Linux Networking Concepts

1. Introduction Welcome, gentle reader. I have written a number of networking HOWTOs in the past, and it occurred to me that there's a hell of pile of jargon in each one. I had three choices: my other two were ignoring the problem and explaining the terms everywhere. Neither was attractive. The point of Free software is that you should have the freedom to explore and play with the software systems you use. I believe that enabling people to experience this freedom is a noble goal; not only do people feel empowered by the pursuit (such as rebuilding a car engine) but the nature of the modern Internet and Free software allows you to share the experience with millions. But you have to start somewhere, so here we are. (C) 2000 Paul `Rusty' Russell. Licenced under the GNU GPL.

2. What is a `computer network'? A computer network is just a set of stuff for nodes to talk to each other (by `nodes' I mean computers, printers, Coke machines and whatever else you want). It doesn't really matter how they are connected: they could use fiber-optic cables or carrier pigeons. Obviously, some choices are better than others (especially if you have a cat). Usually if you just connect two computers together, it's not called a network; you really need three or more to become a network. This is a bit like the word `group': two people is just a couple of guys, but three can be an `group'. Also, networks are often hooked together, to make bigger networks; each little network (usually called a `sub-network') can be part of a larger network. The actual connection between two computers is often called a `network link'. If there's a bit of cable running out of the back of your machine to the other machines, that's your network link. There are four things which we usually care about when we talk about a computer network: Size If you simply connect your four computers at home together, you have what is called a LAN (Local Area Network). If everything is within walking distance, it's usually called a LAN, however many machines are connected to it, and whatever you've built the network out of. The other end of the spectrum is a WAN (Wide Area Network). If you have one computer in Lahore, Pakistan, one in Birmingham, UK and one in Santiago, Chile, and you manage to connect them, it's a WAN.

Topology: The Shape Draw a map of the network: lines are the network links, and each node is a dot. Maybe each line leads into a central node like a big star, meaning that everyone talks through one point (a `star topology'): o o o \_ | _/ \|/ o-----o-----o _/|\_ / | \ o o o

Maybe everyone talks in a line, like so: o------o------o-------o--------o | | | | | o | | o | o

Or maybe you have three subnetworks connected through one node: o o | o--o--o | | | o--o--o--o--o o \ | o------o / | o--o--o--o--o o | | | o | o--o o

You'll see many topologies like these in real life, and many far more complicated. Physical: What It's Made Of The second thing to care about is what you've built the network out of. The cheapest is `sneakernet', where badly-dressed people carry floppy disks from one machine to the others. Sneakernet is almost always a LAN. Floppies cost less than $1, and a solid pair of sneakers can be got for around $20. The most common system used to connect home networks to far bigger networks is called a `modem' (for MODulator/DEModulator), which turns a normal phone connection into a network link. It turns the stuff the computer sends into sounds, and listens to sounds coming from the other end to turn them back into stuff for the computer. As you can imagine, this isn't very efficient, and phone lines weren't designed for this use, but it's popular because phone lines are so common and cheap: modems sell for less than $50, and phone lines usually cost a couple of hundred dollars a year.

The most common way to connect machines into a LAN is to use Ethernet. Ethernet comes in these main flavors (listed from oldest to newest): Thinwire/Coax/10base2, UTP (Unshielded Twisted Pair)/10baseT and UTP/100baseT. Gigabit ethernet (the name 1000baseT is starting to get silly) is starting to be deployed, too. 10base2 wire is usually black coaxial cable, with twist-on T-pieces to connect them to things: everyone gets connected in a big line, with special `terminator' pieces on the two ends. UTP is usually blue wire, with clear `click-in' phone-style connectors which plug into sockets to connect: each wire connects one node to a central `hub'. The cable is a couple of dollars a meter, and the 10baseT/10base2 cards (many cards have plugs for both) are hard to get brand new. 100baseT cards, which can also speak 10baseT as well, are ten times faster, and about $30. On the other end of the spectrum is Fiber; a continuous tiny glass filament wrapped in protective coating which can be used to run between continents. Generally, fiber costs thousands. We usually call each connection to a node a `network interface', or `interface' for short. Linux gives these names like `eth0' for the first ethernet interface, and `fddi0' for the first fiber interface. The `/sbin/ifconfig' command lists them. Protocol: What It's Speaking The final thing to care about is the language the two are speaking. When two modems are talking to each other down a phone line, they need to agree what the different sounds mean, otherwise it simply won't work. This convention is called a `protocol'. As people discovered new ways of encoding what the computer says into smaller sounds, new protocols were invented; there are at least a dozen different modem protocols, and most modems will try a number of them until they find one the other end understands. Another example is the 100baseT network mentioned above: it uses the same physical network links ( UTP) as 10baseT above, but talks ten times as fast. These two protocols are what are called `link-level' protocols; how stuff is handed over the individual network links, or `one hop'. The word `protocol' also refers to other conventions which are followed, as we will see next.

3. What is the `Internet'? The Internet is a WAN which spans the entire globe: it is the largest computer network in existence. The phrase `internetworking' refers to connecting separate networks to build a larger one, hence `The Internet' is the connection of a whole pile of subnetworks. So now we look at the list above and ask ourselves: what is the Internet's size, physical details and protocols? The size is already established above: it's global. The physical details are varied however: each little sub-network is connected differently, with a different

layout and physical nature. Attempts to map it in a useful way have generally met with abject failure. The protocols spoken by each link are also often different: all of the link-level protocols listed above are used, and many more.

3.1 How Does The Internet Work? The question then arises: how come every node on the Internet can talk to the others, if they all use different link-level protocols to talk to each other? The answer is fairly simple: we need another protocol which controls how stuff flows through the network. The link-level protocol describes how to get from one node to another if they're connected directly: the `network protocol' tells us how to get from one point in the network to any other, going through other links if necessary. For the Internet, the network protocol is the Internet Protocol (version 4), or `IP'. It's not the only protocol out there (Apple's AppleTalk, Novell's IPX, Digital's DECNet and Microsoft's NetBEUI being others) but it's the most widely adopted. There's a newer version of IP called IPv6, but it's still not common. So to send a message from one side of the globe to another, your computer writes a bit of Internet Protocol, sends it to your modem, which uses some modem link-level protocol to send it to the modem it's dialed up to, which is probably plugged into a terminal server (basically a big box of modems), which sends it to a node inside the ISP's network, which sends it out usually to a bigger node, which sends it to the next node... and so on. A node which connects two or more networks is called a `router': it will have one interface for each network. We call this array of protocols a `protocol stack', usually drawn like so: [ Application: Handles Porn ] [ Application Layer: Serves Porn ] | ^ v | [ TCP: Handles Retransmission ] [ TCP: Handles Retransmission ] | ^ v | [ IP: Handles Routing ] [ IP: Handles Routing ] | ^ v | [ Link: Handles A Single Hop ] [ Link: Handles A Single Hop ] | | +------------------------------------------+

So in the diagram, we see Netscape (the Application on top left) retrieving a web page from a web server (the Application on top right). To do this it will use `Transmission Control Protocol' or `TCP': over 90% of the Internet traffic today is TCP, as it is used for Web and EMail. So Netscape makes the request for a TCP connection to the remote web server: this is handed to the TCP layer, which hands it to the IP layer, which figures out which direction it has to go in, hands it onto the

appropriate link layer, which transmits it to the other end of the link. At the other end, the link layer hands it up to the IP layer, which sees it is destined for this host (if not, it might hand it down to a different link layer to go out to the next node), hands it up to the TCP layer, which hands it to the server. So we have the following breakdown: 1. The application (Netscape, or the web server at the other end) decides who it wants to talk to, and what it wants to send). 2. The TCP layer sends special packets to start the conversation with the other end, and then packs the data into a TCP `packet': a packet is just a term for a chunk of data which passes through a network. The TCP layer hands this packet to the IP layer: it then keeps sending it to the IP layer until the TCP layer at the other end replies to say that it has received it. This is called `retransmission', and has a whole heap of complex rules which control when to retransmit, how long to wait, etc. It also gives each packet a set of numbers, which mean that the other end can sort them into the right order. 3. The IP layer looks at the destination of the packet, and figures out the next node to send the packet to. This simple act is called `routing', and ranges from really simple (if you only have one modem, and no other network interfaces, all packets should go out that interface) to extremely complex (if you have 15 major networks connected directly to you).

4. This IP Thing So the role of the IP layer is to figure out how to `route' packets to their final destination. To make this possible, every interface on the network needs an `IP address'. An IP address consists of four numbers separated by periods, like `167.216.245.249'. Each number is between zero and 255. Interfaces in the same network tend to have neighboring IP addresses. For example, `167.216.245.250' sits right next to the machine with the IP address `167.216.245.249'. Remember also that a router is a node with interfaces on more than one network, so the router will have one IP address for each interface. So the Linux Kernel's IP layer keeps a table of different `routes', describing how to get to various groups of IP addresses. The simplest of these is called a `default route': if the IP layer doesn't know better, this is where it will send a packet onwards to. You can see a list of routes using `/sbin/route'. Routes can either point to a link, or a particular node which is connected to another network. For example, when you dial up to the ISP, your default route will point to the modem link, because that's where the entire world is. Rusty's ISP's ~~~~~~~~~~~~ Modem Modem { } o------------------o { The Internet } { } ~~~~~~~~~~~~

But if you have a permanent machine on your network which connects to the outside world, it's a bit more

complicated. In the diagram below, my machine can talk directly to Tridge and Paul's machines, and to the firewall, but it needs to know that packets heading the rest of the world need to go to the firewall, which will pass them on. This means that you have two routes: one which says `if it's on my network, just send it straight there' and then a default route which says `otherwise, send it to the firewall'. o Tridge's | Work Machine ~~~~~~~~~~~~ Rusty's | { } Work Machine o--------+-----------------o--{ The Internet } | Firewall { } | ~~~~~~~~~~~~ o Paul's Work Machine

4.1 Groups of IP Addresses: Network Masks There is one last detail: there is a standard notation for groups of IP addresses, sometimes called a `network address'. Just like a phone number can be broken up into an area prefix and the rest, we can divide an IP address into a network prefix and the rest. It used to be that people would talk about `the 1.2.3 network', meaning all 256 addresses from 1.2.3.0 to 1.2.3.255. Or if that wasn't a big enough network, they might talk about the `1.2 network' which meant all addresses from 1.2.0.0 to 1.2.255.255. We usually don't write `1.2.0.0 - 1.2.255.255'. Instead, we shorten it to `1.2.0.0/16'. This weird `/16' notation (it's called a `netmask') requires a little explanation. Each number between the dots in an IP address is actually 8 binary digits (00000000 to 11111111): we write them in decimal form to make it more readable for humans. The `/16' means that the first 16 binary digits is the network address, in other words, the `1.2.' part is the the network (remember: each digit represents 8 binary digits). This means any IP address beginning with `1.2.' is part of the network: `1.2.3.4' and `1.2.3.50' are, and `1.3.1.1' is not. To make life easier, we usually use networks ending in `/8', `/16' and `/24'. For example, `10.0.0.0/8' is a big network containing any address from 10.0.0.0 to 10.255.255.255 (over 16 million addresses!). 10.0.0.0/16 is smaller, containing only IP addresses from 10.0.0.0 to 10.0.255.255. 10.0.0.0/24 is smaller still, containing addresses 10.0.0.0 to 10.0.0.255. To make things confusing, there is another way of writing netmasks. We can write them like IP addresses: 10.0.0.0/255.0.0.0

Finally, it's worth noting that the very highest IP address in any network is reserved as the `broadcast address', which can be used to send a message to everyone on the network at once. Here is a table of network masks: Short Full Maximum Comment

Form Form #Machines /8 /255.0.0.0 16,777,215 Used to be called an `A-class' /16 /255.255.0.0 65,535 Used to be called an `B-class' /17 /255.255.128.0 32,767 /18 /255.255.192.0 16,383 /19 /255.255.224.0 8,191 /20 /255.255.240.0 4,095 /21 /255.255.248.0 2,047 /22 /255.255.252.0 1,023 /23 /255.255.254.0 511 /24 /255.255.255.0 255 Used to be called a `C-class' /25 /255.255.255.128 127 /26 /255.255.255.192 63 /27 /255.255.255.224 31 /28 /255.255.255.240 15 /29 /255.255.255.248 7 /30 /255.255.255.252 3

5. Machine Names and IP Addresses So every interface on every node has an IP address. It was realized quite quickly that humans are pretty bad at remembering numbers, so it was decided (just like phone numbers) to have a directory of names. But since we're using computers anyway, it's nicer to have the computer look up the names for us automatically. Hence we have the Domain Name System (DNS). There are nodes with well known IP addresses which programs can ask to look up names, and return IP addresses. Almost all programs you will use are capable of doing this, which is why you can put `www.linuxcare.com' into Netscape, instead of `167.216.245.249'. Of course, you need the IP address of at least one of these `name servers': usually these are kept in the `/etc/resolv.conf' file. Since DNS queries and responses are fairly small (1 packet each), the TCP protocol is not usually used: it provides automatic retransmission, ordering and general reliability, but at a cost of sending extra packets through the network. Instead we use the very simple `User Datagram Protocol', which doesn't offer any of the fancy TCP features we don't need.

6. Different Services: Email, Web, FTP, Name Serving In the earlier example, we showed Netscape sending a TCP request to a web server running on another node. But imagine that the node with the web server is also running an Email server, an FTP server and a name server: how does it know which server the TCP connection is for? This is where TCP and UDP have a concept of `ports'. Every packet has space for a `destination port', which says what service the packet is for. For example, TCP port 25 is the mail server, and TCP port 80 is the web server (although sometimes you find web servers on different ports). A list of ports can be found in `/etc/services'.

Also, if two Netscape windows are both accessing different parts of the same web site, how does the Linux box running Netscape sort out the TCP packets coming back from the web server? This is where the `source port' comes in: every new TCP connection gets a different source port, so everyone can tell them apart, even if they are going to the same destination IP address and the same destination port. Usually the first source port given will be 1024, and will increase over time.

7. Dialup Interfaces: PPP When you dial your modem to an ISP, and it connects to their modem, the kernel doesn't just shove IP packets through it. There is a protocol called `Point-to-Point Protocol', or `PPP', which is used to negotiate with the other end before any packets are allowed through. This is used by the ISP to identify who is dialed up: on your Linux box, a program called the `PPP daemon' handles your end of the negotiation. Because there are so many dialup users in the world, they usually don't have their own IP address: most ISPs will assign you one of theirs temporarily when you dial up (the PPP daemon will negotiate this). This is often called a `dynamic IP address', as separate from a `static IP address' which is the normal case where you have your own address permanently. Usually they are assigned by modem: the next time you dial up, you will probably get a different modem in the modem pool, and hence a different IP address.

8. What Packets Look Like For the exceptionally curious (and the curiously exceptional), here is a description of what a packet actually looks like. There are several tools which watch what packets are passing in and out of your Linux box: the most common one is `tcpdump' (which understands more than TCP these days), but a nicer one is `ethereal'. Such programs are known as `packet sniffers'. The start of each packet says where it's going, where it came from, the type of the packet, and other administrative details. This part is called the `packet header'. The rest of the packet, containing the actual data being transmitted, is usually called the `packet body'. So any IP packet begins with an `IP header': at least 20 bytes long. It looks like (this diagram stolen shamelessly from RFC 791): .-------+-------+---------------+-------------------------------. |Version| IHL |Type of Service| Total Length | |-------+-------+---------------+-------------------------------| | Identification |Flags| Fragment Offset | |---------------+---------------+-------------------------------| | Time to Live | Protocol | Header Checksum | |---------------+---------------+-------------------------------| | Source Address | |---------------------------------------------------------------| | Destination Address | `---------------------------------------------------------------'

The important fields are the Protocol, which indicates whether this is a TCP packet (number 6), a UDP packet

(number 17) or something else, the Source IP Address, and the Destination IP Address. Now, if the protocol fields says this is a TCP packet, then a TCP header will immediately follow this IP header: the TCP header is also at least 20 bytes long: .-------------------------------+-------------------------------. | Source Port | Destination Port | |-------------------------------+-------------------------------| | Sequence Number | |---------------------------------------------------------------| | Acknowledgment Number | |-------------------+-+-+-+-+-+-+-------------------------------| | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | |-------+-----------+-+-+-+-+-+-+-------------------------------| | Checksum | Urgent Pointer | `---------------------------------------------------------------'

The most important fields here are the source port, and destination port, which says which service the packet is going to (or coming from, in the case of reply packets). The sequence and acknowledgement numbers are used to keep packets in order, and tell the other end what packets have been received. The ACK, SYN, RST and FIN flags (written downwards) are single bits which are used to negotiate the opening (SYN) and closing (RST or FIN) of connections. Following this header comes the actual message which the application sent (the packet body). A normal packet is up to 1500 bytes: this means that the most space the data can take up is 1460 bytes (20 bytes for the IP header, and 20 for the TCP header): over 97%.

Summary So the modern Internet uses IP packets to communicate, and most of these IP packets use TCP inside. Special nodes called `routers' connect all the little networks together into larger networks, and pass these packets through to their destination. Most normal machines are only attached to one network (ie. have only one interface), and so are not routers. Every interface has a unique IP address, which look like `1.2.3.4': interfaces in the same network will have related IP addresses, with the same start, the same way that phone connections in the same area have the same prefix. These network addresses look like IP addresses, with a `/' to say how much of them is the prefix, eg `1.2.0.0/16' means the first two digits is the network address: each digit represents 8 bits. Machines are given names by the Domain Name Service: programs ask name servers to give them the IP address, given a name like `www.linuxcare.com'. This IP address is then used as the destination IP address to talk to that node. Rusty is really bad at writing documentation, especially for beginners.

Enjoy! Rusty.

Learning Path: Basic Network Concepts BASIC NETWORK CONCEPTS...circuit - network - node - topology - bus - ring - campus - backbone - bridge - switch packet - circuit-switched - packet-switched - frame - virtual circuit - local area network - wide area network - metropolitan area nework - duplex - gateway - giant - runt - Quality of Service (QoS) - network operations center (NOC) - BER

Circuit 1) In electronics, a circuit is a path between two or more points along which an electrical current can be carried. (A circuit breaker is a device that interrupts the path when necessary to protect other devices attached to the circuit - for example, in case of a power surge.)

2) In telecommunications, a circuit is a discrete (specific) path between two or more points along which signals can be carried. Unless otherwise qualified, a circuit is a physical path, consisting of one or more wires (or wireless paths) and possibly intermediate switching points. A network is an arrangement of circuits. In a dial-up (switched) connection, a circuit is reserved for use by one user for the duration of the calling session. In a dedicated or leased line arrangement, a circuit is reserved in advance and can only be used by the owner or renter of the circuit. A virtual circuit, sometimes called a logical circuit, is a path between two or more points that seems like a fixed physical path, but actually is one path out of many possible physical paths that can be arranged. A permanent virtual circuit(PVC) is a virtual circuit that provides a guaranteed connection between two or more points when needed without having to reserve or commit to a specific physical path in advance. This allows many companies to share a common pool of circuits. This approach is used in a frame relay network and offers a committed set of resources to a telephone company customer at a lower price than if the customer leases their own circuits. A switched virtual circuit (SVC) is similar to a permanent virtual circuit, but allows users to dial in to the network of virtual circuits.

Network In information technology, a network is a series of points or nodes interconnected by communication paths. Networks can interconnect with other networks and contain subnetworks.

The most common topology or general configurations of networks include the bus, star, Token Ring, and mesh topologies. Networks can also be characterized in terms of spatial distance as local area networks (LANs), metropolitan area networks (MANs), and wide area networks (WANs). A given network can also be characterized by the type of data transmission technology in use on it (for example, a TCP/IP or Systems Network Architecture network); by whether it carries voice, data, or both kinds of signals; by who can use the network (public or private); by the usual nature of its connections (dial-up or switched, dedicated or nonswitched, or virtual connections); and by the types of physical links (for example, optical fiber, coaxial cable, and Unshielded Twisted Pair). Large telephone networks and networks using their

infrastructure (such as the Internet) have sharing and exchange arrangements with other companies so that larger networks are created.

Node In a network, a node is a connection point, either a redistribution point or an end point for data transmissions. In general, a node has programmed or engineered capability to recognize and process or forward transmissions to other nodes.

Topology A topology (from Greek topos meaning place) is a description of any kind of locality in terms of its layout. In communication networks, a topology is a usually schematic description of the arrangement of a network, including its nodes and connecting lines. There are two ways of defining network geometry: the physical topology and the logical (or signal) topology.

The physical topology of a network is the actual geometric layout of workstations. There are several common physical topologies, as described below and as shown in the illustration.

In the bus network topology, every workstation is connected to a main cable called the bus. Therefore, in effect, each workstation is directly connected to every other workstation in the network. In the star network topology, there is a central computer or server to which all the workstations are directly connected. Every workstation is indirectly connected to every other through the central computer.

In the ring network topology, the workstations are connected in a closed loop configuration. Adjacent pairs of workstations are directly connected. Other pairs of workstations are indirectly connected, the data passing through one or more intermediate nodes. A variation of the ring network topology is known as the Token Ring. In this scheme, the signal travels in only one direction or senses around the ring, carried by a so-called token from node to node. The mesh network topology employs either of two schemes, called full mesh and partial mesh. In the full mesh topology, each workstation is connected directly to each of the others. In the partial mesh topology, some workstations are connected to all the others, and some are connected only to those other nodes with which they exchange the most data. The tree network topology uses two or more star networks connected together. The central computers of the star networks are connected to a main bus. Thus, a tree network is a bus network of star networks. Logical (or signal) topology refers to the nature of the paths the signals follow from node to node. In many instances, the logical topology is the same as the physical topology. But this is not always the case. For example, some networks are physically laid out in a star configuration, but they operate logically as bus or ring networks.

Bus In a computer or on a network, a bus is a transmission path on which signals are dropped off or picked up at every device attached to the line. Only devices addressed by the signals pay attention to them; the others discard the signals. According to Winn L. Rosch, the term derives from its similarity to autobuses that stop at every town or block to drop off or take on riders

In general, the term is used in two somewhat different contexts: (1) A bus is a network topology or circuit arrangement in which all devices are attached to a line directly and all signals pass through each of the devices. Each device has a unique identity and can recognize those signals intended for it. (2) In a computer, a bus is the data path on the computer's motherboard that interconnects the microprocessor with attachments to the motherboard in expansion slots (such as hard disk drives, CD-ROM drives, and graphics adapters).

Ring Also see Web ring.

A ring is a network topology or circuit arrangement in which each device is attached along the same signal path to two other devices, forming a path in the shape of a ring. Each device in the ring has a unique address.

Information flow is unidirectional and a controlling device intercepts and manages the flow to and from the ring. The Token Ring is the most prevalent form of ring network.

Campus In telecommunications, a campus is a physically contiguous association of locations such as several adjacent office buildings. Typically, such areas require one or more local area networks and bridging, routing, and aggregation equipment based on situational needs.

Backbone A backbone is a larger transmission line that carries data gathered from smaller lines that interconnect with it. 1) At the local level, a backbone is a line or set of lines that local area networks connect to for a wide area network connection or within a local area network to span distances efficiently (for example, between buildings).

2) On the Internet or other wide area network, a backbone is a set of paths that local or regional networks connect to for long-distance interconnection. The connection points are known as network nodes or telecommunication data switching exchanges (DSEs).

Bridge In telecommunication networks, a bridge is a product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, Ethernet or Token Ring). You can envision a bridge as being a device that decides whether a message from you to someone else is going to the local area network in your building or to someone on the local area network in the building across the street. A bridge examines each message on a LAN, "passing" those known to be within the same LAN, and forwarding those known to be on the other interconnected LAN (or LANs).

In bridging networks, computer or node addresses have no specific relationship to location. For this reason, messages are sent out to every address on the network and accepted only by the intended destination node. Bridges learn which addresses are on which network and develop a learning table so that subsequent messages can be forwarded to the right network. Bridging networks are generally always interconnected local area networks since broadcasting every message to all possible destinations would flood a larger network with unnecessary traffic. For this reason, router networks such as the Internet use a scheme that assigns addresses to nodes so that a message or packet can be forwarded only in one general direction rather than forwarded in all directions. A bridge works at the data-link (physical network) level of a network, copying a data frame from one network to the next network along the communications path. A bridge is sometimes combined with a router in a product called a brouter. Switch

In a telecommunications network, a switch is a device that channels incoming data from any of multiple input ports to the specific output port that will take the data toward its intended destination. In the traditional circuit-switched telephone network, one or more switches are used to set up a dedicated though temporary connection or circuit for an exchange between two or more parties. On an Ethernet local area network (LAN), a switch determines from the physical device (Media Access Control or MAC) address in each incoming message frame which output port to forward it to and out of. In a wide area packet-switched network such as the Internet, a switch determines from the IP address in each packet which output port to use for the next part of its trip to the intended destination. In the Open Systems Interconnection (OSI) communications model, a switch performs the layer 2 or Data-Link layer function. That is, it simply looks at each packet or data unit and determines from a physical address (the "MAC address") which device a data unit is intended for and switches it out toward that device. However, in wide area networks such as the Internet, the destination address requires a look-up in a routing table by a device known as a router. Some newer switches also perform routing functions (layer 3 or the Network layer functions in OSI) and are sometimes called IP switches. On larger networks, the trip from one switch point to another in the network is called a hop. The time a switch takes to figure out where to forward a data unit is called its latency. The price paid for having the flexibility that switches provide in a network is this latency. Switches are found at the backbone and gateway levels of a network where one network connects with another and at the subnetwork level where data is being forwarded close to its destination or origin. The former are often known as core switches and the latter as desktop switches. In the simplest networks, a switch is not required for messages that are sent and received within the network. For example, a local area network may be organized in a Token Ring or bus arrangement in which each possible destination inspects each message and reads any message with its address. Circuit-Switching version Packet-Switching A network's paths can be used exclusively for a certain duration by two or more parties and then switched for use to another set of parties. This type of "switching" is known as circuit-switching and is really a dedicated and continuously connected path for its duration. Today, an ordinary voice phone call generally uses circuit-switching.

Most data today is sent, using digital signals, over networks that use packet-switching. Using packetswitching, all network users can share the same paths at the same time and the particular route a data unit travels can be varied as conditions change. In packet-switching, a message is divided into packets, which are units of a certain number of bytes. The network addresses of the sender and of the destination are added to the packet. Each network point looks at the packet to see where to send it next. Packets in the same message may travel different routes and may not arrive in the same order that they were sent. At the destination, the packets in a message are collected and reassembled into the original message.

Packet A packet is the unit of data that is routed between an origin and a destination on the Internet or any other packetswitched network. When any file (e-mail message, HTML file, Graphics Interchange Format file, Uniform Resource Locator request, and so forth) is sent from one place to another on the Internet, the Transmission Control Protocol (TCP) layer of TCP/IP divides the file into "chunks" of an efficient size for routing. Each of these packets is separately numbered and includes the Internet address of the destination. The individual packets for a given file may travel different routes through the Internet. When they have all arrived, they are reassembled into the original file (by the TCP layer at the

receiving end).

A packet-switching scheme is an efficient way to handle transmissions on a connectionless network such as the Internet. An alternative scheme, circuit-switched, is used for networks allocated for voice connections. In circuit-switching, lines in the network are shared among many users as with packet-switching, but each connection requires the dedication of a particular path for the duration of the connection. "Packet" and "datagram" are similar in meaning. A protocol similar to TCP, the User Datagram Protocol(UDP) uses the term datagram.

Circuit-switched Circuit-switched is a type of network in which a physical path is obtained for and dedicated to a single connection between two end-points in the network for the duration of the connection. Ordinary voice phone service is circuitswitched. The telephone company reserves a specific physical path to the number you are calling for the duration of your call. During that time, no one else can use the physical lines involved.

Circuit-switched is often contrasted with packet-switched. Some packet-switched networks such as the X.25 network are able to have virtual circuit-switching. A virtual circuit-switched connection is a dedicated logical connection that allows sharing of the physical path among multiple virtual

Packet-switched Packet-switched describes the type of network in which relatively small units of data called packets are routed through a network based on the destination address contained within each packet. Breaking communication down into packets allows the same data path to be shared among many users in the network. This type of communication between sender and receiver is known as connectionless (rather than dedicated). Most traffic over the Internet uses packet switching and the Internet is basically a connectionless network.

Contrasted with packet-switched is circuit-switched, a type of network such as the regular voice telephone network in which the communication circuit (path) for the call is set up and dedicated to the participants in that call. For the duration of the connection, all resources on that circuit are unavailable for other users. Voice calls using the Internet's packet-switched system are possible. Each end of the conversation is broken down into packets that are reassembled at the other end. Another type of digital network that uses packet-switching is the X.25 network, a widely-installed commercial wide area network protocol. Internet protocol packets can be carried on an X.25 network. The X.25 network can also support a virtual circuit in which a logical connection is established for two parties on a dedicated basis for some duration. A permanent virtual circuit (PVC) reserves the path on an ongoing basis and is an alternative for corporations to a system of leased lines. A permanent virtual circuit is a dedicated logical connection but the actual physical resources can be shared among multiple logical connections or users.

Frame 1) In telecommunications, a frame is data that is transmitted between network points as a unit complete with addressing and necessary protocol control information. A frame is usually transmitted serial bit by bit and contains a header field and a trailer field that "frame" the data. (Some control frames contain no data.)

Here is a simple representation of a frame, based on the frame used in the frame relay access standard: -----------Header-------

Flag (01111110)

Address field

----------Trailer---------

Information (data) field (0-4096 bytes)

Frame check sequence

Flag (01111110)

In the figure above, the flag and address fields constitute the header. The frame check sequence and second flag fields constitute the trailer. The information or data in the frame may contain another encapsulated frame that is used in a higher-level or different protocol. In fact, a frame relay frame typically carries data that has been framed by an earlier protocol program. 2) In time-division multiplexing (TDM), a frame is a complete cycle of events within the time division period. 3) In film and video recording and playback, a frame is a single image in a sequence of images that are recorded and played back. 4) In computer video display technology, a frame is the image that is sent to the display image rendering devices. It is continuously updated or refreshed from a frame buffer, a highly accessible part of video RAM. 5) In artificial intelligence (AI) applications, a frame is a set of data with information about a particular object, process, or image. An example is the iris-print visual recognition system used to identify users of certain bank automated teller machines. This system compares the frame of data for a potential user with the frames in its database of authorized users.

Virtual circuit A virtual circuit is a circuit or path between points in a network that appears to be a discrete, physical path but is actually a managed pool of circuit resources from which specific circuits are allocated as needed to meet traffic requirements.

A permanent virtual circuit (PVC) is a virtual circuit that is permanently available to the user just as though it were a dedicated or leased line continuously reserved for that user. A switched virtual circuit (SVC) is a virtual circuit in which a connection session is set up for a user only for the duration of a connection. PVCs are an important feature of frame relay networks and SVCs are proposed for later inclusion.

Local area network A local area network (LAN) is a group of computers and associated devices that share a common communications line or wireless link and typically share the resources of a single processor or server within a small geographic area (for example, within an office building). Usually, the server has applications and data storage that are shared in common by multiple computer users. A local area network may serve as few as two or three users (for example, in a home network) or as many as thousands of users (for example, in an FDDI network).

Major local area network technologies are:

Ethernet Token Ring FDDI

Ethernet is by far the most commonly used LAN technology. A number of corporations use the Token Ring technology. FDDI is sometimes used as a backbone LAN interconnecting Ethernet or Token Ring LANs. Another LAN technology, ARCNET, once the most commonly installed LAN technology, is still used in the industrial automation industry. Typically, a suite of application programs can be kept on the LAN server. Users who need an application frequently can download it once and then run it from their local hard disk. Users can order printing and other services as needed through applications run on the LAN server. A user can share files with others at the LAN server; read and write access is maintained by a LAN administrator. A LAN server may also be used as a Web server if safeguards are taken to secure internal applications and data from outside access. In some situations, a wireless LAN may be preferable to a wired LAN because it is cheaper to install and maintain.

Wide area network A wide area network (WAN) is a geographically dispersed telecommunications network. The term distinguishes a broader telecommunication structure from a local area network (LAN). A wide area network may be privately owned or rented, but the term usually connotes the inclusion of public (shared user) networks. An intermediate form of network in terms of geography is a metropolitan area network (MAN).

Duplex In telecommunication, duplex communication means that both ends of the communication can send and receive signals at the same time. full-duplex communication is the same thing. half-duplex is also bidirectional communication but signals can only flow in one direction at a time. Simplex communication means that communication can only flow in one direction and never flow back the other way.

An ordinary telephone conversation is a duplex communication. Most inexpensive speakerphones in conference rooms are half-duplex communication. (If you're speaking, you can't hear anyone else interrupt. You have to pause to let others speak.)

Gateway A gateway is a network point that acts as an entrance to another network. On the Internet, a node or stopping point can be either a gateway node or a host (end-point) node. Both the computers of Internet users and the computers that serve pages to users are host nodes. The computers that control traffic within your company's network or at your local Internet service provider (ISP) are gateway nodes.

In the network for an enterprise, a computer server acting as a gateway node is often also acting as a proxy server and a firewall server. A gateway is often associated with both a router, which knows where to direct a given

packet of

data that arrives at the gateway, and a switch, which furnishes the actual path in and out of the gateway for a given packet.

Runt In networks, a runt is a packet that is too small. For example, the Ethernet protocol requires that each packet be at least 64 bytes long. In Ethernet, which operates on the idea that two parties can attempt to get use of the line at the same time and sometimes do, runts are usually the fragments of packet collisions. Runts can also be the result of bad wiring or electrical interference. Runts are recorded by programs that use the Remote Network Monitoring (RNM) standard information base for network adminstration. RMON calls them "undersize packets".

A giant is a packet that's oversize.

***************************************** **************************** Networking Basics - Key Concepts in Computer Networking Begin your study of computer networking basics by exploring these key concepts and essential technologies. What is (Computer) Networking? Networking is the practice of linking computing devices together with hardware and software that supports data communications across these devices. Networking Basics Interactive Q&A Answer this series of common questions about basic computer networking concepts to quickly expand your knowledge of the topic. Visual Networking Basics This guide presents the essential concepts of computer networks in a sequence of visual illustrations designed to teach networking basics by example. Connecting Two Computers for File Sharing The simplest kind of home network contains exactly two computers. You can use this kind of network to share files, a printer or another peripheral device, and even an Internet connection. To connect two computers for sharing network resources, consider these alternatives. Network Routers A router is a small hardware device that joins multiple networks together. These networks can include wired or wireless home networks, and the Internet. LAN - Local Area Network A LAN supplies networking capability to a group of computers in close proximity to each other such as in an office building, a school or a home. LANs are useful for sharing resources or applications like files, printers and games.

What Is a Network Protocol? Protocols serve as a language of communication among network devices. Network protocols like HTTP, TCP/IP, and SMTP provide a foundation that much of the Internet is built on. Find out more about these protocols and how they work. TCP/IP - Transmission Control Protocol / Internet Protocol TCP/IP provides connection-oriented communication between network devices. TCP/IP is very commonly used both on the Internet and in home computer networks. Firewall A firewall guards a computer against unauthorized network access. Firewalls are one of the essential elements of a safe home or business network. Networking Basics: Ethernet Ethernet is a physical and data link layer technology for local area networks (LANs). Ethernet is reliable and inexpensive, the leading standard worldwide for building wired LANs. Networking Basics: Switch A network switch is a small hardware device that joins multiple computers together at a low-level network protocol layer. Switches differ in important ways from both routers and hubs. Network Addresses Network addresses give computers unique identities they can use to communicate with each other. Specifically, IP addresses and MAC addresses are used on most home and business networks.

A. In the world of computers, networking is the practice of linking two or more computing devices together for the purpose of sharing data. Networks are built with a mix of computer hardware and computer software.

Area Networks Networks can be categorized in several different ways. One approach defines the type of network according to the geographic area it spans. Local area networks (LANs), for example, typically reach across a single home, whereas wide area networks (WANs), reach across cities, states, or even across the world. The Internet is the world's largest public WAN.

Network Design Computer networks also differ in their design. The two types of high-level network design are called client-server and peer-to-peer. Client-server networks feature centralized server computers that store email, Web pages, files and or applications. On a peer-to-peer network, conversely, all computers tend to support the same functions. Client-server networks are much more common in business and peer-to-peer networks much more common in homes. A network topology represents its layout or structure from the point of view of data flow. In so-called "bus" networks, for example, all of the computers share and communicate across one common conduit, whereas in a "star" network, all data flows through one centralized device. Common types of network topologies include

bus, ring and mesh.

Network Protocols In networking, the communication language used by computer devices is called the protocol. Yet another way to classify computer networks is by the set of protocols they support. Networks often multiple protocols to support specific applications. Popular protocols include TCP/IP, the most common protocol found on the Internet and in home networks.

Wired vs Wireless Networking Many of the same network protocols, like TCP/IP, work in both wired and wireless networks. Networks with Ethernet cables has predominated in businesses, schools, and homes for several decades. Recently, however, wireless networking alternatives have emerged as the premier technology for building new computer networks. Definition: Routers are physical devices that join multiple wired or wireless networks together. Technically, a wired or wireless router is a Layer 3 gateway, meaning that the wired/wireless router connects networks (as gateways do), and that the router operates at the network layer of the OSI model. Home networkers often use an Internet Protocol (IP) wired or wireless router, IP being the most common OSI network layer protocol. An IP router such as a DSL or cable modem broadband router joins the home's local area network (LAN) to the wide-area network (WAN) of the Internet. By maintaining configuration information in a piece of storage called the "routing table," wired or wireless routers also have the ability to filter traffic, either incoming or outgoing, based on the IP addresses of senders and receivers. Some routers allow the home networker to update the routing table from a Web browser interface. Broadband routers combine the functions of a router with those of a network switch and a firewall in a single unit. Definition: A local area network (LAN) supplies networking capability to a group of computers in close proximity to each other such as in an office building, a school, or a home. A LAN is useful for sharing resources like files, printers, games or other applications. A LAN in turn often connects to other LANs, and to the Internet or other WAN. Most local area networks are built with relatively inexpensive hardware such as Ethernet cables, network adapters, and hubs. Wireless LAN and other more advanced LAN hardware options also exist. Specialized operating system software may be used to configure a local area network. For example, most flavors of Microsoft Windows provide a software package called Internet Connection Sharing (ICS) that supports controlled access to LAN resources. The term LAN party refers to a multiplayer gaming event where participants bring their own computers and build a temporary LAN.

LANs, WANs, and Other Area Networks It’s about more than distance

Computer networks come in many different shapes and sizes. Over the years, the networking industry has coined terms like "LAN" and "WAN" attempting to define sensible categories for the major types of network designs. The precise meaning of this terminology remains lost on the average person, however.

Area Networks For historical reasons, the industry refers to nearly every type of network as an "area network." The most commonly-discussed categories of computer networks include the following • • • • • • • • • • •

Local Area Network (LAN) Wide Area Network (WAN) Metropolitan Area Network (MAN) Storage Area Network (SAN) System Area Network (SAN) Server Area Network (SAN) Small Area Network (SAN) Personal Area Network (PAN) Desk Area Network (DAN) Controller Area Network (CAN) Cluster Area Network (CAN)

LANs and WANs were the original flavors of network design. The concept of "area" made good sense at this time, because a key distinction between a LAN and a WAN involves the physical distance that the network spans. A third category, the MAN, also fit into this scheme as it too is centered on a distance-based concept. As technology improved, new types of networks appeared on the scene. These, too, became known as various types of "area networks" for consistency's sake, although distance no longer proved a useful differentiator. LAN Basics A LAN connects network devices over a relatively short distance. A networked office building, school, or home usually contains a single LAN, though sometimes one building will contain a few small LANs, and occasionally a LAN will span a group of nearby buildings. In IP networking, one can conceive of a LAN as a single IP subnet (though this is not necessarily true in practice). Besides operating in a limited space, LANs include several other distinctive features. LANs are typically owned, controlled, and managed by a single person or organization. They also use certain specific connectivity technologies, primarily Ethernet and Token Ring.

WAN Basics As the term implies, a wide-area network spans a large physical distance. A WAN like the Internet spans most of the world! A WAN is a geographically-dispered collection of LANs. A network device called a router connects LANs to a WAN. In IP networking, the router maintains both a LAN address and a WAN address. WANs differ from LANs in several important ways. Like the Internet, most WANs are not owned by any one organization but rather exist under collective or distributed ownership and management. WANs use technology like ATM, Frame Relay and X.25 for connectivity. LANs and WANs at Home Home networkers with cable modem or DSL service already have encountered LANs and WANs in practice, though they may not have noticed. A cable/DSL router like those in the Linksys family join the home LAN to the WAN link maintained by one's ISP. The ISP provides a WAN IP address used by the router, and all of the computers on the home network use private LAN addresses. On a home network, like many LANs, all computers can communicate directly with each other, but they must go through a central gateway location to reach devices outside of their local area. What About MAN, SAN, PAN, DAN, and CAN? Future articles will describe the many other types of area networks in more detail. After LANs and WANs, one will most commonly encounter the following three network designs: A Metropolitan Area Network connects an area larger than a LAN but smaller than a WAN, such as a city, with dedicated or high-performance hardware. [1] A Storage Area Network connects servers to data storage devices through a technology like Fibre Channel. [2] A System Area Network connects high-performance computers with high-speed connections in a cluster configuration. Conclusion To the uninitiated, LANs, WANs, and the other area network acroymns appear to be just more alphabet soup in a technology industry already drowning in terminology. The names of these networks are not nearly as important as the technologies used to construct them, however. A person can use the categorizations as a learning tool to better understand concepts like subnets, gateways, and routers.

Network Topologies Bus, ring, star, and all the rest In networking, the term topology refers to the layout of connected devices on a network. This article introduces the standard topologies of computer networking.

Topology in Network Design One can think of a topology as a network's "shape" ... (see below)

... . This shape does not necessarily correspond to the actual physical layout of the devices on the network. For example, the computers on a home LAN may be arranged in a circle, but it would be highly unlikely to find an actual ring topology there. Network topologies are categorized into the following basic types: • • • • •

bus ring star tree mesh

More complex networks can be built as hybrids of two or more of the above basic topologies. Bus Bus networks (not to be confused with the system bus of a computer) use a common backbone to connect all devices. A single cable, the backbone functions as a shared communication medium, that devices attach or tap into with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message.

Bus Topology

Ethernet bus topologies are relatively easy to install and don't require much cabling compared to the alternatives. 10Base-2 ("ThinNet") and 10Base-5 ("ThickNet") both were popular Ethernet cabling options years ago. However, bus networks work best with a limited number of devices. If more than a few dozen computers are added to a bus, performance problems will likely result. In addition, if the backbone cable fails, the entire network effectively becomes unusable. Ring In a ring network, every device has exactly two neighbors for communication purposes. All messages travel through a ring in the same direction (effectively either "clockwise" or Ring Topology

"counterclockwise"). A failure in any cable or device breaks the loop and can take down the entire network. To implement a ring network, one typically uses FDDI, SONET, or Token Ring technology. Rings are found in some office buildings or school campuses. Star Many home networks use the star topology. A star network features a central connection point called a "hub" that may be an actual hub or a switch. Devices typically connect to the hub with Unshielded Twisted Pair (UTP) Ethernet. Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computer's network access and not the entire LAN. (If the hub fails, however, the entire network also fails.) Tree Tree topologies integrate multiple star topologies together onto a bus. In its simplest form, only hub devices connect directly to the tree bus, and each hub functions as the "root" of a tree of devices. This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub ports) alone.

Star Topology

Mesh Mesh topologies involve the concept of routes. Unlike each of the previous topologies, messages sent on a mesh network can take any of several possible paths from source to destination. (Recall that in a ring, although two cable paths exist, messages can only travel in one direction.) Some WANs, like the Internet, employ mesh routing. Conclusion Topologies remain an important part of network design theory. You can probably build a home or small business network without understanding the difference between a bus design and a star design, but understanding the concepts behind these gives you a deeper understanding of important elements like hubs, broadcasts, ports, and routes.

Standard layered framework for network design The Open Systems Interconnection (OSI) reference model has been an essential component of computer network design since its inception in 1984. OSI is an abstract model, meaning that actual network implementations need not adhere to it strictly. OSI is also a standards effort, a product of the International Standards Organization (ISO). (And OSI is ISO spelled backwards, just to add to the fun). Although heavy on theory, the OSI model still provides a practical, structured introduction to network design.

OSI Model Stack The OSI model divides the complex task of host-to-host networking, traditionally called internetworking, into layers. Layers in the OSI model are ordered from lowest level to highest in a stack. The OSI stack contains seven layers in two groups: Upper layers: 7. application 6. presentation 5. session Lower layers: 4. transport 3. network 2. data link 1. physical

OSI Model Upper Layers OSI designates the application, presentation, and session layers as "upper" layers. Generally speaking, software in these layers performs application-specific functions like data formatting, encryption, and connection management. Examples of upper layer technologies in the OSI model are HTTP, SSL and NFS.

OSI Model Lower Layers The remaining lower layers provide more primitive network-specific functions like routing, addressing, and flow control. Examples of lower layer technologies in the OSI model are TCP, IP, and Ethernet.

OSI Model Benefits The layered approach in the OSI model offers several advantages to system implementers. By separating the design into logical smaller pieces, vendors can more easily solve network design problems through divideand-conquer. A product from one vendor that implements OSI Layer 2 functionality, for example, will be much more likely to interoperate with another vendor's OSI Layer 3 product because both vendors are following the model. Finally, the OSI model makes network designs more extensible. New protocols and other network services are generally easier to add to a layered architecture than to a monolithic one.

********************************************** TCP/IP Network Concepts As the Internet continues to grow, the use of Transmission Control Protocol/Internet Protocol (TCP/IP) on internal networks increases. TCP/IP offers a widely deployed set of open protocol standards that are well suited to forming wide area networks (WANs).

For each computer to identify itself on a TCP/IP network, each host must be uniquely identified by the following information:

• •

•

An IP address A 32-bit field composed of four octets (8-bit numbers from 0 through 255). Each address has decimal notation to separate octet numbers, such as 10.10.100.201. A subnet mask This indicates how the IP address is to be read. It also indicates how to separate the network identifying information from the host identifying information and interprets the IP address correctly. For example, if a subnet mask of 255.255.255.0 is applied for an address 10.85.189.24, it indicates that the host number is 24, located on the 10.85.189 subnetwork. A default gateway This is used to specify the address for the nearest routing device that is used by the host device to forward addressed packets on to the network.

One way to configure this address information is to have a network administrator or technician manually enter these settings on each computer before it is joined to the local network. This type of manually applied configuration is referred to as static IP addressing. It requires that all addresses are recorded and centrally maintained by a network administrator. This provides an orderly procedure for adding new devices and avoids problems that can arise from duplicating address assignments on the network.

For small networks, adding new devices does not present a difficult problem. However, as networks become larger or further divide into multiple subnetworks, integrating new devices into existing networks becomes a significant chore for network administrators. In addition, this task may need to be repeated each time a device is moved to a different subnetwork.

Although IP addressing is an efficient scheme that works optimally for computers and routers, network users find common names for hosts (such as myserver.mycompany.com) much easier to remember than IP addresses (such as 10.100.206.195). Further solutions for mapping user-friendly names to assigned IP addresses simplify user access, but compound the existing administrative problems already inherent in TCP/IP.

The following sections cover some of the accepted and proposed standards that have been drafted to provide solutions for all of these TCP/IP shortcomings.

What Is DNS? The Domain Name System (DNS) service was developed by the Internet Engineering Task Force (IETF) as an attempt to standardize a way to map pairings of logical host names to actual IP addresses on a TCP/IP network.

DNS is an acceptable method for resolving names to addresses, but it requires the use of host files, and DNS servers must be overseen and updated manually as names and addresses are modified. This adds to tasks that a TCP/IP network administrator must perform, although it does simplify network access for users.

For DNS to work properly it requires the use of a name space. The DNS name space is hierarchical in nature and allows host names to be stated in absolute or relative terms. Absolute names, or fully qualified domain names (FQDNs) are defined from the root of the name space and uniquely identify a node in the hierarchy. FQDNs end with a trailing dot. Relative names are represented relative to a name in the hierarchy. For example, server.microsoft.com is a relative DNS name of a host defined from the com part of the DNS name space hierarchy, which contains domain names of commercial organizations.

If the domain name of a company is:

mycompany.com

then the following domain names:

sales.mycompany.com

marketing.mycompany.com

are known as subdomains of the mycompany.com domain.

In addition to planning for domain hierarchies, the DNS service uses host files, which are flat text files that pair DNS domain names and IP address pairings for hosts on the local network. Host files are used by the DNS server to process and resolve name query requests forwarded by DNS clients initiating communications on the local network. In nearly all cases where DNS is used, host files must be created and updated manually for the DNS service to work properly for all hosts.

Because DNS is a supported standard for all TCP/IP networks, most internal networks that support TCP/IP have no restrictions regarding the use of DNS services. Although other TCP/IP servers that are not Windows-based can be made to function as DNS servers, Windows NT Server provides the option of acting as a DNS server as well.

What Is WINS? Windows Internet Naming Service (WINS) is another option for resolving host names on networks that use Microsoft TCP/IP. It provides a distributed database for registering and querying dynamic computer name-to-IP address mappings in a routed network environment. WINS uses the NetBIOS computer name for any Windows-based network client to register each client in the WINS database on a computer running Windows NT Server.

A WINS system consists of the following:

•

• •

WINS server Runs on a Windows NT Server–based computer and handles name registration requests from WINS clients and registers their names and IP addresses. The server also responds to name queries from WINS clients by returning the IP address of the name being queried (assuming the name is registered with the WINS server). WINS client Registers its name with the WINS server when it joins or leaves the network. The client also queries the WINS server for remote name resolution. WINS proxy Helps resolve names on behalf of non-WINS clients. The proxy communicates with the WINS server to resolve names (rather than maintaining its own database) and then caches the names for a certain amount of time. The proxy serves as an intermediary between the WINS server and the non-WINS client, either by communicating with the WINS server or by supplying a name-to-IP address mapping from its cache. The presence of a WINS proxy in a WINS system is dictated solely by the presence of non-WINS clients.

If you are administering a routed internal network, WINS is the best choice for NetBIOS name resolution, because it is designed to solve the problems that occur with name resolution in a complex internal network. WINS goes beyond eliminating the need for an LMHOSTS file (a hosts file of NetBIOS names–to–IP address pairs) by reducing the use of local broadcasts for name resolution and allowing users to easily locate systems on remote networks.

Using WINS provides the following benefits:

• • • •

In a dynamic network environment where host IP addresses can change frequently, WINS provides an excellent way to dynamically register these changes as they occur. It centralizes management of the NetBIOS names-to-IP addresses mapping database, so that there is no need to manage multiple LMHOSTS files across several servers on a network. It reduces IP broadcast traffic in a NetBIOS-based internal network, while allowing the clients to locate remote systems across local or wide area networks easily. With WINS, users on a Windows NT–based network can browse transparently across routers (for Windows NT domains that span multiple subnets). Browsing without WINS is complicated and involves manual procedures.

For more information on TCP/IP networking, see the Networking Supplement in your Windows NT Server documentation.

What Is DHCP? The Dynamic Host Configuration Protocol (DHCP) was established to relieve the administrative burden of manual configuration of TCP/IP hosts on the network. DHCP provides an alternative to static IP addressing by enabling automatic configuration of the TCP/IP-related parameters when a DHCP client becomes active on the local network.

Note DHCP provides a way of passing configuration information to hosts that is based on an earlier protocol standard, known as the Bootstrap Protocol (BOOTP). BOOTP was conceived as a way to allow diskless workstations to obtain TCP/IP configuration settings and perform a network "boot." DHCP uses some of the same concepts as BOOTP, such as a shared message format, which allows existing BOOTP clients to interoperate with DHCP servers. However, further additions to DHCP distinguish it from BOOTP.

DHCP provides a safe, reliable, and simple TCP/IP network configuration. It ensures that address

conflicts do not occur and helps conserve the use of IP addresses by using centralized management of address allocation. DHCP conserves addresses that are not in use by having the DHCP server reclaim an address after the address lease period has elapsed.

The administrator controls how IP addresses are dynamically assigned by the DHCP server. To establish DHCP service, you set several parameters that are used to manage dynamic assignment of IP addresses. First, a lease period for each address is set. A lease specifies how long a computer can use an assigned IP address before having to renew the lease with the DHCP server. Another parameter that must be set for DHCP service is a scope. A scope indicates the available range of addresses that can be used within DHCP assignment. The scope provides for an available pool of addresses for the DHCP server to use when assigning and configuring clients. The scope exists only once for an entire subnetwork, but it can be further defined by excluding reserved subranges of addresses from the pool of assignable addresses allowed by the scope.

Setting up a DHCP environment provides three major benefits:

•

•

•

It requires no additional address configuration for the workstation. Users do not need to know or maintain their computer’s TCP/IP address configuration. This can be useful for mobile computer users who use portable computers that are moved to different offices or subnets frequently. DHCP clients can be configured with additional TCP/IP parameters, such as the DNS server address or WINS server addresses that are essential for successful name-to-IP address resolution by a host. DHCP gives you better control of IP address assignment and management. For example, if the IP address for a router in a network changes and 250 client computers have to be updated with the new address, you do not have to manually reconfigure every workstation.

DHCP is based on a client/server model. The DHCP server runs on a server, such as a computer running Windows NT Server. The DHCP client runs on a network client such as a workstation running Windows 95 or Windows NT Workstation.

During system startup (the initializing state), a DHCP client computer sends a DHCP "discover" message that is broadcast on the local network and can be forwarded to all the DHCP servers on the internal network. Each DHCP server that receives the discover message responds with an "offer" message containing an IP address and valid configuration information for the DHCP client computer that sent the request.

The DHCP client then collects the configuration and enters a selecting state, where it chooses one of the address "offers" provided by the DHCP servers. The client selects one of the offered configurations and enters a requesting state. It then sends a "request" message to specify a request from that DHCP server. The selected DHCP server sends an "acknowledgment" message that contains the address requested, a valid lease for the address, and TCP/IP network configuration parameters for the client. The client enters a bound state after receiving the acknowledgment from the server and can now participate on the TCP/IP network.

Client computers with local disk storage save the received address for use during subsequent system startup. As the lease approaches its expiration date, the client attempts to renew its lease with the DHCP server. If the DHCP server that initially offered the lease is not available or the lease has expired, the client repeats the process and gets a new configuration from any of the available DHCP servers.

The following three types of hosts can be active in a DHCP configuration process:

• •

•

DHCP server Contains IP addresses, lease duration, and associated TCP/IP configuration information. The DHCP server listens for client requests and processes them. DHCP client Gets its IP address and related TCP/IP configuration parameters from the DHCP server during the initialization stage. The client also extends the lease on the IP address by renewing the lease before it expires. DHCP relay agent A relay agent software (compliant with RFC 1542) assists in forwarding the DHCP packets between subnets in a routed internal network. Usually, this component runs on the routers.

For more information about setting up DHCP services, see your Windows NT Server documentation.

What Are Ports? Ports are used in TCP/IP to name the ends of logical connections that carry long-term conversations. A port gives transport protocols such as User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) the capability of handling communications between multiple hosts. It allows communication to be uniquely identified. The WinSock Proxy service uses ports extensively to provide a way of redirecting applications.

For the purpose of providing services to unknown callers, a service contact port is defined. Each WinSock Proxy–enabled application specifies a port to be used as the contact port on the server for TCP or UDP. The contact port is sometimes called the "well-known port." To some extent, these same port assignments are used with UDP. To use UDP, the application must supply the IP address and port number of the destination application.

Ports are identified by a positive integer. Originally, the assigned ports available were in the range from 0 through 255. Currently, the range for assigned ports has been expanded to allow 4-digit port numbers up to 9,999. The assigned ports use a small portion of the range of possible port numbers, allowing other unassigned port numbers to be designated as alternatives if the initial port is not available or is to be used for new custom server applications.

Ports can be designated to use either TCP or UDP as the transport-level protocol that specifies how ports send and receive data. In addition, port assignments are enabled separately for inbound ports and outbound ports on Microsoft Proxy Server. Inbound ports are used to listen for client requests from Internet clients, and outbound ports are used to listen for requests from clients on the internal network.