S 5.60 Selection of a suitable backbone technology

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Head of IT, Administrator

The selection of the network protocol for the backbone is a decisive factor in protecting the availability of the applications in a local network because the protocol selected has a major influence on the performance of the network and on the available bandwidth. If the underlying cabling was planned without considering specific services (e.g. proprietary solutions, see T 2.45 Conceptual deficiencies of a network), then it is possible in principle to switch to a backbone technology without any problems. However, such a switch generally requires a considerable expenditure of organisational, personnel, and financial resources.

It is impossible to provide a general recommendation for the selection of a certain backbone technology from a security perspective because numerous individual aspects need to be considered. The following therefore illustrates the advantages and disadvantages of the most important network access protocols.

There are four basic technologies: Ethernet, Token Ring, FDDI, and ATM, which can be illustrated as follows:

Ethernet

The Ethernet technology is described in the Institute of Electrical and Electronics Engineers (IEEE) 802.3 standard and is based on the CSMA/CD (Carrier Sense Multiple Access/Collision Detection) access method. With this method, all end devices are granted the same rights to access the transmission medium even though it can only be used exclusively by one end device at a time. As soon as an end device data wants to transmit data, it first checks if the medium is available for use (carrier sense). If this is the case, then it starts transmitting the data. If this happens simultaneously on several end devices (multiple access), then a collision occurs, which is then detected by the end devices affected (collision detection). The end devices then check if the medium is available again and transmit data again if it is available.

CSMA/CD is a stochastic method and cannot guarantee the availability of a certain amount of bandwidth. For this reason, it is less suitable for use with multimedia applications, for example, than a method with fixed bandwidths. It is therefore generally impossible on Ethernet-based networks to guarantee a specific quality of service (QoS). Gigabit Ethernets have parameters available for configuring the QoS.

There are four different versions of Ethernets that differ primarily in the supported transmission rate and in the requirements on the cable infrastructure and active network components:

• Standard Ethernet
  
  Standard Ethernet has been in use for a long time and is the forerunner of the other versions.
  
  It provides transmission rates of up to 10 Mbit/s. Standard Ethernet requires the use of twisted-pair cabling (CAT3 at a minimum) with active switching units such as hubs or switches, bus-like BNC cabling, connection to an AUI interface, or optical fibre cables. Few vendors still support hardware for pure standard Ethernet networks. Modern devices allow more data throughput at the same cost and also allow the transmission rate to be restricted to 10 Mbit/s for downward compatibility reasons. In practice, hardware which only supports standard Ethernet should only be purchased in exceptional cases. If all devices involved support more recent Ethernet versions, then a faster method such as Fast Ethernet should be used.
• Fast Ethernet
  
  Due to the increasing number of networked computers and the resulting increase in network loads, it was necessary to enhance Standard Ethernet to meet the increased demands. This led to the development of Fast Ethernet with its transmission rate of 100 Mbit/s. Presently, this rate is sufficient for most local networks and has the added advantage that the established CSMA/CD technology can continue to be used. Due to the low cost, Fast Ethernet should be used at a minimum to connect the end devices to the access switch.
• Gigabit Ethernet
  
  Since the introduction of Fast Ethernet proved so successful, demand for an even faster backbone technology based on Ethernet increased. This led to the founding of the Gigabit Ethernet Alliance (GEA) by several renowned manufacturers who wanted to achieve transmission rates of up to 1 Gbit/s. Due to the falling cost of Gigabit Ethernet, it is used more and more often to connect end devices to the access switch. If copper is selected as the transmission medium, then CAT-5 cable should be used at a minimum. Since this cable is also frequently used for Fast Ethernet, it may be possible to switch to Gigabit Ethernet using an existing cable infrastructure.
• 10 Gigabit Ethernet
  
  The next generation of the Ethernet is 10 Gigabit Ethernet (10Gbit/s). 10 Gigabit Ethernet allows information to be exchanged using eight different types of transmission media. In addition to copper cable (CAT-6 at a minimum, although CAT-7 is better), there are seven types of fibre optic cables that can be used. Due to the high price and the lack of widespread use of 10 Gigabit Ethernet, the use of 10 Gigabit Ethernet only makes sense in backbones.

Token Ring

The Token Ring technology is described in the IEEE 802.5 standard and is based on the Token Passing technology. In Token Ring technology, a special data packet (the "token") circulates around the ring to determine which end device is allowed to use the transmission medium.

If an end device captures the token, it then takes control of the medium and passes the token to the next end device. This guarantees that only a single device has control over the medium at any one time.

In contrast to the Ethernet, this deterministic method prevents individual end devices from having to wait for an indeterminate time when the network load is high until they are allowed to send. It is possible in a Token Ring to define a fixed maximum wait time instead.

A Token Ring network is usually designed physically as a dual ring, which considerably increases the availability of the network since a faulty point due to the failure of a station or an interruption in one of the rings can be bypassed using the second ring. Token Ring allows a transmission rate of 4 or 16 Mbit/s, and so cannot be recommended as a backbone technology for most local networks. The available bandwidth is too narrow. In mid-September of 1997, the "High Speed Token Ring Alliance" (HSTR) was founded by several renowned manufacturers with the goal of reaching transmission rates of 100 Mbit/s (and 1 Gbit/s later). To reach such speeds, the IEEE 802.5 standard will be extended by the middle of 1998. Since this version of the standard is still in development, its use cannot be recommended at the present time.

FDDI

The FDDI (Fiber Distributed Data Interface) standard was defined in 1989 by ANSI and is based on the Token Passing method just like Token Ring. However, the Early Token Release technology is used in this case as well. With technology, the token is passed to the next end device directly after the last data packet. This reduces the idle times in the ring and allows it to offer more bandwidth.

FDDI uses optical fibre cables as the transmission medium, and provides a transmission rate of 100 Mbit/s. Due to its high throughput, FDDI is ideal for use in the backbone area. Additional advantages include its high level of fault tolerance due to the use of a dual ring topology and its insensitivity to electromagnetic interference due to the use of optical fibre cables. In contrast to Ethernet, FDDI is also suitable for runtime-dependent multimedia applications because it can guarantee a maximum delay time.

If both rings are used for transmission, then a transmission rate of up to 200 Mbit/s is possible, although the advantage of a higher level of fault tolerance is lost in this case because it is impossible when one ring fails to switch over automatically to the other ring.

However, FDDI components are more expensive than Ethernet components offering comparable functions, which means the benefits gained through the use of FDDI always need to be weighed up against the higher cost.

FDDI can also be operated on copper cables, in which case it is referred to as CDDI (Copper Distributed Data Interface).

ATM

ATM is an abbreviation for Asynchronous Transfer Mode. ATM is a transmission method which is very suitable for use in the backbone of a network and which can also provide real-time services in the network.

With ATM, all information is transferred in packets of fixed length that are referred to as cells. The information can contain any type of data, including audio and video data, for example. Due to the uniform length of the packets, it is possible for the ATM switches to process the cells almost entirely using hardware components, and it is therefore possible to achieve higher throughputs. The delay when transmitting information of any type can therefore be calculated so that guaranteed bandwidths can be allocated to individual applications. ATM is therefore a very suitable technology for multimedia applications because a calculable real-time response, and therefore a certain Quality of Service (QoS), can be guaranteed. This means that every device connected can be allocated the required bandwidth statically or dynamically.

The transmission itself is based on the principle of virtual connections. In this case, the end devices communicating are not assigned to fixed channels and the cells are only transported through the network over a predefined route once they have been generated. The transmission rates that can be reached using this method are usually 25 Mbit/s, 155 Mbit/s, or 622 Mbit/s.

ATM components are still very expensive at the present time, though, and ATM components should be integrated into the existing components using other technologies in the local network in order to protect the investment. However, ATM does not support broadcasts or the use of MAC addresses, which is a prerequisite for the use of most protocol stacks such as TCP/IP or SPX/IPX. There are three different approaches to a solution to this problem:

• Classical IP-over-ATM (CIP)
  
  RFC 1577 (Classical IP-over-ATM), a standard that allows end devices with the TCP/IP protocol stack to use ATM as a transport medium, was developed to use IP over ATM.
• LAN Emulation (LANE)
  
  In this case, all LAN technologies relevant to the clients are emulated in Layer 2 of the OSI model. ATM then appears to the clients to be an Ethernet or Token Ring network, for example. This makes communication between conventional LANs and ATMs possible.
• Multiprotocol-over-ATM (MPOA)
  
  MPOA is basically an enhancement of classic ATM and LANE. In contrast to LANE, MPOA operates in layer 3 of the OSI model and uses LANE for transmission purposes in layer 2.
  
  As a result, MPOA implements bridging (layer 2) as well as routing (layer 3) and therefore can be used to set up a fully routed ATM network. At the same time, MPOA retains all the advantages of the ATM technology such as guaranteed bandwidths for certain applications, for example.

Furthermore, it must be noted that compatibility and interoperability of ATM components from different manufacturers cannot be guaranteed at the present time, and ATM components need to be checked for compatibility and interoperability on a case-by-case basis.

As already mentioned above, it is impossible to provide general recommendations for the selection of a suitable backbone technology. The choice of a backbone technology depends on the security requirements as well as on criteria relating to long-term sustainability, economic efficiency, scalability, and the ability to integrate existing components. Only certain types of cable may be used depending on the protocol selected (e.g. optical fibre cable for FDDI), and each type of cable is in turn subject to specific length restrictions (see also S 5.2 Selection of an appropriate network topography).

Review questions:

• Are the availability, bandwidth, and performance requirements for the backbone area of the local network formulated and documented?
• Was the selection of a suitable backbone technology based on the determined requirements?