Equal Access to Multiple Networks
RBB will afford consumers access to multiple content providers through a common Access Network. As an example, your local phone network offers free and equal access to multiple long-distance providers and Internet service providers.
The same term and concept can be applied to data service. For example, a parent might want to be connected to work, while his daughter might want to surf the Internet for recreational or educational use. The father could use an Access Network that provides transit to his corporate network. The corporate network should appear to him just as if he were connected to a LAN at work. This network always would be connected, fast, secure, and accessible to all corporate applications. The daughter, who simply needs Internet access, has no particular service requirements other than connectivity.
The work-at-home requirement involves a number of complications. First, the connection must be authenticated by the corporate network. Second, the work-at-home user should be a part of the corporate IP numbering plan rather than the Access Network numbering plan. Both these requirements exist for security reasons and do not apply to the casual Internet user. How can a single Access Network interface accommodate both users?
The approach for this is called tunneling. Tunneling is the encapsulation of a user's data packet within another packet, which is referred to as the tunnel. The inner packet is the user's real data. The outer packet refers to the carrier network providing the equal access. An illustrative tunneling technique is called the Layer 2 Tunneling Protocol (L2TP). Its role is illustrated in Figure 8-2. The user establishes a PPP connection to an authentication server on the Access Network. The L2TP provides open connectivity to multiple content providers, which the user specifies in the PPP packet. In the voice case, the user specifies the destination by dialing a phone number. In the IP case, the user specifies a destination domain, such as cisco.com.
Figure 8-2. Layer 2 Tunneling Protocal (L2TP)
The L2TP process, described in Figure 8-2, follows these steps:
The remote user initiates PPP, and the Network Access Server (NAS) accepts the call.
The NAS authenticates the remote user (by verifying username, password, and destination domain) using a security server.
The corporate gateway confirms acceptance of the call and the L2TP tunnel.
The NAS logs acceptance.
The security server authenticates the remote user and accepts or rejects the tunnel.
The corporate gateway exchanges PPP information with the remote user. An IP address is assigned by the corporate gateway to the remote user.
End-to-end data is tunneled between the remote user and the corporate gateway. The remote user is logically connected to the corporate internal network.
The daughter's connection can be made directly to the public Internet without an L2TP tunnel. The NAS forwards her packets to the Internet without intervention of the security server. For further details on L2TP, see the Cisco home page at www.cisco.com and search for L2TP.