windows xp home networking dennis morgan program manager core networking microsoft
Post on 26-Dec-2015
214 Views
Preview:
TRANSCRIPT
Windows XP Windows XP Home NetworkingHome Networking
Dennis MorganDennis MorganProgram ManagerProgram ManagerCore NetworkingCore NetworkingMicrosoftMicrosoft
AgendaAgenda
Network ArchitectureNetwork Architecture Setup and ConfigurationSetup and Configuration Internet Connection SharingInternet Connection Sharing Internet Connection FirewallInternet Connection Firewall Network BridgeNetwork Bridge Application CompatibilityApplication Compatibility Network Address TranslationNetwork Address Translation DiagnosticsDiagnostics
Network ArchitectureNetwork Architecture There will be multiple networked PCs There will be multiple networked PCs
and Intelligent Appliances (IA) in the and Intelligent Appliances (IA) in the home and small business home and small business
PCs and devices will be connected over PCs and devices will be connected over multiple network media that are multiple network media that are bridged bridged
IP will be the dominant protocol inside IP will be the dominant protocol inside the home the home
Configuration and setup will be simple Configuration and setup will be simple or automaticor automatic
PCs and devices will securely connect PCs and devices will securely connect to the Internet via dedicated or PC to the Internet via dedicated or PC gatewaygateway
Network ArchitectureNetwork Architecture
Internet
Residential gateway (PC or device)
Why not this Why not this architecture?architecture?
InsecureInsecure Network architecture is publicNetwork architecture is public
Internet Hub
Setup and ConfigurationSetup and Configuration
Out of Box Experience (OOBE)Out of Box Experience (OOBE) Runs on first-bootRuns on first-boot
Auto ConfigurationAuto Configuration Network Setup WizardNetwork Setup Wizard
Configuration tool for setting-up a Configuration tool for setting-up a Home or Small Business networkHome or Small Business network
Runs on down-level clientsRuns on down-level clients New Connection WizardNew Connection Wizard
Dial-up, VPNDial-up, VPN
Network Setup WizardNetwork Setup Wizard
Sets-up a machine as an ICS host Sets-up a machine as an ICS host or a client on the networkor a client on the network TCP/IP settingsTCP/IP settings Unifies workgroupUnifies workgroup IE settingsIE settings UPnPUPnP
Configures network sharesConfigures network shares File and Printer sharesFile and Printer shares
XP, Me, 98 SE and 98 GoldXP, Me, 98 SE and 98 Gold
Internet Connection SharingInternet Connection Sharing
Provides Network ServicesProvides Network Services NAT NAT – share a single Internet connection– share a single Internet connection DHCP DHCP – allocation of private addresses– allocation of private addresses DNSDNS – resolution of home network – resolution of home network
addressesaddresses
Simple checkbox UISimple checkbox UI Discovery and Control via Discovery and Control via
Universal Plug and PlayUniversal Plug and Play Location aware group policyLocation aware group policy
ICS Discovery and ControlICS Discovery and Control
ICS server announces itself on ICS server announces itself on the networkthe network UPnP service (UPnP IG compliant)UPnP service (UPnP IG compliant) Beacon for auto-discoveryBeacon for auto-discovery
ICS clients automatically ICS clients automatically discover and use the ICS serverdiscover and use the ICS server Allows clients to discover ICS host and its Allows clients to discover ICS host and its
connection state to the ISPconnection state to the ISP Allows clients to control connection state Allows clients to control connection state
of ICS hostof ICS host Down level client available via NSWDown level client available via NSW
Internet Connection FirewallInternet Connection Firewall
Uses connection flow information Uses connection flow information to prevent unsolicited inbound to prevent unsolicited inbound connectionsconnections
Thwarts standard scansThwarts standard scans Simple checkbox UISimple checkbox UI Advanced OptionsAdvanced Options
LoggingLogging ICMPICMP
Location aware group policyLocation aware group policy
Network BridgeNetwork Bridge
Allows users to deploy multiple media Allows users to deploy multiple media types in the home to create a seamless types in the home to create a seamless networknetwork
Layer 2 media bridge built to IEEE Layer 2 media bridge built to IEEE 802.1D-1990 specification802.1D-1990 specification Supports Ethernet, HomePNA, IEEE 1394 Supports Ethernet, HomePNA, IEEE 1394
and wireless network devicesand wireless network devices Includes Spanning Tree Algorithm (STA)Includes Spanning Tree Algorithm (STA) Location aware group policyLocation aware group policy
Application CompatibilityApplication Compatibility
Large test matrix of applicationsLarge test matrix of applications Approx. 100 apps tested in Approx. 100 apps tested in
MillenniumMillennium Approx. 150 apps in XP matrixApprox. 150 apps in XP matrix
Application Layer Gateway (ALG) Application Layer Gateway (ALG) APIAPI Extensibility model for 3Extensibility model for 3rdrd party party
protocolsprotocols Provided via the platform SDKProvided via the platform SDK
Network Network Address Address TranslationTranslation
What Is NAT? What Is NAT? Network Address TranslationNetwork Address Translation
Multiplexes the address space behind the NATMultiplexes the address space behind the NAT Edits source address and ports in IP trafficEdits source address and ports in IP traffic
All network traffic leaving the public side of the NAT All network traffic leaving the public side of the NAT appears originate from one IP addressappears originate from one IP address
Internet
192.168.0.2
192.168.0.3 192.168.0.1 157.55.0.1
Deployment BlockersDeployment Blockers
Peer to Peer applications Peer to Peer applications Remote AssistanceRemote Assistance File SharingFile Sharing
Multi-player gamesMulti-player games XP and Broadband Enabled XP and Broadband Enabled
ExperiencesExperiences Real Time CommunicationReal Time Communication
What is the solution?What is the solution? Program the NAT with Universal Plug Program the NAT with Universal Plug
and Playand Play UPnP is an industry initiativeUPnP is an industry initiative Provides method for discovering servicesProvides method for discovering services Provides methods for interacting with Provides methods for interacting with
devices and services devices and services Internet Gateway Device working Internet Gateway Device working
group defining schema for gatewaysgroup defining schema for gateways Includes method for creating and removing Includes method for creating and removing
port mappings port mappings
Changes for ApplicationsChanges for Applications
Many applications will just workMany applications will just work DirectPlay gamesDirectPlay games Remote AssistanceRemote Assistance Windows MessengerWindows Messenger
New applications use UPnPNew applications use UPnP Use UPnP for port reservationUse UPnP for port reservation Use the public address in exchanges Use the public address in exchanges
with peerswith peers Existing applicationsExisting applications
Provide script to create a static port Provide script to create a static port mappingmapping
Windows client supportWindows client support
Windows XP has native supportWindows XP has native support Windows Me has support Windows Me has support
requires update to UPnP control requires update to UPnP control point software; available via point software; available via Windows UpdateWindows Update
Windows 98SE & 98 GoldWindows 98SE & 98 Gold control point available as part of XP control point available as part of XP
Home Networking packageHome Networking package APIs available in platform SDKAPIs available in platform SDK
DiagnosticsDiagnostics
Repair FeaturesRepair Features
Multiple Entry PointsMultiple Entry Points Status IconStatus Icon Connections FolderConnections Folder PC HealthPC Health
Performs Common Repair TasksPerforms Common Repair Tasks IP Address RenewIP Address Renew ARP and DNS Cache FlushARP and DNS Cache Flush WINS RefreshWINS Refresh DNS re-registerDNS re-register
Network Status FeaturesNetwork Status Features
Network Connection Status IconNetwork Connection Status Icon Error icon shows broken connection, no Error icon shows broken connection, no
connection or signal, or invalid addressconnection or signal, or invalid address Normal icon shows auto-config address, Normal icon shows auto-config address,
and Ad Hoc wireless modeand Ad Hoc wireless mode Tool tips describe simple problemsTool tips describe simple problems
Network Monitor tab in TaskmanNetwork Monitor tab in Taskman Network information displayed on Network information displayed on
connection folder pageconnection folder page Support Tab Added to Status Dialog Support Tab Added to Status Dialog
of connection of connection Replaces WinIPconfig. Replaces WinIPconfig.
DGNet FeaturesDGNet Features
Works with PC Health to gather Works with PC Health to gather system informationsystem information
Three Levels of Display ResultsThree Levels of Display Results User Selectable TestUser Selectable Test
System PropertiesSystem Properties Network Adapter, modem and VPN Network Adapter, modem and VPN
informationinformation Application TestApplication Test
IE Proxy, News Server, Mail IE Proxy, News Server, Mail ServerServer
WirelessWireless
Wireless LAN TrendsWireless LAN Trends Increased WLAN bandwidthIncreased WLAN bandwidth
11Mbps for Wi-Fi11Mbps for Wi-Fi 22Mbps and 54Mbps coming22Mbps and 54Mbps coming
Reduced cost of equipmentReduced cost of equipment $95 per Wi-Fi card, $200 per Access Point$95 per Wi-Fi card, $200 per Access Point
Increased use of laptops and PDAsIncreased use of laptops and PDAs Mobile usersMobile users
Growth of Wi-Fi embedded in laptopsGrowth of Wi-Fi embedded in laptops Wi-Fi is growing rapidlyWi-Fi is growing rapidly
Wireless LAN ScenariosWireless LAN Scenarios EnterpriseEnterprise
Want secure user authentication and Want secure user authentication and key distributionkey distribution
Want to support guest access to the Want to support guest access to the InternetInternet
Public places (Airports, Malls, etc)Public places (Airports, Malls, etc) Want user authentication for billingWant user authentication for billing
HomeHome Want simple, no new wires networkWant simple, no new wires network
RoamingRoaming Want transparent roamingWant transparent roaming
Windows XP Windows XP Simplifies WirelessSimplifies Wireless Zero configuration Zero configuration
Automatically scans for networkAutomatically scans for network Automatically configures Wi-Fi NIC Automatically configures Wi-Fi NIC
Secure LAN accessSecure LAN access IEEE 802.1XIEEE 802.1X Supports different credentials, Supports different credentials,
limited access & guest accountslimited access & guest accounts RoamingRoaming
Alternative IP configurationAlternative IP configuration Network location awarenessNetwork location awareness
SummarySummary Windows XP brings Millennium Windows XP brings Millennium
parity to the 2000 code baseparity to the 2000 code base Windows XP makes networking Windows XP makes networking
accessible to consumersaccessible to consumers Simplified set-up and diagnosticsSimplified set-up and diagnostics Focus on key scenariosFocus on key scenarios
Windows XP is the best platform Windows XP is the best platform ever for always connected and ever for always connected and broadband connectivitybroadband connectivity ICS, Bridge, FirewallICS, Bridge, Firewall Roaming, wireless supportRoaming, wireless support
Backup slidesBackup slides
Call to ActionCall to Action
IHVs/ISVsIHVs/ISVs Use UPnP to detect and configure Use UPnP to detect and configure
Internet gateway Internet gateway take NAT into consideration when take NAT into consideration when
writing protocolswriting protocols Compatibility: test early, test oftenCompatibility: test early, test often Plan now for IPv6Plan now for IPv6
IHVsIHVs: ensure network cards : ensure network cards report promiscuous mode report promiscuous mode properlyproperly
ResourcesResources
Home Networking feedback – Home Networking feedback – hnetfb@microsoft.comhnetfb@microsoft.com
Writing NAT friendly apps – Writing NAT friendly apps – http://www.microsoft.com/Windows2000/library/howihttp://www.microsoft.com/Windows2000/library/howitworks/communications/networkbasics/natdoc1.asptworks/communications/networkbasics/natdoc1.asp
Universal Plug and Play website Universal Plug and Play website – http://www.upnp.org– http://www.upnp.org
Network Address Network Address TranslationTranslation
What is Network Address What is Network Address Translation (NAT)?Translation (NAT)?
Multiplexes the address space behind the Multiplexes the address space behind the NATNAT
Edits source address and ports in IP trafficEdits source address and ports in IP traffic All network traffic leaving the public side of the All network traffic leaving the public side of the
NAT appears originate from one IP addressNAT appears originate from one IP address
Internet
192.168.1.2
192.168.1.3 192.168.1.1 157.55.0.1
How NAT worksHow NAT works
Default gateway is the NATDefault gateway is the NAT NAT maps internal source address and port with NAT maps internal source address and port with
specific external source addressspecific external source address Modifies packet with NAT’s external address and new Modifies packet with NAT’s external address and new
source portsource port Forwards packet to serverForwards packet to server Response packet internal destination is resolved by Response packet internal destination is resolved by
NAT based on port state table NAT based on port state table
212.3.2.10
Src: 212.3.2.10:5205Dest: 212.3.2.4:80
Client
192.168.1.5Src: 192.168.1.5:3123
Dest: 212.3.2.4:80Gateway: 192.168.1.1
Server
212.3.2.4
NAT
192.168.1.1
Working with NAT is criticalWorking with NAT is critical
Many firewalls are based on NATMany firewalls are based on NAT With 24 x 7 connectivity, the # of personal With 24 x 7 connectivity, the # of personal
firewalls deployed will increase.firewalls deployed will increase. WindowsWindows®® ICS is widely deployed ICS is widely deployed There are lots of other NATs from lots of There are lots of other NATs from lots of
vendorsvendors Cable modemsCable modems DSL modemsDSL modems ISDN routersISDN routers Other combo router/gateway/edge devicesOther combo router/gateway/edge devices
Forcing NAT to edit protocols does not scale Forcing NAT to edit protocols does not scale with either the # of protocols or the # of with either the # of protocols or the # of NAT solutionsNAT solutions
Things that break with NATThings that break with NAT
Using IP addresses in data payloadsUsing IP addresses in data payloads Using port numbers in payloadsUsing port numbers in payloads Assuming that you can always send or Assuming that you can always send or
receive on a specific port, range of ports, or receive on a specific port, range of ports, or sequence of portssequence of ports
Assuming hosts will keep the same IP Assuming hosts will keep the same IP address throughout a conversationaddress throughout a conversation
Assuming that your application can receive Assuming that your application can receive unsolicited inbound connectionsunsolicited inbound connections
Assuming that all application clients have Assuming that all application clients have the same view of the network that you havethe same view of the network that you have
Building NAT friendly protocolsBuilding NAT friendly protocols
Don’t rely on embedded address and port Don’t rely on embedded address and port informationinformation Use fully qualified domain names and/or user Use fully qualified domain names and/or user
names where possiblenames where possible Let DNS do the workLet DNS do the work
Don’t make assumptions about addresses Don’t make assumptions about addresses and ports staying the sameand ports staying the same
Avoid having unsolicited inbound Avoid having unsolicited inbound connections in your protocolconnections in your protocol
Encrypted protocols should avoid having the Encrypted protocols should avoid having the checksum cover the IP headerchecksum cover the IP header
Test your protocol with ICS and other NATsTest your protocol with ICS and other NATs Remember IPv6 Remember IPv6
Wireless Zero ConfigurationWireless Zero Configuration
Automatically scans for wireless LANs Automatically scans for wireless LANs nearbynearby Configure 802.11 NIC to match available networkConfigure 802.11 NIC to match available network User can setup one or more preferred networksUser can setup one or more preferred networks
Possible to disable non-preferred networksPossible to disable non-preferred networks If no 802.11 networks nearby configure 802.11 If no 802.11 networks nearby configure 802.11
NIC to peer-to-peer modeNIC to peer-to-peer mode Possible to disable peer-to-peer mode or force Possible to disable peer-to-peer mode or force
itit
Integrated with securityIntegrated with security If security fails find another network to useIf security fails find another network to use
LAN Access SecurityLAN Access Security IEEE 802.1XIEEE 802.1X
Standard protocol for authenticated network accessStandard protocol for authenticated network access Supported on Ethernet and 802.11Supported on Ethernet and 802.11 User and machine authentication using User and machine authentication using
RadiusRadius Same as used for dial-up and VPN authenticationSame as used for dial-up and VPN authentication Windows 2000 Internet Authentication Server can Windows 2000 Internet Authentication Server can
be integrated with Active Directory user databasebe integrated with Active Directory user database Level of network access is under admin Level of network access is under admin
controlcontrol No access (don’t even get an IP address)No access (don’t even get an IP address) Complete accessComplete access Guest accessGuest access
Supports distribution of encryption keys to Supports distribution of encryption keys to clientsclients
RoamingRoaming Alternative IP configurationAlternative IP configuration
DHCP + static IP configurationDHCP + static IP configuration Automatic switch between configurationsAutomatic switch between configurations
Extended Windows 2000 auto DHCP renewExtended Windows 2000 auto DHCP renew Check IP address on roamingCheck IP address on roaming
Extended Windows 2000 reconfiguration Extended Windows 2000 reconfiguration support on IP address changesupport on IP address change QoS reservations updatedQoS reservations updated IE proxy settings re-detectedIE proxy settings re-detected
IP prefers fastest network interfaceIP prefers fastest network interface E.g. 11Mbps wireless and 100Mbps EthernetE.g. 11Mbps wireless and 100Mbps Ethernet
RoamingRoamingNetwork location extensions to WinsockNetwork location extensions to Winsock
Applications that want to be network Applications that want to be network awareaware E.g. Firewall, IEE.g. Firewall, IE
Information about the network Information about the network connectivity the machine hasconnectivity the machine has Speed, interface type, network type (e.g. Speed, interface type, network type (e.g.
connected to the Interface), ICS connected to the Interface), ICS information, 802.1X informationinformation, 802.1X information
Connectivity change notificationConnectivity change notification
top related