Public address, private address
However, when there are fewer and fewer public addresses, a special case is made that ports connected one-to-one may not be assigned IP addresses. Now, the convention in this scenario is not to assign IP addresses to ports, which is called unnumbered.
If the router is used to access the Internet, the parameters delivered by BAS will be configured on the router, and the public address is also assigned to the router. In this way, the computer has no public address.
At this point, the computer is assigned a private address, and the packet sent by the computer needs to be translated through the router before being forwarded to the Internet.
However, some applications will not work properly due to address translation, and this should be noted. This is because some applications need to communicate their IP address to the communication object or to the control server, but this cannot be done with address translation.
Surfing the Internet without a router is also a bit of a concern because the computer connected to the Internet has a public address, which means that packets from the Internet can reach the computer directly, which can lead to an attack. Therefore, for the direct Internet access to the client computer, we should take the installation of firewall software and other defense means.
PPPoA,PPPoE
Use PPPoA ADSL access network, because FTTH [optical fiber] does not use cell, so he cannot use PPPoA, but use PPPoE.
In PPPoE mode, ADSL first loads PPP messages into Ethernet packets and then separates Ethernet packets into cell. In PPPoA mode, PPP messages are directly loaded into cell.
A PPP message is the same as a PPPoE message because the MAC header and PPPoE header are added at the beginning of the message. Therefore, password verification, TCP/IP configuration parameter delivery, and packet sending and receiving are basically the same as PPPoE messages.
Since PPPoA has no MAC header, PPP messages cannot be transmitted over Ethernet, which means that the devices that need to send and receive PPP messages with BAS, namely computers and routers, must be integrated with ADSL Modem, otherwise PPP mechanism will not work.
The first is to connect the computer and ADSL Modem with USB interface, so that the ADSL Modem and the computer become one.
Another way is to combine the ADSL Modem and router into one device.
When using PPPoA, when there is a problem with address translation, this method is not easy to deal with, because we can not switch off the router and use the computer to access the Internet directly.
DHCP
PPPoE reduces network efficiency, and PPPoA also has the limitation that ADSL modems and routers cannot be separated. Both problems are actually caused by PPP. Therefore, some operators do not use PPP and use DHCP protocol to deliver TCP/IP configuration information from BAS to clients.
DHCP is often used to deliver TCP/IP configuration information to client computers over the corporate network. First the client requests the configuration information, and then the DHCP server delivers the configuration information. It is very simple and does not require multiple steps like PPP or authentication of user name and password.
The lack of a username and password means that you cannot switch carrier networks using a username, but this approach has the advantage of simply transferring Ethernet packets directly without the need to add additional PPP headers, so it does not consume Mtus.
The ADSL Modem used by DHCP carriers is also different from PPPoE and PPPoA. This ADSL Modem does not use cell, but directly converts Ethernet packets into ADSL signals, so there is no problem that the ADSL Modem and router cannot be separated.
POP
The network packet has now reached the network carrier’s router through the access network. This is the gateway to the Internet, where network packets enter the Internet.
The entity of the Internet is not a single network operated and managed by a single organization, but is composed of multiple carrier networks connected to each other.
Access networks such as ADSL and FTTH are connected to the carrier devices that users have signed up for, called POP. POP is the carrier side of the device. It’s also the gateway to the Internet.
The structure of POP varies according to the type of access network and the service type of the operator.
POP includes various types of routers, which basically work the same way, but are divided into different types based on their roles.
The first is the dedicated line, where the router is a normal router with a communication line port. A dedicated line does not require functions such as user authentication and configuration delivery. Therefore, a common router can be used.
Next comes the access network of telephone, ISDN and other dial-up methods, where the router is called RAS.
Dial-up access requires an answer to the user’s action to dial the phone, and RAS provides this function.
Next are PPPoE ADSL and FTTH. In PPPoE mode, ADSL and FTTH access services use BAS, and carriers’ routers are connected to BAS.
The identity authentication and configuration delivery operations of PPPoE are carried out by the BAS of the access service provider, while the router of the carrier is only responsible for packet forwarding. Therefore, common routers are also used here.
If ADSL is connected in PPPoA mode, the working process will be different. DSLAM connects to BAS of ADSL operator through ATM switch, and then connects to router of ADSL operator.
Because there are so many lines to connect, a router needs to be equipped with a large number of ports, but the number of network packets that can be transmitted is relatively small because the rate of access to the network is lower than that of the Internet’s core network. Therefore, cheap routers with lots of ports are suitable for these scenarios.
NOC
The router on the left in the figure is used to connect the operator with the core NOC and other POP. Packets sent by all routers connected to the access network are concentrated here and the line rate is relatively high. Therefore, a router with high forwarding performance and data throughput needs to be equipped here.
Nocs are operators’ core devices, where network packets from POP are gathered and forwarded to POP, which is closer to their destination, or to other operators. High-performance routers are also needed here.
Some of the products in high-performance carriers’ routers have data throughput of more than 1 Tbit/s (T stands for 1012). , and the average individual-oriented router’s data throughput is around 100 Mbit/s, a difference of more than 10,000 times.
NOC is a scaled up POP.
Operator work
The equipment room of a company usually uses twisted pair cables to connect devices. However, the carrier’s network needs to transmit a large number of packets, which exceeds the maximum capacity of twisted pair cables. Therefore, optical fibers are generally used.
The interior of the building can be directly connected by wiring, and for the distant NOC and POP, there are several ways to connect them.
For operators with their own optical fiber, the simplest option is to connect NOC and POP directly with optical fiber.
What about other carriers? In fact, it is not difficult. You just need to rent the fiber from other companies, but not the fiber itself.
Companies that own fiber optic cables generally offer fiber optic rental services. Take the telephone company as an example, the telephone company will transmit voice data in the optical fiber it owns. However, one optical fiber does not transmit only one voice data. The optical fiber can be reused, and one voice data only accounts for a part of its communication capability. In other words, phone companies can lease a portion of their fiber optic capacity to customers.
This is true whether the nature of the business is telephone or Internet. This service is called line service.
If the final destination Web server and client are connected to the same carrier, the POP router should have corresponding forwarding targets in its routing table.
The router determines the forwarding destination based on the information in the routing table, which may be a NOC or a neighboring POP. In either case, the router will forward the packet, and the next router will also forward the packet based on the information in its routing table.
After a few forwards, the network packet arrives at the Web server’s POP router, and from there it is forwarded on to the Web server.
What if the server has a different carrier than the client? In this case, network packets need to be sent to the carrier where the server resides first, and this information can also be found in the routing table, because the carrier’s routers exchange routing information with other carriers’ routers.
For the routers inside the Internet, no matter whether the final destination belongs to the same carrier or not, it can be checked from the routing table. Therefore, as long as the routers forward packets according to the destination address in the routing table one after another, they will surely reach the POP where the Web server is located. That way, we can send packages anywhere, including to the other side of the globe.
Let’s take a look at how carriers exchange routing information and update routers automatically.
Simply ask the connected router to inform you of the routing information. Once you have the routing information of the other router, you can know all the networks that the other router is connected to, write this information into your routing table, and then send packets to those networks.
After obtaining the routing information of the peer party, we need to inform the peer party of our own routing information.
The mechanism used here is called BGP, the Border network Management protocol.
Based on the content of the routing information, this routing exchange can be divided into two types. One is to inform each other of all routes in the Internet
Carrier D can send packets to all carriers.
Such a way of sending network packets through carrier D is called forwarding.
Another type is that two carriers only inform each other of routing information related to their respective networks. In this way, only the two networks can send and receive network packets to each other. This mode is called non-switching, also called peer.
There are differences in routing and switching between companies and carriers.
The approach used in the company is to find the shortest route to the destination and forward the packet according to the shortest route, so all the routers in the vicinity are treated equally.
In the Internet, an object can be specified for routing and switching.
That would allow carriers to provide routing information only to those that pay for it, and prevent those that don’t pay from sending packets.
IX
When linking between various operators, if all are one-to-one links, operators will be difficult after more. Set up a central device to reduce the number of lines by connecting to the central device, called IX.
IX buildings are equipped with self-generating equipment and have some seismic capability. In fact, such requirements are not limited to IX, carrier NOCS are the same.
The core of IX is a Layer 2 switch with a large number of high-speed Ethernet ports. The basic principles of layer 2 switches are the same as those of general switches, and you can assume that the core of IX is a large, high-speed switch.
The next step is to connect each carrier’s router to the IX core switch.
When operator NOC and IX are located in the same building, simply extend the optical fiber from NOC to connect to the IX switch.
If NOC and IX are not in the same building.
One is a communication line that extends from the router to the IX switch. The other option is to move the router to the IX machine room, connect the router to the NOC by communication line, and then connect the router to the IX switch.
Operators can connect directly to each other or through IX, and either way, the network packet will eventually arrive at the operator where the server resides and then enter the server side network via POP.
The location of the server
The process by which network packets arrive at the server from the Internet varies depending on where the server is deployed.
The server is deployed directly on the corporate network, and the network packet goes directly to the server after passing through the router in the nearest POP, the access network, and the server-side router.
Such server deployments used to be common, but are no longer the norm. Here are a few reasons:
The first reason is the lack of IP addresses. This approach requires assigning public addresses to all devices on the corporate network, including servers and client computers
Another reason is security. In this way, packets from the Internet enter the server indiscriminately, which means that the server is seen as “streaking” by an attacker. Of course, we can strengthen the server’s own defenses against attacks, which can reduce the risk to some extent.
Therefore, we now generally deploy firewalls. A firewall acts like a customs, allowing only network packets destined for a specified application on a specified server to pass through, thereby blocking other packets that are not allowed through.
Even then the risk does not go to zero, because if there is a security hole in an application that allows external access, it can still be attacked.
You can also put the server in a data center managed by a network operator, or rent the server directly provided by the operator.
The data center is directly connected to the NOC, the core part of the operator, or to the hub IX between the operators.
Data centers are directly connected to the core of the Internet via high-speed lines, so deploying servers there can achieve high access speeds, which is very effective when servers are heavily visited.
Data centers are usually housed in buildings with earthquake-resistant structures, equipped with their own power generation facilities and 24-hour access control, which can be said to be more secure than those in corporate offices.
Data centers are also more secure in that they provide additional services such as server status monitoring, firewall configuration and operation, and intrusion monitoring.