IT专业英语UNIT22 NGN network.ppt

UNIT22NGNnetwork,22-1TechnicalPart22-2ReadingMaterial,22-1TechnicalPart22-1-1DefinitionNext-generationnetwork(NGN)isabroadtermusedtodescribekeyarchitecturalevolutionsintelecommunicationcoreandaccessnetworks.ThegeneralideabehindtheNGNisthatonenetworktransportsallinformationandservices(voice,data,andallsortsofmediasuchasvideo)byencapsulatingtheseintopackets,similartothoseusedontheInternet.NGNsarecommonlybuiltaroundtheInternetProtocol,andthereforethetermallIPisalsosometimesusedtodescribethetransformationtowardNGN.,22-1-2IntroductionsNext-generationnetwork(NGN)isapacket-basednetworkwhichcanprovideservicesincludingTelecommunicationServicesandabletomakeuseofmultiplebroadband,qualityofService-enabledtransporttechnologiesandinwhichservice-relatedfunctionsareindependentfromunderlyingtransport-relatedtechnologies.Itoffersunrestrictedaccessbyuserstodifferentserviceproviders.Itsupportsgeneralizedmobilitywhichwillallowconsistentandubiquitousprovisionofservicestousers.,Fromapracticalperspective,NGNinvolvesthreemainarchitecturalchangesthatneedtobelookedatseparately:1.CorenetworkInthecorenetwork,NGNimpliesaconsolidationofseveral(dedicatedoroverlay)transportnetworkseachhistoricallybuiltforadifferentserviceintoonecoretransportnetwork(oftenbasedonIPandEthernet).,Itimpliesamongstothersthemigrationofvoicefromacircuit-switchedarchitecture(PSTN)toVoIP,andalsomigrationoflegacyservicessuchasX.25,framerelay(eithercommercialmigrationofthecustomertoanewservicelikeIPVPN,ortechnicalemigrationbyemulationofthe“legacyservice”ontheNGN).,2.AccessnetworkInthewiredaccessnetwork,NGNimpliesthemigrationfromthedualsystemoflegacyvoicenexttoxDSLsetupinlocalexchangestoaconvergedsetupinwhichtheDSLAMsintegratevoiceportsorVoIP,makingitpossibletoremovethevoiceswitchinginfrastructurefromtheexchange.,Inthecableaccessnetwork,NGNconvergenceimpliesmigrationofconstantbitratevoicetoCableLabsPacketCablestandardsthatprovideVoIPandSIPservices.BothservicesrideoverDOCSISasthecabledatalayerstandard.,InanNGN,thereisamoredefinedseparationbetweenthetransport(connectivity)portionofthenetworkandtheservicesthatrunontopofthattransport.Thismeansthatwheneveraproviderwantstoenableanewservice,theycandosobydefiningitdirectlyattheservicelayerwithoutconsideringthetransportlayeri.e.servicesareindependentoftransportdetails.Increasinglyapplications,includingvoice,tendtobeindependentoftheaccessnetworkandwillresidemoreonend-userdevices(phone,PC,set-topbox).,3.H.323Next-generationnetworksarebasedonInternettechnologiesincludingInternetProtocol(IP)andmultiprotocollabelswitching(MPLS).Attheapplicationlevel,SessionInitiationProtocol(SIP)seemstobetakingoverfromITU-TH.323.,InitiallyH.323wasthemostpopularprotocol,thoughitspopularitydecreasedinthe“localloop”duetoitsoriginalpoortraversalofnetworkaddresstranslation(NAT)andfirewalls.ForthisreasonasdomesticVoIPserviceshavebeendeveloped,SIPhasbeenmorewidelyadopted.Howeverinvoicenetworkswhereeverythingisunderthecontrolofthenetworkoperatorortelco,manyofthelargestcarriersuseH.323astheprotocolofchoiceintheircorebackbones.SoreallySIPisausefultoolforthe“localloop”andH.323islikethe“fiberbackbone”.,WiththemostrecentchangesintroducedforH.323,itisnowpossibleforH.323devicestoeasilyandconsistentlytraverseNATandfirewalldevices,openingupthepossibilitythatH.323mayagainbelookeduponmorefavorablyincaseswheresuchdevicesencumbereditsusepreviously.Nonetheless,mostofthetelcosareextensivelyresearchingandsupportingIPMultimediaSubsystem(IMS),whichgivesSIPamajorchanceofbeingthemostwidelyadoptedprotocol.,4.VoIPForvoiceapplicationsoneofthemostimportantdevicesinNGNisaSoftswitchaprogrammabledevicethatcontrolsVoiceoverIP(VoIP)calls.ItenablescorrectintegrationofdifferentprotocolswithinNGN.ThemostimportantfunctionoftheSoftswitchiscreatingtheinterfacetotheexistingtelephonenetwork,PSTN,throughSignallingGatewaysandMediaGateways.However,theSoftswitchasatermmaybedefineddifferentlybythedifferentequipmentmanufacturersandhavesomewhatdifferentfunctions.BelowFigure22-1showstheIMSnetworksolutionforPSTNservice.,OnemayquiteoftenfindthetermGatekeeperinNGNliterature.ThiswasoriginallyaVoIPdevice,whichconverted(usinggateways)voiceanddatafromtheiranalogordigitalswitched-circuitform(PSTN,SS7)tothepacket-basedone(IP).Itcontrolledoneormoregateways.AssoonasthiskindofdevicestartedusingtheMediaGatewayControlProtocol,thenamewaschangedtoMediaGatewayController(MGC).ACallAgentisageneralnamefordevices/systemscontrollingcalls.,Figure22-1IMSnetworksolutionforPSTNservice,5.IPMultimediaTheIPMultimediaSubsystem(IMS)isastandardisedNGNarchitectureforanInternetmedia-servicescapabilitydefinedbytheEuropeanTelecommunicationsStandardsInstitute(ETSI)andthe3rdGenerationPartnershipProject(3GPP).BelowFigure22-2showscommunicationapplicationofweb2.0style.,Figure22-2Web2.0stylecommunicationandcommunitynetwork,22-1-3ApplicationCaseorExample1.CASE1:ApplicationinIPV6IPV6isoneofapplicationsofNGN,whichisrevisionoftheInternetProtocol(IP)developedbytheInternetEngineeringTaskForce(IETF).IPv6isintendedtosucceedIPv4,whichisthedominantcommunicationsprotocolformostInternettrafficasof2012.IPv6wasdevelopedtodealwiththelong-anticipatedproblemofIPv4runningoutofaddresses.IPv6implementsanewaddressingsystemthatallowsforfarmoreaddressestobeassignedthanwithIPv4.,EachdeviceontheInternet,suchasacomputerormobiletelephone,mustbeassignedanIPaddressinordertocommunicatewithotherdevices.Withtheever-increasingnumberofnewdevicesbeingconnectedtotheInternet,thereisaneedformoreaddressesthanIPv4canaccommodate.IPv6uses128-bitaddresses,allowingfor2128,orapproximately3.41038addresses.IPv4uses32-bitaddresses,allowingforonly4,294,967,296uniqueaddressesworldwide.,IPv6addresses,ascommonlydisplayedtousers,consistofeightgroupsoffourhexadecimaldigitsseparatedbycolons,forexample2001:0db8:85a3:0042:0000:8a2e:0370:7334.ThedeploymentofIPv6isaccelerating,withaWorldIPv6Launchhavingtakenplaceon6June2012,inwhichmajorinternetserviceproviders,especiallyincountriesthathadbeenlagginginIPv6adoption,deployedIPv6addressestoportionsoftheirusers.DatafromArborNetworksshowedapeakof0.2%ofInternettrafficonIPv6duringthelaunch.,2.CASE2:ApplicationinVOIPIfyouveneverheardofVoIP,getreadytochangethewayyouthinkaboutlong-distancephonecalls.VoIP,orVoiceoverInternetProtocol,isamethodfortakinganalogaudiosignals,likethekindyouhearwhenyoutalkonthephone,andturningthemintodigitaldatathatcanbetransmittedovertheInternet.VoIPisarevolutionarytechnologythathasthepotentialtocompletelyreworktheworldsphonesystems.VoIPproviderslikeVonagehavealreadybeenaroundforawhileandaregrowingsteadily.,TheinterestingthingaboutVoIPisthatthereisnotjustonewaytoplaceacall.Therearethreedifferent“flavors”ofVoIPserviceincommonusetoday:ATA:ThesimplestandmostcommonwayisthroughtheuseofadevicecalledanATA(analogtelephoneadaptor).TheATAallowsyoutoconnectastandardphonetoyourcomputeroryourInternetconnectionforusewithVoIP.TheATAisananalog-to-digitalconverter.,IttakestheanalogsignalfromyourtraditionalphoneandconvertsitintodigitaldatafortransmissionovertheInternet.ProviderslikeVonageandAT&TCallVantagearebundlingATAsfreewiththeirservice.YousimplycracktheATAoutofthebox,plugthecablefromyourphonethatwouldnormallygointhewallsocketintotheATA,andyourereadytomakeVoIPcalls.,IPPhones:Thesespecializedphoneslookjustlikenormalphoneswithahandset,cradleandbuttons.ButinsteadofhavingthestandardRJ-11phoneconnectors,IPphoneshaveanRJ-45Ethernetconnector.IPphonesconnectdirectlytoyourrouterandhaveallthehardwareandsoftwarenecessaryrightonboardtohandletheIPcall.Wi-FiphonesallowsubscribingcallerstomakeVoIPcallsfromanyWi-Fihotspot.,Computer-to-computer:ThisiscertainlytheeasiestwaytouseVoIP.Youdontevenhavetopayforlong-distancecalls.Thereareseveralcompaniesofferingfreeorverylow-costsoftwarethatyoucanuseforthistypeofVoIP.Allyouneedisthesoftware,amicrophone,speakers,asoundcardandanInternetconnection,preferablyafastonelikeyouwouldgetthroughacableorDSLmodem.ExceptforyournormalmonthlyISPfee,thereisusuallynochargeforcomputer-to-computercalls,nomatterthedistance.ThebelowFigure22-3istheVOIPnetworkarchitecture.,Figure22-3VOIPnetworkarchitecture,22-2ReadingMaterial22-2-1ReadingComprehensionSecuringVoIPVoIPtelephonesystemsaresusceptibletoattacksasanyotherInternet-connecteddevices.Thismeansthathackerswhoknowaboutthesevulnerabilities(suchasinsecurepasswords)caninstitutedenial-of-serviceattacks,harvestcustomerdata,recordconversationsandbreakintovoicemailboxes.,AnotherchallengeisroutingVoIPtrafficthroughfirewallsandnetworkaddresstranslators.PrivateSessionBorderControllersareusedalongwithfirewallstoenableVoIPcallstoandfromprotectednetworks.Forexample,SkypeusesaproprietaryprotocoltoroutecallsthroughotherSkypepeersonthenetwork,allowingittotraversesymmetricNATsandfirewalls.OthermethodstotraverseNATsinvolveusingprotocolssuchasSTUNorInteractiveConnectivityEstablishment(ICE).,ManyconsumerVoIPsolutionsdonotsupportencryption,althoughhavingasecurephoneismucheasiertoimplementwithVoIPthantraditionalphonelines.Asaresult,itisrelativelyeasytoeavesdroponVoIPcallsandevenchangetheircontent.AnattackerwithapacketsniffercouldinterceptyourVoIPcallsifyouarenotonasecureVLAN.However,physicalsecurityoftheswitcheswithinanenterpriseandthefacilitysecurityprovidedbyISPsmakepacketcapturelessofaproblemthanoriginallyforeseen.Furtherresearchhasshownthattappingintoafiberopticnetworkwithoutdetectionisdifficultifnotimpossible.ThismeansthatonceavoicepacketiswithintheInternetbackboneitisrelativelysafefrominterception.,Thereareopensourcesolutions,suchasWireshark,thatfacilitatesniffingofVoIPconversations.Securingthecontentofconversationsfrommaliciousobserversrequiresencryptionandcryptographicauthenticationwhichissometimesdifficulttofindataconsumerlevel.TheexistingsecuritystandardSecureReal-timeTransportProtocol(SRTP)andthenewZRTPprotocolareavailableonAnalogTelephoneAdapters(ATAs)aswellasvarioussoftphones.ItispossibletouseIPsectosecureP2PVoIPbyusingopportunisticencryption.In2005,Skypeinvitedaresearcher,DrTomBerson,toassessthesecurityoftheSkypesoftware,andhisconclusionsareavailableinapublishedreport.,TopreventtheabovesecurityconcernsgovernmentandmilitaryorganizationsareusingvoiceoversecureIP(VoSIP),securevoiceoverIP(SVoIP),andsecurevoiceoversecureIP(SVoSIP)toprotectconfidentialandclassifiedVoIPcommunications.SecurevoiceoversecureIPisaccomplishedbyencryptingVoIPwithprotocolssuchasSRTPorZRTP.SecurevoiceoverIPisaccomplishedbyusingType1encryptiononaclassifiednetwork,likeSIPRNet.PublicSecureVoIPisalsoavailablewithfreeGNUprogramsandinmanypopularcommercialVoIPprogramsvialibrariessuchasZRTP.,Words&Expressionssecuringadj.固定住的；作为固定用的v.保卫；弄牢固(secure的ing形式)susceptibleadj.易受影响的；易感动的；容许的vulnerabilitiesn.易损性；弱点insecureadj.不安全的；不稳定的；不牢靠的institutevt.开始(调查)；制定；创立；提起(诉讼),firewalln.防火墙skypen.网络电话(一个网络语音沟通工具)proprietaryadj.所有的；专利的；私人拥有的symmetricadj.对称的；匀称的encryptionn.加密；加密术implementvt.实施，执行；实现，使生效eavesdropvi.偷听，窃听,sniffern.嗅探器；嗅探犬；以鼻吸毒者interceptvt.拦截；截断；窃听enterprisen.企业；事业；进取心；事业心facilityn.设施；设备；容易；灵巧capturevt.俘获；夺得n.捕获；战利品，俘虏,backbonen.支柱；计主干网；决心，毅力；脊椎maliciousadj.恶意的；恶毒的；蓄意的；怀恨的cryptographicadj.关于暗号的，用密码写的authenticatevt.鉴定；证明是真实的protocoln.协议；草案；礼仪opportunisticadj.机会主义的；投机取巧的,22-2-2ExercisesI.MultipleChoices.1.Hackerswhoknowaboutthesevulnerabilities(suchasinsecurepasswords)can_.A.institutedenial-of-serviceattacksB.harvestcustomerdataC.recordconversationsD.breakintovoicemailboxes,2.IfyouarenotonasecureVLAN,anattackerwithapacketsniffercouldinterceptyour_.A.VoIPcallsB.SkypeC.EmailsD.VoIPcallsandSkype,3.ToprotectconfidentialandclassifiedVoIPcommunications,militaryorganizationsuse_.A.SRTPorZRTPB.voiceoversecureIP(VoSIP)C.securevoiceoverIP(SVoIP)D.securevoiceoversecureIP(SVoSIP),4.WhichofthebelowdescriptionofsecuringVoIPisNOTCORRECTaccordingthepassage?A.VoIPtelephonesystemsaresusceptibletoattacksasareanyInternet-connecteddevices.B.PrivateSessionBorderControllersareusedalongwithfirewallstodisenableVoIPcallstoandfromprotectednetworks.C.ManyconsumerVoIPsolutionsdonotsupportencryption,althoughhavingasecurephoneismucheasiertoimplementwithVoIPthantraditionalphonelines.D.itisre