHz to 138 kHz is used for upstream communication, while 138 kHz - 1104 kHz
is used for downstream communication.
 Internet

Frequency plan for ADSL

First the POTS channel is splits off from the digital modem by filter, thus
guaranteeing uninterrupted POTS. After the POTS channel are splitted from the digital
data transfer bandwidth, the 26kHz to 1.1mhz data bandwidth could be further separated
by using one of two ways as describe below:

1)Frequency Division Multiplexing (FDM) :- FDM assigns one band for upstream data
and one band for downstream data. Time division multiplexing divides the downstream
path into one or more high speed channels and one or more low speed channels. But the
upstream path is only multiplexed into corresponding low speed.

2)Echo cancellation :- Echo cancellation assigns the upstream band to over-lap the
downstream. To separate them is by local echo cancellation. This technique is common
in V.32 and V.34 modems(Conventional Modems).

By using either one of the above techniques, ADSL splits off a 4khz region for
POTS at the DC end of the band.
 Internet

Upstream Downstream
Basic
Telephone
Service
FDM

Frequency

Upstream Downstream
Basic
Telephone Echo
Service Cancellation

Frequency

ADSL MODULATION

ADSL uses two types of Modulation i.e CAP(Carrierless Amplituse Phase

Modulation) & DMT(Discrete Multi Tone) & DMT is the most widely used one.

CAP(Carrierless Amplituse Phase Modulation) : It is a variation of QAM (Quadrature

Amplitude Modulation).QAM generates a DSSC (Double Sideband Suppressed Carrier)
signal constructed from two multi-level PAM (Pulse Amplitude Modulated) signals
applied in phase quadrature to one another. CAP modulation produces the same form of
signal as QAM without requiring in-phase and quadrature components of the carrier to
the first be generated. The following diagrams illustrates the CAP modulation.

CAP TRANSMITTER & RECEIVER

In-Phase
an Filter

Output
Binary Constellatio To line
D/A Passband
Input n + Line Filter
Encoder

Quadrature
Filter
bn
 Internet

In-Phase
Adaptive
filter ~
an Data
Line Out
Input A/D Decision Decod
Device er
~
bn
Quadrature
Filter

Discrete Multitone Modulation (DMT)

DMT is basically a multicarrier modulation technique. DMT spread the original

spectrum of the input signal over numerous sub-channels each of which carries a
fraction of the total information. All these sub-channels transmit data in parallel to
In-Phase
each other and are independently modulated with a carrier frequency. By using DSP
Adaptive
techniques, multiple sub-channels could be established using Fast Fourier Transform
filter ~ each other.
(FFT), where the sub-carriers had to have orthoganlity with an
As mentioned before, DMT utilizes the spectrum between 26kHz and 1.1Mhz. After Data
Line Out
using FDM
Inputor echo
A/D cancellation technique, this spectrum Decision
of bandwidth is Decod
split up into
upstream band(26kHz to 138kHz) and downstream bandDevice er which
(138kHz to 1.1MHz),
~
is then further divided into 256 discrete sub-channels each of whichbhad a bandwidth
n
of 4kHz.
Quadrature
One of DMT most significant
Filter feature is that it is able to dynamically adapt to the
line condition to obtain the maximum throughput for each unique telephone line. DMT
does this by framing the data bits into chunks and spreads them over the sub-channels.
The allocation of data into each sub-channel is dependent on the characteristics of the
line and on the SNR (Signal to Noise Ratio) of the line. There could be no data at all in
a really noisy channel and there could be as high as 15 bits/Hz in a channel where SNR
is optimum.
By using the average signal to noise ration (SNR) of the sub-channel, the number of
bits to be allocated to that sub-channel can be decided. The number of bits to be
assigned to the nth channel could be calculated from this equation.
 Internet

The major stages in transmitting and receiving could be seen in the following block
diagram .

Serial to DMT 1 IFFT

Output
Data Parallel Symbol 2
Encoder To line
Input Input
Data D/A Line
Buffer Filter

DMT
Symbols
Transmitted
N (Complex) Serially
Sub-channel
Symbols
 Internet

1 DMT
FFT Symbol Parallel
2 Decoder To Serial Data
line Output Out
Filter A/D Data
Buffer

DMT
Symbols
Received
Serially N (Complex)
Sub-channel
Symbols

The chunk of bits that are being assigned to each sub-channel as described above are
encoded as a set of quadrature amplitude modulated subsymbols. These subsymbols are
then pass into an Inverse Fourier Transform(IFFT) which combines the subsymbols into a
set of real-valued time domain samples, the output of the IFFT is then send a Parallel-to-
Serial block with cyclic prefix which is added to remove InterSymbol Interference (ISI)
between the sub-channels. The output is then pass into an digital to analog converter
which is then send through the twisted copper telephone wire. The receiver would receive
the signal from the twisted copper telephone wire and does the reverse process to
obtained the required data.
To reduce error in transmission and to counter those problem of using telephone lines as
a data transfer medium, DMT had uses Reed Solomon forward error correction
method .The size of this Reed Solomon codeword depends on the number of bits
assigned to each sub-channel.
 Internet

Common Elements In ADSL

The common elements of ADSL are

a) CPE(Customer Premises Equipment) containing a Splitter, ADSL Modem & a PC.

b) Central Office Premises Equipment containing DSLAMs(Digital Subscriber Line
Access Miltiplex),MDFs & PSTN.
c) Aggregator and ATM core consists of Tier II,TierI switches,BRAS(Broad Band
Remote access Service) ,Servers and Core routers.

Factors Determining ADSL Connectivity: More the distance from the DSLAM(Digital
Subscriber Line Access Multiplex) to the customer end the data rate reduces.Signal
attenuation and Signal to Noise Ratio are defining characteristics, and can vary
completely independently of distance (e.g., non-copper cabling, cable diameter).The
performance is also dependent to the line impedance, which can change dynamically
either dependent on weather conditions (very common for old overhead lines) or on the
number and quality of joints or junctions in a particular cable length.

Data Rate - Wire Size – Distance

Data Rate Wire Size Distance

1.5-2.0 Mbps 0.5 mm 18000 Feet 5.5 Kms
1.5-2.0 Mbps 0.4 mm 15000 Feet 4.6 Kms
6.1 Mbps 0.5 mm 12000 Feet 3.7 Kms
6.1 Mbps 0.4 mm 9000 Feet 2.7 Kms
 Internet

ADSL standards
Standard name Standard type Downstream rate Upstream rate
ANSI T1.413-1998 Issue 2 ADSL 8 Mbit/s 1.0 Mbit/s
ITU G.992.1 ADSL (G.DMT) 8 Mbit/s 1.0 Mbit/s
ITU G.992.2 ADSL Lite (G.Lite) 1.5 Mbit/s 0.5 Mbit/s
ITU G.992.3/4 ADSL2 12 Mbit/s 1.0 Mbit/s
ITU G.992.3/4 Annex J ADSL2 12 Mbit/s 3.5 Mbit/s
ITU G.992.3/4 Annex L¹ ADSL2 12 Mbit/s 1.0 Mbit/s
ITU G.992.5 ADSL2+ 24 Mbit/s 1.0 Mbit/s
ITU G.992.5 Annex L¹ ADSL2+ 24 Mbit/s 1.0 Mbit/s
ITU G.992.5 Annex M ADSL2+ 24 Mbit/s 3.5 Mbit/s

Additionally, the non-Annex ADSL2 and ADSL2+ support an extra 256 kbit/s of
upstream if the bandwidth normally used for POTS voice calls is allocated for ADSL
usage.While the ADSL access utilizes the 1.1 MHz band, ADSL2+ utilizes the 2.2 MHz
band.

VDSL (Very-High-Speed DSL)

Very-high-speed DSL (VDSL) promises even higher speeds than ADSL, although
over much shorter distances. Originally named VADSL (A –Asymmetric) but was
later extended to support both symmetric & asymmetric.Requires one phone line and
supports voice & data.It works between 0.3-1.37 kms depending on speed. It supports
upstream data rate of 1.6-2.3 mbps & downstream data rate of 13-52 mbps. The
following figure illustrates shows the data rate, wire size & distance.

Downstream Upstream Distance

Feet Kms

12.96 Mbps 1.6-2.3 mbps 4500 Feet 1.37 Kms

25.82 Mbps 1.6-2.3 mbps 3000 Feet 0.91 Kms
51.84 Mbps 1.6-2.3 mbps 1000 Feet 0.30 Kms
 Internet

RADSL(Rate-Adaptive DSL)

As the name implies, rate-adaptive DSL (RADSL) modems adjust the data rate to match
the quality of the twisted-pair connection. Emerging software should make this an
automated process with little human intervention.

HDSL(High-Data-Rate DSL)

HDSL modem is viewed as equivalent of PCM stream(2 MBps) and offers the same
bandwidth both upstream and downstream. It can work up to a distance of 3.66 to 4.57
kms depending upon the speed required. It can deliver 2048 kbps

a) On 2 pairs of wires, each line carrying 1168 kbps

b) On 3 pairs of wires, each line carrying 784 kbps.

SDSL(Symmetric DSL)

Symmetrical digital subscriber line (SDSL) is similar to HDSL but requires only one pair
of wires. Transmission speed ranges from n x 64 kbps to 2.0 Mbps in both directions. In
this the upload and download streams are of equivalent bandwidth.

19.3.1.2 CABLE MODEM

The cable network was primarily designed to deliver TV signals in one direction
from the Head-End to the subscribers homes. Operators had to upgrade the cable network
so that signals could flow bi-directionally.One spectrum is used for the signals that move
from the Head-End towards the cable subscriber. Another spectrum of signal frequencies
are used for the signals that move from the cable subscriber towards the Head-End. By
way of replacing the existing one way amplifiers with two way amplifiers,Cable
Operators are able to separate the upstream and downstream signals and amplify each
direction separately in the right frequency range. In the downstream direction (from the
network to the computer), network speeds can be up to 27 Mbps. In the upstream
direction (from computer to network), speeds can be up to 10 Mbps. Most modem
producers have selected a more optimum speed between 500 Kbps and 2.5 Mbps. A cable
modem with a splitter can provide Internet access to multiple PCs, if they are connected
via a local area network (LAN).Cable modems typically have an Ethernet output, so they
can connect to the LAN with a standard Ethernet hub or router.
 Internet

A typical CABLE MODEM SETUP at CUSTOMER END.

 Internet

There are 3 types of cable modem.

1). External Cable Modem
¾ External box connected to computer through Ethernet connection
¾ Can use USB interface too.
2). Internal Cable Modem
¾ Is typically a PCI bus add-in card for a PC
3.). Interactive Set-Top Box
¾ Provides a return channel –often through the POTS-giving access to web-
browsing through the TV screen.
Disadvantages of Cable Modem:

1) Bandwidth Sharing: Users in a neighborhood have to share the available bandwidth

provided by a single coaxial cable line. Therefore, connection speed can vary depending
on how many people are using the service at the same time. Often the idea of a shared
line is seen as a weak point of cable Internet access.

2) Security: A more significant weakness of cable networks using a shared line is the risk
of loss of privacy, especially considering the availability of hacking tools for cable
modems.

3) Connectivity Problem :Many cable Internet providers are reluctant to offer cable
modem access without tying it to a cable television subscription.

4) Cost factor: The cost of Cable modem & splitters is high as complared to ADSL
modems.

19.3.1.3 Power Line Communication (PLC)

PLC also called Broadband over Power Lines (BPL) or Power Line Telecoms (PLT),
is a wireline technology that is able to use the current electricity networks for data and
voice transmission. The carrier can communicate voice and data by superimposing an
analog signal over the standard 50 or 60 Hz alternating current (AC). Traditionally
electrical utilities used low-speed power-line carrier circuits for control of substations,
voice communication, and protection of high-voltage transmission lines.More recently,
high-speed data transmission has been developed using the lower voltage transmission
lines used for power distribution. A short-range form of power-line carrier is used for
home automation and intercoms.A computer (or any other device) would need only to
plug a BPL "modem" into any outlet in an equipped building to have high-speed Internet
access.

PLC modems transmit in medium and high frequency (1.6 to 30 MHz electric carrier).
The asymmetric speed in the modem is generally from 256 kbit/s to 2.7 Mbit/s. In the
repeater situated in the meter room the speed is up to 45 Mbit/s and can be connected to
256 PLC modems. In the medium voltage stations, the speed from the head ends to the
 Internet

Internet is up to 135 Mbit/s. To connect to the Internet, utilities can use optical fiber
backbone or wireless link.

TYPICAL PLC LAYOUT

High-speed data transmission, or Broadband over Power Line uses the electric circuit
between the electric substations and home networks. A standard used for this is ETSI
PLT. PLC uses the following frequencies bands.

Low frequencies

z Below 400 kHz (US)

z Below 125 kHz (Europe)
z Transmission rate about 1 to 10 kbps

Low Band is used for Telemetry,Security & Remote Control.

High frequencies

z 2 to 30 MHZ (HF)
z Transmission rate about 1 to 40 Mbps

High Band is used for Telephony & Internet.

 Internet

PLC Distribution Network

Getting beyond
the
transformer
Insert Power Line
Carrier at middle
voltage

Backhaul to NAP
(fiber, DSL, wireless,
satellite)

ADVANTAGES

The major advantage of BPL over regular cable or DSL connections is the availability
of the extensive infrastructure already available which would appear to allow more
people in more locations to have access to the Internet.

DISADVANTAGES

Utility power systems are adverse electromagnetic environments for broadband

communications.

1. Network characteristics (topology, impedance, splices, terminations,

grounding) and devices (regulators, capacitors, re-closers) can adversely
affect signal strength and quality.
2. Electronic loads and nearby high frequency radiation sources may cause
high frequency noise that interferes with BPL.
3. Equipment will be exposed to severe lightning and switching surges.
4. Utility operations and maintenance personnel may damage or improperly
install equipment
5. Some of the PLC systems are not fully operable at very low or no load
without battery backup.
6. Physics limits frequency on power lines to <100 Mhz, limiting ultimate
throughput in densely penetrated areas.
 Internet

7. BPL is not likely to be available soon for high voltage (>66 kV) power
lines.
8. Conventional electronic surge arrestors severely attenuate BPL signal.
9. Other electronic devices (plasma screen TV’s, variable speed drives)
interfere with BPL signal or vice versa.
10. Existing vendors’ technologies are not interoperable.
11. There is not yet an IEEE standard for BPL

19.3.1.4 OPTIC FIBER TECHNOLOGIES

Optical fibers, clearly the chosen technology for transmission media, are beginning to
find their place in the subscriber's loop. Currently fiber costs are high as compared to
copper but there is a trend towards decreasing costs of optical fiber cables and photonics
employed. In addition the tremendous advantages in terms of information capacity of
fiber, its small weight and size over copper cable are making it a very attractive
technology to replace copper in subs loop when advanced broadband services need to be
offered to the customer. To carry the same information as one fiber cable we would need
hundreds of reels of twisted wire Cu cables. Further, fiber is 23 times lighter than Cu
cable and 36 times less in cross- sectional area. These features of light weight and small
size make it easier to handle fiber cable. In crowded city networks they can easily be
accommodated in existing ducted systems.

Fiber in loop (FITL) can be developed in several configurations.

1) Fibre to the Curb(FTTC)

2) Fibre to the building(FTTB)
3) Fibre to the home/Office(FTTH/FTTO)
4) PON (Passive Optical Network)

Fibre to the Curb(FTTC) in which the terminal equipment is located on the curb from
where it would be convenient to serve a suitable service area. Since the distribution
would still be copper, suitable location for the terminal would be one which optimizes the
cost, reduces back-feeding, reduces distribution cost and takes safety factors into
consideration. Space and power availability need to be confirmed before finalising the
location.

Fibre to the building(FTTB) in which the terminal equipment is located inside a

multistoreyed building. This brings higher bandwidth closer to the subscriber. The
distribution part is still copper. For new buildings, the planners may negotiate for suitable
location well in time.

Fibre to the home/Office(FTTH/FTTO) in this method the fibre goes upto the
subscriber premises
 Internet

Typical Architecture of Fibre in Local Loop

Depending upon the location of the cabinet (CAB-see above diagrams ) or the terminal
equipment we call FTTC,FTTH or FTTO and FTTB. The optical fibre cabinet consists
of fibre optic transmission equipment and customer access equipment. It consists of three
internal chambers. A battery chamber that houses upto 2 batteries, an MDF chamber
housing MDF, alarms and fibre splice box, an equipment chamber housing transmission
and access equipment. Exchange side of cabinets connect to exchange on 2Mbps or
channel level or on a V 5.2 interface and subscriber side of cabinets connect to
subscribers via copper lines. These can be installed as outdoor or indoor cabinets.
Outdoor cabinets are environmentally fitted and could be installed on curbs or in remote
areas. Usual capacities of fibre optic cabinets have capacities 120, 240,480 and 1920
channels. Each cabinet requires two fibres for operation and one dark fibre-pair is usually
kept as spare. The fibre optic cabinets offer point to point connections and can take care
of POTS, ISDN(BA and PRI), DID, Payphones, 64Kbps leased lines.
 Internet

19.3.1.5 Passive Optical Networks (PONs)

Most networks in the telecommunications networks of today are based on active

components at the serving office exchange and termination points at the customer
premises as well as in the repeaters, relays and other devices in the transmission path
between the exchange and the customer. By active components, we mean devices which
require power. With Passive Optical Networks, all active components between the central
office exchange and the customer premises are eliminated, and passive optical
components are put into the network to guide traffic based on splitting the power of
optical wavelengths to endpoints along the way. This replacement of active with passive
components provides a cost-savings to the service provider by eliminating the need to
power and service active components in the transmission loop. The passive splitters or
couplers are merely devices working to pass or restrict light, and as such, have no power
or processing requirements and have virtually unlimited Mean Time Between Failures
(MTBF) thereby lowering overall maintenance costs for the service provider.

The basic components of PON are

a) Optical Line Terminal(OLT): It is located in the central office and interfaces

with switch (possibly through V5 interface) .It provides system control and
implements protocol for transmission.

b) Splitter : It splits the source optical beam into multiple fibers.

c) Optical Network Unit (ONU) : It interfaces with subscriber terminals and works
under the control of OLT to implement the transmission protocol.It can be configured
in FTTC, FTTB and FTTH configurations

Typical PON Connectivity

 Internet

There are different PON technologies exists and are given below.
a) APON (ATM PON)
b) EPON (Ethernet PON)
c) GPON( Giga Bit EthernetPON) .

PON benefits

PON systems offer a number of benefits to the operator and the end users.

1).Fiber is less costly to maintain than copper based systems so operators can reduce
costs, increase profits or lower costs to the end-users.

2) The technology conserves fibre,passive elements and optical interfaces. All this leads
to cost effectiveness.

3) Reliabilty of the network is very high.

4) Both business and residential customers can be served on the same platform and
customers get better quality of service.

5). Network can be upgraded to support future services

19.4 Wireless Technologies

19.4.1 Bluetooth

It is a Wireless Technology used for short range applications ( about 10 meters)

namely in Personal Area Networks(PAN). It operates on 2.4 Ghz band with 1+ Mbps
speed and Frequency Hopping Spread spectrum modulation technique is employed. It is a
Combination of circuit switching and packet switching supporting both voice and data.
Bluetooth lets these devices talk to each other when they come in range, even if they are
 Internet

not in the same room, as long as they are within up to 100 metres (328 feet) of each other,
dependent on the power class of the product. Products are available in one of three power
classes:

Class 1 (100 mW) [still readily available]: It has the longest range at up to 100 metres
(328 ft).

Class 2 (2.5 mW) [most common]: It allows transmission to a distance of 10 metres (33
ft).

Class 3 (1 mW) [rare]: It allows transmission of 10 cm (3.9 in), with a maximum of 1

metre (3.3 ft).

With UWB (Ultra Wide Band technology) speed upto a maximum of 400Mbps is
achieved.

19.4.2 3G Mobile
Of late cellular mobile telephony has started maturing in delivering data access
over the air. The evolution of cellular mobile telephony has taken place in following steps
1. 2G – GSM, CDMA
2. 2.5G – GSM(GPRS/EDGE), CDMA 2000 1x
3. 3G – UMTS/WCDMA, CDMA 2000 1xEVDO/EVDV
The speeds achieved with above different cellular mobile telephony is given
below.
1).2G GSM/CDMA 9-14 Kbps
2).2.5G GSM
GPRS 115 Kbps
EDGE 384 Kbps
3).2.5G CDMA 2000 1x 170 Kbps
4).3
3G UMTS/WCDMA 384K (M), 2048K(S)
5).3G CDMA 2000 1x 384K (M), 2048K(S)
EVDO/EVDV

However the technologies 2.5G GSM(EDGE) & 3G (Both CDMA 2000 1x

EVDO*/EVDV* & UMTS*/WCDMA*) falls into the category of Broadband access.
(*Note:_EVDO-Evolution Data Optimised ,EVDV-Evolution Data and Voice ,UMTS-
Universal Mobile Telephony System & WCDMA – Wideband Code Division Multiple
Access)

19.4.3 Wi-Fi( Wireless Fidelity)

Wi-Fi (also WiFi or wifi) is an abbreviation for "wireless fidelity” & is a
trademark controlled by the Wi-Fi Alliance (formerly the Wireless Ethernet
Compatibility Alliance), the trade organization that tests and certifies equipment
compliance with the IEEE 802.11 standards for wireless local area networks( WLANs).
Wi-Fi was intended to allow mobile devices, such as laptop computers and personal
digital assistants (PDAs) (PDAs) to connect to local area networks, but is now often used
 Internet

for wireless Internet access and wireless. Many computers are sold today with Wi-Fi
built-in; others require adding a Wi-Fi network card (Wireless Ethernet/LAN card).
A Wi-Fi-enabled device is able to connect to a local area network when near one
of the network's access points (see the figure below). The connection is made by radio
signals; there is no need to plug the device into the network. If the local area network is
connected to the Internet, the Wi-Fi device can have Internet access as well. The
geographical region covered by several access points is called a hotzone. The range of
an access point varies. The access point built into a typical Wi-Fi home router might have
a range of 45 m (150 ft) indoors and 90 m (300 ft) outdoors.

Wireless Ethernet standards

Wi-Fi is based on the IEEE 802.11 specifications. There are currently four
deployed 802.11 variations: 802.11a, 802.11b, 802.11g and 802.11n. The b specification
was used in the first Wi-Fi products. The n variant is most recent.
IEEE 802.11
The Initial release of the standard capable of transmissions of 1 to 2 Mbps and
operates in 2.4 GHz band using either frequency hopping spread spectrum (FHSS) or
direct sequence spread spectrum (DSSS).
IEEE 802.11a
 Internet

Capable of transmissions upto 54 Mbps and operates in 5 GHz band and uses an
orthogonal frequency division multiplexing OFDM encoding scheme .
IEEE 802.11b
Capable of transmissions of upto 11 Mbps and operates in 2.4 GHz band and uses
only DSSS encoding scheme.
IEEE 802.11g
Capable of transmissions upto 54 Mbps and operates in 2.4 GHz band and uses an
orthogonal frequency division multiplexing(OFDM) encoding scheme.
IEEE 802.11n
Capable of transmissions upto 100 Mbps and operates in 2.4 GHz band and uses
an orthogonal frequency division multiplexing(OFDM) encoding scheme.

Advantages of Wi-Fi
• Unlike packet radio systems, Wi-Fi uses unlicensed radio spectrum and does not
require regulatory approval for individual deployers.
• Allows LANs to be deployed without cabling, potentially reducing the costs of
network deployment and expansion. Spaces where cables cannot be run, such as
outdoor areas and historical buildings, can host wireless LANs.
• Wi-Fi products are widely available in the market. Different brands of access
points and client network interfaces are interoperable at a basic level of service.
• Competition amongst vendors has lowered prices considerably since their
inception.
• Many Wi-Fi roaming, in which a mobile client station such as a laptop computer
can move from one access point to another as the user moves around a building or
area.
• Many access points and network interfaces support various degrees of encryption
to protect traffic from interception.
• Wi-Fi is a global set of standards. Unlike cellular carriers, the same Wi-Fi client
works in different countries around the world (although may require simple
software configuration).

Disadvantages of Wi-Fi
• Though the use of the 2.4 GHz Wi-Fi band does not require a license in most of
the world, local regulations do require that Wi-Fi devices stay below the local
regulatory limits on transmission power and accept interference from other
sources, including interference which causes the devices to no longer function.
Legislation/regulation is not consistent worldwide.
• The 802.11b and 802.11g flavors of Wi-Fi use the 2.4 GHz spectrum, which is
crowded with other equipment such as Bluetooth devices, microwave ovens,
cordless phones (900 MHz or 5.8 GHz are, therefore, alternative phone
frequencies one can use to avoid interference if one has a Wi-Fi network), or
video sender devices, among many others. This may cause a degradation in
performance. Other devices which use these microwave frequencies can also
cause degradation in performance.
• Closed access points can interfere with properly configured open access points on
the same frequency, preventing use of open access points by others.
 Internet

• Power consumption is fairly high compared to other standards, making battery life
and heat a concern.

19.4.4 WiMAX
WiMAX is an acronym that stands for Worldwide Interoperability for
Microwave Access, a certification mark for products that pass conformity and
interoperability tests for the IEEE 8802.16 standards.(IEEE 802.16 is working group
number 16 of IEEE 802 specializing in point-to-multipoint Broadband wireless
access).WiMAX covers wider, metropolitan or rural areas. It can provide data rates up to
75 megabits per second (Mbps) per base station with typical cell sizes of 2 to 10
kilometers. This is enough bandwidth to simultaneously support (through a single base
station) more than 60 businesses with T1/E1-type connectivity and hundreds of homes
with DSL-type connectivity.

It is similar to Wi-Fi in concept, but has certain improvements are done at improving
performance and should permit usage over much greater distances. IEEE 802.16
networks use the same Logical Link Controller(standardized by IEEE 802.2) as in other
LANs and WANs, where it can be both bridged and routed to them. An important aspect
of the IEEE 802.16 is that it defines a MAC (Media Access Control) layer that supports
multiple physical layer specifications in 2 to 11 Ghz & 10 to 66 Ghz bands. It will
provide fixed, portable, and eventually mobile wireless broadband connectivity and also
provides POTS services.

802.16 Last Mile Networks

WiMAX Subscriber
Station
WiMAX PSTN
Backhaul
POTS Internet

Wi- Telco core

WiMAX Access network
Fi Pt to Multipt. Or private
Internal Access (fiber)
Point with hub
Ethernet WiMAX Base Station

Customer Premise
(Home, Business or HOTSPOT)

The MAC is significantly different from that of Wi-Fi (and ethernet from which
Wi-Fi is derived). In Wi-Fi, the MAC uses contention access—all subscriber stations
wishing to pass data through an access point are competing for the AP's(Access points)
attention on a random basis. This can cause distant nodes from the AP to be repeatedly
 Internet

interrupted by less sensitive, closer nodes, greatly reducing their throughput. By contrast,
the 802.16 MAC is a scheduling MAC where the subscriber station only has to compete
once (for initial entry into the network). After that it is allocated a time slot by the base
station. The time slot can enlarge and constrict, but it remains assigned to the subscriber
station meaning that other subscribers are not supposed to use it but take their turn. This
scheduling algorithm is stable under overload and oversubscription (unlike 802.11). It is
also much more bandwidth efficient. The scheduling algorithm also allows the base
station to control Quality of Service by balancing the assignments among the needs of the
subscriber stations.
This is also an important aspect of why WiMAX can be described as a
"framework for the evolution of wireless broadband" rather than a static implementation
of wireless technologies.

19.4.5 Free Space Optics

FSO is optical, wireless, point-to-point, line-of-sight broadband technology that is
an alternative to fiber optic cable systems without expense of fiber. Speed is comparable
to fiber optic transmissions and transmits up to 1.25 Gbps at distance of 4 miles (6.4
kilometers) in full-duplex mode. It uses low-powered infrared (IR) beam sent through
open air by transceivers. Uses unlicensed higher frequency. Currently FSO uses two
different wavelengths(780nm & 1550nm), but expect worldwide standard in near future.

FSO TRANSCEIVER

Advantages of FSO
1.Significantly less expensive than fiber optic or leased lines
2.Much faster installation, days or weeks compared to months for fiber
optic cables
3.Transmission speed can be scaled to meet user’s needs; from 10 Mbps to
1.25 Gbps
4.Security is key advantage; not easy to intercept or decode
 Internet

Disadvantage of FSO
1.Scintillation is temporal and spatial variations in light intensity caused
by atmospheric turbulence that acts like prism to distort FSO signals
2. Loss of Signal due to Fog (Intensity of Light is reduced) .
3. Interference of signal due to bird/flies obstructing the signal path.
4. Obstruction of signal by swaying of tall structures/buildings due to
winds and seismic activity.

19.4.6 (a) Local Multipoint Distribution Service(LMDS)

LMDS is a broadband wireless access technology that uses microwave signals

operating between the 26GHz and 29GHz bands. It is a point-to-multipoint service, hence
is typically deployed for access by multiple parties. Throughput capacity and distance of
the link depends on the modulation method used - either phase-shift keying or amplitude
modulation. Links up to 5 miles from the base station are possible.
 Internet

Central Office Video

PSTN

Internet
Content &
Application
Providers
Backhaul for
Hotspots

Data,PSTN
Video Access

Data,PSTN
Video Access
LMDS Cell Site

LMDS TYPICAL LAYOUT

Factors determining LMDS

1).Line-of-sight—LMDS requires direct line.Tall buildings may obstruct line of sight and
the solution is to divide area into smaller cells.
2). Antenna height—placed on taller buildings can serve larger cells without obstructions
Advantages
a)Lower cost for both user and carrier than wired alternatives
b)Increased service area; network may be expanded one cell at a time
c)Capacity; with as much as 1,300 MHz of spectrum in a local market, carriers can
support 16,000 telephone calls and 200 video channels simultaneously

Disadvantages
a)Requires line-of-sight between buildings; LMDS network is limited by surrounding
objects
b)Affected by precipitation; LMDS systems are susceptible to interference from rain and
fog

19.4.6 (b) Multichannel Multipoint Distribution System(MMDS)

Multichannel multipoint distribution service, also known as MMDS or wireless cable, is
a wireless telecommunications technology, used for general-purpose broadband
 Internet

networking . Similar to LMDS, MMDS can transmit video, voice, or data signals at 1.5
Mbps downstream and 300 Kbps upstream at distances up to 35 miles.Mounted MMDS
hub uses point-to-multipoint architecture. Pizza box (13 x 13 inch) directional antennas
are mounted at receiving location & a cable runs from antenna to MMDS wireless
modem, which converts analog signal to digital and may be attached to single computer
or LAN.

Advantages
a)Signal strength—low frequency MMDS RF signal travels farther and with less
interference than high-frequency LMDS RF signals
b)Cellsize—seven times larger than area covered by LMDS transmitters
c)Cost—MMDS is less expensive than LMDS

Disadvantages
a)Requires direct line-of-sight—makes installation difficult and eliminates locations
blocked by taller obstructions
b)Shared signals—decreased speed and throughput since users share same radio channel
c)Security—Unencrypted transmissions may be intercepted and read
d)Limited markets—available in limited areas in USA

19.4.7 SATELLITE

Satellite broadband offers two-way internet access via satellites orbiting the earth
about 22,000 miles above equator. The PC through a special satellite modem broadcasts
the requests to the satellite dish ,located on top of the roof/building which in trun
transmits and receives signal from the satellites. But satellite broadband is slower in both
uplink and downlink compared to any DSL technology for example.
At present we use VSAT (Very Small Aperture Terminals) & DTH (Direct To
Home) terminals for satellite transmission. C, Ku & Ka bands are used for services
involving fixed terminals and L band is used for mobile services. It Offers data rates 9.6
Kbps for a handheld terminal and 60 Mbps for a fixed VSAT terminal at present.
Satellite broadband has got an advantage, that it can be deployed in every region
in a country. Satellite explores the possibility of usage in rural areas where tough terrain
conditions prevails. It provides an always on Connection without dialling .It offers
incredible reliability, better than 99.9%. and need not worry about dropped connections
during critical transactions, or missed emails..
 Internet

21.5 Conclusion

With the advent of new technologies in the field of communication which has
brought the world closer and closer, the consumer will be in a better position to choose
and reap the benefits, the broadband technology offers viz. High Speed Internet, Video
Conferencing, Telemedicine, Video on Demand ,Internet Radio, Instant messaging, etc.
 Internet

Chapter 20

Next Generation Networks

Contents

ƒ Introduction
ƒ History
ƒ Different types of Networks
ƒ Definition
ƒ Features
ƒ Applications
ƒ Characteristics

Objectives

After completion of this module you will be able to know:

• The features of NGN

• Applications Of NGN
• Characteristics of NGN
• Elements of NGN
 Internet

20.1 Introduction

Next Generation Networks (NGN) are the next step in world communications.
NGNs are the culmination of 100 years of telecommunications evolution, combining the
scalability and reliability of the public telephone network with the reach and flexibility of
the Internet. The next-generation network seamlessly blends the public switched
telephone network (PSTN) and the public switched data network (PSDN), creating a
single multi service network.
Traditionally, now there are three separate networks: the PSTN voice network, the
wireless network and the data network (the Internet). NGN converts all of these three
networks into a common packet infrastructure. This intelligent, highly efficient
infrastructure delivers universal access and a host of new technologies, applications, and
service opportunities. The fundamental difference between NGN and today’s network is
the switch from current ‘circuit-switched’ networks to ‘packet-based’ systems such as
those using Internet Protocol (IP). The need for global standards is critical as most
operators expect to move to an IP infrastructure. One area to be addressed is the concept
of ‘nomadicity’, which will give fixed line and mobile users completely seamless
communication. It means that the underlying technology will be invisible to the user
regardless of a multi-service, multi-protocol, multi-vendor environment.

20.2 History
The global telecommunications infrastructure has evolved over the past 100 years. The
last two decades, however, have heralded seminal change that has accelerated this
 Internet

evolution manifold. The emergence of the converged network — driven largely by

growth in video, voice and data traffic across the globe has been a major primer for
change and all industry watchers agree that this is only the beginning.
Traditional circuit-switched telecommunications infrastructure is the foundation for the
public switched telephone network (PSTN) that delivers telephony connections to homes
and businesses today. This network is extremely demanding in its requirements for
reliability and high availability. People expect, and generally receive, a dial tone when
they pick up the phone.
How is such a reliable network assured? Under the existing paradigm, the phone system
creates a dedicated circuit between the caller and the destination to complete a call. This
line cannot be used by the system for other purposes during the duration of the call. Time
division multiplexing (TDM) technology, on which circuit-switched telephony is based,
allows the system to place multiple calls on its major trunk lines, but the dedicated circuit
still consumes more network bandwidth than necessary.
High reliability and voice quality — as well as the lack of any viable alternative — meant
that TDM based communication technologies grew and flourished. Till the Internet
emerged! The Internet is a network of network, connecting millions of computers across
the world. Widespread adoption of PC devices, evolution of killer applications such as
the WWW and e-mail, as well as its efficiency in transfer of data traffic across the world
saw a surge in Internet users through the 1990s.

At the crossroads
The telecommunications world is at the crossroads today. As the amount of data traffic
crossing the globe increases every second, the conventional infrastructure is seen to be
increasingly incapable of handling it. On the other hand, the flexible and efficient data
network — the Internet — can carry all forms of service traffic over it, but has been
found to be unsuited for telephony.
As is usually the case — the market found a way out. The clash of the old-world and the
new led to a wave of innovation and evolution for telecommunications. Today, copper
and fibre optic lines that used to carry voice traffic now also transmit data, fax, and video.
Traditional circuit switching is giving way to more efficient and flexible packet switching
technologies as a result of the explosive growth of IP (Internet Protocol) networks.
New companies are entering the telecommunications space as service providers and old
companies are adopting new business models built on new technology. In this
competitive marketplace, telecommunication firms are looking to enhance the services
they provide to their customers and reduce the costs of delivering them.
One critical area of communications infrastructure that has been rapidly evolving in
recent times has been switching technologies, as traditional switching functions give way
to next generation of telecommunication switches. Switching is the core of all
telecommunication networks, allowing efficient point-to-point communications without
direct connections between every node.
To operate in the demanding and highly intensive PSTN domain, telecom switches are
needed to be compatible with existing legacy systems and standard communications
protocols. They are expected to deliver the high reliability that is expected today from a
TDM network.
They are also expected to support value-added features and services that service
providers allow carriers to differentiate themselves based on service and scale on demand.
 Internet

Such increasingly open architecture demands switching technology to upgrade to

accommodate the emerging requirements from a communications network.

Rapid progress in the late 1990s

During the late 1990s, very rapid progress was made in overcoming these limitations.
Gateways that can pass traffic between IP networks and the PSTN have been available
since early 1998, and various groups have been working on the development of software
that can be used to control gateways, in order to enable managed delivery of voice over
IP.
The era of circuit-switched telecommunication networks is drawing to a close. We are
seeing the beginnings of a transition that will gather pace over the coming decade, from
distinct and separate sets of infrastructure for telephony and data, towards the `next-
generation network', a single IP-based infrastructure for carrying all the voice, data and
multimedia traffic associated with an increasingly wide range of network services.
One of the key reasons for the rapid acceptance for this technology has been its open-
standards based architecture, which provides great flexibility for carriers to develop
custom solutions based on best-of-breed hardware and software components.
20.3 Different Types of Networks

20.3.1 Circuit Switching

In this method, a connection called a circuit is set up between two devices, which is used
for the whole communication. Information about the nature of the circuit is maintained by
the network. The circuit may either be a fixed one that is always present, or it may be a
circuit that is created on an as-needed basis. Even if many potential paths through
intermediate devices may exist between the two devices communicating, only one will be
used for any given dialog. This is illustrated below

Circuit Switching
In a circuit-switched network, before communication can occur between two devices, a
circuit is established between them. Communication link from A to B, and B to A are
shown in figure. Once set up, all communication between these devices take place over
 Internet

this circuit. The classic example of a circuit-switched network is the existing telephone
system. When A calls B and he answers, a circuit connection is established. That circuit
function the same way regardless of how many intermediate devices are used to carry the
voice. You use it for as long as you need it, and then terminate the circuit. The next time
you call, you get a new circuit, which may (probably will) use different hardware than the
first circuit did, depending on what's available at that time in the network.
 Internet

20.3.2 Packet Switching

In this network type, no specific path is used for data transfer. Instead, the data is
chopped up into small pieces called packets and sent over the network. The packets can
be routed, combined or fragmented, as required to get them to their eventual destination.
On the receiving end, the process is reversed—the data is read from the packets and re-
assembled into the form of the original data.

Packet Switching
In a packet-switched network, no circuit is set up prior to sending data between devices.
Blocks of data may take any number of paths as it journeys from one device to another.
In circuit switching, a circuit is first established and then used to carry all data between
devices. In packet switching no fixed path is created between devices that communicate;
it is broken into packets, each of which may take a separate path from sender to recipient.

The traditional Public Switched Telephone Network (PSTN)

1. Built to provide VOICE service
2. Intelligence at the core (central switch )
3. Dedicated circuit set up for each call
4. Dumb terminals (cheap CPE)
5. ATM, SDH, copper local loop technology
6. Very reliable
7. Licensed and highly regulated
8. Usually monopoly
9. Universal service obligation
10. Emergency call service

The Mobile Telecom Network

11. Built to provide VOICE/data service
 Internet

12. Intelligence at the core (central switch)

13. Dumb mobile devices
14. BSS, MSS, HLR/VLR, SIM cards
15. Dedicated circuit set up for each call
16. Less reliable than PSTN
17. Licensed and highly regulated
18. Two or more competing providers
19. Emergency call service
20. Interconnect to other mobile networks and PSTN by agreements

The Internet
21. Built over PSTN to provide data service
22. Information is routed, not switched
23. Best efforts rather than guaranteed QoS
24. Intelligence at the edge, large variety of devices and services connected to
the internet
25. Unregulated
26. Many competing providers
27. No Universal Service Obligation or Emergency call service
28. Interconnect between clouds by peering or transit agreements

Voice over Data

As data traffic began to equal and surpass voice traffic on telecommunications networks
it became economic for operators to consider transporting their voice traffic over packet
switched networks. This convergence would help reduce the costs associated with
operating and maintaining separate networks. However there are many problems
associated with obtaining circuit switched levels of service for real-time traffic (e.g. voice)
on packet switched networks which may not always have the sufficient capacity (packets
are discarded under congested conditions in packet switched networks resulting in
delayed or lost data which is unacceptable during telephone conversations).

20.4 Definition of Next Generation Network by ITU

A Next Generation Network (NGN) is a packet-based network able to
provide services including Telecommunication Services and able to make use of multiple
broadband, QoS-enabled transport technologies and in which service-related functions
are independent from underlying transport-related technologies. It offers unrestricted
access by users to different service providers. It supports generalized mobility which will
 Internet

allow consistent and ubiquitous provision of services to users.

20.5 Features Of NGN
ƒ Packet-based transfer
ƒ Separation of control functions among bearer capabilities, call/session, and
application/ service
ƒ Decoupling of service provision from network, and provision of open interfaces
ƒ Support for a wide range of services, applications and mechanisms based on
service building blocks (including real time/ streaming/ non-real time services and
multi-media)
ƒ Broadband capabilities with end-to-end QoS and transparency
ƒ Interworking with legacy networks via open interfaces
ƒ Generalized mobility
ƒ Unrestricted access by users to different service providers
ƒ A variety of identification schemes which can be resolved to IP addresses for the
purposes of routing in IP networks
ƒ Unified service characteristics for the same service as perceived by the user
ƒ Converged services between Fixed/Mobile
ƒ Independence of service-related functions from underlying transport technologies
ƒ Compliant with all Regulatory requirements, for example concerning emergency
communications and security/privacy, etc.

20.6 Applications of NGN

20.6.1 Telepresence

Telepresence is the ability to interact in real-time with another person who is at a

different location using telecommunications. Telephony is a Telepresence application in
its most simple form. Advanced Telepresence systems operating on next generation
networks will enhance users’ experiences of realism while communicating. Applications
such as high quality video-conferencing systems would require capacities of between 2
and 8Mbit/s1 per user. (Current video conferencing systems can operate at capacities of
between 128 and 384 kbit/s but provide a low quality service.)
Video conferencing technology is currently most common in the business world, and
applications are also being developed in the fields of education and medicine. When
NGNs make ample capacity available it is conceivable that video conferencing could be
adopted on a mass basis as a replacement or augmentation of basic telephony.

20.6.2 3D Imaging
Adding three-dimensional aspects to the imaging systems of Telepresence will further
enhance the experience of Telepresence. Initially, this sort of enhancement could have
applications for business users, enabling delegates to sit down to a virtual meeting and
hold real time discussions while viewing other delegates on three dimensional monitors..
 Internet

Other applications are in the medical and educational fields .At a more advanced stage
Telepresence will become interchangeable with virtual reality, and applications in
entertainment are envisioned.

20.6.4 Virtual Reality

When we think of virtual reality we often think of applications involving complete Tele-
Immersion. However it is likely that applications will develop that blend reality and
virtual reality forming hybrid realities to enhance our experiences. An example of this
could be a type of visual display that could project images onto a user’s normal field of
view using devices mounted on eyeglasses, allowing them to receive augmented
information relating to their environment such as directions to the nearest hospital or
police station.
To further enhance users’ sense of realism the sense of touch could be incorporated into
virtual reality systems through interfaces. Such systems allow users to touch and
manipulate virtual objects. This aspect is essential for telesurgery applications,It is
conceivable that in the future the senses of taste and smell could also be incorporated in
virtual reality systems.

20.6.5 Data Augmentation

Further value can be added to Telepresence applications by augmenting services with

additional information. In many ways this could allow Telepresence to surpass real face
to face communication. For example, future face to face communications may often have
files attached to them such as work that had been jointly undertaken during a
Telepresence meeting.

20.6.6 Tele-Learning/Tele-Education

Tele learning or Tele-education is the application of telecommunications technology in

education and training. Next generation Tele-education applications will use advanced
graphical visualisation tools to help users understand difficult or abstract topics and also
provide users with an opportunity to learn in a safe and non-critical environment (e.g.
flight simulation training, surgical procedure training). Some of these applications will
require the use of three dimensional and virtual reality simulators.
Interactivity is also an important feature of Tele-education, allowing users in remote
locations to focus on areas where they are experiencing particular difficulties for example,
and will enable a higher level of one to one interactivity with tutors (real or virtual).
Applications of this type could involve a mixture of real-time and stored data. Interactive
Tele-education is also applicable in class-room environments. Already on-line learning is
a growing Internet application.
Tele-education provides users with the convenience of being able to learn at more
convenient times and places (e.g. from home in the evenings instead of at a college
during the day, or in work at the desktop). Also, Tele-education gives users the
opportunity to select more specific course material that is directly applicable or tailored
to their individual interests.
 Internet

The capacity requirements of these systems will vary according to the level of quality
sought from the video images, and it can therefore be expected that capacities of 2Mbit/s
or more would be required for video-conferencing applications.

20.6.7 Tele-Medicine

Tele-medicine or medical informatics is the use of telecommunications technology in

medical applications. These applications would be greatly facilitated by highly reliable
next generation networks. Tele-medicine will allow the transfer of records or actual
medical conditions between patients and medical personal in geographically diverse
locations. Furthermore, Telepresence applications will enable medical staff to conduct
face to face meetings with other staff and patients without the need to travel.
An important future Tele-medicine application is Tele-surgery, in which a surgeon views
the patient through a three dimensional display and conducts a surgical operation via
robotic instruments from a remote location using a high capacity telecommunications link
Other medical imaging techniques are well suited to Tele-medicine allowing for the
diagnosis process to occur at a different location from the patient and collection of
information (e.g. digital imaging, tissue sample analysis). This form of Tele-medicine is
now common on hospitals’ local area networks with the transmission of x-ray images.
Next generation networks will enable widespread use of such applications.
Tele-education also has applications in the medical area. Similar imaging techniques to
those used by the remote surgeons mentioned above can be used in the training of
medical staff.

20.6.8 Home Care

Home care involves monitoring and caring for patients at home using
telecommunications technology. Time and costs can be saved by allowing nurses to
conduct daily virtual visits to patients in geographically dispersed areas. Furthermore,
the concept of person to machine communications could be utilised here as home care
patients could be constantly monitored, reducing the recovery times needed in hospitals.
Home care using telecommunications links can allow the elderly to extend the time that
they can live independent lives in their own homes.. Although many of these
applications do not require high data rates their mass adoption could produce significant
traffic loads on next generation networks.

Data Integrity and Privacy

Important data integrity and privacy issues arise from the application of Tele-medicine.
Tele-medicine applications that involve real time data concerning the well being of
patients are critical in terms of data integrity. Any erroneous transmissions could result
in mistreatment with potentially serious consequences. Also, as medical information is of
a highly private nature security is a priority and will become a key consideration in the
design of next generation networks.

Social Interactivity and Entertainment

High capacity applications will emerge in the areas of gaming, movies and social
interactivity. Interactive gaming with multiple participants is already an established
 Internet

internet application. However, with increasingly intense gaming applications (e.g. high
resolution video graphics) more and more capacity is needed from telecommunications
networks to support multi-player real-time use.
Streaming video and audio entertainment will be important applications of next
generation networks as traditional broadcasting services and delivery methods converge
with telecommunications (e.g. interactive TV). Applications such as video on demand
(VOD) providing users with personalised viewing services and applications with added
interactivity will require high capacity networks to serve them.
Peer to peer networking of video, audio and even 3D virtual reality archives could also
bear heavily on next generation networks as users swap massive amounts of data.

Machine to Machine Communication

In the paragraphs above mostly human to human and human to machine communications
have been considered. As the number of devices or machines that are able to
communicate continues to increase, telecommunications traffic between these machines
will continue to increase exponentially. A number of commentators have suggested that
machine to machine communication will exceed person to person communication on next
generation networks in around five years. Although, for the most part, the early
applications envisioned here would be narrow band applications (e.g. environmental
sensors to detect temperature, moisture levels, light intensity, movement etc.), the vast
numbers of routine communications will make their aggregate capacity significant.
Machine to machine communication could also allow for the development of smart
environments which are environments or workspaces that are aware of the context in
which they are being used. For example, if a child approached a TV terminal, children’s’
programs could be shown instead of stock market information. In a business
environment a user could automatically receive relevant information based on a particular
caller, or the attendees at a meeting.
Other applications of machine to machine communication could include improved safety
on our roads by allowing road traffic to be automated. This would enable guidance
systems in vehicles to communicate with one another to ensure that collisions did not
occur.

Business Applications
Increasing levels of e-commerce will place increasing demands on next generation
networks. Highly secure and reliable next generation networks will in turn encourage the
growth of business applications as users become accustomed to and develop trust in e-
commerce applications.
Increased telecommunications traffic from applications such as online banking and
shopping will create large amounts of e-commerce traffic. Furthermore, video
conferencing and virtual reality show rooms may change the way in which we choose
products and services.

Characteristics of Next Generation Networks

Next generation networks will for the most part be high speed packet based networks
capable of delivering a multitude of broadband services. Among other things these
 Internet

networks need to be both flexible and reliable. Although next generation networks will
develop in many different ways they will all have a common set of broad characteristics.
These characteristics are
29. Protocol Independence
30. Reliability
31. Controllability and Quality of Service
32. Programmability
33. Scalability

Protocol Independence
In order to facilitate multiple forms of communications, next generation networks will
need to be capable of operating a multitude of different communications protocols
Traditionally networks have been designed and implemented to transmit certain specific
types of data such as voice, video or data. This required separate networks, using
different sets of equipment (although usually using the same cables or transmission media)
to support multi-media communications.

Users
IP Network
Circuit Switched Network

Figure 3.1: A simplified diagram of overlaid IP and Circuit Switched

Networks showing the duplication of network resources.

Essentially, protocol independence is the ability of a network to operate any protocol that
may be required.).The ability of equipment to be multi-functional is increasingly required
by telecommunications operators. It enables them to save on operational costs as
equipment is managed from a single platform. Also, the physical space and hence costs
 Internet

that are saved with multi-functional equipment is a critical factor. Another significant
factor is a reduction in the amount of power consumed by using less equipment.

Reliability
Increased dependency on advanced new applications in the future will place even greater
reliability requirements on next generation networks. Individuals’ expectations of
availability and quality of service, grounded in a perception of high quality in traditional
telephony and television services, will impose high standards of performance.
E-commerce applications will lead to highly resilient telecommunications networks as
businesses become increasingly reliant on telecommunications to function. For other
highly sensitive applications, such as tele-medicine, network reliability and resilience is
imperative, since a patient’s health could depend on the quality of the information
transmitted
In order to achieve the necessary levels of resilience and reliability next generation
networks will need more diverse topologies and redundant elements than is normal in
today’s networks.

Controllability
It is essential for network managers to be able to design, adapt and optimise their
networks to accommodate simultaneously different types of media with varying network
requirements. The main issue here is of quality of service, (i.e. the ability of a network to
provide a particular level of service or to guarantee a certain amount of bandwidth and
response time over a specified period). For example a voice or video conferencing
application could not normally afford to have information packets (i.e. pieces of the
conversation) lost or even delayed. Therefore these types of services need a guaranteed
high level of quality of service to function adequately. On the other hand, non critical
applications such as internet browsing can afford to lose occasional packets of
information as these can be re-sent without degrading the service.
Control of these aspects of a network is an important characteristic since it allows
network managers and network management software to optimise utilisation of network
resources by dynamically setting the balance between the amount of capacity that is
dedicated to real time applications and mission critical applications. Network managers
also need to control the amount of flexibility that is applied to non-real time services such
as file transfers (e.g. downloading of design files from a design centre to the
manufacturing plant). This is known as traffic engineering. Traffic engineering features
of next generation networks will help overcome both the problems of guaranteed quality
of service in current packet switched networks (e.g. IP) and the problem of wasted
capacity in dedicated circuit switched networks. See annex 1.
A common shortcoming of current packet switched networks is that it can be difficult for
telecommunications network operators to specify or guarantee an end to end quality of
service, particularly where part of the communications link is carried over a third party’s
network. For example a call originating on a network with a sufficiently high quality of
service may terminate on a network, perhaps in a different country, where the quality of
service is noticeably lower, thus resulting in a poor quality call. Using traffic engineering,
operators can define specific levels of service and then enter into service level
agreements with other operators who have similar traffic engineering capabilities. This
process facilitates further interconnection between operators and networks.
 Internet

Programmability
The more programmable and re-configurable next generation networks are the more
flexible they will be, and the more they will be able to cope with new services and user
requirements. Programmability will allow for traffic engineering and the dynamic
allocation of network resources enabling next generation networks to adapt quickly to
new services or requirements.
Programmability yields more simple scalability since the less manual configuration that
has to be performed during a network upgrade the more quickly services can be expanded.
The time it takes to provision new capacity in networks can be reduced from several
weeks (in manually configurable networks) to a few hours or less through
programmability. Fully programmable networks could be upgraded remotely from a
single location eliminating the need for expensive site visits.
To aid interoperable and programmable networks open standards need to be supported by
all equipment vendors. This will mean the provisioning of open Application
Programming Interfaces (APIs) enabling developers to create software for equipment
from various vendors to operate in interconnected networks.

Scalability
Scalability is an important attribute that can help protect next generation networks from
becoming obsolete. In order to cope with growing traffic loads network operators will
have to over-provision transmission capacity (i.e. lay more fibre optics than currently
needed). Next generation network equipment will need to be scalable to allow for the
addition of capacity as required without the need to replace equipment once it reaches its
design capacity.
The more general purpose that telecommunications equipment is the greater the chance
that it can be programmed, adapted and scaled to cope with future needs.
Furthermore, next generation networks will need to be scalable in terms of address space
(i.e. the number of devices that can be connected and individually identified on a
network).

Typical Next Generation Network Elements

Some typical next generation network elements are described below:

Softswitches
Soft switches are the key component that enables next-generation networks to be built..
They can be programmed to act as gateways allowing communication between packet
based networks (e.g. IP) and traditional circuit switched networks. The soft switch can
mediate between IP-centric, or VoIP services and circuit switched telephony services
converting all of the necessary added services accordingly.Soft switches execute the same
functions as traditional switches and are completely transparent to end-users.
Telecommunications companies are embracing soft switches because they are
functionally equivalent to conventional phone switches; only better, faster, and cheaper.
Soft switches tend to be modular, smaller, and less expensive than their conventional
switching counterparts. This modularity makes scaling easy, critical when telephony
markets and technologies can change overnight. All this is accomplished without any
compromises on the high availability and reliability delivered by conventional switches.
 Internet

DSLAM
Digital Subscriber Line Access Module, used to connect multiple DSL users to the rest of
a network. A multi-service DSLAM interconnects to voice networks as well as other
data networks.

Next Generation Edge Switch

A multi-protocol switch that can connect users various access methods (e.g. ISDN, Dial-
up modem, Analogue telephony) to next generation core networks.

Broadband Access Switch

Connects broadband access networks (e.g. Broadband leased circuits) directly to core
networks. These devices connect network segments that are suitable for direct
connection to core next generation networks.

Conclusion

Today
• Multiple networks
• Simple devices
• Disparate services

Transition
• Converged packet
network
• Multimedia devices
• Linked services

Next Generation

Network(Tomorrow)

• Packet/optical network
• Multimedia services
• Ubiquitous broadband
• Integrated functionality
 Internet

The evolution from current telecommunications networks to next generation networks

will mainly be gradual and will initially develop in network cores eventually moving out
toward the network edges and the access segments. However, while some next
generation networks will evolve from existing architectures others will be developed as
entirely new networks. Nevertheless, public networks will have to integrate with one
another regardless of the level of advancement or protocol types used.
 Internet

Chapter 23

Configuration of CPE for Broad Band

Objectives
After completion of this practical you will be able to :

• Configure ADSL modem (HUAWEI MT800)

• Configure ADSL modem (HUAWEI MODEM SmartAX MT880)
• Configure ADSL modem (UTSTAR UT 300R)
• Configure ADSL modem (UTSTAR UT 300R2)
 Internet

Configuration of CPE for Broad Band

In this method first an IP address setting has to be done in the Personal
Computer(PC) and then we can proceed for configuration of ADSL modem.
At customer premises, only IP configuration is required and no installation of PPPOE
software in the PC.

1) Setting up of IP Address ,DNS ,Gateway in the PC in WINXP/WIN 2000.

a)GO to START->Settings->Control Panel->Network Connections->Local Area

Connection.
b)Select Internet Protocol(TCP/IP) and click properties and the screen appears as
follows.Please click the button against Use the following IP address.
c) Please enter the following data.
IP ADDRESS : 192.168.1.x (Where x can be between 2 to 254.)
Subnet Mask : 255.255.255.0
Gateway IP : 192.168.1.1
DNS : 192.168.1.1
d)After entering the above data CLICK OK.In windows XP/Windows 2000, the
screen appears as follows after saving.
 Internet

2) 1) Setting up of IP Address ,DNS ,Gateway in the PC in WIN98//WIN

Millinieum/NT4.
a)GO to START->Settings->Control Panel->Network->Local Area Connection.
b)Select (TCP/IP-> name of the card) and click properties
 Internet

The screen appears as follows.

Please enter the following data against the particular menus.
IP ADDRESS : 192.168.1.x (Where x can be between 2 to 254.)
Subnet Mask : 255.255.255.0
Gateway IP : 192.168.1. and Click ADD
DNS : 192.168.1.1 and HOST as BSNL and CLICK ADD.
 Internet

Click OK and the Windows will restart.

Configuration of ADSL modem (HUAWEI MT800)

1)Open the browser. Type 192.168.1.1 in the address column and enter. A dialog box will
appear:
2) Type username as : admin and
password as: admin. And then click OK.
 Internet

The Home Page of the modem appears as follows

 Internet

3) Click on ATM setting and the resulting appears as follows.

 Internet

4) Click on the radio button PPP & the resulting page will be as follows:
 Internet

5) .Please only do the following entries & leave the other entries as such.

1) Select radio button PPPOE

2) Enter service provider name as BSNL
3) Enter the user name and password as created for the particular subscriber.
4) Enable DNS
5) Afterwards click the Submit button.

After Submitting the resulting page will be as follows

 Internet

6) We see the Magnifying Glass icon at the last row. Now press the Magnifying glass
Icon. Another window pops up.The resulting POP up window will appear as follows.
 Internet

7) Select the Always on button under Change Status menu and then submit. This screen is
saved and pops up again.The resulting window will look as follows.
 Internet

8) Now click the close button ,this window closes and the previous window in the
background appears.
Now the resulting window will look as follows.
 Internet

9)Now click submit to save the settings.

Now go to Save & Reboot. The window appears as below.
Select Save and submit
 Internet

10) Instead of REBOOT, We can switch off and switch on the modem which is as good
as REBOOT.
The MODEM configuration is over and is ready for installation at customer premises.

HUAWEI MODEM SmartAX MT880 :-

1)Go to the Browser and type http://192.168.1.1 and enter. A dialog box appears as
follows. Type against User name - admin & against Password- admin and click OK.
 Internet

The Home Page will appear as shown below.

 Internet

3)Go to HOME and select WAN settings & click

 Internet

The resulting page appears as follows.

 Internet

4) Select PVC0
Select PPPOE button and the resulting page will appear as follows.
 Internet

5) Please enter the foolowing data and leave other data as such.
1) Please enter the user name & password as created for the particular subscriber.
2)Select click the enable button against DNS
3)Click APPLY .

6) A windows pops up asking you to save and reboot.

Click YES and OK.
Wait for 2 minutes till the device restarts
 Internet

7) Go to TOOLS.
Select System Settings.
Click SAVE & RESTART button.
Wait for 2 minutes till the device restarts.
Afterwards Switch OFF & ON the modem.
Now the Modem configuration is over and is ready for installation at sub premises.
 Internet

Configuration of ADSL modem (UTSTAR UT 300R)

1) Open the browser. Type 192.168.1.1 in the address column and enter. A dialog box
will appea as follows. Type username as : admin and password as: utstar and press enter.
 Internet

2) Click on ‘Bridging’ tab.

 Internet

4) There are many interface names available. Delete all entries except eth-0 clicking
 Internet

The resulting page will appear as follows:

 Internet

5) Click on RFC 1483 interface. Delete all the entries in the screen by clicking the
button
 Internet

Resulting page:
Internet
 Internet

6) Click on ATM VC. Delete all except the entries with VCI value as 16 or 35 by
clicking the button. (for example in the following screen shot delete all entries
except entries 1 and 3)

Resulting page:
 Internet

7) Click on WAN Tab. Click on PPP. There will be no PPP interface. Click on ‘Add’ key
 Internet

8) Leave all the entries as it is ans only do the following:

In the service name type ‘BSNL’

Enable DNS
Type the user name and password of the subscriber to whom the modem is going to be
made over.
Please click the submit button.After Submitting the screen re-appears after saving.
 Internet

9)Then the close the window,the resulting page will appear as follows.
 Internet

10) Click on ‘Admin’ tab and the resulting page will appear as follows.
 Internet

11) Click on Commit & Reboot.

Click on Commit key,the configuration of the modem is saved in memory.
Instead of Clicking the Reboot key,the modem can be switched off and on,which is same
as Reboot. The modem Configuration is over and now the modem is ready for installation
at subscriber premises.
 Internet

Configuration of ADSL modem (UTSTAR UT 300R2)

1) Go to any Browser and type http://192.168.1.1 and enter.
Type against Username :- admin & against Password:- utstar and Click LOGIN
 Internet

2) The resulting page will appears as follows. Go to SETUP.

 Internet

3)Click pvc 0-35 which is on the left hand side

4) The resulting will appear as follows.Go to BRIDGE(Slide Box).Select PPPOE on the

slide box.
 Internet

The resulting page will appear as follows.

5) Please enter the user name & password as created for the particular subscriber.
Go to ON DEMAND & Check the box (put a tick mark).
Go to Idle Time Out and type 0 seconds.
Go to APPLY and click it. After APPLY, the screen is saved and re-appears.
Now Close the window.
 Internet

6) Go to TOOL and the resulting page will look as follows.

 Internet

7)Click on System Commands which is on the left hand side. Now click SAVE ALL.The
configuration done on the MODEM is saved in the memory.
 Internet

Afterwards Switch off the browser & the modem.

Now the Modem configuration is over. It is now ready for installation at Subscriber
premises.
.
Internet
Internet
Internet
Internet
Internet