computer networks group presentation_2

7/31/2019 Computer Networks Group Presentation_2

1/43

Year 02 - Semester 01


2/43

Dinushka W.A.J.S. Kulatunga K.M.M. Pathirana A.P.P.M. Bandaranayake W.M.H.

Uyangoda A.I. Senarathne S.A.D.P. Jayasinghe M.R. Amarasinghe R.W.H.R. Samarasinghe K.G.


3/43

CONTENT

Site details Need for a network

Firewalls

Network overview

Mobitel firewall structure

Virtual Switching system

Connecting Over Internet

Mobitel WAN


4/43

CONTENT CONT.

MAN Varieties of MAN

MPLS

Cables and devices Level structure

Vulnerabilities and suggestions


5/43

SITE DETAILS

Location : Sri Lanka Mobitel Telecom (Pvt.) Ltd. Guidance Officer : Mr. Saman Perera

Address: Department Of Information System,

Sri Lanka Telecom Mobitel,Colombo 02.


6/43

WHY DOES MOBITEL NEED A

NETWORKING SYSTEM?

Billing

Internet Service Provision

Managing Service Providers

Railway Ticketing

Other Services


7/43

PROVIDE DIFFERENT USERS

DIFFERENT PRIVILEGES

Mobitel Branches

Data centers

Service providers


8/43


9/43

FIRE WALLS CONT.

Many personalcomputer operating systems includesoftware-based firewalls to protect againstthreats from the public Internet.Many routers that pass data between

networks contain firewall components and,conversely, many firewalls can performbasic routing functions.

Example : firewall system in windows


10/43

FIRST GENERATION: PACKET FILTER

Packet filters act by inspecting the "packets"which transfer between computers on theInternet

It stores no information on connection "state It filters each packet based only on information

contained in the packet itself Packet filtering firewalls work mainly on the

first three layers of the OSI (which means mostof the work is done between the network andphysical layers)


11/43

SECOND GENERATION:

"STATEFUL" FILTERS

Operate up to layer 4

It records all connections passingthrough it determines whether a packetis the start of a new connection, a partof an existing connection, or not part ofany connection


12/43

THIRD GENERATION: APPLICATION

LAYER

The key benefit of application layer filtering is that itcan "understand" certain applications and protocols(such as File Transfer Protocol, DNS, or webbrowsing), and it can detect if an unwanted protocolis sneaking through on a non-standard port or if aprotocol is being abused in any harmful way.

The existing deep packet inspection functionality ofmodern firewalls can be shared by Intrusion-

prevention Systems (IPS).


13/43

DIFFERENT TYPES OF FIREWALLS

Network layer or packet filters G1 Application-layer Proxies

-responding to input packets(connection requests, for example) in themanner of an application, while blocking otherpackets.

Network address translation-Hiding the addresses of protected

devices


14/43

MOBITEL NETWORK OVERVIEW


15/43

FIREWALLS


16/43

PERIMETER FIREWALL

Secondary Firewall


17/43

DUTIES OF PRIMARY FIREWALL

Layer 2 firewall (network layer firewall) 8 direct connections are used in this

firewall

Connection 3 and 4 for mobitel.lk users

Service providers are connected into thisfirewall

Railway ticketing system also

functioning through this


18/43

SECONDARY FIREWALL

Perimeter Firewall


19/43

SECONDARY FIREWALL CONT.

All data processing systems and WAN

Intranet

Internet users Billing processes


20/43

VIRTUAL SWITCHING SYSTEM


21/43

VIRTUAL SWITCHING SYSTEM C

Two equipment system

Directs the network traffic

Hundreds of servers reserved


22/43

CONNECTING A PARTNER OVE

INTERNET INTO THE SYSTEM

The partner connects into the firewall.

Firewall decides the privileges that are

given to partners.

With those privileges they are allowed toaccess relevant information


23/43

MOBITEL WAN

MOBITEL WIDE AREA


24/43

MOBITEL WIDE AREA

NETWORK Consists a Metro Ethernet Network

10GHz bandwidth

128 Kbps to 2 Mbps speed

MRTG to monitor


25/43


26/43

METROPOLITAN AREA


27/43

METROPOLITAN AREA

A region consisting of a densely populatedurban core and its less-populatedsurrounding territories

E.g. : Perth, Paris, Mumbai


28/43

METRO ETHERNET

A computer network that coversa metropolitan area

Mobitel use Metro Ethernet to connectbranch offices to their Intranet


29/43

WHY ETHERNET

Less expensivethan SONET/SDH or PDH interface of thesame bandwidth

Supports high bandwidths with finegranularity

Easily connected to the customer networks


30/43

MAN VARIETIES

Pure Ethernet MAN

Uses only layer 2 switches

Simple and cheap design


31/43

PURE ETHERNET MAN

Fragile Less stable

Higher recovery time(SPT)

Traffic engineering is very limited

SONET/SDH BASED ETHERNET


32/43

SONET/SDH-BASED ETHERNET

MANS

Intermediate technology

High level of reliability

Lesser recover time Expensive


33/43

MPLS

MPLS MULTIPROTOCOL LABEL


34/43

MPLS - MULTIPROTOCOL LABEL

SWITCHING

Directs data from one network node tothe next based on short path labelsrather than long network addresses,avoiding complex lookups in a routingtable


35/43

MPLS

Data packets are assigned labels Traffic directs using this label

This allows one to create end-to-endcircuits across any type of transport

medium Layer 2.5 protocol

MPLS works in conjunction with IP and

its routing protocols


36/43

FRAME RELAY VS. MPLS

Cheaper Use Excessive BM

Higher network managing cost

Less manageable


37/43

MPLS-BASED ETHERNET MANS


38/43

CABLES & DEVICES

USAGE OF CABLES


39/43

USAGE OF CABLES

Almost every connection is Fiber Opticsbased connections

For internal communicational purposesUTP cables are used

Fiber used are Multimode Graded indexfiber

Single mode fiber is used tocommunicate with SLT

DEVICES


40/43

DEVICES

CISCO

SUN

LEVEL STRUCTURE


41/43

Level 6Level 5

Level 4

Level 3Level 2

Level 1

Basement

Servers & Hardware

Customer Care

Power Management

LEVEL STRUCTURE

VULNERABILITIES AND


42/43

VULNERABILITIES AND

SUGGESTIONS

Connection with SLT

Receiving data from SLT

Use ASIC, TCAM and CAM-basedswitching for MPLS

Replace perimeter firewall


43/43

THANK YOU

computer networks group presentation_2

Documents