index-of.co.ukindex-of.co.uk › networking › networking the complete... · about the author...
TRANSCRIPT
![Page 1: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/1.jpg)
![Page 2: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/2.jpg)
![Page 3: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/3.jpg)
Copyright©2015byMcGraw-HillEducation.Allrightsreserved.ExceptaspermittedundertheUnitedStatesCopyrightActof1976,nopartofthispublicationmaybereproducedordistributedinanyformorbyanymeans,orstoredinadatabaseorretrievalsystem,withoutthepriorwrittenpermissionofthepublisher.
ISBN:978-0-07-182765-2MHID:0-07-182765-X
ThematerialinthiseBookalsoappearsintheprintversionofthistitle:ISBN:978-0-07-182764-5,MHID:0-07-182764-1.
eBookconversionbycodeMantraVersion1.0
Alltrademarksaretrademarksoftheirrespectiveowners.Ratherthanputatrademarksymbolaftereveryoccurrenceofatrademarkedname,weusenamesinaneditorialfashiononly,andtothebenefitofthetrademarkowner,withnointentionofinfringementofthetrademark.Wheresuchdesignationsappearinthisbook,theyhavebeenprintedwithinitialcaps.
McGraw-HillEducationeBooksareavailableatspecialquantitydiscountstouseaspremiumsandsalespromotionsorforuseincorporatetrainingprograms.Tocontactarepresentative,pleasevisittheContactUspageatwww.mhprofessional.com.
InformationhasbeenobtainedbyMcGraw-HillEducationfromsourcesbelievedtobereliable.However,becauseofthepossibilityofhumanormechanicalerrorbyoursources,McGraw-HillEducation,orothers,McGraw-HillEducationdoesnotguaranteetheaccuracy,adequacy,orcompletenessofanyinformationandisnotresponsibleforanyerrorsoromissionsortheresultsobtainedfromtheuseofsuchinformation.
TERMSOFUSE
ThisisacopyrightedworkandMcGraw-HillEducationanditslicensorsreserveallrightsinandtothework.Useofthisworkissubjecttotheseterms.ExceptaspermittedundertheCopyrightActof1976andtherighttostoreandretrieveonecopyofthework,youmaynotdecompile,disassemble,reverseengineer,reproduce,modify,createderivativeworksbasedupon,transmit,distribute,disseminate,sell,publishorsublicensetheworkoranypartofitwithoutMcGraw-HillEducation’spriorconsent.Youmayusetheworkforyourownnoncommercialandpersonaluse;anyotheruseoftheworkisstrictlyprohibited.Yourrighttousetheworkmaybeterminatedifyoufailtocomplywiththeseterms.
THEWORKISPROVIDED“ASIS.”McGRAW-HILLEDUCATIONANDITSLICENSORSMAKENOGUARANTEESORWARRANTIESASTOTHEACCURACY,ADEQUACYORCOMPLETENESSOFORRESULTSTOBEOBTAINEDFROMUSINGTHEWORK,INCLUDINGANYINFORMATIONTHATCANBEACCESSEDTHROUGHTHEWORKVIAHYPERLINKOROTHERWISE,ANDEXPRESSLYDISCLAIMANYWARRANTY,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE.McGraw-HillEducationanditslicensorsdonotwarrantorguaranteethatthefunctionscontainedinthe
![Page 4: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/4.jpg)
workwillmeetyourrequirementsorthatitsoperationwillbeuninterruptedorerrorfree.NeitherMcGraw-HillEducationnoritslicensorsshallbeliabletoyouoranyoneelseforanyinaccuracy,errororomission,regardlessofcause,intheworkorforanydamagesresultingtherefrom.McGraw-HillEducationhasnoresponsibilityforthecontentofanyinformationaccessedthroughthework.UndernocircumstancesshallMcGraw-HillEducationand/oritslicensorsbeliableforanyindirect,incidental,special,punitive,consequentialorsimilardamagesthatresultfromtheuseoforinabilitytousethework,evenifanyofthemhasbeenadvisedofthepossibilityofsuchdamages.Thislimitationofliabilityshallapplytoanyclaimorcausewhatsoeverwhethersuchclaimorcausearisesincontract,tortorotherwise.
![Page 5: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/5.jpg)
Greatthanksandhumbleappreciationtoallofthosewhohelpedwiththisbook.Andtomykidsandtheirkids,andeverandalwaystoSandy.
![Page 6: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/6.jpg)
AbouttheAuthorBobbiSandbergisasmallbusinessconsultantandretiredCPAwhohasbeenatrainer,instructor,andteacherofallthingscomputerinthePacificNorthwestformorethan40years.Shehas“played”withcomputerssincetheyoccupiedentireroomsandrequiredperforatedpapertapeandpunchcards.Today,sheteacheshardwareandsoftwareclasses,solveshardwareandsoftwareissuesforanumberofclients,andkeepsnetworksfunctionalonaregularbasis.Bobbiistheauthororcoauthorofseveralcomputerbooks,includingQuickBooks2015:TheSmallBusinessGuide,Quicken2015:TheOfficialGuide,Quicken2014:TheOfficialGuide,MicrosoftOffice2013QuickSteps,andComputingforSeniorsQuickSteps.
AbouttheTechnicalEditorsRandalNollanhasbeenworkingwithtechnologysincethelate1970swhenhewrotehisfirstprogramonpinkpunchcards.RandaljoinedtheU.S.Navyin1980asanAviationOrdnancemanandretiredin2001.Duringthattime,hemaintainedthedBaseIIIvaccinationdatabaseforthesquadroncorpsmanandwasalwaysinthethickofmaintainingthetokenringnetwork,computers,andterminalstheyhadatthetime.HegraduatedfromSkagitValleyCollegeCIS(networking)andMIT(programming)in2003.HeworkedinInternettechsupportfrom2003to2005andhassincebeenworkingincomputerrepairforalocaltelephonecompanyonWhidbeyIsland,Washington.Inhissparetime,heenjoystheoutdoorsbyfishing,crabbing,bicycling,camping,andhunting.Indoorfunincludesplayingwithanythingtechrelated,remodelinghishome,andmakingwinefromanyfruitthatlandsonhisdoorstep;sometimehemayevenstopworkinganddrinkit.
DwightSpiveyistheauthorofmorethan20booksoncomputersandtechnologyandhashappilylenthisexpertiseasatechnicaleditortoseveralmoretitles.DwightishappilymarriedtoCindy,andtheyresideontheGulfCoastofAlabamaalongwiththeirfourchildren.Hestudiestheology,drawscomicstrips,androotsfortheAuburnTigersinhisever-decreasingsparetime.
VanAguirreisaninformationtechnologyspecialistwhohasbroadexperienceinthefield.Sincethelate1990s,hehasdevelopedandtaughtcoursesinnetworkingandmultimediatechnology,computingsecurity,computercrimeforensics,ITriskmanagement,ITbusinesscontinuity,anddisasterrecoveryplanning.WorkingwithotherITprofessionals,hehasplannedandmanagedtheimplementationofevolvingtechnologies,includingvirtualization,mobile,andcloudcomputingtosupportinstitutionalbusinessandstrategicinitiatives.Asaprojectmanagerineducationaltechnology,VanhasestablishedandpromotedsuccessfulapprenticeshipprogramsinITdeskservicemanagementforcollegestudents,integratingLEANprinciplesandITILprocessestosupplementtechnicalskills.
![Page 7: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/7.jpg)
Contents
Acknowledgments
Introduction
PartINetworkBasicsChapter1WhatIsaNetwork?
LocalAreaNetwork
Basebandvs.Broadband
PacketSwitchingvs.CircuitSwitching
CablesandTopologies
MediaAccessControl
Addressing
Repeaters,Bridges,Switches,andRouters
WideAreaNetworks
ProtocolsandStandards
ClientsandServers
OperatingSystemsandApplications
Chapter2TheOSIReferenceModel
CommunicationsBetweentheLayers
DataEncapsulation
HorizontalCommunications
VerticalCommunications
EncapsulationTerminology
ThePhysicalLayer
PhysicalLayerSpecifications
PhysicalLayerSignaling
TheDataLinkLayer
Addressing
MediaAccessControl
ProtocolIndicator
ErrorDetection
TheNetworkLayer
![Page 8: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/8.jpg)
Routing
Fragmenting
Connection-OrientedandConnectionlessProtocols
TheTransportLayer
ProtocolServiceCombinations
TransportLayerProtocolFunctions
SegmentationandReassembly
FlowControl
ErrorDetectionandRecovery
TheSessionLayer
DialogControl
DialogSeparation
ThePresentationLayer
TheApplicationLayer
PartIINetworkHardwareChapter3NetworkInterfaceAdapters
NICFunctions
NICFeatures
FullDuplex
BusMastering
ParallelTasking
Wake-on-LANorWake-on-Wireless-LAN
SelectingaNIC
Protocol
TransmissionSpeed
NetworkInterface
BusInterface
Bottlenecks
ISAorPCI?
IntegratedAdapters
Fiber-OpticNICs
PortableSystems
![Page 9: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/9.jpg)
HardwareResourceRequirements
PowerRequirements
Servervs.WorkstationNICs
Chapter4NetworkInterfaceAdaptersandConnectionDevices
Repeaters
Hubs
PassiveHubs
Repeating,Active,andIntelligentHubs
TokenRingMAUs
HubConfigurations
TheUplinkPort
StackableHubs
ModularHubs
Bridges
TransparentBridging
BridgeLoops
SourceRouteBridging
BridgingEthernetandTokenRingNetworks
Routers
RouterApplications
RouterFunctions
RoutingTables
WindowsRoutingTables
RoutingTableParsing
StaticandDynamicRouting
SelectingtheMostEfficientRoute
DiscardingPackets
PacketFragmentation
RoutingandICMP
RoutingProtocols
Switches
SwitchTypes
![Page 10: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/10.jpg)
Routingvs.Switching
VirtualLANs
Layer3Switching
Multiple-LayerSwitching
Chapter5CablingaNetwork
CableProperties
CablingStandards
DataLinkLayerProtocolStandards
CoaxialCable
ThickEthernet
ThinEthernet
CableTelevision
Twisted-PairCable
UnshieldedTwisted-Pair
Category5e
Cat6and6a
Cat7
ConnectorPinouts
ShieldedTwisted-Pair
Fiber-OpticCable
Fiber-OpticCableConstruction
Fiber-OpticConnectors
Chapter6WirelessLANs
WirelessNetworks
AdvantagesandDisadvantagesofWirelessNetworks
TypesofWirelessNetworks
WirelessApplications
TheIEEE802.11Standards
ThePhysicalLayer
PhysicalLayerFrames
TheDataLinkLayer
DataLinkLayerFrames
![Page 11: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/11.jpg)
MediaAccessControl
Chapter7WideAreaNetworks
IntroductiontoTelecommunications
WANUtilization
SelectingaWANTechnology
PSTN(POTS)Connections
LeasedLines
Leased-LineTypes
Leased-LineHardware
Leased-LineApplications
ISDN
ISDNServices
ISDNCommunications
ISDNHardware
DSL
SwitchingServices
Packet-SwitchingServices
Circuit-SwitchingServices
FrameRelay
Frame-RelayHardware
VirtualCircuits
Frame-RelayMessaging
ATM
ThePhysicalLayer
TheATMLayer
TheATMAdaptationLayer
ATMSupport
SONET
Chapter8ServerTechnologies
PurchasingaServer
UsingMultipleProcessors
ParallelProcessing
![Page 12: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/12.jpg)
ServerClustering
UsingHierarchicalStorageManagement
FibreChannelNetworking
NetworkStorageSubsystems
Chapter9DesigningaNetwork
ReasoningtheNeed
SeekingApproval
DesigningaHomeorSmall-OfficeNetwork
SelectingComputers
SelectingaNetworkingProtocol
ChoosingaNetworkMedium
ChoosingaNetworkSpeed
DesigninganInternetwork
SegmentsandBackbones
DistributedandCollapsedBackbones
BackboneFaultTolerance
SelectingaBackboneLANProtocol
ConnectingtoRemoteNetworks
SelectingaWANTopology
PlanningInternetAccess
LocatingEquipment
WiringClosets
DataCenters
FinalizingtheDesign
PartIIINetworkProtocolsChapter10EthernetBasics
EthernetDefined
EthernetStandards
EthernetII
IEEE802.3
DIXEthernetandIEEE802.3Differences
IEEEShorthandIdentifiers
![Page 13: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/13.jpg)
CSMA/CD
Collisions
LateCollisions
PhysicalLayerGuidelines
10Base-5(ThickEthernet)
10Base-2(ThinEthernet)
10Base-Tor100Base-T(Twisted-PairEthernet)
Fiber-OpticEthernet
CablingGuidelines
ExceedingEthernetCablingSpecifications
TheEthernetFrame
TheIEEE802.3Frame
TheEthernetIIFrame
TheLogicalLinkControlSublayer
TheSNAPHeader
Full-DuplexEthernet
Full-DuplexRequirements
Full-DuplexFlowControl
Full-DuplexApplications
Chapter11100BaseEthernetandGigabitEthernet
100BaseEthernet
PhysicalLayerOptions
CableLengthRestrictions
Autonegotiation
GigabitEthernet
GigabitEthernetArchitecture
MediaAccessControl
TheGigabitMedia-IndependentInterface
ThePhysicalLayer
EthernetTroubleshooting
EthernetErrors
IsolatingtheProblem
![Page 14: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/14.jpg)
100VG-AnyLAN
TheLogicalLinkControlSublayer
TheMACandRMACSublayers
ThePhysicalMedium–IndependentSublayer
TheMedium-IndependentInterfaceSublayer
ThePhysicalMedium–DependentSublayer
TheMedium-DependentInterface
Workingwith100VG-AnyLAN
Chapter12NetworkingProtocols
TokenRing
TheTokenRingPhysicalLayer
TokenPassing
TokenRingFrames
TokenRingErrors
FDDI
FDDITopology
PartIVNetworkSystemsChapter13TCP/IP
TCP/IPAttributes
TCP/IPArchitecture
TheTCP/IPProtocolStack
IPVersions
IPv4Addressing
SubnetMasking
IPAddressRegistration
SpecialIPAddresses
Subnetting
PortsandSockets
TCP/IPNaming
TCP/IPProtocols
SLIPandPPP
ARP
![Page 15: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/15.jpg)
IP
Chapter14OtherTCP/IPProtocols
IPv6
IPv6Addresses
IPv6AddressStructure
OtherProtocols
ICMP
UDP
TCP
Chapter15TheDomainNameSystem
HostTables
HostTableProblems
DNSObjectives
DomainNaming
Top-LevelDomains
Second-LevelDomains
Subdomains
DNSFunctions
ResourceRecords
DNSNameResolution
ReverseNameResolution
DNSNameRegistration
ZoneTransfers
DNSMessaging
TheDNSHeaderSection
TheDNSQuestionSection
DNSResourceRecordSections
DNSMessageNotation
NameResolutionMessages
RootNameServerDiscovery
ZoneTransferMessages
Chapter16InternetServices
![Page 16: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/16.jpg)
WebServers
SelectingaWebServer
HTML
HTTP
FTPServers
FTPCommands
FTPReplyCodes
FTPMessaging
E-mailAddressing
E-mailClientsandServers
SimpleMailTransferProtocol
PostOfficeProtocol
InternetMessageAccessProtocol
PartVNetworkOperatingServicesChapter17Windows
TheRoleofWindows
Versions
ServicePacks
MicrosoftTechnicalSupport
OperatingSystemOverview
KernelModeComponents
UserModeComponents
Services
TheWindowsNetworkingArchitecture
TheNDISInterface
TheTransportDriverInterface
TheWorkstationService
TheServerService
APIs
FileSystems
FAT16
![Page 17: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/17.jpg)
FAT32
NTFS
ResilientFileSystem
TheWindowsRegistry
OptionalWindowsNetworkingServices
ActiveDirectory
MicrosoftDHCPServer
MicrosoftDNSServer
WindowsInternetNamingService
Chapter18ActiveDirectory
ActiveDirectoryArchitecture
ObjectTypes
ObjectNaming
Domains,Trees,andForests
DNSandActiveDirectory
GlobalCatalogServer
DeployingActiveDirectory
CreatingDomainControllers
DirectoryReplication
Sites
MicrosoftManagementConsole
DesigninganActiveDirectory
PlanningDomains,Trees,andForests
Chapter19Linux
UnderstandingLinux
LinuxDistributions
AdvantagesandDisadvantagesofLinux
FileSystems
LinuxInstallationQuestions
DirectoryStructure
QuickCommandsinLinux
WorkingwithLinuxFiles
![Page 18: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/18.jpg)
Journaling
Editing
LackofFragmentation
Chapter20Unix
UnixPrinciples
UnixArchitecture
UnixVersions
UnixSystemV
BSDUnix
UnixNetworking
UsingRemoteCommands
BerkeleyRemoteCommands
DARPACommands
NetworkFileSystem
Client-ServerNetworking
Chapter21OtherNetworkOperatingSystemsandNetworkingintheCloud
HistoricalSystems
FreeBSD
NetBSD
OpenBSD
OracleSolaris
OperatingintheCloud
HistoryoftheCloud
BenefitsoftheCloud
DisadvantagesintheCloud
HowtheCloudWorks
CloudTypes
CloudServiceModels
InfrastructureasaService
PlatformasaService
SoftwareasaService
NetworkasaService
![Page 19: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/19.jpg)
PartVINetworkServicesChapter22NetworkClients
WindowsNetworkClients
WindowsNetworkingArchitecture
NetWareClients
MacintoshClients
ConnectingMacintoshSystemstoWindowsNetworks
UnixClients
Applications
UnixAccess
Windows7Interface
Windows8Interface
Chapter23NetworkSecurityBasics
SecuringtheFileSystem
TheWindowsSecurityModel
WindowsFileSystemPermissions
UnixFileSystemPermissions
VerifyingIdentities
FTPUserAuthentication
Kerberos
PublicKeyInfrastructure
DigitalCertificates
Token-BasedandBiometricAuthentication
SecuringNetworkCommunications
IPsec
SSL
Firewalls
PacketFilters
NetworkAddressTranslation
ProxyServers
Circuit-LevelGateways
CombiningFirewallTechnologies
![Page 20: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/20.jpg)
Chapter24WirelessSecurity
WirelessFunctionality
WirelessNetworkComponents
WirelessRouterTypes
WirelessTransmission
WirelessAccessPoints
CreatingaSecureWirelessNetwork
SecuringaWirelessHomeNetwork
SecuringaBusinessNetwork
SecuringaWirelessRouter
SecuringMobileDevices
WhatAretheRisks?
UnsecuredHomeNetworks
WirelessInvasionTools
UnderstandingEncryption
Chapter25OverviewofNetworkAdministration
LocatingApplicationsandDatainWindowsSystems
Server-BasedOperatingSystems
Server-BasedApplications
StoringDataFiles
ControllingtheWorkstationEnvironment
DriveMappingsinWindows
UserProfiles
ControllingtheWorkstationRegistry
UsingSystemPolicies
Chapter26NetworkManagementandTroubleshootingTools
OperatingSystemUtilities
WindowsUtilities
TCP/IPUtilities
NetworkAnalyzers
FilteringData
TrafficAnalysis
![Page 21: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/21.jpg)
ProtocolAnalysis
CableTesters
Chapter27BackingUp
BackupHardware
BackupCapacityPlanning
HardDiskDrives
RAIDSystems
UsingRAID
Network-AttachedStorage
MagneticTapeDrives
TapeDriveInterfaces
MagneticTapeCapacities
BackupSoftware
SelectingBackupTargets
BackingUpOpenFiles
RecoveringfromaDisaster
JobScheduling
RotatingMedia
BackupAdministration
EventLogging
PerformingRestores
Index
![Page 22: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/22.jpg)
TAcknowledgments
hisbook,likemostothers,istheendproductofalotofhardworkbymanypeople.Allofthepeopleinvolveddeservegreatthanks.Aspecialthank-youtothefollowing:
•RogerStewart,acquisitionseditoratMcGraw-HillEducation,forhissupport,understanding,andalwaysavailableear.Heandhisteamareunbeatable.
•Twoothermembersoftheteam,PattyMonandAmandaRussell.Pattyisthefinesteditorialsupervisoraround.Sheisbeyondhelpful,alwaysconsiderateandthoughtful,andjust“there”foranyquestions.Sheisagem.Thegenerous,organized,andalwayson“top”ofanyconcernorissue,editorialcoordinatorAmandaRussell.Amandaeitherhastheanswerathandorfindsoutquicklyandreliably.Thesefewdescriptivewordsareonlythetipoftheicebergwhendiscussingtheirtalent,professionalism,andalwaysgenerousspirits.
•Thetechnicaleditors,RandyNollanandDwightSpivey,forthesupport,suggestions,andideas.Theseskilledandproficientgentlemenmadetheprocessfun.Andaspecialthank-youtoVanAguirreforhishardworkatthebeginningoftheproject.
•AsheeshRatraandhisteamatMPSLimited,whodeservegreatthanksandappreciationfortheirhardworkandexpertise.Itwasapleasureandhonorworkingwiththem!
![Page 23: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/23.jpg)
TIntroduction
hisbookisdesignedasathorough,practicalplanningguideandunderpinningofknowledgeforITnetworkingprofessionalsaroundtheworld,includingstudentsofIT
networkingcourses,beginningnetworkadministrators,andthoseseekingworkintheITnetworkingfield.
BenefittoYou,theReaderAfterreadingthisbook,youwillbeabletosetupaneffectivenetwork.Thebookteacheseverything,includingmethodology,analysis,caseexamples,tips,andallthetechnicalsupportingdetailsneededtosuitanITaudience’srequirements,soitwillbenefiteveryonefrombeginnerstothosewhoareintermediate-levelpractitioners.
WhatThisBookCoversThisbookcoversthedetailsaswellasthebigpicturefornetworking,includingbothphysicalandvirtualnetworks.Itdiscusseshowtoevaluatethevariousnetworkingoptionsandexplainshowtomanagenetworksecurityandtroubleshooting.
OrganizationThisbookislogicallyorganizedintosixparts.Withineachpart,thechaptersstartwithbasicconceptsandprocedures,mostofwhichinvolvespecificnetworkingtasks,andthenworktheirwayuptomoreadvancedtopics.
Itisnotnecessarytoreadthisbookfrombeginningtoend.Skiparoundasdesired.Thefollowingsectionssummarizethebook’sorganizationandcontents.
PartI:NetworkBasicsThispartofthebookintroducesnetworkingconceptsandexplainsboththeOSIandTCP/IPmodels.
•Chapter1:WhatIsaNetwork?
•Chapter2:TheOSIReferenceModel
PartII:NetworkHardwareThispartofthebookdiscussesthevarioushardwareitemsusedinacomputernetwork.Italsoexplainssomebasicswhendesigninganetwork.
•Chapter3:NetworkInterfaceAdapters
•Chapter4:NetworkInterfaceAdaptersandConnectionDevices
•Chapter5:CablingaNetwork
•Chapter6:WirelessLANs
•Chapter7:WideAreaNetworks
![Page 24: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/24.jpg)
•Chapter8:ServerTechnologies
•Chapter9:DesigningaNetwork
PartIII:NetworkProtocolsThispartofthebookexplainsthevariousrulesandprotocolsfornetworks.
•Chapter10:EthernetBasics
•Chapter11:100BaseEthernetandGigabitEthernet
•Chapter12:NetworkingProtocols
PartIV:NetworkSystemsThispartofthebookdiscussesthevariousnetworkoperatingsystems.
•Chapter13:TCP/IP
•Chapter14:OtherTCP/IPProtocols
•Chapter15:TheDomainNameSystem
•Chapter16:InternetServices
PartV:NetworkOperatingServicesInthispartofthebook,youwilllearnabitmoreaboutthebasicsofsomeoftheotherservicesavailable,includingcloudnetworking.InChapter23,youwilllearnsomeofthebasicsneededtosecureyournetwork.
•Chapter17:Windows
•Chapter18:ActiveDirectory
•Chapter19:Linux
•Chapter20:Unix
•Chapter21:OtherNetworkOperatingSystemsandNetworkingintheCloud
PartVI:NetworkServicesFromclientstosecuritytotheall-importantbackup,thissectioncoverssomeoftheday-to-dayoperationsinnetworking.
•Chapter22:NetworkClients
•Chapter23:NetworkSecurityBasics
•Chapter24:WirelessSecurity
•Chapter25:OverviewofNetworkAdministration
•Chapter26:NetworkManagementandTroubleshootingTools
•Chapter27:BackingUp
![Page 25: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/25.jpg)
ConventionsAllhow-tobooks—especiallycomputerbooks—havecertainconventionsforcommunicatinginformation.Here’sabriefsummaryoftheconventionsusedthroughoutthisbook.
MenuCommandsWindowsandmostotheroperatingsystemsmakecommandsaccessibleonthemenubaratthetopoftheapplicationwindow.Throughoutthisbook,youaretoldwhichmenucommandstochoosetoopenawindowordialogortocompleteatask.Thefollowingformatisusedtoindicatemenucommands:Menu|Submenu(ifapplicable)|Command.
KeystrokesKeystrokesarethekeysyoumustpresstocompleteatask.Therearetwokindsofkeystrokes:
•KeyboardshortcutsCombinationsofkeysyoupresstocompleteataskmorequickly.Forexample,theshortcutfor“clicking”aCancelbuttonmaybetopresstheEsckey.Whenyouaretopressakey,youwillseethenameofthekeyinsmallcaps,likethis:ESC.Ifyoumustpresstwoormorekeyssimultaneously,theyareseparatedwithahyphen,likethis:CTRL-P.
•LiteraltextTextyoumusttypeinexactlyasitappearsinthebook.Althoughthisbookdoesn’tcontainmanyinstancesofliteraltext,thereareafew.Literaltexttobetypedisinboldfacetype,likethis:Typehelpattheprompt.
•MonospacefontTextthatyouseeatthecommandline.Itlookslikethis:Nslookup–nameserver
![Page 26: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/26.jpg)
PART
![Page 27: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/27.jpg)
I NetworkBasics
CHAPTER1
WhatIsaNetwork?
CHAPTER2
TheOSIReferenceModel
![Page 28: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/28.jpg)
CHAPTER
![Page 29: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/29.jpg)
1 WhatIsaNetwork?
Atitscore,anetworkissimplytwo(ormore)connectedcomputers.Computerscanbeconnectedwithcablesortelephonelines,ortheycanconnectwirelesslywithradiowaves,fiber-opticlines,oreveninfraredsignals.Whencomputersareabletocommunicate,theycanworktogetherinavarietyofways:bysharingtheirresourceswitheachother,bydistributingtheworkloadofaparticulartask,orbyexchangingmessages.Today,themostwidelyusednetworkistheInternet.Thisbookexaminesindetailhowcomputersonanetworkcommunicate;whatfunctionstheyperform;andhowtogoaboutbuilding,operating,andmaintainingthem.
Theoriginalmodelforcollaborativecomputingwastohaveasinglelargecomputerconnectedtoaseriesofterminals,eachofwhichwouldserviceadifferentuser.Thiswascalledtimesharingbecausethecomputerdivideditsprocessorclockcyclesamongtheterminals.Usingthisarrangement,theterminalsweresimplycommunicationsdevices;theyacceptedinputfromusersthroughakeyboardandsentittothecomputer.Whenthecomputerreturnedaresult,theterminaldisplayeditonascreenorprinteditonpaper.Theseterminalsweresometimescalleddumbterminalsbecausetheydidn’tperformanycalculationsontheirown.Theterminalscommunicatedwiththemaincomputer,neverwitheachother.
Astimepassedandtechnologyprogressed,engineersbegantoconnectcomputerssothattheycouldcommunicate.Atthesametime,computerswerebecomingsmallerandlessexpensive,givingrisetomini-andmicrocomputers.Thefirstcomputernetworksusedindividuallinks,suchastelephoneconnections,toconnecttwosystems.Thereareanumberofcomputernetworkingtypesandseveralmethodsofcreatingthesetypes,whichwillbecoveredinthischapter.
LocalAreaNetworkSoonafterthefirstIBMPCshitthemarketinthe1980sandrapidlybecameacceptedasabusinesstool,theadvantagesofconnectingthesesmallcomputersbecameobvious.Ratherthansupplyingeverycomputerwithitsownprinter,anetworkofcomputerscouldshareasingleprinter.Whenoneuserneededtogiveafiletoanotheruser,anetworkeliminatedtheneedtoswapfloppydisks.Theproblem,however,wasthatconnectingadozencomputersinanofficewithindividualpoint-to-pointlinksbetweenallofthemwasnotpractical.Theeventualsolutiontothisproblemwasthelocalareanetwork(LAN).
ALANisagroupofcomputersconnectedbyasharedmedium,usuallyacable.Bysharingasinglecable,eachcomputerrequiresonlyoneconnectionandcanconceivablycommunicatewithanyothercomputeronthenetwork.ALANislimitedtoalocalareabytheelectricalpropertiesofthecablesusedtoconstructthemandbytherelativelysmallnumberofcomputersthatcanshareasinglenetworkmedium.LANsaregenerallyrestrictedtooperationwithinasinglebuildingor,atmost,acampusofadjacentbuildings.
Sometechnologies,suchasfiberoptics,haveextendedtherangeofLANstoseveral
![Page 30: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/30.jpg)
kilometers,butitisn’tpossibletouseaLANtoconnectcomputersindistantcities,forexample.Thatistheprovinceofthewideareanetwork(WAN),asdiscussedlaterinthischapter.
Inmostcases,aLANisabaseband,packet-switchingnetwork.Anunderstandingofthetermsbasebandandpacketswitching,whichareexaminedinthefollowingsections,isnecessarytounderstandhowdatanetworksoperatebecausethesetermsdefinehowcomputerstransmitdataoverthenetworkmedium.
Basebandvs.BroadbandAbasebandnetworkisoneinwhichthecableorothernetworkmediumcancarryonlyasinglesignalatanyonetime.Abroadbandnetwork,ontheotherhand,cancarrymultiplesignalssimultaneously,usingadiscretepartofthecable’sbandwidthforeachsignal.Asanexampleofabroadbandnetwork,considerthecabletelevisionserviceyouprobablyhaveinyourhome.AlthoughonlyonecablerunstoyourTV,itsuppliesyouwithdozensofchannelsofprogrammingatthesametime.Ifyouhavemorethanonetelevisionconnectedtothecableservice,theinstallerprobablyusedasplitter(acoaxialfittingwithoneconnectorfortheincomingsignalsandtwoconnectorsforoutgoingsignals)torunthesinglecableenteringyourhousetotwodifferentrooms.ThefactthattheTVscanbetunedtodifferentprogramsatthesametimewhileconnectedtothesamecableprovesthatthecableisprovidingaseparatesignalforeachchannelatalltimes.Abasebandnetworkusespulsesapplieddirectlytothenetworkmediumtocreateasinglesignalthatcarriesbinarydatainencodedform.Comparedtobroadbandtechnologies,basebandnetworksspanrelativelyshortdistancesbecausetheyaresubjecttodegradationcausedbyelectricalinterferenceandotherfactors.Theeffectivemaximumlengthofabasebandnetworkcablesegmentdiminishesasitstransmissionrateincreases.ThisiswhylocalareanetworkingprotocolssuchasEthernethavestrictguidelinesforcableinstallations.
NOTEAcablesegmentisanunbrokennetworkcablethatconnectstwonodes.
PacketSwitchingvs.CircuitSwitchingLANsarecalledpacket-switchingnetworksbecausetheircomputersdividetheirdataintosmall,discreteunitscalledpacketsbeforetransmittingit.Thereisalsoasimilartechniquecalledcellswitching,whichdiffersfrompacketswitchingonlyinthatcellsarealwaysaconsistent,uniformsize,whereasthesizeofpacketsisvariable.MostLANtechnologies,suchasEthernet,TokenRing,andFiberDistributedDataInterface(FDDI),usepacketswitching.AsynchronousTransferMode(ATM)isthecell-switchingLANprotocolthatismostcommonlyused.
UnderstandingPacketsE-mailmaybetheeasiestwaytounderstandpackets.Eachmessageisdividedbythesendingserviceintoaspecificnumberofbytes,oftenbetween1,000and1,500.Theneachpacketissentusingthemostefficientroute.Forexample,ifyouaresendingan
![Page 31: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/31.jpg)
e-mailtoyourcompany’shomeofficefromyourvacationcabin,eachpacketwillprobablytravelalongadifferentroute.Thisismoreefficient,andifanyonepieceofequipmentisnotworkingproperlyinthenetworkwhileamessageisbeingtransferred,thepacketthatwouldusethatpieceofequipmentcanberoutedaroundtheproblemareaandsentonanotherroute.Whenthemessagereachesitsdestination,thepacketsarereassembledfordeliveryoftheentiremessage.
SegmentingthedatainthiswayisnecessarybecausethecomputersonaLANshareasinglecable,andacomputertransmittingasingleunbrokenstreamofdatawouldmonopolizethenetworkfortoolong.Ifyouweretoexaminethedatabeingtransmittedoverapacket-switchingnetwork,youwouldseethepacketsgeneratedbyseveraldifferentsystemsintermixedonthecable.Thereceivingsystem,therefore,musthaveamechanismforreassemblingthepacketsintothecorrectorderandrecognizingtheabsenceofpacketsthatmayhavebeenlostordamagedintransit.
Theoppositeofpacketswitchingiscircuitswitching,inwhichonesystemestablishesadedicatedcommunicationchanneltoanothersystembeforeanydataistransmitted.Inthedatanetworkingindustry,circuitswitchingisusedforcertaintypesofwideareanetworkingtechnologies,suchasIntegratedServicesDigitalNetwork(ISDN)andframerelay.Theclassicexampleofacircuit-switchingnetworkisthepublictelephonesystem.Whenyouplaceacalltoanotherperson,aphysicalcircuitisestablishedbetweenyourtelephoneandtheirs.Thiscircuitremainsactivefortheentiredurationofthecall,andnooneelsecanuseit,evenwhenitisnotcarryinganydata(thatis,whennooneistalking).
Intheearlydaysofthetelephonesystem,everyphonewasconnectedtoacentralofficewithadedicatedcable,andoperatorsusingswitchboardsmanuallyconnectedacircuitbetweenthetwophonesforeverycall.Whiletodaytheprocessisautomatedandthetelephonesystemtransmitsmanysignalsoverasinglecable,theunderlyingprincipleisthesame.
LANswereoriginallydesignedtoconnectasmallnumberofcomputersintowhatlatercametobecalledaworkgroup.Ratherthaninvestingahugeamountofmoneyintoalarge,mainframecomputerandthesupportsystemneededtorunit,businessownerscametorealizethattheycouldpurchaseafewcomputers,cablethemtogether,andperformmostofthecomputingtaskstheyneeded.Asthecapabilitiesofpersonalcomputersandapplicationsgrew,sodidthenetworks,andthetechnologyusedtobuildthemprogressedaswell.
CablesandTopologiesMostLANsarebuiltaroundcoppercablesthatusestandardelectricalcurrentstorelaytheirsignals.Originally,mostLANsconsistedofcomputersconnectedwithcoaxialcables,buteventually,thetwisted-paircablingusedfortelephonesystemsbecamemorepopular.Anotheralternativeisfiber-opticcable,whichdoesn’tuseelectricalsignalsatallbutinsteadusespulsesoflighttoencodebinarydata.Othertypesofnetworkinfrastructureseliminatecablesentirelyandtransmitsignalsusingwhatisknownasunboundedmedia,suchasradiowaves,infrared,andmicrowaves.
![Page 32: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/32.jpg)
NOTEFormoreinformationaboutthevarioustypesofcablesusedindatanetworking,seeChapter5.
LANsconnectcomputersusingvarioustypesofcablingpatternscalledtopologies(seeFigure1-1),whichdependonthetypeofcableusedandtheprotocolsrunningonthecomputers.Themostcommontopologiesareasfollows:
•BusAbustopologytakestheformofacablethatrunsfromonecomputertothenextoneinadaisy-chainfashion,muchlikeastringofChristmastreelights.Allofthesignalstransmittedbythecomputersonthenetworktravelalongthebusinbothdirectionstoalloftheothercomputers.Thetwoendsofthebusmustbeterminatedwithelectricalresistorsthatnullifythevoltagesreachingthemsothatthesignalsdonotreflectintheotherdirection.Theprimarydrawbackofthebustopologyisthat,likethestringofChristmaslightsitresembles,afaultinthecableanywherealongitslengthsplitsthenetworkintwoandpreventssystemsonoppositesidesofthebreakfromcommunicating.Inaddition,thelackofterminationateitherhalfcanpreventcomputersthatarestillconnectedfromcommunicatingproperly.AswithChristmaslights,findingasinglefaultyconnectioninalargebusnetworkcanbetroublesomeandtimeconsuming.Mostcoaxialcablenetworks,suchastheoriginalEthernetLANs,useabustopology.
•Star(hubandspoke)Astartopologyusesaseparatecableforeachcomputerthatrunstoacentralcablingnexuscalledahuborconcentrator.Thehubpropagatesthesignalsenteringthroughanyoneofitsportsoutthroughalloftheotherportssothatthesignalstransmittedbyeachcomputerreachalltheothercomputers.Hubsalsoamplifythesignalsastheyprocessthem,enablingthemtotravellongerdistanceswithoutdegrading.Astarnetworkismorefaulttolerantthanabusbecauseabreakinacableaffectsonlythedevicetowhichthatcableisconnected,nottheentirenetwork.Mostofthenetworkingprotocolsthatcallfortwisted-paircable,suchas10Base-Tand100Base-TEthernet,usethestartopology.
•StarbusAstarbustopologyisonemethodforexpandingthesizeofaLANbeyondasinglestar.Inthistopology,anumberofstarnetworksarejoinedtogetherusingaseparatebuscablesegmenttoconnecttheirhubs.Eachcomputercanstillcommunicatewithanyothercomputeronthenetworkbecauseeachofthehubstransmitsitsincomingtrafficoutthroughthebusportaswellastheotherstarports.Designedtoexpand10Base-TEthernetnetworks,thestarbusisrarelyseentodaybecauseofthespeedlimitationsofcoaxialbusnetworks,whichcanfunctionasabottleneckthatdegradestheperformanceoffasterstarnetworktechnologiessuchasFastEthernet.
•RingThistopologyissimilartoabustopology,exceptthesetopologiestransmitinonedirectiononlyfromstationtostation.Aringtopologyoftenusesseparatephysicalportsandwirestosendandreceivedata.Aringtopologyisfunctionallyequivalenttoabustopologywiththetwoendsconnectedsothatsignalstravelfromonecomputertothenextinanendlesscircularfashion.However,thecommunicationsringisonlyalogicalconstruct,notaphysicalone.
![Page 33: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/33.jpg)
Thephysicalnetworkisactuallycabledusingastartopology,andaspecialhubcalledamultistationaccessunit(MSAU)implementsthelogicalringbytakingeachincomingsignalandtransmittingitoutthroughthenextdownstreamportonly(insteadofthroughalloftheotherports,likeastarhub).Eachcomputer,uponreceivinganincomingsignal,processesit(ifnecessary)andsendsitrightbacktothehubfortransmissiontothenextstationonthering.Becauseofthisarrangement,systemsthattransmitsignalsontothenetworkmustalsoremovethesignalsaftertheyhavetraversedtheentirering.Networksconfiguredinaringtopologycanuseseveraldifferenttypesofcable.TokenRingnetworks,forexample,usetwisted-paircables,whileFDDInetworksusetheringtopologywithfiber-opticcable.
•DaisychainsThesetopologiesarethesimplestformasonedeviceisconnectedtoanotherthroughserialports.Thinkofacomputerhookedtoaprinterandtheprinter,inturn,beinghookedtoalaptop.
•HierarchicalstarThehierarchicalstartopologyisthemostcommonmethodforexpandingastarnetworkbeyondthecapacityofitsoriginalhub.Whenahub’sportsareallfilledandyouhavemorecomputerstoconnecttothenetwork,youcanconnecttheoriginalhubtoasecondhubusingacablepluggedintoaspecialportdesignatedforthispurpose.Trafficarrivingateitherhubisthenpropagatedtotheotherhubaswellastotheconnectedcomputers.ThenumberofhubsthatasingleLANcansupportisdependentontheprotocolituses.
![Page 34: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/34.jpg)
Figure1-1Commoncabletopographies
Thetopologiesdiscussedherearephysicaltopologies,whichdifferfromlogicaltopologiesthatarediscussedinlaterchapters.Physicaltopologiesrefertotheplacementofcablesandothercomponentsofthenetwork.Logicaltopologiesrefertotheflowofdataonthenetwork.
MediaAccessControlWhenmultiplecomputersareconnectedtothesamebasebandnetworkmedium,theremustbeamediaaccesscontrol(MAC)mechanismthatarbitratesaccesstothenetworktopreventsystemsfromtransmittingdataatthesametime.AMACmechanismisafundamentalpartofalllocalareanetworkingprotocolsthatuseasharednetworkmedium.ThetwomostcommonMACmechanismsareCarrierSenseMultipleAccesswithCollisionDetection(CSMA/CD),whichisusedbyEthernetnetworks,andtokenpassing,whichisusedbyTokenRing,FDDI,andotherprotocols.Thesetwomechanismsarefundamentallydifferent,buttheyaccomplishthesametaskbyprovidingeachsystemonthenetworkwithanequalopportunitytotransmititsdata.(FormoreinformationabouttheseMACmechanisms,seeChapter10forCSMA/CDandChapter12fortokenpassing.)
![Page 35: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/35.jpg)
AddressingForsystemsonasharednetworkmediumtocommunicateeffectively,theymusthavesomemeansofidentifyingeachother,usuallysomeformofnumericaladdress.Inmostcases,thenetworkinterfacecard(NIC)installedintoeachcomputerhasanaddresshard-codedintoitatthefactory,calleditsMACaddressorhardwareaddress,whichuniquelyidentifiesthatcardamongallothers.Everypacketthateachcomputertransmitsoverthenetworkcontainstheaddressofthesendingcomputerandtheaddressofthesystemforwhichthepacketisintended.
InadditiontotheMACaddress,systemsmayhaveotheraddressesoperatingatotherlayers.Forexample,TransmissionControlProtocol/InternetProtocol(TCP/IP)requiresthateachsystembeassignedauniqueIPaddressinadditiontotheMACaddressitalreadypossesses.Systemsusethevariousaddressesfordifferenttypesofcommunications.(SeeChapter3formoreinformationonMACaddressingandChapter13formoreinformationonIPaddressing.)
Repeaters,Bridges,Switches,andRoutersLANswereoriginallydesignedtosupportonlyarelativelysmallnumberofcomputers—30forthinEthernetnetworksand100forthickEthernet—buttheneedsofbusinessesquicklyoutgrewtheselimitations.Tosupportlargerinstallations,engineersdevelopedproductsthatenabledadministratorstoconnecttwoormoreLANsintowhatisknownasaninternetwork,whichisessentiallyanetworkofnetworksthatenablesthecomputersononenetworktocommunicatewiththoseonanother.Don’tconfusethegenericterminternetworkwiththeInternet.TheInternetisanexampleofanextremelylargeinternetwork,butanyinstallationthatconsistsoftwoormoreLANsconnectedisalsoaninternetwork.Thisterminologyisconfusingbecauseitissooftenmisused.Sometimeswhatusersmeanwhentheyrefertoanetworkisactuallyaninternetwork,andatothertimes,whatmayseemtobeaninternetworkisactuallyasingleLAN.Strictlyspeaking,aLANoranetworksegmentisagroupofcomputersthatshareanetworkcablesothatabroadcastmessagetransmittedbyonesystemreachesalloftheothersystems,evenifthatsegmentisactuallycomposedofmanypiecesofcable.Forexample,onatypical10Base-TEthernetLAN,allofthecomputersareconnectedtoahubusingindividuallengthsofcable.Regardlessofthatfact,thisarrangementisstillanexampleofanetworksegmentorLAN.IndividualLANscanbeconnectedusingseveraldifferenttypesofdevices,someofwhichsimplyextendtheLANwhileanothercreatesaninternetwork.Thesedevicesareasfollows:
•RepeatersArepeaterisapurelyelectricaldevicethatextendsthemaximumdistanceaLANcablecanspanbyamplifyingthesignalspassingthroughit.Thehubsusedonstarnetworksaresometimescalledmultiportrepeatersbecausetheyhavesignalamplificationcapabilitiesintegratedintotheunit.Stand-alonerepeatersarealsoavailableforuseoncoaxialnetworkstoextendthemoverlongerdistances.UsingarepeatertoexpandanetworksegmentdoesnotdivideitintotwoLANsorcreateaninternetwork.
•BridgesAbridgeprovidestheamplificationfunctionofarepeater,along
![Page 36: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/36.jpg)
withtheabilitytoselectivelyfilterpacketsbasedontheiraddresses.Packetsthatoriginateononesideofthebridgearepropagatedtotheothersideonlyiftheyareaddressedtoasystemthatexiststhere.Becausebridgesdonotpreventbroadcastmessagesfrombeingpropagatedacrosstheconnectedcablesegments,they,too,donotcreatemultipleLANsortransformanetworkintoaninternetwork.
•SwitchesSwitchesarerevolutionarydevicesthatinmanycaseseliminatethesharednetworkmediumentirely.Aswitchisessentiallyamultiportrepeater,likeahub,exceptthatinsteadofoperatingatapurelyelectricallevel,theswitchreadsthedestinationaddressineachincomingpacketandtransmitsitoutonlythroughtheporttowhichthedestinationsystemisconnected.
•RoutersArouterisadevicethatconnectstwoLANstoformaninternetwork.Likeabridge,arouterforwardsonlythetrafficthatisdestinedfortheconnectedsegment,butunlikerepeatersandbridges,routersdonotforwardbroadcastmessages.Routerscanalsoconnectdifferenttypesofnetworks(suchasEthernetandTokenRing),whereasbridgesandrepeaterscanconnectonlysegmentsofthesametype.
WideAreaNetworksInternetworkingenablesanorganizationtobuildanetworkinfrastructureofalmostunlimitedsize.InadditiontoconnectingmultipleLANsinthesamebuildingorcampus,aninternetworkcanconnectLANsatdistantlocationsthroughtheuseofwideareanetworklinks.AWANisacollectionofLANs,someorallofwhichareconnectedusingpoint-to-pointlinksthatspanrelativelylongdistances.AtypicalWANconnectionconsistsoftworouters,oneateachLANsite,connectedusingalong-distancelinksuchasaleasedtelephoneline.AnycomputerononeoftheLANscancommunicatewiththeotherLANbydirectingitstraffictothelocalrouter,whichrelaysitovertheWANlinktotheothersite.
WANlinksdifferfromLANsinthattheydonotuseasharednetworkmediumandtheycanspanmuchlongerdistances.Becausethelinkconnectsonlytwosystems,thereisnoneedformediaaccesscontrolorasharednetworkmedium.Anorganizationwithofficeslocatedthroughouttheworldcanbuildaninternetworkthatprovidesuserswithinstantaneousaccesstonetworkresourcesatanylocation.TheWANlinksthemselvescanusetechnologiesrangingfromtelephonelinestopublicdatanetworkstosatellitesystems.UnlikeaLAN,whichisnearlyalwaysprivatelyownedandoperated,anoutsideserviceprovider(suchasatelephonecompany)isnearlyalwaysinvolvedinaWANconnectionbecauseprivateorganizationsdon’tusuallyownthetechnologiesneededtocarrysignalsoversuchlongdistances.Generallyspeaking,WANconnectionscanbeslowerandmoreexpensivethanLANs,andsometimesmuchmoreso.Asaresult,oneofthegoalsofthenetworkadministratoristomaximizetheefficiencyofWANtrafficbyeliminatingunnecessarycommunicationsandchoosingthebesttypeoflinkfortheapplication.SeeChapter7formoreinformationonWANtechnologies.
TherearealsowirelessLAN/WANnetworksandmetropolitanareanetworks(MANs).AMANhasthreefeaturesthatdifferentiateitfrombothaLANandaWAN:
![Page 37: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/37.jpg)
•AMAN’ssizeisusuallybetweenthatofaLANandaWAN.Typically,itcoversbetween3and30miles(5to50km).AMANcanencompassseveralbuildings,acompanycampus,orasmalltown.
•AswithWANs,MANsarenormallyownedbyagrouporanetworkprovider.
•MANsareoftenusedasawaytoprovidesharedaccesstooneormoreWANs.
ProtocolsandStandardsCommunicationsbetweencomputersonanetworkaredefinedbyprotocols,standardizedmethodsthatthesoftwareprogramsonthecomputershaveincommon.Theseprotocolsdefineeverypartofthecommunicationsprocess,fromthesignalstransmittedovernetworkcablestothequerylanguagesthatenableapplicationsondifferentmachinestoexchangemessages.Networkedcomputersrunaseriesofprotocols,calledaprotocolstack,thatspansfromtheapplicationuserinterfaceatthetoptothephysicalnetworkinterfaceatthebottom.Thestackistraditionallysplitintosevenlayers.TheOpenSystemsInterconnection(OSI)referencemodeldefinesthefunctionsofeachlayerandhowthelayersworktogethertoprovidenetworkcommunications.Chapter2coverstheOSIreferencemodelindetail.
Earlynetworkingproductstendedtobeproprietarysolutionscreatedbyasinglemanufacturer,butastimepassed,interoperabilitybecameagreaterpriority,andorganizationswereformedtodevelopandratifynetworkingprotocolstandards.Mostofthesebodiesareresponsibleforlargenumbersoftechnicalandmanufacturingstandardsinmanydifferentdisciplines.Today,mostoftheprotocolsincommonusearestandardizedbythesebodies,someofwhichareasfollows:
•InstituteofElectricalandElectronicEngineers(IEEE)AU.S.-basedsocietyresponsibleforthepublicationoftheIEEE802workinggroup,whichincludesthestandardsthatdefinetheprotocolscommonlyknownasEthernetandTokenRing,aswellasmanyothers.
•InternationalOrganizationforStandardization(ISO)Aworldwidefederationofstandardsbodiesfrommorethan100countries,responsibleforthepublicationoftheOSIreferencemodeldocument.
•InternetEngineeringTaskForce(IETF)AnadhocgroupofcontributorsandconsultantswhocollaboratetodevelopandpublishstandardsforInternettechnologies,includingtheTCP/IPprotocols.
ClientsandServersLocalareanetworkingisbasedontheclient-serverprinciple,inwhichtheprocessesneededtoaccomplishaparticulartaskaredividedbetweencomputersfunctioningasclientsandservers.Thisisindirectcontrasttothemainframemodel,inwhichthecentralcomputerdidalloftheprocessingandsimplytransmittedtheresultstoauserataremoteterminal.Aserverisacomputerrunningaprocessthatprovidesaservicetoother
![Page 38: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/38.jpg)
computerswhentheyrequestit.Aclientisthecomputerrunningaprogramthatrequeststheservicefromaserver.
Forexample,aLAN-baseddatabaseapplicationstoresitsdataonaserver,whichstandsby,waitingforclientstorequestinformationfromit.Usersatworkstationcomputersrunadatabaseclientprograminwhichtheygeneratequeriesthatrequestspecificinformationinthedatabaseandtransmitthosequeriestotheserver.Theserverrespondstothequerieswiththerequestedinformationandtransmitsittotheworkstations,whichformatitfordisplaytotheusers.Inthiscase,theworkstationsareresponsibleforprovidingauserinterfaceandtranslatingtheuserinputintoaquerylanguageunderstoodbytheserver.Theyarealsoresponsiblefortakingtherawdatafromtheserveranddisplayingitinacomprehensibleformtotheuser.Theservermayhavetoservicedozensorhundredsofclients,soitisstillapowerfulcomputer.Byoffloadingsomeoftheapplication’sfunctionstotheworkstations,however,itsprocessingburdenisnowherenearwhatitwouldbeonamainframesystem.
OperatingSystemsandApplicationsClientsandserversareactuallysoftwarecomponents,althoughsomepeopleassociatethemwithspecifichardwareelements.Thisconfusionisbecausesomenetworkoperatingsystemsrequirethatacomputerbededicatedtotheroleofserverandthatothercomputersfunctionsolelyasclients.Thisisaclient-serveroperatingsystem,asopposedtoapeer-to-peeroperatingsystem,inwhicheverycomputercanfunctionasbothaclientandaserver.Themostbasicclient-serverfunctionalityprovidedbyanetworkoperatingsystem(NOS)istheabilitytosharefilesystemdrivesandprinters,andthisiswhatusuallydefinestheclientandserverroles.Atitscore,aNOSmakesservicesavailabletoitsnetworkclients.Thesystemcanprovidethefollowing:
•Printerservices,includingmanagingdevices,printjobs,whoisusingwhatasset,andwhatassetsarenotavailabletothenetwork
•Managinguseraccesstofilesandotherresources,suchastheInternet
•Systemmonitoring,includingprovidingnetworksecurity
•Makingnetworkadministrationutilitiesavailabletonetworkadministrators
Apartfromtheinternalfunctionsofnetworkoperatingsystems,manyLANapplicationsandnetworkservicesalsooperateusingtheclient-serverparadigm.Internetapplications,suchastheWorldWideWeb,consistofserversandclients,asdoadministrativeservicessuchastheDomainNameSystem(DNS).
Mostoftoday’sdesktopoperatingsystemsarecapableofprovidingsomeoftheservicestraditionallyascribedtoNOSssincemanysmall-office/home-office(SOHO)LANimplementationstakeadvantageofthefact.UnderstandingthismayhelpclarifythedistinctionbetweenLANsthataretrulyclient-server,relyingonnetworkoperatingsystems,andthosenetworkconfigurationsthatleveragepowerfulcomputerswithtoday’soperatingsystems.Theseoperatingsystemsarenotlimitedtocomputers,butcanincludecellphones,tablets,andotherproductsthatarenotconsideredtobe“computers.”
![Page 39: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/39.jpg)
CHAPTER
![Page 40: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/40.jpg)
2 TheOSIReferenceModel
Networkcommunicationstakeplaceonmanylevelsandcanbedifficulttounderstand,evenfortheknowledgeablenetworkadministrator.TheOpenSystemsInterconnection(OSI)referencemodelisatheoreticalconstructionthatseparatesnetworkcommunicationsintosevendistinctlayers,asshowninFigure2-1.Eachcomputeronthenetworkusesaseriesofprotocolstoperformthefunctionsassignedtoeachlayer.Thelayerscollectivelyformwhatisknownastheprotocolstackornetworkingstack.Atthetopofthestackistheapplicationthatmakesarequestforaresourcelocatedelsewhereonthenetwork,andatthebottomisthephysicalmediumthatactuallyconnectsthecomputersandformsthenetwork,suchasacable.
Figure2-1TheOSIreferencemodelwithitssevenlayers
TheOSIreferencemodelwasdevelopedintwoseparateprojectsbytheInternationalOrganizationforStandardization(ISO)andtheComitéConsultatifInternationalTéléphoniqueetTélégraphique(ConsultativeCommitteeforInternationalTelephoneandTelegraphy,orCCITT),whichisnowknownastheTelecommunicationsStandardizationSectoroftheInternationalTelecommunicationsUnion(ITU-T).Eachofthesetwobodiesdevelopeditsownseven-layermodel,butthetwoprojectswerecombinedin1983,resultinginadocumentcalled“TheBasicReferenceModelforOpenSystemsInterconnection”thatwaspublishedbytheISOasISO7498andbytheITU-TasX.200.
TheOSIstackwasoriginallyconceivedasthemodelforthecreationofaprotocolsuitethatwouldconformexactlytothesevenlayers.Thissuitenevermaterializedinacommercialform,however,andthemodelhassincebeenusedasateaching,reference,andcommunicationstool.Networkingprofessionals,educators,andauthorsfrequentlyrefertoprotocols,devices,orapplicationsasoperatingataparticularlayeroftheOSImodelbecauseusingthismodelbreaksacomplexprocessintomanageableunitsthatprovideacommonframeofreference.Manyofthechaptersinthisbookusethelayersofthemodeltohelpdefinenetworkingconcepts.However,itisimportanttounderstandthatnoneoftheprotocolstacksincommonusetodayconformsexactlytothelayersoftheOSImodel.Inmanycases,protocolshavefunctionsthatoverlaptwoormorelayers,suchasEthernet,whichisconsideredadatalinklayerprotocolbutwhichalsodefineselementsof
![Page 41: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/41.jpg)
thephysicallayer.
TheprimaryreasonwhyrealprotocolstacksdifferfromtheOSImodelisthatmanyoftheprotocolsusedtoday(includingEthernet)wereconceivedbeforetheOSImodeldocumentswerepublished.Infact,theTCP/IPprotocolshavetheirownlayeredmodel,whichissimilartotheOSImodelinseveralwaysbutusesonlyfourlayers(seeFigure2-2).Inaddition,developersareusuallymoreconcernedwithpracticalfunctionalitythanwithconformingtoapreexistingmodel.Theseven-layermodelwasdesignedtoseparatethefunctionsoftheprotocolstackinsuchawayastomakeitpossibleforseparatedevelopmentteamstoworkontheindividuallayers,thusstreamliningthedevelopmentprocess.However,ifasingleprotocolcaneasilyprovidethefunctionsthataredefinedasbelonginginseparatelayersofthemodel,whydivideitintotwoseparateprotocolsjustforthesakeofconformity?
Figure2-2TheOSIreferencemodelandtheTCP/IPprotocolstack
CommunicationsBetweentheLayersNetworkingistheprocessofsendingmessagesfromoneplacetoanother,andtheprotocolstackillustratedintheOSImodeldefinesthebasiccomponentsneededtotransmitmessagestotheirdestinations.Thecommunicationprocessiscomplexbecausetheapplicationsthatgeneratethemessageshavevaryingrequirements.Somemessageexchangesconsistofbriefrequestsandrepliesthathavetobeexchangedasquicklyaspossibleandwithaminimumamountofoverhead.Othernetworktransactions,suchasprogramfiletransfers,involvethetransmissionoflargeramountsofdatathatmustreachthedestinationinperfectcondition,withoutalterationofasinglebit.Stillothertransmissions,suchasstreamingaudioorvideo,consistofhugeamountsofdatathatcansurvivethelossofanoccasionalbit,byte,orpacket,butthatmustreachthedestinationinatimelymanner.
Thenetworkingprocessalsoincludesanumberofconversionsthatultimatelytaketheapplicationprogramminginterface(API)callsgeneratedbyapplicationsandtransformthemintoelectricalcharges,pulsesoflight,orothertypesofsignalsthatcanbetransmittedacrossthenetworkmedium.Finally,thenetworkingprotocolsmustseetoitthatthetransmissionsreachtheappropriatedestinationsinatimelymanner.Justasyou
![Page 42: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/42.jpg)
packagealetterbyplacingitinanenvelopeandwritinganaddressonit,thenetworkingprotocolspackagethedatageneratedbyanapplicationandaddressittoanothercomputeronthenetwork.
DataEncapsulationTosatisfyalloftherequirementsjustdescribed,theprotocolsoperatingatthevariouslayersworktogethertosupplyaunifiedqualityofservice.Eachlayerprovidesaservicetothelayersdirectlyaboveandbelowit.Outgoingtraffictravelsdownthroughthestacktothenetworkphysicalmedium,acquiringthecontrolinformationneededtomakethetriptothedestinationsystemasitgoes.Thiscontrolinformationtakestheformofheaders(andinonecaseafooter)thatsurroundthedatareceivedfromthelayerabove,inaprocesscalleddataencapsulation.Theheadersandfooterarecomposedofindividualfieldsthatcontaincontrolinformation(necessary/requiredbythesystemtodeliver)usedtogetthepackettoitsdestination.Inasense,theheadersandfooterformtheenvelopethatcarriesthemessagereceivedfromthelayerabove.
Inatypicaltransaction,showninFigure2-3,anapplicationlayerprotocol(whichalsoincludespresentationandsessionlayerfunctions)generatesamessagethatispasseddowntoatransportlayerprotocol.Theprotocolatthetransportlayerhasitsownpacketstructure,calledaprotocoldataunit(PDU),whichincludesspecializedheaderfieldsandadatafieldthatcarriesthepayload.Inthiscase,thepayloadisthedatareceivedfromtheapplicationlayerprotocol.BypackagingthedatainitsownPDU,thetransportlayerencapsulatestheapplicationlayerdataandthenpassesitdowntothenextlayer.
Figure2-3Theapplicationlayerdataisencapsulatedfortransmissionbytheprotocolsatthelowerlayersinthestack.
ThenetworklayerprotocolthenreceivesthePDUfromthetransportlayerand
![Page 43: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/43.jpg)
encapsulatesitwithinitsownPDUbyaddingaheaderandusingtheentiretransportlayerPDU(includingtheapplicationlayerdata)asitspayload.ThesameprocessoccursagainwhenthenetworklayerpassesitsPDUtothedatalinklayerprotocol,whichaddsaheaderandfooter.Toadatalinklayerprotocol,thedatawithintheframeistreatedaspayloadonly,justaspostalemployeeshavenoideawhatisinsidetheenvelopestheyprocess.Theonlysystemthatreadstheinformationinthepayloadisthecomputerpossessingthedestinationaddress.Thatcomputertheneitherpassesthenetworklayerprotocoldatacontainedinthepayloadupthroughitsprotocolstackorusesthatdatatodeterminewhatthenextdestinationofthepacketshouldbe.Inthesameway,theprotocolsoperatingattheotherlayersareconsciousoftheirownheaderinformationbutareunawareofwhatdataisbeingcarriedinthepayload.
Onceitisencapsulatedbythedatalinklayerprotocol,thecompletedpacket(nowcalledaframe)isthenreadytobeconvertedtotheappropriatetypeofsignalusedbythenetworkmedium.Thus,thefinalpacket,astransmittedoverthenetwork,consistsoftheoriginalapplicationlayerdataplusseveralheadersappliedbytheprotocolsatthesucceedinglayers,asshowninFigure2-4.
Figure2-4Anencapsulatedframe,readyfortransmission
NOTEEachlayermusttranslatedataintoitsspecificformatbeforesendingiton.Therefore,eachlayercreatesitsownPDUtotransmittothenextlayer.Aseachlayerreceivesdata,thePDUofthepreviouslayerisread,andanewPDUiscreatedusingthatlayer’sprotocol.Remember,aPDUisacompletemessage(orpacket)thatincludestheprotocolofthesendinglayer.Atthephysicallayer,youendupwithamessagethatconsistsofallthedatathathasbeenencapsulatedwiththeheadersand/orfootersfromeachofthepreviouslayers.
HorizontalCommunicationsFortwocomputerstocommunicateoveranetwork,theprotocolsusedateachlayeroftheOSImodelinthetransmittingsystemmustbeduplicatedatthereceivingsystem.Whenthepacketarrivesatitsdestination,theprocessbywhichtheheadersareappliedatthesourceisrepeatedinreverse.Thepackettravelsupthroughtheprotocolstack,andeachsuccessiveheaderisstrippedoffbytheappropriateprotocolandprocessed.Inessence,theprotocolsoperatingatthevariouslayerscommunicatehorizontallywiththeircounterpartsintheothersystem,asshowninFigure2-5.
![Page 44: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/44.jpg)
Figure2-5Eachlayerhaslogicalconnectionswithitscounterpartinothersystems.
Thehorizontalconnectionsbetweenthevariouslayersarelogical;thereisnodirectcommunicationbetweenthem.Theinformationincludedineachprotocolheaderbythetransmittingsystemisamessagethatiscarriedtothesameprotocolinthedestinationsystem.
VerticalCommunicationsTheheadersappliedbythevariousprotocolsimplementthespecificfunctionscarriedoutbythoseprotocols.Inadditiontocommunicatinghorizontallywiththesameprotocolintheothersystem,theheaderinformationenableseachlayertocommunicatewiththelayersaboveandbelowit,asshowninFigure2-6.Forexample,whenasystemreceivesapacketandpassesitupthroughtheprotocolstack,thedatalinklayerprotocolheaderincludesafieldthatidentifieswhichnetworklayerprotocolthesystemshouldusetoprocessthepacket.Thenetworklayerprotocolheaderinturnspecifiesoneofthetransportlayerprotocols,andthetransportlayerprotocolidentifiestheapplicationforwhichthedataisultimatelydestined.Thisverticalcommunicationmakesitpossibleforacomputertosupportmultipleprotocolsateachofthelayerssimultaneously.Aslongasapackethasthecorrectinformationinitsheaders,itcanberoutedontheappropriatepaththroughthestacktotheintendeddestination.
![Page 45: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/45.jpg)
Figure2-6EachlayerintheOSImodelcommunicateswiththelayeraboveandbelowit.
EncapsulationTerminologyOneofthemostconfusingaspectsofthedataencapsulationprocessistheterminologyusedtodescribethePDUsgeneratedbyeachlayer.Thetermpacketspecificallyreferstothecompleteunittransmittedoverthenetworkmedium,althoughitalsohasbecomea
![Page 46: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/46.jpg)
generictermforthedataunitatanystageintheprocess.Mostdatalinklayerprotocolsaresaidtoworkwithframesbecausetheyincludebothaheaderandafooterthatsurroundthedatafromthenetworklayerprotocol.ThetermframereferstoaPDUofvariablesize,dependingontheamountofdataenclosed.AdatalinklayerprotocolthatusesPDUsofauniformsize,suchasAsynchronousTransferMode(ATM),issaidtodealincells.
Whentransportlayerdataisencapsulatedbyanetworklayerprotocol,suchastheInternetProtocol(IP)orInternetworkPacketExchange(IPX),theresultingPDUiscalledadatagram.Duringthecourseofitstransmission,adatagrammightbesplitintofragments,eachofwhichissometimesincorrectlycalledadatagram.Theterminologyatthetransportlayerismoreprotocol-specificthanatthelowerlayers.TCP/IP,forexample,hastwotransportlayerprotocols.Thefirst,calledtheUserDatagramProtocol(UDP),alsoreferstothePDUsitcreatesasdatagrams,althoughthesearenotsynonymouswiththedatagramsproducedatthenetworklayer.
WhentheUDPprotocolatthetransportlayerisencapsulatedbytheIPprotocolatthenetworklayer,theresultisadatagrampackagedwithinanotherdatagram.ThedifferencebetweenUDPandtheTransmissionControlProtocol(TCP),whichalsooperatesatthetransportlayer,isthatUDPdatagramsareself-containedunitsthatweredesignedtocontaintheentiretyofthedatageneratedbytheapplicationlayerprotocol.Therefore,UDPistraditionallyusedtotransmitsmallamountsofdata,whileTCP,ontheotherhand,isusedtotransmitlargeramountsofapplicationlayerdatathatusuallydonotfitintoasinglepacket.Asaresult,eachofthePDUsproducedbytheTCPprotocoliscalledasegment,andthecollectionofsegmentsthatcarrytheentiretyoftheapplicationlayerprotocoldataiscalledasequence.ThePDUproducedbyanapplicationlayerprotocolistypicallycalledamessage.Thesessionandpresentationlayersareusuallynotassociatedwithindividualprotocols.Theirfunctionsareincorporatedintootherelementsoftheprotocolstack,andtheydonothavetheirownheadersorPDUs.Allofthesetermsarefrequentlyconfused,anditisnotsurprisingtoseeevenauthoritativedocumentsusethemincorrectly.
NOTEWhileTCPisoftenusedtotransmitdatapacketstoday,thereareinstanceswhereUDPissuitable.Forexample,UDPisusedwhennewerdatawillreplacepreviousdata,suchasinvideostreamingorgaming.Asanotherexampleoftheneedfornewerdata,considerweatherinformationthatmustbeupdatedquicklyduringinclementweather.Also,sinceTCPisaconnection-oriented,streamingprotocol,UDPisthepreferredwaytomulticast(senddataacrossanetworktoseveralusersatthesametime).
ThefollowingsectionsexamineeachofthesevenlayersoftheOSIreferencemodelinturn,thefunctionsthatareassociatedwitheach,andtheprotocolsthataremostcommonlyusedatthoselayers.Asyouproceedthroughthisbook,youwilllearnmoreabouteachoftheindividualprotocolsandtheirrelationshipstotheotherelementsoftheprotocolstack.
ThePhysicalLayer
![Page 47: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/47.jpg)
ThephysicallayeroftheOSImodeldefinestheactualmediumthatcarriesdatafromonecomputertoanother.Thetwomostcommontypesofphysicallayerusedindatanetworkingarecopper-basedelectricalcableandfiber-opticcable.Anumberofwirelessphysicallayerimplementationsuseradiowaves,infraredorlaserlight,microwaves,andothertechnologies.Thephysicallayerincludesthetypeoftechnologyusedtocarrythedata,thetypeofequipmentusedtoimplementthattechnology,thespecificationsofhowtheequipmentshouldbeinstalled,andthenatureofthesignalsusedtoencodethedatafortransmission.
Forexample,formanyyears,themostpopularphysicallayerstandardsusedforlocalareanetworkingwas10Base-TEthernet.Ethernetisprimarilythoughtofasadatalinklayerprotocol.However,aswithmostprotocolsfunctioningatthedatalinklayer,Ethernetincludesspecificphysicallayerimplementations,andthestandardsfortheprotocoldefinetheelementsofthephysicallayeraswell.10Base-TreferredtothetypeofcableusedtoformaparticulartypeofEthernetnetwork.TheEthernetstandarddefined10Base-Tasanunshieldedtwisted-paircable(UTP)containingfourpairsofcopperwiresenclosedinasinglesheath.Today,Ethernetisfoundatmuchfasterspeedssuchas100Base-Trunningat100megabitspersecond,or1000Base-T,whichrunsat1gigabitpersecond.
NOTEThephysicallayerusesthebinarydatasuppliedbythedatalinklayerprotocoltoencodethedataintopulsesoflight,electricalvoltages,orotherimpulsessuitablefortransmissionoverthenetworkmedium.
However,theconstructionofthecableitselfisnottheonlyphysicallayerelementinvolved.ThestandardsusedtobuildanEthernetnetworkalsodefinehowtoinstallthecable,includingmaximumsegmentlengthsanddistancesfrompowersources.Thestandardsspecifywhatkindofconnectorsyouusetojointhecable,thetypeofnetworkinterfacecard(NIC)toinstallinthecomputer,andthetypeofhubyouusetojointhecomputersintoanetworktopology.Finally,thestandardspecifieshowtheNICshouldencodethedatageneratedbythecomputerintoelectricalimpulsesthatcanbetransmittedoverthecable.
Thus,youcanseethatthephysicallayerencompassesmuchmorethanatypeofcable.However,yougenerallydon’thavetoknowthedetailsabouteveryelementofthephysicallayerstandard.WhenyoubuyEthernetNICs,cables,andhubs,theyarealreadyconstructedtotheEthernetspecificationsanddesignedtousethepropersignalingscheme.Installingtheequipment,however,canbemorecomplicated.
PhysicalLayerSpecificationsWhileitisrelativelyeasytolearnenoughaboutaLANtechnologytopurchasetheappropriateequipment,installingthecable(orothermedium)ismuchmoredifficultbecauseyoumustbeawareofallthespecificationsthataffecttheprocess.Forexample,theEthernetstandardspublishedbytheIEEE802.3workinggroupspecifythebasicwiringconfigurationguidelinesthatpertaintotheprotocol’smediaaccesscontrol(MAC)andcollisiondetectionmechanisms.Theserulesspecifyelementssuchasthemaximumlengthofacablesegment,thedistancebetweenworkstations,andthenumberofrepeaters
![Page 48: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/48.jpg)
permittedonanetwork.TheseguidelinesarecommonknowledgetoEthernetnetworkadministrators,buttheserulesalonearenotsufficienttoperformalargecableinstallation.Inaddition,therearelocalbuildingcodestoconsider,whichmighthaveagreateffectonacableinstallation.Forthesereasons,largephysicallayerinstallationsshould,inmostcases,beperformedbyprofessionalswhoarefamiliarwithallofthestandardsthatapplytotheparticulartechnologyinvolved.SeeChapter4formoreinformationonnetworkcablingandcableinstallation.
NOTEThelatestrevisiontotheIEEE802.3“StandardforEthernet”waspublishedinSeptember2012.Itwasamendedto“addressnewmarkets,bandwidthspeeds,andmediatypes”accordingtotheIEEEwebsiteathttp://standards.ieee.org.
NOTECollisiondetectioniswhenonedevice(ornode)onanetworkdeterminesthatdatahas“collided.”Thisissimilartotwopeoplecomingthrougharevolvingdooratthesametime,butinthatcase,onepersoncanseetheotherpersonandstops.Ifonenodehearsadistortedversionofitsowntransmission,thatnodeunderstandsthatacollisionhasoccurredand,justlikethepersonwhostopstoallowtheothertogothroughtherevolvingdoor,thatnodewillstopthetransmissionandwaitforsilenceonthenetworktosenditsdata.
PhysicalLayerSignalingTheprimaryoperativecomponentofaphysicallayerinstallationisthetransceiverfoundinNICs,repeatinghubs,andotherdevices.Thetransceiver,asthenameimplies,isresponsiblefortransmittingandreceivingsignalsoverthenetworkmedium.Onnetworksusingcoppercable,thetransceiverisanelectricaldevicethattakesthebinarydataitreceivesfromthedatalinklayerprotocolandconvertsitintosignalsofvariousvoltages.Unlikealloftheotherlayersintheprotocolstack,thephysicallayerisnotconcernedinanywaywiththemeaningofthedatabeingtransmitted.Thetransceiversimplyconvertszerosandonesintovoltages,pulsesoflight,radiowaves,orsomeothertypeofsignal,butitiscompletelyoblivioustopackets,frames,addresses,andeventhesystemreceivingthesignal.
Thesignalsgeneratedbyatransceivercanbeeitheranalogordigital.Mostdatanetworksusedigitalsignals,butsomeofthewirelesstechnologiesuseanalogradiotransmissionstocarrydata.Analogsignalstransitionbetweentwovaluesgradually,formingthesinewavepatternshowninFigure2-7,whiledigitalvaluetransitionsareimmediateandabsolute.Thevaluesofananalogsignalcanbedeterminedbyvariationsinamplitude,frequency,phase,oracombinationoftheseelements,asinamplitudemodulated(AM)orfrequencymodulated(FM)radiosignalsorinanalogphaselooplock(PLL)circuits.
![Page 49: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/49.jpg)
Figure2-7Analogsignalsformwavepatterns.
Theuseofdigitalsignalsismuchmorecommonindatanetworking,however.Allofthestandardcopperandfiber-opticmediausevariousformsofdigitalsignaling.Thesignalingschemeisdeterminedbythedatalinklayerprotocolbeingused.AllEthernetnetworks,forexample,usetheManchesterencodingscheme,whethertheyarerunningovertwisted-pair,coaxial,orfiber-opticcable.Digitalsignalstransitionbetweenvaluesalmostinstantaneously,producingthesquarewaveshowninFigure2-8.Dependingonthenetworkmedium,thevaluescanrepresentelectricalvoltages,thepresenceorabsenceofabeamoflight,oranyotherappropriateattributeofthemedium.Inmostcases,thesignalisproducedwithtransitionsbetweenapositivevoltageandanegativevoltage,althoughsomeuseazerovalueaswell.Givenastablevoltagewithincircuitspecifications,thetransitionscreatethesignal.
Figure2-8Polarencoding
NOTEDigitalsignalsaresusceptibletovoltagedegradation;adigitalcircuitdesignedfora5-voltapplicationwillmostlikelybehaveerroneouslyifvoltageattenuationresultsinsignalsof3volts,meaningthecircuitwillnownotbeabletodistinguishwhethertherewasatransitioneventsincethesignalisbelowthedesignthreshold.
Figure2-8illustratesasimplesignalingschemecalledpolarsignaling.Inthisscheme,
![Page 50: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/50.jpg)
thesignalisbrokenupintounitsoftimecalledcells,andthevoltageofeachcelldenotesitsbinaryvalue.Apositivevoltageisazero,andanegativevoltageisaone.Thissignalingcodewouldseemtobeasimpleandlogicalmethodfortransmittingbinaryinformation,butithasonecrucialflaw,andthatistiming.Whenthebinarycodeconsistsoftwoormoreconsecutivezerosorones,thereisnovoltagetransitionforthedurationoftwoormorecells.Unlessthetwocommunicatingsystemshaveclocksthatarepreciselysynchronized,itisimpossibletotellforcertainwhetheravoltagethatremainscontinuousforaperiodoftimerepresentstwo,three,ormorecellswiththesamevalue.Rememberthatthesecommunicationsoccuratincrediblyhighratesofspeed,sothetimingintervalsinvolvedareextremelysmall.
Somesystemscanusethistypeofsignalbecausetheyhaveanexternaltimingsignalthatkeepsthecommunicatingsystemssynchronized.However,manydatanetworksrunoverabasebandmediumthatpermitsthetransmissionofonlyonesignalatatime.Asaresult,thesenetworksuseadifferenttypeofsignalingscheme,onethatisself-timing.Inotherwords,thedatasignalitselfcontainsatimingsignalthatenablesthereceivingsystemtocorrectlyinterpretthevaluesandconvertthemintobinarydata.
TheManchesterencodingschemeusedonEthernetnetworksisaself-timingsignalbyvirtueofthefactthateverycellhasavaluetransitionatitsmidpoint.Thisdelineatestheboundariesofthecellstothereceivingsystem.Thebinaryvaluesarespecifiedbythedirectionofthevaluetransition;apositive-to-negativetransitionindicatesavalueofzero,andanegative-to-positivetransitionindicatesavalueofone(seeFigure2-9).Thevaluetransitionsatthebeginningsofthecellshavenofunctionotherthantosetthevoltagetotheappropriatevalueforthemidcelltransition.
Figure2-9TheManchesterencodingscheme
TokenRingnetworksuseadifferentencodingschemecalledDifferentialManchester,whichalsohasavaluetransitionatthemidpointofeachcell.However,inthisscheme,thedirectionofthetransitionisirrelevant;itexistsonlytoprovideatimingsignal.Thevalueofeachcellisdeterminedbythepresenceorabsenceofatransitionatthebeginningofthecell.Ifthetransitionexists,thevalueofthecelliszero;ifthereisnotransition,thevalueofthecellisone(seeFigure2-10).Aswiththemidpointtransition,thedirectionofthetransitionisirrelevant.
![Page 51: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/51.jpg)
Figure2-10TheDifferentialManchesterencodingscheme
TheDataLinkLayerThedatalinklayerprotocolprovidestheinterfacebetweenthephysicalnetworkandtheprotocolstackonthecomputer.Adatalinklayerprotocoltypicallyconsistsofthreeelements:
•Theformatfortheframethatencapsulatesthenetworklayerprotocoldata
•Themechanismthatregulatesaccesstothesharednetworkmedium
•Theguidelinesusedtoconstructthenetwork’sphysicallayer
Theheaderandfooterappliedtothenetworklayerprotocoldatabythedatalinklayerprotocolaretheoutermostonthepacketasitistransmittedacrossthenetwork.Thisframeis,inessence,theenvelopethatcarriesthepackettoitsnextdestinationand,therefore,providesthebasicaddressinginformationneededtogetitthere.Inaddition,datalinklayerprotocolsusuallyincludeanerror-detectionfacilityandanindicatorthatspecifiesthenetworklayerprotocolthatthereceivingsystemshouldusetoprocessthedataincludedinthepacket.
OnmostLANs,multiplesystemsaccessasinglesharedbasebandnetworkmedium.Thismeansthatonlyonecomputercantransmitdataatanyonetime.Iftwoormoresystemstransmitsimultaneously,acollisionoccurs,andthedataislost.Thedatalinklayerprotocolisresponsibleforcontrollingaccesstothesharedmediumandpreventinganexcessofcollisions.
Whenspeakingofthedatalinklayer,thetermsprotocolandtopologyareoftenconfused,buttheyarenotsynonymous.Ethernetissometimescalledatopologywhenthetopologyactuallyreferstothewayinwhichthecomputersonthenetworkarecabledtogether.SomeformsofEthernetuseabustopology,inwhicheachofthecomputersiscabledtothenextoneinadaisy-chainfashion,whilethestartopology,inwhicheachcomputeriscabledtoacentralhub,ismoreprevalenttoday.Aringtopologyisabuswiththeendsjoinedtogether,andameshtopologyisoneinwhicheachcomputerhasacableconnectiontoeveryothercomputeronthenetwork.Theselasttwotypesaremainlytheoretical;LANstodaydonotusethem.TokenRingnetworksusealogicalring,butthe
![Page 52: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/52.jpg)
computersareactuallycabledusingastartopology.Thisconfusionisunderstandablesincemostdatalinklayerprotocolsincludeelementsofthephysicallayerintheirspecifications.Itisnecessaryforthedatalinklayerprotocoltobeintimatelyrelatedtothephysicallayerbecausemediaaccesscontrolmechanismsarehighlydependentonthesizeoftheframesbeingtransmittedandthelengthsofthecablesegments.
AddressingThedatalinklayerprotocolheadercontainstheaddressofthecomputersendingthepacketandthecomputerthatistoreceiveit.Theaddressesusedatthislayerarethehardware(orMAC)addressesthatinmostcasesarehard-codedintothenetworkinterfaceofeachcomputerandrouterbythemanufacturer.OnEthernetandTokenRingnetworks,theaddressesare6byteslong,thefirst3bytesofwhichareassignedtothemanufacturerbytheInstituteofElectricalandElectronicEngineers(IEEE),andthesecond3bytesofwhichareassignedbythemanufacturer.Someolderprotocolsusedaddressesassignedbythenetworkadministrator,butthefactory-assignedaddressesaremoreefficient,insofarastheyensurethatnoduplicationcanoccur.
Thedatalinklayerprotocoldoesthefollowing:
•Providespacketaddressingservices
•Packagesthenetworklayerdatafortransmission
•Arbitratesnetworkaccess
•Checkstransmittedpacketsforerrors
Datalinklayerprotocolsarenotconcernedwiththedeliveryofthepackettoitsultimatedestination,unlessthatdestinationisonthesameLANasthesource.Whenapacketpassesthroughseveralnetworksonthewaytoitsdestination,thedatalinklayerprotocolisresponsibleonlyforgettingthepackettotherouteronthelocalnetworkthatprovidesaccesstothenextnetworkonitsjourney.Thus,thedestinationaddressinadatalinklayerprotocolheaderalwaysreferencesadeviceonthelocalnetwork,eveniftheultimatedestinationofthemessageisacomputeronanetworkmilesaway.
ThedatalinklayerprotocolsusedonLANsrelyonasharednetworkmedium.Everypacketistransmittedtoallofthecomputersonthenetworksegment,andonlythesystemwiththeaddressspecifiedasthedestinationreadsthepacketintoitsmemorybuffersandprocessesit.Theothersystemssimplydiscardthepacketwithouttakinganyfurtheraction.
MediaAccessControlMediaaccesscontrolistheprocessbywhichthedatalinklayerprotocolarbitratesaccesstothenetworkmedium.Inorderforthenetworktofunctionefficiently,eachoftheworkstationssharingthecableorothermediummusthaveanopportunitytotransmititsdataonaregularbasis.Thisiswhythedatatobetransmittedissplitintopacketsinthefirstplace.Ifcomputerstransmittedalloftheirdatainacontinuousstream,theycouldconceivablymonopolizethenetworkforextendedperiodsoftime.
![Page 53: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/53.jpg)
Twobasicformsofmediaaccesscontrolareusedonmostoftoday’sLANs.Thetokenpassingmethod,usedbyTokenRingandFDDIsystems,usesaspecialframecalledatokenthatispassedfromoneworkstationtoanother.Onlythesysteminpossessionofthetokenisallowedtotransmititsdata.Aworkstation,onreceivingthetoken,transmitsitsdataandthenreleasesthetokentothenextworkstation.Sincethereisonlyonetokenonthenetworkatanytime(assumingthatthenetworkisfunctioningproperly),itisn’tpossiblefortwosystemstotransmitatthesametime.
Theothermethod,usedonEthernetnetworks,iscalledCarrierSenseMultipleAccesswithCollisionDetection(CSMA/CD).Inthismethod,whenaworkstationhasdatatosend,itlistenstothenetworkcableandtransmitsifthenetworkisnotinuse.OnCSMA/CDnetworks,itispossible(andevenexpected)forworkstationstotransmitatthesametime,resultinginpacketcollisions.Tocompensateforthis,eachsystemhasamechanismthatenablesittodetectcollisionswhentheyoccurandretransmitthedatathatwaslost.
BothoftheseMACmechanismsrelyonthephysicallayerspecificationsforthenetworktofunctionproperly.Forexample,anEthernetsystemcandetectcollisionsonlyiftheyoccurwhiletheworkstationisstilltransmittingapacket.Ifanetworksegmentistoolong,acollisionmayoccurafterthelastbitofdatahasleftthetransmittingsystemandthusmaygoundetected.Thedatainthatpacketisthenlost,anditsabsencecanbedetectedonlybytheupperlayerprotocolsinthesystemthataretheultimatedestinationsofthemessage.Thisprocesstakesarelativelylongtimeandsignificantlyreducestheefficiencyofthenetwork.Thus,whiletheOSIreferencemodelmightcreateaneatdivisionbetweenthephysicalanddatalinklayers,intherealworld,thefunctionalityofthetwoismorecloselyintertwined.
ProtocolIndicatorMostdatalinklayerprotocolimplementationsaredesignedtosupporttheuseofmultiplenetworklayerprotocolsatthesametime.Thismeansthereareseveralpossiblepathsthroughtheprotocolstackoneachcomputer.Tousemultipleprotocolsatthenetworklayer,thedatalinklayerprotocolheadermustincludeacodethatspecifiesthenetworklayerprotocolthatwasusedtogeneratethepayloadinthepacket.Thisrequirementissothatthereceivingsystemcanpassthedataenclosedintheframeuptotheappropriatenetworklayerprocess.
ErrorDetectionMostdatalinklayerprotocolsareunlikealloftheupperlayerprotocolsinthattheyincludeafooterthatfollowsthepayloadfieldinadditiontotheheaderthatprecedesit.Thisfootercontainsaframechecksequence(FCS)fieldthatthereceivingsystemusestodetectanyerrorsthathaveoccurredduringthetransmission.Todothis,thesystemtransmittingthepacketcomputesacyclicalredundancycheck(CRC)valueontheentireframeandincludesitintheFCSfield.Whenthepacketreachesitsnextdestination,thereceivingsystemperformsthesamecomputationandcomparesitsresultswiththevalueintheFCSfield.Ifthevaluesdonotmatch,thepacketisassumedtohavebeendamagedintransitandissilentlydiscarded.
![Page 54: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/54.jpg)
Thereceivingsystemtakesnoactiontohavediscardedpacketsretransmitted;thisisleftuptotheprotocolsoperatingattheupperlayersoftheOSImodel.Thiserror-detectionprocessoccursateachhopinthepacket’sjourneytoitsdestination.Someupper-layerprotocolshavetheirownmechanismsforend-to-enderrordetection.
TheNetworkLayerThenetworklayerprotocolistheprimaryend-to-endcarrierformessagesgeneratedbytheapplicationlayer.Thismeansthat,unlikethedatalinklayerprotocol,whichisconcernedonlywithgettingthepackettoitsnextdestinationonthelocalnetwork,thenetworklayerprotocolisresponsibleforthepacket’sentirejourneyfromthesourcesystemtoitsultimatedestination.Anetworklayerprotocolacceptsdatafromthetransportlayerandpackagesitintoadatagrambyaddingitsownheader.Likeadatalinklayerprotocolheader,theheaderatthenetworklayercontainstheaddressofthedestinationsystem,butthisaddressidentifiesthepacket’sfinaldestination.Thus,thedestinationaddressesinthedatalinklayerandnetworklayerprotocolheadersmayactuallyrefertotwodifferentcomputers.Thenetworklayerprotocoldatagramisessentiallyanenvelopewithinthedatalinklayerenvelope,andwhilethedatalinklayerenvelopeisopenedbyeverysystemthatprocessesthepacket,thenetworklayerenveloperemainssealeduntilthepacketreachesitsfinaldestination.
Thenetworklayerprotocolprovides
•End-to-endaddressing
•Internetroutingservices
•Packetfragmentationandreassembly
•Errorchecking
RoutingNetworklayerprotocolsusedifferenttypesofaddressingsystemstoidentifytheultimatedestinationofapacket.Themostpopularnetworklayerprotocol,theInternetProtocol(IP),providesitsown32-bitaddressspacethatidentifiesboththenetworkonwhichthedestinationsystemresidesandthesystemitself.
Anaddressbywhichindividualnetworkscanbeuniquelyidentifiedisvitaltotheperformanceofthenetworklayerprotocol’sprimaryfunction,whichisrouting.WhenapackettravelsthroughalargecorporateinternetworkortheInternet,itispassedfromroutertorouteruntilitreachesthenetworkonwhichthedestinationsystemislocated.Properlydesignednetworkshavemorethanonepossibleroutetoaparticulardestination,forfault-tolerancereasons,andtheInternethasmillionsofpossibleroutes.Eachrouterisresponsiblefordeterminingthenextrouterthatthepacketshouldusetotakethemostefficientpathtoitsdestination.Becausedatalinklayerprotocolsarecompletelyignorantofconditionsoutsideofthelocalnetwork,itisleftuptothenetworklayerprotocoltochooseanappropriateroutewithaneyeontheend-to-endjourneyofthepacket,notjustthenextinterimhop.
![Page 55: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/55.jpg)
Thenetworklayerdefinestwotypesofcomputersthatcanbeinvolvedinapackettransmission:endsystemsandintermediatesystems.Anendsystemiseitherthecomputergeneratingandtransmittingthepacketorthecomputerthatistheultimaterecipientofthepacket.Anintermediatesystemisarouterorswitchthatconnectstwoormorenetworksandforwardspacketsonthewaytotheirdestinations.Onendsystems,allsevenlayersoftheprotocolstackareinvolvedineitherthecreationorthereceptionofthepacket.Onintermediatesystems,packetsarriveandtravelupthroughthestackonlyashighasthenetworklayer.Thenetworklayerprotocolchoosesarouteforthepacketandsendsitbackdowntoadatalinklayerprotocolforpackagingandtransmissionatthephysicallayer.
NOTEOnintermediatesystems,packetstravelnohigherthanthenetworklayer.
Whenanintermediatesystemreceivesapacket,thedatalinklayerprotocolchecksitforerrorsandforthecorrecthardwareaddressandthenstripsoffthedatalinkheaderandfooterandpassesituptothenetworklayerprotocolidentifiedbytheEthernet-typefieldoritsequivalent.Atthispoint,thepacketconsistsofadatagram—thatis,anetworklayerprotocolheaderandapayloadthatwasgeneratedbythetransportlayerprotocolonthesourcesystem.Thenetworklayerprotocolthenreadsthedestinationaddressintheheaderanddetermineswhatthepacket’snextdestinationshouldbe.Ifthedestinationisaworkstationonalocalnetwork,theintermediatesystemtransmitsthepacketdirectlytothatworkstation.Ifthedestinationisonadistantnetwork,theintermediatesystemconsultsitsroutingtabletoselecttherouterthatprovidesthemostefficientpathtothatdestination.
Thecompilationandstorageofroutinginformationinareferencetableisaseparatenetworklayerprocessthatisperformedeithermanuallybyanadministratororautomaticallybyspecializednetworklayerprotocolsthatroutersusetoexchangeinformationaboutthenetworkstowhichtheyareconnected.Onceithasdeterminedthenextdestinationforthepacket,thenetworklayerprotocolpassestheinformationdowntothedatalinklayerprotocolwiththedatagramsothatitcanbepackagedinanewframeandtransmitted.WhentheIPprotocolisrunningatthenetworklayer,anadditionalprocessisrequiredinwhichtheIPaddressofthenextdestinationisconvertedintoahardwareaddressthatthedatalinklayerprotocolcanuse.
FragmentingBecauserouterscanconnectnetworksthatusedifferentdatalinklayerprotocols,itissometimesnecessaryforintermediatesystemstosplitdatagramsintofragmentstotransmitthem.If,forexample,aworkstationonaTokenRingnetworkgeneratesapacketcontaining4,500bytesofdata,anintermediatesystemthatjoinstheTokenRingnetworktoanEthernetnetworkmustsplitthedataintofragmentsbetween64and1,518bytesbecause1,518bytesisthelargestamountofdatathatanEthernetframecancarry.
Dependingonthedatalinklayerprotocolsusedbythevariousintermediatenetworks,thefragmentsofadatagrammaybefragmentedthemselves.Datagramsorfragmentsthatarefragmentedbyintermediatesystemsarenotreassembleduntiltheyreachtheirfinaldestinations.
![Page 56: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/56.jpg)
Connection-OrientedandConnectionlessProtocolsTherearetwotypesofend-to-endprotocolsthatoperateatthenetworkandtransportlayers:connection-orientedandconnectionless.Thetypeofprotocolusedhelpstodeterminewhatotherfunctionsareperformedateachlayer.Aconnection-orientedprotocolisoneinwhichalogicalconnectionbetweenthesourceandthedestinationsystemisestablishedbeforeanyupper-layerdataistransmitted.Oncetheconnectionisestablished,thesourcesystemtransmitsthedata,andthedestinationsystemacknowledgesitsreceipt.Afailuretoreceivetheappropriateacknowledgmentsservesasasignaltothesenderthatpacketshavetoberetransmitted.Whenthedatatransmissioniscompletedsuccessfully,thesystemsterminatetheconnection.Byusingthistypeofprotocol,thesendingsystemiscertainthatthedatahasarrivedatthedestinationsuccessfully.Thecostofthisguaranteedserviceistheadditionalnetworktrafficgeneratedbytheconnectionestablishment,acknowledgment,andterminationmessages,aswellasasubstantiallylargerprotocolheaderoneachdatapacket.
Aconnectionlessprotocolsimplypackagesdataandtransmitsittothedestinationaddresswithoutcheckingtoseewhetherthedestinationsystemisavailableandwithoutexpectingpacketacknowledgments.Inmostcases,connectionlessprotocolsareusedwhenaprotocolhigherupinthenetworkingstackprovidesconnection-orientedservices,suchasguaranteeddelivery.Theseadditionalservicescanalsoincludeflowcontrol(amechanismforregulatingthespeedatwhichdataistransmittedoverthenetwork),errordetection,anderrorcorrection.
MostoftheLANprotocolsoperatingatthenetworklayer,suchasIPandIPX,areconnectionless.Inbothcases,variousprotocolsareavailableatthetransportlayertoprovidebothconnectionlessandconnection-orientedservices.Ifyouarerunningaconnection-orientedprotocolatonelayer,thereisusuallynoreasontouseoneatanotherlayer.Theobjectoftheprotocolstackistoprovideonlytheservicesthatanapplicationneeds,andnomore.
TheTransportLayerOnceyoureachthetransportlayer,theprocessofgettingpacketsfromtheirsourcetotheirdestinationisnolongeraconcern.Thetransportlayerprotocolsandallthelayersabovethemrelycompletelyonthenetworkanddatalinklayersforaddressingandtransmissionservices.Asdiscussedearlier,packetsbeingprocessedbyintermediatesystemstravelonlyashighasthenetworklayer,sothetransport-layerprotocolsoperateononlythetwoendsystems.ThetransportlayerPDUconsistsofaheaderandthedataithasreceivedfromtheapplicationlayerabove,whichisencapsulatedintoadatagrambythenetworklayerbelow.
Thetransportlayerprovidesdifferentlevelsofservicedependingontheneedsoftheapplication:
•Packetacknowledgment
•Guaranteeddelivery
•Flowcontrol
![Page 57: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/57.jpg)
•End-to-enderrorchecking
Oneofthemainfunctionsofthetransportlayerprotocolistoidentifytheupper-layerprocessesthatgeneratedthemessageatthesourcesystemandthatwillreceivethemessageatthedestinationsystem.ThetransportlayerprotocolsintheTCP/IPsuite,forexample,useportnumbersintheirheaderstoidentifyupper-layerservices.
ProtocolServiceCombinationsDatalinkandnetworklayerprotocolsoperatetogetherinterchangeably;youcanusealmostanydatalinklayerprotocolwithanynetworklayerprotocol.However,transportlayerprotocolsarecloselyrelatedtoaparticularnetworklayerprotocolandcannotbeinterchanged.Thecombinationofanetworklayerprotocolandatransportlayerprotocolprovidesacomplementarysetofservicessuitableforaspecificapplication.Asatthenetworklayer,transportlayerprotocolscanbeconnectionoriented(CO)orconnectionless(CL).TheOSImodeldocumentdefinesfourpossiblecombinationsofCOandCLprotocolsatthesetwolayers,dependingontheservicesrequired,asshowninFigure2-11.Theprocessofselectingacombinationofprotocolsforaparticulartaskiscalledmappingatransportlayerserviceontoanetworklayerservice.
Figure2-11Anyconfigurationofconnection-orientedandconnectionlessprotocolscanbeused.
Theselectionofaprotocolatthetransportlayerisbasedontheneedsoftheapplicationgeneratingthemessageandtheservicesalreadyprovidedbytheprotocolsatthelowerlayers.TheOSIdocumentdefinesfivetheoreticalclassesoftransportlayerprotocol,asshownhere:
•TP0Thisclassdoesnotprovideanyadditionalfunctionalitybeyondfragmentingandreassemblyfunctions.ThisclassdeterminesthesizeofthesmallestPDUrequiredbyanyoftheunderlyingnetworksandsegmentsasneeded.
•TP1ThisclassperformsthefunctionsofTP0plusprovidingthecapabilitytocorrecterrorsthathavebeendetectedbytheprotocolsoperatingatthelowerlayers.
![Page 58: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/58.jpg)
•TP2Thisclassprovidesfragmentationandreassemblyfunctions,multiplexing,anddemultiplexingandincludescodesthatidentifytheprocessthatgeneratedthepacketandthatwillprocessitatthedestination,thusenablingthetrafficfrommultipleapplicationstobecarriedoverasinglenetworkmedium.
•TP3Thisclassofferserrorrecovery,segmentation,reassembly,multiplexing,anddemultiplexing.ItcombinestheservicesprovidedbyTP1andTP2.
•TP4Thisclassprovidescompleteconnection-orientedservice,includingerrordetectionandcorrection,flowcontrol,andotherservices.Itassumestheuseofaconnectionlessprotocolatthelowerlayersthatprovidesnoneoftheseservices.
ThisclassificationoftransportlayerservicesisanotherplacewherethetheoreticalconstructsoftheOSImodeldiffersubstantiallyfromreality.Noprotocolsuiteincommonusehasfivedifferenttransportlayerprotocolsconformingtotheseclasses.Mostofthesuites,likeTCP/IP,havetwoprotocolsthatbasicallyconformtotheTP0andTP4classes,providingconnectionlessandconnection-orientedservices,respectively.
TransportLayerProtocolFunctionsTheUDPprotocolisaconnectionlessservicethat,togetherwithIPatthenetworklayer,providesminimalservicesforbrieftransactionsthatdonotneedtheservicesofaconnection-orientedprotocol.DomainNameSystem(DNS)transactions,forexample,generallyconsistofshortmessagesthatcanfitintoasinglepacket,sonoflowcontrolisneeded.Atypicaltransactionconsistsofarequestandareply,withthereplyfunctioningasanacknowledgment,sonootherguaranteeddeliverymechanismisneeded.UDPdoeshaveanoptionalerror-detectionmechanismintheformofachecksumcomputationperformedonboththesourceanddestinationsystems.BecausetheUDPprotocolprovidesaminimumofadditionalservices,itsheaderisonly8byteslong,providinglittleadditionalcontroloverheadtothepacket.
TCP,ontheotherhand,isaconnection-orientedprotocolthatprovidesafullrangeofservicesbutatthecostofmuchhigheroverhead.TheTCPheaderis20byteslong,andtheprotocolalsogeneratesalargenumberofadditionalpacketssolelyforcontrolprocedures,suchasconnectionestablishment,termination,andpacketacknowledgment.
SegmentationandReassemblyConnection-orientedtransportlayerprotocolsaredesignedtocarrylargeamountsofdata,butthedatamustbesplitintosegmentstofitintoindividualpackets.Thesegmentationofthedataandthenumberingofthesegmentsarecriticalelementsinthetransmissionprocessandalsomakefunctionssuchaserrorrecoverypossible.Theroutingprocessperformedatthenetworklayerisdynamic;inthecourseofatransmission,itispossibleforthesegmentstotakedifferentroutestothedestinationandarriveinadifferentorderfromthatinwhichtheyweresent.Itisthenumberingofthesegmentsthatmakesitpossibleforthereceivingsystemtoreassemblethemintotheiroriginalorder.Thisnumberingalsomakesitpossibleforthereceivingsystemtonotifythesenderthatspecific
![Page 59: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/59.jpg)
packetshavebeenlostorcorrupted.Asaresult,thesendercanretransmitonlythemissingsegmentsandnothavetorepeattheentiretransmission.
FlowControlOneofthefunctionscommonlyprovidedbyconnection-orientedtransportlayerprotocolsisflowcontrol,whichisamechanismbywhichthesystemreceivingthedatacannotifythesenderthatitmustdecreaseitstransmissionrateorriskoverwhelmingthereceiverandlosingdata.TheTCPheader,forexample,includesaWindowfieldinwhichthereceiverspecifiesthenumberofbytesitcanreceivefromthesender.Ifthisvaluedecreasesinsucceedingpackets,thesenderknowsthatithastoslowdownitstransmissionrate.Whenthevaluebeginstoriseagain,thesendercanincreaseitsspeed.
ErrorDetectionandRecoveryTheOSImodeldocumentdefinestwoformsoferrorrecoverythatcanbeperformedbyconnection-orientedtransportlayerprotocols.Oneisaresponsetosignalederrorsdetectedbyotherprotocolsinthestack.Inthismechanism,thetransportlayerprotocoldoesnothavetodetectthetransmissionerrorsthemselves.Instead,itreceivesnotificationfromaprotocolatthenetworkordatalinklayerthatanerrorhasoccurredandthatspecificpacketshavebeenlostorcorrupted.Thetransportlayerprotocolonlyhastosendamessagebacktothesourcesystemlistingthepacketsandrequestingtheirretransmission.
Themorecommonlyimplementedformoferrorrecoveryatthetransportlayerisacompleteprocessoferrordetectionandcorrectionthatisusedtocopewithunsignalederrors,whichareerrorsthathavenotyetbeendetectedbyothermeans.Eventhoughmostdatalinklayerprotocolshavetheirownerror-detectionandcorrectionmechanisms,theyfunctiononlyovertheindividualhopsbetweentwosystems.Atransportlayererror-detectionmechanismprovideserrorcheckingbetweenthetwoendsystemsandincludesthecapabilitytorecoverfromtheerrorsbyinformingthesenderwhichpacketshavetoberesent.Todothis,thechecksumincludedinthetransportlayerprotocolheaderiscomputedonlyonthefieldsthatarenotmodifiedduringthejourneytothedestination.Fieldsthatroutinelychangeareomittedfromthecalculation.
TheSessionLayerWhenyoureachthesessionlayer,theboundariesbetweenthelayersandtheirfunctionsstarttobecomemoreobscure.Therearenodiscreteprotocolsthatoperateexclusivelyatthesessionlayer.Rather,thesessionlayerfunctionalityisincorporatedintootherprotocols,withfunctionsthatfallintotheprovincesofthepresentationandapplicationlayersaswell.NetworkBasicInput/OutputSystem(NetBIOS)andNetBIOSExtendedUserInterface(NetBEUI)aretwoofthebestexamplesoftheseprotocols.Thesessionlayerprovidesmechanismsbywhichthemessagedialogbetweencomputersisestablished,maintained,andterminated.Forspecificexamplesthatmayfurtherclarify,seetheISO8327standardthatdefinessessionlayerprotocolsandisassumedtobeusedbyvariousIOS8823standardprotocolsinthepresentationlayer.
![Page 60: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/60.jpg)
Theboundarytothesessionlayerisalsothepointatwhichallconcernforthetransmissionofdatabetweentwosystemsistranscended.Questionsofpacketacknowledgment,errordetection,andflowcontrolareallleftbehindatthispointbecauseeverythingthatcanbedonehasbeendonebytheprotocolsatthetransportlayerandbelow.
Thesessionlayerisalsonotinherentlyconcernedwithsecurityandthenetworklogonprocess,asthenameseemstoimply.Rather,theprimaryfunctionsofthislayerconcerntheexchangeofmessagesbetweenthetwoconnectedendsystems,calledadialog.Therearealsonumerousotherfunctionsprovidedatthislayer,whichreallyservesasamultipurpose“toolkit”forapplicationdevelopers.
Theservicesprovidedbythesessionlayerarewidelymisunderstood,andevenatthetimeoftheOSImodel’sdevelopment,therewassomequestionconcerningwhethertheyshouldbeallottedalayeroftheirown.Infact,22differentservicesareprovidedbythesessionlayer,groupedintosubsetssuchastheKernelFunctionUnit,theBasicActivitySubset,andtheBasicSynchronizationSubset.Mostoftheseservicesareofinterestonlytoapplicationdevelopers,andsomeareevenduplicatedasaresultofacompromisethatoccurredwhenthetwocommitteescreatingOSImodelstandardswerecombined.
CommunicationsbetweenthelayersoftheOSIreferencemodelarefacilitatedthroughtheuseofservicerequestprimitives,whicharethetoolsinthetoolkit.Eachlayerprovidesservicestothelayerimmediatelyaboveit.Aprocessatagivenlayertakesadvantageofaserviceprovidedbythelayerbelowbyissuingacommandusingtheappropriateservicerequestprimitive,plusanyadditionalparametersthatmayberequired.Thus,anapplicationlayerprocessissuesarequestforanetworkresourceusingaprimitiveprovidedbythepresentationlayer.Therequestisthenpasseddownthroughthelayers,witheachlayerusingtheproperprimitiveprovidedbythelayerbelow,untilthemessageisreadyfortransmissionoverthenetwork.Oncethepacketarrivesatitsdestination,itisdecodedintoindicationprimitivesthatarepassedupwardthroughthelayersofthestacktothereceivingapplicationprocess.
Thetwomostimportantservicesattributedtothesessionlayeraredialogcontrolanddialogseparation.Dialogcontrolisthemeansbywhichtwosystemsinitiateadialog,exchangemessages,andfinallyendthedialogwhileensuringthateachsystemhasreceivedthemessagesintendedforit.Whilethismayseemtobeasimpletask,considerthefactthatonesystemmighttransmitamessagetotheotherandthenreceiveamessagewithoutknowingforcertainwhentheresponsewasgenerated.Istheothersystemrespondingtothemessagejustsentorwasitsresponsetransmittedbeforethatmessagewasreceived?Thissortofcollisioncasecancauseseriousproblems,especiallywhenoneofthesystemsisattemptingtoterminatethedialogorcreateacheckpoint.Dialogseparationistheprocessofinsertingareferencemarkercalledacheckpointintothedatastreampassingbetweenthetwosystemssothatthestatusofthetwomachinescanbeassessedatthesamepointintime.
DialogControlWhentwoendsystemsinitiateasessionlayerdialog,theychooseoneoftwomodesthatcontrolsthewaytheywillexchangemessagesforthedurationofthesession:eithertwo-
![Page 61: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/61.jpg)
wayalternate(TWA)ortwo-waysimultaneous(TWS)mode.Eachsessionconnectionisuniquelyidentifiedbya196-bytevalueconsistingofthefollowingfourelements:
•InitiatorSS-USERreference
•ResponderSS-USERreference
•Commonreference
•Additionalreference
Oncemade,thechoiceofmodeisirrevocable;theconnectionmustbeseveredandreestablishedinordertoswitchtotheothermode.
InTWAmode,onlyoneofthesystemscantransmitmessagesatanyonetime.Permissiontotransmitisarbitratedbythepossessionofadatatoken.Eachsystem,attheconclusionofatransmission,sendsthetokentotheothersystemusingtheS-TOKEN-GIVEprimitive.Onreceiptofthetoken,theothersystemcantransmititsmessage.
TheuseofTWSmodecomplicatesthecommunicationprocessenormously.Asthenameimplies,inaTWSmodeconnection,thereisnotoken,andbothsystemscantransmitmessagesatthesametime.
NOTERememberthatthereferencestotokensandconnectionsatthesessionlayerhavenothingtodowiththesimilarlynamedelementsinlower-layerprotocols.AsessionlayertokenisnottheequivalentofthetokenframeusedbytheTokenRingprotocol,norisasessionlayerconnectiontheequivalentofatransportlayerconnectionsuchasthatusedbyTCP.Itispossibleforendsystemstoterminatethesessionlayerconnectionwhileleavingthetransportlayerconnectionopenforfurthercommunication.
Theuseofthetokenpreventsproblemsresultingfromcrossedmessagesandprovidesamechanismfortheorderlyterminationoftheconnectionbetweenthesystems.Anorderlyterminationbeginswithonesystemsignalingitsdesiretoterminatetheconnectionandtransmittingthetoken.Theothersystem,onreceivingthetoken,transmitsanydataremaininginitsbuffersandusestheS-RELEASEprimitivetoacknowledgetheterminationrequest.OnreceivingtheS-RELEASEprimitive,theoriginalsystemknowsthatithasreceivedallofthedatapendingfromtheothersystemandcanthenusetheS-DISCONNECTprimitivetoterminatetheconnection.
Thereisalsoanegotiatedreleasefeaturethatenablesonesystemtorefusethereleaserequestofanother,whichcanbeusedincasesinwhichacollisionoccursbecausebothsystemshaveissuedareleaserequestatthesametime,andareleasetokenthatpreventstheoccurrenceofthesecollisionsinthefirstplacebyenablingonlyonesystematatimetorequestarelease.
Allofthesemechanismsare“tools”inthekitthatthesessionlayerprovidestoapplicationdevelopers;theyarenotautomaticprocessesworkingbehindthescenes.Whendesigninganapplication,thedevelopermustmakeanexplicitdecisiontousetheS-TOKEN-GIVEprimitiveinsteadofS-TOKEN-PLEASE,forexample,ortousea
![Page 62: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/62.jpg)
negotiatedreleaseinsteadofanorderlytermination.
DialogSeparationApplicationscreatecheckpointsinordertosavetheircurrentstatustodiskincaseofasystemfailure.ThiswasamuchmorecommonoccurrenceatthetimethattheOSImodelwasdevelopedthanitisnow.Aswiththedialogcontrolprocessesdiscussedearlier,checkpointingisaprocedurethatmustbeexplicitlyimplementedbyanapplicationdeveloperasneeded.
Whentheapplicationinvolvescommunicationbetweentwosystemsconnectedbyanetwork,thecheckpointmustsavethestatusofbothsystemsatthesamepointinthedatastream.Performinganyactivityatpreciselythesamemomentontwodifferentcomputersisnearlyimpossible.Thesystemsmightbeperformingthousandsofactivitiespersecond,andtheirtimingisnowherenearaspreciseaswouldbeneededtoexecuteaspecifictasksimultaneously.Inaddition,theproblemagainarisesofmessagesthatmaybeintransitatthetimethecheckpointiscreated.Asaresult,dialogseparationisperformedbysavingacheckpointataparticularpointinthedatastreampassingbetweenthetwosystems,ratherthanataparticularmomentintime.
WhentheconnectionusesTWAmode,thecheckpointingprocessisrelativelysimple.OnesystemcreatesacheckpointandissuesaprimitivecalledS-SYNC-MINOR.Theothersystem,onreceivingthisprimitive,createsitsowncheckpoint,secureintheknowledgethatnodataisleftintransitatthetimeofsynchronization.Thisiscalledaminorsynchronizationbecauseitworkswithdataflowinginonlyonedirectionatatimeandrequiresonlyasingleexchangeofcontrolmessages.
ItisstillpossibletoperformaminorsynchronizationinTWSmodeusingaspecialtokenthatpreventsbothsystemsfromissuingtheS-SYNC-MINORprimitiveatthesametime.IfitwaspossibletoswitchfromTWStoTWAmodeinmidconnection,theuseofanadditionaltokenwouldnotbenecessary,butmodeswitchingisnotpossible.Thisissomethingthatmanypeoplethinkisamajorshortcominginthesessionlayerspecification.
Inmostcases,systemsusingTWSmodecommunicationsmustperformamajorsynchronization,whichaccountsnotonlyfortrafficthatcanberunninginbothdirectionsbutalsoforexpeditedtraffic.AprimitivecalledS-EXPEDITEDenablesonesystemtotransmittotheotherusingwhatamountstoahigh-speedpipelinethatisseparatefromthenormalcommunicationschannel.Toperformamajorsynchronization,thesysteminpossessionofyetanothertokencalledthemajor/activitytokenissuesaprimitivecalledS-SYNC-MAJORandthenstopstransmittinguntilitreceivesaresponse.However,thesystemissuingthisprimitivecannotcreateitscheckpointyet,asinaminorsynchronization,becausetheremaybetrafficfromtheothersystemcurrentlyintransit.
Onreceivingtheprimitive,theothersystemisabletocreateitsowncheckpointbecauseallofthedataintransithasbeenreceived,includingexpediteddata,whichhastohavearrivedbeforetheprimitive.ThereceivingsystemthentransmitsaconfirmationresponseoverthenormalchannelandtransmitsaspecialPREPAREmessageovertheexpeditedchannel.Thesystemthatinitiatedthesynchronizationprocedurereceivesthe
![Page 63: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/63.jpg)
PREPAREmessagefirstandthentheconfirmation,atwhichtimeitcancreateitsowncheckpoint.
ThePresentationLayerUnlikethesessionlayer,whichprovidesmanydifferentfunctions,thepresentationlayerhasonlyone.Infact,mostofthetime,thepresentationlayerfunctionsprimarilyasapass-throughservice,meaningthatitreceivesprimitivesfromtheapplicationlayerandissuesduplicateprimitivestothesessionlayerbelowusingthePresentationServiceAccessPoint(PSAP)andtheSessionServiceAccessPoint(SSAP).Allofthediscussionintheprevioussectionsaboutapplicationsutilizingsessionlayerservicesactuallyinvolvestheuseofthepass-throughserviceatthepresentationlayerbecauseitisimpossibleforaprocessatanylayeroftheOSImodeltocommunicatedirectlywithanylayerotherthantheoneimmediatelyaboveorbeneathit.Thepresentationlayernegotiatestheuseofatransfersyntaxthatissupportedbybothoftheconnecteddevicessotheendsystemsofdifferenttypescancommunicate.
Whilethebasicfunctionsoftheprimitivesarenotchangedastheyarepasseddownthroughthepresentationlayer,theycanundergoacrucialtranslationprocessthatistheprimaryfunctionofthelayer.Applicationsgeneraterequestsfornetworkresourcesusingtheirownnativesyntax,butthesyntaxoftheapplicationatthedestinationsystemreceivingtherequestmaybedifferentinseveralways.Thesystemsmightalsoimplementencryptionand/orcompressiononthedatatobetransmittedoverthenetwork.
Thistranslationprocessoccursintwophases,oneofwhichrunsatthepresentationlayeroneachsystem.Eachcomputermaintainsanabstractsyntax,whichisthenativesyntaxfortheapplicationrunningonthatsystem,andatransfersyntax,whichisacommonsyntaxusedtotransmitthedataoverthenetwork.Thepresentationlayeronthesystemsendingamessageconvertsthedatafromtheabstractsyntaxtothetransfersyntaxandthenpassesitdowntothesessionlayer.Whenthemessagearrivesatthedestinationsystem,thepresentationlayerconvertsthedatafromthetransfersyntaxtotheabstractsyntaxoftheapplicationreceivingthemessage.Thetransfersyntaxchosenforeachabstractsyntaxisbasedonanegotiationthatoccurswhenapresentationlayerconnectionisestablishedbetweentwosystems.Dependingontheapplication’srequirementsandthenatureoftheconnectionbetweenthesystems,thetransfercontextmayprovidedataencryption,datacompression,orasimpletranslation.
NOTEThepresentationlayerconnectionisnotsynonymouswiththeconnectionsthatoccuratthelowerlayers,noristheredirectcommunicationbetweenthepresentationlayersofthetwosystems.Messagestraveldownthroughtheprotocolstacktothephysicalmediumandupthroughthestackonthereceivertothepresentationlayerthere.
ThesyntaxnegotiationprocessbeginswhenonesystemusestheP-CONNECTprimitivetotransmitasetofpresentationcontexts,whicharepairsofassociatedabstractcontextsandtransfercontextssupportedbythatsystem.Eachpresentationcontextisnumberedusingauniqueodd-numberedintegercalledapresentationcontextidentifier.
![Page 64: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/64.jpg)
Withthismessage,onesystemisessentiallyinformingtheotherofitspresentationlayercapabilities.Themessagemaycontainmultipletransfercontextsforeachabstractcontexttogivethereceivingsystemachoice.
OncetheothersystemreceivestheP-CONNECTmessage,itpassesthepresentationcontextsuptotheapplication-layerprocesses,whichdecidewhichofthetransfercontextssupportedbyeachabstractcontexttheywanttouse.Thereceiverthenreturnsalistofcontextstothesenderwitheitherasingletransfercontextoranerrormessagespecifiedforeachabstractcontext.Onreceiptbytheoriginalsender,thislistbecomesthedefinedcontextset.Errormessagesindicatethatthereceivingsystemdoesnotsupportanyofthetransfercontextsspecifiedforaspecificabstractcontext.Oncethenegotiationprocessiscompleted,thesystemscanproposenewpresentationcontextsforadditiontothedefinedcontextsetorremovecontextsfromthesetusingaprimitivecalledP-ALTER-CONTEXT.
TheApplicationLayerAsthetoplayerintheprotocolstack,theapplicationlayeristheultimatesourceanddestinationforallmessagestransmittedoverthenetwork.Alloftheprocessesdiscussedintheprevioussectionsaretriggeredbyanapplicationthatrequestsaccesstoaresourcelocatedonanetworksystem.Application-layerprocessesarenotnecessarilysynonymouswiththeapplicationsthemselves,however.Forexample,ifyouuseawordprocessortoopenadocumentstoredonanetworkserver,youareredirectingalocalfunctiontothenetwork.Thewordprocessoritselfdoesnotprovidetheapplicationlayerprocessneededtoaccessthefile.Inmostcases,itisanelementoftheoperatingsystemthatdistinguishesbetweenrequestsforfilesonthelocaldriveandthoseonthenetwork.Otherapplications,however,aredesignedspecificallyforaccessingnetworkresources.WhenyourunadedicatedFTPclient,forexample,theapplicationitselfisinseparablefromtheapplicationlayerprotocolitusestocommunicatewiththenetwork.Theapplicationlayerprotocolistheinterfacebetweentheapplicationrunningonthecomputerthatisrequestingtheservicesofthenetworkandtheprotocolstackthatconvertsthatrequestintothetransmittedsignals.
Someoftheotherprotocolsthatarecloselytiedtotheapplicationsthatusethemareasfollows:
•DHCPDynamicHostConfigurationProtocol
•TFTPTrivialFileTransferProtocol
•DNSDomainNameSystem
•NFSNetworkFileSystem
•RIPRoutingInformationProtocol
•BGPBorderGatewayProtocol
NOTETheseprotocolsaresomewhatdifferentfromapplicationsthataredesignedfortheusers,suchaswordprocessorsorspreadsheets.Theseprotocolsareprimarilydesignedtobeusedbythesystems.
![Page 65: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/65.jpg)
Inbetweenthesetwoextremesarenumerousapplicationtypesthataccessnetworkresourcesindifferentwaysandfordifferentreasons.Thetoolsthatmakethataccesspossiblearelocatedintheapplicationlayer.Someapplicationsuseprotocolsthatarededicatedtospecifictypesofnetworkrequests,suchastheSimpleMailTransportProtocol(SMTP)andPostOfficeProtocol(POP3)bothusedfore-mail,theSimpleNetworkManagementProtocol(SNMP)usedforremotenetworkadministration,andtheHypertextTransferProtocol(HTTP)usedforWorldWideWebcommunications.
Asyouhaveseeninthischapter,thebottomfourlayersoftheOSIreferencemodelperformfunctionsthatareeasilydifferentiated,whilethefunctionsofthesession,presentation,andapplicationlayerstendtobleedtogether.Manyoftheapplicationlayerprotocolslistedherecontainfunctionsthatrightlybelongatthepresentationorsessionlayers,butitisimportantnottolettheOSImodelassertitselftooforciblyintoyourperceptionofdatanetworking.Themodelisatoolforunderstandinghownetworksfunction,notaguideforthecreationofnetworkingtechnologies.
![Page 66: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/66.jpg)
PART
![Page 67: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/67.jpg)
II NetworkHardware
CHAPTER3
NetworkInterfaceAdapters
CHAPTER4
NetworkInterfaceAdaptersandConnectionDevices
CHAPTER5
CablingaNetwork
CHAPTER6
WirelessLANs
CHAPTER7
WideAreaNetworks
CHAPTER8
ServerTechnologies
CHAPTER9
DesigningaNetwork
![Page 68: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/68.jpg)
CHAPTER
![Page 69: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/69.jpg)
3 NetworkInterfaceAdapters
Everycomputerthatparticipatesonanetworkmusthaveaninterfacetothatnetwork,usingeitheracableorsomeformofwirelesssignalthatenablesittotransmitdatatotheotherdevicesonthenetwork.Themostcommonformofwirednetworkinterfaceispartofthemainboardandconnectstoanetworkcable,typicallyreferredtoasanetworkinterfacecard(orcontroller),orNICforshort(seeFigure3-1).Alsocalledanetworkinterfaceadapter,thisisnormallyanEthernetconnectionandisusedbysmallandmedium-sizedbusinessesaswellashomenetworkconfigurations.
Figure3-1AtypicalEthernetnetworkcard(photoprovidedbyDsimicatEnglishWikipediaundertheGNUFreeDocumentationLicense)
NICFunctionsThenetworkinterfaceadapter,incombinationwiththenetworkadapterdriver,implementsthedatalinklayerprotocolusedonthecomputer,usuallyEthernet,aswellaspartofthephysicallayer.TheNICalsoprovidesthelinkbetweenthenetworklayerprotocol,whichisimplementedcompletelyintheoperatingsystem,andthenetworkmedium,whichisusuallyacableconnectedtotheNIC.IfyouuseanEthernetNIC,yourconnectionismadewithanEthernetcablewithanRJ-45connection.TheRJ-45connectorlookslikeatelephoneconnection(RJ-11)butislarger.
TheNICanditsdriverperformthebasicfunctionsneededforthecomputertoaccessthenetwork.Theprocessoftransmittingdataconsistsofthefollowingsteps(which,
![Page 70: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/70.jpg)
naturally,arereversedduringpacketreception):
1.DatatransferThedatastoredinthecomputer’smemoryistransferredtotheNICacrossthesystembususingoneofthefollowingtechnologies:directmemoryaccess(DMA),sharedmemory,orprogrammedI/O.
2.DatabufferingTherateatwhichthePCprocessesdataisdifferentfromthetransmissionrateofthenetwork.TheNICincludesmemorybuffersthatitusestostoredatasoitcanprocessanentireframeatonce.
NOTEBandwidthisthetermusedtoindicatespeedcapabilitiesofthephysicaldevicesusedwheninteractingwithanetwork.BasicEthernet,forexample,hasabandwidthof10Mbps,sousinganInternetconnectionfasterthanthatwouldbelargelywastedspeed.FastEthernetreaches100Mbps,usuallyadequateforhomecomputerconnections.GigabitEthernetcanreach1Gbps,and10GigabitEthernetis10Gbps.Evenwirelessconnectionsarelimitedbybandwidth.Wireless802.11bis11Mbps,andWireless-G802.11ghasatopspeedof54Mbps.Wireless-N802.11canreach300Mbps.
3.FrameconstructionTheNICreceivesdatathathasbeenpackagedbythenetworklayerprotocolandencapsulatesitinaframethatconsistsofitsowndatalinklayerprotocolheaderandfooter.Dependingonthesizeofthepacketandthedatalinklayerprotocolused,theNICmayalsohavetosplitthedataintosegmentsoftheappropriatesizefortransmissionoverthenetwork.Forincomingtraffic,theNICreadstheinformationinthedatalinklayerframe,verifiesthatthepackethasbeentransmittedwithouterror,anddetermineswhetherthepacketshouldbepasseduptothenextlayerinthenetworkingstack.lfso,theNICstripsoffthedata1inklayerframeandpassestheencloseddatatothenetworklayerprotocol.
4.MediaaccesscontrolTheNICisresponsibleforarbitratingthesystem’saccesstothesharednetworkmedium,usinganappropriatemediaaccesscontrol(MAC)mechanism.Thisisnecessarytopreventmultiplesystemsonthenetworkfromtransmittingatthesametimeandlosingdatabecauseofapacketcollision.TheMACmechanismisthesinglemostdefiningelementofadatalinklayerprotocol.(TheMACmechanismisnotneededforincomingtraffic.)
5.Parallel/serialconversionThesystembusconnectingtheNICtothecomputer’smainmemoryarraytransmitsdata16or32bitsatatimeinparallelfashion,whiletheNICtransmitsandreceivesdatafromthenetworkserially—thatis,onebitatatime.TheNICisresponsiblefortakingtheparalleldatatransmissionthatitreceivesoverthesystembusintoitsbuffersandconvertingittoaserialbitstreamfortransmissionoutoverthenetworkmedium.Forincomingdatafromthenetwork,theprocessisreversed.
6.Dataencoding/decodingThedatageneratedbythecomputerinbinaryformmustbeencodedinamattersuitableforthenetworkmediumbeforeitcanbe
![Page 71: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/71.jpg)
transmitted,andinthesameway,incomingsignalsmustbedecodedonreceipt.ThisandthefollowingsteparethephysicallayerprocessesimplementedbytheNIC.Foracoppercable,thedataisencodedintoelectricalimpulses;forfiber-opticcable,thedataisencodedintopulsesoflight.Othermediamayuseradiowaves,infraredlight,orothertechnologies.Theencodingschemeisdeterminedbythedatalinklayerprotocolbeingused.7.Datatransmission/receptionTheNICtakesthedataithasencoded,
amplifiesthesignaltotheappropriateamplitude,andtransmitsitoverthenetworkmedium.Thisprocessisentirelyphysicalanddependswhollyonthenatureofthesignalusedonthenetworkmedium.
TheNICalsoprovidesthedatalinklayerhardware(orMAC)addressthatisusedtoidentifythesystemonthelocalnetwork.Mostdatalinklayerprotocolsrelyonaddressesthatarehard-codedintotheNICbythemanufacturer.Inactuality,theMACaddressidentifiesaparticularnetworkinterface,notnecessarilythewholesystem.InthecaseofacomputerwithtwoNICsinstalledandconnectedtotwodifferentnetworks,eachNIChasitsownMACaddressthatidentifiesitonthenetworktowhichitisattached.
Someolderprotocols,suchasARCnet,requiredthenetworkadministratortosetthehardwareaddressmanuallyoneachNIC.Ifsystemswithduplicateaddresseswereonthenetwork,communicationsproblemsresulted.Today,MACaddressesareassignedintwoparts,muchlikeIPaddressesanddomainnames.TheInstituteofElectricalandElectronicEngineers(IEEE)maintainsaregistryofNICmanufacturersandassigns3-byteaddresscodescalledorganizationallyuniqueidentifiers(OUIs)tothemasneeded.
NICFeaturesInadditiontothebasicfunctionalitydescribedthusfar,NICscanhaveavarietyofotherfeatures,dependingonthemanufacturer,protocol,pricepoint,andthetypeofcomputerinwhichthedeviceistobeused.Someofthesefeaturesarediscussedinthefollowingsections.
FullDuplexMostofthedatalinklayerprotocolsthatusetwisted-paircableseparatethetransmittedandreceivedsignalsontodifferentwirepairs.Evenwhenthisisthecase,however,theNICtypicallyoperatesinhalf-duplexmode,meaningthatatanygiventime,itcanbetransmittingorreceivingdata,butnotbothsimultaneously.NICsthatoperateinfull-duplexmodecantransmitandreceiveatthesametime,effectivelydoublingthethroughputofthenetwork(seeFigure3-2).
![Page 72: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/72.jpg)
Figure3-2Full-duplexsystemscantransferdatainbothdirectionsatthesametime,whilehalf-duplexsystemstransferinformationinonedirectionatatime.
WhenaNICisoperatinginfull-duplexmode,itcantransmitandreceivedataatanytime,eliminatingtheneedforamediaaccesscontrolmechanism.Thisalsoeliminatescollisions,whichincreasestheoverallefficiencyofthenetwork.Runningafull-duplexnetworkrequiresmorethanjustNICsthatsupportthisfeature,however.Thehub,switch,router,orotherdevicetowhicheachcomputerconnectsmustalsosupportfull-duplexoperation.
BusMasteringNormally,whendataistransmittedbetweenthecomputer’smemoryandanexpansioncardoverthesystembus,theprocessorfunctionsasthemiddleman,readingdatafromthesourceandtransmittingittothedestination.Thisutilizesprocessorclockcyclesthatcouldotherwiseberunningapplicationsorperformingotherimportanttasks.Anexpansioncardcapableofbusmasteringhasachipsetthatarbitratesthecard’saccesstothebus,eliminatingtheneedforthesystemprocessor’sinvolvementinthetransferofdatatoandfrommemory.BusmasteringNICsenablethecomputertooperatemoreefficientlybecausetheyconservetheprocessorclockcyclesthatwouldotherwisebeexpendedindatatransfers.
ParallelTaskingParallelTaskingisafeaturethatwasdevelopedby3ComCorporationandsubsequentlyimplementedbyotherNICmanufacturers,usingdifferentnames.ThetermdescribesaprocessbywhichtheNICcanbegintotransmitapacketoverthenetworkwhilethedataisstillbeingtransferredtotheNICoverthesystembus.ANICwithoutthiscapabilitymustwaituntilanentirepacketisstoredinitsbuffersbeforeitcantransmit.Today,manyNICsfeatureParallelTaskingII,whichimprovesbusmasteringcommunicationsoverthePeripheralComponentInterconnect(PCI)bus.Previously,aPCINICcouldtransferonly64bytesatatimeduringasinglebusmasteroperation,whichrequireddozensofoperationstotransfereachpacket.ParallelTaskingIIenablestheNICtostreamuptoanentireEthernetpacket’sworthofdata(1,518bytes)duringasinglebusmasteroperation.
![Page 73: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/73.jpg)
Wake-on-LANorWake-on-Wireless-LANToday’sindustrystandard,Wake-on-LAN(WoL)isafeaturethatenablesacomputerto“wake”fromaverylowpowerstate.WoLisanenhancementbuiltintonetworkinterfaceadaptersandcomputermotherboardsthatenablesanadministratortoturnacomputeronfromaremotelocation.Onceturnedon,theadministratorcanperformanynecessarymaintenancetasks.Forthisfeaturetofunction,boththecomputer’smotherboardandtheNICmusthaveathree-pinremotewake-upconnector,whichisconnectedwithacable.Whenthecomputeristurnedoff,itactuallyswitchestoalow-powersleepstateinsteadofbeingcompletelypoweredoff.Whileinthisstate,theNICcontinuouslymonitorsthenetworkforaspecialwake-uppacketthatcanbedeliveredtoitbyadesktopmanagementapplicationrunningonanadministrator’scomputer.
WhentheNICreceivesthepacket,itsignalsthemotherboard,whichinturnswitchesthepowersupplybackintoitsfullpowerstate,effectivelyturningonthecomputer.Oncethecomputerisupandrunning,theadministratorcantakecontrolofthesystemusingwhatevertoolsareavailable.
SelectingaNICWhenyourmainboarddoesnothaveanacceptableNICoryousimplywanttoupgradethebuilt-incard,youneedtoconsiderseveralfactors:
•Thedatalinklayerprotocolusedbythenetwork
•Thetransmissionspeedofthenetwork
•ThetypeofinterfacethatconnectstheNICtothenetwork
•ThetypeofsystembusintowhichyouwillinstalltheNIC
•ThehardwareresourcestheNICrequires
•TheelectricpowertheNICrequires
•TheroleofthecomputerusingtheNIC(serverversusworkstationandhomeversusoffice)
•Appropriatedriveravailability
NOTEThemostcommonnetworkinterfacecardsareaPCI,ISA,orPCMCIAcard.Thekindyouchooselargelydependsonthecomputeryouwillbeinstallingthecardinandwhattypeofinterfacethatcomputeroffers.APCIcardgoesintoaPCIslotofyourcomputerandoperatesatafastspeed.Thisisthemostcommonchoiceformostusers.AnISAcardthatconnectstoacomputer’smotherboardcanbelessexpensivethanaPCIcardbutmayalsobelessreliable.PCMCIAcardsareplacedinanappropriateslotinlaptops.
Thefollowingsectionsexaminethesecriteriaandhowtheycanaffecttheperformance
![Page 74: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/74.jpg)
oftheNICandyournetwork.
ProtocolThedatalinklayerprotocolisthesinglemostdefiningcharacteristicofanetworkinterfaceadapter.ThemostpopularprotocolusedatthedatalinklayerisEthernet,butNICsarealsoavailablethatsupportTokenRing,FDDI,ATM,andothers,aswellasvariationsontheseprotocols.
Allofthecomputersonthenetworkmust,ofcourse,beusingthesamedatalinklayerprotocol,andtheselectionofthatprotocolshouldbeadecisionmadelongbeforeyou’rereadytopurchaseNICs.Thisisbecausealloftheothernetworkhardware,suchascables,hubs,andotherdevices,arealsoprotocolspecific.TheNICyouselectmustalsosupportthetypeofcableorothermediumthenetworkuses,aswellasthetransmissionspeedofthenetwork.YoucanalsoselectEthernetNICsthatsupporttheuseofunshieldedtwisted-pair(UTP),twotypesofcoaxial,orfiber-opticcable,aswellasvarioustypesofwirelesstransmissions.TheseareallaspectsofthenetworkconfigurationthatyoumustconsiderbeforemakingNICpurchases.
TransmissionSpeedSomedatalinklayerprotocolscanrunatdifferentspeeds,andthecapabilityofaNICtosupportthesespeedscanbeanimportantpartofselectingthecorrectproductforyournetwork.Insomeprotocols,anincreaseinspeedhasbeenfullyassimilatedintothetechnology,whileinothers,thefasterversionisstillanoptionalfeature.FastEthernet(runningat100Mbps)has,forallpracticalpurposes,replacedtraditional10MbpsEthernet.SomeoftheFastEthernetNICsmanufacturedtodayarecombinationdevicesthatsupportboth10and100Mbpsoperation,makingitpossibletograduallyupgradeanolderEthernetnetwork.WhentheconnectionisestablishedbetweentheNICandthehub,thedevicesnegotiatethehighestpossiblespeedtheyhaveincommon.
NetworkInterfaceThetypeofcable(orothermedium)thatformsthefabricofthenetworkdeterminesthenetworkinterfaceusedontheNIC.Thenetworkcabletypeistypicallyselectedatthesametimeasthedatalinklayerprotocol,andtheNICsyoupurchasemustsupportthatmedium.Somedatalinklayerprotocolssupportdifferenttypesofcables,andNICsareavailableforeachone,whileotherprotocolsaredesignedtouseonlyonetypeofcable.
Today,youcanchoosetoinstallaNICthatusestheEthernetcablewithanRJ-45connector.ThePCIorPCIExpresscardsrequirethatyouopenthecomputertoinstallthecards.YoucanalsopurchaseUniversalSerialBus(USB)devicesthatsimplyconnecttoyourcomputerataUSBport.
Ethernetalsosupportstheuseoffiber-opticcableinthatitcarriesdatacodedintolightpulsesratherthanintoelectricvoltages.Thecomponentsonafiber-opticNICarethereforesubstantiallydifferentinform(ifnotfunction)fromthoseonacopper-basedEthernetNIC,includingthenetworkinterface,whichisusuallyastraight-tip(ST)connector.FastEthernetcanusefiber-opticcabletorunat100Mbpsoverfarlonger
![Page 75: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/75.jpg)
distancesthananycoppermedium.Becauseofthesetechnologicaldifferences,fiber-opticFastEthernetNICsarenotusuallycombinedwithothertechnologies.Fiber-opticnetworkhardwareisoftenmoreexpensivethancomparablecopper-basedproducts.
BusInterfaceThenetworkinterfaceadapterenablesanetworksystemtotransmitdatafromitsmainmemoryarraytoanoutsidedestination,justlikeaparallelorserialportdoes.Thedatatravelsfromthememorytothenetworkadapteracrossthesystembus,inthesamemanneraswithanyotherexpansioncard,likeagraphicsoraudioadapter.ThetypeofbustheNICusestocommunicatewiththecomputercanaffecttheperformanceofthenetworkconnection,buttheselectionofabustypefortheNICisuniquetoeachcomputer.PCIisthebustypeusedinvirtuallyallofthedesktopcomputerssoldtoday.LaptopsandotherportablesusethePCCardbus(formerlyknownasthePersonalComputerMemoryCardInternationalAssociation,orPCMCIAbus).Oldersystemsusedvariousothertypesofexpansionbuses,suchasVESALocalBus(VLB),MicroChannelArchitecture(MCA),orExtendedIndustryStandardArchitecture(EISA).USBadaptersrequirenointernalinstallation.Yousimplyplugtheadapterintoacomputer’sUSBport,plugthenetworkcableintotheadapter,andinstalltheappropriatedriverforthenewdevice.Noexternalpowerconnectionisneeded;theadapterderivespowerfromthebus.Thismakesforanextremelysimpleinstallation,buttheperformanceofaUSBnetworkadaptercanbeinferiortootherNICs.
Table3-lliststhecharacteristicsofthesebusesandtheirrespectivebusspeed.
Table3-1PCBusTypes,Widths,Speed,andBandwidth
BottlenecksThebustypeselectioncanaffectnetworkperformanceiftheselectedbusisslowenoughtocauseabottleneckinthenetwork.Innetworking,abottleneckoccurswhenoneelementofanetworkconnectionrunsatasignificantlyslowerspeedthanalloftheothers.Thiscancausetheentirenetworktoslowdowntothespeedofitsweakestcomponent,resultinginwastedbandwidthandneedlessexpense.Asanexaggeratedexample,consideranetworkthatconsistsofmodernPCswiththefastprocessors,connectedbyaFastEthernetnetworkrunningat100Mbps.AlloftheworkstationsonthenetworkhaveNICsthatusethePCIbusexceptforthemaindatabaseserver,whichhasanoldISANIC.TheresultofthisisthattheISANICwillprobablybetheslowestcomponentinalloftheworkstation/serverconnectionsandwillbeabottleneckthatpreventstherestoftheequipmentfromachievingitsfullpotential.
![Page 76: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/76.jpg)
Theprocessofidentifyingactualbottlenecksisrarelythisclean-cut.Justbecauseanetworkprotocolrunsat100Mbpsdoesn’tmeanthatdataiscontinuouslytravelingoverthecableatthatspeed,andtherawspeedofaparticularbustypeisnotindicativeofthatactualthroughputrateforthedatageneratedbythesystem.However,itisagoodideatousecommonsensewhenpurchasingNICsandtotrytomaximizetheperformanceofyournetwork.
ISAorPCI?Ifyouhavetodealwiththeolderbustypes,youmayencounterIndustryStandardArchitecture(ISA)cards.Thechoiceformostdesktopsystemsmanufacturedafterabout1995wasbetweenISAandPCI.ForatraditionalEthernetnetworkrunningat10MbpsoraTokenRingnetworkrunningat4or16Mbps,anISANICwasmorethansufficient.Infact,ISANICscanbeperfectlyserviceableon100Mbpsnetworksaswell,atleastforworkstations,becausetheaveragenetworkuserdoesnotrequireanythingapproaching100Mbpsofbandwidthonacontinuousbasis.ThemainreasonfortheISANICbeingthebottleneckinthescenariodescribedearlieristhatitisinstalledintheserver.AserverPCthatishandlingdatarequestsgeneratedbydozensorhundredsofworkstationssimultaneouslynaturallyrequiresmorebandwidththananysingleworkstation.Inaserver,therefore,theuseofthefastestbusavailableisalwaysrecommended.
However,thereisanotherelementtothebustypedecisionthatyoumustconsider,andthatistheavailabilityofexpansionbusslotsinyourcomputers.Obviously,toinstallanetworkinterfacecardintoaPC,itmusthaveafreebusslot.LegacyPCshavevaryingnumbersofPCIandISAslots,andthehardwareconfigurationofthemachinedetermineshowmanyofthoseslots(ifany)arefree.Manyolder“full-featuredcomputers”haveperipheraldevicesinstalledthatoccupymanyofthebusslots.Becauseitispossibleforacardtooccupyaslotwithoutprotrudingthroughthebackofthecomputer,simplylookingattheoutsideofasystemisnotsufficienttodeterminehowmanyfreeslotsthereare.Youmustopenthemachinetocheckforfreeslotsandtodeterminewhichtypesofslotsareavailable.Ifnoslotsareavailable,anexternalnetworkadapterusingtheUSBportmaybeyouronlyrecourse.
Administratorsoflargenetworksoftenpurchaseworkstationsthatdonothaveallthestate-of-the-artfeaturesfoundinmanyhomesystems,whichmayleavemoreslotsfreeforadditionalcomponentssuchasaNIC.Inaddition,PCstargetedatthecorporatemarketaremorelikelytohaveperipheraldevicessuchasaudioandvideoadaptersintegratedintothemotherboard,whichalsocanleavemorefreeslots.However,anofficecomputermayalsouseaslimlineorlow-profilecasedesignthatreducesthenumberofslotstominimizethecomputer’sfootprint.
Eveninlegacysystems,theselectionofthebustypefortheNICshouldbebasedonthenetworkbandwidthrequirementsoftheuserandnotonthetypeofbusslotthecomputerhasfree.However,youmayhavenootherchoicethantoputanISANICinacomputerthatcouldbenefitfromaPCIcardbuthasonlyanISAslotfree.
IntegratedAdapters
![Page 77: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/77.jpg)
Asmentionedearlier,manyPCshaveperipheraldevicesintegratedintothemotherboard.Oneofthesedevicesmaybethenetworkinterfaceadapter.Becauseanintegratednetworkadapterisnotaseparatecard,itcannotrightfullybecalledaNIC,butitdoesperformthesamefunctionasanetworkadapterthatisinstalledintothesystem’sexpansionbus.Althoughtheyreducethedistancethesignalshavetotraveltoreachtheadapterandavoidtheelectricalinterferencethatoccursduringabustransfer,theproblemwithintegratednetworkadaptersisthattheyarenotupgradable.Asystemthathasanintegratednetworkadapterisundernoobligationtouseit.YoucannearlyalwaysdisabletheadapterbygoingthroughthesystemBIOS,bymanipulatingaswitchorjumperonthemotherboard,orsimplybyinstallingaNICintoabusslot.YoumightfindadealonworkstationswiththewrongtypeofintegratednetworkadapterthatisgoodenoughtobeworthbuyingNICsforthecomputersaswell.
Fiber-OpticNICsThefirstconsiderationsforchoosingafiber-opticnetworkcardarenetworktypeandtransmissionrate.Considerthebandwidthneedsoftheserverorworkstation,alongwiththephysicalmediumusedfortransmissiontodeterminethetransmissionrateofthecardyoupurchase.SinceEthernetoffersspeedsthatvarybetween10Mbps,10/100Mbps,1000Mbps,andeven10Gbps,itisusuallybesttochooseacardthatworkswiththelowestcomponentinthenetwork.Forexample,ifyournetworkusesa100Mbpscable,usinga1000Mbpscardwillstillonlyresultin100Mbps.
Also,payattentiontothebustype.ServersandworkstationstypicallyusesomeformofthePCIbus,suchasthePeripheralComponentInterconnectExpress(PCIe)card.Today,mostPCsnolongersupporttheISAconnector,sowhenyoupurchasenetworkcardsforyourPC,donotbuytheoutdatedISAnetworkcard.Instead,chooseacurrentPCIcard.
Remember,youmustalsoconsidertheconnectortypeusedbytheNIC.Thenetworkcardneedstobeconnectedwiththenetwork,soitmusthaveafiber-opticconnectortolinkwithothercomputernetworkequipment.
PortableSystemsNetworkinterfaceadaptersforlaptopsandotherportablesystemstaketheformofPCCardBusNICsorUSB-connectedadapters.Assuch,considerthespeedofthenetworkwithwhichyouwillbeconnecting,aswellasthepriceandreliabilityofthedeviceyouchoose.
HardwareResourceRequirementsInadditiontoabusslotoranavailableUSBport,acomputermusthavetheappropriatehardwareresourcesfreetosupportaNIC.Anetworkinterfaceadapterrequiresafreeinterruptrequestline(IRQ)andusuallyeitheranI/Oportaddress,amemoryaddress,orboth.WhenevaluatingNICs,youmusttakeintoaccountboththeresourcerequirementsoftheNICandtheresourcesavailableonthecomputer.OnaPCwithalotofperipheraldevicesalreadyinstalled,mostoftheIRQsmayalreadybeinuse,andaddingaNICmay
![Page 78: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/78.jpg)
bedifficult.ThisisbecauseaNICmaybeabletouseonlyaselectfewofthesystem’sIRQs,andifallofthoseIRQsareoccupied,thecardcannotfunction.Twodevicesconfiguredtousethesameresourcewillsometimesconflict,causingbothtomalfunction.Insomecases,however,it’spossiblefortwodevicestoshareanIRQ.TofreeuponeoftheIRQsusablebytheNIC,youmayhavetoconfigureanotherdevicetouseadifferentIRQ.Thus,youhavetoconsidernotonlythenumberofavailableIRQsonthecomputerbutalsowhichonesareavailable.Thesameistruefortheotherresourcesrequiredbythecard.
ManyolderNICssupportedonlytwoorthreeIRQsandotherresources,andconfiguringthedevicesinthecomputerwasamanualtrial-and-errorprocess.Systemadministratorscouldspendhourstryingdifferentcombinationsofhardwaresettingsforthecomponentsinasinglecomputerbeforefindingonethatenabledallofthedevicestofunctionsimultaneously.Today,however,NICsaregenerallymoreflexibleandsupportawiderrangeofresourcesettings.Inaddition,theBIOSandtheoperatingsystemofamodernPChavefeaturesthatsimplifytheprocessofconfiguringperipheraldevicestoworktogether.
Plug-and-play,whenitfunctionsproperly,eliminatestheneedtoworryabouthardwareresourceconfigurationforperipheraldevices.WhenasystemhasaBIOS,anoperatingsystem,andhardwarethatallsupporttheplug-and-playstandard,thecomputerassignshardwareresourcestoeachdevicedynamicallywhenthesystemstarts.Whenplug-and-playisnotsupportedforaparticulardevicesuchasaNIC,operatingsystems(suchasMicrosoftWindows)providetoolsthatcanidentifythefreeresourcesinthemachineandindicatewhethertheNIC’scurrentconfigurationconflictswithanyotherdevicesinthesystem.
Thus,whenselectingNICs,youshouldbeconsciousofthehardwareresourcesinuseonthecomputersthatwillusethem.WhenusingNICsandcomputersofrecentmanufacture,thisisrarelyaproblem.However,acomputerwithalotofinstalledperipheralsmaybeunabletosupportanadditionalcardwithoutremovingoneoftheexistingcomponents.Inothercases,youmayhavetoreconfigureotherdevicestosupporttheadditionofaNIC.MostNICmanufacturerspublishspecificationsheets(oftenavailableontheirwebsites)thatlistthehardwareresourcestheirNICscanuse.BycomparingthisinformationtothecurrentconfigurationofaPC,youcandeterminewhetherthecomputerhastheresourcestosupporttheNIC.
PowerRequirementsThepowersuppliesintoday’scomputersusuallyprovidemorethanenoughvoltagetosupportafullloadofexpansioncardsandotherinternalperipherals.However,ifyou’rerunningasystemwithalargenumberofinternaldevices,youmaywanttocomparethepowerloadincurredbythesedeviceswiththevoltagefurnishedbythecomputer’spowersupplybeforeyouinstallaNIC.Becausethepowerdrainofmechanicaldrivesvariesdependingonhowoftenandhowheavilythey’reused,asystemputtingoutinsufficientpowertosupportitshardwareloadmayexperienceintermittentproblemsthataredifficulttodiagnose.Whatmayseemtobeafaultydrivemay,infact,betheeffectofaninsufficientpowersupplyforthehardware.
![Page 79: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/79.jpg)
Servervs.WorkstationNICsTheNICsinserversandworkstationsperformthesamebasicfunctions,andyettherearecardsonthemarketthataretargetedspecificallyforuseinservers.SomeoftheseNICsuseprotocols,suchasGigabitEthernet,thatareintendedprimarilyforserversbecausetheircostandcapabilitiesmakethemimpracticalforuseindesktopworkstations.Others,however,areNICsthatusestandardprotocolsbutthatcontainadditionalfeaturestomakethemmoreusefulinservers.Naturally,theseextrafeaturesdrivethepriceoftheNICupconsiderably,anditisuptoyoutodecidewhethertheyareworththeextraexpense.
Today,serverNICsaremoresophisticatedandperformmanyfunctions.AdvancessuchasflexibleLANsonmotherboard(LOMs)andsmartNICscanusetheirownonboardprocessorstoprovidefunctionalitiessuchasencryption/decryption,firewall,TCP/IPoffloadengine(TOE),iSCSI,andremotedirectmemoryaddress.UnderstandingthesecontemporaryNICtechnologiesiscriticalintheadventofvirtualizationandcloudcomputing.
![Page 80: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/80.jpg)
CHAPTER
![Page 81: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/81.jpg)
4 NetworkInterfaceAdaptersandConnectionDevices
Originally,LANsconsistedofnothingmorethancomputersandcables,butasthetechnologyevolved,moreequipmentwasrequired.Astheearlycoaxialcablenetworksgrewtospanlongerdistances,devicescalledrepeaterswereaddedtoboostthesignals.Later,whenthedominantmediumforEthernetnetworksshiftedfromcoaxialtounshieldedtwisted-pair(UTP)cable,hubsbecameanessentialnetworkcomponent.Asnetworksgrewfromtoolsforlocalizedworkgroupstocompanywideresources,componentssuchasbridges,switches,androutersweredevelopedinordertocreatelargernetworks.Usingthesedevicesmakesitpossibletobuildnetworksthatspanlongerdistances,supportmorecomputers,andprovideincreasedbandwidthforeachsystemonthenetwork.Thischapterexaminesthefunctionsofthesedevicesandhowyoucanintegratethemintoyournetworkinfrastructure.
Today,awidevarietyofdevicesareusedinnetworking.Manyofthefollowingitemsareconsideredlegacydevices,inthattheyarenolongerusedinnetworksbuilttoday.However,youmaystillencountertheminoldersystems.
RepeatersAsasignaltravelsoveracable,thenaturalresistanceofthemediumcausesittograduallyweakenuntilitisnolongerviable.Thelongerthecable,theweakerthesignalgets.Thisweakeningiscalledattenuation,anditisaproblemthataffectsalltypesofcabletosomedegree.Theeffectofattenuationisdependentonthetypeofcable.Coppercable,forexample,ismuchmorepronetoattenuationthanfiber-opticcable.Thisisonereasonwhyfiber-opticcablesegmentscanbemuchlongerthancopperones.
WhenbuildingaLAN,thestandardforthedatalinklayerprotocolyouintendtousecontainsspecificationsforthetypesofcableyoucanuseandtheguidelinesforinstallingthem.Theseguidelinesinclude,amongotherthings,theminimumandmaximumlengthsforthecablesconnectingthecomputers.Thecable’sattenuationrateisoneofthemostimportantfactorsaffectingthemaximumcablelength.Whenyouhavetorunacableacrossalongerdistancethanisspecifiedinthestandard,youcanusearepeatertoamplifythesignal,enablingittotravelgreaterdistanceswithoutattenuatingtothepointofbeingunreadablebythedestinationsystem.Initssimplestform,arepeaterisanelectricaldeviceusedonacopper-basednetworkthatreceivesasignalthroughonecableconnection,amplifiesit,andtransmitsitoutthroughanotherconnection.
RepeaterswerefirstusedindatanetworkingtoexpandthelengthofcoaxialcablesegmentsonEthernetnetworks.Onacoaxialnetwork,suchasathinorthickEthernetLAN,astand-alonerepeaterenablesyoutoextendthemaximumbuslengthpast185meters(forthinEthernet)or500meters(forthickEthernet).ThistypeofrepeaterissimplyasmallboxwithtwoBNCconnectorsonitandapowercable.UsingTconnectors
![Page 82: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/82.jpg)
andterminators,youconnecttwocablesegmentstotherepeaterandtherepeatertoapowersource.Signalsenteringeitheroneofthetwoconnectorsareimmediatelyamplifiedandtransmittedoutthroughtheotherconnector.Onmostnetworkstoday,itisraretoseeastand-alonerepeaterbecausethisfunctionisbuiltintoanotherdevice,suchasahuboraswitch.
Becauseitsfunctionispurelyelectrical,thistypeofrepeaterfunctionedatthenetwork’sphysicallayeronly.Therepeatercannotreadthecontentsofthepacketstravelingoverthenetworkorevenknowthattheyarepackets.Thedevicesimplyamplifiedtheincomingelectricalsignalsandpassedthemon.Repeatersarealsoincapableofperforminganysortoffiltrationonthedatatravelingoverthenetwork.Asaresult,twocablesegmentsjoinedbyarepeaterformasinglecollisiondomainandthereforeasinglenetwork.
HubsAhubisadevicethatfunctionsasthecablingnexusforanetworkthatusesthestartopology.Eachcomputerhasitsowncablethatconnectstothecentralhub.Theresponsibilityofthehubistoseetoitthattrafficarrivingoveranyofitsportsispropagatedoutthroughtheotherports.Dependingonthenetworkmedium,ahubmightuseelectricalcircuitry,opticalcomponents,orothertechnologiestodisseminatetheincomingsignaloutamongtheoutgoingports.Afiber-optichub,forexample,actuallyusesmirrorstosplitthelightimpulses.
Thehubitselfisabox,eitherfreestandingorrack-mounted,withanumberofportstowhichthecablesconnect.TheportscanbethestandardRJ-45connectorsusedbytwisted-pairnetworks,STconnectorsforfiber-opticcable,oranyothertypeofconnectorusedonastarnetwork.Inmanycases,hubsalsohaveoneormoreLEDsforeachportthatlightuptoindicatewhenadeviceisconnectedtoit,whentrafficispassingthroughtheport,orwhenacollisionoccurs.
ThetermhuborconcentratorisusedprimarilyinreferencetoEthernetnetworks;theequivalentdeviceonaTokenRingnetworkiscalledamultistationaccessunit(MAU).Otherprotocolstypicallyuseoneortheotheroftheseterms,dependingonthemediaaccesscontrol(MAC)mechanismtheprotocoluses.TheinternalfunctionsofhubsandMAUsareverydifferent,buttheyservethesamebasicpurpose:toconnectacollectionofcomputersandotherdevicesintoasinglecollisiondomain.
PassiveHubsUnlikestand-alonerepeaters,whichwereallessentiallythesame,manydifferenttypesofhubsexistwithdifferentcapabilities.Atitssimplest,ahubsuppliescableconnectionsbypassingallthesignalsenteringthedevicethroughanyportoutthroughalltheotherports.Thisisknownasapassivehubbecauseitoperatesonlyatthephysicallayer,hasnointelligence,anddoesnotamplifyormodifythesignalinanyway.ThistypeofhubwasatonetimeusedonARCnetnetworks,butitisalmostneverusedonnetworkstoday.
Repeating,Active,andIntelligentHubs
![Page 83: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/83.jpg)
ThehubsusedonEthernetnetworkspropagatedreceivedsignalsthroughanyoftheirportsoutthroughalloftheotherportsinthedevicesimultaneously.Thiscreatesasharednetworkmediumandjoinsthenetworkedcomputersintoasinglecollisionandbroadcastdomain,justasiftheywereconnectedtothesamecable,asonacoaxialEthernetnetwork.Ethernethubsalsosupplyrepeatingfunctionalitybyamplifyingtheincomingsignalsastheypropagatethemtotheotherports.Infact,Ethernethubsweresometimesreferredtoasmultipointrepeaters.Unlikeapassivehub,arepeating(oractive)hubrequiresapowersourcetoboostthesignal.Thedevicestilloperatesatthephysicallayer,however,becauseitdealsonlywiththerawsignalstravelingoverthecables.
Somehubsgobeyondrepeatingandcanrepairandretimethesignalstosynchronizethetransmissionsthroughtheoutgoingports.Thesehubsuseatechniquecalledstoreandforward,whichinvolvesreadingthecontentsofthepacketstoretransmitthemoverindividualportsasneeded.Ahubwiththesecapabilitiescanlowerthenetworkperformanceforthesystemsconnectedtoitbecauseofprocessingdelays.Atthesametime,packetlossisdiminished,andthenumberofcollisionsisreduced.
AnEthernethubconnectsallofyourcomputersintoasinglecollisiondomain,whichisnotaproblemonasmallnetwork.Largernetworksconsistofmultiplenetworksegmentsconnectedbyothertypesofdevices,suchasbridges,switches,orrouters.BecauseanEthernethubalsofunctionsasarepeater,eachofthecablesconnectingthehubtoacomputercanbethemaximumlengthallowedbytheprotocolstandard.ForEthernetrunningonUTPcable,themaximumlengthis100meters.
UsingmultiplehubsonasingleLANispossiblebyconnectingthemtogethertoformahierarchicalstarnetwork,asshowninFigure4-1.Whenyoudothisusingstandardrepeatinghubs,allthecomputersremaininthesamecollisiondomain,andyoumustobservetheconfigurationguidelinesforthedatalinklayerprotocolusedonthenetwork.Justaswiththestand-alonerepeatersdiscussedearlierinthischapter,thepathbetweenanytwomachinesona10MbpsEthernetnetworkcannotincludemorethanfourrepeaters(hubs).FastEthernetnetworkstypicallysupportonlytwohubs.
Figure4-1Thisstarnetworkusesmultiplehubstoexpandthecollisiondomain.
![Page 84: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/84.jpg)
Intelligenthubsareunitsthathavesomeformofintegratedmanagementcapability.Abasicrepeatinghubisessentiallyanelectricaldevicethatpropagatesincomingpacketstoallavailableportswithoutdiscrimination.Intelligenthubsdothesamething,buttheyalsomonitortheoperationofeachport.Themanagementcapabilitiesvarywidelybetweenproducts,butmanyintelligenthubsusetheSimpleNetworkManagementProtocol(SNMP)tosendinformationtoacentralizednetworkmanagementconsole.OtherdevicesmightuseaterminaldirectlyconnectedtothehuboranHTMLinterfaceeasilyaccessedfromtheInternetfromanywhereonthenetwork.
Theobjectofthemanagementcapabilityistoprovidethenetworkadministratorwithacentralizedsourceofinformationaboutthehubsandthesystemsconnectedtothem.Thiseliminatestheneedforthestaffsupportingalargenetworktogorunningtoeachwiringclosetlookingforthehuborsystemcausingaproblem.Themanagementconsoletypicallydisplaysagraphicalmodelofthenetworkandalertstheadministratorwhenaproblemorfailureoccursonanysystemconnectedtothehub.
Onsmallernetworks,thiscapabilityisn’tneeded,butwhenyou’remanaginganenterprisenetworkwithhundredsorthousandsofnodes,atechnologythatcantellyouexactlywhichoneofthehubportsismalfunctioningcanbehelpful.Thedegreeofintelligencebuiltintoahubvariesgreatlywiththeproduct.Mostdeviceshavesufficientintelligencetogobeyondthedefinitionofahubandprovidebridging,switching,orroutingfunctions.
CollisionDomainsandBroadcastDomainsAcollisiondomainisagroupofcomputersconnectedbyanetworksothatifanytwocomputerstransmitatthesametime,acollisionbetweenthetransmittedpacketsoccurs,causingthedatainthepacketstobedamaged.Thisisincontrasttoabroadcastdomain,whichisagroupofcomputersnetworkedtogetherinsuchawaythatifonecomputergeneratesabroadcasttransmission,alloftheothercomputersinthegroupreceiveit.Thesetwoconceptsarethetestsusedtodefinethefunctionalityofnetworkconnectiondevices(suchasrepeaters,hubs,bridges,switches,androuters)andareusedrepeatedlyinthischapter.Otherfactorsbesidesattenuationlimitthemaximumdistanceanetworksignalcantravel.OnanEthernetnetwork,forexample,thefirstbitofapacketbeingtransmittedbyonecomputermustreachalltheothercomputersonthelocalnetworkbeforethelastbitistransmitted.Therefore,youcannotextendanetworksegmentwithoutlimitbyaddingmultiplerepeaters.A10MbpsEthernetnetworkcanhaveuptofivecablesegmentsconnectedbyfourrepeaters.FastEthernetnetworksaremorelimited,allowingamaximumofonlytworepeaters.
TokenRingMAUsTokenRingnetworksusehubsaswell,althoughtheycallthemmultistationaccessunits.WhiletheMAU,toallexternalappearances,performsthesamefunctionasanEthernethub,itsinternalworkingsarequitedifferent.Insteadofpassingincomingtraffictoalltheotherportsatonetime,likeinanEthernethub,theMAUtransmitsanincomingpacket
![Page 85: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/85.jpg)
outthrougheachportinturn,oneatatime.Aftertransmittingapackettoaworkstation,theMAUwaitsuntilthatpacketreturnsthroughthesameportbeforeittransmitsitoutthenextport.Thisimplementsthelogicalringtopologyfromwhichtheprotocolgetsitsname.
MAUscontainswitchesthatenablespecificportstobeexcludedfromtheringintheeventofafailureofsomekind.Thispreventsamalfunctioningworkstationfromdisturbingthefunctionalityoftheentirering.MAUsalsohavering-inandring-outportsthatyoucanusetoenlargetheringnetworkbyconnectingseveralMAUs.
NOTESeeChapter12formoreinformationonnetworkprotocols.
HubConfigurationsHubsareavailableinawidevarietyofsizesandwithmanydifferentfeatures,rangingfromsmall,simpledevicesdesignedtoserviceahandfulofcomputerstohugerack-mountedaffairsforlarge,enterprisenetworks.Hubdesignsfallintothreecategories,asfollows:
•Stand-alonehubs
•Stackablehubs
•Modularhubs
Astand-alonehubisausuallyasmallboxaboutthesizeofapaperbackbookthathasanywherefrom4to16portsinit.Asthenameimplies,thedeviceisfreestanding,hasitsownpowersource,andcaneasilyfitonorunderadesk.Four-orfive-porthubscanworkforhomenetworksorforprovidingquick,adhocexpansionstoalargernetwork.LargerunitscansupportmoreconnectionsandoftenhaveLEDsthatindicatethepresenceofalinkpulsesignalontheconnectedcableand,possibly,theoccurrenceofacollisiononthenetwork.
Despitethename,astand-alonehubusuallyhassomemechanismforconnectingwithotherhubstoexpandthenetworkwithinthesamecollisiondomain.Thefollowingsectionsexaminehowthemostcommonmechanismsareusedforthispurpose.
TheUplinkPortThecablesusedonatwisted-pairnetworkarewiredstraightthrough,meaningthateachoftheeightpinsontheRJ-45connectorononeendofthecableiswiredtothecorrespondingpinontheotherend.UTPnetworksuseseparatewirepairswithinthecablefortransmittingandreceivingdata.ForaUTPconnectionbetweentwocomputerstofunction,however,thetransmitcontactsoneachsystemmustbeconnectedtothereceivecontactsontheother.Therefore,acrossovermustexistsomewhereintheconnection,andtraditionallythisoccursinthehub,asshowninFigure4-2.Thepinsineachofahub’sportsareconnectedtothoseofeveryotherportusingcrossovercircuitsthattransposethetransportdata(TD)andreceivedata(RD)signals.Withoutthiscrossovercircuit,thetransmitcontactsonthetwosystemsareconnected,asarethereceivecontacts,preventing
![Page 86: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/86.jpg)
anycommunicationfromtakingplace.
Figure4-2Hubsthatcontaincrossovercircuitsallowcablestobewiredstraightthrough.
NOTESeemoreinformationoncablinginChapter5.Manyhubshaveaportthatbypassesthecrossovercircuit,whichyoucanuseto
connecttoanotherhub.Thisportistypicallylabeleduplinkandmayormaynothaveaswitchthatenablesyoutospecifywhethertheportshouldbecrossedoverorwiredstraightthrough.lfyouhavemorethanonehubonyoursystem,youconnectthemusingtheuplinkportononehubonlyandastandardportontheother.lfyouconnecttwohubsusingtheuplinkportsonbothdevices,thetwocrossoverswouldcanceleachotherout,andtheconnectionbetweenacomputerattachedtoonehubandacomputerattachedtotheotherwouldbetheequivalentofastraight-throughconnection.Ifahubdoesnothaveanuplinkport,youcanstillconnectittoanotherhubusingastandardportandacrossovercable,whichisacablethathasthetransmitpinsoneachendwireddirectlytothereceivepinsontheotherend.Youtypicallyusetheuplinkporttoconnecthubswhenthey’relocatedsomedistanceawayfromeachotherandyouwanttousethesamecablemediumthroughoutthenetwork.Whenyouareevaluatinghubs,beingawareofjusthowmanyhubportsareavailableforworkstationconnectionsisimportant.Adeviceadvertisedasaneight-porthubmayhavesevenstandardportsandoneuplinkport,leavingonlysevenconnectionsforcomputers.Nomatterwhatthesizeofthenetwork,purchasinghubswithafewportsmorethanyouneedrightnow,forexpansionpurposes,isalwaysagoodidea.
Whenyouhaveseveral10Base-TEthernethubsconnectedinahierarchicalstartopologyusingtheiruplinkports,eachlengthofcableisaseparatesegment.BecausetheEthernetguidelinesallowthepathfromonesystemtoanothertotravelacrossonlyfivesegments,connectedbyfourrepeaters,youarelimitedtofourhubsonanyparticularLAN.
Asyouexpandthistypeofnetworkfurther,youmayrunintoanotherEthernetlimitationnotyetmentioned.Thebusconnectingthehubsiscalledamixingsegmentbecauseithasmorethantwodevicesconnectedtoit.Asegmentthatconnectsonlytwodevices,suchastheUTPcableconnectinghubsthroughtheuplinkport,iscalledalinksegment.Ofthefivesegmentspermittedona10BaseTLAN,onlythreeofthesecanbemixingsegments.Thisguideline,statingthatyoucanconnectuptofivesegmentsusingfourrepeatersandthatnomorethanthreeofthesegmentscanbemixingsegments,isknownastheEthernet5-4-3rule.
StackableHubsAsyoumoveupthescaleofhubsizeandcomplexity,youfindunitscalledstackablehubsthatprovidegreaterexpandability.Asthenameimplies,thesehubshavecasesdesignedto
![Page 87: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/87.jpg)
stackoneontopoftheother,butthisisnottheonlydifference.Unlikestand-alonehubs,whichcanbelocatedindifferentroomsorfloorsandstillconnectedtogether,stackablehubsaretypicallylocatedinadatacenterorwiringclosetandareconnectedtogetherwithshortcables.
Whenyouconnectstackablehubs,theyformwhatisfunctionallyasinglelargerhub.Thecablesconnectingtheunitsdonotformseparatesegments,soyoucanhavemorethanfourhubsinterconnected.Inaddition,thesedevicescansharetheircapabilities.Asingleintelligenthubunitcanmanageitsownports,aswellasthoseofalltheotherunitsinthearray.
Stackablehubshavetheirownpowersuppliesandcanfunctionindependently,thusprovidingamuchmoreexpandableenvironmentthanstand-alonehubs.Youcanstartwithasingleunit,withoutincurringthemajorexpenseofachassis(likethatusedbymodularhubs),andconnectadditionalunitsasthenetworkgrows.
ModularHubsModularhubsaredesignedtosupportthelargernetworksandprovidethegreatestamountofexpandabilityandflexibility.Amodularhubconsistsofachassisthatisnearlyalwaysmountedinastandard19-inchequipmentrackandcontainsseveralslotsintowhichyouplugindividualcommunicationsmodules.Thechassisprovidesacommonpowersourceforallthemodules,aswellasaback-planethatenablesthemtocommunicatewitheachother.Themodulescontaintheportstowhichyouconnectthecomputercables.Whenyouplugmultiplemodulesintothechassis,theybecome,ineffect,asinglelargehub.
BridgesAbridgeisanotherdeviceusedtoconnectLANcablesegments,butunlikehubs,bridgesoperateatthedatalinklayeroftheOSImodelandareselectiveaboutthepacketsthatpassthroughthem.Repeatersandhubsaredesignedtopropagateallthenetworktraffictheyreceivetoalloftheconnectedcablesegments.Abridgehastwoormorenetworkinterfaces(completewiththeirownMACaddresses)withtheirportsconnectedtodifferentcablesegmentsandoperatinginpromiscuousmode.
NOTEIfacomputerisinpromiscuousmode,itcouldmeanthenetworkorthatcomputerhasbeenaccessedillegally.
Promiscuousmodemeansthattheinterfacesreceiveallofthepacketstransmittedontheconnectedsegments.Aseachpacketentersthebridge,thedevicereadsitsdestinationaddressinthedatalinklayerprotocolheaderand,ifthepacketisdestinedforasystemonanothersegment,forwardsthepackettothatsegment.lfthepacketisdestinedforasystemonthesegmentfromwhichitarrived,thebridgediscardsthepacketbecauseithasalreadyreacheditsdestination.Thisprocessiscalledpacketfiltering.Packetfilteringisoneofthefundamentalprinciplesusedbynetworkconnectiondevicestoregulatenetworktraffic.Inthiscase,thepacketfilteringisoccurringatthedatalinklayer,butitcanalsooccuratthenetworkandtransportlayers.
![Page 88: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/88.jpg)
Justtheabilitytoreadthecontentsofapacketheaderelevatesabridgeabovethelevelofahuborrepeater,bothofwhichdealonlywithindividualsignals.However,aswithahuborrepeater,thebridgemakesnochangesinthepacketwhatsoeverandiscompletelyunawareofthecontentswithinthedatalinklayerframe.InChapter2,theprotocoloperatingattheOpenSystemsInterconnection(OSI)model’sdatalinklayerwascomparedtoapostalsystem,inwhicheachpacketisapieceofmailandthedatalinklayerframefunctionsastheenvelopecontainingthedatageneratedbytheupperlayers.Toextendthatanalogy,thebridgeisabletoreadtheaddressesonthepacketenvelopes,butitcannotreadthelettersinside.Asaresult,youdon’thavetoconsidertheprotocolsrunningatthenetworklayerandaboveatallwhenevaluatingorinstallingbridges.
Byusingpacketfiltering,thebridgereducestheamountofexcesstrafficonthenetworkbynotpropagatingpacketsneedlessly.Broadcastmessagesareforwardedtoalloftheconnectedsegments,however,makingitpossibletouseprotocolsthatrelyonbroadcastswithoutmanualsystemconfiguration.Unlikearepeaterorhub,however,abridgedoesnotrelaydatatotheconnectedsegmentsuntilithasreceivedtheentirepacket.(Remember,hubsandrepeatersworkwithsignals,whilebridgesworkwithpackets.)Becauseofthis,twosystemsonbridgedsegmentscantransmitsimultaneouslywithoutincurringacollision.Thus,abridgeconnectsnetworksegmentsinsuchawayastokeeptheminthesamebroadcastdomainbutindifferentcollisiondomains.ThesegmentsarestillconsideredtobepartofthesameLAN,however.
If,forexample,youhaveaLANthatisexperiencingdiminishedperformancebecauseofhighlevelsoftraffic,youcansplititintotwosegmentsbyinsertingabridgeatthemidpoint.Thiswillkeepthelocaltrafficgeneratedoneachsegmentlocalandstillpermitbroadcastsandothertrafficintendedfortheothersegmenttopassthrough.OnanEthernetnetwork,reducingtrafficinthiswayalsoreducesthenumberofcollisions,whichfurtherincreasesthenetwork’sefficiency.Bridgesalsoprovidethesamerepeatingfunctionsasahub,enablingyoutoextendthecablelengthaccordingly.
Bridgeshavemainlybeenreplacedbyroutersandswitches,whicharecoveredlaterinthischapter.Today,bridgesareusedprimarilyinwirelessconfigurations.SeeChapter6forinformationaboutwirelessLANs.
TheSpanningTreeProtocolToaddresstheproblemofendlessloopsandbroadcaststormsonnetworkswithredundantbridging,theDigitalEquipmentCorporationdevisedthespanningtreealgorithm(STA),whichpreservesthefaulttoleranceprovidedbytheadditionalbridges,whilepreventingtheendlessloops.STAwaslaterrevisedbytheInstituteofElectricalandElectronicEngineers(IEEE)andstandardizedasthe802.1dspecification.
Thealgorithmworksbyselectingonebridgeforeachnetworksegmentthathasmultiplebridgesavailable.Thisdesignatedbridgetakescareofallthepacketfilteringandforwardingtasksforthesegment.Theothersremainidlebutstandreadytotakeovershouldthedesignatedbridgefail.
Duringthisselectionprocess,eachbridgeisassignedauniqueidentifier(using
![Page 89: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/89.jpg)
oneofthebridge’sMACaddresses,plusapriorityvalue),asiseachindividualportoneachbridge(usingtheport’sMACaddress).Eachportisalsoassociatedwithapathcost,whichspecifiesthecostoftransmittingapacketontotheLANusingthatport.Pathcoststypicallycanbespecifiedbyanadministratorwhenareasonexiststopreferoneportoveranother,ortheycanbelefttodefaultvalues.
Onceallthecomponentshavebeenidentified,thebridgewiththelowestidentifierbecomestherootbridgefortheentirenetwork.Eachoftheotherbridgesthendetermineswhichofitsportscanreachtherootbridgewiththelowestcost(calledtherootpathcost)anddesignatesitastherootportforthatbridge.
Finally,foreachnetworksegment,adesignatedbridgeisselected,aswellasadesignatedportonthatbridge.Onlythedesignatedportonthedesignatedbridgeispermittedtofilterandforwardthepacketsforthatnetworksegment.Theother(redundant)bridgesonthatsegmentremainoperative—incasethedesignatedbridgeshouldfail—butareinactiveuntiltheyareneeded.Nowthatonlyonebridgeisoperatingoneachsegment,packetscanbeforwardedwithoutloopsforming.
Toperformthesecalculations,bridgesmustexchangemessagesamongthemselves,usingamessageformatdefinedinthe802.1dstandard(seeFigure4-3).Thesemessagesarecalledbridgeprotocoldataunits(BPDUs).
![Page 90: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/90.jpg)
Figure4-3Theformatofthedatamessageusedwhencomputingthespanningtreeprotocolalgorithm
Foreachcriterion,alowervalueisbetterthanahigherone.IfabridgereceivesaBPDUmessagewithbettervaluesthanthoseinitsownmessages,itstopstransmittingBPDUsovertheportthroughwhichitarrived—ineffectrelinquishingitsdutiestothebridgebettersuitedforthejob.ThebridgealsousesthevaluesinthatincomingBPDUtorecalculatethefieldsofthemessagesitwillsendthroughtheotherports.
NOTEThespanningtreealgorithmmustcompletebeforethebridgesbeginforwardinganynetworktraffic.
![Page 91: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/91.jpg)
Oncethespanningtreealgorithmhasdesignatedabridgeforeachnetworksegment,itmustalsocontinuetomonitorthenetworksothattheprocesscanbeginagainwhenabridgefailsorgoesoffline.AllofthebridgesonthenetworkstoretheBPDUsthey’vereceivedfromtheotherbridgesandtracktheirages.Onceamessageexceedsthemaximumallowableage,itisdiscardedandthespanningtreemessageexchangesbeginagain.
Today,avariationofSTPcalledRapidSpanningTreeProtocol(RSTP)isrecommendedandhasbeenaddedasIEEE802.1w,whichhasbecomethestandard.TheconvergencetimeforlegacySTP(IEEE802.1d),whichisthegapwhennetworkbridgesandswitchesarenotforwardinganytraffic,isabout30to50seconds.Inmodernnetworks,thisconvergencetimegapissueisunacceptable.RSTP(IEEE802.1w)addressestheproblem.Thisnewstandardenablesrootportsanddesignatedportstoforwardtrafficinafewseconds.
TransparentBridgingTofilterthepacketsreachingiteffectively,abridgehastoknowwhichsystemsarelocatedonwhichnetworksegmentssoitcandeterminewhichpacketstoforwardandwhichtodiscard.Thebridgestoresthisinformationinanaddresstablethatisinternaltotheunit.Originally,networkadministratorshadtocreatetheaddresstableforabridgemanually,buttoday’sbridgescompiletheaddresstableautomatically,aprocesscalledtransparentbridging.
Assoonasatransparentbridge(alsoknownasalearningbridge)isconnectedtothenetworksegments,itbeginstocompileitsaddresstable.Byreadingthesourceaddressesinthearrivingpacketsandnotingtheinterfaceoverwhichtheyarrived,thebridgecanbuildatableofnodeaddressesforeachsegmentconnectedtoit.
Toillustrate,pictureanetworkcomposedofthreesegments(A,B,andC),allconnectedtoalocalbridge,asshowninFigure4-4.Whenthebridgeisfirstactivated,itreceivesapacketfromNode1overtheinterfacetoNetworkAthatisdestinedforNode2onNetworkB.BecausethebridgenowknowsNode1islocatedonNetworkA,itcreatesanentryinitstableforNetworkAthatcontainsNode1’sMACaddress.
Figure4-4Atransparentbridgeforwardspacketsbasedonaddresstablesitcompilesfrompreviouslytransmittedpackets.
![Page 92: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/92.jpg)
Atthistime,thebridgehasnoinformationaboutNode2andthesegmentonwhichit’slocated,soittransmitsitspacketouttoNetworksBandC—thatis,alloftheconnectedsegmentsexcepttheonefromwhichthepacketarrived.Thisisthedefaultbehaviorofabridgewheneveritreceivesapacketdestinedforasystemnotinitstables.Ittransmitsthepacketoveralloftheothersegmentstoensurethatitreachesitsdestination.
OnceNode2receivesthepacket,ittransmitsareplytoNode1.BecauseNode2islocatedonNetworkB,itsreplypacketarrivesatthebridgeoveradifferentinterface.NowthebridgecanaddanentrytoitstableforNetworkBcontainingNode2’saddress.Onexaminingthepacket,thebridgelooksforthedestinationaddressinitstablesanddiscoversthattheaddressbelongstoNodel,onNetworkA.ThebridgethentransmitsthepacketovertheinterfacetoNodeAonly.
Fromthispointon,whenanyothersystemonNetworkAtransmitsapackettoNodel,thebridgeknowstodiscarditbecausethereisnoneedtopassitalongtotheothersegments.However,thebridgestillusesthosepacketstoaddthetransmittingstationstoitsaddresstableforNetworkA.
Eventually,thebridgewillhaveaddresstableentriesforallthenodesonthenetwork,anditcandirectalloftheincomingpacketstotheappropriateoutgoingports.
BridgeLoopsWhenthesegmentsofanetworkareconnectedusingbridges,thefailureormalfunctionofabridgecanbecatastrophic.Forthisreason,administratorsoftenconnectnetworksegmentswithredundantbridgestoensurethateverynodecanaccesstheentirenetwork,evenifabridgeshouldfail.
InFigure4-5,threesegmentsareconnectedbytwobridges.Ifoneofthebridgesfails,oneofthesegmentsiscutofffromtherestofthenetwork.Toremedythisproblemandtoprovidefaulttolerance,youcanaddathirdbridgeconnectingthetwoendsegments,asshowninFigure4-6.Thisway,eachsystemalwayshastwopossiblepathstotheothersegments.
Figure4-5Wheneachsegmentisconnectedtotheothersusingonebridge,asinglepointoffailureiscreated.
![Page 93: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/93.jpg)
Figure4-6Connectingeachsegmenttotwobridgesprovidesfaulttolerance.
Installingredundantbridgescanbeagoodidea,butitalsoproduceswhatcanbeaseriousproblem.Whenacomputer(Node1)islocatedonasegmentconnectedtotwobridges,asshowninFigure4-7,bothofthebridgeswillreceivethefirstpacketthesystemtransmitsandaddthemachine’saddresstotheirtablesforthatsegment,NetworkA.Bothbridgeswillthentransmitthesamepacketontotheothersegment,NetworkB.Asaresult,eachbridgewillthenreceivethepacketforwardedbytheotherbridge.ThepacketheaderswillstillshowtheaddressofNode1asthesource,butbothbridgeswillhavereceivedthepacketovertheNetworkBinterface.Asaresult,thebridgesmay(ormaynot)modifytheiraddresstablestoshowNode1asbeingonNetworkB,notA.Ifthisoccurs,anysubsequenttransmissionsfromNode2onNetworkBthataredirectedtoNode1willbedroppedbecausethebridgesthinkNode1isonNetworkB,whenitis,infact,onA.
Figure4-7Redundantbridgesprovidefaulttolerance,buttheycanalsocreatebridgingloopsandbroadcaststorms.
Theresultofthisoccurrenceislostdata(becausethebridgesareimproperlydropping
![Page 94: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/94.jpg)
frames)anddegradednetworkperformance.Eventually,theincorrectentriesinthebridges’addresstableswillexpireorbemodified,butintheinterim,Node1iscutofffromthesystemsontheothernetworksegments.
Ifthisproblemisn’tbadenough,whathappenswhenNode1transmitsabroadcastmessageisworse.BothofthebridgesforwardthepackettoNetworkB,whereitisreceivedbytheotherbridge,whichforwardsitagain.Becausebridgesalwaysforwardbroadcastpacketswithoutfilteringthem,multiplecopiesofthesamemessagecirculateendlesslybetweenthetwosegments,constantlybeingforwardedbybothbridges.Thisiscalledabroadcaststorm,anditcaneffectivelypreventallothertrafficonthenetworkfromreachingitsdestination.
SourceRouteBridgingSourceroutebridgingisanalternativetotransparentbridgingthatwasdevelopedbyIBMforuseonmultisegmentTokenRingnetworksandisstandardizedinIEEE802.5.Onanetworkthatusestransparentbridging,thepathapackettakestoadestinationonanothersegmentisdeterminedbythedesignatedbridgesselectedbythespanningtreealgorithm.Insourceroutebridging,thepathtothedestinationsystemisdeterminedbytheworkstationandcontainedineachindividualpacket.
Todiscoverthepossibleroutesthroughthenetworktoagivendestination,aTokenRingsystemtransmitsanAllRingsBroadcast(ARB)framethatallthebridgesforwardtoallconnectedrings.Aseachbridgeprocessestheframe,itaddsitsroutedesignator(RD),identifyingthebridgeandport,tothepacket.ByreadingthelistofRDs,bridgespreventloopsbynotsendingthepackettothesamebridgetwice.
Ifmorethanonerouteexiststothedestinationsystem,multipleARBswillarrivethere,containinginformationaboutthevariousroutestheytook.ThedestinationsystemthentransmitsareplytoeachoftheARBsitreceives,usingthelistofRDstoroutethepacketbacktothesender.
WhentheoriginalsenderoftheARBsreceivestheresponses,itselectsoneoftheroutestothedestinationasthebestone,basedononeormoreofthefollowingcriteria:
•Theamountoftimerequiredfortheexplorerframetoreturntothesender
•Thenumberofhopsbetweenthesourceandthedestination
•Thesizeoftheframethesystemcanuse
Afterselectingoneoftheroutes,thesystemgeneratesitsdatapacketsandincludestheroutinginformationintheTokenRingframeheader.
TheformatfortheARBpacketandforadatapacketcontainingroutinginformationisthesameasastandardIEEE802.5frame,exceptthatthefirstbitofthesourceaddressfield,calledtheroutinginformationindicator(RII)bit,issettoavalueof1,indicatingthatthepacketcontainsroutinginformation.Theroutinginformationitself,whichisnothingmorethanalistofthebridgesthepacketwillusewhentravelingthroughthenetwork,iscarriedthroughtheroutinginformationfield(RIF)thatappearsaspartoftheinformationfield,justaftertheframe’ssourceaddressfield.
![Page 95: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/95.jpg)
TheRIFconsistsofa2-byteroutingcontrolsectionandanumberof2-byteroutedesignatorsections.
Broadcastindicators(3bits)specifythetypeofroutingtobeusedbytheframe,accordingtothefollowingvalues:
•NonbroadcastIndicatesthatthepacketcontainsaspecificroutetothedestinationintheroutedesignatorsectionsoftheRIFfield.
•100:AllroutesbroadcastIndicatesthatthepacketshouldberoutedthroughallthebridgesonthenetwork(withouttraversingthesamebridgetwice)andthateachbridgeshouldaddaroutedesignatorsectiontotheRIFfieldidentifyingthebridgeandtheportontowhichitisbeingforwarded.
•110:SingleroutebroadcastIndicatesthatthepacketshouldberoutedonlythroughthebridgesdesignatedbythespanningtreealgorithmandthateachbridgeshouldaddaroutedesignatorsectiontotheRIFfieldidentifyingthebridgeandtheportontowhichitisbeingforwarded.
•Length(5bits)IndicatesthetotallengthoftheRIFfield,from2to30bytes.
•Directionbit(1bit)Specifiesthedirectioninwhichthepacketistraveling.ThevalueofthisbitindicateswhetherthetransmittingnodeshouldreadtheroutedesignatorsectionsintheRIFfieldfromlefttoright(0)orfromrighttoleft(1).
•Largestframe(3bits)Indicatesthelargestframesizethatcanbeaccommodatedbytheroute,calledthemaximumtransferunit(MTU).Initiallysetbythetransmittingsystem,abridgelowersthisvalueifitforwardsthepacketontoasegmentthatsupportsonlysmallerframes.Thepermittedvaluesareasfollows:
•000indicatesaMACMTUof552bytes
•001indicatesaMACMTUofl,064bytes
•010indicatesaMACMTUof2,088bytes
•011indicatesaMACMTUof4,136bytes
•100indicatesaMACMTUof8,232bytes
•Unused(4bits)
TheIBMstandardforsourceroutebridgingoriginallyspecifiedamaximumof8routedesignatorsectionsinasinglepacket,buttheIEEE802.5standardallowsupto14.Eachworkstationmustmaintainitsownroutinginformationtoeachofthesystemswithwhichitcommunicates.ThiscanresultinalargenumberofARBframesbeingprocessedbyadestinationsystembeforeitevenseesthefirstbyteofapplicationdata.
BridgingEthernetandTokenRingNetworksGenerallyspeaking,Ethernetnetworksusetransparentbridging,andTokenRingnetworksusesourceroutebridging.So,whathappenswhenyouwanttoconnectanEthernet
![Page 96: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/96.jpg)
segmenttoaTokenRingusingabridge?Theansweriscomplicatedbecausethetaskpresentsanumberofsignificantobstacles.
Someofthefundamentalincompatibilitiesofthetwodatalinklayerprotocolsareasfollows:
•BitorderingEthernetsystemsconsiderthefirstbitofaMACaddresstobethelow-orderbit,whileTokenRingsystemstreatthefirstbitasthehigh-orderbit.
•MTUsizesEthernetframeshaveamaximumtransferunitsizeof1,500bytes,whileTokenRingframescanbemuchlarger.BridgesarenotcapableoffragmentingpacketsfortransferoverasegmentwithalowerMTUandthenreassemblingthematthedestination,likeroutersare.Atoo-largepacketarrivingatabridgetoasegmentwithasmallerMTUcanonlybediscarded.
•ExclusiveTokenRingfeaturesTokenRingnetworksuseframestatusbits,priorityindicators,andotherfeaturesthathavenoequivalentinEthernet.
Inaddition,thetwobridgingmethodshavetheirownincompatibilities.TransparentbridgesneitherunderstandthespecialfunctionoftheARBmessagesusedinsourceroutebridgingnorcantheymakeuseoftheRIFfieldinTokenRingpackets.Conversely,sourceroutebridgesdonotunderstandthespanningtreealgorithmmessagesgeneratedbytransparentbridges,andtheydonotknowwhattodowhentheyreceiveframeswithnoroutinginformation.
Twoprimarymethodsexistforovercomingtheseincompatibilities,neitherofwhichisanidealsolution:
•Translationalbridging
•Sourceroutetransparentbridging
TranslationalBridgingIntranslationalbridging,aspecialbridgetranslatesthedatalinklayerframesbetweentheEthernetandTokenRingformats.Nostandardatallexistsforthisprocess,sothemethodsusedbyindividualproductmanufacturerscanvarywidely.Somecompromiseisneededinthetranslationprocessbecausenowayexiststoimplementallthefeaturesfullyineachoftheprotocolsandtobridgethosefeaturestoitscounterpart.Someofthetechniquesusedinvarioustranslationalbridgestoovercometheincompatibilitiesaredescribedinthefollowingparagraphs.
OneofthebasicfunctionsofthebridgeistomapthefieldsoftheEthernetframeontotheTokenRingframeandviceversa.ThebridgereversesthebitorderofthesourceanddestinationaddressesforthepacketspassingbetweenthesegmentsandmayormaynottakeactionbasedonthevaluesofaTokenRingpacket’sframestatus,priority,reservation,andmonitorbits.BridgesmaysimplydiscardthesebitswhentranslatingfromTokenRingtoEthernetandsetredeterminedvaluesforthemwhentranslatingfromEthernettoTokenRing.
TodealwiththedifferentMTUsizesofthenetworksegments,atranslationbridgecansetthelargestframevalueintheTokenRingpacket’sRIFfieldtotheMTUforthe
![Page 97: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/97.jpg)
Ethernetnetwork(1,500bytes).AslongastheTokenRingimplementationsontheworkstationsreadthisfieldandadjusttheirframesizesaccordingly,noproblemshouldoccur,butanyframeslargerthantheMTUontheEthernetsegmentswillbedroppedbythebridgeconnectingthetwonetworks.
Thebiggestdifferencebetweenthetwotypesofbridgingisthat,onEthernetnetworks,theroutinginformationisstoredinthebridges,whileonTokenRingnetworks,it’sstoredattheworkstations.Forthetranslationalbridgetosupportbothnetworktypes,itmustappearasatransparentbridgetotheEthernetsideandasourceroutebridgetotheTokenRingside.
TotheTokenRingnetwork,thetranslationalbridgehasaringnumberandbridgenumber,justlikeastandardsourceroutebridge.Theringnumber,however,representstheentireEthernetdomain,notjustthesegmentconnectedtothebridge.AspacketsfromtheTokenRingnetworkpassthroughthebridge,theinformationfromtheirRIFfieldsisremovedandcachedinthebridge.Fromthatpointon,standardtransparentbridginggetsthepacketstotheirdestinationsontheEthernetnetwork.
WhenapacketgeneratedbyanEthernetworkstationisdestinedforasystemontheTokenRingnetwork,thetranslationalbridgelooksupthesysteminitscacheofRIFinformationandaddsanRIFfieldtothepacketcontainingaroutetothenetwork,ifpossible.lfnorouteisavailableinthecacheorifthepacketisabroadcastormulticast,thebridgetransmitsitasasingle-routebroadcast.
SourceRouteTransparentBridgingIBMhasalsocomeupwithaproposedstandardthatcombinesthetwoprimarybridgingtechnologies,calledsourceroutetransparent(SRT)bridging.ThistechnologyisstandardizedinAppendixCoftheIEEE802.1ddocument.SRTbridgescanforwardpacketsoriginatingoneithersourceroutebridgingortransparentbridgingnetworks,usingaspanningtreealgorithmcommontoboth.ThestandardspanningtreealgorithmusedbyTokenRingnetworksforsingle-routebroadcastmessagesisincompatiblewiththealgorithmusedbyEthernet,asdefinedinthe802.1dspecification.Thisappendixreconcilesthetwo.
SRTbridgesusethevalueoftheRIFbittodeterminewhetherapacketcontainsRlFinformationand,consequently,whetheritshouldusesourcerouteortransparentbridging.Themixingofthetwotechnologiesisnotperfect,however,andnetworkadministratorsmayfinditeasiertoconnectEthernetandTokenRingsegmentswithaswitchorarouterratherthaneitheratranslationalorSRTbridge.
RoutersIntheprevioussections,youlearnedhowrepeaters,hubs,andbridgescanconnectnetworksegmentsatthephysicalanddatalinklayersoftheOSImodel,creatingalargerLANwithasinglecollisiondomain.ThenextstepupinthenetworkexpansionprocessistoconnecttwocompletelyseparateLANsatthenetworklayer.Thisisthejobofarouter.Routersaremoreselectivethanbridgesinthetraffictheypassbetweenthenetworks,andtheyarecapableofintelligentlyselectingthemostefficientpathtoaspecificdestination.
![Page 98: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/98.jpg)
Becausetheyfunctionatthenetworklayer,routerscanalsoconnectdissimilarnetworks.Youcan,forexample,connectanEthernetnetworktoaTokenRingnetworkbecausepacketsenteringarouterarestrippedoftheirdatalinklayerprotocolheadersastheypassuptheprotocolstacktothenetworklayer.Thisleavesaprotocoldataunit(PDU)encapsulatedusingwhatevernetworklayerprotocolisrunningonthecomputer.Afterprocessing,therouterthenencapsulatesthePDUinanewdatalinklayerheaderusingwhateverprotocolisrunningontheothernetworktowhichtherouterisconnected.
Routersareusedforbothhomesandbusinessnetworks.If,forexample,youuseyourhomecomputertodialintoyoursystematworkandaccessresourcesontheofficenetwork,yourworkcomputerisfunctioningasarouter.Inthesameway,ifyoushareanInternetconnectionwithsystemsonaLAN,themachineconnectedtotheInternetisarouter.Arouter,therefore,canbeeitherahardwareorasoftwareentity,anditcanrangefromthesimpletotheextraordinarilycomplex.
Routersareprotocolspecific;theymustsupportthenetworklayerprotocolusedbyeachpacket.Byfar,themostcommonnetworklayerprotocolinusetodayistheInternetProtocol(IP),whichisthebasisfortheInternetandformostprivatenetworks.
Acomputerthatisconnectedtotwoormorenetworksissaidtobeamultihomedsystem.MostWindowssystemstodayfunctionasroutersaswell.Whetherwiredorwireless,networkroutersworkatthenetworklayeroftheOSImodel.
Mostoftheroutersusedonlargenetworks,though,arestand-alonedevicesthatareessentiallycomputersdedicatedtoroutingfunctions.Routerscomeinvarioussizes,fromsmallunitsthatconnectaworkgroupnetworktoabackbonetolarge,modular,rack-mounteddevices.However,whileroutersvaryintheircapabilities,suchasthenumberofnetworkstowhichtheyconnect,theprotocolstheysupport,andtheamountoftraffictheycanhandle,theirbasicfunctionsareessentiallythesame.
RouterApplicationsAlthoughtheprimaryfunctionofarouteristoconnectnetworksandpasstrafficbetweenthem,routerscanfulfillseveraldifferentrolesinnetworkdesigns.Thetypeofrouterusedforaspecificfunctiondeterminesitssize,cost,andcapabilities.ThesimplesttypeofroutingarchitectureiswhenaLANmustbeconnectedtoanotherLANsomedistanceaway,usingawideareanetwork(WAN)connection.Abranchofficeforalargecorporation,forexample,mighthaveaWANconnectiontothecorporateheadquartersinanothercity(seeFigure4-8).
Figure4-8WiredandwirelessroutersenabletheuseofwideareaconnectionstojointwoLANs.
Tomakecommunicationsbetweenthenetworksinthetwoofficespossible,eachmust
![Page 99: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/99.jpg)
connectitsLANtoarouter,andthetworoutersarelinkedbytheWANconnection.
TheWANconnectionmaytaketheformofaleasedtelephoneline,anIntegratedServicesforDigitalNetwork(ISDN)connection,oradigitalsubscriberline(DSL)connection.Thetechnologyusedtoconnectthetwonetworksisirrelevant,aslongastheroutersinbothofficesareconnected.RoutersarerequiredinthisexamplebecausetheLANandWANtechnologiesarefundamentallyincompatible.Youcan’trunanEthernetconnectionbetweentwocities,norcanyouuseleasedtelephonelinestoconnecteachworkstationtothefileserverinthenextroom.
Inaslightlymorecomplicatedarrangement,asitewithalargernetworkmayhaveseveralLANs,eachofwhichisconnectedtoabackbonenetworkusingarouter.Here,routersareneededbecauseonesingleLANmaybeunabletosupportthenumberofworkstationsrequired.Inaddition,theindividualLANsmaybelocatedinotherpartsofabuildingorinseparatebuildingsonthesamecampusandmayrequireadifferenttypeofnetworktoconnectthem.Connectionsbetweencampusbuildings,forexample,requireanetworkmediumthatissuitableforoutdooruse,suchasfiber-opticcable,whiletheLANsineachbuildingcanusemoreinexpensivecoppercabling.Routersareavailablethatcanconnectthesedifferentnetworktypes,nomatterwhatprotocolstheyuse.
Thesetwoexamplesofrouteruseareoftencombined.AlargecorporatenetworkusingabackbonetoconnectmultipleLANswillalmostcertainlywanttobeconnectedtotheInternet.ThismeansthatanotherrouterisneededtosupportsometypeofWANconnectiontoanInternetserviceprovider(ISP).UsersanywhereonthecorporatenetworkcanthenaccessInternetservices.
Bothofthesescenariosuserouterstoconnectarelativelysmallnumberofnetworks,andtheyaredwarfedbytheInternet,whichisaroutednetworkcomposedofthousandsofnetworksallovertheworld.Tomakeitpossibleforpacketstotravelacrossthismazeofrouterswithreasonableefficiency,ahierarchyofroutersleadsfromsmaller,localISPstoregionalproviders,whichinturngettheirservicefromlargenationalservices(seeFigure4-9).TrafficoriginatingfromasystemusingasmallISPtravelsupthroughthisvirtualtreetooneofthemainbackbones,acrosstheupperlevelsofthenetwork,andbackdownagaintothedestination.
![Page 100: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/100.jpg)
Figure4-9AhierarchyofroutershelpsyouforwardtraffictoanylocationusingtheInternet.
YoucanseetheroutethatpacketstakefromyourcomputerthroughtheInternettoaspecificdestinationbyusingtheTracerouteutility.TheWindowscommandistracert.Thiscommand-lineutilitytakestheIPaddressorDNSnameyouspecifyandusesInternetControlMessageProtocol(ICMP)messagestodisplaythenamesandaddressesofalltheintermediateroutersonthepathtothedestination.AtypicalTraceroutedisplaygeneratedbyaWindows8systemappearsinFigure4-10.
Figure4-10AtypicalTracerouteinWindows8.
RouterFunctionsThebasicfunctionofarouteristoevaluateeachpacketarrivingononeofthenetworkstowhichitisconnectedandsenditontoitsdestinationthroughanothernetwork.Thegoalisfortheroutertoselectthenetworkthatprovidesthebestpathtothedestinationforeachpacket.Apacketcanpassthroughseveraldifferentroutersonthewaytoitsdestination.Eachrouteronapacket’spathisreferredtoasahop,andtheobjectistogetthepacketwhereit’sgoingwiththesmallestnumberofhops.Onaprivatenetwork,apacketmayneedthreeorfour(ormore)hopstogettoitsdestination.OntheInternet,apacketcaneasilypassthrough20ormoreroutersalongitspath.
Arouter,bydefinition,isconnectedtotwoormorenetworks.Therouterhasdirectknowledgeaboutthosenetworksfortheprotocolsthatitsupports.If,forexample,a
![Page 101: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/101.jpg)
workstationonNetwork1(seeFigure4-11)transmitsapackettoasystemonNetwork2,therouterconnectingNetworks1,2,and3candirectlydeterminewhichofthetwonetworks(2or3)containsthedestinationsystemandforwardthepacketappropriately.
Figure4-11Routershavedirectknowledgeaboutthenetworkstowhichtheyareconnected.
RoutingTablesTherouterforwardspacketsbymaintainingalistofnetworksandhosts,calledaroutingtable.Forcomputerstocommunicateoveranetwork,eachmachinemusthaveitsownaddress.Inadditiontoidentifyingthespecificcomputer,however,itsaddressmustidentifythenetworkonwhichit’slocated.OnTCP/IPnetworks,forexample,thestandard32-bitIPaddressconsistsofanetworkidentifierandahostidentifier.Aroutingtableconsistsofentriesthatcontainthenetworkidentifierforeachconnectednetwork(orinsomecasesthenetworkandhostidentifiersforspecificcomputers).WhentherouterreceivesapacketaddressedtoaworkstationonNetwork3,itlooksatthenetworkidentifierinthepacket’sdestinationaddress,comparesittotheroutingtable,andforwardsittothenetworkwiththesameidentifier.
Thisisarathersimpletask,aslongastherouterisconnectedtoalloftheLANsonthenetwork.Whenanetworkislargerandusesmultiplerouters,however,nosinglerouterhasdirectknowledgeofalltheLANs.InFigure4-12,RouterAisconnectedtoNetworks1,2,and3asbeforeandhastheidentifiersforthosenetworksinitsroutingtable,butithasnodirectknowledgeofNetwork4,whichisconnectedusinganotherrouter.
Figure4-12RouterAhasnodirectknowledgeofNetwork4becauseitisconnectedtoadifferentrouter.
HowthendoesRouterAknowwheretosendpacketsthatareaddressedtoa
![Page 102: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/102.jpg)
workstationonadistantnetwork?Theansweristhatroutersmaintaininformationintheirroutingtablesaboutothernetworksbesidesthosetowhichtheyaredirectlyattached.Aroutingtablemaycontaininformationaboutmanydifferentnetworksallovertheenterprise.Onaprivatenetwork,itisnotuncommonforeveryroutertohaveentriesforalloftheconnectednetworks.OntheInternet,however,therearesomanynetworksandsomanyroutersthatnosingleroutingtablecancontainallofthemandfunctionefficiently.Thus,arouterconnectedtotheInternetsendspacketstoanotherrouterthatitthinkshasbetterinformationaboutthenetworktowhichthepacketisultimatelydestined.
WindowsRoutingTablesEverycomputeronaTCP/IPnetworkhasaroutingtable,evenifitisconnectedtoonlyonenetwork.Attheveryleast,theroutingtableidentifiesthesystem’sdefaultgatewayandinstructsithowtohandletrafficsenttothelocalnetworkandtheloopbacknetworkaddress(127.0.0.0).AtypicalroutingtableforaWindowssystemappearsinFigure4-13.
Figure4-13AtypicalroutingtableinaWindowssystem
TodisplaytheroutingtableinaWindowsoraLinuxsystem,typerouteatacommandprompt.Youcanalsousenetstat–rninWindows,Linux,Unix,orMacOS.
Theentriesinthetablerunhorizontally.Thefunctionoftheinformationineachcolumnisasfollows:
•NetworkaddressSpecifiesthenetworkaddressforwhichroutinginformationistobeprovided.Whilemostentrieshavenetworkaddressesinthisfield,it’salsopossibletosupplyroutinginformationforaspecifichostaddress.Thisiscalledahostroute.
•NetmaskSpecifiesthesubnetmaskusedtodeterminewhichbitsofthenetworkaddressfunctionasthenetworkidentifier.
•GatewaySpecifiestheIPaddressofthegateway(router)thesystemshouldusetosendpacketstothenetworkaddress.Whentheentryisforanetworktowhichthesystemisdirectlyattached,thisfieldcontainstheaddressofthesystem’snetworkinterface.
•InterfaceSpecifiestheIPaddressofthenetworkinterfacethesystemshouldusetosendtraffictothegatewayaddress.
•MetricSpecifiesthedistancebetweenthesystemandthedestinationnetwork,usuallyintermsofthenumberofhopsneededfortraffictoreachthenetworkaddress.
NOTETCP/IPandInternetterminologyoftenusethetermgatewaysynonymouslywithrouter.Ingeneralnetworkingparlance,agatewayis
![Page 103: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/103.jpg)
anapplicationlayerinterfacebetweennetworksthatinvolvessomeformofhigh-levelprotocoltranslation,suchasane-mailgatewayoragatewaybetweenaLANandamainframe.WhenaWindowssystemreferstoits“defaultgateway,”however,itisreferringtoastandardrouter,operatingatthenetworklayer.
RoutingTableParsingWhetherasystemisfunctioningasarouterornot,theresponsibilityofanetworklayerprotocollikeIPistodeterminewhereeachpacketshouldbetransmittednext.TheIPheaderineachpacketcontainstheaddressofthesystemthatistobeitsultimatedestination,butbeforepassingeachpacketdowntothedatalinklayerprotocol,IPusestheroutingtabletodeterminewhatthedatalinklayerdestinationaddressshouldbeforthepacket’snexthop.ThisisbecauseadatalinklayerprotocollikeEthernetcanaddressapacketonlytoasystemonthelocalnetwork,whichmayormaynotbeitsfinaldestination.Tomakethisdetermination,IPreadsthedestinationaddressforeachpacketitprocessesfromtheIPheaderandsearchesforamatchingentryintheroutingtable,usingthefollowingprocedure:
1.IPfirstscanstheroutingtable,lookingforahostroutethatexactlymatchesthedestinationIPaddressinthepacket.lfoneexists,thepacketistransmittedtothegatewayspecifiedintheroutingtableentry.
2.Ifnomatchinghostrouteexists,IPusesthesubnetmasktodeterminethenetworkaddressforthepacketandscanstheroutingtableforanentrythatmatchesthataddress.IfIPfindsamatch,thepacketistransmittedeithertothespecifiedgateway(ifthesystemisnotdirectlyconnectedtothedestinationnetwork)oroutthespecifiednetworkinterface(ifthedestinationisonthelocalnetwork).
3.Ifnomatchingnetworkaddressisintheroutingtable,IPscansforadefault(or0.0.0.0)routeandtransmitsthepackettothespecifiedgateway.
4.Ifnodefaultrouteisinthetable,IPreturnsadestinationunreachablemessagetothesourceofthepacket(eithertheapplicationthatgenerateditorthesystemthattransmittedit).
StaticandDynamicRoutingThenextlogicalquestionconcerningtheroutingprocessis,howdotheentriesgetintotheroutingtable?Asystemcangenerateentriesforthedefaultgateway,thelocalnetwork,andthebroadcastandmulticastaddressesbecauseitpossessesalloftheinformationneededtocreatethem.Fornetworkstowhichtherouterisnotdirectlyconnected,however,routingtableentriesmustbecreatedbyanoutsideprocess.Thetwobasicmethodsforcreatingentriesintheroutingtablearecalledstaticrouting,whichisthemanualcreationofentries,anddynamicrouting,whichusesanexternalprotocoltogatherinformationaboutthenetwork.
Onarelativelysmall,stablenetwork,staticroutingisapracticalalternativebecause
![Page 104: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/104.jpg)
youhavetocreatetheentriesinyourrouters’tablesonlyonce.Manuallyconfiguringtheroutingtableonworkstationsisn’tnecessarybecausetheytypicallyhaveonlyonenetworkinterfaceandcanaccesstheentirenetworkthroughonedefaultgateway.Routers,however,havemultiplenetworkinterfacesandusuallyhaveaccesstomultiplegateways.Theymust,therefore,knowwhichroutetousewhentryingtotransmittoaspecificnetwork.
Tocreatestaticentriesinacomputer’sroutingtable,youuseaprogramsuppliedwiththeoperatingsystem.ThestandardtoolforthisonUnixandWindowssystemsisacharacter-basedutilitycalledroute(inUnix)orroute.exe(inWindows).TocreateanewentryintheroutingtableonaWindowscomputer,forexample,youuseacommandlikethefollowing:
ROUTEADD192.168.5.0MASK255.255.255.0192.168.2.1METRIC2
Thiscommandinformsthesystemthattoreachanetworkwiththeaddress192.168.5.0,thesystemmustsendpacketstoagateway(router)withtheaddress192.168.2.1,andthatthedestinationnetworkistwohopsaway.
Insomecases,graphicalutilitiesareavailablethatcanperformthesametask.Forexample,theWindows2012ServersystemwithitsRoutingandRemoteAccessServerservicerunningenablesyoutocreatestaticroutes.
Staticroutescreatedthiswayremainintheroutingtableuntilyoumanuallychangeorremovethem,andthiscanbeaproblem.Ifagatewayspecifiedinastaticrouteshouldfail,thesystemcontinuestosendpacketstoit,tonoavail.Youmusteitherrepairthegatewayormodifythestaticroutesthatreferenceitthroughoutthenetworkbeforethesystemscanfunctionnormallyagain.
Onlargernetworks,staticroutingbecomesincreasinglyimpractical,notonlybecauseofthesheernumberofroutingtableentriesinvolved,butalsobecausenetworkconditionscanchangetoooftenandtooquicklyforadministratorstokeeptheroutingtablesoneverysystemcurrent.Instead,thesenetworksusedynamicrouting,inwhichspecializedroutingprotocolsshareinformationabouttheotherroutersinthenetworkandmodifytheroutingtablesaccordingly.Onceconfigured,dynamicroutingneedslittleornomaintenancefromnetworkadministratorsbecausetheprotocolscancreate,modify,orremoveroutingtableentriesasneededtoaccommodatechangingnetworkconditions.TheInternetistotallydependentondynamicroutingbecauseitisconstantlymutating,andnomanualprocesscouldpossiblykeepupwiththechanges.
SelectingtheMostEfficientRouteManynetworks,evenrelativelysmallones,aredesignedwithmultipleroutersthatprovideredundantpathstoagivendestination.Thus,whilecreatinganetworkthatconsistsofseveralLANsjoinedinaseriesbyrouterswouldbepossible,mostusesomethingapproachingameshtopologyinstead,asshowninFigure4-14.Thisway,ifanyoneroutershouldfail,allofthesystemscanstillsendtraffictoanyothersystemonanynetwork.
![Page 105: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/105.jpg)
Figure4-14Byinterconnectingrouters,packetsfromonecomputercantraveltoadestinationcomputeronanothernetworkonadifferentroute.
Whenanetworkisdesignedinthisway,anotherimportantpartoftheroutingprocessisselectingthebestpathtoagivendestination.Theuseofdynamicroutingonthenetworktypicallyresultsinallpossibleroutestoagivennetworkbeingenteredintheroutingtables,eachofwhichincludesametricthatspecifieshowmanyhopsarerequiredtoreachthatnetwork.Mostofthetime,theefficiencyofaparticularrouteismeasuredbythemetricvaluebecauseeachhopinvolvesprocessingbyanotherrouter,whichintroducesaslightdelay.Whenarouterhastoforwardapackettoanetworkrepresentedbymultipleentriesintheroutingtable,itchoosestheonewiththelowermetric.
DiscardingPacketsThegoalofarouteristotransmitpacketstotheirdestinationsusingthepaththatincursthesmallestnumberofhops.Routersalsotrackthenumberofhopsthatpacketstakeonthewaytotheirdestinationsforanotherreason.Whenamalfunctionormisconfigurationoccursinoneormorerouters,itispossibleforpacketstogetcaughtinarouterloopandbepassedendlesslyfromoneroutertoanother.
Topreventthis,theIPheadercontainsaTimetoLive(TTL)fieldthatthesourcesystemgivesacertainnumericalvaluewhenapacketiscreated.Thisvalueis128onmanysystemsandcannotstarthigherthan255.Asapackettravelsthroughthenetwork,eachrouterthatprocessesitdecrementsthevalueofthisfieldby1.If,foranyreason,thepacketpassesthroughroutersenoughtimestobringthevalueofthisfielddownto0,thelastrouterremovesitfromthenetworkanddiscardsit.TherouterthenreturnsanICMPTimetoLiveExceededinTransitmessagetothesourcesystemtoinformitoftheproblem.
PacketFragmentationRouterscanconnectnetworksofvastlydifferenttypes,andtheprocessoftransferringdatagramsfromonedatalinklayerprotocoltoanothercanrequiremorethansimplystrippingoffoneheaderandapplyinganewone.Thebiggestproblemthatcanoccurduringthistranslationprocessiswhenoneprotocolsupportsframesthatarelargerthantheotherprotocol.
If,forexample,arouterconnectsaTokenRingnetworktoanEthernetone,itmayhavetoaccept4,500-bytedatagramsfromonenetworkandthentransmitthemoveranetworkthatcancarryonlyl,500-bytedatagrams.Routersdeterminethemaximumtransferunitofaparticularnetworkbyqueryingtheinterfacetothatnetwork.Tomakethispossible,therouterhastobreakupthedatagramintofragmentsoftheappropriatesize
![Page 106: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/106.jpg)
andthenencapsulateeachfragmentinthecorrectdatalinklayerprotocolframe.Thisfragmentationprocessmayoccurseveraltimesduringapacket’sjourneyfromthesourcetoitsdestination,dependingonthenumberandtypesofnetworksinvolved.
Forexample,apacketoriginatingonaTokenRingnetworkmaybedividedinto1,500-bytefragmentstoaccommodatearoutethroughanEthernetnetwork,andtheneachofthosefragmentsmaythemselvesbedividedinto576-bytefragmentsfortransmissionovertheInternet.Note,however,thatwhileroutersfragmentpackets,theyneverdefragmentthem.Evenifthe576-bytedatagramsarepassedtoanEthernetnetworkastheyapproachtheirdestination,therouterdoesnotreassembletheminto1,500-bytedatagrams.Allreassemblyisperformedatthenetworklayerofthefinaldestinationsystem.
RoutingandICMPTheInternetControlMessageProtocolprovidesseveralimportantfunctionstoroutersandthesystemsthatusethem.ChiefamongtheseisthecapabilityofrouterstouseICMPmessagestoprovideroutinginformationtootherrouters.RouterssendICMPredirectmessagestosourcesystemswhentheyknowofabetterroutethanthesystemiscurrentlyusing.Forexample,aworkstationonNetworkAsendsapackettoRouterAthatisdestinedforacomputeronNetworkB,andRouterAdeterminesthatthenexthopshouldbetoRouterB,whichisonthesamenetworkasthetransmittingworkstation,RouterAwilluseanICMPmessagetoinformtheworkstationthatitshoulduseRouterBtoaccessNetworkBinstead(seeFigure4-15).Theworkstationthenmodifiestheentryinitsroutingtableaccordingly.
Figure4-15ICMPredirectmessagesprovidesimpleroutinginformationtotransmittingsystems.
RoutersalsogenerateICMPDestinationUnreachablemessagesofvarioustypeswhentheyareunabletoforwardpackets.Ifarouterreceivesapacketthatisdestinedforaworkstationonalocallyattachednetworkanditcan’tdeliverthepacketbecausetheworkstationisoffline,theroutergeneratesaHostUnreachablemessageandtransmitsittothesystemthatoriginatedthepacket.Iftherouterisunabletoforwardthepackettoanotherrouterthatprovidesaccesstothedestination,itgeneratesaNetworkUnreachable
![Page 107: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/107.jpg)
messageinstead.Networklayerprotocolsprovideend-to-endcommunications,meaningitisusuallytheendsystemsthatareinvolvedinadialog.ICMPisthereforeamechanismthatenablesintermediatesystems(routers)tocommunicatewithasourceendsystem(thetransmitter)intheeventthatthepacketscan’treachthedestinationendsystem.
OtherICMPpackets,calledRouterSolicitationandAdvertisementmessages,canenableworkstationstodiscovertheroutersonthelocalnetwork.AhostsystemgeneratesaRouterSolicitationmessageandtransmitsitaseitherabroadcastoramulticasttotheAllRoutersonThisSubnetaddress(2240.02).RoutersreceivingthemessagerespondwithRouterAdvertisementmessagesthatthehostsystemusestoupdateitsroutingtable.Theroutersthengenerateperiodicupdatestoinformthehostoftheircontinuedoperationalstatus.MostsystemscanupdatetheirroutingtableswithinformationfromICMPRouterAdvertisementmessages.Supportforthesemessagesinhardwarerouterimplementationsvariesfromproducttoproduct.
TheICIVIPRedirectandRouterSolicitation/Advertisementmessagesdonotconstitutearoutingprotocolpersebecausetheydonotprovidesystemswithinformationaboutthecomparativeefficiencyofvariousroutes.Routingtableentriescreatedormodifiedasaresultofthesemessagesarestillconsideredtobestaticroutes.
RoutingProtocolsRoutersthatsupportdynamicroutingusespecializedprotocolstoexchangeinformationaboutthemselveswithotherroutersonthenetwork.Dynamicroutingdoesn’taltertheactualroutingprocess;it’sjustadifferentmethodofcreatingentriesintheroutingtable.Therearetwotypesofroutingprotocols:interiorgatewayprotocolsandexteriorgatewayprotocols.Privatenetworkstypicallyuseonlyinteriorgatewayprotocolsbecausetheyhavearelativelysmallnumberofroutersanditispracticalforallofthemtoexchangemessageswitheachother.
OntheInternet,thesituationisdifferent.HavingeveryoneoftheInternet’sthousandsofroutersexchangemessageswitheveryotherrouterwouldbeimpossible.Theamountoftrafficinvolvedwouldbeenormous,andtherouterswouldhavelittletimetodoanythingelse.Instead,asisusualwiththeInternet,atwo-levelsystemwasdevisedthatsplitsthegiganticnetworkintodiscreteunitscalledautonomoussystemsoradministrativedomainsorjustdomains.
Anautonomoussystem(AS)isusuallyaprivatenetworkadministeredbyasingleauthority,suchasthoserunbycorporations,educationalinstitutions,andgovernmentagencies.TherouterswithinanASuseaninteriorgatewayprotocol,suchastheRoutingInformationProtocol(RIP)ortheOpenShortestPathFirst(OSPF)protocol,toexchangeroutinginformationamongthemselves.AttheedgesofanASareroutersthatcommunicatewiththeotherautonomoussystemsontheInternet,usinganexteriorgatewayprotocol,themostcommonofwhichontheInternetaretheBorderGatewayProtocol(BC-P)andtheExteriorGatewayProtocol(EGP).
Bysplittingtheroutingchoresintoatwo-levelhierarchy,packetstravelingacrosstheInternetpassthroughroutersthatcontainonlytheinformationneededtogetthemtotherightAS.OncethepacketsarriveattheedgeoftheASinwhichthedestinationsystemis
![Page 108: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/108.jpg)
located,therouterstherecontainmorespecificinformationaboutthenetworkswithintheAS.TheconceptismuchlikethewaythatIPaddressesanddomainnamesareassignedontheInternet.Outsideentitiestrackonlythevariousnetworkaddressesordomains.Theindividualadministratorsofeachnetworkareresponsibleformaintainingthehostaddressesandhostnameswithinthenetworkordomain.
SeeChapter12formoreinformationonroutingprotocols.
SwitchesThetraditionalnetworkconfigurationusesmultipleLANsconnectedbyrouterstoformanetworkthatislargerthanwouldbepossiblewithasingleLAN.ThisisnecessarybecauseeachLANisbasedonanetworkmediumthatissharedbymultiplecomputers,andthereisalimittothenumberofsystemsthatcansharethemediumbeforethenetworkisoverwhelmedbytraffic.RouterssegregatethetrafficontheindividualLANs,forwardingonlythosepacketsaddressedtosystemsonotherLANs.
Routershavebeenaroundfordecades,buttodayswitcheshaverevolutionizednetworkdesignandmadeitpossibletocreateLANsofalmostunlimitedsize.Aswitchisessentiallyamultiportbridgingdeviceinwhicheachportisaseparatenetworksegment.Similarinappearancetoahub,aswitchreceivesincomingtrafficthroughitsports.Unlikeahub,whichforwardsthetrafficoutthroughallofitsotherports,aswitchforwardsthetrafficonlytothesingleportneededtoreachthedestination(seeFigure4-16).If,forexample,youhaveasmallnetworkwitheachcomputerconnectedtoaportinthesameswitchinghub,eachsystemhaswhatamountstoadedicated,full-bandwidthconnectiontoeveryothersystem.Nosharednetworkmediumexists,andconsequently,therearenocollisionsortrafficcongestion.Asanaddedbonus,youalsogetincreasedsecuritybecause,withoutasharedmedium,anunauthorizedworkstationcannotmonitorandcapturethetrafficnotintendedforit.
![Page 109: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/109.jpg)
Figure4-16Switchesrepeatincomingtraffic,butonlytothespecificportforwhichthepacketisintended.
Switchesoperateatlayer2oftheOSIreferencemodel,thedatalinklayer,soconsequently,theyareusedtocreateasinglelargenetworkinsteadofaseriesofsmallernetworksconnectedbyrouters.Thisalsomeansthatswitchescansupportanynetworklayerprotocol.Liketransparentbridges,switchescanlearnthetopologyofanetworkandperformfunctionssuchasforwardingandpacketfiltering.Manyswitchesarealsocapableoffull-duplexcommunicationsandautomaticspeedadjustment.Inthetraditionalarrangementforalargernetwork,multipleLANsareconnectedtoabackbonenetworkwithrouters.Thebackbonenetworkisashared-mediumLANlikealloftheothers,however,andmustthereforecarryallofthenetworktrafficgeneratedbythehorizontalnetworks.Thisiswhythebackbonenetworktraditionallyusesafasterprotocol.Onaswitchednetwork,workstationsareconnectedtoindividualworkgroupswitches,whichinturnareconnectedtoasingle,high-performanceswitch,thusenablinganysystemonthenetworktoopenadedicatedconnectiontoanyothersystem(seeFigure4-17).Thisarrangementcanbeexpandedfurthertoincludeanintermediatelayerofdepartmentalswitches.Serversaccessedbyalluserscanthenbeconnecteddirectlytoadepartmentalswitchortothetop-levelswitchforbetterperformance.
![Page 110: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/110.jpg)
Figure4-17Today,hierarchiesofswitchesreplacebothhubsandrouters.
Replacinghubswithswitchesisanexcellentwaytoimprovetheperformanceofanetworkwithoutchangingprotocolsormodifyingindividualworkstations.EvenalegacyEthernetnetworkexhibitsadramaticimprovementwheneachworkstationisgivenafulltenMbpsofbandwidth.Today,switchesareavailablefornearlyallnetworks,bothwiredandwireless.
SwitchTypesTherearetwobasictypesofswitching:cut-throughswitchingandstore-and-forwardswitching.Acut-throughswitchreadsonlytheMACaddressofanincomingpacket,looksuptheaddressinitsforwardingtable,andimmediatelybeginstotransmititoutthroughtheportprovidingaccesstothedestination.Theswitchforwardsthepacketwithoutanyadditionalprocessing,suchaserrorchecking,andbeforeithasevenreceivedtheentirepacket.Thistypeofswitchisrelativelyinexpensiveandmorecommonlyusedattheworkgroupordepartmentlevel,wherethelackoferrorcheckingwillnotaffecttheperformanceoftheentirenetwork.Theimmediateforwardingofincomingpacketsreducesthelatency(thatis,thedelay)thatresultsfromerrorcheckingandotherprocessing.Ifthedestinationportisinuse,however,theswitchbuffersincomingdatainmemory,incurringalatencydelayanyway,withouttheaddedbenefitoferrorchecking.
Astore-and-forwardswitch,asthenameimplies,storesanentireincomingpacketinbuffermemorybeforeforwardingitoutthedestinationport.Whileinmemory,theswitchchecksthepacketforerrorsandotherconditions.Theswitchimmediatelydiscardsanypacketswitherrors;thosewithouterrorsareforwardedoutthroughthecorrectport.Theseswitchingmethodsarenotnecessarilyexclusiveofeachother.Someswitchescanworkincut-throughmodeuntilapreseterrorthresholdisreached,andthenswitchtostore-and-
![Page 111: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/111.jpg)
forwardoperation.Oncetheerrorsdropbelowthethreshold,theswitchrevertstocut-throughmode.
Switchesimplementthesefunctionsusingoneofthreehardwareconfigurations.Matrixswitching,alsocalledcrossbarswitching,usesagridofinputandoutputconnections,suchasthatshowninFigure4-18.Dataenteringthroughanyport’sinputcanbeforwardedtoanyportforoutput.Becausethissolutionishardwarebased,thereisnoCPUorsoftwareinvolvementintheswitchingprocess.Incaseswheredatacan’tbeforwardedimmediately,theswitchbuffersituntiltheoutputportisunblocked.
Figure4-18Matrixswitchingusesagridofinputandoutputcircuits.
Inasharedmemoryswitch,allincomingdataisstoredinamemorybufferthatissharedbyalloftheswitch’sportsandthenforwardedtoanoutputport(seeFigure4-19).Amorecommonlyusedtechnology(showninFigure4-20),calledbus-architectureswitching,forwardsalltrafficacrossacommonbus,usingtime-divisionmultiplexingtoensurethateachporthasequalaccesstothebus.Inthismodel,eachporthasitsownindividualbufferandiscontrolledbyanapplication-specificintegratedcircuit(ASIC).Today,switchesareavailableforanysizenetwork,frominexpensiveworkgroupswitchesdesignedforsmallofficenetworkstostackableandmodularunitsusedinthelargestnetworks.
![Page 112: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/112.jpg)
Figure4-19Sharedmemoryswitching
Figure4-20Bus-architectureswitching
Routingvs.SwitchingThequestionofwhethertorouteorswitchonanetworkisadifficultone.Switchingisfasterandcheaperthanrouting,butitraisessomeproblemsinmostnetworkconfigurations.Byusingswitches,youeliminatesubnetsandcreateasingleflatnetworksegmentthathostsallofyourcomputers.Anytwosystemscancommunicateusingadedicatedlinkthatisessentiallyatemporarytwo-nodenetwork.Theproblemsarisewhenworkstationsgeneratebroadcastmessages.Becauseaswitchednetworkformsasinglebroadcastdomain,broadcastmessagesarepropagatedthroughoutthewholenetwork,andeverysystemmustprocessthem,whichcanwasteenormousamountsofbandwidth.
OneoftheadvantagesofcreatingmultipleLANsandconnectingthemwithroutersisthatbroadcastsarelimitedtotheindividualnetworks.Routersalsoprovidesecuritybylimitingtransmissionstoasinglesubnet.Toavoidthewastedbandwidthcausedbybroadcasts,ithasbecomenecessarytoimplementcertainroutingconceptsonswitchednetworks.Thishasledtoanumberofnewtechnologiesthatintegrateroutingandswitchingtovaryingdegrees.Someofthesetechnologiesareexaminedinthefollowingsections.
VirtualLANsAvirtualLAN(VLAN)isagroupofsystemsonaswitchednetworkthatfunctionsasasubnetandcommunicateswithotherVLANsthroughrouters.Thephysicalnetworkisstillswitched,however;theVLANsexistasanoverlaytotheswitchingfabric,asshowninFigure4-21.NetworkadministratorscreateVLANsbyspecifyingtheMACportorIPaddressesofthesystemsthataretobepartofeachsubnet.MessagesthatarebroadcastonaVLANarelimitedtothesubnet,justasinaroutednetwork.BecauseVLANsareindependentofthephysicalnetwork,thesystemsinaparticularsubnetcanbelocatedanywhere,andasinglesystemcanevenbeamemberofmorethanoneVLAN.
![Page 113: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/113.jpg)
Figure4-21VLANsarepseudo-subnetsofswitchedworkstations,connectedbyrouters.
Despitethefactthatallthecomputersareconnectedbyswitches,routersarestillnecessaryforsystemsindifferentVLANstocommunicate.VLANsthatarebasedsolelyonlayer2technology,suchasthosethatuseportconfigurationorMACaddressestodefinethemembersystems,musthaveaportdedicatedtoarouterconnection.InthistypeofVLAN,thenetworkadministratoreitherselectscertainswitchportstodesignatethemembersofaVLANorcreatesalistoftheworkstations’MACaddresses.
Becauseoftheadditionalprocessinginvolved,routingisslowerthanswitching.Thisparticulararrangementissometimesreferredtoas“switchwhereyoucan,routewhereyoumust”becauseroutingisusedforcommunicationonlybetweenVLANs;allcommunicationwithinaVLANisswitched.Thisisanefficientarrangementaslongasthemajorityofthenetworktraffic(70to80percent)isbetweensystemsinthesameV/LAN.CommunicationspeedwithinaVLANismaximizedattheexpenseoftheinter-VLANcommunication.Whentoomuchtrafficoccursbetweensystemsindifferentsubnets,theroutingslowsdowntheprocesstoomuch,andthespeedoftheswitchesislargelywasted.
Layer3SwitchingLayer3switchesaresimilartoroutersandoftensupportthesameroutingprotocols.Layer3switchesalsouseVLANsbutmixroutingandswitchingfunctionstomakecommunicationbetweenVLANsmoreefficient.Thistechnologyisknownbyseveraldifferentnames,dependingonthevendoroftheequipment.Theessenceoftheconceptisdescribedas“routeonce,switchafterward.”ArouterisstillrequiredtoestablishconnectionsbetweensystemsindifferentVLANs,butoncetheconnectionhasbeenestablished,subsequenttraffictravelsoverthelayer2switchingfabric,whichismuchfaster.
![Page 114: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/114.jpg)
Mostofthehardwaredevicescalledlayer3switchescombinethefunctionsofaswitchandarouterintooneunit.Thedeviceiscapableofperformingallofarouter’sstandardfunctionsbutisalsoabletotransmitdatausinghigh-speedswitches,allatasubstantiallylowercostthanastandardrouter.Layer3switchesareoptimizedforuseonLANandmetropolitanareanetwork(MAN)connections,notWANs.Byreplacingtheroutersthatconnectworkgroupordepartmentnetworkstothebackbonewithlayer3switches,youretainalloftherouterfunctionality,whileincreasingtheoverallspeedatwhichdataisforwarded.
Multiple-LayerSwitchingAsGigabitEthernetbecomesthenorm,newerswitchescanprioritizenetworktrafficbyusinginformationfromotherOSIlayersineitherhardwareorsoftwareconfigurations.Forexample,layer4switchingisawaytoallowbetterqualityofservice(QoS)withbettermanagementacrossseveralservers.RoutershaveusedOSIlayer4informationforprioritizingnetworktrafficformanyyears.Sincetodayglobalapplicationsneedrapiddisseminationofsessioninformation,layer4switchescanmakeintelligentdecisionsforforwardingframes,basedonTCP/UDPportinformationandtheIPdestination/sourceaddresses.Thistypeofswitchingcandothefollowing:
•Examinethedirectionofclientrequestsatthelayer4switch
•Processmultiplerequestsacrossanyavailableserver
•Measurebothavailabilityandresponsivenessofeachserver
•Establishpolicycontrolsfortrafficmanagement
Formoreinformationaboutmodernservertechnologies,seeChapter8.
![Page 115: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/115.jpg)
CHAPTER
![Page 116: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/116.jpg)
5 CablingaNetwork
Althoughtherearenetworksthatuseradiotransmissionsandotherwirelesstechnologiestotransmitdata,thevastmajorityoftoday’snetworksusesomeformofcableasthenetworkmedium.Mostofthecablesusedfordatanetworkinguseacopperconductortocarryelectricalsignals,butfiber-optic,aspunglasscablethatcarriespulsesoflight,isanincreasinglypopularalternative.
Cablingissueshave,inrecentyears,becomeseparatedfromthetypicalnetworkadministrator’strainingandexperience.Manyveteranadministratorshaveneverinstalled(orpulled)cablethemselvesandarelessthanfamiliarwiththetechnologythatformsthebasisforthenetwork.Inmanycases,theuseoftwisted-paircablehasresultedintelephonesystemcontractorsbeingresponsibleforthenetworkcabling.Networkconsultantstypicallyoutsourceallbutthesmallestcablingjobstooutsidecompanies.
Networkcablingis,inmanycases,structurallyintegratedinthebuildingorotherstructureswithinthewholenetworksite.Therefore,cableinstallation,replacement,orupgradeoftentimesentailsplanningbeyondtheinformationtechnologydepartment’soperationalcontrol.Evenwhatmayseeminglyappeartobeasimplecablesegmentreplacementprojectcanturnouttobelogisticallycomplicated.
However,althoughthecablingrepresentsonlyasmallpartofanetwork’stotalcost(aslittleas6percent),ithasbeenestimatedtoberesponsibleforasmuchas75percentofnetworkdowntime.Thecablingisalsousuallythelongest-livedelementofanetwork.Youmayreplaceserversandothercomponentsmorethanoncebeforeyoureplacethecable.Forthesereasons,spendingabitextraongood-qualitycable,properlyinstalled,isaworthwhileinvestment.Thischapterexaminesthetypesofcablesusedfornetworks,theircomposition,andtheconnectorstheyuse.
CablePropertiesDatalinklayerprotocolsareassociatedwithspecificcabletypesandincludeguidelinesfortheinstallationofthecable,suchasmaximumsegmentlengths.Inmostcases,youhaveachoiceastowhatkindofcableyouwanttousewiththeprotocol,whileinothersyoudonot.Partoftheprocessofevaluatingandselectingaprotocolinvolvesexaminingthecabletypesandtheirsuitabilityforyournetworksite.Forexample,aconnectionbetweentwoadjacentbuildingsisbetterservedbyfiber-opticthancopper,sowiththatrequirementinmind,youshouldproceedtoevaluatethedatalinklayerprotocolsthatsupporttheuseoffiber-opticcable.
Yourcableinstallationmayalsobegoverned,inpart,bythelayoutofthesiteandthelocalbuildingcodes.Cablesgenerallyareavailableinbothnonplenumandplenumtypes.Aplenumisanairspacewithinabuilding,createdbythecomponentsofthebuildingthemselves,thatisdesignedtoprovideventilation,suchasaspacebetweenfloorsorwalls.Buildingsthatuseplenumstomoveairusuallydonothaveaductedventilationsystem.Inmostcommunities,toruncablethroughaplenum,youmustuseaplenum-rated
![Page 117: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/117.jpg)
cablethatdoesnotgiveofftoxicgaseswhenitburnsbecausetheairintheplenumisdistributedthroughoutthebuilding.TheoutercoveringofaplenumcableisusuallysomesortofTeflonproduct,whilenonplenumcableshaveapolyvinylchloride(PVC)sheath,whichdoesproducetoxicgaseswhenitburns.Notsurprisingly,plenumcablecostsmorethannonplenum,anditisalsolessflexible,makingitmoredifficulttoinstall.However,itisimportanttousethecorrecttypeofcableinanyinstallation.Ifyouviolatethebuildingcodes,thelocalauthoritiescanforceyoutoreplacetheoffendingcableandpossiblymakeyoupayfinesaswell.Becauseofalwaysincreasinginsurancecosts,somecompanieswillusespecificplenumcablestolowertheirliabilityincaseoffirebecausetheuseofplenumcablecanresultinlessphysicaldamageshouldtherebeafire.
Costiscertainlyanelementthatshouldaffectyourcableselectionprocess,notonlyofthecableitselfbutalsooftheancillarycomponentssuchasconnectorsandmountinghardware,thenetworkinterfacecards(NICs)forthecomputers,andthelaborrequiredforthecableinstallation.Thequalitiesoffiber-opticcablemightmakeitseemanidealchoiceforyournetwork,butwhenyouseethecostsofpurchasing,installing,andmaintainingit,youropinionmaychange.
Finally,thequalityofthecableisanimportantpartoftheevaluationandselectionprocess.Whenyouwalkintoyourlocalcomputercentertobuyaprefabricatedcable,youwon’thavemuchofaselection,exceptforcablelengthandpossiblycolor.Vendorsthatprovideafullcableselection,however(manyofwhomsellonlineorbymailorder),haveavarietyofcabletypesthatdifferintheirconstruction,theircapabilities,and,ofcourse,theirprices.
Dependingonthecabletype,agoodvendormayhavebothbulkcableandprefabricatedcables.Bulkcable(thatis,unfinishedcablewithoutconnectors)shouldbeavailableinvariousgrades,inbothplenumandnonplenumtypes.Thegradeofthecablecandependonseveralfeatures,includingthefollowing:
•ConductorgaugeThegaugeisthediameteroftheactualconductorwithinacable,whichinthecaseofcoppercablesismeasuredusingtheAmericanWireGauge(AWG)scale.ThelowertheAWGrating,thethickertheconductor.A24AWGcable,therefore,isthinnerthana22AWGcable.Athickerconductorprovidesbetterconductivityandmoreresistanceagainstattenuation.
•CategoryratingSometypesofcablesareassignedratingsbyastandardsbody,liketheElectronicIndustriesAlliance/TelecommunicationsIndustryAssociation(EIA/TIA).Twisted-paircable,forexample,isgivenacategoryratingthatdefinesitscapabilities.Mostofthetwisted-paircablefoundtodayisCategory5eorCategory6,knownasCat5eorCat6.NewerinstallationsmayuseCat6a,whichhasimprovedperformanceatfrequenciesupto500MHz.
•ShieldedorunshieldedSomecablesareavailablewithcasingsthatprovidedifferentlevelsofshieldingagainstelectromagneticinterference.Theshieldingusuallytakestheformoffoilorcopperbraid,thelatterofwhichprovidesbetterprotection.Twisted-paircabling,forexample,isavailableinshieldedandunshieldedvarieties.Foratypicalnetworkenvironment,unshieldedtwisted-pairprovidessufficientprotectionagainstinterferencebecausethetwistingofthewire
![Page 118: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/118.jpg)
pairsitselfisapreventativemeasure.
•SolidorstrandedconductorAcablewithasolidmetalconductorprovidesbetterprotectionagainstattenuation,whichmeansitcanspanlongerdistances.However,thesolidconductorhamperstheflexibilityofthecable.Ifflexedorbentrepeatedly,theconductorinsidethecablecanbreak.Solidconductorcables,therefore,areintendedforpermanentcablerunsthatwillnotbemoved,suchasthoseinsidewallsorceilings.(Notethatthecablecanbeflexedaroundcornersandotherobstaclesduringtheinstallation;itisrepeatedflexingthatcandamageit.)Cableswithconductorscomposedofmultiplecopperstrandscanbeflexedrepeatedlywithoutbreakingbutaresubjecttogreateramountsofattenuation.Strandedcables,therefore,shouldbeusedforshorterrunsthatarelikelytobemoved,suchasforpatchcablesrunningfromwallplatestocomputers.
NOTEAttenuationreferstothetendencyofsignalstoweakenastheytravelalongacablebecauseoftheresistanceinherentinthemedium.Thelongeracable,themorethesignalsattenuatebeforereachingtheotherend.Attenuationisoneoftheprimaryfactorsthatlimitsthesizeofadatanetwork.Differenttypesofcablehavedifferentattenuationrates,withcoppercablebeingfarmoresusceptibletotheeffectthanfiber-opticcable.
Thesefeaturesnaturallyaffectthepriceofthecable.Alowergaugeismoreexpensivethanahigherone,ahighercategoryismoreexpensivethanalower,shieldedismoreexpensivethanunshielded,andsolidismoreexpensivethanstranded.Thisisnottosay,however,thatthemoreexpensiveproductispreferableineverysituation.Inadditiontothecable,agoodvendorshouldhavealloftheequipmentyouneedtoattachtheappropriateconnectors,includingtheconnectorcomponentsandthetoolsforattachingthem.
Prefabricatedcableshavetheconnectorsalreadyattachedandshouldbeavailableinvariouslengthsandcolors,usingcablewiththefeaturesalreadylisted,andwithvariousgradesofconnectors.Thehighest-qualityprefabricatedcables,forexample,usuallyhavearubberbootaroundtheconnectorthatsealsittothecableend,preventsitfromlooseningorpullingout,protectstheconnectorpinsfrombending,andreducessignalinterferencebetweenthewires(calledcrosstalk).Onlower-costcables,theconnectorissimplyattachedtotheend,withoutanyextraprotection.
CablingStandardsPriorto1991,thecablingusedfornetworkswasspecifiedbythemanufacturersofindividualnetworkingproducts.Thisresultedintheincompatibilitiesthatarecommoninproprietarysystems,andtheneedwasrecognizedforastandardtodefineacablingsystemthatcouldsupportamultitudeofdifferentnetworkingtechnologies.Toaddressthisneed,theAmericanNationalStandardsInstitute(ANSI),theElectronicIndustryAssociation,andtheTelecommunicationsIndustryAssociation,alongwithaconsortiumoftelecommunicationscompanies,developedtheANSI/EIA/TIA-568-1991Commercial
![Page 119: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/119.jpg)
BuildingTelecommunicationsCablingStandard.Thisdocumentwasrevisedin1995andwasknownasANSI/TIA/EIA-T568-A.Anadditionalwiringstandard,theT568-B,wasadoptedin2001.Theprimarydifferencebetweenthetwoisthattwoofthewiringpairsareswapped.Eachstandarddefinesthepinout(ororderofconnection)fortheeight-pinconnectorplugs.See“ConnectorPinouts”laterinthischapterformoreinformation.
BothofthesestandardsweresupersededbythecurrentTIA/EIA-568-Cstandard.
TIA/EIA-568The568standarddefinesastructuredcablingsystemforvoiceanddatacommunicationsinofficeenvironmentsthathasausablelifespanofatleasttenyears,supportsproductsofmultipletechnologyvendors,andusesanyofthefollowingcabletypesforvariousapplications.Thecurrentstandard(TIA/EIA-568-C)definesthegeneralrequirementswithsubsectionsthatfocusoncablingsystems.Additionalstandards,suchasTIA-569-AandTIA-570-A,addresscommercialandresidentialcabling.
Thedocumentsalsoincludespecificationsforinstallingthecablewithinthebuildingspace.Towardthisend,thebuildingisdividedintothefollowingsubsystems:
•BuildingentranceThelocationatwhichthebuilding’sinternalcablinginterfaceswithoutsidecabling.Thisisalsoreferredtoasthedemarcationpoint,wheretheexternalprovidernetworkendsandconnectswiththecustomer’son-premisewiring.
•EquipmentroomThelocationofequipmentthatcanprovidethesamefunctionsasthatinatelecommunicationsclosetbutthatmaybemorecomplex.
•TelecommunicationsclosetThelocationoflocalizedtelecommunicationsequipment,suchastheinterfacebetweenthehorizontalcablingandthebackbone.
•BackbonecablingThecablingthatconnectsthebuilding’svariousequipmentrooms,telecommunicationsclosets,andthebuildingentrance,aswellasconnectionsbetweenbuildingsinacampusnetworkenvironment.
•HorizontalcablingThecablingandotherhardwareusedtoconnectthetelecommunicationsclosettotheworkarea.
Thewiringsareusuallyrunthroughwireways,conduits,orceilingspacesofeachfloorandcaneitherbeplenumcablingorinternalwiring(IW).
•WorkareaThecomponentsusedtoconnectthetelecommunicationsoutlettotheworkstation.
Thus,thecableinstallationforamodernbuildingmightlooksomethinglikethediagramshowninFigure5-1.Theconnectionstoexternaltelephoneandotherservicesarriveatthebuildingentranceandleadtotheequipmentroom,whichcontainsthenetworkserversandotherequipment.Abackbonenetworkconnectstheequipmentroomtovarioustelecommunicationsclosetsthroughoutthebuilding,whichcontainnetworkinterfaceequipment,suchasswitches,bridges,routers,orhubs.Fromthetelecommunicationsclosets,thehorizontalcablingbranchesoutintotheworkareas,terminatingatwallplates.Theworkareathenconsistsofthepatchcablesthatconnectthe
![Page 120: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/120.jpg)
computersandotherequipmenttothewallplates.
Figure5-1AgenericbuildingcablingsystemasdefinedbyTIA/EIAT-568
Thisis,ofcourse,asimplifiedandgeneralizedplan.TheT568standard,incoordinationwithotherTIA/EIAstandards,providesguidelinesforthetypesofcablingwithinandbetweenthesesubsystemsthatyoucanusetocreateawiringplancustomizedtoyoursiteandyourequipment.
Contractorsyouhiretoperformanofficecableinstallationshouldbefamiliarwiththesestandardsandshouldbewillingtocertifyinwritingthattheirworkconformstotheguidelinestheycontain.
DataLinkLayerProtocolStandards
![Page 121: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/121.jpg)
TheprotocolstraditionallyassociatedwiththedatalinklayeroftheOSIreferencemodel,suchasEthernetandTokenRing,alsooverlapintothephysicallayerinthattheycontainspecificationsforthenetworkcabling.Thus,EthernetandTokenRingstandards,likethoseproducedbytheIEEE802workinggroup,canalsobesaidtobecablingstandards.However,thesedocumentsdonotgoasdeeplyintothedetailsofthecablepropertiesandenterprisecablesystemdesignasT568.
CoaxialCableThefirstcommerciallyviablenetworktechnologiesintroducedinthe1970susedcoaxialcableasthenetworkmedium.Coaxialcableisnamedforthetwoconductorsthatsharethesameaxisrunningthroughthecable’scenter.Manytypesofcoppercablehavetwoseparateconductors,suchasastandardelectricalcord.Inmostofthese,thetwoconductorsrunsidebysidewithinaninsulatingsheaththatprotectsandseparatesthem.Acoaxialcable,ontheotherhand,isround,withacoppercoreatitscenterthatformsthefirstconductor.Itisthiscorethatcarriestheactualsignals.Alayerofdielectricfoaminsulationsurroundsthecore,separatingitfromthesecondconductor,whichismadeofbraidedwiremeshandfunctionsasaground.Aswithanyelectricalcable,thesignalconductorandthegroundmustalwaysbeseparatedorashortwilloccur,producingnoiseonthecable.Thisentireassemblyisthenenclosedwithinaninsulatingsheath(seeFigure5-2).
Figure5-2Across-sectionofacoaxialcable
NOTECoaxialcablescanhaveeitherasolidorastrandedcoppercare,andtheirdesignationsreflectthedifference.Thesuffix/Uindicatesasolidcore,whileA/Uindicatesastrandedcore.ThinEthernetusedeitheranRC-58-UoranRG-58A/Ucable.
Severaltypesofcoaxialcableswereusedfornetworking,andtheyhaddifferentproperties,eveniftheyweresimilarinappearance.Datalinklayerprotocolscalledforspecifictypesofcable,thepropertiesofwhichdeterminedtheguidelinesandlimitationsforthecableinstallation.
Today,coaxcableisprimarilyusedforconnectingtelevisionstocableboxesorsatellitereceivers.Italsomaybeusedtoconnectacomputer’scablemodemtoanInternetserviceprovider(ISP).Intheearlydaysofcomputernetworks,thecablewasconnected
![Page 122: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/122.jpg)
withaspecialconnectorcalledaBNC.Theactualmeaningofthebayonet-styleconnecter’snameisshroudedinmystery,withmosttechniciansdividedbetweenBritishNavalConnectorandBayonetNeill-Concelman.
ThickEthernetRG-8/UcablewasusuallyreferredtoasthickEthernettrunkcablebecausethatwasitsprimaryuse.TheRG-8/UcableusedforthickEthernetnetworkshadtheleastamountofattenuationofthecoaxialcables,dueinnosmallparttoitbeingmuchthickerthantheothertypes.ThisiswhyathickEthernetnetworkcouldhavecablesegmentsupto500meterslong,whilethinEthernetwaslimitedto185meters.
At.405inchesindiameter,RG-8/Uwassimilarinsizetoagardenhosebutmuchheavierandlessflexible,whichmadeitdifficulttobendaroundcorners.Forthesereasons,thecablewastypicallyinstalledalongthefloorofthesite.Bycontrast,theRC-58A/UcableusedbythinEthernetwasthinner,lighter,andflexibleenoughtorundirectlytotheNIC.
ThickEthernetcablewasusuallyyellowandwasmarkedevery2.5metersforthetapstowhichtheworkstationsconnect.Toconnectaworkstationtothecable,youappliedwhatwasknownasavampiretap.Avampiretapisaclampthatyouconnectedtothecableafterdrillingaholeinthesheath.Theclamphadmetal“fangs”thatpenetratedintothecoretosendandreceivesignals.Thevampiretapalsoincludedthetransceiver(externaltothecomputeronathickEthernetnetwork),whichconnectedtotheNICwithacablewithconnectorsatbothends.
Asaresultoftheinconveniencecausedbyitsexpenseandrigidity,anddespiteitsbetterperformancethanitssuccessor,thinEthernet,thickEthernetisrarelyseentoday,evenonlegacynetworks.
ThinEthernetThemainadvantageoftheRG-58cableusedforthinEthernetnetworksoverRG-8wasitsrelativeflexibility,whichsimplifiestheinstallationprocessandmakesitpossibletorunthecabledirectlytothecomputer,ratherthanusingaseparateAUIcable.Comparedtotwisted-pair,however,thinEthernetisstillungainlyanddifficulttoconcealbecauseeveryworkstationmusthavetwocablesconnectedtoitsNICusingaTfitting.Insteadofneatwallplateswithmodularjacksforpatchcables,aninternalthinEthernetinstallationhadtwothick,semirigidcablesprotrudingfromthewallforeverycomputer.
Asaresultofthisinstallationmethod,thebuswasactuallybrokenintoseparatelengthsofcablethatconnecteachcomputertothenext,unlikeathickEthernetbus,whichideallywasonelongcablesegmentpiercedwithtapsalongitslength.Thismadeabigdifferenceinthefunctionalityofthenetworkbecauseifoneofthetwoconnectionstoeachcomputerwasbrokenforanyreason,thebuswassevered.Whenthishappened,networkcommunicationsfailedbetweensystemsondifferentsidesofthebreak,andthelossofterminationononeendofeachfragmentjeopardizedallofthenetwork’straffic.
RG-58cableusedBNCconnectorstoconnecttotheTandtoconnecttheTtotheNIC
![Page 123: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/123.jpg)
inthecomputer.Evenattheheightofitspopularity,thinEthernetcablewastypicallypurchasedinbulk,andtheconnectorswereattachedbytheinstalleroradministrator;prefabricatedcableswererelativelyrare.TheprocessofattachingaBNCconnectorinvolvedstrippingtheinsulationoffthecableendtoexposeboththecoppercoreandtheground.Theconnectoristhenappliedasseparatecomponents(asocketthatthecablethreadsthroughandapostthatslipsoverthecore).Finally,thesocketiscompressedsoitgripsthecableandholdsthepostinplace,usingapliersliketoolcalledacrimper.
CableTelevisionJustbecausecoaxialcableisnolongerusedfornetworksdoesnotmeanthatithastotallyoutliveditsusefulness.Antennas,radios,andparticularlythecabletelevisionindustrystilluseitextensively.ThecabledeliveringTVservicetoyourhomeisRG-5975-ohmcoaxial,usedinthiscaseforbroadbandratherthanbasebandtransmission(meaningthatthesinglecablecarriesmultiple,discretesignalssimultaneously).ThiscableisalsosimilarinappearancetothinEthernet,butithasdifferentpropertiesandusesdifferentconnectors.TheEconnectorusedforcableTVconnectionsscrewsintothejack,whileBNCconnectorsuseabayonetlockcoupling.
ManycableTVprovidersusethissamecoaxialcabletosupplyInternetaccesstosubscribers,aswellastelevisionsignals.Intheseinstallations,thecoaxialcableconnectstoadevicetypicallyreferredtoasacablemodem,whichthenisconnectedtoacomputerusinga10Base-TEthernetcable.
Twisted-PairCableTwisted-paircableisthecurrentstandardfornetworks.Whencomparedtocoaxial,itiseasiertoinstall,issuitableformanydifferentapplications,andprovidesfarbetterperformance.Perhapsthebiggestadvantageoftwisted-paircable,however,isthatitisalreadyusedincountlesstelephonesysteminstallationsthroughouttheworld.
Thismeansthatmanycontractorsarefamiliarwiththeinstallationproceduresandthatinanewlyconstructedofficeitispossibletoinstallthecablesatthesametimeasthetelephonecables.Infact,manyprivatehomesnowbeingbuiltincludetwisted-pairnetworkcablingaspartofthebasicserviceinfrastructure.
Unlikecoaxialcable,whichhasonlyonesignal-carryingconductorandoneground,thetwisted-paircableusedinmostdatanetworkshasfourpairsofinsulatedcopperwireswithinasinglesheath.Eachwirepairistwistedwithadifferentnumberoftwistsperinchtoavoidelectromagneticinterferencefromtheotherpairsandfromoutsidesources(seeFigure5-3).
![Page 124: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/124.jpg)
Figure5-3Across-sectionofatwisted-paircable
Eachpairofwiresinatwisted-paircableiscolorcoded,usingcolorsdefinedintheTIA/EIA-T568-AorBstandard,asshowninTable5-1.Ineachpair,thesolid-coloredwirecarriesthesignals,whilethestripedwireactsasaground.
Table5-1ColorCodesforTIA/EIAT-568
UnshieldedTwisted-PairTheoutersheathingofatwisted-paircablecanbeeitherrelativelythin,asinunshieldedtwisted-pair(UTP)cable,orthick,asinshieldedtwisted-pair(STP).UTPcableisthemorecommonlyusedofthetwo;mostEthernetnetworksaremorethanadequatelyservedbyUTPcable.TheUTPcableuses22or24AWGcopperconductorsandhasanimpedanceof100ohms.Theinsulationcanbeplenumratedornonplenum.
Beyondthesespecifications,theTIA/EIA-T568standarddefineslevelsofperformanceforUTPcablethatarereferredtoascategories.Ahighercategoryratingmeansthatacableismoreefficientandabletotransmitdataatgreaterspeeds.Themajordifferencebetweenthedifferentcablecategoriesisthetightnessofeachwirepair’stwisting,commonlyreferredtoastwistperinch.Table5-2listssomeofthecategoriesdefinedbytheT568standard,thespeedratings,themaximumrunlength,thenetworkapplications,andthemaximumfrequencyforeachcategory.
![Page 125: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/125.jpg)
Table5-2CableCategorySpecifications
Category3cablewastraditionallyusedfortelephonesysteminstallationsandwasalsosuitablefor10Base-TEthernetnetworks,whichrunat10Mbps.Category3wasnotsuitableforthe100MbpsspeedusedbyFastEthernet,exceptinthecaseof100Base-T4,whichwasspecificallydesignedtorunonCategory3cable.100BaseT4wasabletofunctiononlyonthiscablebecauseitusedallfourofthewirepairstocarrydata,whilethestandardtechnologiesofthetimeusedonlytwopairs.
Category4cableprovidedamarginalincreaseinperformanceoverCategory3andwas,foratime,usedinTokenRingnetworks.Sinceitsratificationin1995,however,mostoftheUTPcableinstalledforcomputernetworks(andtelephonenetworksaswell)wasCategory5.Category5UTPcable(oftenknownsimplyasCat5)providedasubstantialperformanceincrease,supportingtransmissionsatupto100MHz.
Category5eWhileCategory5cablewassufficientforuseon100MbpsnetworkssuchasFastEthernet,technologycontinuedtoadvance,andwithGigabitEthernetproductsbecomingavailable,runningat1Gbps(1,000Mbps),itwasnecessarytoaccommodatethehigherspeeds.
UTPcableratingshavecontinuedtoadvanceaswell.However,theprocessbywhichtheTIA/EIAstandardsaredefinedandratifiedismuchslowerthanthepaceoftechnology,andmanyhigh-performancecableproductsarrivedonthemarketthatexceededtheCategory5specificationstovaryingdegrees.In1999,afterasurprisinglyaccelerateddevelopmentperiodoflessthantwoyears,theTIA/ETAratifiedtheCategory5e(orEnhancedCategory5)standard.
TheCategory5estandardwasrevisedmorethan14timesduringitsdevelopmentbecausetherewasagreatdealofconflictamongtheconcernedpartiesastohowfarthestandardshouldgo.Category5ewasintendedprimarilytosupporttheIEEE802.3abGigabitEthernetstandard,alsoknownas1000Base-T,whichisaversionofthe1,000Mbpsnetworkingtechnologydesignedtorunonthestandard100-metercoppercablesegmentsalsousedbyFastEthernet.AsyoucanseeinTable5-2,theCategory5estandardcallsforamaximumfrequencyratingofonly100MHz,thesameasthatofCategory5cable.However,GigabitEthernetusesfrequenciesupto125MHz,andAsynchronousTransferMode(ATM)networks,whichwerealsoexpectedtousethiscable,couldrunatfrequenciesofupto155MHz.Asaresult,therewasagooddealof
![Page 126: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/126.jpg)
criticismleveledatthe5estandard,sayingthatitdidn’tgofarenoughtoensureadequateperformanceofGigabitEthernetnetworks.
It’simportanttounderstandthattheTlA/EIAUTPcablestandardsconsistofmanydifferentperformancerequirements,butthefrequencyratingistheonethatismostcommonlyusedtojudgethetransmissionqualityofthecable.Infact,theCategory5estandardisbasicallytheCategory5standardwithslightlyelevatedrequirementsforsomeofitstestingparameters,suchasnearendcrosstalk(NEXT),theattenuation-to-crosstalkratio(ACR),returnloss,anddifferentialimpedance.
Cat6and6aCat6wasestablishedin2001.ThisstandardforGigabitEthernetisbackwardcompatiblewiththeCat3,5,and5estandards.Thiscablefeatureshigherspecificationsforsuppressionofbothsystemnoiseandcrosstalkissues.Itwasspecificallydesignedtobeinteroperable,meaningcablemeetingthisstandardmustworkwithproductsmanufacturedbymostvendors.
BecauseCat6cablescontainlargercopperconductors,thesizeisabitlargerthantheearlierCategory5and5ecables.ThediameterofCat6rangesfrom.021inchto.25inch(5.3mmto5.8mm).SinceCat5and5ecablesfallintherangefrom0.19inchto0.22inch(4.8mmto5.5mm),thephysicalsizecanmakeadifferenceinaninstallation.
CrosstalkisreducedinCat6bymakingeachpairatwistof.5inchorless,whilethelargerconductorsizeprovideslesssignalloss(attenuation)overthelengthofthecable.
AugmentedCategory6(Cat6a)cableimprovesthebandwidthofCat6.However,becauseitisavailableinSTPformat,itmusthavespecializedconnectorstogroundthecableandisthereforemoreexpensivethanCat6.
Cat7Cat7(originallyknownasClassF)isbackwardcompatiblewithbothCat5andCat6.Itisatwisted-paircablethatwasdesignedasastandardforGigabitEthernet.Ithasadditionalshieldingthathelpstoreducebothcrosstalkandsystemnoise.Becauseofthisadditionalshielding,Cat7cableisbulkierandmoredifficulttobend.AswithCat6a,eachlayermustbegroundedoritsthrough-putperformancedeclinestonearlythatofCat6.
NOTERemember,whenupgradingcabling,allofthenetworkcomponentsmustberatedatthesamecategory.ThismeansyouwillnothaveaCat6networkifsomeoftheconnectorsorothercomponentsareratedatCat5.
Currently,astechnologyadvances,sodonewstandards.Cat7aiscurrentlyavailableforsomeapplications,primarilymultipleapplicationsacrossasinglecable.Cat8andbeyondareintheworks.
ConnectorPinouts
![Page 127: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/127.jpg)
Twisted-paircablesuseRJ-45modularconnectorsatbothends(seeFigure5-4).AnRJ-45(RJistheacronymforregisteredjack)isaneight-pinversionofthefour-pin(orsometimessix-pin)RJ-11connectorusedonstandardsatintelephonecables.Thepinoutsfortheconnector,whicharealsodefinedintheTIA/ElA-T568-AandBstandards,areshowninFigure5-5.
Figure5-4AnRJ-45connector
Figure5-5The568Aand568Bpinouts
TheUSOCstandard(asshowninFigure5-6)wasthetraditionalpinoutoriginatedforvoicecommunicationsintheUnitedStates,butthisconfigurationisnotsuitablefordata.Thisisbecausewhilepins3and6doconnecttoasingle-wirepair,pins1and2areconnectedtoseparatepairs.AT&Tdiscoveredthisshortcomingwhenitbegandoingresearchintocomputernetworksthatwouldrunovertheexistingtelecommunicationsinfrastructure.In1985,AT&Tpublisheditsownstandard,called258A,whichdefinedanewpinoutinwhichtheproperpinsusedthesamewirepairs.
![Page 128: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/128.jpg)
Figure5-6The568BandUSOCpinouts
TheTIA/EIA,whichwasestablishedin1985afterthebreakupofAT&T,thenpublishedthe258AstandardasanadjuncttoTIA/EIA-T568-Ain1995,givingitthenameT568-B(asshownontheleftinFigure5-6).Thus,whilethepinoutnowknownas568Bwouldseemtobenewerthan568A,itisactuallyolder.Pinout568BbegantobeusedwidelyintheUnitedStatesbeforetheTIA/EIA-T568-Astandardwasevenpublished.
AsyoucanseeinFigure5-6,theUSOCstandardusesadifferentlayoutforthewirepairs,whilethe568Aand568Bpinoutsareidenticalexceptthatthegreenandorangewirepairsaretransposed.Thus,thetwoTIA/EIAstandardsarefunctionallyidentical;neitheroneoffersaperformanceadvantageovertheother,aslongasbothendsofthecableusethesamepinout.Prefabricatedcablesareavailablethatconformtoeitheroneofthesestandards.
Inmostcases,twisted-paircableiswiredstraightthrough,meaningthateachofthepinsononeconnectoriswiredtoitscorrespondingpinontheotherconnector,asshowninFigure5-7.Onatypicalnetwork,however,computersuseseparatewirepairsfortransmittingandreceivingdata.Fortwomachinestocommunicate,thetransmittedsignalgeneratedateachcomputermustbedeliveredtothereceivepinsontheother,meaningthatasignalcrossovermustoccurbetweenthetransmitandreceivewirepairs.Thecablesarewiredstraightthrough(thatis,withoutthecrossover)onanormalEthernetLANbecausethehubisresponsibleforperformingthecrossover.Ifyouwanttoconnectonecomputertoanotherwithoutahubtoformasimpletwo-nodeEthernetnetwork,youmustuseacrossovercable,inwhichthetransmitpinsoneachendofthecableareconnectedtothereceivepinsontheotherend,asshowninFigure5-8.
![Page 129: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/129.jpg)
Figure5-7UTPstraight-throughwiring
Figure5-8UTPcrossoverwiring
Becauseeachpinonastraight-throughcableisconnectedtothecorrespondingpinattheotherend,itdoesn’tmatterwhatcolorsthewiresare,aslongasthepairsareproperlyoriented.So,whenpurchasingprefabricatedcables,eitherthe568Aor568Bpinoutswillfunctionproperly.Thetimewhenyoumustmakeaconsciousdecisiontouseonestandard
![Page 130: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/130.jpg)
ortheotheriswhenyouinstallbulkcable(orhaveitinstalled).Youmustconnectthesamecolorsoneachendofthecabletothesamepinssoyougetastraight-throughconnection.Selectingonestandardandstickingtoitisthebestwaytoavoidconfusionthatcanresultinnonfunctioningconnections.
Attachingtheconnectorstoacablerequiresacrimpertool,muchliketheoneusedforcoaxialcable,exceptthattheprocessiscomplicatedbyhavingeightconductorstodealwithinsteadofonlytwo.Anetworkadministratorwhoisnothandywithacrimpercaneasilypurchasetwisted-paircableswithconnectorsattachedinawidevarietyofgrades,lengths,andcolors.
ShieldedTwisted-PairShieldedtwisted-pairis150-ohmcablecontainingadditionalshieldingthatprotectssignalsagainsttheelectromagneticinterference(EMI)producedbyelectricmotors,powerlines,andothersources.OriginallyusedinTokenRingnetworks,STPisalsointendedforinstallationswhereUTPcablewouldprovideinsufficientprotectionagainstinterference.
TheshieldinginSTPcableisnotjustanadditionallayerofinertinsulation,asmanypeoplebelieve.Rather,thewireswithinthecableareencasedinametallicsheaththatisasconductiveasthecopperinthewires.Thissheath,whenproperlygrounded,convertsambientnoiseintoacurrent,justlikeanantenna.Thiscurrentiscarriedtothewireswithin,whereitcreatesanequalandoppositecurrentflowinginthetwistedpairs.Theoppositecurrentscanceleachotherout,eliminatingnoisethatinjectsdisturbancetothesignalspassingoverthewires.
Thisbalancebetweentheoppositecurrentsisdelicate.Iftheyarenotexactlyequal,thecurrentcanbeinterpretedasnoiseandcandisturbthesignalsbeingtransmittedoverthecable.Tokeeptheshieldcurrentsbalanced,theentireend-to-endconnectionmustbeshieldedandproperlygrounded.Thismeansthatallofthecomponentsinvolvedintheconnection,suchasconnectorsandwallplates,mustalsobeshielded.Itisalsovitaltoinstallthecablecorrectlysothatitisgroundedproperlyandtheshieldingisnotrippedorotherwisedisturbedatanypoint.
TheshieldinginanSTPcablecanbeeitherfoilorbraidedmetal.Themetalbraidisamoreeffectiveshield,butitaddsweight,size,andexpensetothecable.Foil-shieldedcable,sometimesreferredtoasscreenedtwisted-pair(ScTP)orfoiltwisted-pair(FTP),isthinner,lighter,andcheaperbutisalsolesseffectiveandmoreeasilydamaged.Inbothcases,theinstallationisdifficultwhencomparedtoUTPbecausetheinstallersmustbecarefulnottoflexandbendthecabletoomuch,ortheycouldriskdamagingtheshielding.
Thecablemayalsosufferfromincreasedattenuationandotherproblemsbecausetheeffectivenessoftheshieldingishighlydependentonamultitudeoffactors,includingthecompositionandthicknessoftheshielding,thetypeandlocationoftheEMIinthearea,andthenatureofthegroundingstructure.
ThepropertiesoftheSTPcableitselfweredefinedbyIBMduringthedevelopmentoftheTokenRingprotocol:
•Type1ATwopairsof22AWCwires,eachpairwrappedinfoil,witha
![Page 131: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/131.jpg)
shieldlayer(foilorbraid)aroundbothpairs,andanoutersheathofeitherPVCorplenum-ratedmaterial
•Type2ATwopairsof22AWGwires,eachpairwrappedinfoil,withashieldlayer(foilorbraid)aroundbothpairs,plusfouradditionalpairsof22AWGwiresforvoicecommunications,withinanoutersheathofeitherPVCorplenum-ratedmaterial
•Type6ATwopairsof22AWGwires,withashieldlayer(foilorbraid)aroundbothpairs,andanoutersheathofeitherPVCorplenum-ratedmaterial
•Type9ATwopairsof26AWGwires,withashieldlayer(foilorbraid)aroundbothpairs,andanoutersheathofeitherPVCorplenum-ratedmaterial
Fiber-OpticCableFiber-opticcableiscompletelydifferentfromalloftheothercablescoveredthusfarinthischapterbecauseitisnotbasedonelectricalsignalstransmittedthroughcopperconductors.Instead,fiber-opticcableusespulsesoflight(photons)totransmitthebinarysignalsgeneratedbycomputers.Becausefiber-opticcableuseslightinsteadofelectricity,nearlyalloftheproblemsinherentincoppercable,suchaselectromagneticinterference,crosstalk,andtheneedforgrounding,arecompletelyeliminated.Inaddition,attenuationisreducedenormously,enablingfiber-opticlinkstospanmuchgreaterdistancesthancopper—upto120kilometersinsomecases.
Fiber-opticcableisidealforuseinnetworkbackbones,especiallyforconnectionsbetweenbuildings,becauseitisimmunetomoistureandotheroutdoorconditions.Fibercableisalsoinherentlymoresecurethancopperbecauseitdoesnotradiatedetectableelectromagneticenergylikecopper,anditisextremelydifficulttotap.
Thedrawbacksoffiberopticmainlycenterarounditsinstallationandmaintenancecosts,whichareusuallythoughtofasbeingmuchhigherthanthoseforcoppermedia.Whatusedtobeagreatdifference,however,hascomeclosertoeveningoutinrecentyears.Thefiber-opticmediumisatthispointonlyslightlymoreexpensivethanUTP.Evenso,theuseoffiberdoespresentsomeproblems,suchasintheinstallationprocess.Pullingthecableisbasicallythesameaswithcopper,butattachingtheconnectorsrequirescompletelydifferenttoolsandtechniques—youcanessentiallythroweverythingyoumayhavelearnedaboutelectricwiringoutthewindow.
Fiberopticshasbeenaroundforalongtime;eventheearly10MbpsEthernetstandardssupporteditsuse,callingitFOIRL,andlater10BaseF.Fiberopticscameintoitsown,however,asahigh-speednetworktechnology,andtodayvirtuallyallofthedatalinklayerprotocolscurrentlyinusesupportitinsomeform.
Fiber-OpticCableConstructionAfiber-opticcableconsistsofacoremadeofglassorplasticandacladdingthatsurroundsthecore;thenithasaplasticspacerlayer,alayerofKevlarfiberforprotection,andanoutersheathofTeflonorPVC,asshowninFigure5-9.Therelationshipbetweenthecoreandthecladdingenablesfiber-opticcabletocarrysignalslongdistances.The
![Page 132: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/132.jpg)
transparentqualitiesofthecoreareslightlygreaterthanthoseofthecladding,whichmakestheinsidesurfaceofthecladdingreflective.Asthelightpulsestravelthroughthecore,theyreflectbackandforthoffthecladding.Thisreflectionenablesyoutobendthecablearoundcornersandstillhavethesignalspassthroughitwithoutobstruction.
Figure5-9Cross-sectionofafiber-opticcable
Therearetwomaintypesoffiber-opticcable,calledsinglemodeandmultimode,thatdifferinseveralways.Themostimportantdifferenceisinthethicknessofthecoreandthecladding.Singlemodefiberistypicallyratedat8.3/125micronsandmultimodefiberat62.5/125microns.Thesemeasurementsrefertothethicknessofthecoreandthethicknessofthecladdingandthecoretogether.Lighttravelsdowntherelativelythincoreofsinglemodecablewithoutreflectingoffthecladdingasmuchasinmultimodefiber’sthickercore.Thesignalcarriedbyasinglemodecableisgeneratedbyalaserandconsistsofonlyasinglewavelength,whilemultimodesignalsaregeneratedbyalight-emittingdiode(LED)andcarrymultiplewavelengths.Together,thesequalitiesenablesinglemodecabletooperateathigherbandwidthsthanmultimodeandtraversedistancesupto50timeslonger.
However,singlemodecableisoftenmoreexpensiveandhasarelativelyhighbendradiuscomparedtomultimode,whichmakesitmoredifficulttoworkwith.Mostfiber-opticLANsusemultimodecable,which,althoughinferiorinperformancetosinglemode,isstillvastlysuperiortocopper.
Multimodecablesareoftenusedforlocalnetworkinstallationswhenextremedistanceisnotanissue.Sincesinglemodecablestransmitlaserlight,ittravelsinonlyonedirectionsothatthewavelengthitusesiscompatiblewiththelaserlightdetectoratthereceivingend.Thistypeoffiber-opticcableisusedprimarilywheredataspeedanddistanceareparamount.
Fiber-opticcablesareavailableinavarietyofconfigurationsbecausethecablecanbe
![Page 133: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/133.jpg)
usedformanydifferentapplications.Simplexcablescontainasinglefiberstrand,whileduplexcablescontaintwostrandsrunningsidebysideinasinglesheath.Breakoutcablescancontainasmanyas24fiberstrandsinasinglesheath,whichyoucandividetoservevarioususesateachend.Becausefiber-opticcableisimmunetocoppercableproblemssuchasEMIandcrosstalk,it’spossibletobundlelargenumbersofstrandstogetherwithouttwistingthemorworryingaboutsignaldegradation,aswithUTPcable.
Fiber-OpticConnectorsTheoriginalconnectorusedonfiber-opticcableswascalledastraighttip(ST)connector.Itwasabarrel-shapedconnectorwithabayonetlockingsystem,asshowninFigure5-10.ItwasreplacedbytheSCtype(whichstandsforsubscriberconnector,standardconnector,orSiemonconnector),whichmanyconsidernowtobethetraditionalconnector.TheSChasasquarebodyandlocksbysimplypushingitintothesocket.Figure5-10showstheSTandSCconnectors.
Figure5-10Fiber-opticconnectorsSC(left)andST(right)
Today,connectorswithsmallerformfactorsarereplacingthetraditionalfiber-opticconnectors.Thesesmallerconnectorsreducethefootprintofthenetworkbyallowingmoreconnectorstobeinstalledineachfaceplate.OneofthemostcommonofthesesmallconnectorsistheLC(whichstandsforlocalconnectororLucentconnector).TheLCisaduplexconnectorthatisdesignedfortwofiber-opticcables.
Usingfiber-opticcableimpartsafreedomtothenetworkdesignerthatcouldneverberealizedwithcoppermedia.BecausefiberopticpermitssegmentlengthsmuchgreaterthanUTP,havingtelecommunicationsclosetscontainingswitchesorhubsscatteredaboutalargeinstallationisnolongernecessary.Instead,horizontalcablerunscanextendallthewayfromwallplatesdowntoacentralequipmentroomthatcontainsallofthenetwork’spatchpanels,hubs,switches,routers,andothersuchdevices.Thisisknownasacollapsedbackbone.Ratherthantravelingconstantlytoremoteareasoftheinstallation,themajorityoftheinfrastructuremaintenancecanbeperformedatthisonelocation.Formoreinformationaboutnetworkdesign,seeChapter9.
![Page 134: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/134.jpg)
CHAPTER
![Page 135: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/135.jpg)
6 WirelessLANs
Untilrecently,computernetworkswerethoughtofasusingcablesfortheircommunicationsmedium,buttherehavealsobeenwirelessnetworkingsolutionsavailableformanyyears.Wirelessnetworkingproductstypicallyusesomeformofradioorlightwaves;thesearecalledunboundedmedia(asopposedtoboundedmedia,whichreferstocablednetworks).Thesemediaenableuserswithproperlyequippedcomputerstointeractwithothernetworkedcomputers,justasiftheywereconnectedtothemwithcables.Wirelessnetworkingproductslonghadareputationforpoorperformanceandunreliability.Itisonlyinthelasttenortwelveyearsthatthesetechnologieshavedevelopedtothepointatwhichtheyareserioustoolsforbusinessusers.
Inmanycases,usershavecometoexpectconnectivityinnearlyeverysetting,whetheritbeinthegrocerystore,onacommutertrain,orinarestaurantline.Whetheritbewithacellphone,atablet,oralaptop,weexpecttobeabletodownloade-mailandaccessboththeInternetandourcompany’snetworkinaninstant.Mosttelephoneserviceprovidersnowenableuserstoaccessalloftheseservicesinanylocation.Oneoftheadvantagesofcellular-baseddatanetworkingisitsrange.UserscanaccesstheInternetandothernetworksfromanyplacesupportedbythecellularnetwork.
WirelessNetworksWirelessnetworks,orwirelesslocalareanetworks(WLANs),connectdeviceswithradiowavesratherthancables.Theabilitytoconnectservers,printers,scanningdevices,andworkstationswithoutdraggingcablingthroughwallsisthebiggestadvantageofwirelessnetworking.
NOTEWideareanetworksarealsowirelessandareintroducedinChapter7.Themaindifferencebetweenatraditional,cablednetworkandawirelessnetworkis
thewaythedataistransmitted.Wirelessnetworksuseatransmittercalledawirelessaccesspoint(WAP)thathasbeenwiredintoanInternetconnectiontocreateahotspotfortheconnection.Accesstothewirelessnetworkthendependsonseveralthings:
•DistancefromaWAPThecloseroneistoanaccesspoint,thebetterthesignal.
•TransmissionstrengthofthewirelesscardWirelessfidelity(WiFi)cardshavevaryingdegreesoftransmittingcapabilities.Normally,lower-costcardshavelesspowerthanmoreexpensivecardsandthereforemustbeclosertotheaccesspoint.
•ExistinginterferenceMicrowavedevices,cordlessphones,computers,andevenBluetoothdevicescaninterferewithaWiFinetwork.
•Currenttrafficonthenetwork,includingthenumberofcurrentusers
![Page 136: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/136.jpg)
DependingontheIEEE802.11standardofaWAPandwhatthecurrentusersaredoing,morethan20usersaccessingaspecificWAPcancausetheconnectiontodegrade.Thisisespeciallytrueifusersareusingfile-sharingsoftwareorpeer-to-peerapplicationssuchasSkype.
•LocalenvironmentcharacteristicsBesuretonotehowphysicalobstructionsorbarrierssuchaswalls,placementofdevices,andothersuchissueswillaffectyournetwork.Inasmall-officeenvironment,therearemanycasesofpoorlydesignedwirelessinstallationsduetolackofunderstandingoftheeffectsofphysicalobstructionsandthechoicebetweenlowerandhigherfrequenciestomitigatetheselimitations.
NOTESee“TheIEEE802.11Standards”sectionlaterinthischapterformoreinformation.
AdvantagesandDisadvantagesofWirelessNetworksWhilewirelessnetworksarecertainlyusefulandhavetheiradvantages,theyhavesomedefinitedisadvantageswhencomparedwithwired(cabled)networks.Table6-1discussessomeoftheadvantagesanddisadvantages.
Table6-1AdvantagesandDisadvantagesofWirelessNetworksvs.WiredNetworks
TypesofWirelessNetworks
![Page 137: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/137.jpg)
Therearemanytypesofwireless,suchasWiFi,Bluetooth,satelliteservices,andothers,inusetoday.Bluetooth,namedforatenth-centuryDanishking,providesshort-rangewirelesscommunicationsbetweendevicessuchascellularphones,keyboards,orprintersataverylowcost.Bluetoothusesradiofrequencysignals,whicharenotlimitedtoline-of-sighttransmissions.Often,keyboardsormiceareavailablewithBluetoothtechnologytousewithacellphone,laptop,ortablet.
ThemostwidelyusedtechnologytodayisWiFi.Thistechnologyhasbetterconnectionspeedsand,ifconfiguredproperly,ismoresecurethanaBluetoothconnection.Table6-2showssomeofthedifferencesbetweenthetwo.
Table6-2Bluetoothvs.WiFi
WirelessApplicationsThemostimmediateapplicationforwirelesslocalareanetworkingisthesituationwhereitisimpracticalorimpossibletoinstallacablednetwork.Insomecases,theconstructionofabuildingmaypreventtheinstallationofnetworkcables,whileinothers,cosmeticconcernsmaybetheproblem.Forexample,akioskcontainingacomputerthatprovidesinformationtoguestsmightbeaworthwhileadditiontoaluxuryhotel,butnotattheexpenseofrunningunsightlycablesacrossthefloororwallsofameticulouslydecoratedlobby.Thesamemightbethecaseforasmalltwo-orthree-nodenetworkinaprivatehome,whereinstallingcablesinsidewallswouldbedifficultandusingexternalcableswouldbeunacceptableinappearance.
AnotherapplicationforwirelessLANsistosupportmobileclientcomputers.Thesemobileclientscanrangefromlaptop-equippedtechnicalsupportpersonnelforacorporateinternetworktorovingcustomerservicerepresentativeswithspecializedhandhelddevices,suchasrentalcarandbaggagecheckworkersinairports.Withtoday’shandheldcomputersandawirelessLANprotocolthatisreliableandreasonablyfast,thepossibilitiesforitsuseareendless.Herearesomeexamples:
•Hospitalscanstorepatientrecordsinadatabaseandpermitdoctorsandnursestocontinuallyupdatethembyenteringnewinformationintoamobilecomputer.
![Page 138: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/138.jpg)
•Workersinretailstorescandynamicallyupdateinventoryfiguresbyscanningtheitemsontheshelves.
•Atravelingsalespersoncanwalkintothehomeofficewithalaptopinhand,andassoonasthecomputeriswithinrangeofthewirelessnetwork,itconnectstotheLAN,downloadsnewe-mail,andsynchronizestheuser’sfileswithcopiesstoredonanetworkserver.
TheIEEE802.11StandardsIn1997,theIEEEpublishedthefirstversionofastandardthatdefinedthephysicalanddatalinklayerspecificationsforawirelessnetworkingprotocolthatwouldmeetthefollowingrequirements:
•Theprotocolwouldsupportstationsthatarefixed,portable,ormobile,withinalocalarea.Thedifferencebetweenportableandmobileisthataportablestationcanaccessthenetworkfromvariousfixedlocations,whileamobilestationcanaccessthenetworkwhileitisactuallyinmotion.
•Theprotocolwouldprovidewirelessconnectivitytoautomaticmachinery,equipment,orstationsthatrequirerapiddeployment—thatis,rapidestablishmentofcommunications.
•Theprotocolwouldbedeployableonaglobalbasis.
Thisdocument(asofthewritingofthischapter)isnowknownasIEEE802.11,2012edition,“WirelessLANMediumAccessControl(MAC)andPhysicalLayer(PHY)Specifications.”Because802.11wasdevelopedbythesameIEEE802committeeresponsibleforthe802.3(Ethernet)and802.5(TokenRing)protocols,itfitsintothesamephysicalanddatalinklayerstackarrangement.Thedatalinklayerisdividedintothelogicallinkcontrol(LLC)andmediaaccesscontrol(MAC)sublayers.The802.11documentsdefinethephysicallayerandMACsublayerspecificationsforthewirelessLANprotocol,andthesystemsusethestandardLLCsublayerdefinedinIEEE802.2.Fromthenetworklayerup,thesystemscanuseanystandardsetofprotocols,suchasTCP/IPorIPX.
NOTEFormoreinformationonLLC,seeChapter10.Despitetheinclusionof802.11inthesamecompanyasEthernetandTokenRing,the
useofwirelessmediacallsforcertainfundamentalchangesinthewayyouthinkaboutalocalareanetworkanditsuse.Someofthesechangesareasfollows:
•UnboundedmediaAwirelessnetworkdoesnothavereadilyobservableconnectionstothenetworkorboundariesbeyondwhichnetworkcommunicationceases.
•DynamictopologyUnlikecablednetworks,inwhichtheLANtopologyismeticulouslyplannedoutbeforetheinstallationandremainsstaticuntildeliberatechangesaremade,thetopologyofawirelessLANchangesfrequently,ifnotcontinuously.
![Page 139: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/139.jpg)
•UnprotectedmediaThestationsonawirelessnetworkarenotprotectedfromoutsidesignalsascablednetworksare.Onacablednetwork,outsideinterferencecanaffectsignalquality,butthereisnowayforthesignalsfromtwoseparatebutadjacentnetworkstobeconfused.Onawirelessnetwork,rovingstationscanconceivablywanderintoadifferentnetwork’soperationalperimeter,compromisingsecurity.
•UnreliablemediaUnlikeacablednetwork,aprotocolcannotworkundertheassumptionthateverystationonthenetworkreceiveseverypacketandcancommunicatewitheveryotherstation.
•AsymmetricmediaThepropagationofdatatoallofthestationsonawirelessnetworkdoesnotnecessarilyoccuratthesamerate.Therecanbedifferencesinthetransmissionratesofindividualstationsthatchangeasthedevicemovesortheenvironmentinwhichitisoperatingchanges.
Asaresultofthesechanges,thetraditionalelementsofadatalinklayerLANprotocol(theMACmechanism,theframeformat,andthephysicallayerspecifications)havetobedesignedwithdifferentoperationalcriteriainmind.
ThePhysicalLayerThe802.11physicallayerdefinestwopossibletopologiesandthreetypesofwirelessmedia,operatingatfourpossiblespeeds.
PhysicalLayerTopologiesAsyoulearnedinChapter1,thetermtopologyusuallyreferstothewayinwhichthecomputersonanetworkareconnected.Abustopology,forexample,meansthateachcomputerisconnectedtothenextone,indaisy-chainfashion,whileinastartopology,eachcomputerisconnectedtoacentralhub.Theseexamplesapplytocablednetworks,however.Wirelessnetworksdon’thaveaconcretetopologylikecabledonesdo.Unboundedmediadevices,bydefinition,enablewirelessnetworkdevicestotransmitsignalstoalloftheotherdevicesonthenetworksimultaneously.However,thisdoesnotequatetoameshtopology,asdescribedinChapter1.Althougheachdevicetheoreticallycantransmitsignalstoalloftheotherwirelessdevicesonthenetworkatanytime,thisdoesnotnecessarilymeanthatitwill.Mobilityisanintegralpartofthewirelessnetworkdesign,andawirelessLANprotocolmustbeabletocompensateforsystemsthatenterandleavetheareainwhichthemediumcanoperate.Theresultisthatthetopologiesusedbywirelessnetworksarebasicrulesthattheyusetocommunicate,andnotstaticarrangementsofdevicesatspecificlocations.IEEE802.11supportstwotypesofwirelessnetworktopologies:theadhoctopologyandtheinfrastructuretopology.
Thefundamentalbuildingblockofan802.11wirelessLANisthebasicserviceset(BSS).ABSSisageographicalareainwhichproperlyequippedwirelessstationscancommunicate.TheconfigurationandareaoftheBSSaredependentonthetypeofwirelessmediumbeingusedandthenatureoftheenvironmentinwhichit’sbeingused,amongotherthings.Anetworkusingaradiofrequency–basedmediummighthaveaBSSthatisroughlyspherical,forexample,whileaninfrarednetworkwoulddealmorein
![Page 140: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/140.jpg)
straightlines.TheboundariesoftheBSScanbeaffectedbyenvironmentalconditions,architecturalelementsofthesite,andmanyotherfactors,butwhenastationmoveswithinthebasicserviceset’ssphereofinfluence,itcancommunicatewithotherstationsinthesameBSS.WhenitmovesoutsideoftheBSS,communicationceases.
ThesimplesttypeofBSSconsistsoftwoormorewirelesscomputersorotherdevicesthathavecomewithintransmissionrangeofeachother,asshowninFigure6-1.TheprocessbywhichthedevicesenterintoaBSSiscalledassociation.Eachwirelessdevicehasanoperationalrangedictatedbyitsequipment,andasthetwodevicesapproacheachother,theareaofoverlapbetweentheirrangesbecomestheBSS.Thisarrangement,inwhichallofthenetworkdevicesintheBSSaremobileorportable,iscalledanadhoctopologyoranindependentBSS(IBSS).Thetermadhoctopologyreferstothefactthatanetworkofthistypemayoftencometogetherwithoutpriorplanningandexistonlyaslongasthedevicesneedtocommunicate.Thistypeoftopologyoperatesasapeer-to-peernetworkbecauseeverydeviceintheBSScancommunicatewitheveryotherdevice.Anexamplemightbetransmittingafiletoyourprinterordiagramtoacolleague’stablet.Multipleadhocnetworkscanbecreatedtotransferdatabetweenseveraldevices.Bytheirnature,adhocnetworksaretemporary.WhileFigure6-1depictstheBSSasroughlyovularandtheconvergenceofthecommunicatingdevicesasbeingcausedbytheirphysicallyapproachingeachother,theactualshapeoftheBSSislikelytobefarlessregularandmoreephemeral.Therangesofthedevicescanchangeinstantaneouslybecauseofmanydifferentfactors,andtheBSScangrow,shrink,orevendisappearentirelyatamoment’snotice.
Figure6-1Abasicservicesetcanbeassimpleastwowirelessstationswithincommunicationrangeofeachother.
Whileanadhocnetworkusesbasicservicesetsthataretransientandconstantlymutable,it’salsopossibletobuildawirelessnetworkwithbasicservicesetsthataremore
![Page 141: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/141.jpg)
permanent.Thisisthebasisofanetworkthatusesaninfrastructuretopology.Aninfrastructurenetworkconsistsofatleastonewirelessaccesspoint(AP),whichiseitherastand-alonedeviceorawireless-equippedcomputerthatisalsoconnectedtoastandardboundednetworkusingacable.Theaccesspointhasanoperationalrangethatisrelativelyfixed(whencomparedtoanIBSS)andfunctionsasthebasestationforaBSS.AnymobilestationthatmoveswithintheAP’ssphereofinfluenceisassociatedintotheBSSandbecomesabletocommunicatewiththecablednetwork(seeFigure6-2).Notethatthisismoreofaclient-serverarrangementthanapeer-to-peerone.TheAPenablesmultiplewirelessstationstocommunicatewiththesystemsonthecablednetworkbutnotwitheachother.However,theuseofanAPdoesnotpreventmobilestationsfromcommunicatingwitheachotherindependentlyoftheAP.
Figure6-2Anaccesspointenableswirelessstationstoaccessresourcesonacablednetwork.
ItisbecausetheAPispermanentlyconnectedtothecablednetworkandnotmobilethatthistypeofnetworkissaidtouseaninfrastructuretopology.Thisarrangementistypicallyusedforcorporateinstallationsthathaveapermanentcablednetworkthatalsomustsupportwirelessdevicesthataccessresourcesonthecablednetwork.Aninfrastructurenetworkcanhaveanynumberofaccesspointsandthereforeanynumberofbasicservicesets.Thearchitecturalelementthatconnectsbasicservicesetstogetheriscalledadistributionsystem(DS).Together,thebasicservicesetsandtheDSthatconnectsthemarecalledtheextendedservicesset(ESS).Inpractice,theDSistypicallyacablednetworkusingIEEE802.3(Ethernet)oranotherstandarddatalinklayerprotocol,butthenetworkcanconceivablyuseawirelessdistributionsystem(WDS).Technically,theAPinanetworkofthistypeisalsocalledaportalbecauseitprovidesaccesstoanetworkusinganotherdatalinklayerprotocol.It’spossiblefortheDStofunctionsolelyasameansof
![Page 142: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/142.jpg)
connectingAPsandnotprovideaccesstoresourcesonacablednetwork.WhetherthemediausedtoformtheBSSandtheDSarethesameordifferent(thestandardtakesnostanceeitherway),802.11logicallyseparatesthewirelessmediumfromthedistributionsystemmedium.
Thebasicservicesetsconnectedbyadistributionsystemcanbephysicallyconfiguredinalmostanyway.Thebasicservicesetscanbewidelydistantfromeachothertoprovidewirelessnetworkconnectivityinspecificremoteareas,ortheycanoverlaptoprovidealargeareaofcontiguouswirelessconnectivity.It’salsopossibleforaninfrastructureBSStobeconcurrentwithanIBSS.The802.11standardmakesnodistinctionbetweenthetwotopologiesbecausebothmustpresentthesameappearancetotheLLCsublayeroperatingattheupperhalfofthedatalinklayer.
PhysicalLayerMediaTheoriginalIEEE802.11standarddefinedthreephysicallayermedia,twothatusedradiofrequency(RF)signalsandonethatusedinfraredlightsignals.AwirelessLANcoulduseanyoneofthethreemedia,allofwhichinterfacewiththesameMAClayer.Thesethreemediawereasfollows:
•Frequency-hoppingspreadspectrum(FHSS)
•Direct-sequencespreadspectrum(DSSS)
•Infrared
ThetwoRFmediabothusedspreadspectrumcommunication,whichisacommonformofradiotransmissionusedinmanywirelessapplications.Inventedduringthe1940s,spreadspectrumtechnologytakesanexistingnarrowbandradiosignalanddividesitamongarangeoffrequenciesinanyoneofseveralways.Theresultisasignalthatutilizesmorebandwidthbutislouderandeasierforareceivertodetect.Atthesametime,thesignalisdifficulttointerceptbecauseattemptstolocateitbyscanningthroughthefrequencybandsturnuponlyisolatedfragments.Itisalsodifficulttojambecauseyouwouldhavetoblockawiderrangeoffrequenciesforthejammingtobeeffective.
The802.11RFmediaoperateinthe2.4GHzfrequencyband,occupyingthe83MHzofbandwidthbetween2.400and2.483GHz.Thesefrequenciesareunlicensedinmostcountries,althoughtherearevaryinglimitationsonthesignalstrengthimposedbydifferentgovernments.
Thedifferencebetweenthevarioustypesofspreadspectrumcommunicationsliesinthemethodbywhichthesignalsaredistributedamongthefrequencies.Frequency-hoppingspreadspectrum,forexample,usedapredeterminedcodeoralgorithmtodictatefrequencyshiftsthatoccurcontinually,indiscreteincrements,overawidebandoffrequencies.The802.11FHSSimplementationcalledforseventynine1MHzchannels,althoughsomecountriesimposedsmallerlimits.Obviously,thereceivingdevicemustbeequippedwiththesamealgorithminordertoreadthesignalproperly.Therateatwhichthefrequencychanges(thatis,theamountoftimethatthesignalremainsateachfrequencybeforehoppingtothenextone)isindependentofthebitrateofthedatatransmission.Ifthefrequency-hoppingrateisfasterthanthesignal’sbitrate,thetechnologyiscalledafasthopsystem.lfthefrequency-hoppingrateisslowerthanthebit
![Page 143: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/143.jpg)
rate,youhaveaslowhopsystem.The802.11FHSSimplementationranat1Mbps,withanoptional2Mbpsrate.
Indirect-sequencespreadspectrumcommunications,thesignaltobetransmittedismodulatedbyadigitalcodecalledachiporclappingcode,whichhasabitratelargerthanthatofthedatasignal.Thechippingcodeisaredundantbitpatternthatessentiallyturnseachbitinthedatasignalintoseveralbitsthatareactuallytransmitted.Thelongerthechippingcode,themoretheoriginaldatasignalisenlarged.Thisenlargementofthesignalmakesiteasierforthereceivertorecoverthetransmitteddataifsomebitsaredamaged.Themorethesignalisenlarged,thelesssignificanceattributedtoeachbit.LikewithFHSS,areceiverthatdoesn’tpossessthechippingcodeusedbythetransmittercan’tinterprettheDSSSsignal,seeingitasjustnoise.TheDSSSimplementationintheoriginal802.11documentsupported1and2Mbpstransmissionrates.IEEE802.11bexpandedthiscapabilitybyaddingtransmissionratesof5.5and11Mbps.OnlyDSSSsupportedthesefasterrates,whichistheprimaryreasonwhyitwasthemostcommonlyused802.11physicallayerspecification.
Lateramendmentshaveimprovedonthetransmissionrates,asshowninTable6-3.
Table6-3802.11StandardsandCurrentAmendments
Infraredcommunicationsusefrequenciesinthe850to950nanometerrange,justbelowthevisiblelightspectrum.ThismediumisrarelyimplementedonwirelessLANsbecauseofitslimitedrange.Unlikemostinfraredmedia,theIEEE802.11infraredimplementationdoesnotrequiredirectline-of-sightcommunications;aninfrarednetworkcanfunctionusingdiffuseorreflectedsignals.However,therangeofcommunicationsislimitedwhencomparedtoFHSSandDSSS,about10to20meters,andcanfunctionproperlyonlyinanindoorenvironmentwithsurfacesthatprovideadequatesignaldiffusionorreflection.ThismakesinfraredunsuitableformobiledevicesandplacesmoreconstraintsonthephysicallocationofthewirelessdevicethaneitherFHSSorDHSS.LikeFHSS,the802.11infraredmediumsupporteda1Mbpstransmissionrateandanoptionalrateof2Mbps.
OrthogonalFrequencyDivisionMultiplexingwasapprovedin1999.Thisprotocolincreasesthroughputto54Mbps,andin2003thisprocesswasapprovedforthe2.4GHzband.ThismethodisoftenusedforwidebandtransmissionpopularforDSLInternetaccess,4Gmobilecommunication,anddigitaltelevision.Itsmainadvantageistheuseofmultiple,narrowbandcarriersratherthanonewidebandcarriertotransportdata.Itisefficientandworkswellevenwhenreceivinginterferencefromanarrowband.However,
![Page 144: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/144.jpg)
OFDMissensitivetofrequencyoffset,anintentionalshiftofbroadcastfrequenciesdonetoeliminateorlesseninterferencefromotherradiotransmitters.
Since1999therehavebeenseveralamendmentstotheIEEE802.11standard,asshowninTable6-3.
NOTETable6-3showsinformationasofthewritingofthischapter.
PhysicalLayerFramesInsteadofarelativelysimplesignalingschemesuchastheManchesterandDifferentialManchestertechniquesusedbyEthernetandTokenRing,respectively,themediaoperatingatthe802.11physicallayerhavetheirownframeformatsthatencapsulatetheframesgeneratedatthedatalinklayer.Thisisnecessarytosupportthecomplexnatureofthemedia.
TheFrequency-HoppingSpreadSpectrumFrameTheFHSSframeconsistsofthefollowingfields:
•Preamble(10bytes)Contains80bitsofalternatingzerosandonesthatthereceivingsystemusestodetectthesignalandsynchronizetiming.
•StartofFrameDelimiter(2bytes)Indicatesthebeginningoftheframe.
•Length(12bits)Specifiesthesizeofthedatafield.
•Signaling(4bits)Containsonebitthatspecifieswhetherthesystemisusingthe1or2Mbpstransmissionrate.Theotherthreebitsarereservedforfutureuse.Nomatterwhichtransmissionratethesystemisusing,thepreambleandheaderfieldsarealwaystransmittedat1Mbps.Onlythedatafieldistransmittedat2Mbps.
•CRC(2bytes)Containsacyclicredundancycheckvalue,usedbythereceivingsystemtotestfortransmissionerrors.
•Data(0to4,095bytes)Containsthedatalinklayerframetobetransmittedtothereceivingsystem.
TheDirect-SequenceSpreadSpectrumFrameTheDSSSframeisillustratedinFigure6-3andconsistsofthefollowingfields:
•Preamble(16bytes)Contains128bitsthatthereceivingsystemusestoadjustitselftotheincomingsignal
•StartofFrameDelimiter(SFD)(2bytes)Indicatesthebeginningoftheframe
•Signal(1byte)Specifiesthetransmissionrateusedbythesystem
•Service(1byte)ContainsthehexadecimalvalueO0,indicatingthatthesystemcomplieswiththeIEEE802.11standard
![Page 145: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/145.jpg)
•Length(2bytes)Specifiesthesizeofthedatafield
•CRC(2bytes)Containsacyclicredundancycheckvalue,usedbythereceivingsystemtotestfortransmissionerrors
•Data(variable)Containsthedatalinklayerframetobetransmittedtothereceivingsystem
Figure6-3TheDSSSframeformat
TheInfraredFrameTheframeusedforinfraredtransmissionsconsistsofthefollowingfields:
•Synchronization(SYNC)(57to73slots)Usedbythereceivingsystemtosynchronizetimingand,optionally,toestimatethesignal-to-noiseratioandperformotherpreparatoryfunctions
•StartofFrameDelimiter(SFD)(4slots)Indicatesthebeginningoftheframe
•DataRate(3slots)Specifiesthetransmissionrateusedbythesystem
•DCLevelAdjustment(DCLA)(32slots)UsedbythereceivertostabilizetheDClevelafterthetransmissionoftheprecedingfields
•Length(2bytes)Specifiesthesizeofthedatafield
•CRC(2bytes)Containsacyclicredundancycheckvalue,usedbythereceivingsystemtotestfortransmissionerrors
•Data(0to2,500bytes)Containsthedatalinklayerframetobetransmittedtothereceivingsystem
TheOrthogonalFrequencyDivisionMultiplexingFrameTheOFDMframehasfourregions:
•ShortPreambleThissectionconsistsof10shortsymbolsthathavebeenassignedtosubcarriers(-24through24).
•LongPreambleThisincludestwolongsymbolsthathavebeenassignedtoallsubcarriers.
•SignalFieldThiscontainsoneOFDMsymbolthatisassignedtoall
![Page 146: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/146.jpg)
subcarriers.Thesignalfieldisnotscrambled.
•Data/ServiceFieldThisregionisscrambledandtheencodinganddataratesvary,alongwiththemodulation.
TheDataLinkLayerLikewithIEEE802.3(Ethernet)and802.5(TokenRing),the802.11documentdefinesonlyhalfofthefunctionalityfoundatthedatalinklayer.LiketheotherIEEE802protocols,theLLCsublayerformstheupperhalfofthedatalinklayerandisdefinedintheIEEE802.2standard.The802.11documentdefinestheMACsublayerfunctionality,whichconsistsofaconnectionlesstransportservicethatcarriesLLCdatatoadestinationonthenetworkintheformofMACservicedataunits(MSDUs).Likeotherdatalinklayerprotocols,thisserviceisdefinedbyaframeformat(actuallyseveralframeformats,inthiscase)andamediaaccesscontrolmechanism.TheMACsublayeralsoprovidessecurityservices,suchasauthenticationandencryption,andreorderingofMSDUs.
DataLinkLayerFramesThe802.11standarddefinesthreebasictypesofframesattheMAClayer,whichareasfollows:
•DataframesUsedtotransmitupperlayerdatabetweenstations
•ControlframesUsedtoregulateaccesstothenetworkmediumandtoacknowledgetransmitteddataframes
•ManagementframesUsedtoexchangenetworkmanagementinformationtoperformnetworkfunctionssuchasassociationandauthentication
Figure6-4showsthegeneralMACframeformat.Thefunctionsoftheframefieldsareasfollows:
•FrameControl(2bytes)Contains11subfieldsthatenablevariousprotocolfunctions.Thesubfieldsareasfollows:
•ProtocolVersion(2bits)Thisspecifiestheversionofthe802.11standardbeingused.
•Type(2bits)Thisspecifieswhetherthepacketcontainsamanagementframe(00),acontrolframe(01),oradataframe(10).
•Subtype(4bits)Thisidentifiesthespecificfunctionoftheframe.
•ToDS(1bit)Avalueof1inthisfieldindicatesthattheframeisbeingtransmittedtothedistributionsystem(DS)viaanaccesspoint(AP).
•FromDS(1bit)Avalueof1inthisfieldindicatesthattheframeisbeingreceivedfromtheDS.
•MoreFrag(1bit)Avalueof1indicatesthatthepacketcontainsafragmentofaframeandthattherearemorefragmentsstilltobetransmitted.WhenfragmentingframesattheMAClayer,an802.11systemmustreceivean
![Page 147: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/147.jpg)
acknowledgmentforeachfragmentbeforetransmittingthenextone.
•Retry(1bit)Avalueof1indicatesthatthepacketcontainsafragmentofaframethatisbeingretransmittedafterafailuretoreceiveanacknowledgment.Thereceivingsystemusesthisfieldtorecognizeduplicatepackets.
•PwrMgt(1bit)Avalueof0indicatesthatthestationisoperatinginactivemode;avalueof1indicatesthatthestationisoperatinginpower-savemode.APsbufferpacketsforstationsoperatinginpower-savemodeuntiltheychangetoactivemodeorexplicitlyrequestthatthebufferedpacketsbetransmitted.
•MoreData(1bit)Avalueof1indicatesthatanAPhasmorepacketsforthestationthatarebufferedandawaitingtransmission.
•WEP(1bit)Avalueof1indicatesthattheFrameBodyfieldhasbeenencryptedusingtheWiredEquivalentPrivacy(WEP)algorithm,whichisthesecurityelementofthe802.11standard.WEPcanbeusedonlyinmanagementframesusedtoperformauthentications.
•Order(1bit)Avalueof1indicatesthatthepacketcontainsadataframe(orfragment)thatisbeingtransmittedusingtheStrictlyOrderedserviceclass,whichisdesignedtosupportprotocolsthatcannotprocessreorderedframes.
•Duration/ID(2bytes)Incontrolframesusedforpower-savepolling,thisfieldcontainstheassociationidentity(AID)ofthestationtransmittingtheframe.Inallotherframetypes,thefieldindicatestheamountoftime(inmicroseconds)neededtotransmitaframeanditsshortinterframespace(SIFS)interval.
•Address1(6bytes)Thiscontainsanaddressthatidentifiestherecipientoftheframe,usingoneofthefiveaddressesdefinedin802.11MACsublayercommunications,dependingonthevaluesoftheToDSandFromDSfields.
•Address2(6bytes)Thiscontainsoneofthefiveaddressesusedin802.11MACsublayercommunications,dependingonthevaluesoftheToDSandFromDSfields.
•Address3(6bytes)Thiscontainsoneofthefiveaddressesusedin802.11MACsublayercommunications,dependingonthevaluesoftheToDSandFromDSfields.
•SequenceControl(2bytes)Thiscontainstwofieldsusedtoassociatethefragmentsofaparticularsequenceandassemblethemintotherightorderatthedestinationsystem:
•FragmentNumber(4bits)Containsavaluethatidentifiesaparticularfragmentinasequence.
•SequenceNumber(12bits)Containsavaluethatuniquelyidentifiesthesequenceoffragmentsthatmakeupadataset.
•Address4(6bytes)Thiscontainsoneofthefiveaddressesusedin802.11
![Page 148: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/148.jpg)
MACsublayercommunications,dependingonthevaluesoftheToDSandFromDSfields.Itisnotpresentincontrolandmanagementframesandsomedataframes.
•FrameBody(0to2,312bytes)Thiscontainstheactualinformationbeingtransmittedtothereceivingstation.
•FrameCheckSequence(4bytes)Thiscontainsacyclicredundancycheck(CRC)valueusedbythereceivingsystemtoverifythattheframewastransmittedwithouterrors.
Figure6-4TheIEEE802.11MACsublayerframeformat
ThefouraddressfieldsintheMACframeidentifydifferenttypesofsystemsdependingonthetypeofframebeingtransmittedanditsdestinationinrelationtotheDS.Thefivedifferenttypesofaddressesareasfollows:
•Sourceaddress(SA)AnIEEEMACindividualaddressthatidentifiesthesystemthatgeneratedtheinformationcarriedintheFrameBodyfield.
•Destinationaddress(DA)AnIEEEMACindividualorgroupaddressthatidentifiesthefinalrecipientofanMSDU.
•Transmitteraddress(TA)AnIEEEMACindividualaddressthatidentifiesthesystemthattransmittedtheinformationintheFrameBodyfieldonthecurrentwirelessmedium(typicallyanAP).
•Receiveraddress(RA)AnIEEEMACindividualorgroupaddressthatidentifiestheimmediaterecipientoftheinformationintheFrameBodyfieldonthecurrentwirelessmedium(typicallyanAP).
•BasicservicesetID(BSSID)AnIEEEMACaddressthatidentifiesaparticularBSS.Onaninfrastructurenetwork,theBSSIDistheMACaddressofthestationfunctioningastheAPoftheBSS.Onanadhocnetwork(IBSS),theBSSIDisarandomlygeneratedvaluegeneratedduringthecreationoftheIBSS.
MediaAccessControl
![Page 149: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/149.jpg)
Aswithalldatalinklayerprotocolsthatuseasharednetworkmedium,themediaaccesscontrolmechanismisoneoftheprotocol’sprimarydefiningelements.IEEE802.11definestheuseofaMACmechanismcalledCarrierSenseMultipleAccesswithCollisionAvoidance(CSMA/CA),whichisavariationoftheCarrierSenseMultipleAccesswithCollisionDetection(CSMA/CD)mechanismusedbyEthernet.
ThebasicfunctionalcharacteristicsofwirelessnetworkshaveaprofoundeffectontheMACmechanismstheycanuse.Forexample,theEthernetCSMA/CDmechanismandthetoken-passingmethodusedbyTokenRingandFDDInetworksbothrequireeverydeviceonthenetworktoreceiveeverytransmittedpacket.AnEthernetsystemthatdoesn’treceiveeverypacketcan’tdetectcollisionsreliably.Inaddition,theEthernetcollisiondetectionmechanismrequiresfull-duplexcommunications(becausetheindicationthatacollisionhasoccurredissimultaneoustransmitandreceivesignals),whichisimpracticalinawirelessenvironment.Ifatoken-passingsystemfailstoreceiveapacket,theproblemisevenmoreseverebecausethepacketcannotthenbepassedontotherestofthenetwork,andnetworkcommunicationstopsentirely.Oneofthecharacteristicsofthewirelessnetworksdefinedin802.11,however,isthatstationscanrepeatedlyenterandleavetheBSSbecauseoftheirmobilityandthevagariesofthewirelessmedium.Therefore,theMACmechanismonawirelessnetworkmustbeabletoaccommodatethisbehavior.
TheCSMApartoftheCSMA/CDmechanismisthesameasthatofanEthernetnetwork.Acomputerwithdatatotransmitlistenstothenetworkmediumand,ifitisfree,beginstransmittingitsdata.lfthenetworkisbusy,thecomputerbacksoffforarandomlyselectedintervalandbeginsthelisteningprocessagain.AlsolikeEthernet,theCSMApartoftheprocesscanresultincollisions.ThedifferenceinCSMA/CAisthatsystemsattempttoavoidcollisionsinthefirstplacebyreservingbandwidthinadvance.ThisisdonebyspecifyingavalueintheDuration/IDfieldorusingspecializedcontrolmessagescalledrequest-to-send(RTS)andclear-to-send(CTS).
Thecarriersensepartofthetransmissionprocessoccursontwolevels,thephysicalandthevirtual.ThephysicalcarriersensemechanismisspecifictothephysicallayermediumthenetworkisusingandisequivalenttothecarriersenseperformedbyEthernetsystems.Thevirtualcarriersensemechanism,calledanetworkallocationvector(NAV),involvesthetransmissionofanRTSframebythesystemwithdatatotransmitandaresponsefromtheintendedrecipientintheformofaCTSframe.BothoftheseframeshaveavalueintheDuration/IDfieldthatspecifiestheamountoftimeneededforthesendertotransmittheforthcomingdataframeandreceiveanacknowledgment(ACK)frameinreturn.Thismessageexchangeessentiallyreservesthenetworkmediumforthelifeofthisparticulartransaction,whichiswherethecollisionavoidancepartofthemechanismcomesin.SinceboththeRTSandCTSmessagescontaintheDuration/IDvalue,anyothersystemonthenetworkreceivingeitheroneofthetwoobservesthereservationandrefrainsfromtryingtotransmititsowndataduringthattimeinterval.Thisway,astationthatiscapableofreceivingtransmissionsfromonecomputerbutnottheothercanstillobservetheCSMA/CAprocess.
Inaddition,theRTS/CTSexchangeenablesastationtomoreeasilydeterminewhethercommunicationwiththeintendedrecipientispossible.IfthesenderofanRTSframefails
![Page 150: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/150.jpg)
toreceiveaCTSframefromtherecipientinreturn,itretransmitstheRTSframerepeatedlyuntilapreestablishedtimeoutisreached.RetransmittingthebriefRTSmessageismuchquickerthanretransmittinglargedataframes,whichshortenstheentireprocess.
Todetectcollisions,IEEE802.11usesapositiveacknowledgmentsystemattheMACsublayer.EachdataframethatastationtransmitsmustbefollowedbyanACKframefromtherecipient,whichisgeneratedafteraCRCcheckoftheincomingdata.Iftheframe’sCRCcheckfails,therecipientconsidersthepackettohavebeencorruptedbyacollision(orotherphenomenon)andsilentlydiscardsit.ThestationthattransmittedtheoriginaldataframethenretransmitsitasmanytimesasneededtoreceiveanACK,uptoapredeterminedlimit.NotethatthefailureofthesendertoreceiveanACKframecouldbebecauseofthecorruptionornondeliveryoftheoriginaldataframeorthenondeliveryofanACKframethattherecipientdidsendinreturn.The802.11protocoldoesnotdistinguishbetweenthetwo.
NOTEForadditionalinformationaboutcurrent802.11standards,seeChapters12and24.
![Page 151: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/151.jpg)
CHAPTER
![Page 152: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/152.jpg)
7 WideAreaNetworks
Thephysicalanddatalinklayerprotocolsusedtobuildlocalareanetworks(LANs)arequiteefficientoverrelativelyshortdistances.Evenforcampusconnectionsbetweenbuildings,fiber-opticsolutionsenableyoutouseaLANprotocolsuchasEthernetthroughoutyourwholeinternetwork.However,whenyouwanttomakeaconnectionoveralongdistance,youmoveintoanentirelydifferentworldofdatacommunicationscalledwideareanetworking.Awideareanetwork(WAN)isacommunicationslinkthatspansalongdistanceandconnectstwoormoreLANs.
WANconnectionsmakeitpossibletoconnectnetworksindifferentcitiesorcountries,enablinguserstoaccessresourcesatremotelocations.ManycompaniesuseWANlinksbetweenofficelocationstoexchangee-mail,groupware,anddatabaseinformation,orevenjusttoaccessfilesandprintersonremoteservers.Banksandairlines,forexample,useWANsbecausetheymustbeincontinualcommunicationwithalloftheirbranchofficestokeeptheirdatabasesupdated,butWANconnectionscanalsofunctiononamuchsmallerscale,suchasasystemthatperiodicallydialsintoaremotenetworktosendandretrievethelateste-mailmessages.
Today,withtheincreaseduseofcloudtechnology,WANvisualizationandoptimizationarebecomingmorecommon.SeeChapter26formoreinformationaboutthesetwoareas.
AWANconnectionrequiresarouterorabridgeateachendtoprovidetheinterfacetotheindividualLANs,asshowninFigure7-1.Thisreducestheamountoftrafficthatpassesacrossthelink.RemotelinkbridgesconnectLANsrunningthesamedatalinklayerprotocolatdifferentlocationsusingananalogordigitalWANlink.ThebridgespreventunnecessarytrafficfromtraversingthelinkbyfilteringpacketsaccordingtotheirdatalinklayerMACaddresses.However,bridgesdopassbroadcasttrafficacrosstheWANlink.Dependingonthespeedoftheintendedlinkandapplications,thismaybeahugewasteofbandwidth.It’spossibletomakeagoodcasethatusingremotelinkbridgestoconnectnetworksattwositesistechnicallynotaWANbecauseyouareactuallyjoiningthetwositesintoasinglenetwork,insteadcreatinganinternetwork.However,whetherthefinalresultisanetworkoraninternetwork,thetechnologiesusedtojointhetwositesarethesameandarecommonlycalledWANlinks.
Figure7-1RoutersorbridgesconnectWANlinkstoLANs.
IftheWANlinkisintendedonlyforhighlyspecificuses,suchase-mailaccess,datalinklayerbridgescanbewastefulbecausetheyprovidelesscontroloverthetrafficthatispermittedtopassoverthelink.Routers,ontheotherhand,keepthetwoLANscompletelyseparate.Infact,theWANlinkisanetworkinitselfthatconnectsonlytwosystems,
![Page 153: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/153.jpg)
namely,theroutersateachendoftheconnection.RouterspassnobroadcastsovertheWANlink(exceptinexceptionalcases,suchaswhenyouuseDHCPorBOOTPrelayagents).Therefore,administratorscanexercisegreatercontroloverthetrafficpassingbetweentheLANs.RoutersalsoenableyoutousedifferentdatalinklayerprotocolsoneachoftheLANsbecausetheyoperateatthenetworklayeroftheOpenSystemsInterconnection(OSI)model.
Whilebridgesarealwaysseparateunits,theroutersusedtoconnecttwonetworkswithaWANlinkcantaketheformofeitheracomputeroradedicatedhardwaredevice.WhenaremoteuserconnectstoahostPCwithaconnectionandaccessesothersystemsonthenetwork,thehostPCisfunctioningasarouter.Mostsitesusededicatedrouters.TherouterorbridgelocatedateachterminusoftheWANlinkisconnectedtothelocalLANandtowhateverhardwareisusedtomakethephysicallayerconnectiontotheWAN.
IntroductiontoTelecommunicationsWhenyouentertheworldofwideareanetworking,youexperienceamajorparadigmshiftfromthelocalareanetworkingworld.Whenyoudesign,build,andmaintainaLAN,youareworkingwithequipmentthatyou(oryourorganization)ownsandcontrolscompletely.Onceyoupayfortheequipmentitself,thenetworkanditsbandwidthareyourstodowithasyouplease.WhenyouconnectnetworksusingWANlinks,however,youalmostneverownallofthetechnologyusedtomaketheconnections.Unlessyourorganizationhasthemeanstorunitsownlong-distancefiber-opticcablesorlaunchitsownsatellite(andwe’retalkingmillions,ifnotbillions,ofdollarsneededtodothisinmostcases),youhavetodealwithathird-partytelecommunicationsserviceproviderthatmakesitpossibleforyoutosendyourdatasignalsoverlongdistances.
TheneedtorelyonanoutsideserviceproviderforWANcommunicationscanenormouslycomplicatetheprocessofdesigning,installing,andmaintainingthenetwork.LANtechniciansareoftentinkerersbytrade.Whenproblemswiththenetworkoccur,theyhavetheirownproceduresforinvestigating,diagnosing,andresolvingthem,knowingthatthecauseissomewherenearbyiftheycanonlyfindit.ProblemswithWANconnectionscanconceivablybecausedbytheequipmentlocatedatoneoftheconnectedsites,butit’smorelikelyforthetroubletobesomewhereintheserviceprovider’snetworkinfrastructure.AheavyequipmentoperatorathousandmilesawayinAkron,Ohio,canseveratrunkcablewhilediggingatrench,causingyourWANlinktogodown.Solarflaresonthesurfaceofthesun93millionmilesawaycandisturbsatellitecommunications,causingyourWANlinktogodown.Ineithercase,thereisnothingyoucandoaboutitexceptcallyourserviceproviderandcomplain.Becauseofthisrelianceonoutsideparties,manynetworkadministratorsmaintainbackupWANlinksthatuseadifferenttechnologyorserviceproviderforcriticalconnections.
Telecommunicationsisaseparatenetworkingdisciplineuntoitselfthatisatleastascomplicatedasdatanetworking,ifnotmoreso.(lfyouthinkthatlocalareanetworkinghasalotofcrypticacronyms,waituntilyoustartstudyingtelecommunications.)Alargeorganizationreliesatleastasmuchontelecommunicationstechnologyasonitsdatanetworkingtechnology.lfthecomputernetworkgoesdown,peoplecomplainloudly;ifthephonesystemgoesdown,peoplequicklybegintopanic.Inmanylargeorganizations,
![Page 154: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/154.jpg)
thepeoplewhomanagethetelecommunicationsinfrastructurearedifferentfromthosewhoadministerthedatanetwork.However,itisintheareaofWANcommunicationsthatthesetwodisciplinescometogether.Itisn’tcommontofindtechnicalpeoplewhoareequallyadeptatdatanetworkingandtelecommunications;mosttechnicianstendtospecializeinoneortheother.However,aLANadministratorhastoknowsomethingabouttelecommunicationsiftheorganizationhasofficesatmultiplelocationsthataretobeconnectedusingWANs.
Alldatanetworkingisaboutbandwidth,ortheabilitytotransmitsignalsbetweensystemsatagivenrateofspeed.OnaLAN,whenyouwanttoincreasethebandwidthavailabletousers,youcanupgradetoafasterprotocoloraddnetworkconnectioncomponentssuchasbridges,switches,androuters.Aftertheinitialoutlayforthenewequipmentanditsinstallation,thenetworkhasmorebandwidth,forever.Intheworldoftelecommunications,bandwidthcostsmoney,oftenlotsofit.IfyouwanttoincreasethespeedofaWANlinkbetweentwonetworks,notonlydoyouhavetopurchasenewequipment,butyouprobablyalsohavetopayadditionalfeestoyourserviceprovider.Dependingonthetechnologyyou’vechosenandyourserviceprovider,youmayhavetopayafeetohavetheequipmentinstalled,afeetosetupthenewservice,andpermanentmonthlysubscriberfeesbasedontheamountofbandwidthyouwant.Combined,thesefeescanbesubstantial,andthey’reongoing;youcontinuetopayaslongasyouusetheservice.
TheresultofthisexpenseisthatWANbandwidthisfarmoreexpensivethanLANbandwidth.Innearlyeverycase,yourLANswillrunatspeedsfarexceedingthoseofyourWANconnections,asshowninTable7-1.
Table7-1LANsvs.WANs
![Page 155: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/155.jpg)
WANUtilizationWANtechnologiesvaryinthewaythey’restructured,thewayyoupayforthem,andthewayyouusethem.Thecostsofspecifictechnologiesdependonyourlocation.
SelectingaWANTechnologyTheselectionofaWANconnectionforaspecificpurposeisgenerallyatrade-offbetweenspeedandexpense.BecauseyourWANlinkswillalmostcertainlyrunmoreslowlythanthenetworksthattheyconnect,andcostmoreaswell,it’simportanttodeterminejusthowmuchbandwidthyouneedandwhenyouneeditasyoudesignyournetwork.
ItusuallyisnotpracticaltouseaWANlinkinthesamewayyouwoulduseaLANconnection.Youmighthavetolimittheamountoftrafficthatpassesoverthelinkinwaysotherthanjustusingroutersateachend.OnewayistoschedulecertaintasksthatrequireWANcommunicationstorunatoff-peakhours.Forexample,databasereplicationtaskscaneasilymonopolizeaWANlinkforextendedperiodsoftime,delayingnormaluseractivities.Manyapplicationsthatrequireperiodicdatareplication,includingdirectoryservicessuchasActiveDirectory,enableyoutospecifywhentheseactivitiesshouldtakeplace.ActiveDirectory,forexample,enablesyoutosplityourinternetworkintounitscalledsitesandregulatethetimeandfrequencyofthereplicationthatoccursbetweendomaincontrollersatdifferentsites.
BeforeyouselectaWANtechnology,youshouldconsidertheapplicationsforwhichitwillbeused.Differentfunctionsrequiredifferentamountsofbandwidthanddifferenttypesaswell.E-mail,forexample,notonlyrequiresrelativelylittlebandwidthbutalsoisintermittentinitstraffic.High-endapplications,suchasfull-motionvideo,notonlyrequireenormousamountsofbandwidthbutalsorequirethatthebandwidthbecontinuouslyavailabletoavoiddropoutsinservice.Theneedsofmostorganizationsfallsomewherebetweenthesetwoextremes,butitisimportanttorememberthatthecontinuityofthebandwidthcansometimesbeasimportantasthetransmissionrate.
NOTEWhilethetransmissionratesshowninTable7-2indicatethemaximumratedthroughput,theseratesarenotusuallyreflectedinrealitybecauseofavarietyofreasons.
Table7-2WANTechnologiesandTheirTransmissionRates
Table7-2listssomeofthetechnologiesusedforWANconnectionsandtheir
![Page 156: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/156.jpg)
transmissionspeeds.ThesectionsfollowingthetableexaminesomeofthetechnologiesthataremostcommonlyusedforWANconnectivity.Thesetechnologies,foravarietyofreasons,usuallydonotnecessarilyreflecttheactualthroughputrealizedbyapplicationsusingthem.Intherealworld,thethroughputisgenerallylower.
PSTN(POTS)ConnectionsAWANconnectiondoesnotnecessarilyrequireamajorinvestmentinhardwareandinstallationfees.Manynetworkconnectionsareformedusingapublicswitchedtelephonenetwork(PSTN)orplainoldtelephoneservice(POTS).Astandardasynchronousmodemthatconnectstelephonelinestoconnectyourcomputertoanetwork(suchasthatofanISP)istechnicallyawidearealink,andforsomepurposes,thisisallthatisneeded.Forexample,anemployeeworkingathomeorontheroadcandialintoaserverattheofficeandconnecttotheLANtoaccesse-mailandothernetworkresources.Inthesameway,asmallLANconnectionmaybesufficientforasmallbranchofficetoconnecttothecorporateheadquartersforthesamepurposes.
Themaximumpossibleconnectionspeedis56Kbps(fordigital-to-analogtrafficonly;analog-to-digitaltrafficislimitedto31.2Kbps).Analogmodemcommunicationsarealsodependentonthequalityofthelinesinvolved.Manytelephonecompaniesstillcertifytheirlinesforvoicecommunicationsonly,anddonotperformrepairstoimprovethequalityofdataconnections.
Usingthesepubliccarrierlinesusuallycostsmuchlessthantryingtoestablishaprivateline.Whenusingpubliclines,manysharethecosts,andthelinesare,bytheirnature,morereliablethantryingtocreateaprivateinfrastructure.TheissuesinvolvedinanyWANarethesame:delaytime,qualityofthelink,andavailablebandwidth.Thelargerthegeographicarea,themoretheseissuescomeintoplay.
Inmostcases,aLANtoWANconnectionusesacomputerasarouter,althoughmanyusestand-alonedevicesthatperformthesamefunction.Themostbasicarrangementusesacomputer,tablet,orsmartphoneforremotenetworkaccess.Theremotecomputercanberunningane-mailclient,awebbrowser,oranotherapplicationdesignedtoaccessnetworkresources,orsimplyaccessthefilesystemonthenetwork’sservers.Thissimplearrangementisbestsuitedtouserswhowanttoconnecttotheirofficecomputerswhileathomeortraveling.
Acomputercanalsohostmultipleconnections.WhenauserononeLANperformsanoperationthatrequiresaccesstotheotherLAN,theserverautomaticallydialsintoaserverontheothernetwork,establishestheconnection,andbeginsroutingtraffic.Whenthelinkremainsidleforapresettime,theconnectionterminates.Therearealsostand-aloneroutersthatperforminthesameway,enablinguserstoconnecttoaremoteLANortheInternetasneeded.ThisarrangementprovidesWANaccesstouserswithoutthemhavingtoestablishtheconnectionmanually.
Today,theworld’slargestWAN,theInternet,actuallyusesPSTNlinesformuchofitsinfrastructure,sothistechnologywillnotsoonbeobsolete.Obviously,thechiefdrawbacktousingthePSTNforotherWANconnectionsisthelimitedbandwidth,butthelowcostofthehardwareandservicesrequiredmaketheseconnectionscompelling,andmany
![Page 157: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/157.jpg)
networkadministratorsmakeuseofthemininterestingandcreativeways.Inearlierdial-upconnections,somenetworksusedinversemultiplexingtocombinetwosmallbandwidthchannelsintoalargerchannel.Inversemultiplexingistheprocessofcombiningbandwidthofmultipleconnectionsintoasingleconduit.Seethesections“FrameRelay”and“ATM”formoreinformationabouthowinversemultiplexingisusedtoday.
LeasedLinesAleasedlineisadedicated,permanentconnectionbetweentwositesthatrunsthroughthetelephonenetwork.Thelineissaidtobededicatedbecausetheconnectionisactive24hoursadayanddoesnotcompeteforbandwidthwithanyotherprocesses.Thelineispermanentbecausetherearenotelephonenumbersordialinginvolvedintheconnection,norisitpossibletoconnecttoadifferentlocationwithoutmodifyingthehardwareinstallation.WhilethisbookisnaturallymoreinterestedinleasedlinesasWANtechnologies,it’simportanttounderstandthattheyarealsoavitalelementofthevoicetelecommunicationsnetworkinfrastructure.Whenalargeorganizationinstallsitsownprivatebranchexchange(PBX)tohandleitstelephonetraffic,theswitchboardistypicallyconnectedtooneormoreT-llines,whicharesplitintoindividualchannelswithenoughbandwidthtohandleasinglevoice-gradeconnection(56to64Kbps).Eachofthesechannelsbecomesastandardvoice“telephoneline,”whichisallocatedbythePBXtousers’telephonesasneeded.
Youinstallaleasedlinebycontactingatelephoneserviceprovider,eitherlocalorlongdistance,andagreeingtoacontractthatspecifiesalinegrantingacertainamountofbandwidthbetweentwolocations,foraspecifiedcost.Thepricetypicallyinvolvesaninstallationfee,hardwarecosts,andamonthlysubscriptionfee,anditdependsonboththebandwidthofthelineandthedistancebetweenthetwositesbeingconnected.Theadvantagesofaleasedlinearethattheconnectiondeliversthespecifiedbandwidthatalltimesandthatthelineisasinherentlysecureasanytelephonelinebecauseitisprivate.Whiletheservicefunctionsasadedicatedlinebetweenthetwoconnectedsites,thereisnotreallyadedicatedphysicalconnection,suchasaseparatewirerunningtheentiredistance.Theserviceproviderinstallsadedicatedlinebetweeneachofthetwositesandtheprovider’snearestpointofpresence(POP),butfromthere,theconnectionusestheprovider’sstandardswitchingfacilitiestomaketheconnection.Theproviderguaranteesthatitsfacilitiescanprovideaspecificbandwidthandqualityofservice.
FromtheLANside,thelineusuallyconnectstoarouterandontheWANside,ahub.Thistypeofconnectioncanbecomeveryexpensiveovertime.Theperformanceoftheserviceisbasedonthepercentageoferror-freesecondsperday,anditsavailabilityiscomputedintermsofthetimethattheserviceisfunctioningatfullcapacityduringaspecificperiod,alsoexpressedasapercentage.Iftheproviderfailstomeettheguaranteesspecifiedinthecontract,thecustomerreceivesafinancialremunerationintheformofservicecredits.Aleased-linecontracttypicallyquantifiesthequalityofserviceusingtwocriteria:serviceperformanceandavailability.
Leased-LineTypes
![Page 158: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/158.jpg)
Leasedlinescanbeanalogordigital,butdigitallinesaremorecommon.Ananaloglineissimplyanormaltelephonelinethatiscontinuouslyopen.WhenusedforaWANconnection,modemsarerequiredatbothendstoconvertthedigitalsignalsofthedatanetworktoanalogformfortransmissionandbacktodigitalattheotherend.Insomecases,thelinemayhaveagreaterservicequalitythanastandardPSTNline.
Digitalleasedlinesaremorecommonbecausenoanalog-to-digitalconversionisrequiredfordatanetworkconnections,andthesignalqualityofadigitallineisusuallysuperiortothatofananalogline,whetherleasedordial-up.Digitalleasedlinesarebasedonahierarchyofdigitalsignal(D5)speedsusedtoclassifythespeedsofcarrierlinks.Theselevelstakedifferentformsindifferentpartsoftheworld.InNorthAmerica,theD5levelsareusedtocreatetheT-carrier(for“trunk-carrier”)service.EuropeandmostoftherestoftheworldusestheE-carrierservice,whichisstandardizedbytheTelecommunicationssectoroftheInternationalTelecommunicationsUnion(ITU-T),exceptforJapan,whichhasitsownJ-carrierservice.EachoftheseservicesnamesthevariouslevelsbyreplacingtheDSprefixwiththatoftheparticularcarrier.Forexample,theDS-llevelisknownasaT-1inNorthAmerica,anE-1inEurope,andaJ-1inJapan.
TheonlyexceptiontothisistheDS-0level,whichrepresentsastandard64Kbpsvoice-gradechannelandisknownbythisnamethroughouttheworld.AsyougobeyondtheDS-lservice,bandwidthlevelsrisesteeply,asdothecosts.InNorthAmerica,manynetworksusemultipleT-1linesforbothvoiceanddata.T-3sareusedmainlybyISPsandotherserviceproviderswithhigh-bandwidthneeds.SeeTable7-3foranexplanationofthevarious“T”linesinNorthAmerica.
Table7-3“T”LineTypesinNorthAmerica
Whileit’spossibletoinstallaleasedlineusinganyoftheservicelevelslistedforyourgeographicallocation,youarenotlimitedtotheamountsofbandwidthprovidedbytheseservices.Becausethebandwidthofeachserviceisbasedonmultiplesof64Kbps,youcansplitadigitallinkintoindividual64Kbpschannelsanduseeachoneforvoiceordatatraffic.Serviceprovidersfrequentlytakeadvantageofthiscapabilitytoofferleasedlinesthatconsistofanynumberofthese64Kbpschannelsthatthesubscriberneeds,combinedintoasingledatapipe.ThisiscalledfractionalT-1service.
Leased-LineHardwareAT-llinerequirestwotwistedpairsofwires,andoriginallythelinewasconditioned,meaningthatarepeaterwasinstalled3,000feetfromeachendpointandevery6,000feetinbetween.Later,asignalingschemecalledhigh-bit-ratedigitalsubscriberline(HDSL)
![Page 159: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/159.jpg)
madeitpossibletotransmitdigitalsignalsatT-lspeedsoverlongerdistanceswithouttheneedforrepeatinghardware.
Thehardwarethatwasrequiredateachendofadigitalleasedlinewascalledachannelserviceunit/dataserviceunit(CSU/DSU),whichwasactuallytwodevicesthatareusuallycombinedintoasingleunit.TheCSUprovidedtheterminusforthedigitallinkandkepttheconnectionactiveevenwhentheconnectedbridge,router,privatebranchexchange(PBX),orotherdevicewasn’tactuallyusingit.TheCSUalsoprovidedtestinganddiagnosticfunctionsfortheline.TheDSUwasthedevicethatconvertsthesignalsitreceivedfromthebridge,router,orPBXtothebipolardigitalsignalscarriedbytheline.
Inappearance,aCSU/DSUlookedsomethinglikeamodem,andasaresult,theyweresometimesincorrectlycalleddigitalmodems.(Sinceamodem,bydefinition,isadevicethatconvertsbetweenanaloganddigitalsignals,thetermdigitalmodemwasactuallysomethingofanoxymoron.However,justaboutanydeviceusedtoconnectacomputerornetworktoatelephoneorInternetservicehasbeenincorrectlycalledamodem,includingISDNandcablenetworkequipment.)
TheCSU/DSUwasconnectedtotheleasedlineononesideusinganRJconnectorandtoadevice(ordevices)ontheothersidethatprovidedtheinterfacetothelocalnetwork(seeFigure7-2),usingaV.35orRS-232connector.ThisinterfacecanbeabridgeorarouterfordatanetworkingoraPBXforvoiceservices.Thelinecanbeeitherunchanneled,meaningthatitisusedasasingledatapipe,orchanneled,meaningthatamultiplexorislocatedinbetweentheCSU/DSUandtheinterfacetobreakupthelineintoseparatechannelsformultipleuses.
Figure7-2TheCSU/DSUprovidestheinterfacebetweenaLANandaleasedline.
Digitalleasedlinesusetimedivisionmultiplexing(TDM)tocreatetheindividualchannelsinwhichtheentiredatastreamisdividedintotimesegmentsthatareallocatedtoeachchannelinturn.Eachtimedivisionisdedicatedtoaparticularchannel,whetheritisusedornot.Thus,whenoneofthe64KbpsvoicelinesthatarepartofaT-1wasidle,thatbandwidthwaswasted,nomatterhowbusytheotherchannelswere.
Leased-LineApplicationsT-1sandotherleasedlinesareusedformanydifferentpurposes.T-1sarecommonlyusedtoprovidetelephoneservicestolargeorganizations.OntheWANfront,organizationswithofficesinseverallocationscanuseleasedlinestobuildaprivatenetworkforbothvoiceanddatatraffic.Withsuchanetworkinplace,userscanaccessnetworkresourcesinanyofthesitesatwill,andtelephonecallscanbetransferredtousersinthedifferentoffices.Theproblemwithbuildinganetworkinthismanneristhatitrequiresatruemesh
![Page 160: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/160.jpg)
topologyofleasedlines—thatis,aseparateleasedlineconnectingeachofficetoeveryotheroffice—tobereliable.Anorganizationwithfoursites,forexample,wouldneedsixleasedlines,asshowninFigure7-3,andeightsiteswouldrequiretwenty-eightleasedlines!Itwouldbepossibleforthesitestobeconnectedinseries,usingsevenlinkstoconnecteightsites,butthenthefailureofanyonelinkorrouterwouldsplitthenetworkintwo.
Figure7-3AprivateWANthatusesleasedlinesrequiresaseparateconnectionbetweeneverytwosites.
Today,mostorganizationsusealessexpensivetechnologytocreateWANlinksbetweentheirvariousoffices.OnealternativetoaprivatenetworkwouldbetouseleasedlinesateachsitetoconnecttoapubliccarriernetworkusingatechnologysuchasframerelayorATMtoprovidetherequiredbandwidth.Eachsitewouldrequireonlyasingle,relativelyshort-distanceleasedlinetoalocalserviceprovider,insteadofaseparatelinetoeachsite.Formoreinformationonthisalternative,see“Packet-SwitchingServices”laterinthischapter.ThemostcommonapplicationforT-1linesinWANstoday,however,istousethemtoconnectaprivatenetworktoanISPinordertoprovideInternetaccesstoitsusersandtohostInternetservices,suchaswebande-mailservers.
T-1sarewell-suitedforprovidingInternetaccesstocorporatenetworksbecauseservicessuchase-mailhavetobeconnectedaroundtheclock.ISPsalsousuallyhavealocalpointofpresence,sotheleasedlinedoesnothavetospanatremendouslylongdistanceandisnottooterriblyexpensive.AsingleT-1connectiontotheInternetcanservetheneedsofhundredsofaverageuserssimultaneously.
ISDNIntegratedservicedigitalnetwork(ISDN)anddigitalsubscriberline(DSL)arebothservicesthatutilizetheexistingcopperPOTScableataninstallationtocarrydataatmuch
![Page 161: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/161.jpg)
highertransmissionrates.Inbothcases,thesitemustberelativelyclosetothetelephonecompany’snearestpointofpresence(POP),alocationcontainingtelephoneswitchingequipment.BasicrateISDN,forexample,requiresalocationnofartherthan18,000feet(3.4miles)fromthePOP;DSLdistancesvarywiththedatarate.ISDNandDSLaresometimescalledlast-miletechnologiesbecausetheyaredesignedtogetdatafromtheusersitetothePOPathighspeed.
ThecoppercablerunningfromthePOPtotheindividualusersiteistraditionallytheweakestlinkinthephonesystem.OnceasignalreachesthePOP,itmovesthroughthetelephonecompany’sswitchesathighspeed.Byeliminatingthebottlenecksatbothendsofthelink,trafficcanmaintainthatspeedfromendtoend.WhilethesetechnologieshavebeenmarketedintheUnitedStatesprimarilyasInternetconnectivitysolutionsforhomeusers,theybothareusableforoffice-to-officeWANconnections.
ISDNwasadigitalpoint-to-pointtelephonesystemthathadbeenaroundformanyyearsbutthatwasnotadoptedaswidelyintheUnitedStatesasitsproponentshadhoped.Originally,ISDNwasdesignedtocompletelyreplacethecurrentphonesystemwithall-digitalservice,butitthenbecamepositionedasanalternativetechnologyforhomeuserswhorequiredhigh-bandwidthnetworkconnectionsandforlinksbetweenbusinessnetworks.Inthiscountry,ISDNtechnologygarneredareputationforbeingoverlycomplicated,difficulttoinstall,andnotparticularlyreliable,andtosomeextent,thisreputationwasjustified.Atonetime,inquiriestomostlocalphonecompaniesaboutISDNservicewouldbemetonlywithpuzzlement,andhorrorstoriesfromconsumersaboutinstallationdifficultieswerecommon.
ISDNwasadigitalservicethatprovidedagooddealmorebandwidththanstandardtelephoneservice,butunlikealeasedline,itwasnotpermanent.ISDNdevicesdialedanumbertoestablishaconnection,likeastandardtelephone,meaningthatusersconnectedtodifferentsitesasneeded.Forthisreason,ISDNwasknownasacircuit-switchingservicebecauseitcreatedatemporarypoint-to-pointcircuitbetweentwosites.ForthehomeorbusinessuserconnectingtotheInternet,thismeanttheycouldchangeISPswithoutanymodificationstotheISDNservicebythetelephonecompany.FororganizationsusingISDNforWANconnectionsbetweenoffices,thismeanttheycouldconnecttodifferentofficenetworkswhentheyneededaccesstotheirresources.
ISDNServicesTherearetwomaintypesofISDNservice,whicharebasedonunitsofbandwidthcalledBchannels,runningat64Kbps,andDchannels,runningat16or64Kbps.Bchannelscarryvoiceanddatatraffic,andDchannelscarrycontroltrafficonly.Theservicetypesareasfollows:
•BasicRateInterface(BRI)Alsocalled2B+D,becauseitconsistsoftwo64KbpsBchannelsandone16KbpsDchannel.BRIwastargetedprimarilyathomeusersforconnectionstobusinessnetworksortheInternet.
•PrimaryRateInterface(PRI)Consistsofupto23Bchannelsandone64KbpsDchannel,foratotalbandwidthequivalenttoaT-1leasedline.PR1wasaimedmoreatthebusinesscommunity,asanalternativetoleasedlinesthat
![Page 162: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/162.jpg)
providedthesamebandwidthandsignalqualitywithgreaterflexibility.
OneoftheprimaryadvantagesofISDNwastheabilitytocombinethebandwidthofmultiplechannelsasneeded,usinginversemultiplexing.EachBchannelhasitsownseparateten-digitnumber.Forthehomeuser,oneoftheBchannelsoftheBRIservicecarriedvoicetrafficwhiletheotherBchannelwasusedfordata,orbothBchannelscouldbecombinedtoformasingle128KbpsconnectiontotheInternetortoaprivatenetwork.
ThePR1servicecombinesanynumberoftheBchannelsinanycombinationtoformconnectionsofvariousbandwidths.Inaddition,theISDNservicesupportsbandwidth-on-demand,whichcansupplementaconnectionwithadditionalBchannelstosupportatemporaryincreaseinbandwidthrequirements.Dependingontheequipmentused,it’spossibletoaddbandwidthaccordingtoapredeterminedscheduleofusageneedsortodynamicallyaugmentaconnectionwhenthetrafficrisesaboveaparticularlevel.Forbandwidthneedsthatfluctuated,anISDNconnectionwasoftenfarmoreeconomicalthanaleasedlinebecauseyoupayonlyforthechannelsthatarecurrentlyinuse.Withaleasedline,youmustpaywhetherit’sbeingusedornot.
ISDNCommunicationsTheISDNBchannelscarryusertrafficonly,whetherintheformofvoiceordata.TheDchannelisresponsibleforcarryingallofthecontroltrafficneededtoestablishandterminateconnectionsbetweensites.ThetrafficonthesechannelsconsistsofprotocolsthatspanthebottomthreelayersoftheDSTreferencemodel.Thephysicallayerestablishesacircuit-switchedconnectionbetweentheuserequipmentandthetelephonecompany’sswitchingofficethatoperatesat64Kbpsandalsoprovidesdiagnosticfunctionssuchasloopbacktestingandsignalmonitoring.Thislayerisalsoresponsibleforthemultiplexingthatenablesdevicestosharethesamechannel.
Atthedatalinklayer,bridgesandPBXsusinganISDNconnectionemploytheLinkAccessProcedureforDChannel(LAPD)protocol,asdefinedbytheInternationalTelecommunicationsUnion(ITU-T)documentsQ.920throughQ.923,toprovideframe-relayandframe-switchingservices.Thisprotocol(whichissimilartotheLAP-BprotocolusedbyX.25)usestheaddressinformationprovidedbytheISDNequipmenttocreatevirtualpathsthroughtheswitchingfabricofthetelephonecompany’snetworktotheintendeddestination.Theendresultisaprivatenetworkconnectionmuchlikethatofaleasedline.
Thenetworklayerisresponsiblefortheestablishment,maintenance,andterminationofconnectionsbetweenISDNdevices.Unlikeleasedlinesandsimilartechnologies,whichmaintainapermanentlyopenconnection,ISDNmustuseahandshakeproceduretoestablishaconnectionbetweentwopoints.TheprocessofestablishinganISDNconnectioninvolvesmessagesexchangedbetweenthreeentities:thecaller,theswitch(atthePOP),andthereceiver.Asusual,networklayermessagesareencapsulatedwithindatalinklayerprotocolframes.Theconnectionprocedureisasfollows:
1.ThecallertransmitsaSETUPmessagetotheswitch.
2.lftheSETUPmessageisacceptable,theswitchreturnsaCALLPROC(callproceeding)messagetothecallerandforwardstheSETUPmessagetothe
![Page 163: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/163.jpg)
receiver.
3.IfthereceiveracceptstheSETUPmessage,itringsthephone(eitherliterallyorfiguratively)andsendsanALERTINGmessagebacktotheswitch,whichforwardsittothecaller.
4.Whenthereceiveranswersthecall(again,eitherliterallyorfiguratively),itsendsaCONNECTmessagetotheswitch,whichforwardsittothecaller.
5.ThecallerthensendsaCONNECTACK(connectionacknowledgment)messagetotheswitch,whichforwardsittothereceiver.Theconnectionisnowestablished.
ISDNHardwareISDNdoesnotrequireanymodificationstothestandardcopperPOTSwiring.Aslongasyoursiteiswithin18,000feetofaPOP,youcanconvertanexistingtelephonelinetoISDNjustbyaddingtheappropriatehardwareateachend.Thetelephonecompanyusesspecialdata-encodingschemes(called2BIQinNorthAmericaand4B3TinEurope)toprovidehigherdatatransmissionratesoverthestandardcable.AllISDNinstallationsneededadevicecalledaNetworkTermination1(NT1)connectedtothetelephonelineateachend.TheservicefromthetelephonecompanyprovideswhatisknownasaUinterfaceoperatingoveronetwistedpairofwires.TheNT1connectstotheUinterfaceandconvertsthesignalstothefour-wireS/TinterfaceusedbyISDNterminalequipment(thatis,thedevicesthatusetheconnection).
DevicesthatconnectdirectlytotheS/Tinterface,suchasISDNtelephonesandISDNfaxmachines,werereferredtoasterminalequipment1(TE1).DevicesthatwerenotISDNcapable,suchasstandardanalogphonesandfaxmachines,aswellascomputers,werecalledterminalequipment2(TE2).ToconnectaTE2devicetotheS/Tinterface,youneededaninterveningterminaladapter(TA).YoucouldconnectuptosevendevicestoanNT1,bothTE1andTE2.
InNorthAmerica,itwasuptotheconsumertoprovidetheNT1,whichwasavailableinseveralformsasacommercialproduct.InEuropeandJapan,whereISDNwasmuchmoreprevalent,theNT1wasownedandprovidedbythetelephonecompany;usersonlyneededtoprovidetheterminalequipment.FortheBRIservice,aseparateNT1isrequiredifyouaregoingtousemorethanonetypeofterminalequipment,suchasaterminaladapterforacomputerandanISDNtelephone.Iftheservicewasgoingtobeusedonlyfordatanetworking,aswasoftenthecaseintheUnitedStates,thereweresingledevicesavailablethatcombinedtheNT1withaterminaladapter.ThesecombinationdevicesoftentooktheformofanexpansioncardforaPC,oraseparatedevice.Onceagain,theunitsthatareoftencalledISDNmodemsweretechnicallynotmodemsatallbecausetheydidnotconvertsignalsbetweenanaloganddigitalformats.
DSLAdigitalsubscriberline(DSL)isacollectivetermforagroupofrelatedtechnologiesthatprovideaWANservicethatissomewhatsimilartoISDNbutatmuchhigherspeeds.Like
![Page 164: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/164.jpg)
ISDN,DSLusesstandardPOTSwiringtotransmitdatafromausersitetoatelephonecompanyPOPusingaprivatepoint-to-pointconnection.Fromthere,signalstravelthroughthetelephonecompany’sstandardswitchingequipmenttoanotherDSLconnectionatthedestination.AlsolikeISDN,thedistancebetweenthesiteandthePOPislimited;thefasterthetransmissionrate,theshortertheoperabledistance.
ThetransmissionratesforDSLservicesvarygreatly,andmanyoftheservicesfunctionasymmetrically,meaningtheyhavedifferentuploadanddownloadspeeds.ThisspeedvarianceoccursbecausethebundleofwiresatthePOPismoresusceptibletoatypeofinterferencecallednear-endcrosstalkwhendataisarrivingfromtheusersitethanwhenitisbeingtransmittedouttotheusersite.Theincreasedsignallossrateresultingfromthecrosstalkrequiresthatthetransmissionratebelowerwhentravelinginthatdirection.
StandardtelephonecommunicationsuseonlyasmallamountofthebandwidthprovidedbythePOTScable.DSLworksbyutilizingfrequenciesabovethestandardtelephonebandwidth(300to3,200Hz)andbyusingadvancedsignalencodingmethodstotransmitdataathigherratesofspeed.SomeoftheDSLservicesuseonlyfrequenciesthatareoutoftherangeofstandardvoicecommunications,whichmakesitpossibleforthelinetobeusedfornormalvoicetrafficwhileitiscarryingdigitaldata.
DSLisstillthemostcommonInternetaccesssolution.However,thehigher-speedserviceslikehigh-bit-ratedigitalsubscriberline(HDSL)havebeendeployedheavilybylocaltelephonecarriers.Asymmetricaloperationisnotmuchofaproblemforservicessuchasasymmetricaldigitalsubscriberline(ADSL),whichwereusedforInternetaccess,becausetheaverageInternetusersdownloadfarmoredatathantheyupload.ForWANconnections,however,symmetricalserviceslikeHDSLarestandardforsometime.DSLdiffersfromISDNinthatitusespermanentconnections;ithasdial-upservice,nonumbersassignedtotheconnections,andnosession-establishmentprocedures.Theconnectioniscontinuouslyactiveandprivate,muchlikethatofaleasedline.
AsanInternetaccesssolution,DSLgrewquicklybecauseofitsrelativelylowpricesandhightransmissionratesandhasallbuteclipsedISDNinthismarket.DSLandcableconnectionsarenowthetwobiggestcompetingtechnologiesintheend-user,high-speedInternetconnectionmarket.
ThevariousDSLserviceshaveabbreviationswithdifferentfirstletters,whichiswhythetechnologyissometimescalledXDSL,withtheXactingasaplaceholder.Table7-4showstheseservicesandtheirproperties.
![Page 165: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/165.jpg)
Table7-4DSLTypesandProperties
ThehardwarerequiredforaDSLconnectionisastandardPOTSlineandaDSL“modem”atbothendsofthelink.Forservicesthatprovidesimultaneousvoiceanddatatraffic,aPOTSsplitterisneededtoseparatethelowerfrequenciesusedbyvoicetrafficfromthehigherfrequenciesusedbytheDSLservice.Inaddition,thetelephonelinecannotuseloadingcoils,inductorsthatextendtherangeofthePOTSlineattheexpenseofthehigherfrequenciesthatDSLusestotransmitdata.AsshowninTable7-4,mostDSLconnectionsareasymmetrical,althoughtherearesomesymmetricalvariationsthatdeliverthesamespeedbothuploadinganddownloading.
AstelephonecompanieshaveupgradedtheirT1andT3linestofiber-opticlines,sohaveDSLspeedsincreased.However,dataratestilldependsonthedistancetothecentraltelephoneoffice.And,inmanycases,linenoiseisafactorthatreduceslinespeed.
NOTEAscabletelevisionhasgrown,sohaveitsservices.Manycablecompaniesnowofferhigh-speedInternetaccessinadditiontotelevisionandVoiceoverInternetProtocol(VoIP)services.SeeChapter23formoreinformationaboutVoIPandcableconnections.
SwitchingServicesEachWANinvolvesmovinginformationthroughuptothousandsofindividualnetworks.Thishappensbywayofseveralswitching(routing)technologies.Switchingentailsmovingdata,includinge-mails,largedocuments,andallofthemyriadtypesofinformationbeingtransmittedthroughouttheworld.Eachitemissentinintermediatesteps,ratherthaninformationfollowingadirectlinefromtheoriginationpointtothedestination.
Packet-SwitchingServicesEachmessageisbrokendownintosmallpacketstobesentthroughthenetwork.Apacket-switchingservicetransmitsdatabetweentwopointsbyroutingpacketsthroughthe
![Page 166: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/166.jpg)
switchingnetworkownedbyacarriersuchasAT&T,Sprint,oranothertelephonecompany.Theendresultisahigh-bandwidthconnectionsimilarinperformancetoaleasedline,buttheadvantageofthistypeofserviceisthatasingleWANconnectionatanetworksitecanprovideaccesstomultipleremotesitessimplybyusingdifferentroutesthroughthenetwork.Today,packet-switchingnetworkstransmiteverythingfromavoicetelephonecalltodigitaltelevisionreception.
Thepacket-switchingserviceconsistsofanetworkofhigh-speedconnectionsthatissometimesreferredtoasthecloud.Oncedataarrivesatthecloud,theservicecanrouteittoaspecificdestinationathighspeeds.ItisuptotheconsumerstogettheirdatatothenearestPOPconnectedtothecloud,afterwhichallswitchingisperformedbythecarrier.Therefore,anorganizationsettingupWANconnectionsbetweenremotesitesinstallsalinktoanedgeswitchatalocalPOPusingwhatevertechnologyprovidessuitableperformance.Thislocallinkcantaketheformofaleasedline,ISDN,orDSL.
Oncethedataarrivesattheedgeswitch,itistransmittedthroughthecloudtoanedgeswitchatanotherPOP,whereitisroutedtoaprivatelinkconnectingthecloudtothedestinationsite(seeFigure7-4).
Figure7-4Packet-switchingnetworksuseanetworkcloudtoroutedatabetweenremotesites.
Forexample,anorganizationwitheightofficesscatteredaroundthecountrywouldneed28leasedlinestointerconnectallofthesites,someofwhichmayhavetospanlongdistances.Inthisarrangement,theorganizationdoesallofitsownswitching.Usingapacket-switchingserviceinsteadrequiresoneleasedlineconnectingeachsitetotheservice’slocalPOP.Eightleasedlinesarefarcheaperthan28,especiallywhentheyspanrelativelyshortdistances.Togetthedatawhereit’sgoing,thecarrierprogramsvirtual
![Page 167: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/167.jpg)
circuits(VCs)fromthePOPusedbyeachsitetoeachofthesevenotherPOPs.Thus,therearestill28routesconnectingeachlocationtoeveryotherlocation,buttheservicemaintainsthem,andtheclientpaysonlyforthebandwidthused.
Unlikealeasedline,however,apacket-switchingservicesharesitsnetworkamongmanyusers.Thelinkbetweentwositesisnotpermanentlyassignedaspecificbandwidth.Insomeinstances,thiscanbeadrawback,becauseyourlinksarecompetingwiththoseofotherclientsforthesamebandwidth.However,youcannowcontractforaspecificbandwidthoveraframe-relaynetwork,andATMisbuiltaroundaqualityofservice(QoS)featurethatallocatesbandwidthforcertaintypesoftraffic.Inaddition,thesetechnologiesenableyoutoalterthebandwidthallottedtoyourlinks.Unlikealeasedlinewithaspecificbandwidththatyoucan’texceedandthatyoupayforwhetheryou’reusingitornot,youcontractwithapacket-switchingservicetoprovideacertainamountofbandwidth,whichyoucanexceedduringperiodsofheavytraffic(possiblywithanadditionalcharge)andwhichyoucanincreaseasyournetworkgrows.
Asthepacket-switchingnetworkbecomesmorecrowded,theentirenetworkslowsdown.Thinkaboutahighwaysystem.Themorecarsusingthehighway,themoretrafficslows.Sincethismediumoftransportationisshared,thereisnoguaranteeforthetimeofarrivalatthepacket’sdestination.Eachpacketmayuseadifferentcircuit,andthemessageisnotconnecteduntilitarrivesatitsdestination.
Circuit-SwitchingServicesThisserviceisatemporaryconnection,suchasISDNoradial-upconnection.Becausetheconnectionisdedicated,informationcanbetransmittedrapidly.However,unlessthebandwidthisbeingused,thatbandwidthiswasted.Today,narrowbandISDNandswitchedT1connectionsstillusecircuit-switchedtechnologies.
FrameRelayFrame-relaynetworksprovidethehigh-speedtransmissionofleasedlineswithgreaterflexibilityandlowercosts.Frame-relayserviceoperatesatthedatalinklayeroftheOSIreferencemodelandrunsatbandwidthsfrom56Kbpsto44.736Mbps(T-3speed).Younegotiateacommittedinformationrate(CIR)withacarrierthatguaranteesyouaspecificamountofbandwidth,eventhoughyouaresharingthenetworkmediumwithotherusers.ItispossibletoexceedtheCIR,however,duringperiodsofheavyuse,calledbursts.Aburstcanbeamomentaryincreaseintrafficoratemporaryincreaseoflongerduration.Usually,burstsuptoacertainbandwidthordurationcarrynoextracharge,buteventually,additionalchargeswillaccrue.
Thecontractwiththeserviceprovideralsoincludesacommittedburstinformationrate(CBIR),whichspecifiesthemaximumbandwidththatisguaranteedtobeavailableduringbursts.IfyouexceedtheCBIR,thereisachancethatdatawillbelost.Theadditionalbandwidthprovidedduringaburstmaybe“borrowed”fromyourothervirtualcircuitsthataren’toperatingatfullcapacityorevenfromotherclients’circuits.Oneoftheprimaryadvantagesofframerelayisthatthecarriercandynamicallyallocatebandwidthtoitsclientconnectionsasneeded.Inmanycases,itistheleasedlinetothecarrier’s
![Page 168: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/168.jpg)
nearestPOPthatisthefactorlimitingbandwidth.
Frame-RelayHardwareEachsiteconnectedtoaframe-relaycloudmusthaveaframe-relayaccessdevice(FRAD),whichfunctionsastheinterfacebetweenthelocalnetworkandtheleasedline(orotherconnection)tothecloud(seeFigure7-5).TheFRADissomethinglikearouter,inthatitoperatesatthenetworklayer.TheFRADacceptspacketsfromtheLANthataredestinedforothernetworks,stripsoffthedatalinklayerprotocolheader,andpackagesthedatagramsinframesfortransmissionthroughthecloud.Inthesameway,theFRADprocessesframesarrivingthroughthecloudandpackagesthemfortransmissionovertheLAN.ThedifferencebetweenaFRADandastandardrouter,however,isthattheFRADtakesnopartintheroutingofpacketsthroughthecloud;itsimplyforwardsallthepacketsfromtheLANtotheedgeswitchatthecarrier’sPOP.
Figure7-5Frame-relayconnectionsuseaFRADtoconnectaLANtothecloud.
Theonlyotherhardwareelementinvolvedinaframe-relayinstallationistheconnectiontothenearestPOP.Inframerelay,theleasedlineisthemostcommonlyusedtypeofconnection.Whenselectingacarrier,itisimportanttoconsiderthelocationsoftheirPOPsinrelationtothesitesyouwanttoconnectbecausethecostoftheleasedlines(whichisnotusuallyincludedintheframe-relaycontract)dependsontheirlength.Thelargelong-distancecarriersusuallyhavethemostPOPS,scatteredoverthewidestareas,butitisalsopossibletousedifferentcarriersforyoursitesandcreateframe-relaylinksbetweenthem.
Wheninstallingleasedlines,itisimportanttotakeintoaccountthenumberofvirtualcircuitsthatwillrunfromtheFRADtoyourvarioussites.Unliketheprivatenetworkcomposedofseparateleasedlinestoeverysite,thesingleleased-lineconnectionbetweentheFRADandthecarrier’sedgeserverwillcarryalloftheWANdatatoandfromthe
![Page 169: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/169.jpg)
localnetwork.MultipleVCswillberunningfromtheedgeserverthroughthecloudtotheothersites,andtheleasedlinefromtheFRADwillessentiallymultiplexthetrafficfromallofthoseVCstotheLAN,asshowninFigure7-6.Thus,ifyouareconnectingeightremotesitestogetherwithframe-relayWANlinks,theleasedlineateachlocationshouldbecapableofhandlingthecombinedbandwidthofallsevenVCstotheotherlocations.
Figure7-6TheconnectionfromtheFRADtothecloudcarriesdataforallofthevirtualcircuits.
Inmostcases,theactualtrafficmovingacrossaWANlinkdoesnotutilizeallofthebandwidthallottedtoitatalltimes.Therefore,itmaybepossibletocreateaserviceableWANbycontractingforVCsthathaveT-lspeedsbetweenalleightofficesandusingT-lleasedlinestoconnectallofthesitestothecloud.Beaware,however,thattheleasedlinesaretheonlyelementsoftheWANthatarenotflexibleintheirbandwidth.lfyoufindthatyourWANtrafficexceedsthecapacityoftheleasedline,theonlyrecourseistoaugmentitsbandwidthbyinstallinganotherconnection.ThisdoesnotnecessarilymeaninstallinganotherT-1,however.YoucanaugmentthebandwidthconnectingtheFRADtotheedgeserverbyaddingafractionalT-1orevenadial-upconnectionthatactivatesduringperiodsofhightraffic.
VirtualCircuitsThevirtualcircuitsthatarethebasisforframe-relaycommunicationscomeintwotypes:permanentvirtualcircuits(PVCs)andswitchedvirtualcircuits(SVCs).PVCsareroutesthroughthecarrier’scloudthatareusedfortheWANconnectionsbetweenclientsites.Unlikestandardinternetworkrouting,PVCsarenotdynamic.Theframe-relaycarriercreatesaroutethroughitscloudforaconnectionbetweensites,assignsitaunique10-bitnumbercalledadatalinkconnectionidentifier(DLCI),andprogramsitintoitsswitches.ProgrammingaFRADconsistsofprovidingitwiththeDLCIsforallofthePVCSleadingtootherFRADS.DLCIsarelocallysignificantonly;eachFRADhasitsownDLCIforaparticularvirtualcircuit.FramespassingbetweentwositesalwaystakethesameroutethroughthecloudandusetheDLCIasadatalinklayeraddress.Thisisoneofthereasonswhyframerelayissofast;thereisnoneedtodynamicallyroutethepacketsthroughthecloudorestablishanewconnectionbeforetransmittingdata.
EachPVCcanhaveitsownCIRandCBIR,anddespitethedescriptionoftheVCas
![Page 170: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/170.jpg)
permanent,thecarriercanmodifytheroutewithinamatterofhoursifoneofthesitesmoves.ItisalsopossibletohavethecarriercreateaPVCfortemporaryuse,suchasforameetinginwhichaspecialvideoconferencingsessionisrequired.Althoughitwasoriginallycreatedfordatatransfers,youcanalsouseframerelaytocarryothertypesoftraffic,suchasvoiceorvideo.Tosetupavoicecalloravideoconferencebetweentwosites,therehastobeavirtualcircuitbetweenthem.Thisiseasyifthecommunicationsarebetweentwoofanorganization’sownsites,whicharealreadyconnectedbyaPVC;butconferencingwithaclientorotheroutsideuserrequiresacalltothecarriertosetupanewPVC.
Frame-RelayMessagingFramerelayusestwoprotocolsatthedatalinklayer:LAPDforcontroltrafficandLinkAccessProcedureforFrame-modeBearerServices(LAPF)forthetransferofuserdata.TheLAPDprotocol,thesameoneusedbyISDN(ITL-TQ921),isusedtoestablishVCsandprepareforthetransmissionofdata.LAPFisusedtocarrydataandforotherprocesses,suchasmultiplexinganddemultiplexing,errordetection,andflowcontrol.
Figure7-7showstheformatoftheframeusedtocarrydataacrossaframe-relaycloud.Thefunctionsofthefieldsareasfollows:
•Flag,1byteContainsthebinaryvalue01111110(or7Einhexadecimalform)thatservesasadelimiterfortheframe.
•LinkInfo,2bytesContainstheframe’saddressandcontrolfields,asfollows:
•UpperDLCI,6bitsContainsthefirst6bitsofthe10-bitDLCIidentifyingthevirtualcircuitthattheframewillusetoreachitsdestination.
•Command/Response(C/R),1bitUndefined.
•ExtendedAddress(EA),1bitIndicateswhetherthecurrentbytecontainsthelastbitoftheDLCI.TheeighthbitofeverybyteintheLinkInfofieldisanEAbit.Whentheframesusestandard10-bitDLCIs,thevalueofthisbitwillalwaysbe0.
•LowerDLCI,4bitsContainsthelast4bitsofthe10-bitDLCIidentifyingthevirtualcircuitthattheframewillusetoreachitsdestination.
•ForwardExplicitCongestionNotification(FECN),1bitIndicatesthatnetworkcongestionwasencounteredinthedirectionfromsourcetodestination.
•BackwardExplicitCongestionNotification(BECN),1bitIndicatesthatnetworkcongestionwasencounteredinthedirectionfromdestinationtosource.
•DiscardEligibility(DE),1bitIndicatesthataframeisoflesserimportancethantheotherframesbeingtransmittedandthatitcanbediscardedintheeventofnetworkcongestion.
•ExtendedAddress(EA),1bitIndicateswhetherthecurrentbyte
![Page 171: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/171.jpg)
containsthelastbitoftheDLCI.Whentheframesusestandard10-bitDLCIs,thevalueofthisbitwillalwaysbel.TheEAfieldisintendedtosupportthefutureexpansionofframe-relaycloudsinwhichDLCIslongerthan10bitsareneeded.
•Information,variableContainsaprotocoldataunit(PDU)generatedbyanetworklayerprotocol,suchasanIPdatagram.Theframe-relayprotocolsdonotmodifythecontentsofthisfieldinanyway.
•FrameCheckSequence(FCS),2bytesContainsavaluecomputedbythesourceFRADthatischeckedateachswitchduringtheframe’sjourneythroughthecloud.Framesinwhichthisvaluedoesnotmatchthenewlycomputedvaluearesilentlydiscarded.Detectionofthemissingframeandretransmissionarelefttotheupper-layerprotocolsattheendsystems.
•Flag,1byteContainsthebinaryvalue01111110(or7Einhexadecimalform)thatservesasadelimiterfortheframe.
![Page 172: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/172.jpg)
Figure7-7Theframe-relayframeformat
ATMAsynchronousTransferMode(ATM)haslongbeentheholygrailofthenetworkingindustry.Onceknownastheultimatenetworkingtechnology,ATMisdesignedtocarryvoice,data,andvideoovervariousnetworkmedia,usingahigh-speed,cell-switched,connection-oriented,full-duplex,point-to-pointprotocol.
Insteadofusingvariable-lengthframeslikeEthernet,framerelay,andotherprotocols,allATMtrafficisbrokendowninto53-bytecells.Thismakesiteasiertoregulateandmeterthebandwidthpassingoveraconnectionbecausebyusingdatastructuresofa
![Page 173: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/173.jpg)
predeterminedsize,networktrafficbecomesmorereadilyquantifiable,predictable,andmanageable.WithATM,it’spossibletoguaranteethatacertainquantityofdatawillbedeliveredwithinagiventime.Thismakesthetechnologymoresuitableforaunifiedvoice/data/videonetworkthananondeterministicprotocollikeEthernet,nomatterhowfastitruns.Inaddition,ATMhasqualityofservice(Q0S)featuresbuiltintotheprotocolthatenableadministratorstoreserveacertainamountofbandwidthforaspecificapplication.
ATMisbothaLANandWANprotocolandisaradicaldeparturefromtheotherlower-layerprotocolsexaminedinthisbook.AllATMcommunicationispoint-to-point.Therearenobroadcasts,whichmeansthatswitching,andnotrouting,isanintegralpartofthistechnology.ATMcanalsobedeployedonpublicnetworks,aswellasprivateones.PubliccarrierscanprovideATMservicesthatenableclientstoconnectLANsatremotelocations.Onprivatenetworks,ATMimplementationsatvariousspeedscanrunthroughoutthenetwork,fromthebackbonetothedesktop.Thus,thesamecellsgeneratedbyaworkstationcantraveltoaswitchthatconnectstheLANtoanATMcarrierservice,throughthecarrier’sATMcloud,andthentoaworkstationonthedestinationnetwork.Atnopointdothecellshavetoreachhigherthanthedatalinklayerofanintermediatesystem,andtransmissionspeedsthroughthecloudcanreachashighas2.46Gbps.
Whilenotyettotallyrealized,alargepartofthispotentialhascometopass.ATMisbeingusedasahigh-speedbackboneprotocolandforWANconnections,butthe25.6MbpsATMLANsolutionintendedfordesktopusehasbeeneclipsedbyFastEthernet,whichrunsat100Mbpsandisfarmorefamiliartothemajorityofnetworkadministrators.ManyenterprisebackbonesrunoverATM,largelybecauseadministratorsfindthatitsQ05capabilitiesandsupportforvoice,data,andvideomakeitabetterperformerthantraditionalLANprotocols.
YoucanuseanATMpacket-switchingserviceforyourWANlinksinroughlythesamewayasyouwoulduseframerelay,byinstallingarouteratyoursitesandconnectingthemtothecarrier’sPOPsusingleasedlines.ThisprocesstransmitstheLANdatatothePOPfirstandthenrepackagesitintocells.It’salsopossible,however,toinstallanATMswitchateachremotesite,eitheraspartofanATMbackboneorasaseparatedeviceprovidinganinterfacetothecarrier’snetwork.Thisway,theLANdataisconvertedtoATMcellsateachsitebeforeitistransmittedovertheWAN.Likeframerelay,ATMsupportsbothPVCsandSVCs,butATMwasdesignedfromthebeginningtosupportvoiceandvideousingSVCs,whileinframerelay,PVCsandSVCswerealateraddition.ATMhasanadvantageoverframerelaybecauseofitsgreaterspeedandmanageability.
Manyofthefamiliarconceptsofotherprotocols,suchasmediaaccesscontrolandvariable-lengthframes,arenotapplicabletoATM.BecauseATMdoesnotsharebandwidthamongsystems,thereisnoneedforaMACmechanismsuchasCSMA/CDortokenpassing.SwitchesprovideadedicatedconnectiontoeverydeviceontheATMnetwork.BecauseallATMtransmissionsarecomposedoffixed-lengthcells,theswitchingprocessissimplerandpredictable.AllATMswitchingishardwarebasedbecausethereisnoneedforsoftware-managedflowcontrolandothersuchtechnologies.ReferencestoATMsystemsanddevicesrefertoswitchesandrouters,aswellasactualcomputers.ThebandwidthdeliveredbyanATMnetworkisalsoreadilyquantifiable,makingiteasierto
![Page 174: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/174.jpg)
designatetheappropriateamountofbandwidthforaspecificapplication.OnanEthernetnetwork,forexample,itmaybenecessarytoprovidemuchmorebandwidththanisactuallyneededtoensuregoodperformancefromavideoconferencingapplication.Thisisbecauseyoumustaccountforthebandwidthrequiredforvideoconferencingontopofthemaximumbandwidthusedbyallotherapplicationscombined.Thenetwork,therefore,isdesignedtoaccommodatethepeaktrafficconditionthatoccursonlyasmallfractionofthetime.OnanATMnetwork,bandwidthcanbemorepreciselycalculated.
LikeEthernetandTokenRing,ATMencompassesthephysicalanddatalinklayersoftheOSIreferencemodelbutisitselfdividedintothreelayers(seeFigure7-8),whichareasfollows:
•Physicallayer
•ATMlayer
•ATMadaptationlayer
Figure7-8ATMarchitecture
Thefollowingsectionsexaminethefunctionsperformedateachoftheselayers.
ThePhysicalLayerTheATMstandardsdonotspecifyprecisephysicallayertechnologiesasmostotherdatalinklayerprotocolsdo.Thismediaindependenceisoneoftheguidingdesignprinciplesbehindthetechnology.ATMcanrunatvariousspeedsoverSynchronousOpticalNetwork(SONET)andD5-3connectionsandlocallyovermultimodefiber-opticandshieldedtwisted-pair(STP)cable,amongothers.Speedsrangefrom25.6Mbpsfordesktopconnectionsto2.46Gbps,althoughthemostcommonimplementationsrunat155or625Mbps.
ThehigherspeedsarecommonlyusedforbackbonesandWANconnections.
NOTESONETisafiber-opticstandardthatdefinesaseriesofopticalcarrier(OC)servicesrangingfromOC-1,operatingat51.84Mbps,toOC-192operatingat9,952Mbps.
TheATMphysicallayerisdividedintotwosublayers,calledthephysicalmedium
![Page 175: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/175.jpg)
dependent(PMD)sublayerandthetransmissionconvergence(TC)sublayer.ThePMDsublayerdefinestheactualmediumusedbythenetwork,includingthetypeofcableandotherhardware,suchasconnectors,andthesignalingschemeused.Thissublayerisalsoresponsibleformaintainingthesynchronizationofalltheclocksinthenetworksystems,whichitdoesbycontinuouslytransmittingandreceivingclockbitsfromtheothersystems.
TheTCsublayerisresponsibleforthefollowingfourfunctions:
•CelldelineationMaintainstheboundariesbetweencells,enablingsystemstoisolatecellswithinabitstream
•Headererrorcontrol(HEC)sequencegenerationandverificationEnsuresthevalidityofthedatainthecellsbycheckingtheerror-controlcodeinthecellheaders
•CellratedecouplingInsertsorremovesidlecellstosynchronizethetransmissionratetothecapacityofthereceivingsystem
•TransmissionframeadaptationPackagescellsintotheappropriateframefortransmissionoveraparticularnetworkmedium
TheATMLayerTheATMlayerspecifiestheformatofthecell,constructstheheader,implementstheerror-controlmechanism,andcreatesanddestroysvirtualcircuits.Therearetwoversionsofthecellheader,onefortheUserNetworkInterface(UNI),whichisusedforcommunicationsbetweenusersystemsorbetweenusersystemsandswitches,andtheNetwork-to-NetworkInterface(NNI),whichisusedforcommunicationsbetweenswitches.
Ineachcase,the53bytesofthecellaredividedintoa5-byteheaderanda48-bytepayload.ComparedtoanEthernetheader,whichis18bytes,theATMheaderseemsquitesmall,butrememberthatanEthernetframecancarryupto1,500bytesofdata.Thus,forafull-sizedEthernetframe,theheaderislessthan2percentofthepacket,whileanATMheaderisalmost10percentofthecell.ThismakesATMconsiderablylessefficientthanEthernet,asfarastheamountofcontroldatatransmittedacrossthewireisconcerned.
Figure7-9showstheformatoftheATMcell.Thefunctionsofthefieldsareasfollows:
•Genericflowcontrol(GFC),4bitsProvideslocalfunctionsintheUNIcellthatarenotcurrentlyusedandarenotincludedintheNXIcell.
•Virtualpathidentifier(VPI),8bitsSpecifiesthenextdestinationofthecellonitspaththroughtheATMnetworktoitsdestination.
•Virtualchannelidentifier(VCI),16bitsSpecifiesthechannelwithinthevirtualpaththatthecellwilluseonitspaththroughtheATMnetworktoitsdestination.
•Payloadtypeindicator(PTI),3bitsSpecifiesthenatureofthedatacarriedinthecell’spayload,usingthefollowingbitvalues:
![Page 176: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/176.jpg)
•Bit1Specifieswhetherthecellcontainsuserdataorcontroldata.
•Bit2Whenthecellcontainsuserdata,specifieswhethercongestionispresentonthenetwork.
•Bit3Whenthecellcontainsuserdata,specifieswhetherthepayloadcontainsthelastsegmentofanAAL-5PDU.
•Celllosspriority(CLP),1bitSpecifiesapriorityforthecell,whichisusedwhenanetworkisforcedtodiscardcellsbecauseofcongestion.Avalueof0indicatesahighpriorityforthecell,whileavalueof1indicatesthatthecellmaybediscarded.
•Headererrorcontrol(EC),8bitsContainsacodecomputedontheprecedingfourbitsoftheheader,whichisusedtodetectmultiple-bitheadererrorsandcorrectsingle-biterrors.ThisfeaturedetectserrorsintheATMheaderonly;thereisnoerrorcontrolofthepayloadatthislayer.
•Payload,48bytesContainstheuser,network,ormanagementdatatobetransportedinthecell.
![Page 177: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/177.jpg)
Figure7-9TheATMcellformat
VirtualCircuitsAconnectionbetweentwoATMsystemstakestheformofavirtualcircuit.Likeframerelay,ATMusestwotypesofvirtualcircuits:permanentvirtualcircuits(PVCs),whichnetworkadministratorsmanuallycreateandwhicharealwaysavailable,andswitchedvirtualcircuits(SVCs),whichsystemsdynamicallycreateasneededandthenterminateafteruse.
Establishingavirtualcircuitthroughthenetworktoadestinationenablesthetransmissionofcellsthroughthatcircuitwithoutextensiveprocessingbyintermediate
![Page 178: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/178.jpg)
systemsalongtheway.Avirtualcircuitiscomposedofavirtualpath(VP)andavirtualchannel(VC).Avirtualpathisalogicalconnectionbetweentwosystemsthatiscomposedofmultiplevirtualcircuits,muchasacablebetweentwopointscancontainmultiplewires,eachcarryingaseparatesignal.OnceaVPisestablishedbetweentwopoints,creatinganadditionalVCforanewconnectionwithinthatVPisarelativelysimplematter.
Inaddition,managingtheVPisaneasywayofmodifyingthepropertiesofalloftheVCsitcontains.Whenaswitchfails,forexample,theVPcanbereroutedtouseanotherpath,andallofitsVCsarereroutedwithit.EveryATMcellheadercontainsavirtualpathidentifierandavirtualchannelidentifier,whichspecifytheVPthatthecellisusingandtheVCwithinthatVP.
ATMAddressingATMnetworkshavetheirownaddressesforeachdevice,inadditiontoanyupper-layeraddressestheymightpossess.Theaddressesare20byteslongandhierarchical,muchliketelephonenumbers,enablingthemtosupportextremelylargenetworks.Unlikeprotocolsthatsharenetworkbandwidth,itisn’tnecessarytoincludesourceanddestinationaddressesineachcellbecauseATMtransmissionsusededicatedpoint-to-pointlinks.Instead,theaddressesareusedbytheATMswitchestoestablishtheVPIsandVCIsforaconnection.
TheATMAdaptationLayerTheprimaryfunctionoftheATMadaptationlayer(AAL)istopreparethedatareceivedfromthenetworklayerprotocolfortransmissionandsegmentitinto48-byteunitsthattheATMlayerwillpackageascellsbyapplyingtheheader.TheAALconsistsoftwosublayers,calledtheconvergencesublayer(CS)andthesegmentationandreassemblysublayer(SAR).TheCSpreparesthenetwork-layerdataforsegmentationbyapplyingvariousfieldsthatarespecifictothetypeofservicethatwilltransmitthedata,creatingconvergencesublayerprotocoldataunits(CS-PDUs).TheSARthensplitstheCS-PDUsintosegmentsoftheappropriatesizeforpackagingincells.
SeveralAALprotocolsareavailableatthissublayer,whichprovidedifferenttypesofservicetosupportvariousapplications.TheAALprotocolsareasfollows:
•AAL-1Aconnection-orientedserviceintendedforapplicationsthatrequirecircuitemulation,suchasvoiceandvideoconferencing.Thisservicerequiresclocksynchronization,soanetworkmediumthatsupportsclocking,suchasSONET,isrequired.Forthisservice,theCSsublayeraddsSequenceNumber(SN)andSequenceNumberProtection(SNP)fieldstothedatathatenablethereceivingsystemtoassemblethecellsintheproperorder.
•AAL-3/4Supportsbothconnection-orientedandconnectionlessdatatransferswithcell-by-cellerrorcheckingandmultiplexing.TheCScreatesaPDUbyaddingabeginning/endingtagtothedataasaheaderandalengthfieldasafooter.AftertheSARlayersplitstheCS-PDUintocell-sizedsegments,itaddsaCRCvaluetoeachsegmentforerror-detectionpurposes.
![Page 179: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/179.jpg)
•AAL-5AlsocalledSimpleandEfficientAdaptationLayer(SEAL),AAL-5providesbothconnection-orientedandconnectionlessservicesandismostcommonlyusedforLANtraffic.TheCStakesablockofnetworklayerdataupto64KBinsizeandaddsavariable-lengthpadandan8-bytetrailertoit.Thepadensuresthatthedatablockfallsonacellboundary,andthetrailerincludesablocklengthfieldandaCRCvaluefortheentirePDU.TheSARsplitsthePDUinto48-bytesegmentsforpackagingintocells.ThethirdbitofthePTIfieldintheATMheaderisthensettoavalueof0forallofthesegmentsofthedatablockexceptthelastone,inwhichitissetto1.
ATMSupportOneproblemisthecostandcomplexityofinstallingandsupportinganATMnetwork.WhileacompetentEthernetLANadministratorshouldbeabletoinstallthecomponentsofaGigabitEthernetbackbonewithlittletrouble,anATMbackboneisacompletelydifferentstory.ATMnetworksareahybridoftelecommunicationsanddatanetworkingtechnologies.Thesearetwoseparatetypesofnetworks,butinthecaseofATM,bothcanusethesamecablesandswitches.AnATMbackbone,therefore,maybeconnectednotonlytodatanetworkingcomponentssuchasrouters,switches,andservers,butalsotoPBXsandothertelecommunicationsdevices.
SONETSynchronousOpticalNetwork(SONET)carriesdataoverfiber-opticcablesusedtodaybymanylong-distancecarriers.Itwasoriginallydesignedtotransmitmanyinformationtypes,includingvoice,video,anddata.Thissystem,alongwithSynchronousDigitalHierarchy(SDH),isusedthroughouttheworldtotransmitinformation.
SONETworksatthephysicallayer,anditsprotocolsspecifyaconsistentmethodofmultiplexingmanysmallsignalsintoonelarger(andfaster)transmission.Severalcharacteristicsmakethistechnologyattractive:
•Built-insupportformaintenanceandmanagement
•Theabilitytocarrynearlyallhigher-levelprotocols
•Definitionofclearstandardsbetweenvariousproducts
Thistechnologyprovidesstandardsforlineratesupto9.953Gbps.Becausesomehaveexperiencedlineratesapproaching20Gbps,SONEThasbeencalledthefoundationforthephysicallayerofbroadbandISDN.ATMcanrunasalayerontopofbothSONETandothertechnologies.
![Page 180: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/180.jpg)
CHAPTER
![Page 181: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/181.jpg)
8 ServerTechnologies
Allofthecomputersonalocalareanetworkcontainroughlythesamecomponents,suchasamicroprocessor,memorymodules,massstoragedevices,keyboards,videoadapters,andotherinput/outputmechanisms.However,youcanstilldividethecomputersintotwobasiccategories:serversandclientworkstations.Atonetime,itwaseasytodifferentiatebetweenserversandclientsbecauseserversfunctionedonlyasserversandclientsonlyasclients.Serversinearlierdayswereessentiallycomputerswithmoreofeverything:fasterprocessors,morememory,andlargerharddrives,forexample.Nowthatmanycomputerscanfunctionasbothserversandclientssimultaneously,theboundarybetweentheserverandclientfunctionshasbeenobscuredsomewhat.Recentyearshaveseengreatdevelopmentsinthefeaturesandtechnologiesthatmakeaserverdifferentfromaworkstation.Fromapplicationserverstowebservers,eachmachineoffersdifferentservicesandhasdifferentfeatures.Thischapterexaminessomeofthesefeaturesandtechnologiesandexplainshowtheycanenhancetheperformanceofyournetwork.
PurchasingaServerWhenbuildingalocalareanetwork(LAN),youcanpurchasevirtuallyanycomputeranduseitasaserver.Theprimaryattributesthatmakeacomputeraserveraredeterminedbythenetworkoperatingsystem’shardwarerequirements.Forexample,theWindows2012Serverrequirementscallfor256MBofmemory,butyoucanactuallyruntheoperatingsystemonastandardworkstationcomputerwithaslittleas128MB.Itwon’trunaswell,butitwillrun.Whenshoppingforcomputers,you’llseethatsomeproductsarespecificallydesignedtobeserversandnotjustbecauseoftheoperatingsysteminstalledonthemortheamountofmemoryordiskspacetheycontain.Forasmallnetworkconsistingofonlyahandfulofnodes,itmaynotbepracticalforyoutospendtheextramoneyonacomputerdesignedtobeaserver.Instead,youcanpurchaseahigh-endworkstationwithsufficientresourcestoruntheserveroperatingsystemandusethat.Whenyoudoneedthefeaturesofarealserver,it’simportanttounderstandhowaservercandifferfromaworkstationandwhichfeaturesyouneedforyournetwork.
Whenyoulookatthedescriptionofaservercomputerinacatalogoronawebsite,itmayseematfirstasthoughyou’repayingmoremoneyforless.Serversoftendonotcomewithmonitors,andtheygenerallydonotincludethehigh-performancevideoadaptersandaudiosystemsyoufindinnearlyeveryhomeorofficecomputerpackage.
Thevideoadapterinaserverisinmanycasesintegratedintothecomputer’smotherboardandincludessufficientmemorytopoweradisplayatavarietyofresolutions.However,thevideosubsysteminaserverusuallydoesnotincludethe3-Dacceleratorandothercomponentsfoundonaseparateadaptercardusedinaworkstationformorevideo-intensivetasks,suchasgame-playingandmultimediaapplications.AvideoadapterinaserveralsotendsnottousetheAcceleratedGraphicsPort(AGP)foritsinterfacetothecomputerbecauseAGPusessystemmemoryforsomeofitsfunctions,andinaserver,youwantasmuchsystemmemoryaspossibletobedevotedtoyourserverapplications.
![Page 182: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/182.jpg)
Asforaudio,mostserversincludenoaudioadapteratallor,atmost,arudimentaryonethatisalsointegratedintothemotherboard.Speakersareusuallynotincluded.Theonlypurposeforhavinganyaudiocapabilitiesinaserveristoprovideaudiblefeedbackalertingtheadministratorofparticularsystemconditions.However,sinceserversareoftenkeptinalockedclosetordatacenter,eventhisbasicaudiocapabilityusuallyisn’tnecessary.
NOTEAlthoughserversgenerallydonotcomeequippedwithhigh-endvideoandaudioadapters,thereisusuallynoreasonwhyyoucan’taddthemlaterandusethecomputerfortasksmoretraditionallyassociatedwithclientworkstations.
Thequestionthenremains,whatdoyougetwhenyoupurchaseaserverformoremoneythanyouwouldspendonaworkstationwiththesameprocessorandacomparableamountofmemoryanddiskspace?Thefollowinglistexaminesthewaysinwhichthebasiccomponentsinaserverdifferfromtheircounterpartsinaworkstation:
•CaseAservercasecanbelargerthanthatofaworkstationinordertoprovideroomforgreaterexpansion.Servercasesareusuallyeitherfreestandingtowersorspeciallydesignedtobemountedinastandard19-inchequipmentrack.Expandabilityisanimportantqualityinaserver,andthecasestypicallyhavealargenumberandvarietyofbaystosupporttheinstallationofadditionaldrives.
Sinceaserverdoesn’tusuallytakeupspaceonauser’sdesk,maintainingasmallfootprintisnotaconcern,andservercasestendnottohavetheircomponentsshoehornedintothemintheinterestofsavingspace.Theresultisthatthereismoreroomtoworkinsidethecaseandeasieraccesstothecomponents.Aservercasemightalsohavegreaterphysicalsecuritythanastandardcomputercase,suchasakey-lockablecoverthatpreventsanyaccesstotheservercontrolsanddrives.
•PowersupplyTosupportthegreaternumberofdrivesandotherdevicesfrequentlyfoundinaserver,thepowersupplyistypicallymorerobust.Thepowersupplyusuallyalsohasmoreinternalpowerconnectorsavailabletoattachtoinstalleddevices.Insomecases,aserver’spowersupplymighthaveitsowninternalsurgeprotectioncircuitry.Someserversalsohaveredundantpowersupplies,providingfaulttoleranceintheeventofapowersupplyfailure.
•FansThepossibilityofhavingmanymoredrivesandmultipleprocessorsinaservermeansthatthecomputercanpotentiallygeneratealotmoreheatthanaworkstation.Servercasestypicallyhavemultiplefansinthem,asidefromtheoneinthepowersupply.Awell-designedcasewillalsohaveacarefullyplannedventilationpaththatblowsthecoolerairfromtheoutsidedirectlyacrossthecomponentsthatmostneedtobekeptcool.Insomecases,serversuseasealedcasedesigninwhichalloftheairenteringthecaserunsthroughafilter,enablingtheservertofunctioninanindustrialenvironmentwithoutcontaminatingtheinternalcomponentswithdustandotherparticles.Somehigh-endserversdesignedformission-criticalapplicationsalsohavehot-swappablemodularfan
![Page 183: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/183.jpg)
assemblies,meaningthatshouldafanfail,it’spossibletoreplacetheunitwithoutshuttingdowntheserver.•ProcessorServersusethesamemodelprocessorsasworkstations,andgiven
thecomputerindustry’sdedicationtoaggressivelymarketingthenewestandfastestprocessorstohomeusers,youmayfindthataserver’sprocessorisnotanyfasterthanaworkstation’s.Infact,becauseserversaredesignedwithanemphasisonexpandabilityandbecausetheycostmore,theytendtohavelongerlivesthanworkstations,meaningthattheymighthaveaprocessorthatisslowerthanthe“latestandgreatest.”Whereserversdodifferfromworkstationinthisareaisthattheyoftenhavemorethanoneprocessor.Formoreinformation,see“UsingMultipleProcessors”laterinthischapter.
•MemoryServersaretypicallycapableofsupportingmorememorythanworkstations,sometimesalotmore.Examiningtheinsideoftheserverandaworkstation,youmaynotseeanydifferencebecauseaservermayhavethesamenumberofmemoryslotsasaworkstationandusethesamebasictypeofmemorymodules.Theserverwillsupportmodulescontainingmorememory,however,inagreatervarietyofconfigurations.
Inadditiontothesedifferencesinaserver’sbasiccomponents,thereareothermoreadvancedtechnologiesthatcanhaveanevengreaterimpactonthecomputer’sperformance,asdiscussedinthefollowingsections.
UsingMultipleProcessorsEventhoughtheprocessordesignsusedincomputerstodayarecontinuallybeingenhancedandupgradedtorunateverfasterspeeds,serversoftenrequiremoreprocessingpowerthananysingleprocessorcanprovide.Thisisbecauseaserverapplicationsuchasadatabaseenginemayhavetoservicerequestsfromdozensorevenhundredsofusersatthesametime.Toincreasetheprocessingpoweravailabletotheapplication,youcanaddmoreprocessors.Youcanmultiplytheprocessingpowerofaserverintwoways:byinstallingmultipleprocessorsintothecomputerorbyconnectingmultiplecomputersusingahardwareorsoftwareproductthatjoinsthemintoaclusterorasystemareanetwork(SAN).
ParallelProcessingTheuseofmultipleprocessorsinasinglecomputerisnotanewidea,althoughithasbecomecommoninthePCindustryonlyinthelastfewyears.Thetwobiggestadvantagesofusingmultipleprocessorsareeconomyandexpandability.Whenaprocessormanufacturerreleasesanewproduct,itspricecomparedtothepreviousmodelsisalwaysdisproportionatelyhighfortheperformanceincreaseitprovides.Aseachnewprocessorissupersededbythenextmodel,thepricedropsquickly.Bypurchasingaserverwithmultipleprocessorsinit,youcanrealizenearlythesameprocessingpowerasthelatestchiponthemarketformuchlessmoney.Multipleprocessorsupportcanalsoextendthelifeofaserverbyenablingtheownertoupgradeitasneeded.Youcanbuyasingle-processorservercontainingamotherboardthatsupportsuptofourprocessorsforonly
![Page 184: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/184.jpg)
slightlymorethanacomputerwithastandardsingleprocessormotherboard.Later,astheburdenontheserverisincreasedbytheadditionofmoreusersorapplications,youcanbuyadditionalprocessorsandinstallthemintotheemptymotherboardsockets.
Themethodbywhichacomputermakesuseofmultipleprocessorsisknownasparallelprocessing.Thisconsistsofdistributingcomputingtasksamongtheavailableprocessorssothattheyareallcontinuouslyactive.Therearevariousmethodsinwhichcomputerswithmultipleprocessorscanimplementparallelprocessing.Supercomputersystems,forexample,cancombinethecapabilitiesofhundredsofprocessorstoperformcomplextasksthatrequireenormousnumbersofcomputations,suchasweatherforecasting.Inmostcases,thesesupercomputersuseatechniquecalledmassivelyparallelprocessing(MPP),inwhichtheprocessorsaregroupedintonodesandconnectedbyahigh-speedswitch.Inthisarrangement,eachnodehasitsownmemoryarrayanditsownbusconnectingtheprocessorstothememory.Thereisnosharingofresourcesbetweennodes,andcommunicationbetweenthemisrestrictedtoadedicatedmessagingsystem.
SymmetricMultiprocessingTheserverswithmultipleprocessorsusedonLANstodayemployadifferentmethod,calledsymmetricalmultiprocessing(SMP).InanSMPsystem,theprocessorsshareasinglememoryarray,input/output(I/O)system,andinterrupts,asshowninFigure8-1.Processingtasksaredistributedevenlybetweenalloftheprocessors,soitisn’tpossibleforoneprocessortobeoverloadedwhileanothersitsidle.Thisisincontrasttoanothersystem,calledasymmetricalmultiprocessing,inwhichtasksareassignedtoeachprocessorindividuallyandtheworkloadmaynotbebalanced.
![Page 185: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/185.jpg)
Figure8-1SMPcomputershaveasinglememoryarrayandI/Obus,whicharesharedbyalloftheprocessors.
SharingasinglememoryarrayeliminatestheneedforthemessagingsystemfoundinMPP.TheprocessorsinanSMPcomputercancommunicateandsynchronizetheiractivitiesmorequicklythanmostotherparallelprocessingtechnologies.
Itisimportanttonotethathavingmultipleprocessorsinacomputerisnotconsideredtobeafault-tolerancemechanism.Ifoneoftheprocessorsshouldfailwhilethesystemisrunning,thecoherencyofthecachedoperatingsystemandapplicationinformationarelikelytobeaffected,eventuallycausingacrash.Failureorremovalofaprocessorwhilethecomputerisshutdown,however,willnothaveadeleteriouseffectsincetheoperatingsystemdetectsthenumberofavailableprocessorsduringthestartupsequenceandconfiguresitselfaccordingly.
HardwareandSoftwareRequirementsTousemultipleprocessorsinaLANserver,SMPmustbesupportedbytheprocessorsthemselves,thecomputer’smotherboard,theoperatingsystem,andtheapplicationsrunningontheserver.Ifyouinstallanoperatingsystemoranapplicationthatdoesn’tsupportSMPonaserverwithmultipleprocessors,thesoftwarefunctionsinthenormalmannerusingonlyoneoftheprocessors.
MostoftheoperatingsystemsintendedforuseonserverssupportSMP.MostoftheUnixoperatingsystemssupportSMP,includingLinuxversionsaswellasMac.Insomecases,suchasFreeBSD,youhavetosubstituteamultiprocessorkernelforthestandardonesuppliedwiththeoperatingsystem.Interestingly,althoughitisnotconsideredaserverapplication,AdobePhotoshopalsosupportsSMP,makingitpossibleforgraphicdesignersworkingwithlargeimagefilesandcomplexfunctionstotakeadvantageofacomputerwithmultipleprocessors.
ServerClusteringAclusterisagroupofserversthatareconnectedbycablesandthatfunctionasasingleentity.Toaclientonthenetwork,theclusterappearstobeasingleserver,eventhoughitconsistsoftwoormorecomputers.Clusteringcanprovidethesameadvantageashavingmultipleprocessorsinasingleserversinceitispossibletodividetheserver’sworkloadbetweentheprocessorsinthevariouscomputersthatmakeupthecluster.However,clusteringcanalsoprovidefaulttoleranceinwaysthatSMPcannot.
Thecomputersthatmakeupaclusterareconnectedprogrammaticallyaswellasphysically.Insomecases,operatingsystemsprovidedirectsupportforclustering,whileinothers,aseparateapplicationisrequired.
Clusteringcanprovidetwobasicadvantagesoverasingleserver:loadbalancingandfaulttolerance.Loadbalancingistheprocessbywhichthetasksassignedtotheserveraredistributedevenlyamongthecomputersinthecluster.Thisconceptcanworkindifferentways,dependingontheapplicationinvolved.Forexample,aclusterofwebserverscanbalanceitsloadbysendingeachoftheincomingrequestsfromwebbrowserclientstoadifferentserver.WhenyouconnecttoahugelypopularInternetwebsite,youcanbesurethatallofitsthousandsofconcurrentusersarenotbeingservedbyasinglecomputer.
![Page 186: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/186.jpg)
Instead,thesiteusesaserverfarmthatconsistsofmanyidenticallyconfiguredcomputers.Eachtimeyouconnecttothesitewithyourwebbrowser,youareprobablyaccessingadifferentserver.Aclusteredterminalserverworksinthesameway;eachnewclientconnectingtotheserverisdirectedtothecomputerthatiscurrentlycarryingthelightestload.Otherapplicationsthatsplittheprocessingintothreadscandistributethosethreadsequallyamongthecomputersinthecluster.
Thisloadbalancingcapabilitygreatlyenhancestheexpandabilityoftheserver.Ifyoureachapointwheretheserverisoverburdenedbytheapplicationtrafficitmusthandle,youcansimplyaddanothercomputertothecluster,andtheworkloadwillautomaticallybebalancedamongtheavailablesystems,thusreducingtheloadoneachone.YoucanalsoupgradetheserverbyinstallingadditionalprocessorstoSMPcomputersintheclusterorbyreplacingacomputerwithonethatisfasterandmorecapable.
Loadbalancingalsoprovidesfaulttolerance.Ifoneofthecomputersintheclustershouldfail,theotherscontinuetofunctionwiththeloadredistributedbetweenthem.However,it’salsopossibletoconstructaclusterwithmoreextensivefailovercapabilities.Afailoverclusterisoneonwhichconnectedcomputersareconfiguredsothatwhenonefails,theothertakesoverallofitsfunctions.Thistypeofclusterisbettersuitedtodatabaseande-mailserversthatmustbecontinuouslyavailable.E-commerceisoneofthefewtechnologiesthatcanrequirebothloadbalancingandfailovertechnologiesinonecluster.
Intoday’sclusteringproducts,agroupofcomputerscanbeclusteredinafailoverconfigurationwithoutleavingsomeofthemachinesidle.Ifoneofthecomputersfails,itsapplicationsaremigratedtoanothercomputerinthecluster,whichtakesoveritsfunctions,asshowninFigure8-2.(Forthistooccur,allofthecomputersintheclustermusthaveaccesstotheapplicationsanddatausedbytheothercomputers.)
![Page 187: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/187.jpg)
Figure8-2Inaservercluster,alloftheserversareactive,withfunctionsreadytofailovertootherservers.
SystemAreaNetworksAsystemareanetwork(orSAN,nottobeconfusedwithastorageareanetwork,alsoabbreviatedSAN)isessentiallyadedicated,switchednetworkthatconnectsagroupofcomputersthatareinthesameadministrativedomainandlocatedrelativelyclosetoeachother.Thenetworkachievesgreatertransmissionspeedsbyimplementingareliabletransportservice(muchliketheTransmissionControlProtocol[TCP])inhardwareinsteadofsoftware.TheSANhardwareconsistsofnetworkinterfaceadaptercardsthatuseFibreChannelconnectionstoacentralswitch.ASANnetworkinterfaceadaptermakesindividualtransportendpoints(muchliketheportsusedinaTCPsoftwareimplementation)availabletotheconnectedcomputers.Theseendpointsarememory-basedregistersthataresharedbytheSANnetworkadapterandthecomputer’sprocessor.Theprocessorcanthereforepasstheincomingtrafficdirectedataparticularendpointimmediatelytotheappropriateapplicationrunningonthecomputer.Inasense,aSANoperatesmuchlikeadistributedmemoryarray,ratherthanastandardnetworking
![Page 188: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/188.jpg)
technology.
ClusterNetworkingHardwareTherearetwoareasinwhichtheuseofserverclusteringcanaffectthehardwareusedtoconstructanetwork:thenetworkconnectionsthemselvesandtheserver’smassstoragehardware.Thecomputersinaclusterusestandardnetworkconnectionstocommunicatewitheachother.Infact,itispossibletobuildaserverclusterwithnoadditionalnetworkinghardwareotherthaneachcomputer’snormalconnectiontotheenterprisenetwork.Inafailoverconfiguration,theserversintheclustercommunicatebyexchangingsignalsatregularintervalscalledheartbeats.Theseheartbeatsserveasanindicationtoeachcomputerthattheothercomputersintheclusterareupandrunningproperly.Ifacomputerfailstotransmitapredeterminednumberofconsecutiveheartbeats,theothercomputersintheclusterassumethatithasfailedandtakeactiontoassumeitsfunctions.Thissameheartbeatmethodalsofunctionsattheapplicationlevel.Ifasingleapplicationfailsononeofthecomputersinthecluster,theclusterserviceattemptstorestartitonthesamecomputer.Ifthisshouldfail,theservicethenmigratestheapplicationtoanothercomputerinthecluster.
Theheartbeatscanbeexchangedoverthenormalnetworkconnection,butiftheclusterisonasharednetworkwithothersystems,theadditionaltrafficgeneratedbytheheartbeatscanbeaproblem.Inaddition,thenetworkconnectionprovidesasinglepointoffailure.Ifacablebreakorafailureinahuborothernetworkcomponentshouldoccur,theheartbeatscanfailtoreachallofthecomputersinthecluster,resultinginaconditioninwhichbothcomputersattempttotakeonthefunctionsoftheother.
Toaddresstheseproblems,it’sagoodideatobuildaseparate,privatenetworkthatisdedicatedtothecomputersinthecluster.Ethernetistypicallytheprotocolofchoiceforthisarrangement,withGigabitEthernetanoptionforinstallationsthatcanbenefitfromgreaterspeeds.Notonlydoesthisprivatenetworkensurethattheheartbeatsgeneratedbyeachcomputerreachtheothersinatimelyfashion,italsoprovidesabackupfortheintraclustercommunications.Laterinthischapter,youwillseehowthisseparatenetworkcanalsobeusedwithahigher-speedprotocolsuchasFibreChanneltoconnecttheserverstoexternaldrivearraysandotherstoragedevices.Thisiscalledastorageareanetwork.
ClusterStorageHardwareOneoftheelementsthatcomplicatetheimplementationofaclusteringsolutioninafailoverconfigurationisthateachofthecomputersintheclusterrequiresaccesstotheapplicationsanddatarunningontheothercomputers.Therearethreewaystoaccomplishthis,whichhavecometodefinethethreebasichardwareconfigurationsyoucanuseinacomputerthatispartofacluster.Thesethreehardwareconfigurationsareasfollows:
•ShareddiskInashareddiskconfiguration,thecomputersintheclusterareallconnectedtothesamediskarrayusingacommonI/Obussothatallofthecomputerscanaccessthesameapplicationsanddatasimultaneously.ThediskarraytypicallyusessomeformofSCSI,FibreChannel,orserialstoragearchitecture(SSA)toconnecttothecomputers.Becausethisarrangementmakesitpossiblefortwocomputerstoupdatefilesontheshareddrivesatthesametime,
![Page 189: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/189.jpg)
anadditionalsoftwarecomponentcalledadistributedlockmanagerisneededtopreventfilesfrombeingcorruptedandnewdatafrombeingoverwritten.
•SharednothingAsharednothingconfigurationisoneinwhichthereisnosimultaneousaccessofthesamedatastoresbydifferentcomputersinthecluster.Theredundantconnectionissothatifonecomputershouldfailanditsapplicationsfailovertoanothercomputer,thesubstitutecanimmediatelyaccessthesamedatastoresastheoriginalsystemandcontinuewhereitleftoff.
•MirroreddiskInamirroreddiskconfiguration,eachcomputermaintainsitsownstoragedrives,anddataisreplicatedbetweenthecomputersonaregularbasis.
UsingHierarchicalStorageManagementHierarchicalstoragemanagement(HSM)isatechniqueforstoringdataonavarietyofdevicetypesinordertominimizestoragecostswhileprovidingeasyaccessibility.Asageneralrule,thecheaperthemedium,thesloweritsaccesstime.Byinstallingvarioustypesofdrivesinaserver,youcanminimizeyourstoragecostsbyputtingthemostfrequentlyusedfilesonharddrives,occasionallyusedfilesonopticaldiscs,andseldomusedfilesonmagnetictape.
Theproblemwiththisarrangementiskeepingtrackofwhichfilesarestoredonwhichdevice,andthisiswhereHSMprovidesasolution.HSMisasoftwareproductthatautomaticallymigratesfilesbetweenthevariousmedia,dependingonhowoftenthey’reaccessed.AtypicalHSMinstallationconsistsofaserverwithoneormoreharddrivesandanopticaldiscjukeboxormagnetictape,orboth.Thesedevicesenableyoutomaintainlargeamountsofstorageandstillaccessitwithouthumanintervention.Thisisknownasnearlinestorage.
Whenafileonaharddrivegoesacertainnumberofdayswithoutbeingaccessed,theHSMsoftwaremigratesittothesecondarymedium,suchasanopticaldisc.Aftercopyingthefiletotheopticaldisc,thesoftwarecreatesatinykeyfileinitsplaceontheharddrive.Thekeyfilespecifiesthelocationoftheactualfileandprovidesaplaceholderfornetworkusers.Ifthefilegoesevenlongerwithoutbeingaccessed,HSMmigratesittoatertiarymedium(suchastape)andupdatesthekeyfile.Toauseronthenetwork,thefilesthathavebeenmigratedtoothermediaappeartostillbeontheharddrive.Whentheuserattemptstoaccessthefile,HSMreadsthecontentsofthekeyfile,loadstheappropriatediskortapeintothedrive,readsthefile,andsuppliesittotheuser.TheonlysigntotheuserthatthefileisnotstoredontheharddriveistheadditionaltimeittakesforHSMtosupplythefile.Everythingelseiscompletelyinvisible.Iftheusermodifiesthefile,HSMmigratesitbacktotheharddrive,whereitremainsuntilitreachesthemigrationintervalonceagain.
HSMsoftwareproductsareusuallyhighlyconfigurable,enablingyoutousevariouscombinationsofmediaandspecifywhatevermigrationintervalsyouwant.AnHSMinstallationisnotcheap,butforanetworkthatmuststorevastamountsofdatawhilekeepingitallavailableatafewminutes’notice,HSMisaviablesolution.
![Page 190: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/190.jpg)
FibreChannelNetworkingThedevelopmentofnewnetworkstoragetechnologies,suchasnetworkattachedstorage(NAS)andstorageareanetworks(SANs),thatcallforstoragehardwareexternaltotheserverhasresultedintheneedforameanstotransmitlargeamountsofdatabetweenrelativelydistantdevicesathighspeeds.
FibreChannelwasconceivedin1988asahigh-speednetworkingtechnologythatitsadvocateshopedwouldbethesuccessortoFastEthernetandFiberDistributedDataInterface(FDDI)onbackbonenetworksthatrequiredlargeamountsofbandwidth.RatifiedinaseriesofAmericanNationalStandardsInstitute(ANSI)standardsin1994,FibreChannelneverfoundacceptanceasagenerallocalareanetworkingprotocol,althoughGigabitEthernet,anextensionoftheEthernetstandardusingtheFibreChannelphysicallayeroptions,did.Instead,FibreChannelhasbecometheprotocolofchoiceforhigh-endnetworkstoragetechnologiesandhasparticularlybecomeassociatedwithSANs.AFibreChannelconnectioncantransferdataattherateof32Gbps.
NOTETheunusualspellingoffibreisdeliberateandintendedtodistinguishthetermFibreChannelfromfiberoptic.
Unlikedevicesthatconnectstoragedevicesandserversusingabus,FibreChannelisessentiallyaseparatenetworkthatcanconnectvarioustypesofstoragedeviceswiththeserversonanetwork.FibreChannelusesstandardnetworkinghardwarecomponents,suchascables,hubs,andports,toformthenetworkmedium,andtheconnectednodestransmitandreceivedatausinganyoneofseveralservices,providingvariouslevelsofperformance.FibreChanneldiffersfromstandardnetworkingprotocolssuchastheInternetProtocol(IP)inthatmuchofits“intelligence”isimplementedinhardware,ratherthaninsoftwarerunningonahostcomputer.
TheFibreChannelprotocolstackconsistsoffivelayersthatperformthefunctionsattributedtothephysicalanddatalinklayersoftheOpenSystemsInterconnection(OSI)referencemodel.Theselayersareasfollows:
•FC-0ThislayerdefinesthephysicalcomponentsthatmakeuptheFibreChannelnetwork,includingthecables,connectors,transmitters,andreceivers,aswellastheirproperties.
•FC-1Thislayerdefinestheencodingschemeusedtotransmitthedataoverthenetwork,aswellasthetimingsignalsanderrordetectionmechanism.FibreChannelusesanencodingschemecalled8B/10B,inwhich10bitsareusedtorepresent8bitsofdata,thusyieldinga25percentoverhead.
•FC-2Thislayerdefinesthestructureoftheframeinwhichthedatatobetransmittedisencapsulatedandthesequenceofthedatatransfer.
•FC-3Thislayerdefinesadditionalservicessuchasthestripingofdataacrossmultiplesignallinestoincreasebandwidthandtheuseofmultipleportswithasinglealiasaddress.
•FC-4ThislayermapstheFibreChannelnetworktotheupper-layer
![Page 191: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/191.jpg)
protocolsrunningoverit.Whileit’spossibletomapFibreChanneltostandardnetworkingprotocols,suchasIP,theFibreChannelProtocol(FCP)istheprotocolusedtoadaptthestandardparallelSCSIcommandstotheserialSCSI-3communicationsusedbystoragedevicesonaFibreChannelnetwork.
TheFibreChannelPhysicalLayerFibreChannelsupportsbothfiber-opticandcoppercables,withfiberopticprovidinggreatersegmentlengths.
Thethreephysicallayercableoptionsareasfollows:
•SinglemodefiberopticNine-micronsinglemodefiber-opticcable,usingstandardSCconnectors,withamaximumcablelengthof10,000meters
•MultimodefiberopticFifty-or62.5-micronmultimodefiber-opticcablewithSCconnectors,withamaximumcablelengthof500meters
•Shieldedtwisted-pair(STP)Type1STPcablewithDB-9connectors,withamaximumcablelengthof30meters
Usinganyofthesecabletypes,youcanbuildaFibreChannelnetworkwithanyoneofthethreefollowingtopologies:
•Point-to-pointThepoint-to-pointtopologylinksaFibreChannelhostbusadapterinstalledintoacomputertoasingleexternalstoragedeviceorsubsystem.
•LoopThelooptopology,alsocalledacontinuousarbitratedloop,cancontainanunlimitednumberofnodes,althoughonly127canbeactiveatanyonetime.Youcanconnectthenodestoeachotherusingaphysicalloop,oryoucanimplementthelooplogicallyusingahubandaphysicalstartopology,asinaTokenRingnetwork.Traffictravelsonlyonedirectionontheloop,unlikeSSAandFDDI,whichhaveredundantloopsthatpermitbidirectionalcommunications.Therefore,inthecaseofaphysicalloop,acablebreakornodefailurecantakedownthewholeloop,whilethehubinalogicalloopcanremovethemalfunctioningnodeandcontinueoperating.EachofthenodesinaFibreChannelloopactsasarepeater,whichpreventssignaldegradationduetoattenuation,butaloopisstillasharednetworkwithmultipledevicesutilizingthesamebandwidth,whichcanlimittheperformanceofeachdevice.
•FabricThefabrictopologyconsistsofnodesconnectedtoswitcheswithpoint-to-pointconnections.JustasonanEthernetnetwork,switchingenableseachdevicetousethefullbandwidthofthenetworktechnologyinitstransmissions.FibreChannelusesnonblockingswitches,whichenablemultipledevicestosendtrafficthroughtheswitchsimultaneously.AswitchedFibreChannelnetworkhasthebenefitofalmostunlimitedexpandabilitywhilemaintainingexcellentperformance.
FibreChannelCommunicationsCommunicationsoveraFibreChannelnetworkarebrokendownintothreehierarchicalstructures.Thehighest-levelstructureiscalledanexchange,whichisabidirectional,
![Page 192: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/192.jpg)
application-orientedcommunicationbetweentwonodesonthenetwork.Inthecontextofastorageoperation,anexchangewouldbetheprocessofreadingfromorwritingtoafile.Asingledevicecanmaintainmultipleexchangessimultaneously,withcommunicationsrunninginbothdirections,ifneeded.
Anexchangeconsistsofunidirectionaltransmissionsbetweenportscalledsequences,whichinthecontextofareadorwriteoperationaretheindividualblockstransmittedoverthenetwork.Eachsequencemustbecompletedbeforethenextonecanbegin.Sequencesarecomposedofframes,andtheframeisthesmallestprotocoldataunittransmittedoveraFibreChannelnetwork.FibreChannelframesareconstructedmuchliketheframesusedinothernetworkingprotocols,suchasEthernetandIP.Theframeconsistsofdiscretefieldsthatcontainaddressinganderrordetectioninformation,aswellastheactualdatatobetransmitted.Inthestoragecontext,aframeistheequivalentofaSCSIcommand.
FibreChannelprovidesthreeclassesofservice,withdifferentresourcerequirementsandlevelsofperformanceprovidedbyeach.Theseserviceclassesareasfollows:
•Class1Class1isareliable,connection-oriented,circuit-switchedserviceinwhichtwoportsonthenetworkreserveapaththroughthenetworkswitchestoestablishaconnectionforaslongastheyneedit.Theresultisthefunctionalequivalentofapoint-to-pointconnectionthatcanremainopenforanylengthoftime,evenpermanently.Becauseavirtualcircuitexistsbetweenthetwonodes,framesarealwaystransmittedandreceivedinthesameorder,eliminatingtheadditionalprocessingrequiredtoreorderthepackets,asonanIPnetwork.TheClass1servicetendstowastebandwidthwhentheconnectionisnotinuseallofthetime,butforapplicationsthatrequireaconnectionwiththeultimateinreliabilityandperformance,theexpenditurecanbeworthwhile.
•Class2Class2isaconnectionlessservicethatprovidesthesamereliabilityasClass1throughtheuseofmessagedeliveryandnondeliverynotifications.SinceClass2isnotacircuit-switchedservice,framesmayarriveatthedestinationportinthewrongorder.However,itistheportinthereceivingnodethatreorderstheframes,nottheprocessorinsidetheserverorstoragesubsystemcontainingtheport.Byplacingtheresponsibilityforordereddeliveryofframesontheportratherthanontheswitch,asintheClass1service,theswitchesarebetterabletoprovidethemaximumamountofbandwidthtoallofthenodesonthenetwork.TheClass2servicecanthereforeprovideperformanceandreliabilitythatisnearlythatoftheClass1service,withgreateroverallefficiency.MoststoragenetworkimplementationsuseClass2ratherthanClass1forthisreason.
•Class3Class3isanunreliableconnectionlessservicethatdoesnotprovidenotificationofdeliveryandnondeliverylikeClass2.Removingtheprocessingoverheadrequiredtoimplementthenotificationsreducesportlatencyandthereforegreatlyincreasestheefficiencyofthenetwork.Thisisparticularlytrueinthecaseofaloopnetwork,whichusesasharedmedium.Inthecaseofastoragenetwork,theFCPprotocolprovidesframeacknowledgmentandreorderingservices,makingitunnecessarytoimplementtheminthenetworkhardware.
![Page 193: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/193.jpg)
NOTEThereisalsoanextensiontotheClass1servicecalledIntermix,whichenablesotherprocessestoutilizetheunusedbandwidthofaClass1connectionforthetransmissionofClass2andClass3traffic.Inthisarrangement,however,theClass1trafficmaintainsabsolutepriorityovertheconnection,whichcancausethenodestobufferordiscardClass2and3frames,ifnecessary.
NetworkStorageSubsystemsIntheoriginalclient-servernetworkdesign,theserverwasacomputerconstructedverymuchlikeaclient,exceptwithmorestoragecapacity,morememory,afasterprocessor,andsoon.Astheyearshavepassedanddatastoragerequirementshaveincreasedatanexponentiallevel,ithasbecomeunwieldyforapersonalcomputertocontainenoughspaceandpowerforthemanydrivesusedinmodernstoragearrays.Movingthestoragemanagementtasksawayfromtheserverandintoadedicateddevicealsoreducestheprocessingburdenontheserver.Today,withserverclustersandotheradvancedservertechnologiesbecomingmorepopular,thereisadrivetowardstoragearrayswithgreatercapabilities.
OneofthesolutionsistointegratethestandardstorageI/Oarchitecturewiththenetworkingarchitectureusedforothercommunicationsbetweensystems.CombiningI/Oandnetworkingmakesitpossibletolocatetheserversandthestoragearraysvirtuallyanywhere,buildamoreflexibleandexpandablestoragesolution,andenableanyserveronthenetworktoworkwithanystoragedevice.Therearetwotechnologiesthatareleadingthewayinthisnewareaofdevelopment:networkattachedstorageandstorageareanetworks.Thesetechnologiesarenotmutuallyexclusive;infact,thefuturenetworkislikelytoencompassbothtosomedegree.
NetworkAttachedStorageNetworkattachedstorageisatermthatisgenerallyappliedtoastand-alonestoragesubsystemthatconnectstoanetworkandcontainseverythingneededforclientsandserverstoaccessthedatastoredthere.AnNASdevice,sometimescalledanetworkstorageappliance,isnotjustaboxwithapowersupplyandanI/Obuswithharddrivesinstalledinit.Theunitalsohasaself-containedfilesystemandastripped-down,proprietaryoperatingsystemthatisoptimizedforthetaskofservingfiles.TheNASapplianceisessentiallyastand-alonefileserverthatcanbeaccessedbyanycomputeronthenetwork.Foranetworkthathasserversdedicatedprimarilytofile-servingtasks,NASappliancescanreducecostsandsimplifythedeploymentandongoingmanagementprocesses.Becausetheapplianceisacompleteturnkeysolution,thereisnoneedtointegrateseparatehardwareandoperatingsystemproductsorbeconcernedaboutcompatibilityissues.
NASappliancescanconnecttonetworksindifferentways,anditisherethatthedefinitionofthetechnologybecomesconfusing.AnNASserverisadevicethatcanrespondtofileaccessrequestsgeneratedbyanyothercomputeronthenetwork,includingclientsandservers.Thedevicetypicallyusesastandardfilesystemprotocollikethe
![Page 194: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/194.jpg)
NetworkFileSystem(NFS)ortheCommonInternetFileSystem(CIFS)foritsapplicationlayercommunications.TherearetwodistinctmethodsfordeployinganNASserver,however.YoucanconnecttheappliancedirectlytotheLAN,usingastandardEthernetconnection,enablingclientsandserversaliketoaccessitsfilesystemdirectly,oryoucanbuildadedicatedstoragenetwork,usingEthernetorFibreChannel,enablingyourserverstoaccesstheNASandsharefileswithnetworkclients.
Thelattersolutionplacesanadditionalburdenontheservers,butitalsomovestheI/OtrafficfromtheLANtoadedicatedstoragenetwork,thusreducingnetworktrafficcongestion.WhichoptionyouchooselargelydependsonthetypeofdatatobestoredontheNASserver.IfyouusetheNAStostoreusers’ownworkfiles,forexample,itcanbeadvantageoustoconnectthedevicetotheLANandletusersaccesstheirfilesdirectly.However,iftheNASservercontainsdatabasesore-mailstores,aseparateapplicationserverisrequiredtoprocessthedataandsupplyittoclients.Inthiscase,youmaybenefitmorebycreatingadedicatedstoragenetworkthatenablestheapplicationservertoaccesstheNASserverwithoutfloodingtheclientnetworkwithI/Otraffic.
StorageAreaNetworksAstorageareanetworkissimplyaseparatenetworkwithanenterprisethatisusedtoconnectstoragedevicesandthecomputersthatusethem.Inpractice,SANsareusuallyassociatedwithFibreChannelnetworks,butactuallyyoucanuseanytypeofnetworkforthispurpose,includingSSAorEthernet(usuallyGigabitEthernet).ThereasonsforbuildinganSANhavebeenrepeatedthroughoutthischapter.Servertechnologiessuchasclusteringandremotediskarraysrequirehigh-bandwidthconnections,andusingthesamedatanetworkastheclientcomputersforthispurposecouldeasilyresultinmassiveamountsoftraffic.Inaddition,thebandwidthrequirementsofastorageI/Onetworkfarexceedthoseofatypicaldatanetwork.ConstructingaseparateSANusingFibreChannelorGigabitEthernetisfarcheaperthanequippingallofthecomputersonyournetworkwithultra-high-speednetworkinterfaceadapters.
InatypicalenterprisenetworkcontaininganSAN,theservershaveinterfacestoboththedatanetwork(theLAN)andthestoragenetwork(theSAN).TheLAN,therefore,iscompletelyordinary,containingclientandservercomputers,andthestoragedevicesareconnectedonlytotheSAN.Wheretheserversstoretheirdataisofnoconsequencetotheclients,whichdonotevenhavetoknowoftheSAN’sexistence.
AtypicalSANusingFibreChanneltoconnectserverstothestoragedevicescantakemanyforms.ThesimplestpossibleSANconsistsofasingleserverconnectedtoadrivearrayusingapoint-to-pointFibreChannelconnection.Theserveraccessesthedatastoredonthearray,whichwouldtypicallyuseRAIDtoprovideaddedperformanceandfaulttolerance.OneoftheprimarydifferencesbetweenanSANandanNASdeviceisthatSANsprovideblock-levelaccesstodata,whileNASappliancesprovidefile-levelaccess.
AmorecomplicatedSANwouldconsistofseveralserversandseveralstoragearrays,allconnectedtothesamenetwork,asshowninFigure8-3.IftheSANusesFibreChannelforitscommunications,thenetwork’stopologycantaketheformofalooporafabric,dependingonwhetherthedevicesareallconnectedtoahuboraswitch.ThisenablestheserverstocommunicatewitheachotherandwithallofthestoragedevicesontheSAN.
![Page 195: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/195.jpg)
ThestoragedevicescanbedrivearraysusingRAID,NASservers,oranyothertechnologythatmayevolve,aslongasitsupportsFibreChannelorwhatevernetworkingprotocoltheSANuses.
Figure8-3AcomplexSANusingaFibreChannellooporfabricnetwork
![Page 196: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/196.jpg)
CHAPTER
![Page 197: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/197.jpg)
9 DesigningaNetwork
Planningisanessentialpartofanynetworkdeployment,andthedesignofthenetworkisacrucialelementoftheplanningprocess.Dependingonitssizeandlocation,theprocessofdesigningyournetworkcanbesimpleorextremelycomplex.Thischapterexaminessomeoftheconceptsinvolvedindesigningnetworksthatrangefromsmallhomenetworkstolargeenterpriseinternetworks.
Anetworkdesigncanencompassdecisionsmadeatmanylevels.Ataminimum,thedesignshouldincludewhathardwareyouintendtopurchase,howmuchitcosts,whereyou’regoingtolocateitatyoursite,andhowyou’regoingtoconnectitall.Forahomeorsmall-businessnetwork,thiscanbeaseasyastakingafewcomputers,choosinganetworkinterfacecard(NIC)foreachone,andbuyingsomecablesandahuband/orawirelessrouter.Youcanmakealloftheotherdecisionsinvolvedinsettingupandconfiguringthenetworkasyouproceed.Foralargeenterpriseinternetwork,thedesignprocessisconsiderablymorecomplicated.Asyou’velearned,aninternetworkisacollectionofLANsthathavebeenconnectedsothateachcomputercancommunicatewithanyothercomputeronanyoftheLANs.YoucandesigneachLANseparately,usingstandardhardwarealreadymentioned,butthenyoumustconsiderhowyouaregoingtoconnecttheLANsintoaninternetworkandregulatethecommunicationsbetweenthem.Youalsohavetoconsideralloftheservicesthatyoumustprovidetoyourusersandhowyouintendtoprovidethem.Thismeansthenetworkdesignmightincludesoftwareproductsandconfigurations,outsideservicesprovidedbythirdparties,andoperatingprocedures,aswellasahardwarelistandanetworkdiagram.
Inadditiontopurelytechnicalissues,designingalargeinternetworkinvolvesanumberofimportantbusinessdecisions.Generally,theearlyphasesoftheinternetworkdesignprocesstendtoproceedasfollows:
1.Identifythebusinessneedsthatthenetworkisintendedtosatisfy.
2.Createanidealnetworkdesignthatsatisfiesallofthepreviouslydefinedneeds.
3.Estimatethecostofbuildingthenetworkasdesigned.
4.Determinewhetherthebenefitsofbuildingthenetworkrationalizetheexpense.
5.Revisethenetworkdesigntobringtheexpenseinlinewiththebenefits.
Thisisahigh-leveloverviewofthenetworkdesignprocessasabusinessdecision,andwhileeconomicissuesmaynotbetheprimaryconcernofthepeopleinvolvedinthetechnicalsideoftheprocess,thecostoftheprojectwillcertainlyhaveaprofoundeffectonthedesign.Thischapterismoreinvolvedwiththetechnicalsideofthedesignprocessthanwiththebusinessside,buthavingsomeideaofthebudgetallottedforthenetworkandthecostofimplementingthetechnologiesyouselectcanstreamlinethewholedesignandapprovalprocessconsiderably.
![Page 198: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/198.jpg)
ReasoningtheNeedThefirststepindesigninganetworkisalwaystolistthereasonsforbuildingitinthefirstplace.Forahomeorsmall-businessnetwork,thelistisoftenshortandsimple,containingitemssuchasthedesiretoshareoneprinteramongseveralcomputersandtoaccesstheInternetusingasingleconnection.Inmostcases,theeconomicdecisionisequallysimple.WeighthepriceofafewcablesandahuborawirelessrouteragainstthecostofsupplyingeachcomputerwithitsownprinterorInternetconnection,andtheconclusionisobvious.
Foralargeinternetworkinstallation,thelistofrequirementsisusuallymuchlonger,andthedecision-makingprocessisfarmorecomplex.Someofthequestionsthatyoushouldaskyourselfasyou’refirstconceivingthenetworkareasfollows:
•Whatbusinessneedswillthenetworksatisfy?
•Whatservicesdoyouexpectthenetworktoprovidenowandinthefuture?
•Whatapplicationsmustthenetworkrunnowandinthefuture?
•Whatarethedifferenttypesofusersyouexpectthenetworktosupportnow?
•Whattypesofusers(andhowmanyofthem)doyouexpectthenetworktosupportinthefuture?
•Whatlevelofservicedoyouexpectthenetworktoprovideintermsofspeed,availability,andsecurity?
•Whatenvironmentalfactorsatthesitecanpossiblyaffectthenetwork?
•Whatisthegeographiclayoutofthebusiness?Arethereremoteofficestoconnect?
•Whatnetworkmaintenanceskillsandresourcesareavailabletotheorganization?
Byansweringquestionslikethese,youshouldbeabletocomeupwithabasic,high-levelconceptofthetypeofnetworkyouneed.Thisconceptshouldincludeasketchofthenetworkindicatingthenumberoflevelsinthehierarchy.Forexample,anetworkatasinglesitemightconsistofanumberofLANsconnectedbyabackbone,whileanetworkencompassingmultiplesitesmightconsistofseveralLANs,connectedbyabackboneateachlocation,allofwhicharethenconnectedbyWANlinks.Thisplanmayalsoincludedecisionsregardingthenetworkmediaandprotocolstouse,aroutingstrategy,andothertechnicalelements.
NOTEDependingontheenvironmentinwhichabackboneexists,itcanhavetwomeanings.ThefirstisthephysicalconnectionsuchasfiberorGigabitEthernet,andthesecondisatransmissionmethodsuchasframerelaythroughthecloud.
SeekingApprovalThenextstepistostartmakinggenerictechnologyandequipmentselectionsinorderto
![Page 199: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/199.jpg)
developanestimateofthecostsofbuildingandmaintainingthenetwork.Forexample,youmightatthispointdecidethatyouaregoingtobuildaninternetworkconsistingoftenLANs,connectedbyafiber-opticbackboneandusingaT-1lineforaccesstotheInternet.Withthisinformation,youcanstarttofigureoutthegeneralcostsofpurchasingandinstallingthenecessaryequipment.
Witharoughcostestimateinhand,it’sgenerallytimetodecidewhetherbuildingthenetworkasconceivediseconomicallyfeasible.Inmanycases,thisrequiresanevaluationbynontechnicalpeople,soalayperson’ssummaryoftheprojectanditscostisusuallyinorder.Atthispoint,someofthefollowingquestionsmaybeconsidered:
•Doesthenetworkdesignsatisfyallofthebusinessneedslistedearlier?
•Dothebusinessneedsthatthenetworkwillsatisfyjustifythecostexpenditures?
•Canthecostsofthenetworkbereducedwhilestillprovidingaminimumstandardofperformance?
•Howwillreducingthequalityofthenetwork(inregardtoelementssuchasspeed,reliability,and/orsecurity)affectthebusinessneedsitisabletosatisfy?
•Canthenetworkbereconceivedtolowertheinitialcostswhilestillprovidingsufficientcapabilityforexpansioninthefuture?
Thisreviewprocessmayinvolveindividualsatseveralmanagementlayers,eachwiththeirownconcerns.Inmanycases,businessandeconomicfactorsforcearedesignofthenetworkplanatthispoint,eithertobetteraddressbusinessneedsnotconsideredearlierortoreducecosts.Usually,it’sbetterforthesemodificationstooccurnow,whilethenetworkdesignplanisstillinitspreliminarystages.Oncetheelementsoftheplanaredevelopedingreaterdetail,itwillbecomemoredifficultandinefficienttodrasticallychangethem.
Whentheeconomicandbusinessfactorsofthenetworkdesignhavebeenreconciledwiththetechnicalfactors,youcanbegintofleshouttheplanindetail.Thefollowingsectionsexaminesomeofthespecificelementsthatshouldbeincludedinyournetworkdesignplan.
DesigningaHomeorSmall-OfficeNetworkAnetworkforahomeorsmallofficetypicallyconsistsofasingleLANconnectinganywherefrom2to16computers.TheLANmightalsohaveadditionalnetworkdevicesattachedtoit,suchasanetworkprinterorarouterprovidingaconnectiontotheInternetoranotheroffice.Forthiskindofnetwork,thedesignprocessconsistsmostlyofselectingproductsthataresuitableforyourusers’needsandforthephysicallayoutofthesite.
SelectingComputersVirtuallyallthecomputersonthemarkettodaycanbeconnectedtoanetwork,socompatibilityinthisareaisnotusuallyaconcern.However,forthesakeofconvenience,it’seasiertodesign,build,andmaintainasmallnetworkinwhichallofthecomputersusethesameplatform.IfmostofyourusersareaccustomedtousingWindowsPCs,then
![Page 200: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/200.jpg)
makethenetworkallWindowsPCs.IfmostarecomfortablewithMacintosh,Linux,orUnixsystems,thenusethose.It’snotimpossibletoconnectcomputersrunningdifferentplatformstothesamenetworkbyanymeans,butifyou’replanningasmallnetworkandyouwanttohaveaseasyatimeofitaspossible,sticktooneplatform.
Standardizingonasingleplatformmaybedifficultinsomesituations,however.Forahomenetwork,forexample,youmayhavekidswhouseMacsinschoolandadultswhousePCsatwork.Inasmall-businessenvironment,youaremorelikelytobeabletoimposeoneplatformonyouremployees,unlesstheyhavespecialrequirementssuchasdifferenttypesofmachines.Ifyoudofeelcompelledtomixplatforms,youmustbecarefultoselectproductsthatarecompatiblewitheverytypeofcomputeryouplantouse.Generally,itisnottoodifficulttoconfiguredifferenttypesofcomputerstoaccesssharednetworkresourcessuchasprintersandInternetconnections.However,filesharingcanbeaproblembecausethecomputersmayusedifferentfileformats.Theotherimportantconsiderationwhenselectingthecomputerstobeconnectedtoanetworkiswhethertheyhavetheresourcesneededfornetworking.Forthemostpart,thisjustmeansyoumustdeterminewhattypeofnetworkinterfaceadapterthecomputeruses.Ifanyofthemachinestobeincludedinthenetworkdonothaveappropriateadapters,youcanpurchaseanetworkinterfacecardandeitherinstalltheadapterinafreePCIslotorpurchaseaUniversalSerialBus(USB)networkinterfaceadapter.
SelectingaNetworkingProtocolTheprotocolyournetworkusesatthedatalinklayeroftheOSIreferencemodelisthesinglemostdefiningelementofthenetworkdesign.Thedatalinklayerprotocoldetermines,amongotherthings,whatnetworkmediumyouwilluse,whatnetworkinghardwareyouwillbuy,howyouwillconnectthecomputers,andhowfastthenetworkcantransferdata.ThemostcommonchoicesindatalinklayerprotocolsareEthernetforLANsorpoint-to-point(PPP)forlargernetworks.
ChoosingaNetworkMediumTheEthernetprotocolsupportsavarietyofnetworkmedia,butwheninstallinganewnetworktoday,thechoiceforabounded(cabled)networkcomesdowntounshieldedtwisted-pair(UTP)orfiber-opticcable.Theotheralternativeisawireless(unbounded)medium.UTPcableisperfectlysuitableformosthomeandsmall-businessnetworks.TouseUTP,youhavetopurchaseanEthernethub(unlessyouarenetworkingonlytwocomputers),andeachofyournetworkdevicesmustbeconnectedtothehubusingacablenomorethan100meterslong.Category5UTPissufficientfornetworksrunningatspeedsupto100Mbps.Forspeedsupto1,000Mbps(1Gbps),useeitherCategory5eorCategory6UTPcables.Cat5etransmitsat100MHzandCat6transmitsat250MHz.Bothhaveamaximumlengthof100meterswhenbeingusedfor1Gbpsnetworking.ThedifferenceisiftheCat6isusedina10Gbpsnetwork,andthenitgetscutdowntobetween37and55meters,dependingonthecrosstalkenvironment.
Ifyouareinasituationwherethelocationsofyourcomputerscallforlongersegments,however,orthenetworkmustoperateinanenvironmentwithextremeamountsofelectromagneticinterference(EMI)present,youcanopttousefiber-opticcable.Fiber-
![Page 201: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/201.jpg)
opticcableisimmunetoEMIandsupportslongersegments,butitisalsomoreexpensivethanUTPandmoredifficulttoinstall.
Forasmallnetwork,theeaseofinstallationisoftenamajorfactorintheselectionofanetworkmedium.AnEthernetnetworkusingUTPisthesimplesttypeofcablednetworktoinstall.UTPEthernetNICs,hubs,andprefabricatedcablesareavailableinalmostanycomputerstore;allyouhavetodoisusethecablestoconnectthecomputerstothehub.(IfyourcomputersdonothaveaNIC,youwillhavetoinstalltheadaptersbeforemakingtheconnection.)
Thesameisnottrueforfiber-opticcables,whicharegenerallypurchasedascomponents(bulkcable,connectors,andsoon)fromprofessionalsuppliers.Unlessyouarewillingtospendagooddealofmoney,time,andeffortonlearningaboutfiber-opticcabling,youarenotgoingtoinstallityourself.
It’spossibletoinstallUTPcablefromcomponentsalso,andthisisusuallyhowprofessional,internalinstallationsareperformed.Aninternalcableinstallationisoneinwhichthecablesareinstalledinsidewallcavitiesanddropceilings.Theonlyelementsoftheinstallationthatarevisibletothenetworkuserarethewallplatestowhichtheircomputersareattached.Thistypeofinstallationisneaterthananexternalonethatusesprefabricatedcablesthatareusuallyleftexposed,butitrequiresmoreexpertisetoperformcorrectly,aswellasadditionaltoolsandaccesstointernalwallcavities.Forasmall-businessnetworkinatraditionallydesignedofficespace,asmall-scaleinternalinstallationisfeasible,buthomeownersarelesslikelytowanttodrillholesintheirwalls,floors,andceilingsfortheinstallationofcables,despiteagreaterconcernfortheinstallation’scosmeticappearance.
Fornetworkinstallationswherecablesareimpracticalorundesirable,youcanalsoelecttoinstallawirelessLAN.Therearemanyproductsnowonthemarketatcompetitiveprices,andforhomeuserswantingtonetworktheircomputerswithoutleavingcablesexposedorperformingamajorcableinstallation,thissolutioncanbeideal.
ChoosingaNetworkSpeedAnotherconsiderationwhendesigninganEthernetLANisthespeedatwhichthenetworkwillrun.EastEthernetrunsat100Mbps,andGigabitEthernetrunsat1,000Mbps.YoucanfindmanyEthernetNICsthatsupporteitherspeed.TheNICautodetectsthespeedofthehubtowhichit’sattachedandconfiguresitselfaccordingly.
DesigninganInternetworkThedesignelementsdiscussedthusfarapplytolargeinternetworksaswellastosmall,single-segmentLANs.EventhelargestinternetworkconsistsofindividualLANsthatrequirethesamecomponentsasastand-aloneLAN,suchascomputers,NICs,cables,hubs,andswitches.Foralargeinternetworkwithmorevariedrequirements,youcandesigneachLANseparately,selectingprotocolsandhardwarethatbestsuitthephysicalenvironmentandtherequirementsoftheusers,oryoucancreateauniformdesignsuitableforalloftheLANs.OnceyougetbeyondtheindividualLANs,however,youfacetheproblemofconnectingthemtoformtheinternetwork.Thefollowingsectionsexaminethe
![Page 202: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/202.jpg)
technologiesyoucanusetodothis.
SegmentsandBackbonesThetraditionalconfigurationforaprivateinternetworkistohaveaseriesofLANs(callednetworksegmentsorsometimeshorizontalnetworks)connectedusinganother,separatenetworkcalledabackbone.Abackboneisnothingmorethananetworkthatconnectsothernetworks,forminganinternetwork.Theindividualsegmentscanbenetworksthatserviceworkgroups,departments,floorsofabuilding,orevenwholebuildings.Eachofthesegmentsisthenconnectedtoabackbonenetwork,usingarouteroraswitch,asshowninFigure9-l.Thisenablesaworkstationonanyofthenetworkstocommunicatewithanyotherworkstation.ThetermbackbonecanrefertoaLANthatconnectsotherLANs(usuallyinthesamebuildingorcampus)ortoanetworkofwidearealinksthatconnectnetworksorinternetworksatremotelocations.
![Page 203: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/203.jpg)
Figure9-1AnexampleofmultipleLANs,connectedbyabackbone
OneofthemostcommonconfigurationsforalargeinternetworkthatencompassesanentirebuildingwithmultiplefloorsistohaveaseparateLANconnectingallofthenetworkdevicesoneachfloor(whichistheoriginofthetermhorizontalnetwork)andabackbonenetworkrunningverticallybetweenthefloors,connectingalloftheLANs.Ofcourse,theconfigurationyouusemustdependonthebuildinginwhichtheinternetwork
![Page 204: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/204.jpg)
isinstalled.Ifyourentireorganizationishousedinanenormousbuildingwithonlytwofloors,youwillprobablyhavetocreateseveralLANsoneachfloorandconnectthemwithabackbonethatrunsthroughoutthebuilding.
WhentwocomputersonthesameLANcommunicatewitheachother,thetrafficstaysonthatlocalnetwork.However,whenthecommunicatingcomputersareondifferentLANs,thetrafficgoesthroughtherouterconnectingthesourcecomputertothebackboneandthentotheLANonwhichthedestinationcomputerislocated.Itisalsocommonpracticetoconnectnetworkresourcesrequiredbyalloftheinternetwork’susersdirectlytothebackbone,insteadoftooneofthehorizontalnetworks.Forexample,ifyouhaveasinglee-mailserverforyourentireorganization,connectingittooneofthehorizontalnetworksforcesallofthee-mailclienttrafficfromtheentireinternetworktotraveltothatsegment,possiblyoverburdeningit.Connectingtheservertothebackbonenetworkenablesthetrafficfromallofthehorizontalsegmentstoreachitequitably.Becausethebackboneissharedbythehorizontalnetworks,itcarriesalloftheinternetworktrafficgeneratedbyeachofthecomputersoneveryLAN.Thiscanbeagreatdealoftraffic,andforthisreason,thebackbonetypicallyrunsatahigherspeedthanthehorizontalnetworks.Backbonesmayalsohavetotraversegreaterdistancesthanhorizontalnetworks,soitiscommonforthemtousefiber-opticcable,whichcanspanmuchlongerdistancesthancopper.
Whentheconceptofthebackbonenetworkoriginated,thetypicaldepartmentalLANwasrelativelyslow,running10MbpsEthernet.ThefirstbackboneswerethickEthernettrunks,selectedbecausetheRG-8coaxialcablecouldbeinstalledinsegmentsupto500meterslong.Thesebackbonesranatthesamespeedasthehorizontalnetworks,however.Tosupportalloftheinternetworktraffic,adistributedbackbonerunningatahigherspeedwasneeded.ThisledtotheuseofdatalinklayerprotocolslikeFiberDistributedDataInterface(FDDI).FDDIranat100Mbps,whichwasfasterthananythingelseatthetime,anditusedfiber-opticcable,whichcanspanmuchgreaterdistancesthanthickEthernet.
OnceFastEthernetproductsarrivedonthemarket,thesituationchangedbyanorderofmagnitude;100Mbpshorizontalnetworksbecamecommon,andanevenfasterbackbonetechnologywasneededtokeepupwiththetrafficloadtheygenerate.ThisledtothedevelopmentofprotocolslikeAsynchronousTransferMode(ATM),runningatspeedsupto655Mbps,andGigabitEthernet,at1,000Mbps.
DistributedandCollapsedBackbonesTherearetwobasictypesofbackboneLANsingeneraluse:thedistributedbackboneandthecollapsedbackbone.Inadistributedbackbone,thebackbonetakestheformofaseparatecablesegmentthatrunsthroughouttheenterpriseandisconnectedtoeachofthehorizontalnetworksusingarouterorswitch.Inacollapsedbackbone,thehuboneachofthehorizontalnetworksisconnectedtoacentrallylocatedmodularrouterorswitch(seeFigure9-2).Thisrouterorswitchfunctionsasthebackbonefortheentireinternetworkbypassingtrafficbetweenthehorizontalnetworks.Thistypeofbackboneusesnoadditionalcablesegmentbecausethecentralrouter/switchhasindividualmodulesforeachnetwork,connectedbyabackplane.Thebackplaneisaninternalcommunicationsbusthattakestheplaceofthebackbonecablesegmentinadistributedbackbonenetwork.
![Page 205: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/205.jpg)
Figure9-2AsinglerouterorswitchconnectsalloftheLANsinacollapsedbackbone.
Theadvantageofacollapsedbackboneisthatinternetworktraffichastopassthroughonlyonerouteronthewaytoitsdestination,unlikeadistributedbackbone,whichhasseparateroutersconnectingeachnetworktothebackbone.Thedisadvantageofacollapsedbackboneisthatthehuboneachnetworkmustconnecttothecentralrouterwithonecablesegment.Dependingonthelayoutofthesiteandthelocationoftherouter,thisdistancemaybetoolongforcoppercable.
Becauseacollapsedbackbonedoesnotuseaseparatecablesegmenttoconnectthehorizontalnetworks,itdoesnotneeditsownprotocol.Today’stechnologyhasmadethecollapsedbackboneapracticalsolution.
![Page 206: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/206.jpg)
Whilethismaybeanidealsolutionforanewnetworkbeingconstructedtoday,therearethousandsofexistingnetworksthatstilluse10MbpsEthernetorotherrelativelyslowprotocolsontheirhorizontalnetworksandcan’teasilyadapttothecollapsedbackboneconcept.Someorallofthehorizontalnetworksmightbeusingoldermedia,suchasCategory3UTPoreventhinEthernet,andcan’tsupportthelongcablerunstoacentralrouter.Thehorizontalnetworksmightevenbeinseparatebuildingsonacampus,inwhichcaseacollapsedbackbonewouldrequireeachbuildingtohaveacableruntothelocationoftherouter.Incaseslikethese,adistributedbackboneisnecessary.
BackboneFaultToleranceBecauseitprovidesallinternetworkcommunications,thebackbonenetworkisavitallyimportantpartoftheoveralldesign.Ahorizontalnetworkthatcan’taccessthebackboneisisolated.ComputersonthatLANcancommunicatewitheachotherbutnotwiththecomputersonotherLANs,whichcancutthemofffromvitalnetworkservices.Toensurecontinuousaccesstothebackbone,someinternetworksdesignredundantelementsintotheplanforfault-tolerancepurposes.Youcan,forexample,usetworoutersoneachLAN,bothofwhichconnecttothebackbonenetworkhubsothatifonerouterfails,theotherprovidescontinuedaccesstotherestofthenetwork.Somedesignsgosofarastoincludetwoseparatedistributedbackbonenetworks.
Thisplanalsocallsfortworoutersoneachhorizontalnetwork,butinthiscase,theroutersareconnectedtotwodifferentbackbonenetworks,asshowninFigure9-3.Thisway,theinternetworkcancontinuetofunctiondespitethefailureofarouter,abackbonehub,oranybackbonecablesegment.Anotherbenefitofthisdesignistheabilitytobalancetheinternetworktrafficloadamongthetwobackbones.Byconfiguringhalfofthecomputerstouseonebackboneandhalftheother(byvaryingtheirdefaultgatewayaddresses),yousplittheinternetworktrafficbetweenthetwo.ThiscanmaketheuseofEthernetonboththehorizontalandbackbonenetworksapracticalproposition,evenonahighlytraffickednetwork.WithasinglebackboneconnectingEthernetLANs,youmayfindthatyouneedtouseGigabitEthernetoranotherhigh-speedprotocoltosupporttheinternetworktraffic.
![Page 207: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/207.jpg)
Figure9-3Redundantbackbonescanprovidebothloadbalancingandfaulttolerance.
SelectingaBackboneLANProtocolTheprotocolthatyouuseonthebackboneconnectingyourhorizontalnetworksshoulddependontheamountoftrafficithastocarryandthedistanceithastospan.Insomeorganizations,mostofthenetworkcommunicationsarelimitedtotheindividual
![Page 208: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/208.jpg)
horizontalLANs.If,forexample,yourcompanyconsistsofseveraldepartmentsthatarelargelyautonomous,eachwiththeirownserversonaseparatehorizontalLAN,alloftheintradepartmentaltrafficremainsonthehorizontalnetworkandneverreachesthebackbone.Inacaselikethis,youcanprobablyusethesametechnologyonthebackboneasthehorizontalLANs,suchasEthernetthroughout.If,ontheotherhand,yourcompanyconsistsofdepartmentsthatallrelyonthesameresourcestodotheirwork,suchasacentraldatabase,itmakessensetoconnectthedatabaseserversdirectlytothebackbone.Whenyoudothis,however,thebackbonemustbeabletosupportthetrafficgeneratedbyallofthehorizontalnetworkscombined.IfthehorizontalnetworksarerunningFastEthernet,thebackboneshouldusuallyuseafastertechnology,suchasGigabitEthernet,inordertokeepup.
ThedistancethatthebackboneLANmustspanandtheenvironmentinwhichit’susedcanalsoaffecttheprotocolselection.Ifyoursiteislargeenoughthatthebackbonecablerunsarelikelytoexceedthe100-meterlimitforunshieldedtwisted-paircable,youshouldconsiderusingfiber-opticcable.FiberopticisalsothepreferredsolutionifyouhavetoconnecthorizontalLANsthatarelocatedindifferentbuildingsonthesamecampus.FiberopticismoreexpensivetopurchaseandinstallthanUTP,butitisinteroperablewithcoppercableinmostcases.Forexample,youcanpurchaseFastEthernethubsandroutersthatsupportbothcabletypessothatyoucanuseUTPonyourhorizontalnetworksandfiberopticonthebackbone.
ConnectingtoRemoteNetworksInadditiontoconnectingLANsatthesamesite,manyinternetworksuseabackbonetoconnecttoremotenetworks.Insomecases,theorganizationconsistsofmultipleofficesindifferentcitiesorcountriesthatmustcommunicatewitheachother.Ifeachofficehasitsowninternetwork,connectingtheofficeswithWANlinksformsanotherbackbonethataddsathirdleveltothenetworkhierarchyandcreatesasingle,enterpriseinternetwork.However,evenanorganizationwithoneinternetworkatasinglelocationislikelytoneedaWANconnectiontoanInternetserviceprovidersothatuserscanaccesse-mailandotherInternetservices.
ThetechnologyyouselectforyourWANconnectionsdependsonfactorssuchastheamountofbandwidthyournetworkneeds,whenitneedsit,and,asalways,yourbudget.Youcanuseanythingfromdial-on-demandtelephoneconnectionstohigh-speedleasedlinestoflexiblebandwidthsolutions,suchasframerelay.
SelectingaWANTopologyAnotherfactorinselectingaWANtechnologyisthetopologyyouwillusetoconnectyourvarioussites.WANtopologiesaremoreflexiblethanthoseonLANs,whicharedictatedbythedatalinkandphysicallayerprotocolsyouelecttouse.YoucanuseWANlinkstobuildaninternetworkinmanydifferentways.Forexample,thefullmeshtopology,whenusedonaWAN,consistsofaseparate,dedicatedlink(suchasaleasedline)betweeneachtwositesinyourorganization.Ifyouhavefiveofficesindifferentcities,eachofficehasfourseparateWANlinksconnectingittotheotheroffices,foratotaloftenlinks(seeFigure9-4).Ifyouhaveeightoffices,atotalof28separateWANlinks
![Page 209: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/209.jpg)
arerequired.Thisarrangementprovidesthegreatestamountoffaulttolerancesinceasinglelinkfailureaffectsonlythetwositesinvolved,aswellasthemostefficientnetwork,sinceeachsitecancommunicatedirectlywitheachoftheothersites.However,thissolutioncanalsobeexpensiveaswellaswasteful,unlessyournetworkgeneratessufficientWANtrafficbetweeneachpairofsitestofillalloftheselinksmostofthetime.
Figure9-4ThefullmeshWANtopology
Afullmeshtopology,consistingofindividuallinksbetweenthesites,assumestheuseofdedicated,point-to-pointWANconnectionssuchasleasedlines.However,therearealternativestothistypeoflinkthatcanprovidewhatamountstoafullmeshtopologyatmuchlessexpense.Framerelayusesasingleleasedlineateachsitetoconnecttoaserviceprovider’snetwork,calledthecloud.Withallofthesitesconnectedtothesamecloud(usingaccesspointslocaltoeachlocation),eachsitecanestablishavirtualcircuittoeveryothersiteasneeded.
Attheotherendofthespectrumfromthefullmeshtopologyisthestartopology,whichdesignatesonesiteasthemainoffice(orhub)andconsistsofaseparate,dedicatedconnectionbetweenthehubandeachoftheotherbranchsites.ThistopologyusesthefewestnumberofWANlinkstoconnectallofthesites,providingthegreatesteconomy,andenablesthemainofficetocommunicatedirectlywitheachofthebranchsites.However,whentwoofthebranchsiteshavetocommunicate,theymustdosobygoingthroughthehub.Whetherthestartopologyissuitableforyournetworkdependsonwhetherthebranchsitesfrequentlyneedtocommunicatewitheachother.
Aringtopologyhaseachsiteconnectedtotwoothersites,asshowninFigure9-5.Thistopologyusesonlyonelinkmorethanastar,butitprovidesagreaterdegreeoffaulttolerance.Ifanyonelinkfails,itisstillpossibleforanytwositestocommunicatebysendingtrafficaroundtheringintheotherdirection.Bycontrast,alinkfailureinastarinternetworkdisconnectsoneofthesitesfromtheotherscompletely.Thedisadvantageoftheringisthedelayintroducedbytheneedfortraffictopassthroughmultiplesitesinordertoreachitsdestination,inmostcases.Asiteonastarinternetworkisnevermorethantwohopsfromanyothersite,whileringsitesmayhavetopassthroughseveralhops.
![Page 210: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/210.jpg)
Figure9-5TheringWANtopology
Eachofthesetopologiesrepresentsanextremeexampleofanetworkcommunicationtechnique,butnoneofthemhastobefollowedabsolutelyineverycase.Youcan,forexample,createapartialmeshtopologybyeliminatingsomeofthelinksfromthefullmeshdesign.Notallofyoursitesmayrequireadedicatedlinktoeveryothersite,soyoucaneliminatetheextraneouslinks,thusreducingthecostofthenetwork.Whenasitehastocommunicatewithanothersitetowhichitdoesnothaveadirectconnection,itcangothroughoneofitsconnectedsitesinstead.Inthesameway,youcanbuildmorefaulttoleranceintoastarnetworkbyhavingtwohubsitesinsteadofoneandconnectingeachoftheothersitestobothhubs.Thisrequirestwiceasmanylinksasastandardstartopologybutstillfewerthanafullmesh.
PlanningInternetAccessConnectinganetworktotheInternetisusuallyfarlesscomplicatedthanconnectingmultiplesiteswithWANlinks.Evenifyourinternetworkconsistsofseveralsites,itismorecommontoequipeachonewithitsownInternetconnection,ratherthanconnectonesiteandhavetheothersitesaccesstheInternetthroughtheintersiteWAN.TheWANtechnologyyouusetoconnecteachsitetotheInternetshouldonceagaindependonthebandwidthyourequireandyourbudget.
LocatingEquipmentDesigningtheindividualLANsthatmakeuptheinternetworkissimilartodesigningasingle,stand-aloneLAN,exceptyoumustworkthebackboneconnectionsintothedesign.Largeinternetworksaremorelikelytouseinternalbulkcableinstallationsforthenetworksegments,ratherthantheprefabricated,externalcablescommonlyusedforhomeandsmall-businessnetworks.Inaninternalinstallation,cablesruninsidewallsandceilingsandterminateatwallplatesandpatchpanels.Thistypeofinstallationismuchmorecomplicatedthananexternalonewherethecablesareleftexposed.Therefore,thisinstallationisfrequentlyoutsourcedtoacontractorwhospecializesinon-premiseswiring.Forthesereasons,adetailednetworkplanshowingtherouteofeachcableandthelocationofeachwallplateandpatchpanelisessential.Youdon’twanttohavetocallthecontractorinaftertheinstallationisfinishedtopulladditionalcables.
![Page 211: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/211.jpg)
Designingsuchanetworkandcreatingtheplanaretasksthatrequireanintimateknowledgeofthebuildinginwhichthenetworkistobelocated.Aswithahomeorsmall-businessLAN,youmustdecidewhereallofthecomputersandothernetworkdevicesaregoingtobelocatedandthenworkouthowyouaregoingtorunthecablesthatconnectthemtothehub.Foraninternetworkdesign,youalsohavetodecidewhereyou’regoingtoputtherouterthatconnectseachLANtothebackbone(inthecaseofadistributedbackbonenetwork)orhowyou’regoingtoconnecteachLANtothemainrouter/switch(inthecaseofacollapsedbackbonenetwork).
WiringClosetsIntheclassicexampleofamultiflooredofficebuildingwithahorizontalnetworkoneachfloorandadistributedbackboneconnectingthemvertically,itiscommonpracticetohaveatelecommunicationsroom,oftencalledawiringcloset,oneachfloor.Thisclosetcanserveasthelocationforthepatchpanelwhereallofthecablerunsforthefloorterminate,aswellasthehubthatconnectsallofthedevicesonthefloorintoaLANandtherouterthatconnectstheLANtothebackbonenetwork.It’salsopossibletoinstallworkgrouporevenenterpriseserversintheseclosets.Tofacilitatethebackbonecabling,thebestarrangementisforthewiringclosetsoneachfloortobeontopofeachother,withachaseorwiringconduitrunningverticallythroughthemandconnectingalloftheclosetsinthebuilding.
Tosomepeople,thetermwiringclosetmightinvokevisionsofhubsandroutersshovedintoadarklittlespacealongwithmopsandbuckets,butthisshoulddefinitelynotbethecase.Wiringclosetsmayalreadyexist,eveninabuildingnotalreadycabledforadatanetwork,tosupporttelephoneequipmentandotherbuildingservices.Theclosetmayindeedbeasmallspace,butitshouldbewelllitandhaveroomenoughtoworkin,ifnecessary.Theroomiscalledaclosetbecausethereistypicallynoroom(orneed)fordesksandworkstationsinside.Mostoftherouters,servers,andothernetworkingequipmentavailabletodaycanbeequippedwithremoteadministrationcapabilities,whichminimizestheneedtoactuallyopentheclosettophysicallyaccesstheequipment.Unlikeanequipmentstoragecloset,awiringorserverclosetmustalsomaintainanappropriateenvironmentfortheequipmentinside.Aspacethatisnotheatedinthewinternorairconditionedinthesummercangreatlyshortenthelifeofdelicateelectronics.Wiringclosetsmustalsobekeptlocked,ofcourse,toprotectthevaluableequipmentfromtheftand“experimentation”byunauthorizedpersonnel.
DataCentersWiringclosetsareeminentlysuitablefordistributedbackbonenetworksbecausethistypeofnetworkrequiresthatarelativelylargeamountofexpensiveequipmentbescatteredthroughoutthebuilding.Anotherorganizationaloption,bettersuitedforacollapsedbackbonenetwork,istohaveasingledatacentercontainingallofthenetworkingequipmentfortheentireenterprise.Inthiscontext,adatacenterisreallyjustalarger,moreelaboratewiringcloset.Typically,adatacenterisasecuredroomorsuitethathasbeenoutfittedtosupportlargeamountsofelectronicequipment.Thisusuallyincludesspecialairconditioning,extrapowerlines,powerconditioningandbackup,additional
![Page 212: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/212.jpg)
fixturessuchasamodularfloorwithawiringspacebeneathit,andextrasecuritytopreventunauthorizedaccess.
Thecentertypicallycontainsthenetwork’senterpriseserversandtheroutersthatjointheLANstogetherandprovideInternetandWANaccess.Ifthebuildinghousingthenetworkisnottoolarge,youcanplaceallofthehubsfortheindividualLANsinthedatacenteraswell.Thismeansthateverywallplateinthebuildingtowhichacomputerisconnectedhasacableconnectingittoahubinthedatacenter.Thisarrangementisfeasibleonlyifthelengthofthecablerunsarelessthan100meters,assumingthatthehorizontalnetworksareusingUTPcable.Ifthedistancebetweenanyofyourwallplatelocationsandthedatacenterexceeds100meters,youmusteitherusefiber-opticcable(whichsupportslongersegments)orplacethehubsatthelocationofeachLAN.Ifyouchoosetodothelatter,youonlyhavetofindarelativelysecureplaceforeachhub.
Whenthehubsaredistributedaroundthebuilding,youneedonlyonecablerunfromeachhubtothedatacenter.Ifyouusecentralizedhubs,eachofyourcablerunsextendsallthewayfromthecomputertothedatacenter.Notonlycanthisusemuchmorecable,butthesheerbulkofthecablesmightexceedthesizeofthewiringspacesavailableinthebuilding.However,theadvantageofhavingcentralizedhubsisthatnetworksupportpersonnelcaneasilyservicethemandmonitortheirstatus,andconnectingthemtothehuborswitchthatjoinstheLANsintoaninternetworkissimplyamatterofrunningacableacrosstheroom.
Typically,theequipmentinadatacenterismountedinracks,whichcanextendfromfloortoceiling.Virtuallyallmanufacturersofservers,hubs,routers,andothernetworkdevicesintendedforlargeenterprisenetworkstohaveproductsdesignedtoboltintothesestandard-sizedracks,whichmakesiteasiertoorganizeandaccesstheequipmentinthedatacenter.
FinalizingtheDesignAsyoufleshoutthenetworkdesignindetail,youcanbegintoselectspecificvendors,products,andcontractors.Thisprocesscanincludeshoppingforthebesthardwarepricesincatalogsandonwebsites,evaluatingsoftwareproducts,interviewingandobtainingestimatesfromcableinstallationcontractors,andinvestigatingserviceprovidersforWANtechnologies.Thisisthemostcriticalpartofthedesignprocess,forseveralreasons.First,thisisthepointatwhichyou’llbeabletodeterminetheactualcostofbuildingthenetwork,notjustanestimate.Second,itisatthisphasethatyoumustmakesureallthecomponentsyouselectareactuallycapableofperformingasyourpreliminaryplanexpectsthemto.If,forexample,youdiscoverthattheroutermodelwithallofthefeaturesyouneedisnolongeravailable,youmayhavetomodifytheplantouseadifferenttypeofrouterortoimplementthefeatureyouneedinanotherway.Third,theconcreteinformationyoudevelopatthisstageenablesyoutocreateadeploymentschedule.Anetworkdesignplancanneverhavetoomuchdetail.Documentingyournetworkascompletelyaspossible,bothbefore,during,andafterconstruction,canonlyhelpyoutomaintainandrepairitlater.Theplanningprocessforalargenetworkcanbelongandcomplicated,butitisrareforanyofthetimespenttobewasted.
![Page 213: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/213.jpg)
PART
![Page 214: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/214.jpg)
III NetworkProtocols
CHAPTER10
EthernetBasics
CHAPTER11
100BaseEthernetandGigabitEthernet
CHAPTER12
NetworkingProtocols
![Page 215: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/215.jpg)
CHAPTER
![Page 216: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/216.jpg)
10 EthernetBasics
Ethernetisthedatalinklayerprotocolusedbythevastmajorityofthelocalareanetworksoperatingtoday.Sincethe1990s,theEthernetstandardshavebeenrevisedandupdatedtosupportmanydifferenttypesofnetworkmediaandtoprovidedramaticspeedincreasesovertheoriginalprotocol.BecausealloftheEthernetvariantsoperateusingthesamebasicprinciplesandbecausethehigh-speedEthernettechnologiesweredesignedwithbackwardcompatibilityinmind,upgradingastandardnetworkisusuallyrelativelyeasy.Thisisinmarkedcontrasttootherhigh-speedtechnologiessuchasFiberDistributedDataInterface(FDDI)andAsynchronousTransferMode(ATM),forwhichupgradescanrequireextensiveinfrastructuremodifications,suchasnewcabling,aswellastrainingandacclimationforthepersonnelsupportingthenewtechnology.
ThischapterexaminesthefundamentalEthernetmechanismsandhowtheyprovideaunifiedinterfacebetweenthephysicallayeroftheOpenSystemsInterconnection(OSI)referencemodelandmultipleprotocolsoperatingatthenetworklayer.Thenyou’lllearnhownewertechnologiessuchasFastEthernetandGigabitEthernetimproveontheolderstandardsandprovidesufficientbandwidthfortheneedsofvirtuallyanynetworkapplication.Finally,therewillbeadiscussionofupgradestrategiesandreal-worldtroubleshootingtechniquestohelpyouimprovetheperformanceofyourownnetwork.
EthernetDefinedTheEthernetprotocolprovidesaunifiedinterfacetothenetworkmediumthatenablesanoperatingsystemtotransmitandreceivemultiplenetworklayerprotocolssimultaneously.LikemostofthedatalinklayerprotocolsusedonLANs,Ethernetis,intechnicalterms,connectionlessandunreliable.Ethernetmakesitsbestefforttotransmitdatatotheappointeddestination,butnomechanismexiststoguaranteeasuccessfuldelivery.Instead,servicessuchasguaranteeddeliveryareleftuptotheprotocolsoperatingatthehigherlayersoftheOSImodel,dependingonwhetherthedatawarrantsit.
NOTEInthiscontext,thetermunreliablemeansonlythattheprotocollacksameansofacknowledgingthatpacketshavebeensuccessfullyreceived.
AsdefinedbytheEthernetstandards,theprotocolconsistsofthreeessentialcomponents:
•Aseriesofphysicallayerguidelinesthatspecifythecabletypes,wiringrestrictions,andsignalingmethodsforEthernetnetworks
•AframeformatthatdefinestheorderandfunctionsofthebitstransmittedinanEthernetpacket
•Amediaaccesscontrol(MAC)mechanismcalledCarrierSenseMultipleAccesswithCollisionDetection(CSMA/CD)thatenablesallofthecomputersontheLANequalaccesstothenetworkmedium.
![Page 217: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/217.jpg)
Fromaproductperspective,theEthernetprotocolconsistsofthenetworkinterfaceadaptersinstalledinthenetwork’scomputersusuallyintheformofnetworkinterfacecards(NICs),thenetworkadapterdriverstheoperatingsystemusestocommunicatewiththenetworkadapters,andthehubsandcablesyouusetoconnectthecomputers.Whenyoupurchasenetworkadaptersandhubs,youmustbesuretheyallsupportthesameEthernetstandardsforthemtobeabletoworktogetheroptimally.
EthernetStandardsWhenEthernetwasfirstdesignedinthe1970s,itcarrieddataoverabasebandconnectionusingcoaxialcablerunningat10MbpsandasignalingsystemcalledManchesterencoding.ThiseventuallycametobeknownasthickEthernetbecausethecableitselfwasapproximately1centimeterwide,aboutthethicknessofagardenhose(indeed,itscolorandrigidityledtoitsbeingreferredtoasthe“frozenyellowgardenhose”bywhimsicalnetworkadministrators).ThefirstEthernetstandard,whichwastitled“TheEthernet,aLocalAreaNetwork:DataLinkLayerandPhysicalLayerSpecifications,”waspublishedin1980byaconsortiumofcompaniesthatincludedDEC,Intel,andXerox,givingrisetotheacronymDIX,thus,thedocumentbecameknownastheDIXEthernetstandard.
EthernetIITheDIX2.0standard,commonlyknownasDIXEthernetII,waspublishedin1982andexpandedthephysicallayeroptionstoincludeathinnertypeofcoaxialcable,whichcametobecalledthinEthernet,ThinNet,orcheapernetbecauseitwaslessexpensivethantheoriginalthickcoaxialcable.
IEEE802.3Duringthistime,adesirearosetobuildaninternationalstandardaroundtheEthernetprotocol.In1980,aworkinggroupwasformedbyastandards-makingbodycalledtheInstituteofElectricalandElectronicsEngineers(IEEE),underthesupervisionoftheirLocalandMetropolitanAreaNetworks(LAN/MAN)StandardsCommittee,forthepurposeofdevelopingan“Ethernet-like”standard.Thiscommitteeisknownbythenumber802,andtheworkinggroupwasgiventhedesignationIEEE802.3.Theresultingstandard,publishedin1985,wascalledthe“IEEE802.3CarrierSenseMultipleAccesswithCollisionDetection(CSMA/CD)AccessMethodandPhysicalLayerSpecifications.”ThetermEthernetwas(andstillis)scrupulouslyavoidedbytheIEEE802.3groupbecausetheywantedtoavoidcreatinganyimpressionthatthestandardwasbasedonacommercialproductthathadbeenregisteredasatrademarkbyXerox.However,withafewminordifferences,thisdocumentessentiallydefinesanEthernetnetworkunderanothername,andtothisday,theproductsconformingtotheIEEE802.3standardarecalledbythenameEthernet.
NOTETheIEEEStandardsareavailablefordownloadingathttp://standards.ieee.org/about/get/802/802.3.html.
![Page 218: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/218.jpg)
DIXEthernetandIEEE802.3DifferencesWhiletheDIXEthernetIIstandardtreatedthedatalinklayerasasingleentity,theIEEEstandardsdividethelayerintotwosublayers,calledlogicallinkcontrol(LLC)andmediaaccesscontrol(MAC).TheLLCsublayerisolatesthefunctionsthatoccurbeneathitfromthoseaboveitandisdefinedbyaseparatestandard:IEEE802.2.TheIEEEcommitteeusesthesameabstractionlayerwiththenetworktypesdefinedbyother802standards,suchasthe802.5TokenRingnetwork.TheuseoftheLLCsublayerwiththe802.3protocolalsoledtoasmallbutimportantchangeintheprotocol’sframeformat,asdescribedinthe“TheEthernetFrame”sectionlaterinthischapter.TheMACsublayerdefinesthemechanismbywhichEthernetsystemsarbitrateaccesstothenetworkmedium,asdiscussedintheforthcomingsection“CSMA/CD.”
By1990,theIEEE802.3standardhadbeendevelopedfurtherandnowincludedotherphysicallayeroptionsthatmadecoaxialcableallbutobsolete,suchasthetwisted-paircablecommonlyusedintelephoneinstallationsandfiber-opticcable.Becauseitiseasytoworkwith,inexpensive,andreliable,twisted-pair(or10Base-T)Ethernetquicklybecamethemostpopularmediumforthisprotocol.MostoftheEthernetnetworksinstalledtodayusetwisted-paircable,whichcontinuestobesupportedbythenew,higher-speedstandards.Fiber-optictechnologyenablesnetworkconnectionstospanmuchlongerdistancesthancopperandisimmunefromelectromagneticinterference.
Table10-1liststheprimarydifferencesbetweentheIEEE802.3standardandtheDIXEthernetIIstandard.
Table10-1DifferencesBetweentheIEEE802.3StandardsandtheOldDIXEthernetIIStandards
IEEEShorthandIdentifiersTheIEEEisalsoresponsiblefortheshorthandidentifiersthatareoftenusedwhenreferringtospecificphysicallayerEthernetimplementations,suchas100Base-TforaFastEthernetnetwork.Inthisidentifier,the100referstothespeedofthenetwork,whichis100Mbps.AlloftheEthernetidentifiersbeginwith10,100,or1000.
TheBasereferstothefactthatthenetworkusesbasebandtransmissions.AsexplainedinChapter1,abasebandnetworkisoneinwhichthenetworkmediumcarriesonlyonesignalatatime,asopposedtoabroadbandnetwork,whichcancarrymanysignalssimultaneously.AlloftheEthernetvariantsarebaseband,exceptforonebroadbandversion,whichisrarely,ifever,used.
TheTin100Base-Tspecifiesthetypeofmediumthenetworkuses.Forexample,theTin100Base-Tstandsfortwisted-paircable.Table10-2explainssomeoftheEthernetidentifiers.Foracompletelist,gotohttp://standards.ieee.org/about/get/802/802.3.htmlandenterthespecificstandard.
![Page 219: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/219.jpg)
Table10-2IEEEShorthandIdentifiersforEthernetNetworks
NOTEBeginningwiththe10Base-Tspecification,theIEEEbeganincludingahyphenaftertheBasedesignatortopreventpeoplefrompronouncing10Base-Tas“tenbassett.”
CSMA/CDToday,manyoftheissueswithcollisionsonanEthernetnetworkhavebeeneliminatedwithshared,full-duplex,point-to-pointchannelsbetweenthenodeoriginatingtransmissionandthereceiver.However,sinceCSMA/CDissupportedforbackwardcompatibility,IEEE802.3stilldefinesthespecification.
LikeanyMACmethod,CSMA/CDenabledthecomputersonthenetworktoshareasinglebasebandmediumwithoutdataloss.TherearenoprioritiesonanEthernetnetworkasfarasmediaaccessisconcerned;theprotocolwasdesignedsothateverynodehasequalaccessrightstothenetworkmedium.Figure10-1illustratestheprocessbywhichCSMA/CDarbitratesaccesstothenetworkmediumonanEthernetnetwork.Whileobsoleteintoday’sEthernetnetworks,itissupportedforcompatibilitywithearliernetworks,soyouneedtounderstandtheprocess.
Figure10-1IfNodeBbeginstotransmitdatabeforethetransmissionfromNodeAreachesit,acollisionwilloccur.
WhenanodeonanEthernetnetworkwantstotransmitdata,itfirstmonitorsthenetworkmediumtoseewhetheritiscurrentlyinuse.Thisisthecarriersensephaseoftheprocess.Ifthenodedetectstrafficonthenetwork,itpausesforashortintervalandthenlistenstothenetworkagain.Oncethenetworkisclear,anyofthenodesonthenetwork
![Page 220: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/220.jpg)
mayuseittotransmittheirdata.Thisisthemultipleaccessphase.Thismechanisminitselfarbitratesaccesstothemedium,butitisnotwithoutfault.
Itisentirelypossiblefortwo(ormore)systemstodetectaclearnetworkandthentransmittheirdataatnearlythesamemoment.Thisresultsinwhatthe802.3standardcallsasignalqualityerror(SQE)or,astheconditionismorecommonlyknown,apacketcollision.Collisionsoccurwhenonesystembeginstransmittingitsdataandanothersystemperformsitscarriersenseduringthebriefintervalbeforethefirstbitinthetransmittedpacketreachesit.Thisintervalisknownasthecontentiontime(orslottime)becauseeachofthesystemsinvolvedbelievesithasbeguntotransmitfirst.Everynodeonthenetworkis,therefore,alwaysinoneofthreepossiblestates:transmission,contention,oridle.
Whenpacketsfromtwodifferentnodescollide,anabnormalconditioniscreatedonthecablethattravelsontowardbothsystems.Onacoaxialnetwork,thevoltagelevelspikestothepointatwhichitisthesameorgreaterthanthecombinedlevelsofthetwotransmitters(+/−0.85V).Onatwisted-pairorfiber-opticnetwork,theanomalytakestheformofsignalactivityonboththetransmitandreceivecircuitsatthesametime.
Wheneachtransmittingsystemdetectstheabnormality,itrecognizesthatacollisionhastakenplace,immediatelystopssendingdata,andbeginstakingactiontocorrecttheproblem.Thisisthecollisiondetectionphaseoftheprocess.Becausethepacketsthatcollidedareconsideredtobecorrupted,boththesystemsinvolvedtransmitajampatternthatfillstheentirenetworkcablewithvoltage,informingtheothersystemsonthenetworkofthecollisionandpreventingthemfrominitiatingtheirowntransmissions.
Thejampatternisasequenceof32bitsthatcanhaveanyvalue,aslongasitdoesnotequalthevalueofthecyclicredundancycheck(CRC)calculationinthedamagedpacket’sframechecksequence(FCS)field.AsystemreceivinganEthernetpacketusestheFCSfieldtodeterminewhetherthedatainthepackethasbeenreceivedwithouterror.AslongasthejampatterndiffersfromthecorrectCRCvalue,allreceivingnodeswilldiscardthepacket.Inmostcases,networkadapterssimplytransmit32bitswiththevalue1.TheoddsofthisalsobeingthevalueoftheCRCforthepacketare1in232(inotherwords,notlikely).
Aftertransmittingthejampattern,thenodesinvolvedinthecollisionbothrescheduletheirtransmissionsusingarandomizeddelayintervaltheycalculatewithanalgorithmthatusestheirMACaddressesasauniquefactor.Thisprocessiscalledbackingoff.Becausebothnodesperformtheirownindependentbackoffcalculations,thechancesofthembothretransmittingatthesametimearesubstantiallydiminished.Thisisapossibility,however,andifanothercollisionoccursbetweenthesametwonodes,theybothincreasethepossiblelengthoftheirdelayintervalsandbackoffagain.Asthenumberofpossiblevaluesforthebackoffintervalincreases,theprobabilityofthesystemsagainselectingthesameintervaldiminishes.TheEthernetspecificationscallthisprocesstruncatedbinaryexponentialbackoff(ortruncatedBEB).AnEthernetsystemwillattempttotransmitapacketasmanyas16times(reportedasan“excessivecollisionerror”),andifacollisionresultseachtime,thepacketisdiscarded.
Collisions
![Page 221: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/221.jpg)
EverysystemonanEthernetnetworkusestheCSMA/CDMACmechanismforeverypacketittransmits,sotheentireprocessobviouslyoccursquickly.MostofthecollisionsthatoccuronatypicalEthernetnetworkareresolvedinmicroseconds(millionthsofasecond).ThemostimportantthingtounderstandwhenitcomestoEthernetmediaarbitrationisthatpacketcollisionsarenaturalandexpectedoccurrencesonthistypeofnetwork,andtheydonotnecessarilysignifyaproblem.IfyouuseaprotocolanalyzerorothernetworkmonitoringtooltoanalyzethetrafficonanEthernetnetwork,youwillseethatacertainnumberofcollisionsalwaysoccur.
NOTEThetypeofpacketcollisiondescribedhereisnormalandexpected,butthereisadifferenttype,calledalatecollision,thatsignifiesaseriousnetworkproblem.Thedifferencebetweenthetwotypesofcollisionsisthatnormalcollisionsaredetectableandlatecollisionsarenot.Seethenextsection,“LateCollisions,”formoreinformation.
Normalpacketcollisionsbecomeaproblemonlywhentherearetoomanyofthemandsignificantnetworkdelaysbegintoaccumulate.Thecombinationofthebackoffintervalsandtheretransmissionofthepacketsthemselves(sometimesmorethanonce)incursdelaysthataremultipliedbythenumberofpacketstransmittedbyeachcomputerandbythenumberofcomputersonthenetwork.
ThefundamentalfaultoftheCSMA/CDmechanismwasthatthemoretraffictherewasonthenetwork,themorecollisionstherewerelikelytobe.Theutilizationofanetworkisbasedonthenumberofsystemsconnectedtoitandtheamountofdatatheysendandreceiveoverthenetwork.Whenexpressedasapercentage,thenetworkutilizationrepresentstheproportionofthetimethenetworkisactuallyinuse—thatis,theamountoftimethatdataisactuallyintransit.OnanaverageEthernetnetwork,theutilizationwaslikelytobesomewhereinthe30to40percentrange.Whentheutilizationincreasestoapproximately80percent,thenumberofcollisionsincreasestothepointatwhichtheperformanceofthenetworknoticeablydegrades.Inthemostextremecase,knownasacollapse,thenetworkissoheavilytrafficked,itisalmostperpetuallyinastateofcontention,waitingforcollisionstoberesolved.Thisconditioncanconceivablybecausedbythecoincidentaloccurrenceofrepeatedcollisions,butitismorelikelytoresultfromamalfunctioningnetworkinterfacethatiscontinuouslytransmittingbadframeswithoutpausingforcarriersenseorcollisiondetection.Anadapterinthisstateissaidtobejabbering.
NOTEDatalinklayerprotocolsthatuseatoken-passingmediaaccesscontrolmechanism,suchasTokenRingandFDDI,arenotsubjecttoperformancedegradationcausedbyhigh-networktrafficlevels.Thisisbecausetheseprotocolsuseamechanismthatmakesitimpossibleformorethanonesystemonthenetworktotransmitatanyonetime.Onnetworkslikethese,collisionsarenotnormaloccurrencesandsignifyaseriousproblem.Formoreinformationontokenpassing,seeChapter12.
![Page 222: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/222.jpg)
LateCollisionsThephysicallayerspecificationsfortheEthernetprotocolaredesignedsothatthefirst64bytesofeverypackettransmissioncompletelyfilltheentireaggregatelengthofcableinthecollisiondomain.Thus,bythetimeanodehastransmittedthefirst64bytesofapacket,everyothernodeonthenetworkhasreceivedatleastthefirstbitofthatpacket.Atthispoint,theothernodeswillnottransmittheirowndatabecausetheircarriersensemechanismhasdetectedtrafficonthenetwork.
Itisessentialforthefirstbitofeachtransmittedpackettoarriveateverynodeonthenetworkbeforethelastbitleavesthesender.Thisisbecausethetransmittingsystemcandetectacollisiononlywhileitisstilltransmittingdata.(Remember,onatwisted-pairorfiber-opticnetwork,itisthepresenceofsignalsonthetransmitandreceivewiresatthesametimethatindicatesacollision.)Oncethelastbithasleftthesendingnode,thesenderconsidersthetransmissiontohavecompletedsuccessfullyanderasesthepacketfromthenetworkadapter’smemorybuffer.ItisbecauseofthiscollisiondetectionmechanismthateverypackettransmittedonanEthernetnetworkmustbeatleast64bytesinlength,evenifthesendingsystemhastopaditwithuseless(0)bitstoreachthatlength.
Ifacollisionshouldoccurafterthelastbithasleftthesendingnode,itiscalledalatecollision,orsometimesanout-of-windowcollision.(Todistinguishbetweenthetwotypesofcollisions,thenormallyoccurringtypewassometimescalledanearlycollision.)Becausethesendingsystemhasnowayofdetectingalatecollision,itconsidersthepackettohavebeentransmittedsuccessfully,eventhoughthedatahasactuallybeendestroyed.Anydatalostasaresultofalatetransmissioncannotberetransmittedbyadatalinklayerprocess.ItisuptotheprotocolsoperatingathigherlayersoftheOSImodeltodetectthedatalossandtousetheirownmechanismstoforcearetransmission.Thisprocesscantakeupto100timeslongerthananEthernetretransmission,whichisonereasonwhythistypeofcollisionisaproblem.
Latecollisionsresultfromseveraldifferentcauses.Ifanetworkinterfaceadaptershouldmalfunctionandtransmitapacketlessthan64byteslong(calledarunt),thelastbitcouldleavethesenderbeforethepackethasfullypropagatedaroundtheInternet.Inothercases,theadapter’scarriersensemechanismmightfail,causingittotransmitatthewrongtime.Inbothinstances,youshouldreplacethemalfunctioningadapter.AnotherpossiblecauseoflatecollisionsisanetworkthatdoesnotfallwithintheEthernetcablingguidelines.
PhysicalLayerGuidelinesTheEthernetspecificationsdefinenotonlythetypesofcableyoucanusewiththeprotocol,butalsotheinstallationguidelinesforthecable,suchasthemaximumlengthofcablesegmentsandthenumberofhubsorrepeaterspermitted.Asexplainedearlier,theconfigurationofthephysicallayermediumisacrucialelementoftheCSMA/CDmediaaccesscontrolmechanism.Iftheoveralldistancebetweentwosystemsonthenetworkistoolongortherearetoomanyrepeaters,diminishedperformancecanresult,whichisquitedifficulttodiagnoseandtroubleshoot.
![Page 223: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/223.jpg)
Tables10-3and10-4displaythecablingguidelines,whichvaryforeachofthemediatocompensatefortheperformancecharacteristicsofthedifferentcabletypes.
Table10-3PhysicalLayerOptionsfor10MbpsEthernet
Table10-4PhysicalLayerOptionsforToday’sEthernetTypes
10Base-5(ThickEthernet)ThickEthernet,orThickNet,usedRG-8coaxialcableinabustopologytoconnectupto100nodestoasinglesegmentnomorethan500meterslong.Becauseitcanspanlongdistancesandiswellshielded,thickEthernetwascommonlyusedforbackbonenetworksintheearlydaysofEthernet.However,RG-8cable,likeallofthecoaxialcablesusedinEthernetnetworks,cannotsupporttransmissionratesfasterthan10Mbps,whichlimitsitsutilityasabackbonemedium.Assoonasafasteralternativewasavailable(suchasFDDI),mostnetworkadministratorsabandonedthickEthernet.However,althoughitishardlyeverusedanymore,thecomponentsofathickEthernetnetworkareagoodillustrationofthevariouscomponentsinvolvedinthephysicallayerofanEthernetnetwork.
ThecoaxialcablesegmentonathickEthernetnetworkshould,wheneverpossible,beasingleunbrokenlengthofcable,oratleastbepiecedtogetherfromthesamespoolorcablelotusingNconnectorsoneachcableendandanNbarrelconnectorbetweenthem.Thereshouldbeasfewbreaksaspossibleinthecable,andifyoumustusecablefromdifferentlots,theindividualpiecesshouldbe23.4,70.2,or117meterslongtominimizethesignalreflectionsthatmayoccur.Bothendsofthebusmustbeterminatedwitha50-ohmresistorbuiltintoanNterminator,andthecableshouldbegroundedatone(andonlyone)endusingagroundingconnectorattachedtotheNterminator.
![Page 224: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/224.jpg)
NOTEFormoreinformationonRG-8andallofthecablesusedtobuildEthernetnetworks,seeChapter4.
UnlikealloftheotherEthernetphysicallayeroptions,thethickEthernetcabledidnotrundirectlytothenetworkinterfacecardinthePC.Thisisbecausethecoaxialcableitselfwaslarge,heavy,andcomparativelyinflexible.Instead,theNICisconnectedtotheRG-8trunkcablewithanothercable,calledtheattachmentunitinterface(AUI)cable.TheAUIcablehas15-pinD-shellconnectorsatbothends,oneofwhichplugsdirectlyintotheNIC,andtheotherintoamediumattachmentunit(MAU),alsoknownasatransceiver.TheMAUconnectstothecoaxialcableusingadevicecalledthemediumdependentinterface(MDI),whichclampstothecableandmakesanelectricalconnectionthroughholescutintotheinsulatingsheath.Becauseofthefanglikeappearanceoftheconnector,thisdeviceiscommonlyreferredtoasavampiretap.
NOTEDonotconfusetheMAUsusedonthickEthernetnetworkswiththemultistationaccessunits(MAUs)usedashubsonTokenRingnetworks.Themaximumof100nodesonathickEthernetcablesegment(and30nodesonaThinNetsegment)isbasedonthenumberofMAUspresentonthenetwork.BecauserepeatersincludetheirownMAUs,theycounttowardthemaximum.
NOTEIffornootherreason,theDIXEthernetstandardshouldbefondlyrememberedforusingmoresensiblenamesformanyofEthernet’stechnicalconcepts,suchascollisionratherthansignalqualityerror.TheDIXEthernetnameforthemediumattachmentunitisthetransceiver(becauseitbothtransmitsandreceives),anditsnamefortheattachmentunitinterfacecableistransceivercable.
EachstandardAUIcableonathickEthernetnetworkcouldbeupto50meterslong,whichprovidedforanaddeddegreeofflexibilityintheinstallation.StandardAUIcableswerethesamethicknessasthethickEthernetcoaxialandsimilarlyhardtoworkwith.Therewerealsothinnerandmoreflexible“office-grade”AUIcables,butthesewerelimitedtoamaximumlengthof12.5meters.
The500-metermaximumlengthforthethickEthernetcablemadeitpossibletoconnectsystemsatcomparativelylongdistancesandprovidedexcellentprotectionagainstinterferenceandattenuation.Unfortunately,thecablewasdifficulttoworkwithandevenhardertohide.Today,sitesthatrequirelongcablesegmentsorbetterinsulationareapttousefiberoptic.
10Base-2(ThinEthernet)ThinEthernet,orThinNet,wassimilarinfunctionalitytoThickEthernet,exceptthatthecablewasRG-58coaxial,about5millimetersindiameter,andmuchmoreflexible.ForthinEthernet(andallotherEthernetphysicallayeroptionsexceptthickEthernet),the
![Page 225: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/225.jpg)
MAU(transceiver)wasintegratedintothenetworkinterfacecardandnoAUIcablewasneeded.
ThinEthernetusedBayonetNeill-Concelman(BNC)connectorsandafittingcalledaT-connectorthatattachestothenetworkcardinthePC.ThisconnectorissometimeserroneouslycalledaBritishNavalConnectororBayonetNutConnector.YoucreatedthenetworkbusbyrunningacabletooneendoftheT-connector’scrossbarandthenusinganothercableontheotherendofthecrossbartoconnecttothenextsystem,asshowninFigure10-2.LikethickEthernet,athinEthernetnetworkmustbeterminatedandgrounded.Thetwosystemsattheendsofthebusmusthaveaterminatorcontaininga50-ohmresistorononeendoftheirTstoterminatethebus,andoneend(only)shouldbeconnectedtoaground.
Figure10-2ThinEthernetnetworksusedT-connectorstoformasinglecablesegmentconnectingupto30computersinabustopology.
NOTETheT-connectorsonanEthernetnetworkhadtobedirectlyconnectedtothenetworkinterfacecardsinthecomputers.UsingalengthofcabletojointheT-connectortothecomputerwasnotpermitted.
Becausethecablewasthinner,thinEthernetwasmorepronetointerferenceandattenuationandwaslimitedtoasegmentlengthof185metersandamaximumof30nodes.Eachpieceofcableformingthesegmenthadtobeatleast0.5meterslong.
ConnectorfaultswereacommonoccurrenceonthinEthernetnetworksbecauseprefabricatedcableswererelativelyrare(comparedtotwistedpair),andtheBNCconnectorswereusuallycrimpedontotheRG-58cablesbynetworkadministrators,whichcanbeatrickyprocess.Also,somecheapconnectorswerepronetoaconditioninwhichanoxidelayerbuildsupbetweentheconductorsresultinginaseriousdegradationinthenetworkconnectivity.Theseconnectorswerenotoriouslysensitivetoimpropertreatment.Anaccidentaltugorapersontrippingoveroneofthetwocablesconnectedtoeachmachineeasilyweakenedtheconnectionandcausedintermittenttransmissionproblemsthataredifficulttoisolateanddiagnose.
10Base-Tor100Base-T(Twisted-PairEthernet)MostoftheEthernetnetworkstodayuseunshieldedtwisted-pair(UTP)cable,originallyknownintheEthernetworldas10Base-T,whichsolvedseveraloftheproblemsthatplaguecoaxialcables.Today,thedifferencesareinthespeedoftransmission.
Amongotherthings,UTPEthernetnetworksare
•EasilyhiddenUTPcablescanbeinstalledinsidewalls,floors,andceilingswithstandardwallplatesprovidingaccesstothenetwork.Onlyasingle,thin
![Page 226: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/226.jpg)
cablehastoruntothecomputer.PullingtoohardonaUTPcableinstalledinthismannerdamagesonlyaneasilyreplaceablepatchcableconnectingthecomputertothewallplate.•FaulttolerantUTPnetworksuseastartopologyinwhicheachcomputer
hasitsowndedicatedcablerunningtothehub.Abreakinacableoralooseconnectionaffectsonlythesinglemachinetowhichitisconnected.
•UpgradeableUTPcableinstallationrunning10MbpsEthernetor100MbpsEthernetcanbeupgradedatalatertime.
Unshieldedtwisted-paircableconsistsoffourpairsofwiresinasinglesheath,witheachpairtwistedtogetheratregularintervalstoprotectagainstcrosstalkand8-pinRJ-45connectorsatbothends.Sincethisisn’tabusnetwork,noterminationorgroundingisnecessary.Both10Base-Tand100Base-TEthernetuseonlytwoofthefourwirepairsinthecable,however:onepairfortransmittingdatasignals(TD)andoneforreceivingthem(RD),withonewireineachpairhavingapositivepolarityandoneanegative.
Unlikecoaxialnetworks,10Base-Tcallsfortheuseofahub.Thisisadevicethatfunctionsbothasawiringnexusandasasignalrepeater,towhicheachofthenodesonthenetworkhasanindividualconnection(seeFigure10-3).Themaximumlengthforeachcablesegmentis100meters,butbecausethereisnearlyalwaysaninterveninghubthatrepeatsthesignals,thetotaldistancebetweentwonodescanbeasmuchas200meters.
Figure10-310Base-Tnetworksusedahubtoconnectallthenetworknodesinastartopology.
UTPcablesaretypicallywiredstraightthrough,meaningthewireforeachpinisconnectedtothecorrespondingpinattheotherendofthecable.Fortwonodestocommunicate,however,theTDsignalsgeneratedbyeachmachinemustbedeliveredtotheRDconnectionsintheothermachine.Inmostcases,thisisaccomplishedbyacrossovercircuitwithinthehub.Youcanconnecttwocomputersdirectlytogetherwithoutahubbyusingacrossovercable,though,whichconnectstheTDsignalsateachendtotheRDsignalsattheotherend.
![Page 227: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/227.jpg)
NOTEFormoreinformationonnetworkcablesandtheirinstallation,seeChapter4.Formoreinformationonhubsandrepeaters,seeChapter6.
Fiber-OpticEthernetFiber-opticcableisaradicaldeparturefromthecopper-based,physicallayeroptionsdiscussedsofar.Becauseitusespulsesoflightinsteadofelectriccurrent,fiberopticisimmunetoelectromagneticinterferenceandismuchmoreresistanttoattenuationthancopper.Asaresult,fiber-opticcablecanspanmuchlongerdistances,andbecauseoftheelectricisolationitprovides,itissuitablefornetworklinksbetweenbuildings.Fiber-opticcableisanexcellentmediumfordatacommunications,butinstallingandmaintainingitissomewhatmoreexpensivethancopper,anditrequirescompletelydifferenttoolsandskills.
Themediumitselfonafiber-opticEthernetnetworkistwostrandsof62.5/125multimodefibercable,withonestrandusedtotransmitsignalsandonetoreceivethem.
Thereweretwomainfiber-opticstandardsfor10MbpsEthernet:theoriginalFOIRLstandardand10Base-F,whichdefinesthreedifferentfiber-opticconfigurationscalled10Base-FL,10Base-FB,and10Base-FP.Ofallthesestandards,10Base-FLwasalwaysthemostpopular,butrunningfiber-opticcableat10Mbpsisanunderuseofthemedium’spotentialthatbordersonthecriminal.Nowthat100Mbpsdatalinklayerprotocols,suchasFastEthernetandFDDI,runonthesamefiber-opticcable,thereisnoreasontouseanyoftheseslowersolutionsinanewinstallation.
FOIRLTheoriginalfiber-opticstandardforEthernetfromtheearly1980swascalledtheFiber-OpticInter-RepeaterLink(FOIRL).Itwasdesignedtofunctionasalinkbetweentworepeatersupto1,000metersaway.Intendedforuseincampusnetworks,FOIRLcouldjointwodistantnetworks,particularlythoseinadjacentbuildings,usingafiber-opticcable.
10Base-FLThe10Base-FsupplementwasdevelopedbytheIEEE802.3committeetoprovideagreatervarietyoffiber-opticalternativesforEthernetnetworks.Designedwithbackwardcompatibilityinmind,10Base-FLwastheIEEEcounterparttoFOIRL.Itincreasedthemaximumlengthofafiber-opticlinkto2,000metersandpermittedconnectionsbetweentworepeaters,twocomputers,oracomputerandarepeater.
Asinallofthe10Base-Fspecifications,acomputerconnectedtothenetworkusesanexternalfiber-opticMAU(orFOMAU)andanAUIcableupto25meterslong.Theotherendofthecableconnectstoafiber-opticrepeatinghubthatprovidesthesamebasicfunctionsasahubforcoppersegments.
CablingGuidelinesInadditiontotheminimumandmaximumsegmentlengthsforthevarioustypesof
![Page 228: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/228.jpg)
10BaseEthernetmedia,thestandardsimposedlimitsonthenumberofrepeatersyoucoulduseinasinglecollisiondomain.ThiswasnecessarytoensurethateverypackettransmittedbyanEthernetnodebegantoreachitsdestinationbeforethelastbitleftthesender.Ifthedistancetraveledbyapacketwastoolong,thesenderwasunabletodetectcollisionsreliably,anddatalossescouldoccur.
LinkSegmentsandMixingSegmentsWhendefiningthelimitsonthenumberofrepeatersallowedonthenetwork,the802.3standarddistinguishesbetweentwotypesofcablesegments,calledlinksegmentsandmixingsegments.Alinksegmentisalengthofcablethatjoinsonlytwonodes,whileamixingsegmentjoinsmorethantwo.
The5-4-3RuleTheEthernetstandardsstatethat,inasingleEthernetcollisiondomain,theroutetakenbetweenanytwonodesonthenetworkcanconsistofnomorethanfivecablesegments,joinedbyfourrepeaters,andonlythreeofthesegmentscanbemixingsegments.ThisisknownastheEthernet5-4-3rule.Thisruleismanifestedindifferentways,dependingonthetypeofcableusedforthenetworkmedium.
NOTEAcollisiondomainisdefinedasanetworkconfigurationonwhichtwonodestransmittingdataatthesametimewillcauseacollision.Theuseofbridges,switches,orintelligenthubs,insteadofstandardrepeaters,doesnotextendthecollisiondomainanddoesnotfallundertheEthernet5-4-3rule.Ifyouhaveanetworkthathasreacheditsmaximumsizebecauseofthisrule,youshouldconsiderusingoneofthesedevicestocreateseparatecollisiondomains.SeeChapter6formoreinformation.
Onacoaxialnetwork,whetheritwasthickorthinEthernet,youcouldhavefivecablesegmentsjoinedbyfourrepeaters.Onacoaxialnetwork,arepeaterhadonlytwoportsanddidnothingbutamplifythesignalasittraveledoverthecable.Asegmentisthelengthofcablebetweentworepeaters,eventhoughinthecaseofthinEthernetthesegmentcouldconsistofmanyseparatelengthsofcable.ThisrulemeantthattheoveralllengthofathickEthernetbus(calledthemaximumcollisiondomaindiameter)couldbe2,500meters(500×5),whileathinEthernetbuscouldbeupto925meters(185×5)long.
Oneitherofthesenetworks,however,onlythreeofthecablesegmentsactuallyhadnodesconnectedtothem(seeFigure10-4).Youcanusethetwolinksegmentstojoinmixingsegmentslocatedatsomedistancefromeachother,butyoucannotpopulatethemwithcomputersorotherdevices.
![Page 229: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/229.jpg)
Figure10-4Coaxialnetworksconsistedofuptofivecablesegments,withonlythreeofthefiveconnectedtocomputersorotherdevices.
UTPCablingOna10Base-TUTPnetwork,thesituationwasdifferent.Becausetherepeatersonthistypeofnetworkwereactuallymultiporthubsorswitches,everycablesegmentconnectinganodetothehubisalinksegment.Youcanhavefourhubsinacollisiondomainthatareconnectedtoeachotherandeachofwhichcanbeconnectedtoasmanynodesasthehubcansupport(seeFigure10-5).Becausedatatravelingfromonenodetoanyothernodepassesthroughamaximumofonlyfourhubsandbecauseallthesegmentsarelinksegments,thenetworkisincompliancewiththeEthernetstandards.
Figure10-5Twisted-pairnetworksuselinksegmentstoconnecttothecomputers,makingitpossibletohavefourpopulatedhubs.
NOTEOnepotentiallycomplicatingfactortothisarrangementwaswhenyouconnected10Base-ThubsusingthinEthernetcoaxialcable.Some10Base-ThubsincludedBNCconnectorsthatenabledyoutouseabusto
![Page 230: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/230.jpg)
chainmultiplehubstogether.Whenyoudidthiswithmorethantwohubsconnectedbyasinglecoaxialsegment,youwereactuallycreatingamixingsegment,andyouhadtocountthistowardthemaximumofthreemixingsegmentspermittedonthenetwork.
The10Base-Fspecificationsincludedsomemodificationstothe5-4-3rule.Whenfivecablesegmentswerepresentona10Base-Fnetworkconnectedbyfourrepeaters,FOIRL,10Base-FL,and10Base-FBsegmentscouldbenomorethan500meterslong.10Base-FPsegmentscanbenomorethan300meterslong.
EthernetTimingCalculationsThe5-4-3ruleisageneralguidelinethatisusuallyaccurateenoughtoensureyournetworkwillperformproperly.However,itisalsopossibletoassessthecomplianceofanetworkwiththeEthernetcablingspecificationsmorepreciselybycalculatingtwomeasurements:theround-tripsignaldelaytimeandtheinterframegapshrinkagefortheworst-casepaththroughyournetwork.
Theround-tripsignaldelaytimeistheamountoftimeittakesabittotravelbetweenthetwomostdistantnodesonthenetworkandbackagain.Theinterframegapshrinkageistheamountthenormal96-bitdelaybetweenpacketsisreducedbynetworkconditions,suchasthetimerequiredforrepeaterstoreconstructasignalbeforesendingitonitsway.
Inmostcases,thesecalculationsareunnecessary;aslongasyoucomplywiththe5-4-3rule,yournetworkshouldfunctionproperly.IfyouareplanningtoexpandacomplexnetworktothepointatwhichitpushesthelimitsoftheEthernetguidelines,however,itmightbeagoodideatogetaprecisemeasurementtoensurethateverythingfunctionsasitshould.Ifyouendupwithaseverelatecollisionproblemthatrequiresanexpensivenetworkupgradetoremedy,yourbossisn’tlikelytowanttohearabouthowreliablethe5-4-3ruleusuallyis.
NOTECalculatingtheround-tripsignaldelaytimeandtheinterframegapshrinkageforyournetworkisnotpartofaremedyforexcessivenumbersofearlycollisions.
FindingtheWorst-CasePathTheworst-casepathistheroutedatatakeswhentravelingbetweenthetwomostdistantnodesonthenetwork,bothintermsofsegmentlengthandnumberofrepeaters.Onarelativelysimplenetwork,youcanfindtheworstcasepathbychoosingthetwonodesonthetwooutermostnetworksegmentseitherthathavethelongestlinksegmentsconnectingthemtotherepeaterorthatareatthefarendsofthecablebus,asshowninFigure10-6.
![Page 231: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/231.jpg)
Figure10-6Onasimplenetworkwithall10Base-Tsegments,theworst-casepathranbetweenthenodeswiththelongestcablesonbothendsegments.
Onmorecomplexnetworksusingvarioustypesofcablesegments,youhavetoselectseveralpathstotestyournetwork.Inaddition,youmayhavetoaccountforthevariationscausedbyhavingdifferentcablesegmenttypesattheleftandrightendsofthepath.
Ifyournetworkiswelldocumented,youshouldhaveaschematiccontainingtheprecisedistancesofallyourcableruns.Youneedthesefigurestomakeyourcalculations.Ifyoudon’thaveaschematic,determiningtheexactdistancesmaybethemostdifficultpartofthewholeprocess.Themostaccuratemethodfordeterminingthelengthofacablerunistouseamultifunctioncabletester,whichutilizesatechniquecalledtimedomainreflectometry(TDR).TDRissimilartoradar,inthattheunittransmitsatestsignal,preciselymeasuresthetimeittakesthesignaltotraveltotheotherendofthecableandbackagain,andthenusesthisinformationtocomputethecable’slength.Ifyoudon’thaveacabletesterwithTDRcapabilities,youcanmeasurethecablelengthsmanuallybyestimatingthedistancesbetweentheconnectors.Thiscanbeparticularlydifficultwhencablesareinstalledinsidewallsandceilingsbecausetheremaybeunseenobstaclesthatextendthelengthofthecable.Ifyouusethismethod,youshoulderronthesideofcautionandincludeanadditionaldistancefactortoaccountforpossibleerrors.Alternatively,youcansimplyusethemaximumallowablecabledistancesforthevariouscablesegments,aslongasyouaresurethecablerunsdonotexceedtheEthernetstandard’smaximumsegmentlengthspecifications.
Onceyouhavedeterminedtheworst-casepath(orpaths)youwilluseforyourcalculations,it’sagoodideatocreateasimplediagramofeachpathwiththecabledistancesinvolved.Eachpathwillhaveleftandrightendsegmentsandmayhaveoneormoremiddlesegments.Youwillthenperformyourcalculationsontheindividualsegmentsandcombinetheresultstotesttheentirepath.
ExceedingEthernetCablingSpecificationsTheEthernetspecificationshaveacertainamountofleewaybuiltintothemthatmakesitpossibletoexceedthecablinglimitations,withinreason.Ifanetworkhasanextrarepeateroracablethat’salittletoolong,itwillprobablycontinuetofunctionwithoutcausingthelatecollisionsthatoccurwhenthespecificationsaregrosslyexceeded.Youcanseehow
![Page 232: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/232.jpg)
thisissobycalculatingtheactualamountofcoppercablefilledbyanEthernetsignal.
Electricalsignalspassingthroughacoppercabletravelatapproximately200,000,000meters/second(2/3ofthespeedoflight).Ethernettransmitsat10Mbps,or10,000,000bits/second.Bydividing200,000,000by10,000,000,youarriveatafigureof20metersofcableforeverytransmittedbit.Thus,thesmallestpossibleEthernetframe,whichis512bits(64bytes)long,occupies10,240metersofcoppercable.
IfyoutakethelongestpossiblelengthofcoppercablepermittedbytheEthernetstandards,a500-meterthickEthernetsegment,youcanseethattheentire500meterswouldbefilledbyonly25bitsofdata(at20meters/bit).Twonodesatthefarendsofthesegmentwouldhavearound-tripdistanceof1,000meters.
Whenoneofthetwonodestransmits,acollisioncanoccuronlyiftheothernodealsobeginstransmittingbeforethesignalreachesit.Ifyougrantthatthesecondnodebeginstransmittingatthelastpossiblemomentbeforethefirsttransmissionreachesit,thenthefirstnodecansendnomorethan50bits(occupying1,000metersofcable,500downand500back)beforeitdetectsthecollisionandceasestransmitting.Obviously,this50bitsiswellbelowthe512-bitbarrierthatseparatesearlyfromlatecollisions.
Ofcourse,thisexampleinvolvesonlyonesegment.ButevenifyouextendathickEthernetnetworktoitsmaximumcollisiondomaindiameter—fivesegmentsof500meterseach,or2,500meters—anodewouldstilltransmitonly250bits(occupying5,000metersofcable,2,500downand2,500back)beforedetectingacollision.
Thus,youcanseethattheEthernetspecificationsfortheround-tripsignaldelaytimearefullytwiceasstrictastheyneedtobeinthecaseofathickEthernetnetwork.Fortheothercoppermedia,thinEthernetand10Base-T,thespecificationsareevenmorelaxbecausethemaximumsegmentlengthsaresmaller,whilethesignalingspeedremainsthesame.Forafull-lengthfive-segment10Base-Tnetworkonly500meterslong,thespecificationistentimesstricterthanitneedstobe.
Thisisnottosaythatyoucansafelydoublethemaximumcablelengthsonyournetworkacrosstheboardorinstalladozenrepeaters(althoughitispossibletosafelylengthenthesegmentsona10Base-Tnetworkupto150metersifyouuseCategory5UTPcableinsteadofCategory3).Otherfactorscanaffecttheconditionsonyournetworktobringitclosertothelimitsdefinedbythespecifications.Infact,thesignaltimingisnotasmuchofarestrictingfactoron10MbpsEthernetinstallationsasisthesignalstrength.Theweakeningofthesignalduetoattenuationisfarmorelikelytocauseperformanceproblemsonanoverextendednetworkthanareexcesssignaldelaytimes.ThepointhereistodemonstratethatthedesignersoftheEthernetprotocolbuiltasafetyfactorintothenetworkfromthebeginning,perhapspartiallyexplainingwhyitcontinuestoworksowellmorethan20yearslater.
TheEthernetFrameTheEthernetframeisthesequenceofbitsthatbeginsandendseveryEthernetpackettransmittedoveranetwork.TheframeconsistsofaheaderandfooterthatsurroundandencapsulatethedatageneratedbytheprotocolsoperatingathigherlayersoftheOSI
![Page 233: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/233.jpg)
model.Theinformationintheheaderandfooterspecifiestheaddressesofthesystemsendingthepacketandthesystemthatistoreceiveitandalsoperformsseveralotherfunctionsthatareimportanttothedeliveryofthepacket.
TheIEEE802.3FrameThebasicEthernetframeformat,asdefinedbytheIEEE802.3standard,isshowninFigure10-7.Thefunctionsoftheindividualfieldsarediscussedinthefollowingsections.
Figure10-7TheEthernetframeenclosesthedatapasseddowntheprotocolstackfromthenetworklayerandpreparesitfortransmission.
PreambleandStartofFrameDelimiterThepreambleconsistsof7bytesofalternatingzerosandones,whichthesystemsonthenetworkusetosynchronizetheirclocksandthendiscard.TheManchesterencoding
![Page 234: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/234.jpg)
schemeEthernetusesrequirestheclocksoncommunicatingsystemstobeinsyncsothattheybothagreeonhowlongabittimeis.Systemsinidlemode(thatis,notcurrentlytransmittingandnotintheprocessofrectifyingacollision)areincapableofreceivinganydatauntiltheyusethesignalsgeneratedbythealternatingbitvaluesofthepreambletopreparefortheforthcomingdatatransmission.
NOTEFormoreinformationonManchesterencodingandthesignalingthatoccursatthephysicallayer,seeChapter2.
Bythetimethe7bytesofthepreamblehavebeentransmitted,thereceivingsystemhassynchronizeditsclockwiththatofthesender,butthereceiverisalsounawareofhowmanyofthe7byteshaveelapsedbeforeitfellintosync.Tosignalthecommencementoftheactualpackettransmission,thesendertransmitsa1-bytestartofframedelimiter,whichcontinuesthealternatingzerosandones,exceptforthelasttwobits,whicharebothones.Thisisthesignaltothereceiverthatanydatafollowingispartofadatapacketandshouldbereadintothenetworkadapter’smemorybufferforprocessing.
DestinationAddressandSourceAddressAddressingisthemostbasicfunctionoftheEthernetframe.Becausetheframecanbesaidtoformanenvelopeforthenetworklayerdatacarriedinsideit,itisonlyfittingthattheenvelopehaveanaddress.TheaddressestheEthernetprotocolusestoidentifythesystemsonthenetworkare6byteslongandhard-codedintothenetworkinterfaceadaptersineachmachine.TheseaddressesarereferredtoashardwareaddressesorMACaddresses.ThehardwareaddressoneveryEthernetadaptermadeisunique.TheIEEEassigns3-byteprefixestoNICmanufacturersthatitcallsorganizationallyuniqueidentifiers(OUIs),andthemanufacturerssupplytheremaining3bytes.Whentransmittingapacket,itisthenetworkadapterdriveronthesystemthatgeneratesthevaluesforthedestinationaddressandsourceaddressfields.
Thedestinationaddressfieldidentifiesthesystemtowhichthepacketisbeingsent.Theaddressmayidentifytheultimatedestinationofthepacketifit’sonthelocalnetwork,ortheaddressmaybelongtoadevicethatprovidesaccesstoanothernetwork,suchasarouter.Addressesatthedatalinklayeralwaysidentifythepacket’snextstoponthelocalnetwork.Itisuptothenetworklayertocontrolend-to-endtransmissionandtoprovidetheaddressofthepacket’sultimatedestination.
EverynodeonasharedEthernetnetworkreadsthedestinationaddressfromtheheaderofeverypackettransmittedbyeverysystemonthenetworktodeterminewhethertheheadercontainsitsownaddress.Asystemreadingtheframeheaderandrecognizingitsownaddressthenreadstheentirepacketintoitsmemorybuffersandprocessesitaccordingly.Adestinationaddressofallonessignifiesthatthepacketisabroadcast,meaningitisintendedforallofthesystemsonthenetwork.Certainaddressescanalsobedesignatedasmulticastaddressesbythenetworkingsoftwareonthesystem.Amulticastaddressidentifiesagroupofsystemsonthenetwork,allofwhicharetoreceivecertainmessages.
Thesourceaddressfieldcontainsthe6-byteMACaddressofthesystemsendingthe
![Page 235: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/235.jpg)
packet.(Thespecificationsallowfor2-byteaddressesaswell.)
LengthThelengthfieldinan802.3frameis2byteslongandspecifieshowmuchdataisbeingcarriedasthepacket’spayloadinbytes.Thisfigureincludesonlytheactualupper-layerdatainthepacket.ItdoesnotincludetheframefieldsfromtheheaderorfooteroranypaddingthatmighthavebeenaddedtothedatafieldtoreachtheminimumsizeforanEthernetpacket(64bytes).ThemaximumsizeforanEthernetpacket,includingtheframe,is1,518bytes.Becausetheframeconsistsof18bytes,themaximumvalueforthelengthfieldis1,500.
DataandPadThedatafieldcontainsthepayloadofthepacket—thatis,the“contents”oftheenvelope.Aspasseddownfromthenetworklayerprotocol,thedatawillincludeanoriginalmessagegeneratedbyanupper-layerapplicationorprocess,plusanyheaderinformationaddedbytheprotocolsintheinterveninglayers.Inaddition,an802.3packetwillcontainthe3-bytelogicallinkcontrolheaderinthedatafield.
Forexample,thepayloadofapacketcontaininganInternethostnametoberesolvedintoanIPaddressbyaDNSserverconsistsoftheoriginalDNSmessagegeneratedattheapplicationlayer,aheaderappliedbytheUDPprotocolatthetransportlayer,aheaderappliedbytheIPprotocolatthenetworklayer,andtheLLCheader.Althoughthesethreeadditionalheadersarenotpartoftheoriginalmessage,totheEthernetprotocoltheyarejustpayloadthatiscarriedinthedatafieldlikeanyotherinformation.Justaspostalworkersarenotconcernedwiththecontentsoftheenvelopestheycarry,theEthernetprotocolhasnoknowledgeofthedatawithintheframe.
TheentireEthernetpacket(excludingthepreambleandthestartofframedelimiter)mustbeaminimumof64bytesinlengthfortheprotocol’scollisiondetectionmechanismtofunction.
Therefore,subtracting18bytesfortheframe,thedatafieldmustbeatleast46byteslong.Ifthepayloadpasseddownfromthenetworklayerprotocolistooshort,theEthernetadapteraddsastringofmeaninglessbitstopadthedatafieldouttotherequisitelength.
ThemaximumallowablelengthforanEthernetpacketis1,518bytes,meaningthedatafieldcanbenolargerthan1,500bytes(includingtheLLCheader).
FrameCheckSequenceThelast4bytesoftheframe,followingthedatafield(andthepad,ifany),carryachecksumvaluethereceivingnodeusestodeterminewhetherthepackethasarrivedintact.Justbeforetransmission,thenetworkadapteratthesendingnodecomputesacyclicredundancycheck(CRC)onallofthepacket’sotherfields(exceptforthepreambleandthestartofframedelimiter)usinganalgorithmcalledtheAUTODINIIpolynomial.ThevalueoftheCRCisuniquelybasedonthedatausedtocomputeit.
Whenthepacketarrivesatitsdestination,thenetworkadapterinthereceivingsystemreadsthecontentsoftheframeandperformsthesamecomputation.Bycomparingthe
![Page 236: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/236.jpg)
newlycomputedvaluewiththeoneintheFCSfield,thesystemcanverifythatnoneofthepacket’sbitvalueshaschanged.Ifthevaluesmatch,thesystemacceptsthepacketandwritesittothememorybuffersforprocessing.Ifthevaluesdon’tmatch,thesystemdeclaresanalignmenterroranddiscardstheframe.Thesystemwillalsodiscardtheframeifthenumberofbitsinthepacketisnotamultipleof8.Onceaframeisdiscarded,itisuptothehigher-layerprotocolstorecognizeitsabsenceandarrangeforretransmission.
TheEthernetIIFrameThefunctionofthe2-bytefieldfollowingthesourceaddresswasdifferentintheframeformatsofthetwopredominantEthernetstandards.Whilethe802.3frameusesthisfieldtospecifythelengthofthedatainthepacket,theEthernetIIstandardusedittospecifytheframetype,alsocalledtheEthertype.TheEthertypespecifiesthememorybufferinwhichtheframeshouldbestored.Thelocationofthememorybufferspecifiedinthisfieldidentifiesthenetworklayerprotocolforwhichthedatacarriedintheframeisintended.
Thisisacrucialelementofeveryprotocoloperatinginthedatalink,network,andtransportlayersofasystem’snetworkingstack.Thedatainthepacketmustbedeliverednotonlytothepropersystemonthenetwork,butalsototheproperapplicationorprocessonthatsystem.Becausethedestinationcomputercanberunningmultipleprotocolsatthenetworklayeratthesametime,suchasIP,NetBEUI,andIPX,theEthertypefieldinformstheEthernetadapterdriverwhichoftheseprotocolsshouldreceivethedata.
WhenasystemreadstheheaderofanEthernetpacket,theonlywaytotellanEthernetIIframefroman802.3framewasbythevalueofthelength/Ethertypefield.Becausethevalueofthe802.3lengthfieldcanbenohigherthan1,500(0x05DC,inhexadecimalnotation),theEthertypevaluesassignedtothedevelopersofthevariousnetworklayerprotocolsareallhigherthan1,500.
TheLogicalLinkControlSublayerTheIEEEsplitsthefunctionalityofthedatalinklayerintotwosublayers:mediaaccesscontrolandlogicallinkcontrol.OnanEthernetnetwork,theMACsublayerincludeselementsofthe802.3standard:thephysicallayerspecifications,theCSMA/CDmechanism,andthe802.3frame.ThefunctionsoftheLLCsublayeraredefinedinthe802.2standard,whichisalsousedwiththeother802MACstandards.
TheLLCsublayeriscapableofprovidingavarietyofcommunicationsservicestonetworklayerprotocols,includingthefollowing:
•UnacknowledgedconnectionlessserviceMultisourceagreements(MSA)simpleservicethatprovidesnoflowcontrolorerrorcontrolanddoesnotguaranteeaccuratedeliveryofdata
•Connection-orientedserviceMSAfullyreliableservicethatguaranteesaccuratedatadeliverybyestablishingaconnectionwiththedestinationbeforetransmittingdataandbyusingerrorandflowcontrolmechanisms
•AcknowledgedconnectionlessserviceMSAmidrangeservicethatusesacknowledgmentmessagestoprovidereliabledeliverybutthatdoesnotestablish
![Page 237: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/237.jpg)
aconnectionbeforetransmittingdata
Onatransmittingsystem,thedatapasseddownfromthenetworklayerprotocolisencapsulatedfirstbytheLLCsublayerintowhatthestandardcallsaprotocoldataunit(PDU).ThenthePDUispasseddowntotheMACsublayer,whereitisencapsulatedagaininaheaderandfooter,atwhichpointitcantechnicallybecalledaframe.InanEthernetpacket,thismeansthedatafieldofthe802.3framecontainsa3-or4-byteLLCheader,inadditiontothenetworklayerdata,thusreducingthemaximumamountofdataineachpacketfrom1,500to1,496bytes.
TheLLCheaderconsistsofthreefields,thefunctionsofwhicharedescribedinthefollowingsections.
DSAPandSSAPThedestinationserviceaccesspoint(DSAP)fieldidentifiesalocationinthememorybuffersonthedestinationsystemwherethedatainthepacketshouldbestored.Thesourceserviceaccesspoint(SSAP)fielddoesthesameforthesourceofthepacketdataonthetransmittingsystem.Bothofthese1-bytefieldsusevaluesassignedbytheIEEE,whichfunctionsastheregistrarfortheprotocol.
InanEthernetSNAPpacket,thevalueforboththeDSAPandSSAPfieldsis170(or0xAA,inhexadecimalform).ThisvalueindicatesthatthecontentsoftheLLCPDUbeginwithaSubnetworkAccessProtocol(SNAP)header.TheSNAPheaderprovidesthesamefunctionalityastheEthertypefieldtothe802.3frame.
ControlThecontrolfieldoftheLLCheaderspecifiesthetypeofserviceneededforthedatainthePDUandthefunctionofthepacket.Dependingonwhichoftheservicesisrequired,thecontrolfieldcanbeeither1or2byteslong.InanEthernetSNAPframe,forexample,theLLCusestheunacknowledged,connectionlessservice,whichhasa1-bytecontrolfieldvalueusingwhatthestandardcallstheunnumberedformat.Thevalueforthecontrolfieldis3,whichisdefinedasanunnumberedinformationframe—thatis,aframecontainingdata.Unnumberedinformationframesarequitesimpleandsignifyeitherthatthepacketcontainsanoncriticalmessageorthatahigher-layerprotocolissomehowguaranteeingdeliveryandprovidingotherhigh-levelservices.
Theothertwotypesofcontrolfields(whichare2byteseach)aretheinformationformatandthesupervisoryformat.Thethreecontrolfieldformatsaredistinguishedbytheirfirstbits,asfollows:
•Theinformationformatbeginswitha0bit.
•Thesupervisoryformatbeginswitha1bitanda0bit.
•Theunnumberedformatbeginswithtwo1bits.
TheremainderofthebitsspecifytheprecisefunctionofthePDU.Inamorecomplexexchangeinvolvingtheconnection-orientedservice,unnumberedframescontaincommands,suchasthoseusedtoestablishaconnectionwiththeothersystemandterminateitattheendofthetransmission.Thecommandstransmittedinunnumbered
![Page 238: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/238.jpg)
framesareasfollows:
•Unnumberedinformation(UI)Usedtosenddataframesbytheunacknowledged,connectionlessservice
•Exchangeidentification(XID)Usedasbothacommandandaresponseintheconnection-orientedandconnectionlessservices
•TESTUsedasbothacommandandaresponsewhenperforminganLLCloopbacktest
•Framereject(FRMR)Usedasaresponsewhenaprotocolviolationoccurs
•SetAsynchronousBalancedModeExtended(SABME)Usedtorequestthataconnectionbeestablished
•Unnumberedacknowledgment(UA)UsedasthepositiveresponsetotheSABMEmessage
•Disconnectmode(DM)UsedasanegativeresponsetotheSABMEmessage
•Disconnect(DISC)Usedtorequestthataconnectionbeclosed;aresponseofeitherUAorDMisexpected
Informationframescontaintheactualdatatransmittedduringconnection-orientedandacknowledgedconnectionlesssessions,aswellastheacknowledgmentmessagesreturnedbythereceivingsystem.Onlytwotypesofmessagesaresentininformationframes:N(S)andN(R)forthesendandreceivepackets,respectively.Bothsystemstrackthesequencenumbersoftheframestheyreceive.AnN(S)messageletsthereceiverknowhowmanypacketsinthesequencehavebeensent,andanN(R)messageletsthesenderknowwhatpacketinthesequenceitexpectstoreceive.
Supervisoryframesareusedonlybytheconnection-orientedserviceandprovideconnectionmaintenanceintheformofflowcontrolanderror-correctionservices.Thetypesofsupervisorymessagesareasfollows:
•Receiverready(RR)Usedtoinformthesenderthatthereceiverisreadyforthenextframeandtokeepaconnectionalive
•Receivernotready(RNR)UsedtoinstructthesendernottosendanymorepacketsuntilthereceivertransmitsanRRmessage
•Framereject(REJ)Usedtoinformthesenderofanerrorandrequestretransmissionofallframessentafteracertainpoint
LLCApplicationsInsomecases,theLLCframeplaysonlyaminorroleinthenetworkcommunicationsprocess.OnanetworkrunningTCP/IPalongwithotherprotocols,forexample,theonlyfunctionofLLCmaybetoenable802.3framestocontainaSNAPheader,whichspecifiesthenetworklayerprotocoltheframeshouldgoto,justliketheEthertypeinanEthernetIIframe.Inthisscenario,theLLCPDUsallusetheunnumberedinformationformat.Otherhigh-levelprotocols,however,requiremoreextensiveservicesfromLLC.
![Page 239: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/239.jpg)
TheSNAPHeaderBecausetheIEEE802.3frameheaderdoesnothaveanEthertypefield,itwouldnormallybeimpossibleforareceivingsystemtodeterminewhichnetworklayerprotocolshouldreceivetheincomingdata.Thiswouldnotbeaproblemifyouranonlyonenetworklayerprotocol,butwithmultipleprotocolsinstalled,itbecomesaseriousproblem.802.3packetsaddressthisproblembyusingyetanotherprotocolwithintheLLCPDU,calledtheSubnetworkAccessProtocol.
TheSNAPheaderis5byteslongandfounddirectlyaftertheLLCheaderinthedatafieldofan802.3frame.Thefunctionsofthefieldsareasfollows:
•OrganizationcodeTheorganizationcode,orvendorcode,isa3-bytefieldthattakesthesamevalueasthefirst3bytesofthesourceaddressinthe802.3header.
•LocalcodeThelocalcodeisa2-bytefieldthatisthefunctionalequivalentoftheEthertypefieldintheEthernetIIheader.
NOTEMany,ifnotall,oftheregisteredvaluesfortheNIChardwareaddressprefixes,theEthertypefield,andtheDSAP/SSAPfieldsarelistedinthe“AssignedNumbers”documentpublishedasarequestforcomments(RFC)bytheInternetEngineeringTaskForce(IETF).Findthecurrentversionnumberforthisdocumentatwww.ietf.org/rfc.html.
Full-DuplexEthernetTheCSMA/CDmediaaccesscontrolmechanismisthedefiningelementoftheEthernetprotocol,butitisalsothesourceofmanyofitslimitations.ThefundamentalshortcomingoftheEthernetprotocolisthatdatacantravelinonlyonedirectionatatime.Thisisknownashalf-duplexoperation.Withspecialhardware,itisalsopossibletorunEthernetconnectionsinfull-duplexmode,meaningthatthedevicecantransmitandreceivedatasimultaneously.Thiseffectivelydoublesthebandwidthofthenetwork.Full-duplexcapabilityforEthernetnetworkswasstandardizedinthe802.3xsupplementtothe802.3standardin1997.
Whenoperatinginfull-duplexmode,theCSMA/CDMACmechanismisignored.Systemsdonotlistentothenetworkbeforetransmitting;theysimplysendtheirdatawhenevertheywant.Becausebothofthesystemsinafull-duplexlinkcantransmitandreceivedataatthesametime,thereisnopossibilityofcollisionsoccurring.Becausenocollisionsoccur,thecablingrestrictionsintendedtosupportthecollisiondetectionmechanismarenotneeded.Thismeansyoucanhavelongercablesegmentsonafull-duplexnetwork.Theonlylimitationisthesignaltransmittingcapability(thatis,theresistancetoattenuation)ofthenetworkmediumitself.
ThisisaparticularlyimportantpointonaFastEthernetnetworkusingfiber-opticcablebecausethecollisiondetectionmechanismisresponsibleforitsrelativelyshortmaximumsegmentlengths.Whileahalf-duplex100Base-FXlinkbetweentwodevices
![Page 240: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/240.jpg)
canbeamaximumofonly412meterslong,thesamelinkoperatinginfull-duplexmodecanbeupto2,000meters(2km)longbecauseitisrestrictedonlybythestrengthofthesignal.A100Base-FXlinkusingsingle-modefiber-opticcablecanspandistancesof20kmormore.Thesignalattenuationontwisted-pairnetworks,however,makes10Base-T,100Base-TX,and1000Base-Tnetworksstillsubjecttothe100-metersegmentlengthrestriction.
Full-DuplexRequirementsTherearethreerequirementsforfull-duplexEthernetoperation:
•Anetworkmediumwithseparatetransmitandreceivechannels
•Adedicatedlinkbetweentwosystems
•Networkinterfaceadaptersandswitchesthatsupportfull-duplexoperation
Full-duplexEthernetispossibleonlyonlinksegmentsthathaveseparatechannelsforthecommunicationsineachdirection.Thismeansthattwisted-pairandfiber-opticnetworkscansupportfull-duplexcommunicationsusingregular,Fast,andGigabitEthernet,butcoaxialcablecannot.OftheEthernetvariantsusingtwisted-pairandfiber-opticcables,10Base-FBand10Base-FPdidnotsupportfull-duplex(whichisnotagreatloss,sincenooneusedthem),nordoes100Base-T4(whichisalsorarelyused).Alloftheothernetworktypessupportfull-duplexcommunications.
Full-duplexEthernetalsorequiresthateverytwocomputershaveadedicatedlinkbetweenthem.Thismeansyoucan’tuserepeatinghubsonafull-duplexnetworkbecausethesedevicesoperateinhalf-duplexmodebydefinitionandcreateasharednetworkmedium.Instead,youmustuseswitches,alsoknownasswitchinghubs,whicheffectivelyisolateeachpairofcommunicatingcomputersonitsownnetworksegmentandprovidethepacket-bufferingcapabilitiesneededtosupportbidirectionalcommunications.
Finally,eachofthedevicesonafull-duplexEthernetnetworkmustsupportfull-duplexcommunicationsandbeconfiguredtouseit.Switchesthatsupportfull-duplexarereadilyavailable,asareFastEthernetNICs.Full-duplexoperationisanessentialcomponentof1000Base-TGigabitEthernet,andmany1000Base-XGigabitEthernetadapterssupportfull-duplexaswell.Ensuringthatyourfull-duplexequipmentisactuallyoperatinginfull-duplexmodecansometimesbetricky.Autonegotiationisdefinitelytheeasiestwayofdoingthis;dual-speedFastEthernetequipmentautomaticallygivesfull-duplexoperationpriorityoverhalf-duplexatthesamespeed.However,adaptersandswitchesthatdonotsupportmultiplespeedsmaynotincludeautonegotiation.Forexample,virtuallyall100Base-TXNICsaredualspeed,supportingboth10and100Mbpstransmissions.AutonegotiationisalwayssupportedbytheseNICs,whichmeansthatsimplyconnectingtheNICtoafull-duplexswitchwillenablefull-duplexcommunications.FastEthernetNICsthatusefiber-opticcables,however,areusuallysingle-speeddevicesandmayormaynotincludeautonegotiationcapability.YoumayhavetomanuallyconfiguretheNICbeforeitwillusefull-duplexcommunications.
Full-DuplexFlowControl
![Page 241: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/241.jpg)
Theswitchinghubsonfull-duplexEthernetnetworkshavetobeabletobufferpacketsastheyreadthedestinationaddressineachoneandperformtheinternalswitchingneededtosenditonitsway.Theamountofbuffermemoryinaswitchis,ofcourse,finite,andasaresult,it’spossibleforaswitchtobeoverwhelmedbytheconstantinputofdatafromfreelytransmittingfull-duplexsystems.Therefore,the802.3xsupplementdefinesanoptionalflowcontrolmechanismthatfull-duplexsystemscanusetomakethesystemattheotherendofalinkpauseitstransmissionstemporarily,enablingtheotherdevicetocatchup.
Thefull-duplexflowcontrolmechanismiscalledtheMACControlprotocol,whichtakestheformofaspecializedframethatcontainsaPAUSEcommandandaparameterspecifyingthelengthofthepause.TheMACControlframeisastandardEthernetframeofminimumlength(64bytes)withthehexadecimalvalue8808intheEthertypeorSNAPLocalCodefield.Theframeistransmittedtoaspecialmulticastaddress(01-80-C2-00-00-01)designatedforusebyPAUSEframes.ThedatafieldoftheMACControlframecontainsa2-byteoperationalcode(opcode)withahexadecimalvalueof0001,indicatingthatitisaPAUSEframe.Atthistime,thisistheonlyvalidMACControlopcodevalue.A2-bytepause-timeparameterfollowstheopcode,whichisanintegerspecifyingtheamountoftimethereceivingsystemsshouldpausetheirtransmissions,measuredinunitscalledquanta,eachofwhichisequalto512bittimes.Therangeofpossiblevaluesforthepause-timeparameteris0to65,535.
Full-DuplexApplicationsFull-duplexEthernetcapabilitiesaremostoftenprovidedinFastEthernetandGigabitEthernetadaptersandswitches.Whilefull-duplexoperationtheoreticallydoublesthebandwidthofanetwork,theactualperformanceimprovementthatyourealizedependsonthenatureofthecommunicationsinvolved.Upgradingadesktopworkstationtofullduplexwillprobablynotprovideadramaticimprovementinperformance.Thisisbecausedesktopcommunicationstypicallyconsistofrequest/responsetransactionsthatarethemselveshalf-duplexinnature,andprovidingafull-duplexmediumwon’tchangethat.Full-duplexoperationisbettersuitedtothecommunicationsbetweenswitchesonabackbone,whicharecontinuallycarryinglargeamountsoftrafficgeneratedbycomputersalloverthenetwork.
![Page 242: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/242.jpg)
CHAPTER
![Page 243: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/243.jpg)
11 100BaseEthernetandGigabitEthernet
100BaseEthernetandGigabitEthernetaretoday’s100and1,000MbpsvariantsoftheEthernetprotocol,respectively.Althoughsimilarto10BaseEthernetinmanyways,the100Baseprotocolshavesomeconfigurationissuesthatyoumustbeawareofinordertodesign,install,andadministerthenetworksthatusethem.
100BaseEthernetTheIEEE802.3uspecification,ratifiedin1995,definedwhatiscommonlyknownas100BaseEthernet,adatalinklayerprotocolrunningat100Mbps,whichistentimesthespeedoftheoriginalEthernetprotocol.Thisisnowtheindustrystandardformanynewinstallations,largelybecauseitimprovesnetworkperformancesomuchwhilechangingsolittle.
100BaseEthernetlefttwoofthethreedefiningelementsofanEthernetnetworkunchanged.TheprotocolusesthesameframeformatasIEEE802.3andthesameCSMA/CDmediaaccesscontrolmechanism.Thechangesthatenabletheincreaseinspeedareinseveralelementsofthephysicallayerconfiguration,includingthetypesofcableused,thelengthofcablesegments,andthenumberofhubspermitted.
PhysicalLayerOptionsThefirstdifferencebetween10Baseand100BaseEthernetwasthatcoaxialcablewasnolongersupported.100BaseEthernetrunsonlyonUTPorfiber-opticcable,althoughshieldedtwisted-pair(STP)isanoptionaswell.GonealsowastheManchestersignalingscheme,tobereplacedbythe4B/5BsystemdevelopedfortheFiberDistributedDataInterface(FDDI)protocol.Thephysicallayeroptionsdefinedin802.3uwereintendedtoprovidethemostflexibleinstallationparameterspossible.Virtuallyeveryaspectofthe100BaseEthernetprotocol’sphysicallayerspecificationswasdesignedtofacilitateupgradesfromearliertechnologiesand,particularly,from10Base-T.Inmanycases,existingUTPnetworksupgradedto100BaseEthernetwithoutpullingnewcable.Theonlyexceptiontothiswasincasesofnetworksthatspannedlongerdistancesthan100BaseEthernetcouldsupportwithcoppercabling.
100BaseEthernetdefinedthreephysicallayerspecifications,asshowninTable11-1.
Table11-1IEEE802.3uPhysicalLayerSpecifications
![Page 244: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/244.jpg)
Inadditiontotheconnectorsshownforeachofthecabletypes,the802.3ustandarddescribedamedium-independentinterface(MII)thatuseda40-pinD-shellconnector.TakingfromthedesignoftheoriginalthickEthernetstandard,theMIIconnectedtoanexternaltransceivercalledaphysicallayerdevice(PHY),which,inturn,connectedtothenetworkmedium.TheMIImadeitpossibletobuilddevicessuchashubsandcomputersthatintegrated100BaseEthernetadaptersbutwerenotcommittedtoaparticularmediatype.BysupplyingdifferentPHYunits,youcouldconnectthedevicetoa100BaseEthernetnetworkusinganysupportedcabletype.SomePHYdevicesconnecteddirectlytotheMII,whileothersusedacablenotunliketheAUIcablearrangementinthickEthernet.Whenthiswasthecase,theMIIcablecouldbenomorethan0.5meterslong.
Mostofthe100BaseEthernethardwareonthemarkettodayusesinternaltransceiversanddoesnotneedanMIIconnectororcable,butafewproductsdotakeadvantageofthisinterface.
100Base-TXUsingstandardsforphysicalmediadevelopedbytheAmericanNationalStandardsInstitute(ANSI),100Base-TXanditsfiber-opticcounterpart,100Base-FX,wereknowncollectivelyas100Base-X.Theyprovidedthecorephysicallayerguidelinesfornewcableinstallations.Like10Base-T,100Base-TXcalledfortheuseofunshieldedtwisted-paircablesegmentsupto100metersinlength.Theonlydifferencefroma10Base-Tsegmentwasinthequalityandcapabilitiesofthecableitself.
100Base-TXwasbasedontheANSITP-PMDspecificationandcallsfortheuseofCategory5UTPcableforallnetworksegments.Asyoucanseeinthetable,theCategory5cablespecificationprovidedthepotentialformuchgreaterbandwidththantheCategory3cablespecifiedfor10Base-Tnetworks.Asanalternative,usingType1shieldedtwisted-paircablewasalsopossibleforinstallationswheretheoperatingenvironmentpresentedagreaterdangerofelectromagneticinterference.
Forthesakeofcompatibility,100Base-TX(aswellas100Base-T4)usedthesametypeofRJ-45connectorsas10Base-T,andthepinassignmentswerethesameaswell.ThepinassignmentsweretheoneareainwhichthecablespecificationsdifferedfromANSITP-PMDtomaintainbackwardcompatibilitywith10Base-Tnetworks.
100Base-T4100Base-T4wasintendedforuseonnetworksthatalreadyhadUTPcableinstalled,butthecablewasnotratedasCategory5.The10Base-Tspecificationallowedfortheuseofstandardvoice-grade(Category3)cable,andthereweremanynetworksthatwerealreadywiredfor10Base-TEthernet(orevenfortelephonesystems).100Base-T4ranat100MbpsonCategory3cablebyusingallfourpairsofwiresinthecable,insteadofjusttwo,as10Base-Tand100Base-TXdo.
Thetransmitandreceivedatapairsina100Base-T4circuitarethesameasthatof100Base-TX(and10Base-T).Theremainingfourwiresfunctionasbidirectionalpairs.Asona10Base-Tnetwork,thetransmitandreceivepairsmustbecrossedoverfortraffictoflow.Thecrossovercircuitsina100BaseEthernethubconnectthetransmitpairtothereceivepair,asalways.Ina100Base-T4hub,thetwobidirectionalpairsarecrossedas
![Page 245: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/245.jpg)
wellsothatpair3connectstopair4,andviceversa.
100Base-FXThe100Base-FXspecificationcalledforthesamehardwareasthe10Base-FLspecificationexceptthatthemaximumlengthofacablesegmentwasnomorethan412meters.Aswiththeother100BaseEthernetphysicallayeroptions,themediumwascapableoftransmittingasignaloverlongerdistances,butthelimitationwasimposedtoensuretheproperoperationofthecollision-detectionmechanism.Asmentionedearlier,whenyoueliminatetheCSMA/CDMACmechanism,likeonafull-duplexEthernetnetwork,100Base-FXsegmentscanbemuchlonger.
CableLengthRestrictionsBecausethenetworkoperatesattentimesthespeedof10BaseEthernet,100BaseEthernetcableinstallationsweremorerestricted.Ineffect,the100BaseEthernetstandardusesupagooddealofthelatitudebuiltintotheoriginalEthernetstandardstoachievegreaterperformancelevels.In10MbpsEthernet,thesignaltimingspecificationswereatleasttwiceasstrictastheyhadtobeforsystemstodetectearlycollisionsproperlyonthenetwork.Thelengthsofthenetworksegmentsweredictatedmorebytheneedtomaintainthesignalstrengththanthesignaltiming.
On100Base-Tnetworks,however,signalstrengthisnotasmuchofanissueassignaltiming.TheCSMA/CDmechanismona100BaseEthernetnetworkfunctionsexactlylikethatofa10MbpsEthernetnetwork,andthepacketsarethesamesize,buttheytraveloverthemediumattentimesthespeed.Becausethecollisiondetectionmechanismisthesame,asystemstillmustbeabletodetectthepresenceofacollisionbeforetheslottimeexpires(thatis,beforeittransmits64bytesofdata).Becausethetrafficismoving100Mbps,though,thedurationofthatslottimeisreduced,andthemaximumlengthofthenetworkmustbereducedaswelltosensecollisionsaccurately.Forthisreason,themaximumoveralllengthofa100Base-TXnetworkisapproximately205meters.Thisisafigureyoushouldobservemuchmorestringentlythanthe500-metermaximumfora10Base-Tnetwork.
NOTEWhenyouplanyournetwork,besuretoremainconsciousthatthe100-metermaximumcablesegmentlengthspecificationinthe100BaseEthernetstandardincludestheentirelengthofcableconnectingacomputertothehub.Ifyouhaveaninternalcableinstallationthatterminatesatwallplatesatthecomputersiteandapatchpanelatthehubsite,youmustincludethelengthsofthepatchcablesconnectingthewallplatetothecomputerandthepatchpaneltothehubinyourtotalmeasurement.Thespecificationrecommendsthatthemaximumlengthforaninternalcablesegmentbe90meters,leaving10metersforthepatchcables.
HubConfigurations
![Page 246: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/246.jpg)
Becausethemaximumlengthfora100Base-TXsegmentis100meters,thesameasthatfor10Base-T,therestrictionsontheoveralllengthofthenetworkarefoundintheconfigurationoftherepeatinghubsusedtoconnectthesegments.The802.3usupplementdescribedtwotypesofhubsforall100Base-Tnetworks:ClassIandClassII.Every100BaseEthernethubmusthaveacircledRomannumeralIorIIidentifyingitsclass.
ClassIhubsareintendedtosupportcablesegmentswithdifferenttypesofsignaling.100Base-TXand100Base-FXusethesamesignalingtype,while100Base-T4isdifferent(becauseofthepresenceofthetwobidirectionalpairs).AClassIhubcontainscircuitrythattranslatesincoming100Base-TX,100Base-FX,and100Base-T4signalstoacommondigitalformatandthentranslatesthemagaintotheappropriatesignalforeachoutgoinghubport.Thesetranslationactivitiescausecomparativelylongtimingdelaysinthehub,soyoucanhaveonlyoneClassIhubonthepathbetweenanytwonodesonthenetwork.
ClassIIhubscanonlysupportcablesegmentsofthesamesignalingtype.Becausenotranslationisinvolved,thehubpassestheincomingdatarapidlytotheoutgoingports.Becausethetimingdelaysareshorter,youcanhaveuptotwoClassIIhubsonthepathbetweentwonetworknodes,butallthesegmentsmustusethesamesignalingtype.ThismeansaClassIIhubcansupporteither100Base-TXand100Base-FXtogetheror100Base-T4alone.
Additionalsegmentlengthrestrictionsarealsobasedonthecombinationofsegmentsandhubsusedonthenetwork.Themorecomplexthenetworkconfigurationgets,theshorteritsmaximumcollisiondomaindiametercanbe.Table11-2summarizestheserestrictions.
Table11-2100BaseEthernetMultisegmentConfigurationGuidelines
NotethatanetworkconfigurationthatusestwoClassIIhubsactuallyusedthreelengthsofcabletoestablishthelongestconnectionbetweentwonodes:twocablestoconnectthenodestotheirrespectivehubsandonecabletoconnectthetwohubs.Forexample,theassumptionofthestandardisthattheadditional5metersaddedtothelengthlimitforanall-coppernetworkwillaccountforthecableconnectingthetwohubs,asshowninFigure11-1.Butinpractice,thethreecablescanbeofanylengthaslongastheirtotallengthdoesnotexceed205meters.
![Page 247: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/247.jpg)
Figure11-1Thecablesegmentsinanetworkwithtwohubscanbeofanylength,aslongasyouobservethemaximumcollisiondomaindiameter.
Whattheserestrictionsmeanto100Base-FXnetworksisthattheonlyfibersegmentthatcanbe412meterslongisonethatdirectlyconnectstwocomputers.Onceyouaddahubtothenetwork,thetotaldistancebetweencomputersdropsdrastically.Thislargelynegatesoneofthemajorbenefitsofusingfiber-opticcable.YousawearlierinthischapterthattheoriginalEthernetstandardsallowforfiber-opticsegmentsupto2kilometers(2,000meters)long.Theclosertolerancesofthecollision-detectionmechanismona100BaseEthernetnetworkmakeitimpossibletoduplicatethecollisiondomaindiameterofstandardslike10Base-FL.Consideringthatotherhigh-speedprotocolssuchasFDDIusethesametypeofcableandcansupportdistancesupto200kilometers,100BaseEthernetmightnotbetheoptimalfiber-opticsolution,unlessyouusethefull-duplexoptiontoincreasethesegmentlength.
100BaseEthernetTimingCalculationsAswiththeoriginalEthernetstandards,thecablingguidelinesintheprevioussectionsarenomorethanrulesofthumbthatprovidegeneralsizelimitationsfora100BaseEthernetnetwork.Makingmoreprecisecalculationstodetermineifyournetworkisfullycompliantwiththespecificationsisalsopossible.For100BaseEthernet,thesecalculationsconsistonlyofdeterminingtheround-tripdelaytimeforthenetwork.Nointerframegapshrinkagecalculationexistsfor100BaseEthernetbecausethelimitednumberofrepeaterspermittedonthenetworkallbuteliminatesthisasapossibleproblem.
CalculatingtheRound-TripDelayTimeTheprocessofcalculatingtheround-tripdelaytimebeginswithdeterminingtheworst-casepaththroughyournetwork,justasinthecalculationsfor10BaseEthernetnetworks.Asbefore,ifyouhavedifferenttypesofcablesegmentsonyournetwork,youmayhavemorethanonepathtocalculate.Thereisnoneedtoperformseparatecalculationsforeachdirectionofacomplexpath,however,becausetheformulamakesnodistinctionbetweentheorderofthesegments.
Theround-tripdelaytimeconsistsofadelaypermetermeasurementforthespecifictypeofcableyournetworkuses,plusanadditionaldelayconstantforeachnodeandrepeateronthepath.Table11-3liststhedelayfactorsforthevariousnetworkcomponents.
![Page 248: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/248.jpg)
Table11-3DelayTimesfor100BaseEthernetNetworkComponents
Tocalculatetheround-tripdelaytimefortheworst-casepaththroughyournetwork,youmultiplythelengthsofyourvariouscablesegmentsbythedelayfactorslistedinthetableandaddthemtogether,alongwiththeappropriatefactorsforthenodesandhubsandasafetybufferof4bittimes.Ifthetotalislessthan512,thepathiscompliantwiththe100BaseEthernetspecification.Thus,thecalculationsforthenetworkshowninFigure11-2wouldbeasfollows:(150meters×1.112bittimes/meter)+100bittimes+(2×92bittimes)+4bittimes=454.8bittimes
Figure11-2Thisworst-casepathiscompliantwiththeround-tripdelaytimelimitationsdefinedintheEthernetstandard.
So,150metersofCategory5cablemultipliedbyadelayfactorof1.112bittimespermeteryieldsadelayof166.8bittimes,plus100bittimesfortwo100Base-TXnodes,twohubsat92bittimeseach,andanextra4forsafetyyieldsatotalround-tripdelaytimeof454.8bittimes,whichiswellwithinthe512limit.
NOTEAswiththecalculationsfor10BaseEthernetnetworks,youmaybeabletoavoidhavingtomeasureyourcablesegmentsbyusingthemaximumpermittedsegmentlengthinyourcalculations.Onlyiftheresultofthiscalculationexceedsthespecificationdoyouhavetoconsidertheactuallengthsofyourcables.
![Page 249: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/249.jpg)
AutonegotiationMostoftoday’sEthernetadapterssupportmultiplespeedsanduseanautonegotiationsystemthatenablesamultispeeddevicetosensethecapabilitiesofthenetworktowhichitisconnectedandtoadjustitsspeedaccordingly.Theautonegotiationmechanismin100BaseEthernetisbasedon100Baselinkpulse(FLP)signals,whicharethemselvesavariationonthenormallinkpulse(NLP)signalsusedbytheold10Base-Tand10Base-FLnetworks.
StandardEthernetnetworksuseNLPsignalstoverifytheintegrityofalinkbetweentwodevices.MostEthernethubsandnetworkinterfaceadaptershavealink-pulseLEDthatlightswhenthedeviceisconnectedtoanotheractivedevice.Forexample,whenyoutakeaUTPcablethatisconnectedtoahubandplugitintoacomputer’sNICandturnthecomputeron,theLEDsonboththeNICandthehubporttowhichit’sconnectedshouldlight.ThisistheresultofthetwodevicestransmittingNLPsignalstoeachother.WheneachdevicereceivestheNLPsignalsfromtheotherdevice,itlightsthelink-pulseLED.Ifthenetworkiswiredincorrectly,becauseofacablefaultorimproperuseofacrossovercableorhubuplinkport,theLEDswillnotlight.Thesesignalsdonotinterferewithdatacommunicationsbecausethedevicestransmitthemonlywhenthenetworkisidle.
NOTEThelink-pulseLEDindicatesonlythatthenetworkiswiredcorrectly,notthatit’scapableofcarryingdata.Ifyouusethewrongcablefortheprotocol,youwillstillexperiencenetworkcommunicationproblems,eventhoughthedevicespassedthelinkintegritytest.
100BaseEthernetdevicescapableoftransmittingatmultiplespeedselaborateonthistechniquebytransmittingFLPsignalsinsteadofNLPsignals.FLPsignalsincludea16-bitdatapacketwithinaburstoflinkpulses,producingwhatiscalledanFLPburst.Thedatapacketcontainsalinkcodeword(LCW)withtwofields:theselectorfieldandthetechnologyabilityfield.Together,thesefieldsidentifythecapabilitiesofthetransmittingdevice,suchasitsmaximumspeedandwhetheritiscapableoffull-duplexcommunications.
BecausetheFLPbursthasthesameduration(2nanoseconds)andinterval(16.8nanoseconds)asanNLPburst,astandardEthernetsystemcansimplyignoretheLCWandtreatthetransmissionasanormallinkintegritytest.Whenitrespondstothesender,themultiple-speedsystemsetsitselftooperateat10Base-Tspeed,usingatechniquecalledparalleldetection.Thissamemethodappliesalsoto100BaseEthernetdevicesincapableofmultiplespeeds.
Whentwo100BaseEthernetdevicescapableofoperatingatmultiplespeedsautonegotiate,theydeterminethebestperformanceleveltheyhaveincommonandconfigurethemselvesaccordingly.Thesystemsusethefollowinglistofprioritieswhencomparingtheircapabilities,withfull-duplex1000Base-Tprovidingthebestperformanceandhalf-duplex10Base-Tprovidingtheworst:
•1000Base-T(full-duplex)
•1000Base-T
![Page 250: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/250.jpg)
•100Base-TX(full-duplex)
•100Base-T4
•100Base-TX
•10Base-T(full-duplex)
•10Base-T
NOTEFLPsignalsaccountonlyforthecapabilitiesofthedevicesgeneratingthem,nottheconnectingcable.Ifyouconnectadual-speed100Base-TXcomputerwitha100Base-TXhubusingaCategory3cablenetwork,autonegotiationwillstillconfigurethedevicestooperateat100Mbps,eventhoughthecablecan’tsupporttransmissionsatthisspeed.
Thebenefitofautonegotiationisthatitpermitsadministratorstoupgradeanetworkgraduallyto100BaseEthernetwithaminimumofreconfiguration.If,forexample,youhave10/100dual-speedNICsinallyourworkstations,youcanrunthenetworkat10Mbpsusing10Base-Thubs.Later,youcansimplyreplacethehubswithmodelssupporting100BaseEthernet,andtheNICswillautomaticallyreconfigurethemselvestooperateatthehigherspeedduringthenextsystemreboot.Nomanualconfigurationattheworkstationisnecessary.
GigabitEthernetWhen100MbpsnetworkingtechnologieslikeFDDIwerefirstintroduced,mosthorizontalnetworksused10MbpsEthernet.Thesenewprotocolswereusedprimarilyonbackbones.Nowthat100Baseand1000BaseEthernethavetakenoverthehorizontalnetworkmarket,a100Mbpsbackboneis,inmanycases,insufficienttosupporttheconnectionsbetweenswitchesthathavetoaccommodatemultiple100BaseEthernetnetworks.GigabitEthernetwasdevelopedtobethenextgenerationofEthernetnetwork,runningat1Gbps(1,000Mbps),tentimesthespeedof100BaseEthernet.
GigabitEthernetusesthesameframeformat,framesize,andmediaaccesscontrolmethodaswasstandardin10MbpsEthernet.100BaseEthernetovertookFDDIasthedominant100Mbpssolutionbecauseitpreventednetworkadministratorsfromhavingtouseadifferentprotocolonthebackbone.Inthesameway,GigabitEthernetpreventsadministratorsfromhavingtouseadifferentprotocolfortheirbackbones.
ConnectinganATMorFDDInetworktoanEthernetnetworkrequiresthatthedatabeconvertedatthenetworklayerfromoneframeformattoanother.ConnectingtwoEthernetnetworks,evenwhenthey’rerunningatdifferentspeeds,isadatalinklayeroperationbecausetheframesremainunchanged.Inaddition,usingEthernetthroughoutyournetworkeliminatestheneedtotrainadministratorstoworkwithanewprotocolandpurchasenewtestinganddiagnosticequipment.Thebottomlineisthatinmostcasesitispossibletoupgradea100BaseEthernetbackbonetoGigabitEthernetwithoutcompletelyreplacinghubs,switches,andcables.Thisisnottosay,however,thatsomehardwareupgradeswillnotbenecessary.Hubsandswitcheswillneedmodulessupportingthe
![Page 251: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/251.jpg)
protocol,andnetworkingmonitoringandtestingproductsmayalsohavetobeupgradedtosupportthefasterspeed.
GigabitEthernetArchitectureGigabitEthernetwasfirstdefinedinthe802.3zsupplementtothe802.3standard,whichwaspublishedinJune1998.The802.3zdefinedanetworkrunningat1,000Mbpsineitherhalf-duplexorfull-duplexmode,overavarietyofnetworkmedia.Theframeusedtoencapsulatethepacketsisidenticaltothatof802.3Ethernet,andtheprotocol(inhalf-duplexmode)usesthesameCarrierSenseMultipleAccesswithCollisionDetection(CSMA/CD)MACmechanismastheotherEthernetincarnations.
Aswith10Baseand100BaseEthernet,theGigabitEthernetstandardcontainsbothphysicalanddatalinklayerelements,asshowninFigure11-3.Thedatalinklayerconsistsofthelogicallinkcontrol(LLC)andmediaaccesscontrol(MAC)sublayersthatarecommontoalloftheIEEE802protocols.TheLLCsublayerisidenticaltothatusedbytheotherEthernetstandards,asdefinedintheIEEE802.2document.TheunderlyingconceptoftheMACsublayer,theCSMA/CDmechanism,isfundamentallythesameasonastandardEthernetor100BaseEthernetnetworkbutwithafewchangesinthewaythatit’simplemented.
Figure11-3TheGigabitEthernetprotocolarchitecture
MediaAccessControlGigabitEthernetisdesignedtosupportfull-duplexoperationasitsprimarysignalingmode.Asmentionedearlier,whensystemscantransmitandreceivedatasimultaneously,thereisnoneedforamediaaccesscontrolmechanismlikeCSMA/CD.However,somemodificationsarerequiredforsystemsona1000Base-Xnetworktooperateinhalf-duplexmode.Ethernet’scollision-detectionmechanismworksproperlyonlywhencollisionsaredetectedwhileapacketisstillbeingtransmitted.Oncethesourcesystemfinishestransmittingapacket,thedataispurgedfromitsbuffers,anditisnolongerpossibletoretransmitthatpacketintheeventofacollision.
Whenthespeedatwhichsystemstransmitdataincreases,theround-tripsignaldelay
![Page 252: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/252.jpg)
timeduringwhichacollisioncanbedetecteddecreases.When100BaseEthernetincreasedthespeedofanEthernetnetworkbytentimes,thestandardcompensatedbyreducingthemaximumdiameterofthenetwork.Thisenabledtheprotocoltousethesame64-byteminimumpacketsizeastheoriginalEthernetstandardandstillbeabletodetectcollisionseffectively.
GigabitEthernetincreasesthetransmissionspeedanothertentimes,butreducingthemaximumdiameterofthenetworkagainwasimpracticalbecauseitwouldresultinnetworksnolongerthan20metersorso.Asaresult,the802.3zsupplementincreasesthesizeoftheCSMA/CDcarriersignalfrom64bytesto512bytes.Thismeansthatwhilethe64-byteminimumpacketsizeisretained,theMACsublayerofaGigabitEthernetsystemappendsacarrierextensionsignaltosmallpacketsthatpadsthemoutto512bytes.Thisensuresthattheminimumtimerequiredtotransmiteachpacketissufficientforthecollision-detectionmechanismtooperateproperly,evenonanetworkwiththesamediameteras100BaseEthernet.
ThecarrierextensionbitsareaddedtotheEthernetframeaftertheframechecksequence(FCS),sothatwhiletheyareavalidpartoftheframeforcollision-detectionpurposes,thecarrierextensionbitsarestrippedawayatthedestinationsystembeforetheFCSiscomputed,andtheresultsarecomparedwiththevalueinthepacket.Thispadding,however,cangreatlyreducetheefficiencyofthenetwork.Asmallpacketmayconsistofupto448bytesofpadding(512minus64),theresultofwhichisathroughputonlyslightlygreaterthan100BaseEthernet.Toaddressthisproblem,802.3zintroducesapacket-burstingcapabilityalongwiththecarrierextension.Packetburstingworksbytransmittingseveralpacketsbacktobackuntila1,500-bytebursttimerisreached.Thiscompensatesforthelossincurredbythecarrierextensionbitsandbringsthenetworkbackuptospeed.
WhenGigabitEthernetisusedforbackbonenetworks,full-duplexconnectionsbetweenswitchesandserversarethemorepracticalchoice.Theadditionalexpenditureinequipmentisminimal,andasidefromeliminatingthiscollision-detectionproblem,itincreasesthetheoreticalthroughputofthenetworkto2Gbps.
TheGigabitMedia-IndependentInterfaceTheinterfacebetweenthedatalinkandphysicallayers,calledthegigabitmedium-independentinterface(GMII),enablesanyofthephysicallayerstandardstousetheMACandLLCsublayers.TheGMIIisanextensionofthemedium-independentinterfacein100BaseEthernet,whichsupportstransmissionspeedsof10,100,and1,000Mbpsandhasseparate8-bittransmitandreceivedatapaths,forfull-duplexcommunication.TheGMIIalsoincludestwosignalsthatarereadablebytheMACsublayer,calledcarriersenseandcollisiondetect.Oneofthesignalsspecifiesthatacarrierispresent,andtheotherspecifiesthatacollisioniscurrentlyoccurring.ThesesignalsarecarriedtothedatalinklayerbywayofthereconciliationsublayerlocatedbetweentheGMIIandtheMACsublayer.
TheGMIIisbrokenintothreesublayersofitsown,whichareasfollows:
•Physicalcodingsublayer(PCS)
![Page 253: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/253.jpg)
•Physicalmediumattachment(PMA)
•Physicalmedium-dependent(PMD)
Thefollowingsectionsdiscussthefunctionsofthesesublayers.
ThePhysicalCodingSublayerThephysicalcodingsublayerisresponsibleforencodinganddecodingthesignalsonthewaytoandfromthePMA.Thephysicallayeroptionsdefinedinthe802.3zdocumentallusethe8B/10Bcodingsystem,whichwasadoptedfromtheANSIFibreChannelstandards.Inthissystem,each8-bitdatasymbolisrepresentedbya10-bitcode.Therearealsocodesthatrepresentcontrolsymbols,suchasthoseusedintheMACcarrierextensionmechanism.Eachcodeisformedbybreakingdownthe8databitsintotwogroupsconsistingofthe3mostsignificantbits(y)andthe5remainingbits(x).Thecodeisthennamedusingthefollowingnotation:/Dx,y/,wherexandyequalthedecimalvaluesofthetwogroups.Thecontrolcodesarenamedthesameway,exceptthattheletterDisreplacedbyaK:/Kx,y/.
Theideabehindthistypeofcodingistominimizetheoccurrenceofconsecutivezerosandones,whichmakeitdifficultforsystemstosynchronizetheirclocks.Tohelpdothis,eachofthecodegroupsmustbecomposedofoneofthefollowing:
•Fivezerosandfiveones
•Sixzerosandfourones
•Fourzerosandsixones
NOTEThe1000Base-Tphysicallayeroptiondoesnotusethe8B/10Bcodingsystem.See“1000Base-T”laterinthischapterformoreinformation.
ThePCSisalsoresponsibleforgeneratingthecarriersenseandcollision-detectsignalsandformanagingtheautonegotiationprocessusedtodeterminewhatspeedthenetworkinterfacecardshoulduse(10,100,or1,000Mbps)andwhetheritshouldruninhalf-duplexorfull-duplexmode.
ThePhysicalMediumAttachmentSublayerThephysicalmediumattachmentsublayerisresponsibleforconvertingthecodegroupsgeneratedbythePCSintoaserializedformthatcanbetransmittedoverthenetworkmediumandforconvertingtheserialbitstreamarrivingoverthenetworkintocodegroupsforusebytheupperlayers.
ThePhysicalMedium-DependentSublayerThephysicalmedium-dependentsublayerprovidestheinterfacebetweenthecodedsignalsgeneratedbythePCSandtheactualphysicalnetworkmedium.Thisiswheretheactualopticalorelectricsignalsthataretransmittedoverthecablearegeneratedandpassedontothecablethroughthemedium-dependentinterface(MDI).
![Page 254: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/254.jpg)
ThePhysicalLayerCollectivelycalled1000Base-X,therewerethreephysicallayeroptionsforGigabitEthernetdefinedintheoriginal802.3zdocument,twoforfiber-opticcableandoneforcopper.Thesethreephysicallayeroptionsin802.3zwereadoptedfromtheANSIX3T11FibreChannelspecifications.Theuseofanexistingstandardforthiscrucialelementofthetechnologyhasgreatlyacceleratedthedevelopmentprocess,bothoftheGigabitEthernetstandardsandofthehardwareproducts.Ingeneral,1000Base-Xcallsfortheuseofthesametypesoffiber-opticcablesasFDDIand100Base-FXbutatshorterdistances.ThelongestpossibleGigabitEthernetsegment,usingsingle-modefibercable,is5kilometers.
Intheensuingyears,additionshavebeenmadetotheoriginaldescription,includingIEEE802.bj,whichdefinesafour-lane100Gbpsstandardthatoperatesatlengthsuptoatleast5metersonlinksconsistentwithcoppertwin-axialcables.TheIEEEisalsoworkingonGigabitEthernettooperateoverasingletwisted-paircableforindustrial(andautomotive)use(IEEE802.3bp),aswellas40GBase-T(IEEE802.3bq)forfour-pairbalancedtwisted-paircableswithtwoconnectionsover30-meterdistances.Thelatterstandardisscheduledforimplementationinearly2016.
NOTEForitsmultimodecableoptions,the802.3zstandardpioneeredtheuseoflaserlightsourcesathighspeeds.Mostfiber-opticapplicationsuselasersonlywithsingle-modecable,whilethesignalsonmultimodecablesareproducedbylight-emittingdiodes(LEDs).Thejittereffect,whichwasaproblemwithpreviouseffortstouselaserswithmultimodecable,wasresolvedbyredefiningthepropertiesofthelasertransmittersusedtogeneratethesignals.
Unlikestandardand100BaseEthernet,thefiber-opticphysicallayerstandardsfor1000Base-Xwerenotbasedonthepropertiesofspecificcabletypes,butratheronthepropertiesoftheopticaltransceiversthatgeneratethesignalonthecable.Eachofthefiber-opticstandardssupportsseveralgradesofcable,usingshort-orlong-wavelengthlasertransmitters.Thephysicallayeroptionsfor1000Base-Xaredescribedinthefollowingsections.
1000Base-LX1000Base-LXwasintendedforuseinbackbonesspanningrelativelylongdistances,usinglongwavelengthlasertransmissionsinthe1,270-to1,355-nanometerrangewitheithermultimodefibercablewithinabuildingorsingle-modefiberforlongerlinks,suchasthosebetweenbuildingsonacampusnetwork.Multimodefibercablewithacorediameterof50or62.5micronssupportslinksofupto550meters,while9-micronsingle-modefibersupportslinksofupto5,000meters(5km).BothfibertypesusestandardSCconnectors.
1000Base-SX
![Page 255: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/255.jpg)
1000Base-SXusedshort-wavelengthlasertransmissionsrangingfrom770to860nanometersandisintendedforuseonshorterbackbonesandhorizontalwiring.Thisoptionismoreeconomicalthan1000Base-LXbecauseitusesonlytherelativelyinexpensivemultimodefibercable,inseveralgrades,andthelasersthatproducetheshortwavelengthtransmissionsarethesameasthosecommonlyusedinCDandCD-ROMplayers.Asofthiswriting,mostofthefiber-opticGigabitEthernetproductsonthemarketsupportthe1000Base-SXstandard.
1000Base-TAlthoughitwasnotincludedinthe802.3zstandard,oneoftheoriginalgoalsoftheGigabitEthernetdevelopmentteamwasforittorunonstandardCategory5UTPcableandsupportconnectionsupto100meterslong.Thisenablesexisting100BaseEthernetnetworkstobeupgradedtoGigabitEthernetwithoutpullingnewcableorchangingthenetworktopology.1000Base-Twasdefinedinaseparatedocumentcalled802.3ab.
Toachievethesehighspeedsovercopper,1000Base-TmodifiedthewaythattheprotocolusestheUTPcable.Whiledesignedtousethesamecableinstallationsas100Base-TX,1000Base-Tusesallfourofthewirepairsinthecable,while100Base-TXusesonlytwopairs.Inaddition,allfourpairscancarrysignalsineitherdirection.Thiseffectivelydoublesthethroughputof100Base-TX,butitstilldoesn’tapproachspeedsof1,000Mbps.However,1000Base-Talsousesadifferentsignalingschemetotransmitdataoverthecablethantheother1000Base-Xstandards.Thismakesitpossibleforeachofthefourwirepairstocarry250Mbps,foratotalof1,000Mbpsor1Gbps.ThissignalingschemeiscalledPulseAmplitudeModulation5(PAM-5).
WhiledesignedtorunoverstandardCategory5cable,asdefinedintheTIA/EIAstandards,thestandardrecommendsthat1000Base-TnetworksuseatleastCategory5e(orenhancedCategory5)cable.Category5ecableistestedforitsresistancetoreturnlossandequal-levelfar-endcrosstalk(ELFEXT).Aswith100BaseEthernet,1000Base-TNICsandotherequipmentareavailablethatcanrunatmultiplespeeds,either100/1000or10/100/1000Mbps,tofacilitategradualupgradestoGigabitEthernet.Autonegotiation,optionalin100BaseEthernet,ismandatoryinGigabitEthernet.
WhilenetworksthatrunGigabitEthernettothedesktoparenotlikelytobecommonplaceforsometime,itwilleventuallyhappen,ifhistoryisanyindicator.
EthernetTroubleshootingTroubleshootinganEthernetnetworkoftenmeansdealingwithaprobleminthephysicallayer,suchasafaultycableorconnectionorpossiblyamalfunctioningNICorhub.Whenanetworkconnectioncompletelyfails,youshouldimmediatelystartexaminingthecablingandotherhardwareforfaults.Ifyoufindthattheperformanceofthenetworkisdegrading,however,orifaproblemisaffectingspecificworkstations,youcansometimesgetanideaofwhatisgoingwrongbyexaminingtheEtherneterrorsoccurringonthenetwork.
EthernetErrors
![Page 256: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/256.jpg)
ThefollowingaresomeoftheerrorsthatcanoccuronanEthernetnetwork.Somearerelativelycommon,whileothersarerare.Detectingtheseerrorsusuallyrequiresspecialtoolsdesignedtoanalyzenetworktraffic.Mostsoftwareapplicationscandetectsomeoftheseconditions,suchasthenumberofearlycollisionsandFCSerrors.Others,suchaslatecollisions,aremuchmoredifficulttodetectandmayrequirehigh-endsoftwareorhardwaretoolstodiagnose.
•EarlycollisionsStrictlyspeaking,anearlycollisionisnotanerrorbecausecollisionsoccurnormallyonanEthernetnetwork.Buttoomanycollisions(morethanapproximately5percentofthetotalpackets)isasignthatnetworktrafficisapproachingcriticallevels.Itisagoodideatokeeparecordofthenumberofcollisionsoccurringonthenetworkatregularintervals(suchasweekly).Ifyounoticeamarkedincreaseinthenumberofcollisions,youmightconsidertryingtodecreasetheamountoftraffic,eitherbysplittingthenetworkintotwocollisiondomainsorbymovingsomeofthenodestoanothernetwork.
•LatecollisionsLatecollisionsarealwaysacauseforconcernandaredifficulttodetect.Theyusuallyindicatethatdataistakingtoolongtotraversethenetwork,eitherbecausethecablesegmentsaretoolongorbecausetherearetoomanyrepeaters.ANICwithamalfunctioningcarriersensemechanismcouldalsobeatfault.Networkanalyzerproductsthatcantracklatecollisionscanbeextremelyexpensive,butarewellworththeinvestmentforalargeenterprisenetwork.Becauselatecollisionsforcelostpacketstoberetransmittedbyhigher-layerprotocols,youcansometimesdetectatrendofnetworklayerretransmissions(bytheIPprotocol,forexample)causedbylatecollisions,usingabasicprotocolanalyzersuchasNetworkMonitor.
•RuntsAruntisapacketlessthan64byteslong,causedeitherbyamalfunctioningNICorhubportorbyanodethatceasestransmittinginthemiddleofapacketbecauseofadetectedcollision.Acertainnumberofruntpacketsoccurnaturallyasaresultofnormalcollisions,butaconditionwheremoreruntsoccurthancollisionsindicatesafaultyhardwaredevice.
•GiantsAgiantisapacketthatislargerthantheEthernetmaximumof1,518bytes.TheproblemisusuallycausedbyaNICthatisjabbering,ortransmittingimproperlyorcontinuously,or(lesslikely)bythecorruptionoftheheader’slengthindicatorduringtransmission.Giantsneveroccurnormally.Theyareanindicationofamalfunctioninghardwaredeviceoracablefault.
•AlignmenterrorsApacketthatcontainsapartialbyte(thatis,apacketwithasizeinbitsthatisnotamultipleof8)issaidtobemisaligned.Thiscanbetheresultofanerrorintheformationofthepacket(intheoriginatingNIC)orevidenceofcorruptionoccurringduringthepacket’stransmission.MostmisalignedpacketsalsohaveCRCerrors.
•CRCerrorsApacketinwhichtheframechecksequencegeneratedatthetransmittingnodedoesnotequalthevaluecomputedatthedestinationissaidtohaveexperiencedaCRCerror.Theproblemcanbecausedbydatacorruptionoccurringduringtransmission(becauseofafaultycableorotherconnecting
![Page 257: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/257.jpg)
device)orconceivablybyamalfunctionintheFCScomputationmechanismineitherthesendingorreceivingnode.
•BroadcaststormsWhenamalformedbroadcasttransmissioncausestheothernodesonthenetworktogeneratetheirownbroadcastsforatotaltrafficrateof126packetspersecondormore,theresultisaself-sustainingconditionknownasabroadcaststorm.Becausebroadcasttransmissionsareprocessedbeforeotherframes,thestormeffectivelypreventsanyotherdatafrombeingsuccessfullytransmitted.
IsolatingtheProblemWheneveryouexceedanyoftheEthernetspecifications(orthespecificationsforanyprotocol,forthatmatter),theplacewhereyou’repushingtheenvelopeshouldbethefirstplaceyoucheckwhenaproblemarises.Ifyouhaveexceededthemaximumlengthforasegment,forexample,trytoeliminatesomeoftheexcesslengthtoseewhethertheproblemcontinues.OnathinEthernetnetwork,thisusuallymeanscross-cablingtoeliminatesomeoftheworkstationsfromthesegment.OnaUTPnetwork,connectthesamecomputertothesamehubportusingashortercablerun.Ifyouhavetoomanyworkstationsrunningonacoaxialbus(thickorthinEthernet),youcandeterminewhetheroverpopulationistheproblemsimplybyshuttingdownsomeofthemachines.
EncounteringexcessiverepeatersonaUTPnetworkisaconditionthatyoucantestforbycheckingtoseewhetherproblemsoccurmoreoftenonpathswithalargernumberofhubs.Youcanalsotrytocross-cablethehubstoeliminatesomeofthemfromaparticularpath.Thisisrelativelyeasytodoinanenvironmentinwhichallthehubsarelocatedinthesamewiringclosetordatacenter,butifthehubsarescatteredalloverthesite,youmayhavetodisconnectsomeofthehubstemporarilytoreducethesizeofthecollisiondomaintoperformyourtests.Thesameistrueofacoaxialnetworkonwhichtheprimaryfunctionoftherepeatersistoextendthecollisiondomaindiameter.Youmayhavetodisconnectthecablefromeachoftherepeatersinturn(rememberingtoterminatethebusproperlyeachtime)toisolatetheproblem.
Reducingthesizeofthecollisiondomainisalsoagoodwaytonarrowdownthelocationofacablefault.InaUTPnetwork,thestartopologymeansthatacablebreakwillaffectonlyonesystem.Onacoaxialnetworkusingabustopology,however,asinglecablefaultcanbringdowntheentirenetwork.Onamultisegmentnetwork,terminatingthebusateachrepeaterinturncantellyouwhichsegmenthasthefault.
Abetter,albeitmoreexpensive,methodforlocatingcableproblemsistouseamultifunctioncabletester.Thesedevicescanpinpointtheexactlocationofmanydifferenttypesofcablefaults.
NOTEOnceyoulocateamalfunctioningcable,it’sagoodideatodisposeofitimmediately.Leavingabadcablelyingaroundcanresultinsomeoneelsetryingtouseitandthustheneedforanothertroubleshootingsession.
![Page 258: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/258.jpg)
100VG-AnyLAN100VG-AnyLANisa100Mbpsdesktopnetworkingprotocolthatisusuallygroupedwith100BaseEthernetbecausethetwowerecreatedatthesametimeandbrieflycompetedforthesamemarket.However,thisprotocolcannotstrictlybecalledanEthernetvariantbecauseitdoesnotusetheCSMA/CDmediaaccesscontrolmechanism.
100VG-AnyLANisdefinedintheIEEE802.12specification,whilealloftheEthernetvariantsaredocumentedbythe802.3workinggroup.OriginallytoutedbyHewlett-PackardandAT&Tasa100MbpsUTPnetworkingsolutionthatissuperiorto100BaseEthernet,themarkethasnotupheldthatbelief.Whileafew100VGproductsarestillavailable,100BaseEthernethasclearlybecomethedominant100Mbpsnetworkingtechnology.
Aswith100BaseEthernet,theintentionbehindthe100VGstandardistouseexisting10Base-Tcableinstallationsandtoprovideaclear,gradualupgradepathtothe100Basetechnology.Originallyintendedtosupportallthesamephysicallayeroptionsas100BaseEthernet,onlythefirst100VGcablingoptionhasactuallymaterialized,usingallfourwirepairsinaUTPcableratedCategory3orbetter.Themaximumcablesegmentlengthis100metersforCategory3and4cablesandis200metersforCategory5.Upto1,024nodesarepermittedonasingle-collisiondomain.100VG-AnyLANusesatechniquecalledquartetsignalingtousethefourwirepairsinthecable.
100VGusesthesameframeformataseither802.3Ethernetor802.5TokenRing,makingitpossibleforthetraffictocoexistonanetworkwiththeseotherprotocols.Thisisanessentialpointthatprovidesaclearupgradepathfromtheolder,slowertechnologies.Aswith100BaseEthernet,dual-speedNICsareavailabletomakeitpossibletoperformupgradesgradually,onecomponentatatime.
A10Base-T/100VG-AnyLANNIC,however,wasasubstantiallymorecomplexdevicethana10/100100BaseEthernetcard.Whilethesimilaritybetweenstandardand100BaseEthernetenablestheadaptertousemanyofthesamecomponentsforbothprotocols,100VGissufficientlydifferentfrom10Base-Ttoforcethedevicetobeessentiallytwonetworkinterfaceadaptersonasinglecard,whichsharelittleelsebutthecableandbusconnectors.This,andtherelativelackofacceptancefor100VG-AnyLAN,hasledthepricesofthehardwaretobesubstantiallyhigherthanthosefor100BaseEthernet.
Theoneareainwhich100VG-AnyLANdiffersmostsubstantiallyfromEthernetisinitsmediaaccesscontrolmechanism.100VGnetworksuseatechniquecalleddemandpriority,whicheliminatesthenormallyoccurringcollisionsfromthenetworkandalsoprovidesameanstodifferentiatebetweennormalandhigh-prioritytraffic.Theintroductionofprioritylevelsisintendedtosupportapplicationsthatrequireconsistentstreamsofhighbandwidth,suchasreal-timeaudioandvideo.
The100VG-AnyLANspecificationsubdividesitsfunctionalityintoseveralsublayers.LiketheotherIEEE802standards,theLLCsublayerisatthetopofanode’sdatalinklayer’sfunctionality,followedbytheMACsublayer.Onarepeater(hub),therepeatermediaaccesscontrol(RMAC)sublayerisdirectlybelowtheLLC.BeneaththeMACorRMACsublayer,thespecificationcallsforaphysicalmedium–independent(PMI)
![Page 259: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/259.jpg)
sublayer,amedium-independentinterface,andaphysicalmedium–dependentsublayer.Finally,themedium-dependentinterfaceprovidestheactualconnectiontothenetworkmedium.Thefollowingsectionsexaminetheactivitiesateachoftheselayers.
TheLogicalLinkControlSublayerTheLLCsublayerfunctionalityisdefinedbytheIEEE802.2standardandisthesameasthatusedwith802.3(Ethernet)and802.5(TokenRing)networks.
TheMACandRMACSublayers100VG’sdemand-prioritymechanismreplacestheCSMA/CDmechanisminEthernetand100BaseEthernetnetworks.UnlikemostotherMACmechanisms,accesstothemediumonademand-prioritynetworkiscontrolledbythehub.Eachnodeonthenetwork,initsdefaultstate,transmitsanIdle_Upsignaltoitshub,indicatingthatitisavailabletoreceivedata.Whenanodehasdatatotransmit,itsendseitheraRequest_NormalsignaloraRequest_Highsignaltothehub.Thesignalthenodeusesforeachpacketisdeterminedbytheupper-layerprotocols,whichassignprioritiesbasedontheapplicationgeneratingthedata.
Thehubcontinuouslyscansallofitsportsinaround-robinfashion,waitingtoreceiverequestsignalsfromthenodes.Aftereachscan,thehubselectsthenodewiththelowestportnumberthathasahigh-priorityrequestpendingandsendsittheGrantsignal,whichisthepermissionforthenodetotransmit.AftersendingtheGrantsignaltotheselectednode,thehubsendstheIncomingsignaltoalloftheotherports,whichinformsthenodesofapossibletransmission.Aseachnodereceivestheincomingsignal,itstopstransmittingrequestsandawaitstheincomingtransmission.
Whenthehubreceivesthepacketfromthesendingnode,itreadsthedestinationaddressfromtheframeheaderandsendsthepacketouttheappropriateport.AlltheotherportsreceivetheIdle_Downsignal.AfterreceivingeitherthedatapacketortheIdle_Downsignal,thenodesreturntotheiroriginalstateandbegintransmittingeitherarequestoranIdle_Upsignal.Thehubthenprocessesthenexthigh-priorityrequest.Whenallthehigh-priorityrequestshavebeensatisfied,thehubthenpermitsthenodestotransmitnormal-prioritytraffic,inportnumberorder.
NOTEBydefault,a100VGhubtransmitsincomingpacketsoutonlytotheport(orports)identifiedinthepacket’sdestinationaddress.Thisisknownasoperatinginprivatemode.Configuringspecificnodestooperateinpromiscuousmodeispossible,however,inwhichcasetheyreceiveeverypackettransmittedoverthenetwork.
Theprocessingofhigh-priorityrequestsfirstenablesapplicationsthatrequiretimelyaccesstothenetworktoreceiveit,butamechanismalsoexiststoprotectnormal-prioritytrafficfromexcessivedelays.Ifthetimeneededtoprocessanormal-priorityrequestexceedsaspecifiedinterval,therequestisupgradedtohighpriority.
Onanetworkwithmultiplehubs,oneroothubalwaysexists,towhichalltheothers
![Page 260: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/260.jpg)
areultimatelyconnected.Whentheroothubreceivesarequestthroughaporttowhichanotherhubisconnected,itenablesthesubordinatehubtoperformitsownportscanandprocessonerequestfromeachofitsownports.Inthisway,permissiontoaccessthemediaispropagateddownthenetworktree,andallnodeshaveanequalopportunitytotransmit.
MACFramePreparationInadditiontocontrollingaccesstothenetworkmedium,theMACsublayerassemblesthepacketframefortransmissionacrossthenetwork.Fourpossibletypesofframesexistona100VG-AnyLANnetwork:
•802.3
•802.5
•Void
•Linktraining
802.3and802.5Frames100VG-AnyLANiscapableofusingeither802.3(Ethernet)or802.5(TokenRing)framessothatthe100VGprotocolcancoexistwiththeothernetworktypesduringagradualdeploymentprocess.Usingbothframetypesatonceisimpossible,however.Youmustconfigureallthehubsonthenetworktouseoneortheotherframetype.
All100VGframesareencapsulatedwithinaStartofStreamfieldandanEndofStreamfieldbythephysicalmedium–independentsublayer,whichinformsthePMIsublayeronthereceivingstationwhenapacketisbeingsentandwhenthetransmissioniscompleted.Insidethesefields,the802.3and802.5framesusethesameformatsdefinedintheirrespectivespecifications.
TheMACsublayersuppliesthesystem’sownhardwareaddressforeachpacket’ssourceaddressfieldandalsoperformstheCRCcalculationsforthepacket,storingthemintheFCSfield.
Onincomingpackets,theMACsublayerperformstheCRCcalculationsandcomparestheresultswiththecontentsoftheFCSfield.Ifthepacketpassestheframecheck,theMACsublayerstripsoffthetwoaddressesandtheFCSfieldsandpassestheremainingdatatothenextlayer.
VoidFramesVoidframesaregeneratedbyrepeatersonlywhenanodefailstotransmitapacketwithinagiventimeperiodaftertherepeaterhasacknowledgedit.
LinkTrainingFramesEverytimeanodeisrestartedorreconnectedtothenetwork,itinitiatesalinktrainingprocedurewithitshubbytransmittingaseriesofspecializedlinktrainingpackets.Thisprocedureservesseveralpurposes,asfollows:
•ConnectiontestingForanodetoconnecttothenetwork,itmustexchange24consecutivetrainingpacketswiththehubwithoutcorruptionorloss.ThisensuresthatthephysicalconnectionisviableandthattheNICandhubportarefunctioningproperly.
![Page 261: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/261.jpg)
•PortconfigurationThedatainthetrainingpacketsspecifieswhetherthenodewilluse802.3or802.5frames,whetheritwilloperateinprivateorpromiscuousmode,andwhetheritisanendnode(computer)orarepeater(hub).
•AddressregistrationThehubreadsthenode’shardwareaddressfromthetrainingpacketsandaddsittothetableitmaintainsofalltheconnectednodes’addresses.
Trainingpacketscontain2-byterequestedconfigurationandallowedconfigurationfieldsthatenablenodesandrepeaterstonegotiatetheportconfigurationsettingsfortheconnection.Thetrainingpacketsthenodegeneratescontainitssettingsintherequestedconfigurationfieldandnothingintheallowedconfigurationfield.Therepeater,onreceivingthepackets,addsthesettingsitcanprovidetotheallowedconfigurationfieldandtransmitsthepacketstothenode.
Thepacketsalsocontainbetween594and675bytesofpaddinginthedatafieldtoensurethattheconnectionbetweenthenodeandtherepeaterisfunctioningproperlyandcantransmitdatawithouterror.
ThePhysicalMedium–IndependentSublayerAsthenameimplies,thephysicalmedium–independentsublayerperformsthesamefunctionsforall100VGpackets,regardlessofthenetworkmedium.WhenthePMIsublayerreceivesaframefromtheMACsublayer,itpreparesthedatafortransmissionusingatechniquecalledquartetsignaling.ThequartetreferstothefourpairsofwiresinaUTPcable,allofwhichtheprotocolusestotransmiteachpacket.Quartetsignalingincludesfourseparateprocesses,asfollows:
1.Eachpacketisdividedintoasequenceof5-bitsegments(calledquintets)andassignedsequentiallytofourchannelsthatrepresentthefourwirepairs.Thus,thefirst,fifth,andninthquintetswillbetransmittedoverthefirstpair;thesecond,sixth,andtenthoverthesecondpair;andsoon.
2.Thequintetsarescrambledusingadifferentalgorithmforeachchanneltorandomizethebitpatternsforeachpairandeliminatestringsofbitswithequalvalues.Scramblingthedatainthiswayminimizestheamountofinterferenceandcrosstalkonthecable.
3.Thescrambledquintetsareconvertedtosextets(6-bitunits)usingaprocesscalled5B6Bencoding,whichreliesonapredefinedtableofequivalent5-bitand6-bitvalues.Becausethesextetscontainanequalnumberofzerosandones,thevoltageonthecableremainsevenanderrors(whichtaketheformofmorethanthreeconsecutivezerosorones)aremoreeasilydetected.Theregularvoltagetransitionsalsoenablethecommunicatingstationstosynchronizetheirclocksmoreaccurately.
4.Finally,thepreamble,StartofFramefield,andEndofFramefieldareaddedtotheencodedsextets,and,ifnecessary,paddingisaddedtothedatafieldtobringituptotheminimumlength.
![Page 262: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/262.jpg)
TheMedium-IndependentInterfaceSublayerThemedium-independentinterfacesublayerisalogicalconnectionbetweenthePMIandPMDlayers.Aswith100BaseEthernet,theMIIcanalsotaketheformofaphysicalhardwareelementthatfunctionsasaunifiedinterfacetoanyofthemediasupportedby100VG-AnyLAN.
ThePhysicalMedium–DependentSublayerThephysicalmedium–dependentsublayerisresponsibleforgeneratingtheactualelectricalsignalstransmittedoverthenetworkcable.Thisincludesthefollowingfunctions:
•LinkstatuscontrolsignalgenerationNodesandrepeatersexchangelinkstatusinformationusingcontroltonestransmittedoverallfourwirepairsinfull-duplexmode(twopairstransmittingandtwopairsreceiving).Normaldatatransmissionsaretransmittedinhalf-duplexmode.
•DatastreamsignalconditioningThePMDsublayerusesasystemcallednonreturntozero(NRZ)encodingtogeneratethesignalstransmittedoverthecable.NRZminimizestheeffectsofcrosstalkandexternalnoisethatcandamagepacketsduringtransmission.
•ClockrecoveryNRZencodingtransmits1bitofdataforeveryclockcycle,at30MHzperwirepair,foratotalof120MHz.Becausethe5B6Bencodingschemeuses6bitstocarry5bitsofdata,thenettransmissionrateis100MHz.
TheMedium-DependentInterfaceThemedium-dependentinterfaceistheactualhardwarethatprovidesaccesstothenetworkmedium,asrealizedinanetworkinterfacecardorahub.
Workingwith100VG-AnyLANWhencomparedtothesuccessof100BaseEthernetproductsinthemarketplace,100VG-AnyLANobviouslyhasnotbeenacceptedasanindustrystandard,butafewnetworksstilluseit.Theproblemisnotsomuchoneofperformance,because100VGcertainlyrivals100BaseEthernetinthatrespect,but,instead,ofmarketingandsupport.
Despiteusingthesamephysicallayerspecificationsandframeformats,100VG-AnyLANissufficientlydifferentfromEthernettocausehesitationonthepartofnetworkadministratorswhohaveinvestedlargeamountsoftimeandmoneyinlearningtosupportCSMA/CDnetworks.Deployinganew100VG-AnyLANwouldnotbeawisebusinessdecisionatthispoint,andeventryingtopreserveanexistinginvestmentinthistechnologyisadoubtfulcourseofaction.
Mixing100VG-AnyLANand100BaseEthernetnodesonthesamecollisiondomainisimpossible,butyoucancontinuetouseyourexisting100VGsegmentsandtoaddnew100BaseEthernetsystemsaslongasyouuseaswitchtocreateaseparatecollisiondomain.Themostpracticalmethodfordoingthisistoinstallamodularswitchintowhich
![Page 263: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/263.jpg)
youcanplugtransceiverssupportingdifferentdatalinklayerprotocols.
![Page 264: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/264.jpg)
CHAPTER
![Page 265: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/265.jpg)
12 NetworkingProtocols
Althoughthevastmajorityoflocalareanetworks(LANs)useoneoftheEthernetvariants,otherdatalinklayerprotocolsprovidedtheirownuniqueadvantages.Chiefamongtheseadvantageswastheuseofmediaaccesscontrolmechanisms(MACs)otherthanCarrierSenseMultipleAccesswithCollisionDetection(CSMA/CD).TokenRingandFiberDistributedDataInterface(FDDI)werebothviableLANprotocolsthatapproachedtheproblemofsharinganetworkcableinawhollydifferentway.
TokenRingTokenRingwasthetraditionalalternativetotheEthernetprotocolatthedatalinklayer.ThesupportersofTokenRingwereand,inmanycasesare,stalwart,andwhileitdidnoteverovertakeEthernetinpopularity,itwasfarfrombeingoutoftherace.TokenRingwasoriginallydevelopedbyIBMandlaterstandardizedintheIEEE802.5document,so,likeEthernet,therewereslightlydivergentprotocolstandards.
ThebiggestdifferencebetweenTokenRingandEthernetwasthemediaaccesscontrolmechanism.Totransmititsdata,aworkstationmustbetheholderofthetoken,aspecialpacketcirculatedtoeachnodeonthenetworkinturn.Onlythesysteminpossessionofthetokencantransmit,afterwhichitpassesthetokentothenextsystem.Thiseliminatesallpossibilityofcollisionsinaproperlyfunctioningnetwork,aswellastheneedforacollision-detectionmechanism.
TheTokenRingPhysicalLayerAsthenameimplies,thenodesonaTokenRingnetworkconnectinaringtopology.Thisis,inessence,abuswiththetwoendsconnectedtoeachothersothatsystemscanpassdatatothenextnodeonthenetworkuntilitarrivesbackatitssource.Thisisexactlyhowtheprotocolfunctions:Thesystemthattransmitsapacketisalsoresponsibleforremovingitfromthenetworkafterithastraversedthering.
Thisring,however,islogical,notphysical.Thatis,thenetworktoallappearancestakestheformofastartopology,withtheworkstationsconnectedtoacentralhubcalledamultistationaccessunit(MAU,orsometimesMSAU).Thelogicalring(sometimescalledacollapsedring)isactuallyafunctionoftheMAU,whichacceptspacketstransmittedbyonesystemanddirectsthemouteachsuccessiveportinturn,waitingforthemtoreturnoverthesamecablebeforeproceedingtothenextport(seeFigure12-1).Inthisarrangement,therefore,thetransmitandreceivecircuitsineachworkstationareactuallyseparateportsthatjusthappentousethesamecablebecausethesystemalwaystransmitsdatatothenextdownstreamsystemandreceivesdatafromthenextupstreamsystem.
![Page 266: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/266.jpg)
Figure12-1TokenRingnetworksappeartouseastartopology,butdatatravelsintheformofaring.
NOTETheMAUisalsoknownasaconcentrator.
CableTypesTheoriginalIBMTokenRingimplementationsusedaproprietarycablesystemdesignedbyIBM,whichtheyreferredtoasType1,ortheIBMCablingSystem(ICS).Type1wasa150-ohmshieldedtwisted-pair(STP)cablecontainingtwowirepairs.TheportsofaType1MAUuseproprietaryconnectorscalledIBMdataconnectors(IDCs)oruniversaldataconnectors(UDCs),andthenetworkinterfacecardsusedstandardDB9connectors.AcablewithIDCsateachend,usedtoconnectMAUs,wascalledapatchcable.AcablewithoneIDCandoneDB9,usedtoconnectaworkstationtotheMAU,wascalledalobecable.
TheothercablingsystemusedonTokenRingnetworks,calledType3byIBM,usedstandardunshieldedtwisted-pair(UTP)cable,withCategory5recommended.LikeEthernet,TokenRingusedonlytwoofthewirepairsinthecable,onepairtotransmitdataandonetoreceiveit.Type3cablesystemsalsousedstandardRJ-45connectorsforboththepatchcablesandthelobecables.ThesignalingsystemusedbyTokenRingnetworksatthephysicallayerisdifferentfromthatofEthernet,however.TokenRingusesDifferentialManchestersignaling,whileEthernetusesManchester.
Type3UTPcablinglargelysupplantedType1intheTokenRingworld,mainlybecauseitwasmucheasiertoinstall.Type1cablewasthickandrelativelyinflexiblewhencomparedtoType3,andtheIDCconnectorswerelarge,makinginternalcableinstallationsdifficult.
![Page 267: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/267.jpg)
NOTEThephysicallayerstandardsforTokenRingnetworkswerenotaspreciselyspecifiedasthoseforEthernet.Infact,theIEEE802.5standardisquiteabriefdocumentthatcontainsnophysicallayerspecificationsatall.ThecabletypesandwiringstandardsforTokenRingderivedfromthepracticesusedinproductsmanufacturedbyIBM,theoriginaldeveloperandsupporteroftheTokenRingprotocol.Asaresult,productsmadebyothermanufacturersdifferedintheirrecommendationsforphysicallayerelementssuchascablelengthsandthemaximumnumberofworkstationsallowedonanetwork.
TokenRingNICsThenetworkinterfacecardsforTokenRingsystemsweresimilartoEthernetNICsinappearance.MostofthecardsusedRJ-45connectorsforUTPcable,althoughDB9connectorswerealsoavailable,andtheinternalconnectorssupportedallofthemajorsystembuses,includingPCIandISA.EveryTokenRingadapterhadaverylarge-scaleintegration(VLSI)chipsetthatconsistedoffiveseparateCPUs,eachofwhichhaditsownseparateexecutablecode,datastoragearea,andmemoryspace.EachCPUcorrespondedtoaparticularstateorfunctionoftheadapter.ThiscomplexityisoneofthemainreasonswhyTokenRingNICsweresubstantiallymoreexpensivethanEthernetNICs.
TokenRingMAUsTomaintaintheringtopology,alloftheMAUsonaTokenRingnetworkneededtobeinterconnectedusingtheRingInandRingOutportsintendedforthispurpose.Figure12-2illustrateshowtheMAUsthemselveswerecabledinaringthatwasextendedbythelobecablesconnectingeachoftheworkstations.ItwasalsopossibletobuildaTokenRingnetworkusingacontrolaccessunit(CAU),whichwasessentiallyanintelligentMAUthatsupportedanumberoflobeattachmentmodules(LAMs).ToincreasethenumberofworkstationsconnectedtoaTokenRingnetworkwithoutaddinganewMAU,youcoulduselobeaccessunits(LAUs)thatenabledyoutoconnectseveralworkstationstoasinglelobe.
![Page 268: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/268.jpg)
Figure12-2TheMAUsinaTokenRingnetworkformedthebasicring.Thisringwasextendedwitheachworkstationaddedtothenetwork.
NOTELAMscansupportupto20nodeseach.TokenRingMAUs(nottobeconfusedwithanEthernethub,whichwasoccasionally
calledaMAU,ormediumaccessunit)werequitedifferentfromEthernethubsinseveralways.First,thetypicalMAUwasapassivedevice,meaningitdidnotfunctionasarepeater.ThecablingguidelinesforTokenRingnetworkswerebasedontheuseofpassiveMAUs.TherewererepeatingMAUsonthemarket,however,thatenabledyoutoextendthenetworkcablelengthsbeyondthepublishedstandards.
Second,theportsonallMAUsremainedinaloopbackstateuntiltheywereinitializedbytheworkstationconnectedtothem.Intheloopbackstate,theMAUpassedsignalsitreceivedfromthepreviousportdirectlytothenextportwithoutsendingthemoutoverthelobecable.Whentheworkstationbooted,ittransmittedwhatwasknownasaphantomvoltagetotheMAU.Phantomvoltagedidnotcarrydata;itjustinformedtheMAUofthepresenceoftheworkstation,causingtheMAUtoaddittothering.OnolderType1TokenRingnetworks,anadministratorhadtomanuallyinitializeeachportintheMAUwithaspecial“key”plugbeforeattachingalobecabletoit.ThisinitializationwasessentialinTokenRingbecauseofthenetwork’srelianceoneachworkstationtosendeachpacketitreceivedfromtheMAUrightback.TheMAUcouldnotsendthepackettothenextworkstationuntilitreceiveditfromthepreviousone.IfaMAUweretotransmitapacketoutthroughaporttoaworkstationthatwasturnedoffornonexistent,thepacketwould
![Page 269: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/269.jpg)
neverreturn,theringwouldbebroken,andthenetworkwouldceasefunctioning.Becauseoftheneedforthisinitializationprocess,itwasimpossibletoconnecttwoTokenRingnetworkswithoutaMAU,likeyoucanwithEthernetandacrossovercable.
Finally,MAUsalwayshadtwoportsforconnectingtotheotherMAUsinthenetwork.Ethernetsystemsusingastartopologyconnectedtheirhubsinahierarchicalstarconfiguration(alsocalledabranchingtree),inwhichonehubcouldbeconnectedtoseveralothers,eachofwhich,inturn,wasconnectedtootherhubs,asshowninFigure12-3.TokenRingMAUswerealwaysconnectedinaring,withtheRingInportconnectedtothenextupstreamMAUandtheRingOutportconnectedtothenextdownstreamMAU.EvenifyournetworkhadonlytwoMAUs,youhadtoconnecttheRingInportoneachonetotheRingOutportontheotherusingtwopatchcables.
Figure12-3Ethernethubs(atleft)wereconnectedusingabranchingtreearrangement,whileTokenRingMAUs(atright)wereconnectedinaring.
TheconnectionsbetweenTokenRingMAUswereredundant.Thatis,ifacableorconnectorfailurecausedabreakbetweentwooftheMAUs,theadjacentMAUstransmittedanydatareachingthembackintheotherdirection,sothepacketsalwaysreachedalloftheworkstationsconnectedtothenetwork.TheTokenRingstandardsusedaspecificationcalledtheadjustedringlength(ARL)todeterminethetotallengthofthedatapathintheeventofthistypeoffailure.
CalculatingtheARLTocalculatetheARLforanetwork,youtookthesumofallthepatchcablelengthsbetweenwiringclosetsminusthelengthoftheshortestpatchcableconnectingtwowiringclosetsandmadethefollowingadjustments:
•Added3metersforeverypunchdownconnectioninvolvedinthepathbetweentwoMAUs
•Added30metersforeverysurgeprotectorusedonthenetwork
•Added16metersforeveryeight-portMAU
BecauseMAUswereoftenstoredinwiringclosets,thestandardreferstothenumberofwiringclosetsusedonthenetworkusingMAUsmorethan3metersapart.WhethertheMAUswerephysicallylocatedindifferentclosetsisnotrelevant;anytwoMAUsconnectedbyacablemorethan3meterslongweresaidtobeindifferentwiringclosets.Patchcablesshorterthan3meterswerenottobeincludedintheARLcalculations.
![Page 270: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/270.jpg)
NOTEAlloftheringlengthsdiscussedinreferencetoTokenRingnetworksrefertopassiveMAUnetworks.UnlikeanEthernethub,aTokenRingMAUdidnotusuallyfunctionasarepeater.WhenyouusedactiveMAUsthatincludedsignal-repeatingcapabilities,thecablescouldbemuchlonger,dependingonthecapabilitiesoftheindividualMAU.
TokenPassingAccesstothenetworkmediumonaTokenRingnetworkwasarbitratedthroughtheuseofa3-bytepacketknownasthetoken.Whenthenetworkwasidle,theworkstationsweresaidtobeinbitrepeatmode,awaitinganincomingtransmission.Thetokencirculatedcontinuouslyaroundthering,fromnodetonode,untilitreachedaworkstationthathaddatatotransmit.Totransmititsdata,theworkstationmodifiesasinglemonitorsettingbitinthetokentoreflectthatthenetworkisbusyandsendsittothenextworkstation,followedimmediatelybyitsdatapacket.
Thepacketalsocirculatesaroundthering.Eachnodereadthedestinationaddressinthepacket’sframeheaderandeitherwrotethepackettoitsmemorybuffersforprocessingbeforetransmittingittothenextnodeorjusttransmitteditwithoutprocessing.(ComparethiswithEthernetsystemsthatsimplydiscardpacketsthatarenotaddressedtothem.)Inthisway,thepacketreacheseverynodeonthenetworkuntilitarrivesattheworkstationthatoriginallysentit.
Onreceiptofthepacketafterithadtraversedthering,thesendingnodecomparedtheincomingdatawiththedataitoriginallytransmittedtoseewhetheranyerrorshadoccurredduringtransmission.Iferrorshadoccurred,thecomputerretransmittedthepacket.Ifnoerrorsoccurred,thecomputerremovedthepacketfromthenetworkanddiscardeditandthenchangedthemonitorsettingbitbacktoitsfreestateandtransmittedit.Theprocesswasthenrepeated,witheachsystemhavinganequalchancetotransmit.
Althoughitwasnotpartoftheoriginalstandard,most16MbpsTokenRingsystemstodayincludedafeaturecalledearlytokenrelease(ETR),whichenabledthetransmittingsystemtosendthe“free”tokenimmediatelyafterthedatapacket(insteadofthe“busy”tokenbeforethedatapacket),withoutwaitingforthedatatotraversethenetwork.Thatway,thenextnodeonthenetworkreceivedthedatapacket,capturedthefreetoken,andtransmitteditsowndatapacket,followedbyanotherfreetoken.Thisenabledmultipledatapacketstoexistonthenetworksimultaneously,buttherewasstillonlyonetoken.Earlytokenreleaseeliminatessomeofthelatencydelaysonthenetworkthatoccurredwhilesystemswaitedforthefreetokentoarrive.
NOTEEarlytokenreleasewaspossibleonlyon16MbpsTokenRingnetworks.SystemsthatuseETRcouldcoexistonthesamenetworkwithsystemsthatdidnot.
Becauseonlythecomputerholdingthetokencantransmitdata,TokenRingnetworksdidnotexperiencecollisionsunlessaseriousmalfunctionoccurred.Thismeantthatthe
![Page 271: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/271.jpg)
networkcouldoperateuptoitsfullcapacitywithnodegradationofperformance,ascanhappeninanEthernetnetwork.Thetoken-passingsystemwasalsodeterministic,whichmeantthatitcouldcalculatethemaximumamountoftimethatwouldelapsebeforeaparticularnodecouldtransmit.
TokenRingisnottheonlydatalinklayerprotocolthatusedtokenpassingforitsmediaaccesscontrolmethod.FDDIusestokenpassing.
SystemInsertionBeforeitcouldjointhering,aworkstationhadtocompleteafive-stepinsertionprocedurethatverifiedthesystem’scapabilitytofunctiononthenetwork.Thefivestepswereasfollows:
1.MedialobecheckThemedialobechecktestedthenetworkadapter’scapabilitytotransmitandreceivedataandthecable’scapabilitytocarrythedatatotheMAU.WiththeMAUloopingtheincomingsignalforthesystembackoutthroughthesamecable,theworkstationtransmittedaseriesofMACLobeMediaTestframestothebroadcastaddress,withthesystem’sownaddressasthesource.ThenthesystemtransmittedaMACDuplicationAddressTestframewithitsownaddressasboththesourceandthedestination.Toproceedtothenextstep,thesystemhadtosuccessfullytransmit2,047MACLobeMediaTestframesandoneMACDuplicationAddressTestframe.Thetestingsequencecouldberepeatedonlytwotimesbeforetheadapterwasconsideredtohavefailed.
2.PhysicalinsertionDuringthephysicalinsertionprocess,theworkstationsentaphantomvoltage(alow-voltageDCsignalinvisibletoanydatasignalsonthecable)upthelobecabletotheMAUtotriggertherelaythatcausedtheMAUtoaddthesystemintothering.Afterdoingthis,theworkstationwaitedforasignthatanactivemonitorispresentonthenetwork,intheformofeitheranActiveMonitorPresent(AMP),StandbyMonitorPresent(SMP),orRingPurgeframe.Ifthesystemdidnotreceiveoneoftheseframeswithin18seconds,itinitiatedamonitorcontentionprocess.Ifthecontentionprocessdidnotcompletewithinonesecondoriftheworkstationbecametheactivemonitor(see“TokenRingMonitors”laterinthischapter)andinitiatedaringpurgethatdidnotcompletewithinonesecond,oriftheworkstationreceivedaMACBeaconorRemoveStationframe,theconnectiontotheMAUfailedtoopen,andtheinsertionwasunsuccessful.
3.AddressverificationTheaddressverificationprocedurecheckedtoseewhetheranotherworkstationontheringhadthesameaddress.BecauseTokenRingsupportedlocallyadministeredaddresses(LAAs),itwaspossibleforthistooccur.ThesystemgeneratedaseriesofMACDuplicationAddressTestframeslikethoseinstep1,exceptthatthesewerepropagatedovertheentirenetwork.Ifnoothersystemwasusingthesameaddress,thetestframesshouldcomebackwiththeirAddressRecognized(ARI)andFrameCopied(FCI)bitssetto0,atwhichtimethesystemproceededtothenextstep.IfthesystemreceivedtwotestframeswiththeARIandFCIbitssetto1orifthetestframesdidnotreturnwithin18seconds,theinsertionfailed,andtheworkstationwasremovedfromthering.
![Page 272: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/272.jpg)
4.RingpollparticipationThesystemmustsuccessfullyparticipateinaringpollbyreceivinganAMPorSMPframewiththeARIandFCIbitssetto0,changingthosebitsto1,andtransmittingitsownSMPframe.IftheworkstationdidnotreceiveanAMPorSMPframewithin18seconds,theinsertionfailed,andtheworkstationwasremovedfromthering.
5.RequestinitializationTheworkstationtransmittedfourMACRequestInitializationframestothefunctionaladdressofthenetwork’sringparameterserver.IfthesystemreceivedtheframeswiththeARIandFCIbitssetto0,indicatingthattherewasnofunctioningringparameterserver,thesystem’snetworkadapteruseditsdefaultvalues,andtheinitialization(aswellastheentiresysteminsertion)wasdeemedsuccessful.IfthesystemreceivedoneofitsframeswiththeARIandFCIbitssetto1(indicatingthataringparameterserverhadreceivedtheframe),itwaitedtwosecondsforaresponse.Iftherewasnoresponse,thesystemretrieduptofourtimes,afterwhichtheinitializationfailed,andtheworkstationwasremovedfromthering.
SystemStatesDuringitsnormalfunctions,aTokenRingsystementersthreedifferentoperationalstates,whichareasfollows:
1.RepeatWhileintherepeatstate,theworkstationtransmittedallthedataarrivingattheworkstationthroughthereceiveporttothenextdownstreamnode.Whentheworkstationhadapacketofitsownqueuedfortransmission,itmodifiedthetokenbitintheframe’saccesscontrolbytetoavalueof1andenteredthetransmitstate.Atthesametime,thetokenholdingtimer(THT)thatallowsthesystem8.9msoftransmissiontimewasresettozero.
2.TransmitOnceinthetransmitstate,theworkstationtransmittedasingleframeontothenetworkandreleasedthetoken.Aftersuccessfullytransmittingtheframe,theworkstationtransmittedidlefill(asequenceofones)untilitreturnedtotherepeatstate.IfthesystemreceivedaBeacon,RingPurge,orClaimTokenMACframewhileitwastransmitting,itinterruptedthetransmissionandsentanAbortDelimiterframetoclearthering.
3.StrippingAtthesametimethataworkstation’stransmitportwasinthetransmitstate,itsreceiveportwasinthestrippingstate.Asthetransmitteddatareturnedtotheworkstationaftertraversingthering,thesystemstrippeditfromthenetworksothatitwouldnotcirculateendlessly.Oncethesystemdetectedtheenddelimiterfieldonthereceiveport,itknewthattheframehadbeencompletelystrippedandreturnedtotherepeatstate.Ifthe8.9msTHTexpiredbeforetheenddelimiterarrived,thesystemrecordedalostframeerrorforlatertransmissioninaSoftErrorReportframebeforereturningtotherepeatstate.
TokenRingMonitorsEveryTokenRingnetworkhadasystemthatfunctionedastheactivemonitorthatwasresponsibleforensuringtheproperperformanceofthenetwork.Theactivemonitordidnothaveanyspecialprogrammingorhardware;itwassimplyelectedtotherolebya
![Page 273: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/273.jpg)
processcalledmonitorcontention.Alloftheothersystemsonthenetworkthenfunctionedasstandbymonitors,shouldthecomputerfunctioningastheactivemonitorfail.Thefunctionsoftheactivemonitorwereasfollows:
•TransmitActiveMonitorPresentframesEverysevenseconds,theactivemonitor(AM)transmittedanActiveMonitorPresentMACframethatinitiatedtheringpollingprocess.
•MonitorringpollingTheAMhadtoreceiveeitheranActiveMonitorPresentorStandbyMonitorPresentframefromthenodeimmediatelyupstreamofitwithinsevensecondsofinitiatingaringpollingprocedure.Iftherequiredframedidnotarrive,theAMrecordedaringpollingerror.
•ProvidemasterclockingTheAMgeneratedamasterclocksignalthattheotherworkstationsonthenetworkusedtosynchronizetheirclocks.Thisensuredthatallthesystemsonthenetworkknewwheneachtransmittedbitbeginsandends.Thisalsoreducednetworkjitter,thesmallamountofphaseshiftthattendedtooccuronthenetworkasthenodesrepeatedthetransmitteddata.
•ProvidealatencybufferInthecaseofasmallring,itwaspossibleforaworkstationtobegintransmittingatokenandtoreceivethefirstbitsonitsreceiveportbeforeithadfinishedtransmitting.TheAMpreventedthisbyintroducingapropagationdelayofatleast24bits(calledalatencybuffer),whichensuredthatthetokencirculatesaroundthenetworkproperly.
NOTEAlatencybufferisalsoknownasfixedlatency.•Monitorthetoken-passingprocessTheactivemonitorhadtoreceivea
goodtokenevery10milliseconds,whichensuredthatthetoken-passingmechanismwasfunctioningproperly.Ifaworkstationraisedthetokenpriorityandfailedtoloweritorfailedtocompletelystripitspacketfromthering,theAMdetectedtheproblemandremedieditbypurgingtheringandgeneratinganewtoken.Everynode,onreceivingaRingPurgeMACframefromtheAM,stoppedwhatitwasdoing,resetitstimers,andenteredbitrepeatmodeinpreparationforreceiptofanewpacket.
RingPollingRingpollingwastheprocessbywhicheachnodeonaTokenRingnetworkidentifieditsnearestactiveupstreamneighbor(NAUN).Theworkstationsusedthisinformationduringthebeaconingprocesstoisolatethelocationofanetworkfault.
Thering-pollingprocesswasinitiatedbytheactivemonitorwhenittransmittedanActiveMonitorPresent(AMP)MACframe.ThisframecontainedanAddressRecognizedbitandaFrameCopiedbit,bothofwhichhaveavalueof0.ThefirstsystemdownstreamoftheAMreceivedtheframeandchangedtheARIandFCIbitsto1.ThereceivingsystemalsorecordedtheaddressofthesendingsystemasitsNAUN.ThisisbecausethefirststationthatreceivedanAMPframealwayschangedthevaluesofthosetwobits.Therefore,thesystemreceivingaframewithzero-valuedARIandFCIbitsknewthesenderwasitsnearestactiveupstreamneighbor.
BeaconingWhenastationonaTokenRingnetworkfailedtodetectasignalonits
![Page 274: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/274.jpg)
receiveport,itassumedthattherewasafaultinthenetworkandinitiatedaprocesscalledbeaconing.ThesystembroadcastMACbeaconframestotheentirenetworkevery20milliseconds(withoutcapturingatoken)untilthereceivesignalcommencedagain.Eachstationtransmittingbeaconframeswassaying,inessence,thataproblemexistedwithitsnearestactiveupstreamneighborbecauseitwasnotreceivingasignal.IftheNAUNbeganbeaconingalso,thisindicatedthattheproblemwasfartherupstream.Bynotingwhichstationsonthenetworkwerebeaconing,itwaspossibletoisolatethemalfunctioningsystemorcablesegment.TherewerefourtypesofMACbeaconframes,asfollows:
•SetRecoveryMode(priority1)TheSetRecoveryModeframewasrarelyseenbecauseitwasnottransmittedbyaworkstation’sTokenRingadapter.Thisframewasusedonlyduringarecoveryprocessinitiatedbyanattachednetworkmanagementproduct.
•SignalLoss(priority2)TheSignalLossframewasgeneratedwhenamonitorcontentionprocessfailedbecauseofatimeoutandthesystementeredthecontentiontransmitmodebecauseofafailuretoreceiveanysignalfromtheactivemonitor.Thepresenceofthisframeonthenetworkusuallyindicatedthatacablebreakorahardwarefailurehadoccurred.
•StreamingSignal,NotClaimToken(priority3)TheStreamingSignal,NotClaimTokenframewasgeneratedwhenamonitorcontentionprocessfailedbecauseofatimeoutandthesystemhadreceivednoMACClaimTokenframesduringthecontentionperiod.Thesystemhadreceivedaclocksignalfromtheactivemonitor,however,ortheSignalLossframewouldhavebeengeneratedinstead.
•StreamingSignal,ClaimToken(priority4)TheStreamingSignal,ClaimTokenframewasgeneratedwhenamonitorcontentionprocessfailedbecauseofatimeoutandthesystemhadreceivedMACClaimTokenframesduringthecontentionperiod.Thisframewasusuallyanindicationofatransientproblemcausedbyacablethatwastoolongorbysignalinterferencecausedbyenvironmentalnoise.
Whenasystemsuspectedthatitmaybethecauseofthenetworkproblemresultinginbeaconing,itremoveditselffromtheringtoseewhethertheproblemdisappeared.Ifthesystemtransmittedbeaconframesformorethan26seconds,itperformedabeacontransmitauto-removaltest.
IfthesystemreceivedeightconsecutivebeaconframesthatnameitastheNAUNofabeaconingsystemdownstream,itperformedabeaconreceiveauto-removaltest.
TokenRingFramesFourdifferenttypesofframeswereusedonTokenRingnetworks,unlikeEthernetnetworks,whichhadonesingle-frameformat.Thedataframetypewastheonlyonethatactuallycarriedthedatageneratedbyupper-layerprotocols,whilethecommandframetypeperformedringmaintenanceandcontrolprocedures.Thetokenframetypewasaseparateconstructionusedonlytoarbitratemediaaccess,andtheabortdelimiterframe
![Page 275: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/275.jpg)
typewasusedonlywhencertaintypesoferrorsoccurred.
TheDataFrameTokenRingdataframescarriedtheinformationgeneratedbyupper-layerprotocolsinastandardlogicallinkcontrol(LLC)protocoldataunit(PDU),asdefinedintheIEEE802.2document.Table12-1describesthefieldsthatmadeuptheframeandtheirfunctions.
Table12-1TokenRingDataFramesandTheirFunctions
TheCommandFrameCommandframes,alsocalledMACframes,differedfromdataframesonlyintheinformationfieldandsometimestheframecontrolfield.MACframesdidnotuseanLLCheader;instead,theycontainedaPDUconsistingof2bytesthatindicatedthelengthofthecontrolinformationtofollow,a2-bytemajorvectorIDthatspecifiedthecontrolfunctionoftheframe,andavariablenumberofbytescontainingthecontrolinformationitself.
MACframesperformedringmaintenanceandcontrolfunctionsonly.Theynevercarriedupper-layerdata,andtheywereneverpropagatedtoothercollisiondomainsbybridges,switches,orrouters.
TheTokenFrameThetokenframewasextremelysimple,consistingofonlythree1-bytefields:thestartdelimiter,accesscontrol,andenddelimiterfields.Thetokenbitintheaccesscontrolfieldwasalwayssettoavalueof1,andthedelimiterfieldstookthesameformasinthedataandcommandframes.
TheAbortDelimiterFrameTheabortdelimiterframeconsistedonlyofthestart
![Page 276: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/276.jpg)
delimiterandtheenddelimiterfields,usingthesameformatastheequivalentfieldsinthedataandcommandframes.Thisframetypewasusedprimarilywhenanunusualeventoccurred,suchaswhenthetransmissionofapacketwasinterruptedandendedprematurely.Whenthishappened,theactivemonitortransmittedanabortdelimiterframethatflushedoutthering,removingalltheimproperlytransmitteddataandpreparingitforthenexttransmission.
TokenRingErrorsTheIEEE802.5standarddefinedanumberofsofterrortypesthatsystemsonthenetworkcouldreporttotheworkstationfunctioningastheringerrormonitorusingMACframes.WhenaTokenRingadapterdetectedasofterror,itbeganatwo-secondcountdown,duringwhichitwaitedtoseewhetherothererrorsoccurred.Afterthetwoseconds,thesystemsentasofterrorreportmessagetotheaddressoftheringerrormonitor.TherewereseveraltypesofsofterrorsdetectablebyTokenRingsystems,asshownnext:
•BursterrorAbursterroroccurredwhenasystemdetectedfivehalf-bittimes(thatis,threetransmittedbits)thatlackedtheclocktransitioninthemiddleofthebitcalledforbytheDifferentialManchesterencodingsystem.Thistypeoferrorwastypicallycausedbynoiseonthecableresultingfromfaultyhardwareorsomeotherenvironmentalinfluence.
•LineerrorAlineerroroccurredwhenaworkstationreceivedaframethathadanerrordetectionbitintheenddelimiterfieldwithavalueof1,eitherbecauseofaCRCerrorintheframechecksequenceorbecauseabitviolatingtheDifferentialManchesterencodingsystemwasdetectedinanyfieldsotherthanthestartdelimiterandenddelimiter.Anetworkwithnoiseproblemswouldtypicallyhaveonelineerrorforeverytenbursterrors.
•LostframeerrorAlostframeerroroccurredwhenasystemtransmittedaframeandfailedtoreceiveitbackwithinthefourmillisecondsallottedbythereturntorepeattimer(RRT).Thiserrorcouldbecausedbyexcessivenoiseonthenetwork.
•TokenerrorAtokenerroroccurredwhentheactivemonitor’sten-millisecondvalidtransmissiontimer(VTX)expiredwithoutthereceiptofaframeandtheAMhadtogenerateanewtoken,oftencausedbyexcessivenoiseonthenetwork.
•InternalerrorAninternalerroroccurredwhenasystemdetectedaparityerrorduringdirectmemoryaccess(DMA)betweenthenetworkadapterandthecomputer.
•FrequencyerrorAfrequencyerroroccurredwhenastandbymonitorsystemreceivedasignalthatdifferedfromtheexpectedfrequencybymorethanagivenamount.
•ACerrorAnACerroroccurredwhenasystemreceivedtwoconsecutivering-pollingframeswithARIandFCIbitssetto0,inwhichthefirstframewasanAMPoranSMPandthesecondframewasanSMP.
![Page 277: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/277.jpg)
•FCerrorAFrameCopiederroroccurredwhenasystemreceivedaunicastMACframewiththeARIbitsetto1,indicatingeitheranoiseproblemoraduplicateaddressonthenetwork.
•AbortdelimitertransmittederrorAnabortdelimitertransmittederroroccurredwhenanetworkconditioncausedaworkstationtostoptransmittinginthemiddleofaframeandtogenerateanabortdelimiterframe.
•ReceivecongestionerrorAreceivecongestionerroroccurredwhenasystemreceivedaunicastframebuthadnoavailablebufferspacetostorethepacketbecauseitwasbeingoverwhelmedbyincomingframes.
FDDIAppearingfirstinthelate1980sanddefinedinstandardsdevelopedbytheAmericanNationalStandardsInstitute(ANSI)X3T9.5committee,FiberDistributedDataInterface(FDDI,pronounced“fiddy”)wasthefirst100Mbpsdatalinklayerprotocoltoachievepopularuse.
AtthetimeofFDDI’sintroduction,10MbpsthickandthinEthernetwerethedominantLANtechnologies,andFDDIrepresentedamajorstepforwardinspeed.Inaddition,theuseoffiber-opticcableprovideddramaticincreasesinpacketsize,networksegmentlength,andthenumberofworkstationssupported.FDDIpacketscancarryupto4,500bytesofdata(comparedto1,500forEthernet),and,undercertainconditions,anetworkcanconsistofupto100kmofcable,supportingupto500workstations.Theseimprovements,incombinationwithfiberoptics’completeresistancetotheeffectsofelectromagneticinterference,makeitanexcellentprotocolforconnectingdistantworkstationsandnetworks,eventhoseindifferentbuildings.Asaresult,FDDIoriginallybecameknownprimarilyasabackboneprotocol,aroleforwhichitisadmirablysuited.Whileitoriginallywasdesignedtorunonfiber-opticcables,FDDIcanalsorunoncoppercablesusingelectricalsignals.
Becauseofitsuseasabackboneprotocol,productssuchasbridgesandroutersthatconnectEthernetnetworkstoFDDIbackbonesarecommon.FDDIiscompletelydifferentfromEthernet,andthetwonetworktypescanbeconnectedonlybyusingadevicesuchasarouteroratranslationbridgethatisdesignedtoprovideaninterfacebetweendifferentnetworks.ThisprotocolisreliablebecauseFDDInetworkshavetwocounter-rotatingringsthatbackeachotherup.Thatis,shouldoneringfailtofunction,thesystemprovidesanalternativemethodofsendingdata.
FDDITopologyFDDIisatoken-passingprotocollikeTokenRingthatuseseitheradouble-ringorastartopology.UnlikeTokenRing,inwhichtheringtopologyislogicalandnotphysical,theoriginalFDDIspecificationcalledforthesystemstoactuallybecabledinaringtopology.Inthiscase,itisadoublering,however.Thedoublering(alsocalledatrunkring)consistsoftwoseparaterings,aprimaryandasecondary,withtrafficrunninginoppositedirectionstoprovidefaulttolerance.Thecircumferenceofthedoubleringcanbeupto100km,andworkstationscanbeupto2kmapart.
![Page 278: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/278.jpg)
Workstationsconnectedtobothringsarecalleddualattachmentstations(DASs).Ifacableshouldbreakoraworkstationshouldmalfunction,trafficisdivertedtothesecondaryringthatisrunningintheoppositedirection,enablingittoaccessanyothersystemonthenetworkusingthesecondarypath.AFDDInetworkoperatinginthisstateiscalledawrappedring.Figure12-4showsaproperlyfunctioningFDDIdual-ringnetworkandawrappedring.
Figure12-4TheFDDIdoublering,functioningnormallyontheleftandwrappedontheright
Ifasecondcablebreakshouldoccur,thenetworkisthendividedintotwoseparaterings,andnetworkcommunicationsareinterrupted.Awrappedringisinherentlylessefficientthanthefullyfunctionaldoubleringbecauseoftheadditionaldistancethatthetrafficmusttravelandis,therefore,meanttobeatemporarymeasureonlyuntilthefaultisrepaired.
FDDIcanalsouseastartopologyinwhichworkstationsareattachedtoahub,calledadualattachmentconcentrator(DAC).Thehubcaneitherstandaloneorbeconnectedtoadoublering,formingwhatissometimescalledadualringoftrees.Workstationsconnectedtothehubaresingle-attachmentstations(SASs);theyareconnectedonlytotheprimaryringandcannottakeadvantageofthesecondaryring’swrappingcapabilities.TheFDDIspecificationsdefinefourtypesofportsusedtoconnectworkstationstothenetwork:
•ADASconnectiontosecondaryring
•BDASconnectiontoprimaryring
•MDACportforconnectiontoanSAS
•SSASconnectiontoMportinaconcentrator
Table12-2describesthevarioustypesofconnectionsusingthefourtypesofFDDIports.
![Page 279: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/279.jpg)
Table12-2FDDIConnectionTypes
DASsandDACshavebothAandBportstoconnectthemtoadoublering.SignalsfromtheprimaryringenterthroughtheBportandexitfromtheAport,whilethesignalsfromthesecondaryringenterthroughAandexitthroughB.AnSAShasasingleSport,whichconnectsittotheprimaryringonlythroughanMportonaDAC.
NOTEThe500workstationand100kmnetwork-lengthlimitationsarebasedontheuseofDAScomputers.AFDDInetworkcomposedonlyofSASmachinescanbeupto200kmlongandsupportupto1,000workstations.
DAScomputersthatareattacheddirectlytothedoubleringfunctionasrepeaters;theyregeneratethesignalsastheypasseachpacketalongtotherestofthenetwork.Whenasystemisturnedoff,however,itdoesnotpassthepacketsalong,andthenetworkwraps,unlessthestationisequippedwithabypassswitch.Abypassswitch,implementedeitheraspartofthenetworkinterfaceadapterorasaseparatedevice,enablesincomingsignalstopassthroughthestationandontotherestofthenetwork,butitdoesnotregeneratethem.Onafiber-opticnetwork,thisistheequivalentofopeningawindowtoletthesunlightintoaroominsteadofturningonanelectriclight.Aswithanynetworkmedium,thesignalhasatendencytoattenuateifitisnotregenerated.Iftoomanyadjacentsystemsarenotrepeatingthepackets,thesignalscanweakentothepointatwhichstationscan’treadthem.
TheDACfunctionsmuchlikeaTokenRingMAUinthatitimplementsalogicalringwhileusingaphysicalstartopology.ConnectingaDACtoadoubleringextendstheprimaryringtoeachconnectedworkstationandback,asshowninFigure12-5.NoticethatwhiletheDACisconnectedtoboththeprimaryandsecondaryrings,theMportsconnectonlytheprimaryringtotheworkstations.Thus,whiletheDACitselftakesadvantageofthedoublering’sfaulttolerance,abreakinthecableconnectingaworkstationtotheDACseverstheworkstationfromthenetwork.However,theDACiscapableofdynamicallyremovingamalfunctioningstationfromthering(again,likeaTokenRingMAU)sothattheproblemaffectsonlythesingleworkstationandnottheentirering.
![Page 280: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/280.jpg)
Figure12-5DACsconnectedtothedoubleringprovidemultipleSASconnections
ItissometimespossibletoconnectaDAStotwoDACportstoprovideastandbylinktothehubiftheactivelinkfails.Thisiscalleddualhoming.However,thisisdifferentfromconnectingtheDASdirectlytothedoubleringbecauseboththeAandBportsontheworkstationareconnectedtoMportsonthehub.Mportsareconnectedonlytotheprimaryring,soadual-homedsystemsimplyhasabackupconnectiontotheprimaryring,notaconnectiontobothrings.
CascadinghubsarepermittedonaFDDInetwork.ThismeansyoucanplugoneDACintoanMportofanotherDACtoextendthenetwork.Thereisnolimittothenumberoflayers,aslongasyouobservethemaximumnumberofworkstationspermittedonthering.Itisalsopossibletocreateatwo-stationringbyconnectingtheSportsontwoSAS
![Page 281: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/281.jpg)
computersorbyconnectinganSporttoeithertheAorBportofaDAS.SomeFDDIadaptersmayrequirespecialconfigurationtodothis.
FDDISubsystemsThefunctionalityoftheFDDIprotocolisbrokendownintofourdistinctlayers,asfollows:
•Physicalmediadependent(PMD)Preparesdatafortransmissionoveraspecifictypeofnetworkmedium
•Physical(PHY)Encodesanddecodesthepacketdataintoaformatsuitablefortransmissionoverthenetworkmediumandisresponsibleformaintainingtheclocksynchronizationonthering
•Mediaaccesscontrol(MAC)ConstructsFDDIpacketsbyapplyingtheframecontainingaddressing,scheduling,androutingdata,andthennegotiatesaccesstothenetworkmedium
•Stationmanagement(SMT)ProvidesmanagementfunctionsfortheFDDIring,includinginsertionandremovaloftheworkstationfromthering,faultdetectionandreconfiguration,neighboridentification,andstatisticsmonitoring
TheFDDIstandardsconsistofseparatedocumentsforeachoftheselayers,aswellasseparatespecificationsforsomeoftheoptionsatcertainlayers.Theoperationsperformedateachlayerarediscussedinthefollowingsections.
ThePhysicalMediaDependentLayerThephysicalmediadependentlayerisresponsibleforthemechanicsinvolvedintransmittingdataoveraparticulartypeofnetworkmedium.TheFDDIstandardsdefinetwophysicallayeroptions,asfollows.
Fiber-OpticTheFiber-PMDstandardsdefinetheuseofeithersingle-modeormultimodefiber-opticcable,aswellastheoperatingcharacteristicsoftheothercomponentsinvolvedinproducingthesignals,includingtheopticalpowersources,photo-detectors,transceivers,andmediuminterfaceconnectors.Forexample,theopticalpowersourcesmustbeabletotransmita25-microwattsignal,whilethephotodetectorsmustbecapableofreadinga2-microwattsignal.
The2kmmaximumdistancebetweenFDDIstationscitedearlierisformultimodefiber;withsingle-modecable,runsof40kmto60kmbetweenworkstationsarepossible.Thereisalsoalow-costmultimodefibercablestandard,calledLCF-PMD,thatallowsonly500metersbetweenworkstations.Allofthesefibercablesusethesamewavelength(1300nm),soit’spossibletomixthemonthesamenetwork,aslongasyouadheretothecablingguidelinesoftheleastcapablecableinuse.
Twisted-PairTheTP-PMDstandard,sometimescalledtheCopperDistributedDataInterface(CDDI,pronounced“siddy”),callsfortheuseofeitherstandardCategory5unshieldedtwisted-pairorType1shieldedtwisted-paircable.Inbothcases,themaximumdistanceforacablerunis100meters.Twisted-paircableistypicallyusedforSASconnectionstoconcentrators,whilethebackboneusesfiberoptic.Thismakesitpossible
![Page 282: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/282.jpg)
touseinexpensivecoppercableforhorizontalwiringtotheworkstationsandretaintheattributesoffiberopticonthebackbonewithouttheneedtobridgeorroutebetweenFDDIandEthernet.CDDInevergainedwideacceptanceinthemarketplace,probablybecauseoftheintroductionofFastEthernetatapproximatelythesametime.
ThePhysicalLayerWhilethePMDlayerdefinesthecharacteristicsofspecificmediatypes,thePHYlayerisimplementedinthenetworkinterfaceadapter’schipsetandprovidesamedia-independentinterfacetotheMAClayeraboveit.IntheoriginalFDDIstandards,thePHYlayerisresponsiblefortheencodinganddecodingofthepacketsconstructedbytheMAClayerintothesignalsthataretransmittedoverthecable.FDDIusesasignalingschemecalledNon-ReturntoZeroInverted(NRZI)4B/5B,whichissubstantiallymoreefficientthantheManchesterandDifferentialManchesterschemesusedbyEthernetandTokenRing,respectively.
TheTP-PMDstandard,however,callsforadifferentsignalingscheme,whichisMulti-LevelTransition(MLT-3),whichusesthreesignalvaluesinsteadofthetwousedbyNRZI4B/5B.Bothoftheseschemesprovidethesignalneededtosynchronizetheclocksofthetransmittingandreceivingworkstations.
TheMediaAccessControlLayerTheMAClayeracceptsprotocoldataunits(PDUs)ofupto9,000bytesfromthenetworklayerprotocolandconstructspacketsupto4,500bytesinsizebyencapsulatingthedatawithinaFDDIframe.Thislayerisalsoresponsiblefornegotiatingaccesstothenetworkmediumbyclaimingandgeneratingtokens.
DataFramesMostofthepacketstransmittedbyaFDDIstationaredataframes.Adataframecancarrynetworklayerprotocoldata,MACdatausedinthetokenclaimingandbeaconingprocesses,orstationmanagementdata.
FDDIframescontaininformationencodedintosymbols.Asymbolisa5-bitbinarystringthattheNRZI4B/5Bsignalingschemeusestotransmita4-bitvalue.Thus,twosymbolsareequivalentto1byte.Thisencodingprovidesvaluesforthe16hexadecimaldatasymbols,8controlsymbolsthatareusedforspecialfunctions(someofwhicharedefinedintheframeformatthatfollows),and8violationsymbolsthatFDDIdoesnotuse.Table12-3liststhesymbolsusedbyFDDIandthe5-bitbinarysequencesusedtorepresentthem.
![Page 283: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/283.jpg)
Table12-3FDDISymbolValues
Figure12-6showstheformatofaFDDIdataframe.Thefunctionsoftheframefieldsareasfollows:
•Preamble(PA),8bytesContainsaminimumof16symbolsofidle,thatis,alternating0sand1s,whichtheothersystemsonthenetworkusetosynchronizetheirclocks,afterwhichtheyarediscarded.
•StartingDelimiter(SD),1byteContainsthesymbolsJandK,whichindicatethebeginningoftheframe.
•FrameControl(FC),1byteContainstwosymbolsthatindicatewhatkindofdataisfoundintheINFOfield.Someofthemostcommonvaluesareasfollows:
•40(Voidframe)ContainsnothingbutIusedtoresettimersduringinitialization.
![Page 284: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/284.jpg)
•41,4F(StationManagement[SMT]frame)IndicatesthattheINFOfieldcontainsanSMTPDU,whichiscomposedofanSMTheaderandSMTinformation.
•C2,C3(MACframe)IndicatesthattheframeiseitheraMACClaimframe(C2)oraMACBeaconframe(C3).Theseframesareusedtorecoverfromabnormaloccurrencesinthetoken-passingprocess,suchasfailuretoreceiveatokenorfailuretoreceiveanydataatall.
•50,51(LLCframe)IndicatesthattheINFOfieldcontainsastandardIEEE802.2LLCframe.FDDIpacketscarryingapplicationdatauselogicallinkcontrol(LLC)frames.
•60(implementerframe)Theseframesaredefinedbytheuserofthenetworkorvendor.
•70(reservedframe)Theseframesarereservedforfutureuse.
•DestinationAddress(DA),6bytesSpecifiestheMACaddressofthesystemonthenetworkthatwillnextreceivetheframeoragrouporbroadcastaddress.
•SourceAddress(SA),6bytesSpecifiestheMACaddressofthesystemsendingthepacket.
•Data(INFO),variableContainsnetworklayerprotocoldata,anSMTheaderanddata,orMACdata,dependingonthefunctionoftheframe,asspecifiedintheFCfield.
•FrameCheckSequence(FCS),4bytesContainsacyclicredundancycheckvalue,generatedbythesendingsystem,thatwillberecomputedatthedestinationandcomparedwiththisvaluetoverifythatthepackethasnotbeendamagedintransit.
•EndingDelimiter(ED),4bitsContainsasingleTsymbolindicatingthattheframeiscomplete.
•EndofFrameSequence(FS),12bitsContainsthreeindicatorsthatcanhaveeitherthevalueR(Reset)orthevalueS(Set).AllthreehavethevalueRwhentheframeisfirsttransmittedandmaybemodifiedbyintermediatesystemswhentheyretransmitthepacket.Thefunctionsofthethreeindicatorsareasfollows:
•E(Error)Indicatesthatthesystemhasdetectedanerror,eitherintheFCSorintheframeformat.AnysystemreceivingaframewithavalueofSforthisindicatorimmediatelydiscardstheframe.
•A(Acknowledge)Indicatesthatthesystemhasdeterminedthattheframe’sdestinationaddressappliestoitself,becausetheDAfieldcontainseithertheMACaddressofthesystemorabroadcastaddress.
•C(Copy)Indicatesthatthesystemhassuccessfullycopiedthecontentsoftheframeintoitsbuffers.Undernormalconditions,theAandCindicators
![Page 285: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/285.jpg)
aresettogether;aframeinwhichtheAindicatorissetandCisnotindicatesthattheframecouldnotbecopiedtothesystem’sbuffers.Thisismostlikelybecauseofthesystemshavingbeenoverwhelmedwithtraffic.
Figure12-6TheFDDIdataframe
TokenPassingFDDIusestokenpassingasitsmediaaccesscontrolmechanism,liketheTokenRingprotocol.Aspecialpacketcalledatokencirculatesaroundthenetwork,andonlythesysteminpossessionofthetokenispermittedtotransmititsdata.TheoptionalfeaturecalledearlytokenreleaseonaTokenRingnetwork,inwhichasystemtransmitsanewtokenimmediatelyafteritfinishestransmittingitslastpacket,isstandardonaFDDInetwork.FDDIsystemscanalsotransmitmultiplepacketsbeforereleasingthetokento
![Page 286: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/286.jpg)
thenextstation.Whenapackethastraversedtheentireringandreturnedtothesystemthatoriginallycreatedit,thatsystemremovesthetokenfromtheringtopreventitfromcirculatingendlessly.
Figure12-7showstheformatofthetokenframe.Thefunctionsofthefieldsareasfollows:
•Preamble(PA),8bytesContainsaminimumof16symbolsofidle,thatis,alternating0sand1s,whichtheothersystemsonthenetworkusetosynchronizetheirclocks,afterwhichtheyarediscarded
•StartingDelimiter(SD),1byteContainsthesymbolsJandK,whichindicatethebeginningoftheframe
•FrameControl(FC),1byteContainstwosymbolsthatindicatethefunctionoftheframe,usingthefollowinghexadecimalvalues:
•80(NonrestrictedToken)
•C0(RestrictedToken)
•EndingDelimiter(ED),1byteContainstwoTsymbolsindicatingthattheframeiscomplete
Figure12-7TheFDDItokenframe
FDDIisadeterministicnetworkprotocol.Bymultiplyingthenumberofsystemsonthenetworkbytheamountoftimeneededtotransmitapacket,youcancalculatethemaximumamountoftimeitcantakeforasystemtoreceivethetoken.Thisiscalledthetargettokenrotationtime.FDDInetworkstypicallyruninasynchronousringmode,inwhichanycomputercantransmitdatawhenitreceivesthetoken.SomeFDDIproductscanalsoruninsynchronousringmode,whichenablesadministratorstoallocateaportionofthenetwork’stotalbandwidthtoasystemorgroupofsystems.Alloftheothercomputersonthenetworkrunasynchronouslyandcontendfortheremainingbandwidthinthenormalmanner.
TheStationManagementLayer
![Page 287: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/287.jpg)
UnlikeEthernetandmostotherdatalinklayerprotocols,FDDIhasnetworkmanagementandmonitoringcapabilitiesintegratedintoitandwasdesignedaroundthesecapabilities.TheSMTlayerisresponsibleforringmaintenanceanddiagnosticsoperationsonthenetwork,suchasthefollowing:
•Stationinitialization
•Stationinsertionandremoval
•Connectionmanagement
•Configurationmanagement
•Faultisolationandrecovery
•Schedulingpolicies
•Statisticscollection
AcomputercancontainmorethanoneFDDIadapter,andeachadapterhasitsownPMD,PHY,andMAClayerimplementations,butthereisonlyoneSMTimplementationfortheentiresystem.SMTmessagesarecarriedwithinstandardFDDIdataframeswithavalueof41or4Fintheframecontrolfield.Instationmanagementframes,theINFOfieldoftheFDDIdataframecontainsanSMTPDU,whichiscomposedofanSMTheaderandanSMTinfofield.Figure12-8showstheformatoftheSMTPDU.Thefunctionsofthefieldsareasfollows:
•FrameClass,1byteSpecifiesthefunctionofthemessage,usingthefollowingvalues:
•01(NeighborInformationFrame[NIF])FDDIstationstransmitperiodicannouncementsoftheirMACaddresses,whichenablethesystemsonthenetworktodeterminetheirupstreamneighboraddresses(UNAs)andtheirdownstreamneighboraddresses(DNAs).ThisisknownastheNeighborNotificationProtocol.NetworkmonitoringproductscanalsousethesemessagestocreateamapoftheFDDIring.
•02(StatusInformationFrame-Configuration[SIF-Cfg])Usedtorequestandprovideasystem’sconfigurationinformationforpurposesoffaultisolation,ringmapping,andstatisticsmonitoring.
•03(StatusInformationFrame-Operation[SIF-Opr])Usedtorequestandprovideasystem’soperationinformationforpurposesoffaultisolation,ringmapping,andstatisticsmonitoring.
•04(EchoFrame)UsedforSMT-to-SMTloopbacktestingbetweenFDDIsystems.
•05(ResourceAllocationFrame[RAF])Usedtoimplementnetworkpolicies,suchastheallocationofsynchronousbandwidth.
•06(RequestDeniedFrame[RDF])UsedtodenyarequestissuedbyanotherstationbecauseofanunsupportedVersionIDvalueoralengtherror.
•07(StatusReportFrame[SRF])Usedtoreportastation’sstatusto
![Page 288: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/288.jpg)
networkadministratorswhenspecificconditionsoccur,muchlikeanSNMPtrap.Someoftheseconditionsareasfollows:
•FrameErrorConditionIndicatestheoccurrenceofanunusuallyhighnumberofframeerrors
•LERConditionIndicatestheoccurrenceoflinkerrorsonaportaboveaspecifiedlimit
•DuplicateAddressConditionIndicatesthatthesystemoritsupstreamneighborisusingaduplicateaddress
•PeerWrapConditionIndicatesthataDASisoperatinginwrappedmode—inotherwords,thatitisdivertingdatafromtheprimaryringtothesecondarybecauseofacablebreakorothererror
•HoldConditionIndicatesthatthesystemisinaholding-prmorholding-secstate
•NotCopiedConditionIndicatesthatthesystem’sbuffersareoverwhelmedandthatpacketsarebeingrepeatedwithoutbeingcopiedintothebuffers
•EBErrorConditionIndicatesthepresenceofanelasticitybuffererroronanyport
•MACPathChangeIndicatesthatthecurrentpathhaschangedforanyofthesystem’sMACaddresses
•PortPathChangeIndicatesthatthecurrentpathhaschangedforanyofthesystem’sports
•MACNeighborChangeIndicatesachangeineithertheupstreamordownstreamneighboraddress
•UndesirableconnectionIndicatestheoccurrenceofanundesirableconnectiontothesystem
•08(ParameterManagementFrame-Get[PMF-Get])Providesthemeanstolookatmanagementinformationbase(MIB)attributesonremotesystems.
•09(ParameterManagementFrame-Set[PMF-Set])ProvidesthemeanstosetvaluesforcertainMIBattributesonremotesystems.
•FF(ExtendedServiceFrame[ESF])IntendedforusewhendefiningnewSMTservices.
•FrameType,1byteIndicatesthetypeofmessagecontainedintheframe,usingthefollowingvalues:
•01Announcement
•02Request
•03Response
•VersionID,2bytesSpecifiesthestructureoftheSMTInfofield,usingthe
![Page 289: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/289.jpg)
followingvalues:
•0001Indicatestheuseofaversionlowerthan7.x
•0002Indicatestheuseofversion7.x
•TransactionID,4bytesContainsavalueusedtoassociaterequestandresponsemessages.
•StationID,8bytesContainsauniqueidentifierforthestation,consistingoftwouser-definablebytesandthe6-byteMACaddressofthenetworkinterfaceadapter.
•Pad,2bytesContainstwobyteswithavalueof00thatbringtheoverallsizeoftheheaderto32bytes.
•InfoFieldLength,2bytesSpecifiesthelengthoftheSMTInfofield.
•SMTInfo,variableContainsoneormoreparameters,eachofwhichiscomposedofthefollowingsubfields:
•ParameterType,2bytesSpecifiesthefunctionoftheparameter.Thefirstofthetwobytesindicatestheparameter’sclass,usingthefollowingvalues:
•00Generalparameters
•10SMTparameters
•20MACparameters
•32PATHparameters
•40PORTparameters
•ParameterLength,2bytesSpecifiesthetotallengthoftheResourceIndexandParameterValuefields.
•ResourceIndex,4bytesIdentifiestheMAC,PATH,orPORTobjectthattheparameterisdescribing.
•ParameterValue,variableContainstheactualparameterinformation.
![Page 290: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/290.jpg)
Figure12-8TheFDDIstationmanagementlayerPDUformat
AFDDIsystemusesSMTmessagestoinsertitselfintotheringwhenitispoweredup.Theprocedureconsistsofseveralsteps,inwhichitinitializestheringandteststhelinktothenetwork.Thenthesysteminitiatesitsconnectiontotheringusingaclaimtoken,whichdetermineswhetheratokenalreadyexistsonthenetwork.Ifatokenframealreadyexists,theclaimtokenconfiguresittoincludethenewlyinitializedsysteminthetoken’spath.Ifnotokenisdetected,allofthesystemsonthenetworkgenerateclaimframes,whichenablethesystemstodeterminethevalueforthetokenrotationtimeanddeterminewhichsystemshouldgeneratethetoken.
BecauseoftheSMTheader’ssizeandthenumberoffunctionsperformedbySMTmessages,thecontroloverheadonaFDDInetworkishigh,relativetootherprotocols.
![Page 291: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/291.jpg)
PART
![Page 292: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/292.jpg)
IV NetworkSystems
CHAPTER13
TCP/IP
CHAPTER14
OtherTCP/IPProtocols
CHAPTER15
TheDomainNameSystem
CHAPTER16
InternetServices
![Page 293: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/293.jpg)
CHAPTER
![Page 294: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/294.jpg)
13 TCP/IP
Sinceitsinceptioninthe1970s,theTCP/IPprotocolsuitehasevolvedintotheindustrystandardfordatatransferprotocolsatthenetworkandtransportlayersoftheOpenSystemsInterconnection(OSI)model.Inaddition,thesuiteincludesmyriadotherprotocolsthatoperateaslowasthedatalinklayerandashighastheapplicationlayer.
Operatingsystemstendtosimplifytheappearanceofthenetworkprotocolstacktomakeitmorecomprehensibletotheaverageuser.OnaWindowsworkstation,forexample,youinstallTransmissionControlProtocol/InternetProtocol(TCP/IP)byselectingasinglemodulecalledaprotocol,butthisprocessactuallyinstallssupportforawholefamilyofprotocols,ofwhichTCPandIPareonlytwo.UnderstandinghowtheindividualTCP/IPprotocolsfunctionandhowtheyworktogethertoprovidecommunicationservicesisanessentialpartofadministeringaTCP/IPnetwork.
TCP/IPAttributesThereareseveralreasonswhyTCP/IPistheprotocolsuiteofchoiceonthemajorityofdatanetworks,nottheleastofwhichisthatthesearetheprotocolsusedontheInternet.TCP/IPwasdesignedtosupportthefledglingInternet(thencalledtheARPANET)atatimebeforetheintroductionofthePCwheninteroperabilitybetweencomputingproductsmadebydifferentmanufacturerswasallbutunheardof.TheInternetwas,andis,composedofmanydifferenttypesofcomputers,andwhatwasneededwasasuiteofprotocolsthatwouldbecommontoallofthem.
ThemainelementthatsetsTCP/IPapartfromtheothersuitesofprotocolsthatprovidenetworkandtransportlayerservicesisitsself-containedaddressingmechanism.EverydeviceonaTCP/IPnetworkisassignedanIPaddress(orsometimesmorethanone)thatuniquelyidentifiesittotheothersystems.Devicestodayusenetworkinterfaceadaptersthathaveuniqueidentifiers(MACaddresses)hard-codedintothem,whichmakestheIPaddressredundant.Othertypesofcomputershaveidentifiersassignedbynetworkadministrators,however,andnomechanismexiststoensurethatanothersystemonaworldwideinternetworksuchastheInternetdoesnotusethesameidentifier.
BecauseIPaddressesareregisteredbyacentralizedbody,youcanbecertainthatnotwo(properlyconfigured)machinesontheInternethavethesameaddress.Becauseofthisaddressing,theTCP/IPprotocolscansupportvirtuallyanyhardwareorsoftwareplatforminusetoday.TheIPXprotocolswillalwaysbeassociatedprimarilywithNovellNetWare,andNetBEUIisusedalmostexclusivelyonMicrosoftWindowsnetworks.TCP/IP,however,istrulyuniversalinitsplatforminteroperability,supportedbyallanddominatedbynone.
AnotheruniqueaspectoftheTCP/IPprotocolsisthemethodbywhichtheirstandardsaredesigned,refined,andratified.Ratherthanrelyingonaninstitutionalizedstandards-makingbodyliketheInstituteofElectricalandElectronicsEngineers(IEEE),theTCP/IPprotocolsaredevelopedinademocraticmannerbyanadhocgroupofvolunteerswho
![Page 295: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/295.jpg)
communicatelargelythroughtheInternet.Anyonewhoisinterestedenoughtocontributetothedevelopmentofaprotocoliswelcome.Inaddition,thestandardsthemselvesarepublishedbyabodycalledtheInternetEngineeringTaskForce(IETF)andarereleasedtothepublicdomain,makingthemaccessibleandreproduciblebyanyone.StandardslikethosepublishedbytheIEEEareavailable,butuntilveryrecently,youhadtopayhundredsofdollarstopurchaseanofficialcopyofanIEEEstandardlikethe802.3documentonwhichEthernetisbased.Ontheotherhand,youcanlegallydownloadanyoftheTCP/IPstandards,calledrequestforcomments(RFCs),fromtheIETF’swebsiteatwww.ietf.org/orfromanynumberofotherInternetsites.
TheTCP/IPprotocolsarealsoextremelyscalable.Asevidenceofthis,considerthattheseprotocolsweredesignedatatimewhentheARPANETwasessentiallyanexclusiveclubforscientistsandacademicsandnooneintheirwildestdreamsimaginedthattheprotocolstheywerecreatingwouldbeusedonanetworkthesizeoftheInternetasitexiststoday.ThemainfactorlimitingthegrowthoftheInternetisthe32-bitsizeoftheIPaddressspaceitself,andanewerversionoftheIPprotocol,calledIPv6,addressesthatshortcomingwitha128-bitaddressspace.BySeptember30,2014,allU.S.governmentagenciesmustupdatetheirpublicnetworkstothisversion.
NOTEFormoreinformationaboutIPv6,seeChapter14.
TCP/IPArchitectureTCP/IPisdesignedtosupportnetworksofalmostanypracticalsize.Asaresult,TCP/IPmustbeabletoprovidetheservicesneededbytheapplicationsusingitwithoutbeingoverlyprofligateinitsexpenditureofnetworkbandwidthandotherresources.Toaccommodatetheneedsofspecificapplicationsandfunctionswithinthoseapplications,TCP/IPusesmultipleprotocolsincombinationtoprovidethequalityofservicerequiredforthetaskandnomore.
TheTCP/IPProtocolStackTCP/IPpredatestheOSIreferencemodel,butitsprotocolsbreakdownintofourlayersthatcanberoughlyequatedtotheseven-layerOSIstack,asshowninFigure13-1.
![Page 296: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/296.jpg)
Figure13-1TheTCP/IPprotocolshavetheirownprotocolstackthatcontainsonlyfourlayers.
OnLANs,thelinklayerfunctionalityisnotdefinedbyaTCP/IPprotocolbutbythestandarddatalinklayerprotocols,suchasEthernetandTokenRing.ToreconciletheMACaddresssuppliedbyanetworkinterfaceadapterwiththeIPaddressusedatthenetworklayer,systemsuseaTCP/IPprotocolcalledtheAddressResolutionProtocol(ARP).However,theTCP/IPstandardsdodefinethetwoprotocolsmostcommonlyusedtoestablishlinklayercommunicationsusingmodemsandotherdirectconnections.ThesearethePoint-to-PointProtocol(PPP)andtheSerialLineInternetProtocol(SLIP).
AttheInternetlayeristheInternetProtocol(IP),whichistheprimarycarrierforalloftheprotocolsoperatingattheupperlayers,andtheInternetControlMessageProtocol(ICMP),whichTCP/IPsystemsusefordiagnosticsanderrorreporting.IP,asageneralcarrierprotocol,isconnectionlessandunreliablebecauseservicessuchaserrorcorrectionandguaranteeddeliveryaresuppliedatthetransportlayerwhenrequired.
Twoprotocolsoperateatthetransportlayer:theTransmissionControlProtocol(TCP)andtheUserDatagramProtocol(UDP).TCPisconnection-orientedandreliable,whileUDPisconnectionlessandunreliable.Anapplicationusesoneortheother,dependingonitsrequirementsandtheservicesalreadyprovidedforitattheotherlayers.
Thetransportlayercan,insomeways,besaidtoencompasstheOSIsessionlayeraswellasthetransportlayerintheOSImodel,butnotineverycase.Windowssystems,forexample,canuseTCP/IPtocarrytheNetBIOSmessagestheyusefortheirfileandprinter-sharingactivities,andNetBIOSstillprovidesthesamesessionlayerfunctionalityaswhenasystemusesNetBEUIorIPXinsteadofTCP/IP.ThisisjustoneillustrationofhowthelayersoftheTCP/IPprotocolstackareroughlyequivalenttothoseoftheOSImodel,butnotdefinitivelyso.Bothofthesemodelsarepedagogicalandarediagnostictoolsmorethantheyareguidelinesforprotocoldevelopmentanddeployment,andtheydonotholduptostrictcomparisonsofthevariouslayers’functionswithactualprotocols.
Theapplicationlayeristhemostdifficulttodefinebecausetheprotocolsoperatingtherecanbefullyrealized,self-containedapplicationsinthemselves,suchastheFile
![Page 297: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/297.jpg)
TransferProtocol(FTP),ormechanismsusedbyotherapplicationstoperformaservice,suchastheDomainNameSystem(DNS)andtheSimpleMailTransferProtocol(SMTP).
IPVersionsCurrently,twoversionsofIParebeingused.ThenextseveralsectionsinthischapterdiscusstheolderversionofIPv4,thatis,IPversion4.Initiallypublishedintheearly1980s,thisversiondidnotanticipatethegrowthoftheInternetnorthemillionsofmobiledevicesinusetoday.WhilesuchenhancementsasClasslessInter-DomainRouting(CIDR)andNetworkAddressTranslators(NATs)forestalledtheissueforatime,thedramaticincreaseintheuseofsmartphones,tablets,andothersuchdevicescreatedthedemandformoreIPaddressavailability.(Seethesectionsdiscussingtheseenhancementslaterinthischapter.)
Inthe1990s,IPv6wasestablishedandcreated128-bitaddressfieldsintheIPpacketheaderratherthanthe32-bitaddressespresentinIPv4.Inthismanner,eachtimeasinglebitisadded,thenumberofpossibleaddressesdoubles.However,asdiscussedinChapter14,thislatestversiondoesnotsolvealloftheissueswithIPaddresses.Table13-1showssomeofthedifferencesbetweenIPv4andIPv6.
Table13-1SomeDifferencesBetweenIPv4andIPv6
IPv4AddressingTheIPv4addressesusedtoidentifysystemsonaTCP/IPnetworkwerethesinglemostdefinitivefeatureoftheprotocolsuite.TheIPaddressisanabsoluteidentifierofboththeindividualmachineandthenetworkonwhichitresides.EveryIPdatagrampackettransmittedoveraTCP/IPnetworkcontainstheIPaddressesofthesourcesystemthatgenerateditandthedestinationsystemforwhichitisintendedinitsIPheader.WhileEthernetandTokenRingsystemshaveauniquehardwareaddresscodedintothenetworkinterfacecard,thereisnoinherentmethodtoeffectivelyroutetraffictoanindividualsystemonalargenetworkusingthisaddress.
ANIC’shardwareaddressiscomposedofaprefixthatidentifiesthemanufacturerofthecardandanodeaddressthatisuniqueamongallthecardsbuiltbythatmanufacturer.Themanufacturerprefixisuseless,asfarasroutingtrafficisconcerned,becauseanyonemanufacturer’scardscanbescatteredaroundthenetworkliterallyatrandom.Todelivernetworkpacketstoaspecificmachine,amasterlistofallofthesystemsonthenetworkandtheirhardwareaddresseswouldbeneeded.OnanetworkthesizeoftheInternet,thiswouldobviouslybeimpractical.Byidentifyingthenetworkonwhichasystemislocated,
![Page 298: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/298.jpg)
IPaddressescanberoutedtotheproperlocationusingarelativelymanageablelistofnetworkaddresses,notalistofindividualsystemaddresses.
IPaddressesare32bitslongandarenotatedasfour8-bitdecimalnumbersseparatedbyperiods,asin192.168.2.45.Thisisknownasdotteddecimalnotation;eachofthe8-bitnumbersissometimescalledanoctetoraquad.(Thesetermswereoriginallyusedbecausetherearecomputersforwhichthemorecommontermbytedoesnotequal8bits.)Becauseeachquadisthedecimalequivalentofan8-bitbinarynumber,theirpossiblevaluesrunfrom0to255.Thus,thefullrangeofpossibleIPaddressesis0.0.0.0to255.255.255.255.
IPaddressesdonotrepresentcomputersperse;rather,theyrepresentnetworkinterfaces.AcomputerwithtwonetworkinterfacecardshastwoIPaddresses.Asystemwithtwoormoreinterfacesissaidtobemultihomed.Iftheinterfacesconnectthecomputertodifferentnetworksandthesystemisconfiguredtopasstrafficbetweenthenetworks,thesystemissaidtofunctionasarouter.
NOTEAroutercanbeastandardcomputerwithtwonetworkinterfacesandsoftwarethatprovidesroutingcapabilities,oritcanbeadedicatedhardwaredevicedesignedspecificallyforroutingnetworktraffic.Attimes,theTCP/IPstandardsrefertoroutersofanykindasgateways,whilestandardnetworkingterminologydefinesagatewayasbeinganapplicationlayerdevicethatforwardstrafficbetweennetworksthatusedifferentprotocols,asinane-mailgateway.Donotconfusethetwo.
EveryIPaddresscontainsbitsthatidentifyanetworkandbitsthatidentifyaninterface(calledahost)onthatnetwork.Toreferenceanetwork,systemsusejustthenetworkbits,replacingthehostbitswithzeros.Routersusethenetworkbitstoforwardpacketstoanotherrouterconnectedtothedestinationnetwork,whichthentransmitsthedatatothedestinationhostsystem.
SubnetMaskingIPaddressesalwaysdedicatesomeoftheirbitstothenetworkidentifierandsometothehostidentifier,butthenumberofbitsusedforeachpurposeisnotalwaysthesame.Manycommonaddressesuse24bitsforthenetworkand8forthehost,butthesplitbetweenthenetworkandhostbitscanbeanywhereintheaddress.Toidentifywhichbitsareusedforeachpurpose,everyTCP/IPsystemhasasubnetmaskalongwithitsIPaddress.Asubnetmaskisa32-bitbinarynumberinwhichthebitscorrespondtothoseoftheIPaddress.Abitwitha1valueinthemaskindicatesthatthecorrespondingbitintheIPaddressispartofthenetworkidentifier,whilea0bitindicatesthatthecorrespondingaddressbitispartofthehostidentifier.AswithanIPaddress,thesubnetmaskisexpressedindotteddecimalnotation,soalthoughitmaylooksomethinglikeanIPaddress,themaskhasacompletelydifferentfunction.
Asanexample,considerasystemwiththefollowingTCP/IPconfiguration:IPaddress:192.168.2.45
![Page 299: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/299.jpg)
Subnetmask:255.255.255.0
Inthiscase,the192.168.2portionoftheIPaddressidentifiesthenetwork,whilethe45identifiesthehost.Whenexpressedindecimalform,thismayappearconfusing,butthebinaryequivalentsareasfollows:IPaddress:11000000101010000000001000101101
Subnetmask:11111111111111111111111100000000
Asyoucanseeinthisexample,thedividinglinebetweenthenetworkandhostbitsliesbetweenthethirdandfourthquads.Thedividinglineneednotfallbetweenquads,however.Asubnetmaskof255.255.240.0allocates12bitsforthehostaddressbecausethebinaryequivalentofthemaskisasfollows:11111111111111111111000000000000
Thedividinglinebetweenthenetworkandhostbitscanfallanywhereinthe32bitsofthemask,butyouneverseenetworkbitsmixedupwithhostbits.Aclearlinealwaysseparatesthenetworkbitsontheleftfromthehostbitsontheright.
IPAddressRegistrationForIPaddressestouniquelyidentifythesystemsonthenetwork,itisessentialthatnotwointerfacesbeassignedthesameaddress.Onaprivatenetwork,theadministratorsmustensurethateveryaddressisunique.Theycandothisbymanuallytrackingtheaddressesassignedtotheirnetworksandhosts,ortheycanuseaserviceliketheDynamicHostConfigurationProtocol(DHCP)toassigntheaddressesautomatically.
OntheInternet,however,thisproblemisconsiderablymorecomplicated.Withindividualadministratorscontrollingthousandsofdifferentnetworks,notonlyisitimpracticaltoassumethattheycangettogetherandmakesurethatnoaddressesareduplicated,butnoworldwideserviceexiststhatcanassignaddressesautomatically.Instead,theremustbeaclearinghouseorregistryforIPaddressassignmentsthatensuresnoaddressesareduplicated.
Eventhistaskismonumental,however,becausemillionsofsystemsareconnectedtotheInternet.Infact,sucharegistryexists,butinsteadofassigningindividualhostaddressestoeachsystem,itassignsnetworkaddressestocompaniesandorganizations.TheorganizationchargedwithregisteringnetworkaddressesfortheInternetiscalledtheInternetAssignedNumbersAuthority(IANA).Afteranorganizationobtainsanetworkaddress,theadministratorissolelyresponsibleforassigninguniquehostaddressestothemachinesonthatnetwork.
NOTETheIANAmaintainsawebsiteatwww.iana.org.Thistwo-tieredsystemofadministrationisoneofthebasicorganizationalprinciples
oftheInternet.Domainnameregistrationworksthesameway.Anindependentdomainregistryregistersdomainnamestoorganizationsandindividuals,andtheindividualadministratorsofthosedomainsareresponsibleforassigningnamesinthosedomainstotheirhosts.
![Page 300: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/300.jpg)
IPAddressClassesTheIANAregistersseveraldifferentclassesofnetworkaddresses,whichdifferintheirsubnetmasks,thatis,thenumberofbitsusedtorepresentthenetworkandthehost.Table13-2summarizestheseaddressclasses.
Table13-2IPv4AddressClasses
Theideabehindthedifferentclasseswastocreatenetworksofvaryingsizessuitablefordifferentorganizationsandapplications.AcompanybuildingarelativelysmallnetworkcanregisteraClassCaddressthat,becausetheaddresseshaveonly8hostbits,supportsupto254systems,whilelargerorganizationscanuseClassBorAaddresseswith16or24hostbitsandcreatesubnetsoutofthem.Youcreatesubnetsby“borrowing”someofthehostbitsandusingthemtocreatesubnetworkidentifiers,essentiallynetworkswithinanetwork.
Thesurestwaytoidentifytheclassofaparticularaddressistolookatthevalueofthefirstquad.ClassAaddressesalwayshada0astheirfirstbit,whichmeansthatthebinaryvaluesforthefirstquadrangefrom00000000to01111111,whichtranslatesintothedecimalvalues0through127.Inthesameway,ClassBaddressesalwayshad10astheirfirsttwobits,providingfirstquadvaluesof10000000to10111111,or128to191.ClassCaddresseshad110astheirfirstthreebits,sothefirstquadcanrangefrom11000000to11011111,or192to223.
TheIPaddressclassdeterminedtheboundarybetweenthehostandthenetworkaddresses.
Inpractice,networkaddressesarenotregisteredwiththeIANAdirectlybythecompaniesandorganizationsrunningtheindividualnetworks.Instead,companiesinthebusinessofprovidingInternetaccess,calledInternetserviceproviders(ISPs),registermultiplenetworksandsupplyblocksofaddressestoclientsasneeded.
ClassDaddressesarenotintendedforallocationinblocksliketheotherclasses.Thispartoftheaddressspaceisallocatedformulticastaddresses.Multicastaddressesrepresentgroupsofsystemsthathaveacommonattributebutthatarenotnecessarilylocatedinthesameplaceorevenadministeredbythesameorganization.Forexample,packetssenttothemulticastaddress224.0.0.1areprocessedbyalloftheroutersonthelocalsubnet.
UnregisteredIPAddressesIPaddressregistrationisdesignedfornetworksconnectedtotheInternetwithcomputers
![Page 301: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/301.jpg)
thatmustbeaccessiblefromothernetworks.Whenyouregisteranetworkaddress,nooneelseispermittedtouseit,andtheroutersontheInternethavetheinformationneededtoforwardpacketstoyournetwork.ForaprivatenetworkthatisnotconnectedtotheInternet,itisnotnecessarytoregisternetworkaddresses.Inaddition,mostbusinessnetworksconnectedtotheInternetusesomesortoffirewallproducttopreventintrudersfromaccessingtheirnetworksfromoutside.Innearlyallcases,thereisnorealneedforeverysystemonanetworktobedirectlyaccessiblefromtheInternet,andthereisagenuinedangerindoingso.Manyfirewallproducts,therefore,isolatethesystemsonthenetwork,makingregisteredIPaddressesunnecessary.
ForanetworkthatiscompletelyisolatedfromtheInternet,administratorscanuseanyIPaddressestheywant,aslongastherearenoduplicatesonthesamenetwork.Ifanyofthenetwork’scomputersconnecttotheInternetbyanymeans,however,thereispotentialforaconflictbetweenaninternaladdressandthesystemontheInternetforwhichtheaddresswasregistered.If,forexample,youhappenedtoassignoneofyournetworksystemsthesameaddressasaMicrosoftwebserver,auseronyournetworkattemptingtoaccessMicrosoft’ssitemayreachtheinternalmachinewiththesameaddressinstead.
Topreventtheseconflicts,RFC1918,“AddressAllocationforPrivateInternets,”specifiedthreeaddressrangesintendedforuseonunregisterednetworks,asshownhere.Theseaddresseswerenotassignedtoanyregisterednetworkandcould,therefore,beusedbyanyorganization,publicorprivate.
•ClassA10.0.0.0through10.255.255.255
•ClassB172.16.0.0through172.31.255.255
•ClassC192.168.0.0through192.168.255.255
UsingunregisteredIPaddressesnotonlysimplifiedtheprocessofobtainingandassigningaddressestonetworksystems,italsoconservedtheregisteredIPaddressesforusebysystemsthatactuallyneededthemfordirectInternetcommunications.Aswithmanydesigndecisionsinthecomputerfield,nooneexpectedatthetimeofitsinceptionthattheInternetwouldgrowtobeasenormousasitisnow.The32-bitaddressspacefortheIPprotocolwasthoughttobebigenoughtosupportallfuturegrowth(aswastheoriginal640KBmemorylimitationinPCs).
SpecialIPAddressesAsidefromtheblocksofaddressesdesignatedforusebyunregisterednetworks,therewereotheraddressesnotallocatedtoregisterednetworksbecausetheywereintendedforspecialpurposes.Table13-3liststheseaddresses.
![Page 302: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/302.jpg)
Table13-3Special-PurposeIPAddresses
SubnettingTheoretically,theIPaddressesyouassigntothesystemsonyournetworkdonothavetocorrelateexactlytothephysicalnetworksegments,butinstandardpractice,it’sagoodideaiftheydo.Obviously,anorganizationthatregistersaClassBaddressdoesnothave65,534nodesonasinglenetworksegment;theyhaveaninternetworkcomposedofmanysegments,joinedbyrouters,switches,orotherdevices.TosupportamultisegmentnetworkwithasingleIPnetworkaddress,youcreatesubnetscorrespondingtothephysicalnetworksegment.
Asubnetissimplyasubdivisionofthenetworkaddressthatyoucreatebytakingsomeofthehostidentifierbitsandusingthemasasubnetidentifier.Todothis,youmodifythesubnetmaskonthemachinestoreflecttheborrowedbitsaspartofthenetworkidentifier,insteadofthehostidentifier.
Forexample,youcansubnetaClassBnetworkaddressbyusingthethirdquad,originallyintendedtobepartofthehostidentifier,asasubnetidentifierinstead,asshowninFigure13-2.Bychangingthesubnetmaskfrom255.255.0.0to255.255.255.0,youdividetheClassBaddressinto254subnetsof254hostseach.Youthenassigneachofthephysicalsegmentsonthenetworkadifferentvalueforthethirdquadandnumbertheindividualsystemsusingonlythefourthquad.Theresultisthattheroutersonyournetworkcanusethevalueofthethirdquadtodirecttraffictotheappropriatesegments.
Figure13-2ThetopexampleshowsastandardClassBaddress,splitinto16-bitnetworkandhostidentifiers.Inthebottomexample,theaddresshasbeensubnettedbyborrowingeightofthehostbitsforuseasasubnetidentifier.
NOTEThesubnetidentifierispurelyatheoreticalconstruction.Toroutersandothernetworksystems,anIPaddressconsistsonlyofnetworkandhostidentifiers,withthesubnetbitsincorporatedintothenetworkidentifier.
Thepreviousexampledemonstratesthemostbasictypeofsubnetting,inwhichtheboundariesofthesubnetidentifierfallbetweenthequads.However,youcanuseany
![Page 303: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/303.jpg)
numberofhostbitsforthesubnetidentifierandadjustthesubnetmaskandIPaddressaccordingly.Thisiscalledvariablemasksubnetting.If,forexample,youhaveaClassBaddressanddecidetouse4hostbitsforthesubnetidentifier,youwoulduseasubnetmaskwiththefollowingbinaryvalue:11111111111111111111000000000000
Thefirst4bitsofthethirdquadarechangedfromzerosandonestoindicatethatthesebitsarenowpartofthenetworkidentifier.Thedecimalequivalentofthisnumberis255.255.240.0,whichisthevalueyouwoulduseforthesubnetmaskinthesystem’sTCP/IPconfiguration.Byborrowing4bitsinthisway,youcancreateupto14subnets,consistingof4,094hostseach.Theformulafordeterminingthenumberofsubnetsandhostsisasfollows:2x-2
wherexequalsthenumberofbitsusedforthesubnetidentifier.Yousubtract2toaccountforidentifiersconsistingofallzerosandallones,whicharetraditionallynotused,becausethevalue255isusedforbroadcasts,andthevalue0torepresentthenetwork.Forthisexample,therefore,youperformthefollowingcalculations:24-2=14
212-2=4,094
NOTESomeTCP/IPimplementationsarecapableofusing0asasubnetidentifier,butyoushouldavoidthispracticeunlessyouarecertainthatallofyourroutersalsosupportthisfeature.
TodeterminetheIPaddressesyouassigntoparticularsystems,youincrementthe4bitsofthesubnetidentifierseparatelyfromthe12bitsofthehostidentifierandconverttheresultsintodecimalform.Thus,assumingaClassBnetworkaddressof172.16.0.0withasubnetmaskof255.255.240.0,thefirstIPaddressofthefirstsubnetwillhavethefollowingbinaryaddress:10101100000100000001000000000001
Thefirsttwoquadsarethebinaryequivalentsof172and16.Thethirdquadconsistsofthe4-bitsubnetidentifier,withthevalue0001,andthefirst4bitsofthe12-bithostidentifier.Becausethisisthefirstaddressonthissubnet,thevalueforthehostidentifieris000000000001.
Althoughthese12bitsareincrementedasasingleunit,whenconvertingthebinaryvaluestodecimals,youtreateachquadseparately.Therefore,thevalueofthethirdquad(00010000)indecimalformis16,andthevalueofthefourthquad(00000001)indecimalformis1,yieldinganIPaddressof172.16.16.1.
Fortunately,manuallycomputingthevaluesforyourIPaddressesisn’tnecessarywhenyousubnetthenetwork.Utilitiesareavailablethatenableyoutospecifyanetworkaddressandclassandthenselectthenumberofbitstobeusedforthesubnetidentifier.TheprogramthensuppliesyouwiththeIPaddressesforthemachinesintheindividualsubnets.
![Page 304: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/304.jpg)
NOTEThereareseveralfreeIPv4andIPv6subnetcalculatorutilitiesavailable.Typefreesubnetcalculatorinanysearchengine.
PortsandSocketsTheIPv4addressmakesitpossibletoroutenetworktraffictoaparticularsystem,butoncepacketsarriveatthecomputerandbegintravelinguptheprotocolstack,theystillmustbedirectedtotheappropriateapplication.Thisisthejobofthetransportlayerprotocol,eitherTCPorUDP.Toidentifyspecificprocessesrunningonthecomputer,TCPandUDPuseportnumbersthatareincludedineveryTCPandUDPheader.Typically,theportnumberidentifiestheapplicationlayerprotocolthatgeneratedthedatacarriedinthepacket.
Theportnumberspermanentlyassignedtospecificservices,whicharecalledwell-knownports,arestandardizedbytheInternetAssignedNumbersAuthority(IANA)andpublishedinthe“AssignedNumbers”RFC(RFC1700).EveryTCP/IPsystemhasafilecalledServicesthatcontainsalistofthemostcommonwell-knownportnumbersandtheservicestowhichtheyareassigned.
Forexample,theIPheaderofaDNSquerymessagecontainstheIPaddressofaDNSserverinitsDestinationAddressfield.Oncethepackethasarrivedatthedestination,thereceivingcomputerseesthattheUDPheader’sDestinationPortfieldcontainsthewell-knownportvalue53.Thesystemthenknowstopassthemessagetotheserviceusingportnumber53,whichistheDNSservice.
NOTETheportnumberassignmentsfortheTCPandUDPprotocolsareseparate.Althoughnottypical,itispossibleforaservicetousedifferentportnumbersforTCPandUDPandforthesameportnumbertobeassignedtoadifferentserviceforeachprotocol.
ThecombinationofanIPaddressandaportnumberisknownasasocket.Theuniformresourcelocator(URL)formatcallsforasockettobenotatedwiththeIPaddressfollowedbytheportnumber,separatedbyacolon,asin192.168.2.45:80.
Notallportnumbersarewellknown.Whenaclientconnectstoawell-knownservice,suchasawebserver,itusesthewell-knownportnumberforthatservice(whichinthecaseofawebserveris80),butselectstheportnumberthatitwilluseasitsSourcePortvalueatrandom.Thisisknownasanephemeralportnumber.Thewebserver,onreceivingthepacketfromtheclientaddressedtoport80,readstheSourcePortvalueandknowstoaddressitsreplytotheephemeralportnumbertheclienthaschosen.Topreventclientsfromselectingwell-knownportsfortheirephemeralportnumbers,allofthewell-knownportnumberassignmentsfallbelow1,024,andallephemeralportnumbersmustbeover1,024andhigher.
TCP/IPNamingIPaddressesareanefficientmeansofidentifyingnetworksandhosts,butwhenitcomestouserinterfaces,theyaredifficulttouseandremember.Therefore,theDomainName
![Page 305: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/305.jpg)
System(DNS)wasdevisedtosupplyfriendlynamesforTCP/IPsystems.InadiscussionofthenetworkandtransportlayerTCP/IPprotocols,themostimportantinformationtorememberaboutDNSnamesisthattheyhavenothingtodowiththeactualtransmissionofdataacrossthenetwork.
PacketsareaddressedtotheirdestinationsusingIPaddressesonly.WheneverausersuppliesaDNSnameinanapplication(suchasaURLinawebbrowser),thefirstthingthesystemdoesisinitiateatransactionwithaDNSservertoresolvethenameintoanIPaddress.Thisoccursbeforethesystemtransmitsanytrafficatalltothedestinationsystem.OncethesystemhasdiscoveredtheIPaddressofthedestination,itusesthataddressintheIPheadertosendpacketstothatdestination;theDNSnameisnolongerusedafterthatpoint.
NOTEThestructureofDNSnamesandthefunctionsofDNSserversarediscussedmorefullyinChapter15.
TCP/IPProtocolsThefollowingsectionsexaminesomeofthemajorprotocolsthatmakeuptheTCP/IPsuite.TherearedozensofTCP/IPprotocolsandstandards,butonlyafewarecommonlyusedbythesystemsonaTCP/IPnetwork.
SLIPandPPPTheSerialLineInternetProtocol(SLIP)andthePoint-to-PointProtocol(PPP)areuniqueamongtheTCP/IPprotocolsbecausetheyprovidefulldatalinklayerfunctionality.SystemsconnectedtoaLANrelyononeofthestandarddatalinklayerprotocols,suchasEthernetandTokenRing,tocontroltheactualconnectiontothenetwork.ThisisbecausethesystemsareusuallysharingacommonmediumandmusthaveaMACmechanismtoregulateaccesstoit.
SLIPandPPPweredesignedforusewithdirectconnectionsinwhichthereisnoneedformediaaccesscontrol.Becausetheyconnectonlytwosystems,SLIPandPPParecalledpoint-to-pointorend-to-endprotocols.OnasystemusingSLIPorPPP,theTCP/IPprotocolsdefinetheworkingsoftheentireprotocolstack,exceptforthephysicallayeritself,whichreliesonahardwarestandardlikethatfortheRS-232serialportinterface,whichprovidesaconnectiontothemodem.
Inmostcases,systemsuseSLIPorPPPtoprovideInternetorWANconnectivity,whetherornotthesystemisconnectedtoaLAN.Virtuallyeverystand-alonePCthatusesamodemtoconnecttoanISPforInternetaccessdoessousingaPPPconnection,althoughafewsystemtypesstilluseSLIP.LANsalsouseSLIPorPPPconnectionsintheirrouterstoconnecttoanISPtoprovideInternetaccesstotheentirenetworkortoconnecttoanotherLAN,formingaWANconnection.Althoughcommonlyassociatedwithmodemconnections,otherphysicallayertechnologiescanalsouseSLIPandPPP,includingleasedlines,ISDN,framerelay,andATMconnections.
SLIPandPPPareconnection-orientedprotocolsthatprovideadatalinkbetweentwo
![Page 306: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/306.jpg)
systemsinthesimplestsenseoftheterm.TheyencapsulateIPdatagramsfortransportbetweencomputers,justasEthernetandTokenRingdo,buttheframetheyuseisfarsimpler.ThisisbecausetheprotocolsarenotsubjecttothesameproblemsastheLANprotocols.Becausethelinkconsistsonlyofaconnectionbetweenthetwocomputers,thereisnoneedforamediaaccesscontrolmechanismlikeCSMA/CDortokenpassing.Also,thereisnoproblemwithaddressingthepacketstoaspecificdestination;becauseonlytwocomputersareinvolvedintheconnection,thedatacangotoonlyoneplace.
SLIPSLIPwascreatedintheearly1980stoprovidethesimplestpossiblesolutionfortransmittingdataoverserialconnections.Noofficialstandarddefinedtheprotocol,mainlybecausethereisnothingmuchtostandardizeandinteroperabilityisnotaproblem.ThereisanIETFdocument,however,called“ANonstandardforTransmissionofIPDatagramsoverSerialLines”(RFC1055),thatdefinesthefunctionalityoftheprotocol.
TheSLIPframeissimplicityitself.Asingle1-bytefieldwiththehexadecimalvaluec0servesasanENDdelimiter,followingeveryIPdatagramtransmittedoverthelink.TheENDcharacterinformsthereceivingsystemthatthepacketcurrentlybeingtransmittedhasended.SomesystemsalsoprecedeeachIPdatagramwithanENDcharacter.Thisway,ifanylinenoiseoccursbetweendatagramtransmissions,thereceivingsystemtreatsitasapacketuntoitselfbecauseitisdelimitedbytwoENDcharacters.Whentheupper-layerprotocolsattempttoprocessthenoise“packet,”theyinterpretitasgibberishanddiscardit.
Ifadatagramcontainsabytewiththevaluec0,thesystemaltersittothe2-bytestringdbdcbeforetransmissiontoavoidterminatingthepacketincorrectly.ThedbbyteisreferredtoastheESC(escape)character,which,whencoupledwithanothercharacter,servesaspecialpurpose.IfthedatagramcontainsanactualESCcharacteraspartofthedata,thesystemsubstitutesthestringdbddbeforetransmission.
NOTETheESCcharacterdefinedbySLIPisnottheequivalentoftheASCIIESCcharacter.
SLIPShortcomingsBecauseofitssimplicity,SLIPwaseasytoimplementandaddedlittleoverheadtodatatransmissions,butitalsolackedfeaturesthatcouldmakeitamoreusefulprotocol.Forexample,SLIPlacksthecapabilitytosupplytheIPaddressofeachsystemtotheother,meaningthatbothsystemshadtobeconfiguredwiththeIPaddressoftheother.SLIPalsohadnomeansofidentifyingtheprotocolitcarriedinitsframe,whichpreventeditfrommultiplexingnetworklayerprotocols(suchasIPandIPX)overasingleconnection.SLIPalsohadnoerror-detectionorcorrectioncapabilities,whichleftthesetaskstotheupper-layerprotocols,causinggreaterdelaysthanadatalinklayererror-detectionmechanismwould.
PPPPPPwascreatedasanalternativetoSLIPthatprovidedgreaterfunctionality,suchasthe
![Page 307: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/307.jpg)
capabilitytomultiplexdifferentnetworklayerprotocolsandsupportvariousauthenticationprotocols.Naturally,thecostoftheseadditionalfeaturesisalargerheader,butPPPstilladdedonlyamaximumof8bytestoapacket(ascomparedtothe16bytesneededforanEthernetframe).MostoftheconnectionstoInternetserviceproviders,whetherbystand-alonesystemsorrouters,usePPPbecauseitenablestheISPtoimplementaccesscontrolmeasuresthatprotecttheirnetworksfromintrusionbyunauthorizedusers.
AtypicalPPPsessionconsistsofseveralconnectionestablishmentandterminationprocedures,usingotherprotocolsinadditiontothePPP.Theseproceduresareasfollows:
•ConnectionestablishmentThesysteminitiatingtheconnectionusestheLinkControlProtocol(LCP)tonegotiatecommunicationparametersthatthetwomachineshaveincommon.
•AuthenticationAlthoughnotrequired,thesystemmayuseanauthenticationprotocolsuchasthePasswordAuthenticationProtocol(PAP)ortheChallengeHandshakeAuthenticationProtocol(CHAP)tonegotiateaccesstotheothersystem.
•NetworklayerprotocolconnectionestablishmentForeachnetworklayerprotocolthatthesystemsuseduringthesession,theyperformaseparateconnectionestablishmentprocedureusingaNetworkControlProtocol(NCP)suchastheInternetProtocolControlProtocol(IPCP).
UnlikeSLIP,PPPisstandardized,butthespecificationsaredividedamongseveraldifferentRFCs.Table13-4liststhedocumentsforeachoftheprotocols.
Table13-4PPPandRelatedStandards
ThePPPFrameRFC1661definedthebasicframeusedbythePPPprotocoltoencapsulateotherprotocolsandtransmitthemtothedestination.Theframeissmall,only8(orsometimes10)bytes,andisillustratedinFigure13-3.
Figure13-3ThePPPframeformat
Thefunctionsofthefieldsareasfollows:
•Flag(1byte)Containsahexadecimalvalueof7eandfunctionsasapacket
![Page 308: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/308.jpg)
delimiter,likeSLIP’sENDcharacter.
•Address(1byte)Containsahexadecimalvalueofff,indicatingthepacketisaddressedtoallstations.
•Control(1byte)Containsahexadecimalvalueof03,identifyingthepacketascontaininganHDLCunnumberedinformationmessage.
•Protocol(2bytes)Containsacodeidentifyingtheprotocolthatgeneratedtheinformationinthedatafield.Codevaluesinthe0xxxto3xxxrangeareusedtoidentifynetworklayerprotocols,valuesfrom4xxxto7xxxidentifylow-volumenetworklayerprotocolswithnocorrespondingNCP,valuesfrom8xxxtobxxxidentifynetworklayerprotocolswithcorrespondingNCPs,andvaluesfromcxxxtofxxxidentifylinklayercontrolprotocolslikeLCPandtheauthenticationprotocols.Thepermittedcodes,specifiedintheTCP/IP“AssignedNumbers”document(RFC1700),includethefollowing:
•0021UncompressedIPdatagram(usedwhenVanJacobsoncompressionisenabled)
•002bNovellIPXdatagram
•002dIPdatagramswithcompressedIPandTCPheaders(usedwhenVanJacobsoncompressionisenabled)
•002fIPdatagramscontaininguncompressedTCPdata(usedwhenVanJacobsoncompressionisenabled)
•8021InternetProtocolControlProtocol(IPCP)
•802bNovellIPXControlProtocol(IPXIP)
•c021LinkControlProtocol(LCP)
•c023PasswordAuthenticationProtocol(PAP)
•c223ChallengeHandshakeAuthenticationProtocol(CHAP)
•DataandPad(variable,upto1,500bytes)Containsthepayloadofthepacket,uptoadefaultmaximumlength(calledthemaximumreceiveunit[MRU])of1,500bytes.ThefieldmaycontainmeaninglessbytestobringitssizeuptotheMRU.
•FrameCheckSequence(FCS,2or4bytes)ContainsaCRCvaluecalculatedontheentireframe,excludingtheflagandframechecksequencefields,forerror-detectionpurposes.
•Flag(1byte)Containsthesamevalueastheflagfieldatthebeginningoftheframe.Whenasystemtransmitstwopacketsconsecutively,oneoftheflagfieldsisomittedbecausetwowouldbemistakenasanemptyframe.
SeveralofthefieldsinthePPPframecanbemodifiedasaresultofLCPnegotiationsbetweenthetwosystems,suchasthelengthoftheprotocolandFCSfieldsandtheMRUforthedatafield.Thesystemscanagreetousea1-byteprotocolfieldora4-byteFCSfield.
![Page 309: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/309.jpg)
TheLCPFramePPPsystemsuseLinkControlProtocol(LCP)tonegotiatetheircapabilitiesduringtheconnectionestablishmentprocesssotheycanachievethemostefficientpossibleconnection.LCPmessagesarecarriedwithinPPPframesandcontainconfigurationoptionsfortheconnection.Oncethetwosystemsagreeonaconfigurationtheycanbothsupport,thelinkestablishmentprocesscontinues.Byspecifyingtheparametersfortheconnectionduringthelinkestablishmentprocess,thesystemsdon’thavetoincluderedundantinformationintheheaderofeverydatapacket.
Figure13-4showstheLCPmessageformat.
Figure13-4TheLCPmessageformat
Thefunctionsoftheindividualfieldsarelistedhere:
•Code(1byte)SpecifiestheLCPmessagetype,usingthefollowingcodes:
•1Configure-Request
•2Configure-Ack
•3Configure-Nak
•4Configure-Reject
•5Terminate-Request
•6Terminate-Ack
•7Code-Reject
•8Protocol-Reject
•9Echo-Request
•10Echo-Reply
•11Discard-Request
•Identifier(1byte)ContainsacodeusedtoassociatetherequestandrepliesofaparticularLCPtransaction.
•Length(2bytes)SpecifiesthelengthoftheLCPmessage,includingthecode,identifier,length,anddatafields.
•Data(variable)Containsmultipleconfigurationoptions,eachofwhichiscomposedofthreesubfields.
EachoftheoptionsintheLCPmessage’sdatafieldconsistsofthesubfieldsshowninFigure13-5.Thefunctionsofthesubfieldsareasfollows:
![Page 310: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/310.jpg)
•Type(1byte)Specifiestheoptiontobeconfigured,usingacodefromthe“AssignedNumbers”RFC,asfollows:
•0VendorSpecific
•1MaximumReceiveUnit
•2AsyncControlCharacterMap
•3AuthenticationProtocol
•4QualityProtocol
•5MagicNumber
•6Reserved
•7ProtocolFieldCompression
•8AddressandControlFieldCompression
•9FCSAlternatives
•10Self-DescribingPad
•11NumberedMode
•12MultilinkProcedure
•13Callback
•14ConnectTime
•15CompoundFrames
•16NominalDataEncapsulation
•17MultilinkMRRU
•18MultilinkShortSequenceNumberHeaderFormat
•19MultilinkEndpointDiscriminator
•20Proprietary
•21DCEIdentifier
•Length(1byte)SpecifiesthelengthoftheLCPmessage,includingthecode,identifier,length,anddatafields.
•Data(variable)ContainsinformationpertinenttothespecificLCPmessagetype,asindicatedbythecodefield.
Figure13-5TheLCPoptionformat
TheLCPprotocolisalsodesignedtobeextensible.Byusingacodevalueof0,vendorscansupplytheirownoptionswithoutstandardizingthemwiththeIANA,asdocumentedinRFC2153,“PPPVendorExtensions.”
![Page 311: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/311.jpg)
AuthenticationProtocolsPPPconnectionscanoptionallyrequireauthenticationtopreventunauthorizedaccess,usinganexternalprotocolagreedonduringtheexchangeofLCPconfigurationmessagesandencapsulatedwithinPPPframes.Twoofthemostpopularauthenticationprotocols—PAPandCHAP—aredefinedbyTCP/IPspecifications,butsystemscanalsouseotherproprietaryprotocolsdevelopedbyindividualvendors.
ThePAPFramePAPistheinherentlyweakerofthetwoprimaryauthenticationprotocolsbecauseitusesonlyatwo-wayhandshakeandtransmitsaccountnamesandpasswordsoverthelinkincleartext.SystemsgenerallyusePAPonlywhentheyhavenootherauthenticationprotocolsincommon.PAPpacketshaveavalueofc023inthePPPheader’sprotocolfieldanduseamessageformatthatisbasicallythesameasLCP,exceptfortheoptions.
TheCHAPFrameTheCHAPprotocolisconsiderablymoresecurethanPAPbecauseitusesathree-wayhandshakeandnevertransmitsaccountnamesandpasswordsincleartext.CHAPpacketshaveavalueofc223inthePPPheader’sprotocolfieldanduseamessageformatalmostidenticaltoPAP’s.
TheIPCPFramePPPsystemsuseNetworkControlProtocols(NCPs)tonegotiateconnectionsforeachofthenetworklayerprotocolstheywilluseduringthesession.BeforeasystemcanmultiplexthetrafficgeneratedbydifferentprotocolsoverasinglePPPconnection,itmustestablishaconnectionforeachprotocolusingtheappropriateNCPs.
TheInternetProtocolControlProtocol(IPCP),whichistheNCPforIP,isagoodexampleoftheprotocolstructure.ThemessageformatoftheNCPsisnearlyidenticaltothatofLCP,exceptthatitsupportsonlyvalues1through7forthecodefield(thelinkconfiguration,linktermination,andcoderejectvalues)andusesdifferentoptionsinthedatafield.LikeLCP,themessagesarecarriedinPPPframes,butwithavalueof8021inthePPPheader’sprotocolfield.
TheoptionsthatcanbeincludedinthedatafieldofanIPCPmessageusethefollowingvaluesinthetypefield:
•2(IPCompressionProtocol)SpecifiestheprotocolthesystemshouldusetocompressIPheaders,forwhichtheonlyvalidoptionisVanJacobsoncompression.
NOTEVanJacobsonTCP/IPHeaderCompressionisadatacompressionprotocoldescribedinRFC1144,specificallydesignedbyVanJacobsontoimproveTCP/IPperformanceoverslowseriallinks.Thiscompressionreducesthenormal40-byteTCP/IPpacketheadersdownto3to4bytesfortheaveragecasebysavingthestateofTCPconnectionsatbothendsofalinkandsendingthedifferencesonlyintheheaderfieldsthatchange.Whilethismakesabigdifferenceonlow-speedlinks,itwillnotdo
![Page 312: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/312.jpg)
anythingabouttheprocessingdelayinherenttomostdial-upmodems.•3(IPAddress)UsedbythetransmittingsystemtorequestaparticularIP
addressor,ifthevalueis0.0.0.0,torequestthatthereceivingsystemsupplyanaddress(replacesthetype1IPAddressesoption,whichisnolongerused).
PPPConnectionEstablishmentOncethephysicallayerconnectionbetweenthetwosystemshasbeenestablished,thePPPconnectionestablishmentprocessbegins.Thetwosystemspassthroughseveraldistinctphasesduringthecourseofthesession,asillustratedinFigure13-6anddiscussedinthefollowingsections.
Figure13-6PPPconnectionphases
LinkDeadBothsystemsbeginandendthesessionintheLinkDeadphase,whichindicatesthatnophysicallayerconnectionexistsbetweenthetwomachines.Onatypicalsession,anapplicationorserviceononesysteminitiatesthephysicallayerconnection.Oncethehardwareconnectionprocessiscompleted,thesystemspassintotheLinkEstablishmentphase.
LinkEstablishmentIntheLinkEstablishmentphase,thesysteminitiatingtheconnectiontransmitsanLCPConfigureRequestmessagetothedestinationcontainingtheoptionsitwouldliketoenable,suchastheuseofspecificauthentication,link-qualitymonitoring,andnetworklayerprotocols(ifany),andwhetherthesystemsshouldmodifystandardfeatures,suchasthesizeoftheFCSfieldoradifferentMRUvalue.Ifthereceivingsystemcansupportallthespecifiedoptions,itreplieswithaConfigureAckmessagecontainingthesameoptionvalues,andthisphaseoftheconnectionprocessiscompleted.
Ifthereceivingsystemrecognizestheoptionsintherequestmessagebutcannotsupportthevaluesforthoseoptionssuppliedbythesender(suchasifthesystemsupportsauthenticationbutnotwiththeprotocolthesenderhasspecified),itreplieswithaConfigureNakmessagecontainingtheoptionswithvaluesitcannotsupport.Withtheseoptions,thereplyingsystemsuppliesallthevaluesitdoessupportandalsomayincludeotheroptionsitwouldliketoseeenabled.Usingthisinformation,theconnectingsystemgeneratesanotherConfigureRequestmessagecontainingoptionsitknowsaresupported,
![Page 313: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/313.jpg)
towhichthereceiverreplieswithaConfigureAckmessage.
Ifthereceivingsystemfailstorecognizeanyoftheoptionsintherequest,itreplieswithaConfigureRejectmessagecontainingonlytheunrecognizedoptions.ThesenderthengeneratesanewConfigureRequestmessagethatdoesnotcontaintherejectedoptions,andtheprocedurecontinuesaspreviouslyoutlined.Eventually,thesystemsperformasuccessfulrequest/acknowledgmentexchange,andtheconnectionprocessmovesontothenextphase.
AuthenticationTheAuthenticationphaseoftheconnectionprocessisoptionalandistriggeredbytheinclusionoftheAuthenticationProtocoloptionintheLCPConfigureRequestmessage.DuringtheLCPlinkestablishmentprocess,thetwosystemsagreeonanauthenticationprotocoltouse.UseofthePAPandCHAPprotocolsiscommon,butotherproprietaryprotocolsareavailable.
ThemessageformatandexchangeproceduresfortheAuthenticationphasearedictatedbytheselectedprotocol.InaPAPauthentication,forexample,thesendingsystemtransmitsanAuthenticateRequestmessagecontaininganaccountnameandpassword,andthereceiverreplieswitheitheranAuthenticateAckorAuthenticateNakmessage.
CHAPisinherentlymoresecurethanPAPandrequiresamorecomplexmessageexchange.ThesendingsystemtransmitsaChallengemessagecontainingdatathatthereceiveruseswithitsencryptionkeytocomputeavalueitreturnstothesenderinaResponsemessage.Dependingonwhetherthevalueintheresponsematchesthesender’sowncomputations,ittransmitsaSuccessorFailuremessage.
Asuccessfultransactioncausestheconnectionproceduretoproceedtothenextphase,buttheeffectofafailureisdictatedbytheimplementationoftheprotocol.SomesystemsproceeddirectlytotheLinkTerminationphaseintheeventofanauthenticationfailure,whileothersmightpermitretriesorlimitednetworkaccesstoahelpsubsystem.
LinkQualityMonitoringTheuseofalinkqualitymonitoringprotocolisalsoanoptionalelementoftheconnectionprocess,triggeredbytheinclusionoftheQualityProtocoloptionintheLCPConfigureRequestmessage.Althoughtheoptionenablesthesendingsystemtospecifyanyprotocolforthispurpose,onlyonehasbeenstandardized,theLinkQualityReportprotocol.Thenegotiationprocessthatoccursatthisphaseenablesthesystemstoagreeonanintervalatwhichtheyshouldtransmitmessagescontaininglinktrafficanderrorstatisticsthroughoutthesession.
NetworkLayerProtocolConfigurationPPPsupportsthemultiplexingofnetworklayerprotocolsoverasingleconnection,andduringthisphase,thesystemsperformaseparatenetworklayerconnectionestablishmentprocedureforeachofthenetworklayerprotocolsthattheyhaveagreedtouseduringtheLinkEstablishmentphase.Eachnetworklayerprotocolhasitsownnetworkcontrolprotocol(NCP)forthispurpose,suchastheInternetProtocolControlProtocol(IPCP)ortheInternetworkingPacketExchangeControlProtocol(IPXCP).ThestructureofanNCPmessageexchangeissimilartothatofLCP,excepttheoptionscarriedintheConfigureRequestmessageareuniquetotherequirementsoftheprotocol.DuringanIPCPexchange,forexample,thesystemsinformeachotheroftheirIPaddressesandagreeonwhethertouseVanJacobsonheadercompression.Otherprotocolshavetheirownindividualneedsthatthesystemsnegotiate
![Page 314: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/314.jpg)
asneeded.NCPinitializationandterminationprocedurescanalsooccuratanyothertimeduringtheconnection.
LinkOpenOncetheindividualNCPexchangesarecompleted,theconnectionisfullyestablished,andthesystemsentertheLinkOpenphase.Networklayerprotocoldatacannowtraveloverthelinkineitherdirection.
LinkTerminationWhenoneofthesystemsendsthesessionorasaresultofotherconditionssuchasaphysicallayerdisconnection,anauthenticationfailure,oraninactivitytimeout,thesystemsentertheLinkTerminationphase.Toseverthelink,onesystemtransmitsanLCPTerminateRequestmessagetowhichtheothersystemreplieswithaTerminateAck.BothsystemsthenreturntotheLinkDeadphase.
NCPsalsosupporttheTerminateRequestandTerminateAckmessages,buttheyareintendedforusewhilethePPPconnectionremainsintact.Infact,thePPPconnectioncanremainactiveevenifallofthenetworklayerprotocolconnectionshavebeenterminated.ItisunnecessaryforsystemstoterminatethenetworklayerprotocolconnectionsbeforeterminatingthePPPconnection.
ARPTheAddressResolutionProtocol(ARP)occupiesanunusualplaceintheTCP/IPsuitebecauseitdefiesallattemptsatcategorization.UnlikemostoftheotherTCP/IPprotocols,ARPmessagesarenotcarriedwithinIPdatagrams.Aseparateprotocolidentifierisdefinedinthe“AssignedNumbers”documentthatdatalinklayerprotocolsusetoindicatethattheycontainARPmessages.Becauseofthis,thereissomedifferenceofopinionaboutthelayeroftheprotocolstacktowhichARPbelongs.SomesayARPisalinklayerprotocolbecauseitprovidesaservicetoIP,whileothersassociateitwiththeInternetlayerbecauseitsmessagesarecarriedwithinlinklayerprotocols.
ThefunctionoftheARPprotocol,asdefinedinRFC826,“AnEthernetAddressResolutionProtocol,”istoreconciletheIPaddressesusedtoidentifysystemsattheupperlayerswiththehardwareaddressesatthedatalinklayer.Whenitrequestsnetworkresources,aTCP/IPapplicationsuppliesthedestinationIPaddressusedintheIPprotocolheader.ThesystemmaydiscovertheIPaddressusingaDNSorNetBIOSname-resolutionprocess,oritmayuseanaddresssuppliedbyanoperatingsystemorapplicationconfigurationparameter.
DatalinklayerprotocolssuchasEthernet,however,havenouseforIPaddressesandcannotreadthecontentsoftheIPdatagramanyway.Totransmitthepackettoitsdestination,thedatalinklayerprotocolmusthavethehardwareaddresscodedintothedestinationsystem’snetworkinterfaceadapter.ARPconvertsIPaddressesintohardwareaddressesbybroadcastingrequestpacketscontainingtheIPaddressonthelocalnetworkandwaitingfortheholderofthatIPaddresstorespondwithareplycontainingtheequivalenthardwareaddress.
NOTEARPwasoriginallydevelopedforusewithDIXEthernetnetworks,buthasbeengeneralizedtoallowitsusewithotherdatalinklayerprotocols.
![Page 315: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/315.jpg)
ThebiggestdifferencebetweenIPaddressesandhardwareaddressesisthatIPisresponsibleforthedeliveryofthepackettoitsultimatedestination,whileanEthernetimplementationisconcernedonlywithdeliverytothenextstoponthejourney.Ifthepacket’sdestinationisonthesamenetworksegmentasthesource,theIPprotocolusesARPtoresolvetheIPaddressoftheultimatedestinationintoahardwareaddress.If,however,thedestinationislocatedonanothernetwork,theIPprotocolwillnotuseARPtoresolvetheultimatedestinationaddress(thatis,thedestinationaddressintheIPheader).Instead,itwillpasstheIPaddressofthedefaultgatewaytotheARPprotocolforaddressresolution.
Thisisbecausethedatalinkprotocolheadermustcontainthehardwareaddressofthenextintermediatestopasitsdestination,whichmaywellbearouter.Itisuptothatroutertoforwardthepacketonthenextlegofitsjourney.Thus,inthecourseofasingleinternetworktransmission,manydifferentmachinesmayperformARPresolutionsonthesamepacketwithdifferentresults.
ARPMessageFormatARPmessagesarecarrieddirectlywithindatalinklayerframes,using0806astheEthertypeorSNAPLocalCodevaluetoidentifytheprotocolbeingcarriedinthepacket.ThereisoneformatforalloftheARPmessagetypes,whichisillustratedinFigure13-7.
Figure13-7TheARPmessageformat
ARPTransactionsAnARPtransactionoccurswhentheIPprotocolinaTCP/IPsystemisreadytotransmitadatagramoverthenetwork.ThesystemknowsitsownhardwareandIPaddresses,aswellastheIPaddressofthepacket’sintendeddestination.Allitlacksisthehardwareaddressofthesystemonthelocalnetworkthatistoreceivethepacket.TheARPmessageexchangeproceedsaccordingtothefollowingsteps:
1.ThetransmittingsystemgeneratesanARPRequestpacketcontainingitsownaddressesintheSenderHardwareAddressandSenderProtocolAddressfields.TheTargetProtocolAddresscontainstheIPaddressofthesystemonthelocalnetworkthatistoreceivethedatagram,whiletheTargetHardwareAddressisleftblank.SomeimplementationsinsertabroadcastaddressorothervalueintotheTargetHardwareAddressfieldoftheARPRequestmessage,butthisvalueisignoredbytherecipientbecausethisistheaddresstheprotocolistryingto
![Page 316: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/316.jpg)
ascertain.
2.ThesystemtransmitstheARPRequestmessageasabroadcasttothelocalnetwork,askingineffect,“WhoisusingthisIPaddress,andwhatisyourhardwareaddress?”
3.EachTCP/IPsystemonthelocalnetworkreceivestheARPRequestbroadcastandexaminesthecontentsoftheTargetProtocolAddressfield.Ifthesystemdoesnotusethataddressononeofitsnetworkinterfaces,itsilentlydiscardsthepacket.Ifthesystemdoesusetheaddress,itgeneratesanARPReplymessageinresponse.Thesystemusesthecontentsoftherequestmessage’sSenderHardwareAddressandSenderProtocolAddressfieldsasthevaluesforitsreplymessage’sTargetHardwareAddressandTargetProtocolAddressfields.ThesystemtheninsertsitsownhardwareaddressandIPaddressintotheSenderHardwareAddressandSenderProtocolAddressfields,respectively.
4.ThesystemusingtherequestedIPaddresstransmitsthereplymessageasaunicasttotheoriginalsender.Onreceiptofthereply,thesystemthatinitiatedtheARPexchangeusesthecontentsoftheSenderHardwareAddressfieldastheDestinationAddressforthedatalinklayertransmissionoftheIPdatagram.
ARPCachingBecauseofitsrelianceonbroadcasttransmissions,ARPcangenerateasignificantamountofnetworktraffic.Tolessentheburdenoftheprotocolonthenetwork,TCP/IPsystemscachethehardwareaddressesdiscoveredthroughARPtransactionsinmemoryforadesignatedperiodoftime.Thisway,asystemtransmittingalargestringofdatagramstothesamehostdoesn’thavetogenerateindividualARPrequestsforeachpacket.
Thisisparticularlyhelpfulinaninternetworkenvironmentinwhichsystemsroutinelytransmitthemajorityoftheirpacketstodestinationsonothernetworks.Whenanetworksegmenthasonlyasinglerouter,allIPdatagramsdestinedforothernetworksaresentthroughthatrouter.WhensystemshavethehardwareaddressforthatrouterintheARPcache,theycantransmitthemajorityoftheirdatagramswithoutusingARPbroadcasts.
TheamountoftimethatentriesremainintheARPcachevarieswithdifferentTCP/IPimplementations.Windowssystemspurgeentriesaftertwominuteswhentheyarenotusedtotransmitadditionaldatagrams.
IPTheInternetProtocol(IP),asdefinedinRFC791,istheprimarycarrierprotocolfortheTCP/IPsuite.IPisessentiallytheenvelopethatcarriesthemessagesgeneratedbymostoftheotherTCP/IPprotocols.OperatingatthenetworklayeroftheOSImodel,IPisaconnectionless,unreliableprotocolthatperformsseveralfunctionsthatareacriticalpartofgettingpacketsfromthesourcesystemtothedestination.Amongthesefunctionsarethefollowing:
•AddressingIdentifyingthesystemthatwillbetheultimaterecipientofthepacket
![Page 317: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/317.jpg)
•PackagingEncapsulatingtransportlayerdataindatagramsfortransmissiontothedestination
•FragmentingSplittingdatagramsintosectionssmallenoughfortransmissionoveranetwork
•RoutingDeterminingthepathofthepacketthroughtheinternetworktothedestination
Thefollowingsectionsexaminethesefunctionsinmoredetail.
AddressingIPistheprotocolresponsibleforthedeliveryofTCP/IPpacketstotheirultimatedestination.ItisvitaltounderstandhowthisdiffersfromtheaddressingperformedbyadatalinklayerprotocollikeEthernetorTokenRing.Datalinklayerprotocolsareawareonlyofthemachinesonthelocalnetworksegment.Nomatterwherethepacketfinallyendsup,thedestinationaddressinthedatalinklayerprotocolheaderisalwaysthatofamachineonalocalnetwork.
Iftheultimatedestinationofthepacketisasystemonanothernetworksegment,thedatalinklayerprotocoladdresswillpointtoarouterthatprovidesaccesstothatsegment.Onreceiptofthepacket,therouterstripsoffthedatalinklayerprotocolheaderandgeneratesanewonecontainingtheaddressofthepacket’snextintermediatedestination,calledahop.Thus,throughoutthepacket’sjourney,thedatalinkprotocolheaderwillcontainadifferentdestinationaddressforeachhop.
ThedestinationaddressintheIPheader,however,alwayspointstothefinaldestinationofthepacket,regardlessofthenetworkonwhichit’slocated,anditneverchangesthroughoutthejourney.IPisthefirstprotocolinthestack(workingupfromthebottom)tobeconsciousofthepacket’send-to-endjourneyfromsourcetodestination.Mostoftheprotocol’sfunctionsrevolvearoundthepreparationofthetransportlayerdatafortransmissionacrossmultiplenetworkstothedestination.
PackagingIPisalsoresponsibleforpackagingtransportlayerprotocoldataintostructurescalleddatagramsforitsjourneytothedestination.Duringthejourney,routersapplyanewdatalinklayerprotocolheadertoadatagramforeachhop.Beforereachingitsfinaldestination,apacketmaypassthroughnetworksusingseveraldifferentdatalinklayerprotocols,eachofwhichrequiresadifferentheader.TheIP“envelope,”ontheotherhand,remainsintactthroughouttheentirejourney,exceptforafewbitsthataremodifiedalongtheway,justlikeamailingenvelopeispostmarked.
Asitreceivesdatafromthetransportlayerprotocol,IPpackagesitintodatagramsofasizesuitablefortransmissionoverthelocalnetwork.Adatagram(inmostcases)consistsofa20-byteheaderplusthetransportlayerdata.Figure13-8illustratestheheader.
![Page 318: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/318.jpg)
Figure13-8TheIPheaderformat
Thefunctionsoftheheaderfieldsareasfollows:
•Version,4bitsSpecifiestheversionoftheIPprotocolinuse.Thevalueforthecurrentimplementationis4.
•IHL(InternetHeaderLength),4bitsSpecifiesthelengthoftheIPheader,in32-bitwords.Whentheheadercontainsnooptionalfields,thevalueis5.
•TOS(TypeofService),1byteBits1through3and8areunused.Bits4through7specifytheserviceprioritydesiredforthedatagram,usingthefollowingvalues:
•0000Default
•0001MinimizeMonetaryCost
•0010MaximizeReliability
•0100MaximizeThroughput
•1000MinimizeDelay
•1111MaximizeSecurity
•TotalLength,2bytesSpecifiesthelengthofthedatagram,includingalltheheaderfieldsandthedata.
•Identification,2bytesContainsauniquevalueforeachdatagram,usedbythedestinationsystemtoreassemblefragments.
•Flags,3bitsContainsbitsusedduringthedatagramfragmentationprocess,withthefollowingvalues:
•Bit1Notused.
•Bit2(Don’tFragment)Whensettoavalueof1,preventsthedatagramfrombeingfragmentedbyanysystem.
•Bit3(MoreFragments)Whensettoavalueof0,indicatesthatthelastfragmentofthedatagramhasbeentransmitted.Whensetto1,indicatesthatfragmentsstillawaittransmission.
![Page 319: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/319.jpg)
•FragmentOffset,13bitsSpecifiesthelocation(in8-byteunits)ofthecurrentfragmentinthedatagram.
•TTL(TimetoLive),1byteSpecifiesthenumberofroutersthedatagramshouldbepermittedtopassthroughonitswaytothedestination.Eachrouterthatprocessesthepacketdecrementsthisfieldby1.Oncethevaluereaches0,thepacketisdiscarded,whetherornotithasreachedthedestination.
•Protocol,1byteIdentifiestheprotocolthatgeneratedtheinformationinthedatafield,usingvaluesfoundinthe“AssignedNumbers”RFC(RFC1700)andthePROTOCOLfilefoundoneveryTCP/IPsystem,someofwhichareasfollows:
•1InternetControlMessageProtocol(ICMP)
•2InternetGroupManagementProtocol(IGMP)
•3Gateway-to-GatewayProtocol(GGP)
•6TransmissionControlProtocol(TCP)
•8ExteriorGatewayProtocol(EGP)
•17UserDatagramProtocol(UDP)
•HeaderChecksum,2bytesContainsachecksumvaluecomputerintheIPheaderfieldsonlyforerror-detectionpurposes.
•SourceIPAddress,4bytesSpecifiestheIPaddressofthesystemfromwhichthedatagramoriginated.
•DestinationIPAddress,4bytesSpecifiestheIPaddressofthesystemthatwillbetheultimaterecipientofthedatagram.
•Options(variable)Cancontainanyof16optionsdefinedinthe“AssignedNumbers”RFC,describedlaterinthissection.
•Data(variable,uptotheMTUfortheconnectednetwork)Containsthepayloadofthedatagram,consistingofdatapasseddownfromatransportlayerprotocol.
SystemsusetheIPheaderoptionstocarryadditionalinformation,eithersuppliedbythesenderorgatheredasthepackettravelstothedestination.Eachoptioniscomposedofthefollowingfields:
•OptionType(1byte)Containsavalueidentifyingtheoptionthatconsistsofthefollowingthreesubfields:
•CopyFlag(1bit)Whensettoavalueof1,indicatestheoptionshouldbecopiedtoeachofthefragmentsthatcomprisethedatagram.
•OptionClass(2bits)Containsacodethatidentifiestheoption’sbasicfunction,usingthefollowingvalues:
•0Control
•2Debuggingandmeasurement
![Page 320: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/320.jpg)
•OptionNumber(5bits)Containsauniqueidentifierfortheoption,asspecifiedinthe“AssignedNumbers”RFC.
•OptionLength(1byte)Specifiesthetotallengthoftheoption,includingtheOptionType,OptionLength,andOptionDatafields.
•OptionData(OptionLengthminus2)Containstheoption-specificinformationbeingcarriedtothedestination.
Table13-5listssomeoftheoptionssystemscaninsertintoIPdatagrams,thevaluesfortheoptionsubfields,andtheRFCsthatdefinetheoption’sfunction.Thefunctionsoftheoptionsareasfollows:
•EndofOptionsListConsistingonlyofanOptionTypefieldwiththevalue0,thisoptionmarkstheendofalltheoptionsinanIPheader.
•NoOperationConsistingonlyofanOptionTypefield,systemscanusethisoptiontopadoutthespacebetweentwootheroptions,toforcethefollowingoptiontobeginattheboundarybetween32-bitwords.
•LooseSourceRouteandStrictSourceRouteSystemsusetheLooseSourceRouteandStrictSourceRouteoptionstocarrytheIPaddressesofroutersthedatagrammustpassthroughonitswaytothedestination.WhenasystemusestheLooseSourceRouteoption,thedatagramcanpassthroughotherroutersinadditiontothoselistedintheoption.TheStrictSourceRouteoptiondefinestheentirepathofthedatagramfromthesourcetothedestination.
•TimeStampThisoptionisdesignedtoholdtimestampsgeneratedbyoneormoresystemsprocessingthepacketasittravelstoitsdestination.ThesendingsystemmaysupplytheIPaddressesofthesystemsthataretoaddtimestampstotheheader,enablethesystemstosavetheirIPaddressestotheheaderalongwiththetimestamps,oromittheIPaddressesofthetime-stampingsystemsentirely.Thesizeoftheoptionisvariabletoaccommodatemultipletimestamps,butmustbespecifiedwhenthesendercreatesthedatagramandcannotbeenlargedenroutetothedestination.
•RecordRouteThisoptionprovidesthereceivingsystemwitharecordofalltheroutersthroughwhichthedatagramhaspassedduringitsjourneytothedestination.Eachrouteraddsitsaddresstotheoptionasitprocessesthepacket.
Table13-5IPHeaderOptions
FragmentingThesizeoftheIPdatagramsusedtotransmitthetransportlayerdatadependsonthedatalinklayerprotocolinuse.Ethernetnetworks,forexample,cancarrydatagramsupto
![Page 321: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/321.jpg)
1,500bytesinsize,whileTokenRingnetworkstypicallysupportpacketsaslargeas4,500bytes.Thesystemtransmittingthedatagramusesthemaximumtransferunit(MTU)oftheconnectednetwork,thatis,thelargestpossibleframethatcanbetransmittedusingthatdatalinklayerprotocol,asonefactorindetermininghowlargeeachdatagramshouldbe.
Duringthecourseofitsjourneyfromthesourcetothedestination,packetsmayencounternetworkswithdifferentMTUs.AslongastheMTUofeachnetworkislargerthanthepacket,thedatagramistransmittedwithoutaproblem.IfapacketislargerthantheMTUofanetwork,however,itcannotbetransmittedinitscurrentform.Whenthisoccurs,theIPprotocolintherouterprovidingaccesstothenetworkisresponsibleforsplittingthedatagramintofragmentssmallerthantheMTU.TherouterthentransmitseachfragmentinaseparatepacketwithitsownIPheader.
Dependingonthenumberandnatureofthenetworksitpassesthrough,adatagrammaybefragmentedmorethanoncebeforeitreachesthedestination.Asystemmightsplitadatagramintofragmentsthatarethemselvestoolargefornetworksfurtheralonginthepath.Anotherrouter,therefore,splitsthefragmentsintostillsmallerfragments.Reassemblyofafragmenteddatagramtakesplaceonlyatthedestinationsystemafterithasreceivedallofthepacketscontainingthefragments,notattheintermediaterouters.
NOTETechnicallyspeaking,thedatagramisdefinedastheunitofdata,packagedbythesourcesystem,containingaspecificvalueontheIPheader’sIdentificationfield.Whenarouterfragmentsadatagram,itusesthesameIdentificationvalueforeachnewpacketitcreates,meaningtheindividualfragmentsarecollectivelyknownasadatagram.Referringtoasinglefragmentasadatagramisincorrectuseoftheterm.
Whenarouterreceivesadatagramthatmustbefragmented,itcreatesaseriesofnewpacketsusingthesamevaluefortheIPheader’sIdentificationfieldastheoriginaldatagram.Theotherfieldsoftheheaderarethesameaswell,withthreeimportantexceptions,whichareasfollows:
•ThevalueoftheTotalLengthfieldischangedtoreflectthesizeofthefragment,insteadofthesizeoftheentiredatagram.
•Bit3oftheFlagsfield,theMoreFragmentsbit,ischangedtoavalueof1toindicatethatfurtherfragmentsaretobetransmitted,exceptinthecaseofthedatagram’slastfragment,inwhichthisbitissettoavalueof0.
•ThevalueoftheFragmentOffsetfieldischangedtoreflecteachfragment’splaceinthedatagram,basedonthesizeofthefragments(whichis,inturn,basedontheMTUofthenetworkacrosswhichthefragmentsaretobetransmitted).Thevalueforthefirstfragmentis0;thenextisincrementedbythesizeofthefragment,inbytes.
ThesechangestotheIPheaderareneededforthefragmentstobeproperlyreassembledbythedestinationsystem.TheroutertransmitsthefragmentslikeanyotherIPpackets,andbecauseIPisaconnectionlessprotocol,theindividualfragmentsmaytakedifferentroutestothedestinationandarriveinadifferentorder.Thereceivingsystemuses
![Page 322: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/322.jpg)
theMoreFragmentsbittodeterminewhenitshouldbeginthereassemblyprocessandusestheFragmentOffsetfieldtoassemblethefragmentsintheproperorder.
SelectingthesizeofthefragmentsisleftuptoindividualIPimplementations.Typically,thesizeofeachfragmentistheMTUofthenetworkoverwhichitmustbetransmitted,minusthesizeofthedatalinkandIPprotocolheaders,androundeddowntothenearest8bytes.Somesystems,however,automaticallycreate576-bytefragmentsbecausethisisthedefaultpathMTUusedbymanyrouters.
Fragmentationisnotdesirable,butitisanecessaryevil.Obviously,becausefragmentingadatagramcreatesmanypacketsoutofonepacket,itincreasesthecontroloverheadincurredbythetransmissionprocess.Also,ifonefragmentofadatagramislostordamaged,theentiredatagrammustberetransmitted.Nomeansofreproducingandretransmittingasinglefragmentexistsbecausethesourcesystemhasnoknowledgeofthefragmentationperformedbytheintermediaterouters.TheIPimplementationonthedestinationsystemdoesnotpasstheincomingdatauptothetransportlayeruntilallthefragmentshavearrivedandbeenreassembled.Thetransportlayerprotocolmustthereforedetectthemissingdataandarrangefortheretransmissionofthedatagram.
RoutingBecausetheIPprotocolisresponsibleforthetransmissionofpacketstotheirfinaldestinations,IPdeterminestheroutethepacketswilltake.Apacket’srouteisthepathittakesfromoneendsystem,thesource,toanotherendsystem,thedestination.Theroutersthepacketpassesthroughduringthetriparecalledintermediatesystems.Thefundamentaldifferencebetweenendsystemsandintermediatesystemsishowhighthepacketdatareachesintheprotocolstack.
Onthesourcecomputer,arequestforaccesstoanetworkresourcebeginsattheapplicationlayerandwendsitswaydownthroughthelayersoftheprotocolstack,eventuallyarrivingatthephysicallayerencapsulatedinapacket,readyfortransmission.Whenitreachesthedestination,thereverseoccurs,andthepacketispassedupthestacktotheapplicationlayer.Onendsystems,therefore,theentireprotocolstackparticipatesintheprocessingofthedata.Onintermediatesystems,suchasrouters,thedataarrivingoverthenetworkispassedonlyashighasthenetworklayerprotocol,which,inthiscase,isIP(seeFigure13-9).
![Page 323: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/323.jpg)
Figure13-9Packetspassingthroughrouterstravelnohigherthanthenetworklayeroftheprotocolstack.
IPstripsoffthedatalinklayerprotocolheaderand,afterdeterminingwhereitshouldsendthepacketnext,preparesitforpackaginginadatalinklayerprotocolframesuitablefortheoutgoingnetwork.ThismayinvolveusingARPtoresolvetheIPaddressofthepacket’snextstopintoahardwareaddressandthenfurnishingthataddresstothedatalinklayerprotocol.
Routingisaprocessthatoccursonehopofapacket’sjourneyatatime.Thesourcesystemtransmitsthepackettoitsdefaultgateway(router),andtherouterdetermineswheretosendthepacketnext.Ifthefinaldestinationisonanetworksegmenttowhichtherouterisattached,itsendsthepacketthere.Ifthedestinationisonanothernetwork,therouterdetermineswhichoftheotherroutersitshouldsendthepackettoinorderforittoreachitsdestinationmostefficiently.Thus,thenextdestinationforthepacket,identifiedbythedestinationaddressinthedatalinklayerprotocol,maynotbethesamesystemasthatspecifiedintheIPheader’sDestinationIPAddressfield.
Eventually,oneoftherouterswillhaveaccesstothenetworkonwhichthepacket’sfinaldestinationsystemislocatedandwillbeabletosenditdirectlytothatmachine.Usingthismethod,theroutingprocessisdistributedamongthenetwork’srouters.Noneofthecomputersinvolvedintheprocesshascompleteknowledgeofthepacket’sroute
![Page 324: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/324.jpg)
throughthenetworkatanytime.ThisdistributionoflabormakeshugenetworksliketheInternetpossible.NopracticalmethodexistsforasinglesystemtodetermineaviablepaththroughthemanythousandsofroutersontheInternettoaspecificdestinationforeachpacket.
Themostcomplexpartoftheroutingprocessisthemannerinwhichtherouterdetermineswheretosendeachpacketnext.Routershavedirectknowledgeonlyofthenetworksegmentstowhichtheyareconnected.Theyhavenomeansofunilaterallydeterminingthebestroutetoaparticulardestination.Inmostcases,routersgainknowledgeaboutothernetworksbycommunicatingwithotherroutersusingspecializedprotocolsdesignedforthispurpose,suchastheRoutingInformationProtocol(RIP).Eachrouterpassesinformationaboutitselftotheotherroutersonthenetworkstowhichitisconnected,thoseroutersupdatetheirneighboringrouters,andsoon.
Regularupdatesfromtheneighboringroutersenableeachsystemtokeepupwithchangingconditionsonthenetwork.Ifaroutershouldgodown,forexample,itsneighborswilldetectitsabsenceandspreadthewordthattherouterisunavailable.Theotherrouterswilladjusttheirbehaviorasneededtoensurethattheirpacketsarenotsentdownadead-endstreet.
Routingprotocolsenableeachroutertocompileatableofnetworkswiththeinformationneededtosendpacketstothatnetwork.Essentially,thetablesays“sendtraffictonetworkx;useinterfacey”whereyisoneoftherouter’sownnetworkinterfaces.Administratorscanalsomanuallyconfigureroutesthroughthenetwork.Thisiscalledstaticrouting,asopposedtoprotocol-basedconfiguration,whichiscalleddynamicrouting.
Oncomplexnetworks,theremaybeseveralviableroutesfromasourcetoaparticulardestination.Routerscontinuallyratethepossiblepathsthroughthenetwork,sotheycanselecttheshortest,fastest,oreasiestrouteforapacket.
![Page 325: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/325.jpg)
CHAPTER
![Page 326: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/326.jpg)
14 OtherTCP/IPProtocols
WhileInternetProtocolversion4(IPv4)hasbeenthemostcommonlyused,therearemanyotherpartsoftheTransmissionControlProtocol/InternetProtocol(TCP/IP)suiteofprotocols.ThischapterdiscussesotherpartsoftheTCP/IPfamilyaswellasothergroupsorprotocolsuitesencounteredintoday’snetworks.
IPv6AsmentionedinChapter13,nooneinvolvedintheoriginaldesignandimplementationoftheInternetcouldhavepredicteditsexplosivegrowth.TheTCP/IPprotocolsheldupremarkablywelloverthedecades,provingthatthescalabilityfeaturesincorporatedintothemwerewelldesigned.However,thesinglebiggestproblemwiththeuseoftheseprotocolsistherapidconsumptionoftheaddressspaceprovidedbyIPv4,thecurrentversion.ThelastblockofIPv4addresseswereallottedbytheInternetAssignedNumbersAuthority(IANA)inFebruary2011,sothefreepoolofIPv4addressesisnowgone.
IPaddressesarenolongerbeingusedonlybycomputers;cellularphones,tablets,globalpositioningsystems,andothermobiledevicesneedtheseaddressesaswell.Anticipatingtheeventualdepletionofthe32-bitaddressspace,workcommencedonanupgradedversionofIPin1998,whichhasresultedinseveraldozenrequestsforcomments(RFCs),includingRFC2460,“InternetProtocol,Version6(IPv6)Specification.”IPv6doesnotreplaceIPv4,whichisstillusedinmanyapplications.ThisversionenhancesandsolvessomeoftheinherentissuesinIPv4.
TheprimaryimprovementinIPv6istheexpansionoftheaddressspacefrom32to128bits.Forthenearfuture,thisshouldprovideasufficientnumberofIPaddressesforalldevicesthatcanmakeuseofthem(whichisprobablywhatthedesignersofIPv4saidwhentheydecidedtouse32-bitaddresses).Inadditiontotheexpandedaddressspace,IPv6includesthefollowingenhancements:
•SimplifiedheaderformatIPv6removesextraneousfieldsfromtheprotocolheaderandmakesotherfieldsoptionaltoreducethenetworktrafficoverheadgeneratedbytheprotocol.
•HeaderextensionsIPv6introducestheconceptofextensionheaders,whichareseparate,optionalheaderslocatedbetweentheIPheaderanditspayload.Theextensionheaderscontaininformationthatisusedonlybytheendsystemthatisthepacket’sfinaldestination.Bymovingthemintoextensionheaders,theintermediatesystemsdon’thavetoexpendthetimeandprocessorclockcyclesneededtoprocessthem.
•FlowlabelingIPv6enablesapplicationstoapplya“flowlabel”tospecificpacketsinordertorequestanonstandardqualityofservice.Thisisintendedtoenableapplicationsthatrequirereal-timecommunications,suchasstreamingaudioandvideo,torequestpriorityaccesstothenetworkbandwidth.
![Page 327: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/327.jpg)
•SecurityextensionsIPv6includesextensionsthatsupportauthentication,dataintegrity,anddataconfidentiality.
IPv6requiresanumberoffundamentalchangestothehardwareandsoftwarethatmakeupthenetworkinfrastructure,apartfromjusttheadaptationto128-bitaddresses.Forexample,theoperatingsystemsandapplicationsthatuseIPv6mustalsoincludetheIPv6versionofICMP,definedinRFC2463.Also,networksthatuseIPv6mustsupportamaximumtransferunitvalueofatleast1,280bytes.IssueslikethesecomplicatedtheprocessoftransitioningtheInternetfromIPv4toIPv6.RFC1933definedmechanismsdesignedtofacilitatethetransitionprocess,suchassupportforbothIPv4andIPv6layersinthesamesystemandthetunnelingofIPv6datagramswithinIPv4datagrams,enablingtheexistingIPv4routinginfrastructuretocarryIPv6information.Thesearesomeofthedifferences:
•LargeraddressspaceThe128-bitaddressesinIPv6allowjustover340trilliontrilliontrillionaddresses.
•DatagramformatThepacketheaderinIPv6enablesmoresecureandefficientrouting.
•ImprovedreassemblyThemaximumtransmissionunit(MTU)is1,280bytesinIPv6.
•BetterconnectivityUnderIPv6,everysystemhasauniqueIPaddressandcanmovethroughtheInternetwithoutany“translators.”Onceitisfullyimplemented,eachhostcanreacheveryotherhostdirectly.However,firewallsandnetworkpoliciesdocreatesomelimitationsonthisconnectivity.
IPv6AddressesAccordingtoRFC4291,“IPVersion6AddressingArchitecture,”therearethreetypesofidentifiersforIPv6addresses:
•AnycastWhenusingananycastaddress,apacketisdeliveredtooneoftheinterfacesidentifiedbythataddress.
•MulticastPacketssenttoamulticastaddressinIPv6aredeliveredtoallinterfacesidentifiedbythataddress.ThisisthesameasIPv4.
•UnicastPacketssenttoaunicastaddressaredeliveredonlytothataddress.
UnicastAddressTypesTherearethreetypesofunicastaddressesinIPv6:linklocal,uniquelocal,andglobalunicast.Eachhasitsownconfiguration.
Link-LocalAddressInthisconfiguration,theautoconfiguredIPv6startswithFE80,asshownhere:
1111111010000000(FE80inhexadecimal)
withthenext48bitssetto0.
TheseaddressesareusedbetweenIPv6hostsonabroadcastsegmentonlyandarenot
![Page 328: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/328.jpg)
routable.Thus,arouterneverforwardstheaddressoutsidethelink.
Unique-LocalAddressThistypeshouldbeusedonlyforlocalcommunication,eventhoughitisgloballyunique.Theaddressisdividedbetweenprefix(1111110),localbit(1bitonly),globalID(40bits),subnetID(16bits),andinterfaceID(64bits).Theprefixisalwayssetto1111110(asshown),withthelocalbitsetto1iftheaddressislocallyassigned.Atthistime,thelocalbithasnotyetbeendefined.
GlobalUnicastAddressEssentially,thisisIPv4’spublicaddress.InIPv6,theseaddressesaregloballyidentifiableanduniquelyaddressable.Themostsignificant48bitsaredesignatedastheglobalroutingprefix,andthe3mostsignificantbitsoftheprefixarealwayssetto001,asshowninTable14-1.
Table14-1TheGlobalUnicastAddressinIPv6
IPv6AddressStructureAllIPv6addressesarefourtimeslonger(128bitsinsteadof32bits)thanIPv4addresses.AsdiscussedinChapter13,anIPv4addresscontainsfouroctetsandhasadecimalvaluebetween0and255.Aperiodseparateseachoftheoctets.IPv4addressmustincludefouroctets.
NormalIPv6AddressesIPv6addresseshaveaformatthatlookslikethis:
y:y:y:y:y:y:y:y.
Inthisformat,eachyiscalledasegmentandcanbeanyhexadecimalvaluebetween0andFFFF.NormalIPv6addressesrequireeightsegments.
DualIPv6AddressesThedualIPv6addresscombinesbothanIPv6andanIPv4addressandlookslikethis:
y:y:y:y:y:y:x.x.x.x.
TheIPv6portionisalwaysfirst,andthesegmentsareseparatedbycolonsinsteadofperiods.Itmusthavesixsegments.TheIPv4portionmustcontainthreeperiodsandfouroctets.
OtherProtocolsThereareothertypesofnetworkprotocols,someofwhicharediscussedhere.SeeChapters15and16foradditionalinformation.
ICMPTheInternetControlMessageProtocol(ICMP)isanetworklayerprotocolthatdoesnot
![Page 329: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/329.jpg)
carryuserdata,althoughitsmessagesareencapsulatedinIPdatagrams.ICMPfillstworolesintheTCP/IPsuite.Itprovideserror-reportingfunctions,informingthesendingsystemwhenatransmissioncannotreachitsdestination,forexample,anditcarriesqueryandresponsemessagesfordiagnosticprograms.Thepingutility,forinstance,whichisincludedineveryTCP/IPimplementation,usesICMPechomessagestodeterminewhetheranothersystemonthenetworkcanreceiveandsenddata.
TheICMPprotocol,asdefinedinRFC792,consistsofmessagescarriedinIPdatagrams,withavalueof1intheIPheader’sProtocolfieldand0intheTypeofServicefield.Figure14-1illustratestheICMPmessageformat.
Figure14-1TheICMPmessageformat
TheICMPmessageformatconsistsofthefollowingfields:
•Type(1byte)Containsacodeidentifyingthebasicfunctionofthemessage
•Code(1byte)Containsasecondarycodeidentifyingthefunctionofthemessagewithinaspecifictype
•Checksum(2bytes)ContainstheresultsofachecksumcomputationontheentireICMPmessage,includingtheType,Code,Checksum,andDatafields(withavalueof0intheChecksumfieldforcomputationpurposes)
•Data(variable)Containsinformationspecifictothefunctionofthemessage
TheICMPmessagetypesarelistedinTable14-2.
![Page 330: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/330.jpg)
Table14-2ICMPMessageTypes
ICMPErrorMessagesBecauseofthewayTCP/IPnetworksdistributeroutingchoresamongvarioussystems,thereisnowayforeitheroftheendsystemsinvolvedinatransmissiontoknowwhathashappenedduringapacket’sjourney.IPisaconnectionlessprotocol,sonoacknowledgmentmessagesarereturnedtothesenderatthatlevel.Whenusingaconnection-orientedprotocolatthetransportlayer,likeTCP,thedestinationsystem
![Page 331: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/331.jpg)
acknowledgestransmissions,butonlyforthepacketsitreceives.Ifsomethinghappensduringthetransmissionprocessthatpreventsthepacketfromreachingthedestination,thereisnowayforIPorTCPtoinformthesenderaboutwhathappened.
ICMPerrormessagesaredesignedtofillthisvoid.Whenanintermediatesystem,suchasarouter,hastroubleprocessingapacket,theroutertypicallydiscardsthepacket,leavingtheupper-layerprotocolstodetectthepacket’sabsenceandarrangeforaretransmission.ICMPmessagesenabletheroutertoinformthesenderoftheexactnatureoftheproblem.DestinationsystemscanalsogenerateICMPmessageswhenapacketarrivessuccessfullybutcannotbeprocessed.
TheDatafieldofanICMPerrormessagealwayscontainstheIPheaderofthedatagramthesystemcouldnotprocess,plusthefirst8bytesofthedatagram’sownDatafield.Inmostcases,these8bytescontainaUDPheaderorthebeginningofaTCPheader,includingthesourceanddestinationportsandthesequencenumber(inthecaseofTCP).Thisenablesthesystemreceivingtheerrormessagetoisolatetheexacttimetheerroroccurredandthetransmissionthatcausedit.
However,ICMPerrormessagesareinformationalonly.Thesystemreceivingthemdoesnotrespondnordoesitnecessarilytakeanyactiontocorrectthesituation.Theuseroradministratormayhavetoaddresstheproblemthatiscausingthefailure.
Ingeneral,allTCP/IPsystemsarefreetotransmitICMPerrormessages,exceptincertainspecificsituations.TheseexceptionsareintendedtopreventICMPfromgeneratingtoomuchtrafficonthenetworkbytransmittinglargenumbersofidenticalmessages.Theseexceptionalsituationsareasfollows:
•TCP/IPsystemsdonotgenerateICMPerrormessagesinresponsetootherICMPerrormessages.Withoutthisexception,itwouldbepossiblefortwosystemstobounceerrormessagesbackandforthbetweenthemendlessly.SystemscangenerateICMPerrorsinresponsetoICMPqueries,however.
•Inthecaseofafragmenteddatagram,asystemgeneratesanICMPerrormessageonlyforthefirstfragment.
•TCP/IPsystemsnevergenerateICMPerrormessagesinresponsetobroadcastormulticasttransmissions,transmissionswithasourceIPaddressof0.0.0.0,ortransmissionsaddressedtotheloopbackaddress.
ThefollowingsectionsexaminethemostcommontypesofICMPerrormessagesandtheirfunctions.
DestinationUnreachableMessagesDestinationunreachablemessageshaveavalueof3intheICMPTypefieldandanyoneof13valuesintheCodefield.Asthenameimplies,thesemessagesindicatethatapacketortheinformationinapacketcouldnotbetransmittedtoitsdestination.Thevariousmessagesspecifyexactlywhichcomponentwasunreachableand,insomecases,why.Thistypeofmessagecanbegeneratedbyarouterwhenitcannotforwardapackettoacertainnetworkortothedestinationsystemononeoftherouter’sconnectednetworks.Destinationsystemsthemselvescanalsogeneratethesemessageswhentheycannotdeliverthecontentsofthepackettoaspecificprotocolorhost.
![Page 332: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/332.jpg)
Inmostcases,theerrorisaresultofsometypeoffailure,eithertemporaryorpermanent,inacomputerorthenetworkmedium.TheseerrorscouldalsopossiblyoccurasaresultofIPoptionsthatpreventthetransmissionofthepacket,suchaswhendatagramsmustbefragmentedfortransmissionoveraspecificnetworkandtheDon’tFragmentflagintheIPheaderisset.
SourceQuenchMessagesThesourcequenchmessage,withaTypevalueof4andaCodevalueof0,functionsasanelementaryformofflowcontrolbyinformingatransmittingsystemthatitissendingpacketstoofast.Whenthereceiver’sbuffersareindangerofbeingoverfilled,thesystemcantransmitasourcequenchmessagetothesender,whichslowsdownitstransmissionrateasaresult.Thesendershouldcontinuetoreducetherateuntilitisnolongerreceivingthemessagesfromthereceiver.
Thisisabasicformofflowcontrolthatisreasonablyeffectiveforusebetweensystemsonthesamenetworkbutthatgeneratestoomuchadditionaltrafficonroutednetworks.Inmostcases,thisisunnecessarybecauseTCPprovidesitsownflow-controlmechanismoveradditionaltrafficoninternetworks.
RedirectMessagesRedirectmessagesaregeneratedonlybyrouterstoinformhostsorotherroutersofbetterroutestoaparticulardestination.
BecausehavingthehostsendthepacketsintendedforthatdestinationdirectlytoRouter2wouldbemoreefficient,Router1sendsaredirectdatagramfortheNetworkmessage(Type5,Code0)tothetransmittinghostafteritforwardstheoriginalpackettoRouter2.TheredirectmessagecontainstheusualIPheaderandpartialdatainformation,aswellastheIPaddressoftherouterthehostshoulduseforitsfuturetransmissionstothatnetwork.
Inthisexample,theredirectmessageindicatesthatthehostshouldusetheotherrouterforthepacketsitwilltransmittoallhostsonNetworkBinthefuture.Theotherredirectmessages(withCodes1through3)enabletheroutertospecifyanalternativerouterfortransmissionstothespecifichost,tothespecifichostwiththesameTypeofServicevalue,andtotheentirenetworkwiththesameTypeofServicevalue.
TimeExceededMessagesTimeexceededmessagesareusedtoinformatransmittingsystemthatapackethasbeendiscardedbecauseatimeouthaselapsed.TheTimetoLiveExceededinTransitmessage(Type11,Code0)indicatesthattheTime-to-Livevalueinapacket’sIPheaderhasreachedzerobeforearrivingatthedestination,forcingtheroutertodiscardit.
ThismessageenablestheTCP/IPtracerouteprogramtodisplaytheroutethroughthenetworkthatpacketstaketoagivendestination.BytransmittingaseriesofpacketswithincrementedvaluesintheTime-to-Livefield,eachsuccessiverouteronthepathtothedestinationdiscardsapacketandreturnsanICMPtimeexceededmessagetothesource.
TheFragmentReassemblyTimeExceededmessage(Code1)indicatesthatadestinationsystemhasnotreceivedallthefragmentsofaspecificdatagramwithinthetimelimitspecifiedbythehost.Asaresult,thesystemmustdiscardallthefragmentsithasreceivedandreturntheerrormessagetothesender.
ICMPQueryMessages
![Page 333: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/333.jpg)
ICMPquerymessagesarenotgeneratedinresponsetootheractivities,asaretheerrormessages.Systemsusethemforself-containedrequest/replytransactionsinwhichonecomputerrequestsinformationfromanother,whichrespondswithareplycontainingthatinformation.
BecausetheyarenotassociatedwithotherIPtransmissions,ICMPqueriesdonotcontaindatagraminformationintheirDatafields.Thedatatheydocarryisspecifictothefunctionofthemessage.ThefollowingsectionsexaminesomeofthemorecommonICMPquerymessagesandtheirfunctions.
EchoRequestsandRepliesEchoRequestandEchoReplymessagesarethebasisfortheTCP/IPpingutility,whichsendstestmessagestoanotherhostonthenetworktodeterminewhetheritiscapableofreceivingandrespondingtomessages.EachpingconsistsofanICMPEchoRequestmessage(Type8,Code0)that,inadditiontothestandardICMPType,Code,andChecksumfields,addsIdentifierandSequenceNumberfieldsthatthesystemsusetoassociaterequestsandreplies.
Ifthesystemreceivingthemessageisfunctioningnormally,itreversestheSourceandDestinationIPAddressfieldsintheIPheader,changesthevalueoftheICMPTypefieldto0(EchoReply),andrecomputesthechecksumbeforetransmittingitbacktothesender.
RouterSolicitationsandAdvertisementsThesemessagesmakeitpossibleforahostsystemtodiscovertheaddressesoftheroutersconnectedtothelocalnetwork.Systemscanusethisinformationtoconfigurethedefaultgatewayentryintheirroutingtables.WhenahostbroadcastsormulticastsaRouterSolicitationmessage(Type10,Code0),theroutersonthenetworkrespondwithRouterAdvertisementmessages(Type9,Code0).Routerscontinuetoadvertisetheiravailabilityatregularintervals(typicallyseventotenminutes).Ahostmaystopusingarouterasitsdefaultgatewayifitfailstoreceivecontinuedadvertisements.
TheRouterSolicitationmessageconsistsonlyofthestandardType,Code,andChecksumfields,plusa4-bytepadintheDatafield.Figure14-2showstheRouterAdvertisementmessageformat.
Figure14-2TheRouterAdvertisementmessageformat
TheRouterAdvertisementmessageformatcontainsthefollowingadditionalfields:
•NumberofAddresses(1byte)Specifiesthenumberofrouteraddressescontainedinthemessage.Theformatcansupportmultipleaddresses,eachofwhichwillhaveitsownRouterAddressandPreferenceLevelfields.
•AddressEntrySize(1byte)Specifiesthenumberof4-bytewordsdevotedtoeachaddressinthemessage.Thevalueisalways2.
![Page 334: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/334.jpg)
•Lifetime(2bytes)Specifiesthetime,inseconds,thatcanelapsebetweenadvertisementsbeforeasystemassumesarouterisnolongerfunctioning.Thedefaultvalueisusually1,800seconds(30minutes).
•RouterAddress(4bytes)SpecifiestheIPaddressoftheroutergeneratingtheadvertisementmessage.
•PreferenceLevel(4bytes)Containsavaluespecifiedbythenetworkadministratorthathostsystemscanusetoselectonerouteroveranother.
UDPTwoTCP/IPprotocolsoperateatthetransportlayer:TCPandUDP.TheUserDatagramProtocol(UDP),definedinRFC768,isaconnectionless,unreliableprotocolthatprovidesminimaltransportservicetoapplicationlayerprotocolswithaminimumofcontroloverhead.Thus,UDPprovidesnopacketacknowledgmentorflow-controlserviceslikeTCP,althoughitdoesprovideend-to-endchecksumverificationonthecontentsofthepacket.
Althoughitprovidesaminimumofservicesofitsown,UDPdoesfunctionasapass-throughprotocol,meaningthatitprovidesapplicationswithaccesstonetworklayerservices,andviceversa.If,forexample,adatagramcontainingUDPdatacannotbedeliveredtothedestinationandarouterreturnsanICMPDestinationUnreachablemessage,UDPalwayspassestheICMPmessageinformationupfromthenetworklayertotheapplicationthatgeneratedtheinformationintheoriginaldatagram.UDPalsopassesalonganyoptionalinformationincludedinIPdatagramstotheapplicationlayerand,intheoppositedirection,informationfromapplicationsthatIPwilluseasvaluesfortheTime-to-LiveandTypeofServiceheaderfields.
ThenatureoftheUDPprotocolmakesitsuitableonlyforbrieftransactionsinwhichallthedatatobesenttothedestinationfitsintoasingledatagram.ThisisbecausenomechanismexistsinUDPforsplittingadatastreamintosegmentsandreassemblingthem,asinTCP.ThisdoesnotmeanthatthedatagramcannotbefragmentedbyIPinthecourseoftransmission,however.Thisprocessisinvisibletothetransportlayerbecausethereceivingsystemreassemblesthefragmentsbeforepassingthedatagramupthestack.
Inaddition,becausenopacketacknowledgmentexistsinUDP,itismostoftenusedforclient-servertransactionsinwhichtheclienttransmitsarequestandtheserver’sreplymessageservesasanacknowledgment.Ifasystemsendsarequestandnoreplyisforthcoming,thesystemassumesthedestinationsystemdidnotreceivethemessageandretransmits.ItismostlyTCP/IPsupportserviceslikeDNSandDHCP,servicesthatdon’tcarryactualuserdata,thatusethistypeoftransaction.ApplicationssuchasDHCPalsouseUDPwhentheyhavetosendbroadcastormulticasttransmissions.BecausetheTCPprotocolrequirestwosystemstoestablishaconnectionbeforetheytransmituserdata,itdoesnotsupportbroadcastsandmulticasts.
TheheaderforUDPmessages(sometimesconfusinglycalleddatagrams,likeIPmessages)issmall,only8bytes,asopposedtothe20bytesoftheTCPheader.Figure14-3illustratestheformat.
![Page 335: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/335.jpg)
Figure14-3TheUDPmessageformat
Thefunctionsofthefieldsareasfollows:
•SourcePortNumber(2bytes)IdentifiestheportnumberoftheprocessinthetransmittingsystemthatgeneratedthedatacarriedintheUDPdatagram.Insomecases,thismaybeanephemeralportnumberselectedbytheclientforthistransaction.
•DestinationPortNumber(2bytes)IdentifiestheportnumberoftheprocessonthedestinationsystemthatwillreceivethedatacarriedintheUDPdatagram.Well-knownportnumbersarelistedinthe“AssignedNumbers”RFCandintheServicesfileoneveryTCP/IPsystem.
•UDPLength(2bytes)SpecifiesthelengthoftheentireUDPmessage,includingtheHeaderandDatafields,inbytes.
•UDPChecksum(2bytes)ContainstheresultsofachecksumcomputationcomputedfromtheUDPheaderanddata,alongwithapseudo-headercomposedoftheIPheader’sSourceIPAddress,DestinationIPAddress,andProtocolfields,plustheUDPLengthfield.Thispseudo-headerenablestheUDPprotocolatthereceivingsystemtoverifythatthemessagehasbeendeliveredtothecorrectprotocolonthecorrectdestinationsystem.
•Data(variable,upto65,507bytes)Containstheinformationsuppliedbytheapplicationlayerprotocol.
TCPTheTransmissionControlProtocolistheconnection-oriented,reliablealternativetoUDP,whichaccountsforthemajorityoftheuserdatatransmittedacrossaTCP/IPnetwork,aswellasgivingtheprotocolsuiteitsname.TCP,asdefinedinRFC793,providesapplicationswithafullrangeoftransportservices,includingpacketacknowledgment,errordetectionandcorrection,andflowcontrol.
TCPisintendedforthetransferofrelativelylargeamountsofdatathatwillnotfitintoasinglepacket.Thedataoftentakestheformofcompletefilesthatmustbesplitupintomultipledatagramsfortransmission.InTCPterminology,thedatasuppliedtothetransportlayerisreferredtoasasequence,andtheprotocolsplitsthesequenceintosegmentsfortransmissionacrossthenetwork.AswithUDP,however,thesegmentsarepackagedinIPdatagramsthatmayenduptakingdifferentroutestothedestination.TCP,therefore,assignssequencenumberstothesegmentssothereceivingsystemcan
![Page 336: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/336.jpg)
reassembletheminthecorrectorder.
BeforeanytransferofuserdatabeginsusingTCP,thetwosystemsexchangemessagestoestablishaconnection.Thisensuresthatthereceiverisoperatingandcapableofreceivingdata.Oncetheconnectionisestablishedanddatatransferbegins,thereceivingsystemgeneratesperiodicacknowledgmentmessages.Thesemessagesinformthesenderoflostpacketsandalsoprovidetheinformationusedtocontroltherateofflowtothereceiver.
TheTCPHeaderToprovidetheseservices,theheaderappliedtoTCPsegmentsisnecessarilylargerthanthatforUDP.At20bytes(withoutoptions),it’sthesamesizeastheIPheader.
Thefunctionsofthefieldsareasfollows:
•SourcePort(2bytes)IdentifiestheportnumberoftheprocessinthetransmittingsystemthatgeneratedthedatacarriedintheTCPsegments.Insomecases,thismaybeanephemeralportnumberselectedbytheclientforthistransaction.
•DestinationPort(2bytes)IdentifiestheportnumberoftheprocessonthedestinationsystemthatwillreceivethedatacarriedintheTCPsegments.Well-knownportnumbersarelistedinthe“AssignedNumbers”RFCandintheServicesfileoneveryTCP/IPsystem.
•SequenceNumber(4bytes)Specifiesthelocationofthedatainthissegmentinrelationtotheentiredatasequence.
•AcknowledgmentNumber(4bytes)Specifiesthesequencenumberofthenextsegmentthattheacknowledgingsystemexpectstoreceivefromthesender.ThisisactiveonlywhentheACKbitisset.
•DataOffset(4bits)Specifiesthelength,in4-bytewords,oftheTCPheader(whichmaycontainoptionsexpandingittoasmuchas60bytes).
•Reserved(6bits)Unused.
•ControlBits(6bits)Containssix1-bitflagsthatperformthefollowingfunctions:
•URGIndicatesthatthesequencecontainsurgentdataandactivatestheUrgentPointerfield
•ACKIndicatesthatthemessageisanacknowledgmentofpreviouslytransmitteddataandactivatestheAcknowledgmentNumberfield
•PSHInstructsthereceivingsystemtopushallthedatainthecurrentsequencetotheapplicationidentifiedbytheportnumberwithoutwaitingfortherest
•RSTInstructsthereceivingsystemtodiscardallthesegmentsinthesequencethathavebeentransmittedthusfarandresetstheTCPconnection
•SYNUsedduringtheconnectionestablishmentprocesstosynchronize
![Page 337: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/337.jpg)
thesequencenumbersinthesourceanddestinationsystems
•FINIndicatestotheothersystemthatthedatatransmissionhasbeencompletedandtheconnectionistobeterminated
•Window(2bytes)ImplementstheTCPflow-controlmechanismbyspecifyingthenumberofbytesthesystemcanacceptfromthesender.
•Checksum(2bytes)ContainsachecksumcomputationcomputedfromtheTCPheader;data;andapseudo-headercomposedoftheSourceIPAddress,DestinationIPAddress,Protocolfieldsfromthepacket’sIPheader,andthelengthoftheentireTCPmessage.
•UrgentPointer(2bytes)ActivatedbytheURGbit,specifiesthedatainthesequencethatshouldbetreatedbythereceiverasurgent.
•Options(variable)MaycontainadditionalconfigurationparametersfortheTCPconnection,alongwithpaddingtofillthefieldtothenearest4-byteboundary.Theavailableoptionsareasfollows:
•MaximumSegmentSizeSpecifiesthesizeofthelargestsegmentsthecurrentsystemcanreceivefromtheconnectedsystem
•WindowScaleFactorUsedtodoublethesizeoftheWindowSizefieldfrom2to4bytes
•TimestampUsedtocarrytimestampsindatapacketsthatthereceivingsystemreturnsinitsacknowledgments,enablingthesendertomeasuretheround-triptime
•Data(variable)Maycontainasegmentoftheinformationpasseddownfromanapplicationlayerprotocol.InSYN,ACK,andFINpackets,thisfieldisleftempty.
ConnectionEstablishmentDistinguishingTCPconnectionsfromtheothertypesofconnectionscommonlyusedindatanetworkingisimportant.Whenyoulogontoanetwork,forexample,youinitiateasessionthatremainsopenuntilyoulogoff.Duringthatsession,youmayestablishotherconnectionstoindividualnetworkresourcessuchasfileserversthatalsoremainopenforextendedlengthsoftime.TCPconnectionsaremuchmoretransient,however,andtypicallyremainopenonlyforthedurationofthedatatransmission.Inaddition,asystem(orevenasingleapplicationonthatsystem)mayopenseveralTCPconnectionsatoncewiththesamedestination.
Asanexample,considerabasicclient-servertransactionbetweenawebbrowserandawebserver.WheneveryoutypeaURLinthebrowser,theprogramopensaTCPconnectionwiththeservertotransferthedefaultHTMLfilethatthebrowserusestodisplaytheserver’shomepage.Theconnectionlastsonlyaslongasittakestotransferthatonepage.Whentheuserclicksahyperlinktoopenanewpage,anentirelynewTCPconnectionisneeded.Ifthereareanygraphicsonthewebpages,aseparateTCPconnectionisneededtotransmiteachimagefile.
![Page 338: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/338.jpg)
Theadditionalmessagesrequiredfortheestablishmentoftheconnection,plusthesizeoftheheader,addconsiderablytothecontroloverheadincurredbyaTCPconnection.ThisisthemainreasonwhyTCP/IPhasUDPasalow-overheadtransportlayeralternative.
ThecommunicationprocessbetweentheclientandtheserverbeginswhentheclientgeneratesitsfirstTCPmessage,beginningthethree-wayhandshakethatestablishestheconnectionbetweenthetwomachines.Thismessagecontainsnoapplicationdata;itsimplysignalstotheserverthattheclientwantstoestablishaconnection.TheSYNbitisset,andthesystemsuppliesavalueintheSequenceNumberfield,calledtheinitialsequencenumber(ISN),asshowninFigure14-4.
Figure14-4Theclient’sSYNmessageinitiatestheconnectionestablishmentprocess.
ThesystemusesacontinuouslyincrementingalgorithmtodeterminetheISNitwilluseforeachconnection.Theconstantcyclingofthesequencenumbersmakesithighlyunlikelythatmultipleconnectionsusingthesamesequencenumberswilloccurbetweenthesametwosockets.TheclientsystemthentransmitsthemessageasaunicasttothedestinationsystemandenterstheSYN-SENTstate,indicatingthatithastransmitteditsconnectionrequestandiswaitingforamatchingrequestfromthedestinationsystem.
Theserver,atthistime,isintheLISTENstate,meaningthatitiswaitingtoreceiveaconnectionrequestfromaclient.Whentheserverreceivesthemessagefromtheclient,itreplieswithitsownTCPcontrolmessage.Thismessageservestwofunctions:Itacknowledgesthereceiptoftheclient’smessage,asindicatedbytheACKbit,anditinitiatesitsownconnection,asindicatedbytheSYNbit(seeFigure14-5).TheserverthenenterstheSYN-RECEIVEDstate,indicatingthatithasreceivedaconnectionrequest,issuedarequestofitsown,andiswaitingforanacknowledgmentfromtheothersystem.BoththeACKandSYNbitsarenecessarybecauseTCPisafull-duplexprotocol,meaningthataseparateconnectionisactuallyrunningineachdirection.Bothconnectionsmustbe
![Page 339: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/339.jpg)
individuallyestablished,maintained,andterminated.Theserver’smessagealsocontainsavalueintheSequenceNumberfield(116270),aswellasavalueintheAcknowledgmentNumberfield(119841004).
Figure14-5Theserveracknowledgestheclient’sSYNandsendsaSYNofitsown.
Bothsystemsmaintaintheirownsequencenumbersandarealsoconsciousoftheothersystem’ssequencenumbers.Later,whenthesystemsactuallybegintosendapplicationdata,thesesequencenumbersenableareceivertoassembletheindividualsegmentstransmittedinseparatepacketsintotheoriginalsequence.
Remember,althoughthetwosystemsmustestablishaconnectionbeforetheysendapplicationdata,theTCPmessagesarestilltransmittedwithinIPdatagramsandaresubjecttothesametreatmentasanyotherdatagram.Thus,theconnectionisactuallyavirtualone,andthedatagramsmaytakedifferentroutestothedestinationandarriveinadifferentorderfromthatinwhichtheyweresent.
Aftertheclientreceivestheserver’smessage,ittransmitsitsownACKmessage(seeFigure14-6)acknowledgingtheserver’sSYNbitandcompletingthebidirectionalconnectionestablishmentprocess.Thismessagehasavalueof119841004asitssequencenumber,whichisthevalueexpectedbytheserver,andanacknowledgmentnumberof116271,whichisthesequencenumberitexpectstoseeintheserver’snexttransmission.BothsystemsnowentertheESTABLISHEDstate,indicatingthattheyarereadytotransmitandreceiveapplicationdata.
![Page 340: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/340.jpg)
Figure14-6Theclientthenacknowledgestheserver’sSYN,andtheconnectionisestablishedinbothdirections.
DataTransferOncetheTCPconnectionisestablishedinbothdirections,thetransmissionofdatacanbegin.Theapplicationlayerprotocoldetermineswhethertheclientortheserverinitiatesthenextexchange.InaFileTransferProtocol(FTP)session,forexample,theserversendsaReadymessagefirst.InaHypertextTransferProtocol(HTTP)exchange,theclientbeginsbysendingtheURLofthedocumentitwantstoreceive.
Thedatatobesentisnotpackagedfortransmissionuntiltheconnectionisestablished.ThisisbecausethesystemsusetheSYNmessagestoinformtheothersystemofthemaximumsegmentsize(MSS).TheMSSspecifiesthesizeofthelargestsegmenteachsystemiscapableofreceiving.ThevalueoftheMSSdependsonthedatalinklayerprotocolusedtoconnectthetwosystems.
EachsystemsuppliestheotherwithanMSSvalueintheTCPmessage’sOptionsfield.LikewiththeIPheader,eachoptionconsistsofmultiplesubfields,whichfortheMaximumSegmentSizeoption,areasfollows:
•Kind(1byte)Identifiesthefunctionoftheoption.FortheMaximumSegmentSizeoption,thevalueis2.
•Length(1byte)Specifiesthelengthoftheentireoption.FortheMaximumSegmentSizeoption,thevalueis4.
•MaximumSegmentSize(2bytes)Specifiesthesize(inbytes)ofthelargestdatasegmentthesystemcanreceive.
Intheclientsystem’sfirstTCPmessage,shownearlierinFigure14-4,thevalueoftheOptionsfieldis(inhexadecimalnotation)020405B001010402.Thefirst4bytesofthisvalueconstitutetheMSSoption.TheKindvalueis02,theLengthis04,andtheMSSis
![Page 341: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/341.jpg)
05B0,whichindecimalformis1,456bytes.ThisworksouttothemaximumframesizeforanEthernetIInetwork(1,500bytes)minus20bytesfortheIPheaderand24bytesfortheTCPheader(20bytesplus4optionbytes).Theserver’sownSYNpacketcontainsthesamevalueforthisoptionbecausethesetwocomputerswerelocatedonthesameEthernetnetwork.
NOTETheremaining4bytesintheOptionsfieldconsistof2bytesofpadding(0101)andtheKind(04)andLength(02)fieldsoftheSACK-Permittedoption,indicatingthatthesystemiscapableofprocessingextendedinformationaspartofacknowledgmentmessages.
Whenthetwosystemsarelocatedondifferentnetworks,theirMSSvaluesmayalsobedifferent,andhowthesystemsdealwiththisisleftuptotheindividualTCPimplementations.Somesystemsmayjustusethesmallerofthetwovalues,whileothersmightreverttothedefaultvalueof536bytesusedwhennoMSSoptionissupplied.Windows2000systemsuseaspecialmethodofdiscoveringtheconnectionpath’sMTU(thatis,thelargestpacketsizepermittedonaninternetworklinkbetweentwosystems).Thismethod,asdefinedinRFC1191,enablesthesystemstodeterminethepacketsizespermittedonintermediatenetworks.Thus,evenifthesourceanddestinationsystemsarebothconnectedtoEthernetnetworkswith1,500-byteMTUs,theycandetectanintermediateconnectionthatsupportsonlya576-byteMTU.
OncetheMSSfortheconnectionisestablished,thesystemscanbeginpackagingdatafortransmission.InthecaseofanHTTPtransaction,thewebbrowserclienttransmitsthedesiredURLtotheserverinasinglepacket(seeFigure14-7).Noticethatthesequencenumberofthispacket(119841004)isthesameasthatforthepreviouspacketitsentinacknowledgmenttotheserver’sSYNmessage.ThisisbecauseTCPmessagesconsistingonlyofanacknowledgmentdonotincrementthesequencecounter.Theacknowledgmentnumberisalsothesameasinthepreviouspacketbecausetheclienthasnotyetreceivedthenextmessagefromtheserver.NotealsothatthePSHbitisset,indicatingthattheservershouldsendtheencloseddatatotheapplicationimmediately.
![Page 342: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/342.jpg)
Figure14-7ThefirstdatapacketsentovertheconnectioncontainstheURLrequestedbythewebbrowser.
Afterreceivingtheclient’smessage,theserverreturnsanacknowledgmentmessage,asshowninFigure14-8,thatusesthesequencenumberexpectedbytheclient(116271)andhasanacknowledgmentnumberof119841363.Thedifferencebetweenthisacknowledgmentnumberandthesequencenumberoftheclientmessagepreviouslysentis359;thisiscorrectbecausethedatagramtheclientsenttotheserverwas399byteslong.Subtracting40bytesfortheIPandTCPheadersleaves359bytesofdata.Thevalueintheserver’sacknowledgmentmessage,therefore,indicatesthatithassuccessfullyreceived359bytesofdatafromtheclient.Aseachsystemsendsdatatotheother,theyincrementtheirsequencenumbersforeachbytetransmitted.
![Page 343: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/343.jpg)
Figure14-8Theserveracknowledgesallofthedatabytestransmittedbytheclient.
Thenextstepintheprocessisfortheservertorespondtotheclient’srequestbysendingittherequestedHTMLfile.UsingtheMSSvalue,theservercreatessegmentssmallenoughtobetransmittedoverthenetworkandtransmitsthefirstoneinthemessage,asshowninFigure14-9.Thesequencenumberisagainthesameastheserver’spreviousmessagebecausethepreviousmessagecontainedonlyanacknowledgment.Theacknowledgmentnumberisalsothesamebecausetheserverissendingasecondmessagewithoutanyinterveningcommunicationfromtheclient.
Figure14-9Inresponsetotheclient’srequest,theserverbeginstotransmitthewebpageaftersplittingitintomultiplesegments.
Inadditiontotheacknowledgmentservicejustdescribed,theTCPheaderfieldsprovidetwomoreservices:
•Errorcorrection
•Flowcontrol
Thefollowingsectionsexamineeachofthesefunctions.
ErrorCorrectionYousawinthepreviousexamplehowareceivingsystemusestheacknowledgmentnumberinitsACKmessagetoinformthesenderthatitsdatawasreceivedcorrectly.Thesystemsalsousethismechanismtoindicatewhenanerrorhasoccurredanddataisnotreceivedcorrectly.
TCP/IPsystemsuseasystemofdelayedacknowledgments,meaningtheydonothavetosendanacknowledgmentmessageforeverypackettheyreceive.Themethodusedtodeterminewhenacknowledgmentsaresentisleftuptotheindividualimplementation,buteachacknowledgmentspecifiesthatthedata,uptoacertainpointinthesequence,hasbeenreceivedcorrectly.Thesearecalledpositiveacknowledgmentsbecausetheyindicatethatdatahasbeenreceived.Negativeacknowledgmentsorselectiveacknowledgments,whichspecifythatdatahasnotbeenreceivedcorrectly,arenotpossibleinTCP.
Whatif,forexample,inthecourseofasingleconnection,aservertransmitsfivedatasegmentstoaclientandthethirdsegmentmustbediscardedbecauseofachecksumerror?Thereceivingsystemmustthensendanacknowledgmentbacktothesenderindicating
![Page 344: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/344.jpg)
thatallthemessagesupthroughthesecondsegmenthavebeenreceivedcorrectly.Eventhoughthefourthandfifthsegmentswerealsoreceivedcorrectly,thethirdsegmentwasnot.Usingpositiveacknowledgmentsmeansthatthefourthandfifthsegmentsmustberetransmitted,inadditiontothethird.
ThemechanismusedbyTCPiscalledpositiveacknowledgmentwithretransmissionbecausethesendingsystemautomaticallyretransmitsalloftheunacknowledgedsegmentsafteracertaintimeinterval.Thewaythisworksisthatthesendingsystemmaintainsaqueuecontainingallofthesegmentsithasalreadytransmitted.Asacknowledgmentsarrivefromthereceiver,thesenderdeletesthesegmentsthathavebeenacknowledgedfromthequeue.Afteracertainelapsedtime,thesendingsystemretransmitsalloftheunacknowledgedsegmentsremaininginthequeue.ThesystemsusealgorithmsdocumentedinRFC1122tocalculatethetimeoutvaluesforaconnectionbasedontheamountoftimeittakesforatransmissiontotravelfromonesystemtotheotherandbackagain,calledtheround-triptime.
FlowControlFlowcontrolisanimportantelementoftheTCPprotocolbecauseitisdesignedtotransmitlargeamountsofdata.Receivingsystemshaveabufferinwhichtheystoreincomingsegmentswaitingtobeacknowledged.Ifasendingsystemtransmitstoomanysegmentstooquickly,thereceiver’sbufferfillsupandanypacketsarrivingatthesystemarediscardeduntilspaceinthebufferisavailable.TCPusesamechanismcalledaslidingwindowforitsflowcontrol,whichisessentiallyameansforthereceivingsystemtoinformthesenderofhowmuchbufferspaceithasavailable.
EachacknowledgmentmessagegeneratedbyasystemreceivingTCPdataspecifiestheamountofbufferspaceithasavailableinitsWindowfield.Aspacketsarriveatthereceivingsystem,theywaitinthebufferuntilthesystemgeneratesthemessagethatacknowledgesthem.ThesendingsystemcomputestheamountofdataitcansendbytakingtheWindowvaluefromthemostrecentlyreceivedacknowledgmentandsubtractingthenumberofbytesithastransmittedsinceitreceivedthatacknowledgment.Iftheresultofthiscomputationiszero,thesystemstopstransmittinguntilitreceivesacknowledgmentofoutstandingpackets.
ConnectionTerminationWhentheexchangeofdatabetweenthetwosystemsiscomplete,theyterminatetheTCPconnection.Becausetwoconnectionsareactuallyinvolved—oneineachdirection—bothmustbeindividuallyterminated.TheprocessbeginswhenonemachinesendsamessageinwhichtheFINcontrolbitisset.Thisindicatesthatthesystemwantstoterminatetheconnectionithasbeenusingtosenddata.
Whichsysteminitiatestheterminationprocessisdependentontheapplicationgeneratingthetraffic.InanHTMLtransaction,theservercanincludetheFINbitinthemessagecontainingthelastsegmentofdatainthesequence,oritcantaketheformofaseparatemessage.TheclientreceivingtheFINfromtheserversendsanacknowledgment,closingtheserver’sconnection,andthensendsaFINmessageofitsown.Notethat,unlikethethree-wayhandshakethatestablishedtheconnection,theterminationprocedurerequiresfourtransmissionsbecausetheclientsendsitsACKandFINbitsinseparatemessages.Whentheservertransmitsitsacknowledgmenttotheclient’sFIN,the
![Page 345: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/345.jpg)
connectioniseffectivelyterminated.
![Page 346: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/346.jpg)
CHAPTER
![Page 347: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/347.jpg)
15 TheDomainNameSystem
Computersaredesignedtoworkwithnumbers,whilehumansaremorecomfortableworkingwithwords.ThisfundamentaldichotomyisthereasonwhytheDomainNameSystem(DNS)cametobe.Backinthedarkdaysofthe1970s,whentheInternetwastheARPANETandtheentireexperimentalnetworkconsistedofonlyafewhundredsystems,aneedwasrecognizedforamechanismthatwouldpermituserstorefertothenetwork’scomputersbyname,ratherthanbyaddress.TheintroductionoftheTransmissionControlProtocol/InternetProtocol(TCP/IP)protocolsintheearly1980sledtotheuseof32-bitIPaddresses,whichevenindotteddecimalformweredifficulttoremember.
HostTablesThefirstmechanismforassigninghuman-friendlynamestoaddresseswascalledahosttable,whichtooktheformofafilecalled/etc/hostsonUnixsystems.ThehosttablewasasimpleASCIIfilethatcontainedalistofnetworksystemaddressesandtheirequivalenthostnames.Whenuserswantedtoaccessresourcesonothernetworksystems,theywouldspecifyahostnameintheapplication,andthesystemwouldresolvethenameintotheappropriateaddressbylookingitupinthehosttable.ThishosttablestillexistsonallTCP/IPsystemstoday,usuallyintheformofafilecalledHostssomewhereonthelocaldiskdrive.Ifnothingelse,thehosttablecontainsthefollowingentry,whichassignstothestandardIPloopbackaddressthehostnamelocalhost:127.0.0.1localhost
Today,theDomainNameSystemhasreplacedthehosttablealmostuniversally,butwhenTCP/IPsystemsattempttoresolveahostnameintoanIPaddress,itisstillpossibletoconfigurethemtochecktheHostsfilefirstbeforeusingDNS.IfyouhaveasmallnetworkofTCP/IPsystemsthatisnotconnectedtotheInternet,youcanusehosttablesonyourmachinestomaintainfriendlyhostnamesforyourcomputers.ThenameresolutionprocesswillbeveryfastbecausenonetworkcommunicationsarenecessaryandyouwillnotneedaDNSserver.
HostTableProblemsTheuseofhosttablesonTCP/IPsystemscausedseveralproblems,allofwhichwereexacerbatedasthefledglingInternetgrewfromasmall“family”ofnetworkedcomputersintotoday’sgiganticnetwork.Themostfundamentalproblemwasthateachcomputerhadtohaveitsownhosttable,whichlistedthenamesandaddressesofalloftheothercomputersonthenetwork.Whenyouconnectedanewcomputertothenetwork,youcouldnotaccessituntilanentryforitwasaddedtoyourcomputer’shosttable.
Foreveryonetokeeptheirhosttablesupdated,itwasnecessarytoinformtheadministratorswhenasystemwasaddedtothenetworkoranameoraddresschangeoccurred.HavingeveryadministratorofanARPANETsysteme-maileveryotheradministratoreachtimetheymadeachangewasobviouslynotapracticalsolution,soit
![Page 348: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/348.jpg)
wasnecessarytodesignatearegistrarthatwouldmaintainamasterlistofthesystemsonthenetwork,theiraddresses,andtheirhostnames.
ThetaskofmaintainingthisregistrywasgiventotheNetworkInformationCenter(NIC)attheStanfordResearchInstitute(SRI),inMenloPark,California.ThemasterlistwasstoredinafilecalledHosts.txtonacomputerwiththehostnameSRI-NIC.AdministratorsofARPANETsystemswoulde-mailtheirmodificationstotheNIC,whichwouldupdatetheHosts.txtfileperiodically.Tokeeptheirsystemsupdated,theadministratorswoulduseFTPtodownloadthelatestHosts.txtfilefromSRI-NICandcompileitintoanewHostsfilefortheirsystems.
Initially,thiswasanadequatesolution,butasthenetworkcontinuedtogrow,itbecameincreasinglyunworkable.Asmoresystemswereaddedtothenetwork,theHosts.txtfilegrewlarger,andmorepeoplewereaccessingSRI-NICtodownloaditonaregularbasis.Theamountofnetworktrafficgeneratedbythissimplemaintenancetaskbecameexcessive,andchangesstartedoccurringsofastthatitwasdifficultforadministratorstokeeptheirsystemsupdated.
Anotherseriousproblemwasthattherewasnocontroloverthehostnamesusedtorepresentthesystemsonthenetwork.OnceTCP/IPcameintogeneraluse,theNICwasresponsibleforassigningnetworkaddresses,butadministratorschosetheirownhostnamesforthecomputersontheirnetworks.Theaccidentaluseofduplicatehostnamesresultedinmisroutedtrafficanddisruptionofcommunications.ImaginethechaosthatwouldresulttodayifanyoneontheInternetwasallowedtosetupawebserverandusethenamemicrosoft.comforit.Clearly,abettersolutionwasneeded,andthisledtothedevelopmentoftheDomainNameSystem.
DNSObjectivesToaddresstheproblemsresultingfromtheuseofhosttablesfornameregistrationandresolution,thepeopleresponsiblefortheARPANETdecidedtodesignacompletelynewmechanism.Theirprimaryobjectivesatfirstseemedtobecontradictory:todesignamechanismthatwouldenableadministratorstoassignhostnamestotheirownsystemswithoutcreatingduplicatenamesandtomakethathostnameinformationgloballyavailabletootheradministratorswithoutrelyingonasingleaccesspointthatcouldbecomeatrafficbottleneckandasinglepointoffailure.Inaddition,themechanismhadtobeabletosupportinformationaboutsystemsthatusevariousprotocolswithdifferenttypesofaddresses,andithadtobeadaptableforusebymultipleapplications.
ThesolutionwastheDomainNameSystem,designedbyPaulMockapetrisandpublishedin1983astwoInternetEngineeringTaskForce(IETF)documentscalledrequestforcomments(RFC):RFC882,“DomainNames:ConceptsandFacilities,”andRFC883,“DomainNames:ImplementationSpecification.”Thesedocumentswereupdatedin1987,publishedasRFC1034andRFC1035,respectively,andratifiedasanIETFstandard.Sincethattime,numerousotherRFCshaveupdatedtheinformationinthestandardtoaddresscurrentnetworkingissues.
Currentrequestsandupdatestoolderentriescanbefoundatrfc-editor.org.
TheDNS,asdesignedbyMockapetris,consistsofthreebasicelements:
![Page 349: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/349.jpg)
•Ahierarchicalnamespacethatdividesthehostsystemdatabaseintodiscreteelementscalleddomains
•Domainnameserversthatcontaininformationaboutthehostandsubdomainswithinagivendomain
•Resolversthatgeneraterequestsforinformationfromdomainnameservers
Theseelementsarediscussedinthefollowingsections.
DomainNamingTheDomainNameSystemachievesthedesignatedobjectivesbyusingahierarchicalsystem,bothinthenamespaceusedtonamethehostsandinthedatabasethatcontainsthehostnameinformation.BeforetheDNSwasdeveloped,administratorsassignedsimplehostnamestothecomputersontheirnetworks.Thenamessometimesreflectedthecomputer’sfunctionoritslocation,aswithSRI-NIC,buttherewasnopolicyinplacethatrequiredthis.Atthattime,therewerefewenoughcomputersonthenetworktomakethisapracticalsolution.
Tosupportthenetworkasitgrewlarger,Mockapetrisdevelopedahierarchicalnamespacethatmadeitpossibleforindividualnetworkadministratorstonametheirsystems,whileidentifyingtheorganizationthatownsthesystemsandpreventingtheduplicationofnamesontheInternet.TheDNSnamespaceisbasedondomains,whichexistinahierarchicalstructuremuchlikethedirectorytreeinafilesystem.Adomainistheequivalentofadirectory,inthatitcancontaineithersubdomains(subdirectories)orhosts(files),formingastructurecalledtheDNStree(seeFigure15-1).BydelegatingtheresponsibilityforspecificdomainstonetworkadministratorsallovertheInternet,theresultisadistributeddatabasescatteredonsystemsalloverthenetwork.
Figure15-1TheDomainNameSystemusesatreestructurelikethatofafilesystem.
NOTEThetermdomainhasmorethanonemeaninginthecomputerindustry.Adomaincanbeagroupofdevicesonanetworkadministeredasoneunit.OntheInternet,itcanbeanIPaddress,suchasmcgrawhill.comin
![Page 350: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/350.jpg)
whichallthedevicessharingpartofthisaddressareconsideredpartofthesamedomain.Youmayalsoseesoftwarethatisinthepublicdomain,whichmeanstheprogramcanbeusedwithoutcopyrightrestrictions.
ToassignuniqueIPaddressestocomputersallovertheInternet,atwo-tieredsystemwasdevisedinwhichadministratorsreceivethenetworkidentifiersthatformthefirstpartoftheIPaddressesandthenassignhostidentifierstoindividualcomputersthemselvestoformthesecondpartoftheaddresses.Thisdistributestheaddressassignmenttasksamongthousandsofnetworkadministratorsallovertheworld.TheDNSnamespacefunctionsinthesameway:Administratorsareassigneddomainnamesandarethenresponsibleforspecifyinghostnamestosystemswithinthatdomain.
TheresultisthateverycomputerontheInternetisuniquelyidentifiablebyaDNSnamethatconsistsofahostnameplusthenamesofallofitsparentdomains,stretchinguptotherootoftheDNStree,separatedbyperiods.Eachofthenamesbetweentheperiodscanbeupto63characterslong,withatotallengthof255charactersforacompleteDNSname,includingthehostandallofitsparentdomains.Domainandhostnamesarenotcasesensitiveandcantakeanyvalueexceptthenullvalue(nocharacters),whichrepresentstherootoftheDNStree.Domainandhostnamesalsocannotcontainanyofthefollowingsymbols:_:,/\?.@#!$%^&*(){}[]|;"<>~`
NOTEUsingashellprompt,youcanentertheIPaddressofacomputertolookuptheDNSname.
InFigure15-2,acomputerinthemycorpdomainfunctionsasawebserver,andtheadministratorhasthereforegivenitthehostnamewww.Thisadministratorisresponsibleforthemycorpdomainandcanthereforeassignsystemsinthatdomainanyhostnamehewants.Becausemycorpisasubdomainofcom,thefullDNSnameforthatwebserveriswww.mycorp.com.Thus,aDNSnameissomethinglikeapostaladdress,inwhichthetop-leveldomainistheequivalentofthestate,thesecond-leveldomainisthecity,andthehostnameisthestreetaddress.
![Page 351: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/351.jpg)
Figure15-2ADNSnamelikewww.mycorp.comreflectsasystem’splaceinthedomainhierarchy.
BecauseacompleteDNSnametracesthedomainpathallthewayupthetreestructuretotheroot,itshouldtheoreticallyendwithaperiod,indicatingthedivisionbetweenthetop-leveldomainandtheroot.However,thistrailingperiodisnearlyalwaysomittedincommonuse,exceptincasesinwhichitservestodistinguishanabsolutedomainnamefromarelativedomainname.Anabsolutedomainname(alsocalledafullyqualifieddomainname[FQDN])doesspecifythepathallthewaytotheroot,whilearelativedomainnamespecifiesonlythesubdomainrelativetoaspecificdomaincontext.Forexample,whenworkingonacomplexnetworkcalledzacker.comthatusesseverallevelsofsubdomains,youmightrefertoasystemusingarelativedomainnameofmail.pariswithoutaperiodbecauseit’sunderstoodbyyourcolleaguesthatyou’reactuallyreferringtoasystemwithanabsolutenameofmail.paris.zacker.com.(withaperiod).
It’salsoimportanttounderstandthatDNSnameshavenoinherentconnectiontoIPaddressesoranyothertypeofaddress.Theoretically,thehostsystemsinaparticulardomaincanbelocatedondifferentnetworks,thousandsofmilesapart.
Top-LevelDomainsIneveryDNSname,thefirstwordontherightrepresentsthedomainatthehighestlevelintheDNStree,calledatop-leveldomain.Thesetop-leveldomainsessentiallyfunctionasregistrarsforthedomainsatthesecondlevel.Forexample,theadministratorofzacker.comwenttothecomtop-leveldomainandregisteredthenamezacker.Inreturnforafee,thatadministratornowhasexclusiveuseofthenamezacker.comandcancreateanyhostorsubdomainnamesinthatdomainthathewants.Itdoesn’tmatterthatthousandsofothernetworkadministratorshavenamedtheirwebserverswwwbecausetheyallhavetheirownindividualdomainnames.Thehostnamewwwmaybeduplicatedanywhere,aslongastheDNSnameisunique.
TheoriginalDNSnamespacecalledforseventop-leveldomains,centeredinU.S.nomenclatureanddedicatedtospecificpurposes,asfollows:
![Page 352: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/352.jpg)
•comCommercialorganizations
•eduFour-year,degree-grantingeducationalinstitutionsinNorthAmerica
•govU.S.governmentinstitutions
•intOrganizationsestablishedbyinternationaltreaty
•milU.S.militaryapplications
•netNetworkingorganizations
•orgNoncommercialorganizations
Theedu,gov,int,andmildomainswereoriginallyreservedforusebycertifiedorganizations,butthecom,org,andnetdomainswereandarecalledglobaldomains,becauseorganizationsanywhereintheworldcanregistersecond-leveldomainswithinthem.Originally,thesetop-leveldomainsweremanagedbyacompanycalledNetworkSolutions(NSI,formerlyknownasInterNIC,theInternetNetworkInformationCenter)asaresultofcooperativeagreementwiththeU.S.government.Youcanstillgotoitswebsiteatwww.networksolutions.com/andregisternamesinthesetop-leveldomains.
In1998,theagreementwiththeU.S.governmentwaschangedtopermitotherorganizationstocompetewithNSIinprovidingdomainregistrations.AnorganizationcalledtheInternetCorporationforAssignedNamesandNumbers(ICANN)isresponsiblefortheaccreditationofdomainnameregistrars.Underthisnewpolicy,theproceduresandfeesforregisteringnamesinthecom,net,andorgdomainsmayvary,buttherewillbenodifferenceinthefunctionalityofthedomainnames,norwillduplicatenamesbepermitted.ThecompletelistofregistrarsthathavebeenaccreditedbyICANNisavailableathttp://www.webhosting.info/registrars/.
Currently,morethan1,900newtop-leveldomainnameshavebeensubmittedtoICANN,andduring2015,itisanticipatedthateachweeknewnameswillbeavailableforopenregistration.Whiletheremaybeconflicts,theissueswill,atthistime,besettledbyauctionornegotiation.Approvalfornewtop-leveldomainnamescurrentlyhasthreestages:
•SunrisestageDuringthis60-dayperiod,legaltrademarkownerscan“staketheirclaim”beforeregistrationforthatname.
•LandrushstageThisisapreregistrationperiodwhereapplicantscanpayafee(whichinmanycaseswillbesubstantial)foraspecificdomainname.
•OpenregistrationDuringthistime,anyonecanregisteranewdomain.
.comDomainConflictsThecomtop-leveldomainistheonemostcloselyassociatedwithcommercialInternetinterests,andnamesofcertaintypesinthecomdomainarebecomingscarce.Forexample,itisdifficultatthistimetocomeupwithasnappynameforanInternettechnologycompanythatincludestheword“net”thathasnotalreadybeenregisteredinthecomdomain.
Therehavealsobeenconflictsbetweenorganizationsthatthinktheyhavearighttoa
![Page 353: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/353.jpg)
particulardomainname.Trademarklawpermitstwocompaniestohavethesamename,aslongastheyarenotdirectlycompetitiveinthemarketplace.However,A1AutoPartsCompanyandA1Softwaremaybothfeelthattheyhavearighttothea1.comdomain,andlawsuitshaveariseninsomecases.Inotherinstances,forward-thinkingprivateindividualswhoregistereddomainsusingtheirownnameshavelaterbeenconfrontedbycorporationswiththesamenamewhowanttojumpontheInternetbandwagonandthinktheyhavearighttothatname.IfacertainindividualofScottishextractionregistershisdomainonlytofindoutsomeyearslaterthatafast-foodcompany(forexample)isveryanxioustoacquirethatdomainname,theendresultcanbeeitheraprofitablesettlementfortheindividualoranastycourtcase.
ThisphenomenongaverisetoaparticularbreedofInternetbottom-feederknownasdomainnamespeculators.Thesepeopleregisterlargenumbersofdomainnamesthattheythinksomecompanymightwantsomeday,hopingthattheycanreceivealargefeeinreturnforsellingthemthedomainname.Anotherunscrupulouspracticeisforacompanyinaparticularbusinesstoregisterdomainsusingthenamesoftheircompetitors.Thus,whenInternetusersgotopizzaman.com,expectingtofindRaythePizzaMan’swebsite,theyinsteadfindthemselvesredirectedtothesiteforBob’sPizzaPalace,whichislocatedacrossthestreetfromRay’s.
CybersquattingBydefinition,cybersquattingisthepracticeofregisteringanInternetdomainnamesimplyforthepurposeofprofitingbysellingthenametosomeoneelse.AccordingtotheWorldIntellectualPropertyOrganization(WIPO),thispracticeincludesthefollowing:
•Abusiveregistrationofadomainnamethatismisleadinglysimilaroridenticaltoanexistingtrademark.
•Aregistereddomainnameforwhichtheregisteringpartyhasnorightsorlegitimateinterests.
•Adomainnamethatisregisteredandusedinbadfaith.
ICANNcreateditsUniformDomainNameResolutionPolicy(UDRP)tocounteractcybersquatting.Since2000,allregistrantsofdomainssuchas.com,.net,and.orghavebeensubjecttothispolicy.Inresponsetothenewtop-leveldomains(TLDs),inMarch2013,ICANNlaunchedtheIPTrademarkClearinghouse,acentralizeddatabaseofvalidtrademarkstoprotectthesetrademarks,especiallyduringthetimeinwhichthenewTLDsarelaunched.
Country-CodeDomainsTherearemanycountry-codedomains(alsocalledinternationaldomains),namedforspecificcountriesusingtheISOdesignations,suchasfrforFranceanddeforDeutschland(Germany).Manyofthesecountriesallowfreeregistrationofsecond-leveldomainstoanyone,withoutrestrictions.Fortheothercountries,anorganizationmustconformtosomesortoflocalpresence,tax,ortrademarkguidelinesinordertoregisterasecond-leveldomain.Eachofthesecountry-codedomainsismanagedbyanorganizationinthatcountry,whichestablishesitsowndomainnameregistrationpolicies.
![Page 354: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/354.jpg)
NOTEForthecountrycodesmaintainedbytheInternationalOrganizationforStandardization(ISO),seewww.iso.org/iso/country_codes.htm.
Thereisalsoaustop-leveldomainthatisaviablealternativefororganizationsunabletoobtainasatisfactorynameinthecomdomain.InMarch2014,theNationalTelecommunicationsandInformationAdministration(NTIA)armoftheU.S.DepartmentofCommerceawardedtheadministrativecontracttoNeustarforthreeyears.Thisentityregisterssecond-leveldomainstobusinessesandindividuals,aswellastogovernmentagencies,educationalinstitutions,andotherorganizations.Theonlyrestrictionisthatallusdomainsmustconformtoanaminghierarchythatusestwo-letterstateabbreviationsatthethirdlevelanduseslocalcityorcountynamesatthefourthlevel.Thus,anexampleofavaliddomainnamewouldbesomethinglikemgh.newyork.ny.us.Thegeneralformatis<organization-name>.<locality>.<state>.us,where<state>isastate’stwo-letterpostalabbreviation.
Second-LevelDomainsTheregistrarsofthetop-leveldomainsareresponsibleforregisteringsecond-leveldomainnames,inreturnforasubscriptionfee.Aslongasanorganizationcontinuestopaythefeesforitsdomainname,ithasexclusiverightstothatname.Thedomainregistrarmaintainsrecordsthatidentifytheownerofeachsecond-leveldomainandspecifythreecontactswithintheregistrant’sorganization—anadministrativecontact,abillingcontact,andatechnicalcontact.Inaddition,theregistrarmusthavetheIPaddressesoftwoDNSserversthatfunctionasthesourceforfurtherinformationaboutthedomain.Thisistheonlyinformationmaintainedbythetop-leveldomain.Theadministratorsoftheregistrant’snetworkcancreateasmanyhostsandsubdomainswithinthesecond-leveldomainastheywantwithoutinformingtheregistrarsatall.
Tohostasecond-leveldomain,anorganizationmusthavetwoDNSservers.ADNSserverisasoftwareprogramthatrunsonacomputer.DNSserverproductsareavailableforallofthemajornetworkoperatingsystems.TheDNSserversdonothavetobelocatedontheregistrant’snetwork;manycompaniesoutsourcetheirInternetserverhostingchoresandusetheirserviceprovider’sDNSservers.TheDNSserversidentifiedinthetop-leveldomain’srecordaretheauthorityforthesecond-leveldomain.Thismeansthattheseserversaretheultimatesourceforinformationaboutthatdomain.Whennetworkadministratorswanttoaddahosttothenetworkorcreateanewsubdomain,theydosointheirownDNSservers.Inaddition,wheneverauserapplicationsomewhereontheInternethastodiscovertheIPaddressassociatedwithaparticularhostname,therequesteventuallyendsupatoneofthedomain’sauthoritativeservers.
Thus,initssimplestform,theDomainNameSystemworksbyreferringrequestsfortheaddressofaparticularhostnametoatop-leveldomainserver,whichinturnpassestherequesttotheauthoritativeserverforthesecond-leveldomain,whichrespondswiththerequestedinformation.ThisiswhytheDNSisdescribedasadistributeddatabase.Theinformationaboutthehostsinspecificdomainsisstoredontheirauthoritativeservers,whichcanbelocatedanywhere.ThereisnosinglelistofallthehostnamesontheentireInternet,whichisactuallyagoodthingbecauseatthetimethattheDNSwasdeveloped,noonewouldhavepredictedthattheInternetwouldgrowaslargeasithas.
![Page 355: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/355.jpg)
ThisdistributednatureoftheDNSdatabaseeliminatesthetraffic-congestionproblemcausedbytheuseofahosttablemaintainedonasinglecomputer.Thetop-leveldomainserverhandlesmillionsofrequestsaday,buttheyarerequestsonlyfortheDNSserversassociatedwithsecond-leveldomains.Ifthetop-leveldomainshadtomaintainrecordsforeveryhostineverysecond-leveldomaintheyhaveregistered,theresultingtrafficwouldbringtheentiresystemtoitsknees.
Distributingthedatabaseinthiswayalsosplitsthechoresofadministeringthedatabaseamongthousandsofnetworkadministratorsaroundtheworld.Domainnameregistrantsareeachresponsiblefortheirownareaofthenamespaceandcanmaintainitastheywantwithcompleteautonomy.
SubdomainsManyofthedomainsontheInternetstopattwolevels,meaningthatthesecond-leveldomaincontainsonlyhostsystems.However,itispossiblefortheadministratorsofasecond-leveldomaintocreatesubdomainsthatformadditionallevels.Theustop-leveldomain,forexample,requiresaminimumofthreelevels:thecountrycode,thestatecode,andthelocalcityorcountycode.Thereisnolimitonthenumberoflevelsyoucancreatewithinadomain,exceptforthoseimposedbypracticalityandthe255-charactermaximumDNSnamelength.
Insomecases,largeorganizationsusesubdomainstosubdividetheirnetworksaccordingtogeographicalororganizationalboundaries.Alargecorporationmightcreateathird-leveldomainforeachcityorcountryinwhichithasanoffice,suchasparis.zacker.comandnewyork.zacker.com,orforeachofseveraldepartments,suchassales.zacker.comandmis.zacker.com.Theorganizationalparadigmforeachdomainisleftcompletelyuptoitsadministrators.
Theuseofsubdomainscanmakeiteasiertoidentifyhostsonalargenetwork,butmanyorganizationsalsousethemtodelegatedomainmaintenancechores.TheDNSserversforatop-leveldomaincontaintheaddressesforeachsecond-leveldomain’sauthoritativeservers.Inthesameway,asecond-leveldomain’sserverscanrefertoauthoritativeserversforthird-leveladministratorsateachsitetomaintaintheirownDNSservers.
Tomakethisdelegationpossible,DNSserverscanbreakupadomain’snamespaceintoadministrativeunitscalledzones.Adomainwithonlytwolevelsconsistsofonlyasinglezone,whichissynonymouswiththedomain.Athree-leveldomain,however,canbedividedintomultiplezones.AzonecanbeanycontiguousbranchofaDNStreeandcanincludedomainsonmultiplelevels.Forexample,inthediagramshowninFigure15-3,theparis.zacker.comdomain,includingallofitssubdomainsandhosts,isonezone,representedbyitsownDNSservers.Therestofthezacker.comdomain,includingnewyork.zacker.com,chicago.zacker.com,andzacker.comitself,isanotherzone.Thus,azonecanbedefinedasanypartofadomain,includingitssubdomains,thatisnotdesignatedaspartofanotherzone.
![Page 356: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/356.jpg)
Figure15-3AzoneisanadministrativeentitythatcontainsabranchoftheDNStree.
EachzonemustberepresentedbyDNSserversthataretheauthorityforthatzone.AsingleDNSservercanbeauthoritativeformultiplezones,soyoucouldconceivablycreateaseparatezoneforeachofthethird-leveldomainsinzacker.comandstillhaveonlytwosetsofDNSservers.
DNSFunctionsDNSserversareaubiquitouspartofmostTCP/IPnetworks,evenifyouaren’tawareofit.IfyouconnecttotheInternet,youuseaDNSservereachtimeyouenteraservernameorURLintoawebbrowserorotherapplicationtoresolvethenameofthesystemyouspecifiedintoanIPaddress.Whenastand-alonecomputerconnectstoanInternetserviceprovider(ISP),theISP’sserverusuallysuppliestheaddressesoftheDNSserversthatthesystemwilluse.OnaTCP/IPnetwork,administratorsorusersconfigureclientswiththeaddressesoftheDNSserverstheywilluse.ThiscanbeamanualprocessperformedforeachworkstationoranautomaticprocessperformedusingaservicesuchasDynamicHostConfigurationProtocol(DHCP).TheenduserwillnotusuallyseetheIPaddressbecausethisisalltakencareofinthebackground.
TCP/IPcommunicationsarebasedsolelyonIPaddresses.Beforeonesystemcancommunicatewithanother,itmustknowitsIPaddress.Often,theusersuppliesafriendlyname(suchasaDNSname)foradesiredservertoaclientapplication.TheapplicationmustthenresolvethatservernameintoanIPaddressbeforeitcantransmitamessagetoit.Ifthenameresolutionmechanismfailstofunction,nocommunicationwiththeserverispossible.
![Page 357: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/357.jpg)
VirtuallyallTCP/IPnetworksusesomeformoffriendlynameforhostsystemsandincludeamechanismforresolvingthosenamesintotheIPaddressesneededtoinitiatecommunicationsbetweensystems.IfthenetworkisconnectedtotheInternet,DNSnameresolutionisanecessity.Privatenetworksdonotnecessarilyneedit,however.MicrosoftWindowsNTnetworks,forexample,useNetBIOSnamestoidentifytheirsystemsandhavetheirownmechanismsforresolvingthosenamesintoIPaddresses.ThesemechanismsincludetheWindowsInternetNamingSystem(WINS)andalsothetransmissionofbroadcastmessagestoeverysystemonthenetwork.NetBIOSnamesandnameresolutionmechanismsdonotreplacetheDNS;theyareintendedforuseonrelativelysmall,privatenetworksandwouldnotbepracticalontheInternet.AcomputercanhavebothaNetBIOSnameandaDNShostnameandusebothtypesofnameresolution.
ResourceRecordsDNSserversarebasicallydatabaseserversthatstoreinformationaboutthehostsandsubdomainforwhichtheyareresponsibleinresourcerecords(RRs).WhenyourunyourownDNSserver,youcreatearesourcerecordforeachhostnamethatyouwanttobeaccessiblebytherestofthenetwork.ThereareseveraldifferenttypesofresourcerecordsusedbyDNSservers,themostimportantofwhichareasfollows:
•Startofauthority(SOA)Indicatesthattheserveristhebestauthoritativesourcefordataconcerningthezone.EachzonemusthaveanSOArecord,andonlyoneSOArecordcanbeinazone.
•Nameserver(NS)IdentifiesaDNSserverfunctioningasanauthorityforthezone.EachDNSserverinthezone(whetherprimary,master,orslave)mustberepresentedbyanNSrecord.
•Address(A)Providesaname-to-addressmappingthatsuppliesanIPaddressforaspecificDNSname.ThisrecordtypeperformstheprimaryfunctionoftheDNS,convertingnamestoaddresses.
•PTR(Pointer)Providesanaddress-to-namemappingthatsuppliesaDNSnameforaspecificaddressinthein-addr.arpadomain.ThisisthefunctionaloppositeofanArecord,usedforreverselookupsonly.
•Canonicalname(CNAME)Createsanaliasthatpointstothecanonicalname(thatis,the“real”name)ofahostidentifiedbyanArecord.CNAMErecordsareusedtoprovidealternativenamesbywhichsystemscanbeidentified.Forexample,youmayhaveasystemwiththenameserver1.zacker.comonyournetworkthatyouuseasawebserver.Changingthehostnameofthecomputerwouldconfuseyourusers,butyouwanttousethetraditionalnameofwwwtoidentifythewebserverinyourdomain.OnceyoucreateaCNAMErecordforthenamewww.zacker.comthatpointstoserver1.zacker.com,thesystemisaddressableusingeithername.
•Mailexchanger(MX)Identifiesasystemthatwilldirecte-mailtrafficsenttoanaddressinthedomaintotheindividualrecipient,amailgateway,oranothermailserver.
![Page 358: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/358.jpg)
InadditiontofunctioningastheauthorityforasmallsectionoftheDNSnamespace,serversprocessclientnameresolutionrequestsbyeitherconsultingtheirownresourcerecordsorforwardingtherequesttoanotherDNSserveronthenetwork.Theprocessofforwardingarequestiscalledareferral,andthisishowalloftheDNSserversontheInternetworktogethertoprovideaunifiedinformationresourcefortheentiredomainnamespace.
DNSNameResolutionAllInternetapplicationsuseDNStoresolvehostnamesintoIPaddresses.WhenyoutypeaURLcontainingaDNSname(suchasmcgrawhill.com)intothebrowser’sAddressfieldandpressENTER,itiswhiletheapplicationgoesthroughtheprocessoffindingthesiteandconnectingthattheDNSnameresolutionprocessoccurs.
Fromtheclient’sperspective,theprocedurethatoccursduringthesefewsecondsconsistsoftheapplicationsendingaquerymessagetoitsdesignatedDNSserverthatcontainsthenametoberesolved.TheserverthenreplieswithamessagecontainingtheIPaddresscorrespondingtothatname.Usingthesuppliedaddress,theapplicationcanthentransmitamessagetotheintendeddestination.ItisonlywhenyouexaminetheDNSserver’sroleintheprocessthatyouseehowcomplextheprocedurereallyis.
ResolversThecomponentintheclientsystemthatgeneratestheDNSqueryiscalledaresolver.Inmostcases,theresolverisasimplesetoflibraryroutinesintheoperatingsystemthatgeneratesthequeriestobesenttotheDNSserver,readstheresponseinformationfromtheserver’sreplies,andfeedstheresponsetotheapplicationthatoriginallyrequestedit.Inaddition,aresolvercanresendaqueryifnoreplyisforthcomingafteragiventimeoutperiodandcanprocesserrormessagesreturnedbytheserver,suchaswhenitfailstoresolveagivenname.
DNSRequestsATCP/IPclientusuallyisconfiguredwiththeaddressesoftwoDNSserverstowhichitcansendqueries.AclientcansendaquerytoanyDNSserver;itdoesnothavetousetheauthoritativeserverforthedomaininwhichitbelongs,nordoestheserverhavetobeonthelocalnetwork.UsingtheDNSserverthatisclosesttotheclientisbest,however,becauseitminimizesthetimeneededformessagestotravelbetweenthetwosystems.AclientneedsaccesstoonlyoneDNSserver,buttwoareusuallyspecifiedtoprovideabackupincaseoneserverisunavailable.
TherearetwotypesofDNSqueries:recursiveanditerative.Whenaserverreceivesarecursivequery,itisresponsiblefortryingtoresolvetherequestednameandfortransmittingareplytotherequestor.Eveniftheserverdoesnotpossesstherequiredinformationitself,itmustsenditsownqueriestootherDNSserversuntilitobtainstherequestedinformationoranerrormessagestatingwhytheinformationwasunavailableandmustthenrelaytheinformationtotherequestor.Thesystemthatgeneratedthequery,therefore,receivesareplyonlyfromtheoriginalservertowhichitsentthequery.TheresolversinclientsystemsnearlyalwayssendrecursivequeriestoDNSservers.
![Page 359: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/359.jpg)
Whenaserverreceivesaniterativequery(alsocalledanonrecursivequery),itcaneitherrespondwithinformationfromitsowndatabaseorrefertherequestortoanotherDNSserver.Therecipientofthequeryrespondswiththebestansweritcurrentlypossesses,butisnotresponsibleforsearchingfortheinformation,aswitharecursivequery.DNSserversprocessingarecursivequeryfromaclienttypicallyuseiterativequeriestorequestinformationfromotherservers.ItispossibleforaDNSservertosendarecursivequerytoanotherserver,thusineffect“passingthebuck”andforcingtheotherservertosearchfortherequestedinformation,butthisisconsideredbadformandisrarelydonewithoutpermission.
OneofthescenariosinwhichDNSserversdosendrecursivequeriestootherserversiswhenyouconfigureaservertofunctionasaforwarder.OnanetworkrunningseveralDNSservers,youmaynotwantalloftheserverssendingqueriestootherDNSserversontheInternet.IfthenetworkhasarelativelyslowconnectiontotheInternet,forexample,severalserverstransmittingrepeatedqueriesmayusetoomuchoftheavailablebandwidth.
Topreventthis,someDNSimplementationsenableyoutoconfigureoneservertofunctionastheforwarderforallInternetqueriesgeneratedbytheotherserversonthenetwork.AnytimethataserverhastoresolvetheDNSnameofanInternetsystemandfailstofindtheneededinformationinitscache,ittransmitsarecursivequerytotheforwarder,whichisthenresponsibleforsendingitsowniterativequeriesovertheInternetconnection.Oncetheforwarderresolvesthename,itsendsareplytotheoriginalDNSserver,whichrelaysittotheclient.
Thisrequest-forwardingbehaviorisafunctionoftheoriginalserveronly.Theforwardersimplyreceivesstandardrecursivequeriesfromtheoriginalserverandprocessesthemnormally.Aservercanbeconfiguredtouseaforwarderineitherexclusiveornonexclusivemode.Inexclusivemode,theserverreliescompletelyontheforwardertoresolvetherequestedname.Iftheforwarder’sresolutionattemptfails,theserverrelaysafailuremessagetotheclient.Aserverthatusesaforwarderinexclusivemodeiscalledaslave.Innonexclusivemode,iftheforwarderfailstoresolvethenameandtransmitsanerrormessagetotheoriginalserver,thatservermakesitsownresolutionattemptbeforerespondingtotheclient.
RootNameServersInmostcases,DNSserversthatdonotpossesstheinformationneededtoresolveanamerequestedbyaclientsendtheirfirstiterativequerytooneoftheInternet’srootnameservers.Therootnameserverspossessinformationaboutallofthetop-leveldomainsintheDNSnamespace.WhenyoufirstinstallaDNSserver,theonlyaddressesthatitneedstoprocessclientrequestsarethoseoftherootnameserversbecausetheseserverscansendarequestforanameinanydomainonitswaytotheappropriateauthority.
Therootnameserverscontaintheaddressesoftheauthoritativeserversforallthetop-leveldomainsontheInternet.Infact,therootnameserversaretheauthoritiesforcertaintop-leveldomains,buttheycanalsoreferqueriestotheappropriateserverforanyoftheothertop-leveldomains,includingthecountry-codedomains,whicharescatteredallovertheworld.Therearecurrently13rootnameservers,andtheyprocessmillionsofrequests
![Page 360: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/360.jpg)
eachday.Theserversarealsoscatteredwidelyandconnectedtodifferentnetworktrunks,sothechancesofallofthembeingunavailableareminimal.Ifthisweretooccur,virtuallyallDNSnameresolutionwouldcease,andtheInternetwouldbecrippled.
Currently,theNTIAadministersauthoritythroughICANNovertheserootnameservers.However,inMarch2014,theNTIAannounceditwillcedeauthoritytoanotherorganization,whichhasnotyetbeenidentified.
ResolvingaDomainNameWiththeprecedingpiecesinplace,youarenowreadytoseehowtheDNSserversworktogethertoresolvethenameofaserverontheInternet(seeFigure15-4).Theprocessisasfollows:
Figure15-4DNSserverscommunicateamongthemselvestolocatetheinformationrequestedbyaclient.
1.AuseronaclientsystemspecifiestheDNSnameofanInternetserverinanapplicationsuchasawebbrowserorFileTransferProtocol(FTP)client.
2.Theapplicationgeneratesanapplicationprogramminginterface(API)calltotheresolverontheclientsystem,andtheresolvercreatesaDNSrecursivequerymessagecontainingtheservername.
3.TheclientsystemtransmitstherecursivequerymessagetotheDNSserveridentifiedinitsTCP/IPconfiguration.
4.Theclient’sDNSserver,afterreceivingthequery,checksitsresourcerecordstoseewhetheritistheauthoritativesourceforthezonecontainingtherequestedservername.Ifitistheauthority,itgeneratesareplymessageandtransmitsittotheclient.IftheDNSserverisnottheauthorityforthedomaininwhichtherequestedserverislocated,itgeneratesaniterativequeryandsubmitsittooneoftherootnameservers.
![Page 361: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/361.jpg)
5.TherootnameserverexaminesthenamerequestedbytheoriginalDNSserverandconsultsitsresourcerecordstoidentifytheauthoritativeserversforthename’stop-leveldomain.Becausetherootnameserverreceivedaniterativerequest,itdoesnotsenditsownrequesttothetop-leveldomainserver.Instead,ittransmitsareplytotheoriginalDNSserverthatcontainsareferraltothetop-leveldomainserveraddresses.
6.TheoriginalDNSserverthengeneratesanewiterativequeryandtransmitsittothetop-leveldomainserver.Thetop-leveldomainserverexaminesthesecond-leveldomainintherequestednameandtransmitstotheoriginalserverareferralcontainingtheaddressesofauthoritativeserversforthatsecond-leveldomain.
7.Theoriginalservergeneratesyetanotheriterativequeryandtransmitsittothesecond-leveldomainserver.Iftherequestednamecontainsadditionaldomainnames,thesecond-leveldomainserverreplieswithanotherreferraltothethird-leveldomainservers.Thesecond-leveldomainservermayalsorefertheoriginalservertotheauthoritiesforadifferentzone.Thisprocesscontinuesuntiltheoriginalserverreceivesareferraltothedomainserverthatistheauthorityforthedomainorzonecontainingtherequestedhost.
8.Oncetheauthoritativeserverforthedomainorzonecontainingthehostreceivesaqueryfromtheoriginalserver,itconsultsitsresourcerecordstodeterminetheIPaddressoftherequestedsystemandtransmitsitinareplymessagetothatoriginalserver.
9.TheoriginalserverreceivesthereplyfromtheauthoritativeserverandtransmitstheIPaddressbacktotheresolverontheclientsystem.Theresolverrelaystheaddresstotheapplication,whichcantheninitiatecommunicationswiththesystemspecifiedbytheuser.
Thisprocedureassumesasuccessfulcompletionofthenameresolutionprocedure.IfanyoftheauthoritativeDNSserversqueriedreturnsanerrormessagetotheoriginalserverstating,forexample,thatoneofthedomainsinthenamedoesnotexist,thiserrormessageisrelayedtotheclientandthenameresolutionprocessissaidtohavefailed.
DNSServerCachingThisprocessmayseemextremelylongandcomplex,butinmanycases,itisn’tnecessaryfortheclient’sDNSservertosendqueriestotheserversforeachdomainspecifiedintherequestedDNSname.DNSserversarecapableofretainingtheinformationtheylearnabouttheDNSnamespaceinthecourseoftheirnameresolutionproceduresandstoringitinacacheonthelocaldrive.
ADNSserverthatreceivesrequestsfromclients,forexample,cachestheaddressesoftherequestedsystems,aswellastheaddressesforparticulardomains’authoritativeservers.Thenexttimethataclienttransmitsarequestforapreviouslyresolvedname,theservercanrespondimmediatelywiththecachedinformation.Inaddition,ifaclientrequestsanothernameinoneofthesamedomains,theservercansendaquerydirectlytoanauthoritativeserverforthatdomain,andnottoarootnameserver.Thus,usersshouldgenerallyfindthatnamesincommonlyaccesseddomainsresolvemorequicklybecause
![Page 362: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/362.jpg)
oneoftheserversalongthelinehasinformationaboutthedomaininitscache,whilenamesinobscuredomainstakelongerbecausetheentirerequest/referralprocessisneeded.
NegativeCachingInadditiontostoringinformationthataidsinthenameresolutionprocess,mostmodernDNSserverimplementationsarecapableofnegativecaching.NegativecachingoccurswhenaDNSserverretainsinformationaboutnamesthatdonotexistinadomain.If,forexample,aclientsendsaquerytoitsDNSservercontaininganameinwhichthesecond-leveldomaindoesnotexist,thetop-leveldomainserverwillreturnareplycontaininganerrormessagetothateffect.Theclient’sDNSserverwillthenretaintheerrormessageinformationinitscache.Thenexttimeaclientrequestsanameinthatdomain,theDNSserverwillbeabletorespondimmediatelywithitsownerrormessage,withoutconsultingthetop-leveldomain.
CacheDataPersistenceCachingisavitalelementoftheDNSarchitecturebecauseitreducesthenumberofrequestssenttotherootnameandtop-leveldomainservers,which,beingatthetopoftheDNStree,arethemostlikelytoactasabottleneckforthewholesystem.However,cachesmustbepurgedeventually,andthereisafinelinebetweeneffectiveandineffectivecaching.BecauseDNSserversretainresourcerecordsintheircaches,itcantakehoursorevendaysforchangesmadeinanauthoritativeservertobepropagatedaroundtheInternet.Duringthisperiod,usersmayreceiveincorrectinformationinresponsetoaquery.Ifinformationremainsinservercachestoolong,thechangesthatadministratorsmaketothedataintheirDNSserverstaketoolongtopropagatearoundtheInternet.Ifcachesarepurgedtooquickly,thenumberofrequestssenttotherootnameandtop-leveldomainserversincreasesprecipitously.
TheamountoftimethatDNSdataremainscachedonaserveriscalleditstimetolive(TTL).Unlikemostdatacaches,thetimetoliveisnotspecifiedbytheadministratoroftheserverwherethecacheisstored.Instead,theadministratorsofeachauthoritativeDNSserverspecifyhowlongthedatafortheresourcerecordsintheirdomainsorzonesshouldberetainedintheserverswhereitiscached.Thisenablesadministratorstospecifyatime-to-livevaluebasedonthevolatilityoftheirserverdata.OnanetworkwherechangesinIPaddressesortheadditionofnewresourcerecordsisfrequent,alowertime-to-livevalueincreasesthelikelihoodthatclientswillreceivecurrentdata.Onanetworkthatrarelychanges,youcanusealongertime-to-livevalueandminimizethenumberofrequestssenttotheparentserversofyourdomainorzone.
DNSLoadBalancingInmostcases,DNSserversmaintainoneIPaddressforeachhostname.However,therearesituationsinwhichmorethanoneIPaddressisrequired.Inthecaseofahighlytraffickedwebsite,forexample,oneservermaynotbesufficienttosupportalloftheclients.Tohavemultiple,identicalserverswiththeirownIPaddresseshostingthesamesite,somemechanismisneededtoensurethatclientrequestsarebalancedamongthemachines.
OnewayofdoingthisistocontrolhowtheauthoritativeserversforthedomainonwhichthesiteislocatedresolvetheDNSnameofthewebserver.SomeDNSserverimplementationsenableyoutocreatemultipleresourcerecordswithdifferentIPaddresses
![Page 363: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/363.jpg)
forthesamehostname.Astheserverrespondstoqueriesrequestingresolutionofthatname,itusestheresourcerecordsinarotationalfashiontosupplytheIPaddressofadifferentmachinetoeachclient.
DNScachingtendstodefeattheeffectivenessofthisrotationalsystembecauseserversusethecachedinformationaboutthesite,ratherthanissuinganewqueryandpossiblyreceivingtheaddressforanothersystem.Asaresult,itisgenerallyrecommendedthatyouusearelativelyshorttime-to-livevaluefortheduplicatedresourcerecords.
ReverseNameResolutionTheDomainNameSystemisdesignedtofacilitatetheresolutionofDNSnamesintoIPaddresses,buttherearealsoinstancesinwhichIPaddresseshavetoberesolvedintoDNSnames.Theseinstancesarerelativelyrare.Inlogfiles,forexample,somesystemsconvertIPaddressestoDNSnamestomakethedatamorereadilyaccessibletohumanreaders.Certainsystemsalsousereversenameresolutioninthecourseofauthenticationprocedures.
ThestructureoftheDNSnamespaceandthemethodbywhichit’sdistributedamongvariousserversisbasedonthedomainnamehierarchy.Whentheentiredatabaseislocatedononesystem,suchasinthecaseofahosttable,searchingforaparticularaddresstofindoutitsassociatednameisnodifferentfromsearchingforanametofindanaddress.However,locatingaparticularaddressintheDNSnamespacewouldseemtorequireasearchofalloftheInternet’sDNSservers,whichisobviouslyimpractical.
TomakereversenameresolutionpossiblewithoutperformingamassivesearchacrosstheentireInternet,theDNStreeincludesaspecialbranchthatusesthedotteddecimalvaluesofIPaddressesasdomainnames.Thisbranchstemsfromadomaincalledin-addr.arpa,whichislocatedjustbeneaththerootoftheDNStree,asshowninFigure15-5.Justbeneaththein-addrdomain,thereare256subdomainsnamedusingthenumbers0to255torepresentthepossiblevaluesofanIPaddress’sfirstbyte.Eachofthesesubdomainscontainsanother256subdomainsrepresentingthepossiblevaluesofthesecondbyte.Thenextlevelhasanother256domains,eachofwhichcanhaveupto256numberedhosts,whichrepresentthethirdandfourthbytesoftheaddress.
![Page 364: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/364.jpg)
Figure15-5Thein-addr.arpadomainhierarchy
Usingthein-addr.arpadomainstructure,eachofthehostsrepresentedbyastandardnameonaDNSserveralsohasanequivalentDNSnameconstructedusingitsIPaddress.Therefore,ifasystemwiththeIPaddress192.168.214.23islistedintheDNSserverforthezacker.comdomainwiththehostnamewww,thereisalsoaresourcerecordforthatsystemwiththeDNSname23.214.168.192.in-addr.arpa,meaningthatthereisahostwiththename23inadomaincalled214.168.192.in-addr.arpa,asshowninFigure15-6.ThisdomainstructuremakesitpossibleforasystemtosearchfortheIPaddressofahostinadomain(orzone)withouthavingtoconsultotherserversintheDNStree.Inmostcases,youcanconfigureaDNSservertoautomaticallycreateanequivalentresourcerecordinthein-addr.arpadomainforeveryhostyouaddtothestandarddomainnamespace.
![Page 365: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/365.jpg)
Figure15-6EachhostintheDNSdatabasehastworesourcerecords.
ThebytevaluesofIPaddressesarereversedinthein-addr.arpadomainbecauseinaDNSname,theleastsignificantwordcomesfirst,whereasinIPaddresses,theleastsignificantbytecomeslast.Inotherwords,aDNSnameisstructuredwiththerootoftheDNStreeontherightsideandthehostnameontheleft.InanIPaddress,thehostidentifierisontheright,andthenetworkidentifierisontheleft.ItwouldbepossibletocreateadomainstructureusingtheIPaddressbytesintheirregularorder,butthiswouldcomplicatetheadministrationprocessbymakingithardertodelegatemaintenancetasksbasedonnetworkaddresses.
DNSNameRegistrationAsyouhavealreadylearned,nameresolutionistheprocessbywhichIPaddressinformationforahostnameisextractedfromtheDNSdatabase.Theprocessbywhichhostnamesandtheiraddressesareaddedtothedatabaseiscallednameregistration.NameregistrationreferstotheprocessofcreatingnewresourcerecordsonaDNSserver,thusmakingthemaccessibletoalloftheotherDNSserversonthenetwork.
ThenameregistrationprocessonatraditionalDNSserverisdecidedlylow-tech.ThereisnomechanismbywhichtheservercandetectthesystemsonthenetworkandentertheirhostnamesandIPaddressesintoresourcerecords.Infact,acomputermaynotevenbeawareofitshostnamebecauseitreceivesallofitscommunicationsusingIPaddressesandneverhastoanswertoitsname.
ToregisterahostintheDNSnamespace,anadministratorhastomanuallycreatearesourcerecordontheserver.ThemethodforcreatingresourcerecordsvariesdependingontheDNSserverimplementation.Unix-basedserversrequireyoutoeditatextfile,whileMicrosoftDNSServerusesagraphicalinterface.
ManualNameRegistrationThemanualnameregistrationprocessisanadaptationofthehosttableforuseonaDNSserver.Itiseasytoseehow,intheearlydays,administratorswereabletoimplementDNSserversontheirnetworkbyusingtheirhosttableswithslightmodifications.Today,however,themanualnameregistrationprocesscanbeproblematiconsomenetworks.
Ifyouhavealargenumberofhosts,manuallycreatingresourcerecordsforallofthemcanbeatediousaffair,evenwithagraphicalinterface.However,dependingonthenatureofthenetwork,itmaynotbenecessarytoregistereverysystemintheDNS.If,forexample,youarerunningaWindowsNTnetworkusingunregisteredIPaddresses,youmaynotneedyourownDNSserveratall,exceptpossiblytoprocessclientnameresolutionrequests.WindowsNTnetworkshavetheirownNetBIOSnamingsystemandnameresolutionmechanisms,andyougenerallydon’tneedtorefertothemusingDNSnames.
TheexceptionstothiswouldbesystemswithregisteredIPaddressesthatyouuseaswebserversorothertypesofInternetservers.ThesemustbevisibletoInternetusersand,therefore,musthaveahostnameinaregisteredDNSdomain.Inmostcases,thenumberofsystemslikethisonanetworkissmall,somanuallycreatingtheresourcerecordsisnot
![Page 366: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/366.jpg)
muchofaproblem.IfyouhaveUnixsystemsonyournetwork,however,youaremorelikelytouseDNStoidentifythemusingnames,andinthiscase,youmustcreateresourcerecordsforthem.
DynamicUpdatesAsnetworksgrowlargerandmorecomplex,thebiggestproblemarisingfrommanualnameregistrationstemsfromtheincreasinguseofDHCPserverstodynamicallyassignIPaddressestonetworkworkstations.ThemanualconfigurationofTCP/IPclientsisanotherlong-standingnetworkadministrationchorethatisgraduallybeingphasedoutinfavorofanautomatedsolution.AssigningIPaddressesdynamicallymeansthatworkstationscanhavedifferentaddressesfromonedaytothenext,andtheoriginalDNSstandardhasnowayofkeepingupwiththechanges.
OnnetworkswhereonlyafewservershavetobevisibletotheInternet,itwasn’ttoogreataninconveniencetoconfigurethemmanuallywithstaticIPaddressesanduseDHCPfortheunregisteredsystems.ThissituationchangedwiththeadventofWindows2000andActiveDirectory.WindowsNTnetworksusedWINStoresolveNetBIOSnamesintoIPaddresses,butnameregistrationwasautomaticwithWINS.WINSautomaticallyupdateditsdatabaserecordforaworkstationassignedanewIPaddressbyaDHCPserversothatnoadministratorinterventionwasrequired.ActiveDirectory,however,reliedheavilyonDNSinsteadofWINStoresolvethenamesofsystemsonthenetworkandtokeeptrackofthedomaincontrollersavailableforusebyclientworkstations.
TomaketheuseofDNSpractical,membersoftheIETFdevelopedanewspecification,publishedasRFC2136,“DynamicUpdatesintheDomainNameSystem.”ThisdocumentdefinedanewDNSmessagetype,calledanUpdate,withwhichsystemssuchasdomaincontrollersandDHCPserverscouldgenerateandtransmittoaDNSserver.TheseUpdatemessagesmodifyordeleteexistingresourcerecordsorcreatenewones,basedonprerequisitesspecifiedbytheadministrator.
ZoneTransfersMostnetworksuseatleasttwoDNSserverstoprovidefaulttoleranceandtogiveclientsaccesstoanearbyserver.Becausetheresourcerecords(inmostcases)havetobecreatedandupdatedmanuallybyadministrators,theDNSstandardsdefineamechanismthatreplicatestheDNSdataamongtheservers,thusenablingadministratorstomakethechangesonlyonce.
ThestandardsdefinetwoDNSserverroles:theprimarymasterandthesecondarymaster,orslave.Theprimarymasterserverloadsitsresourcerecordsandotherinformationfromthedatabasefilesonthelocaldrive.Theslave(orsecondarymaster)serverreceivesitsdatafromanotherserverinaprocesscalledazonetransfer,whichtheslaveperformseachtimeitstartsandperiodicallythereafter.Theserverfromwhichtheslavereceivesitsdataiscalleditsmasterserver,butitneednotbetheprimarymaster.Aslavecanreceivedatafromtheprimarymasteroranotherslave.
Zonetransfersareperformedforindividualzones,andbecauseasingleservercanbetheauthorityformultiplezones,morethanonetransfermaybeneededtoupdateallofa
![Page 367: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/367.jpg)
slaveserver’sdata.Inaddition,theprimarymasterandslaverolesarezonespecific.Aservercanbetheprimarymasterforonezoneandtheslaveforanother,althoughthispracticegenerallyshouldnotbenecessaryandislikelytogeneratesomeconfusion.
Althoughslaveserversreceiveperiodiczonetransfersfromtheirprimaries,theyarealsoabletoloaddatabasefilesfromtheirlocaldrives.Whenaslaveserverreceivesazonetransfer,itupdatesthelocaldatabasefiles.Eachtimetheslaveserverstarts,itloadsthemostcurrentresourcerecordsithasfromthedatabasefilesandthenchecksthisdatawiththeprimarymastertoseewhetheranupdateisneeded.Thispreventszonetransfersfrombeingperformedneedlessly.
DNSMessagingDNSnameresolutiontransactionsuseUserDatagramProtocol(UDP)datagramsonport53forserversandonanephemeralportnumberforclients.Communicationbetweentwoserversusesport53onbothmachines.IncasesinwhichthedatatobetransmitteddoesnotfitinasingleUDPdatagram,inthecaseofzonetransfers,thetwosystemsestablishastandardTCPconnection,alsousingport53onbothmachines,andtransmitthedatausingasmanypacketsasneeded.
TheDomainNameSystemusesasinglemessageformatforallofitscommunicationsthatconsistsofthefollowingfivesections:
•HeaderContainsinformationaboutthenatureofthemessage
•QuestionContainstheinformationrequestedfromthedestinationserver
•AnswerContainsRRssupplyingtheinformationrequestedintheQuestionsection
•AuthorityContainsRRspointingtoanauthorityfortheinformationrequestedintheQuestionsection
•AdditionalContainsRRswithadditionalinformationinresponsetotheQuestionsection
EveryDNSmessagehasaHeadersection,andtheotherfoursectionsareincludedonlyiftheycontaindata.Forexample,aquerymessagecontainstheDNSnametoberesolvedintheQuestionsection,buttheAnswer,Authority,andAdditionalsectionsaren’tneeded.Whentheserverreceivingthequeryconstructsitsreply,itmakessomechangestotheHeadersection,leavestheQuestionsectionintact,andaddsentriestooneormoreoftheremainingthreesections.Eachsectioncanhavemultipleentriessothataservercansendmorethanoneresourcerecordinasinglemessage.
TheDNSHeaderSectionTheHeadersectionoftheDNSmessagecontainscodesandflagsthatspecifythefunctionofthemessageandthetypeofservicerequestedfromorsuppliedbyaserver.Figure15-7showstheformatoftheHeadersection.
![Page 368: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/368.jpg)
Figure15-7TheDNSHeadersectionformat
ThefunctionsoftheHeaderfieldsareasfollows:
•ID,2bytesContainsanidentifiervalueusedtoassociatequerieswithreplies.
•Flags,2bytesContainsflagbitsusedtoidentifythefunctionsandpropertiesofthemessage,asfollows:
•QR,1bitSpecifieswhetherthemessageisaquery(value0)oraresponse(value1).
•OPCODE,4bitsSpecifiesthetypeofquerythatgeneratedthemessage.Responsemessagesretainthesamevalueforthisfieldasthequerytowhichtheyareresponding.Possiblevaluesareasfollows:
•0Standardquery(QUERY)
•1Inversequery(IQUERY)
•2Serverstatusrequest(STATUS)
•3–15Unused
•AA(AuthoritativeAnswer),1bitIndicatesthataresponsemessagehasbeengeneratedbyaserverthatistheauthorityforthedomainorzoneinwhichtherequestednameislocated.
•TC(Truncation),1bitIndicatesthatthemessagehasbeentruncatedbecausetheamountofdataexceedsthemaximumsizeforthecurrenttransportmechanism.InmostDNSimplementations,thisbitfunctionsasasignalthatthemessageshouldbetransmittedusingaTCPconnectionratherthanaUDPdatagram.
•RD(RecursionDesired),1bitInaquery,indicatesthatthedestinationservershouldtreatthemessageasarecursivequery.Inaresponse,indicatesthatthemessageistheresponsetoarecursivequery.Theabsenceofthisflagindicatesthatthequeryisiterative.
•RA(RecursionAvailable),1bitSpecifieswhetheraserverisconfiguredtoprocessrecursivequeries.
•Z,3bitsUnused.
•RCODE(ResponseCode),4bitsSpecifiesthenatureofaresponse
![Page 369: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/369.jpg)
message,indicatingwhenanerrorhasoccurredandwhattypeoferror,usingthefollowingvalues:
•0Noerrorhasoccurred.
•1–FormatErrorIndicatesthattheserverwasunabletounderstandthequery.
•2–ServerFailureIndicatesthattheserverwasunabletoprocessthequery.
•3–NameErrorUsedbyauthoritativeserversonlytoindicatethatarequestednameorsubdomaindoesnotexistinthedomain.
•4–NotImplementedIndicatesthattheserverdoesnotsupportthetypeofqueryreceived.
•5–RefusedIndicatesthatserverpolicies(suchassecuritypolicies)havepreventedtheprocessingofthequery.
•6–15Unused.
•QDCOUNT,2bytesSpecifiesthenumberofentriesintheQuestionsection.
•ANCOUNT,2bytesSpecifiesthenumberofentriesintheAnswersection.
•NSCOUNT,2bytesSpecifiesthenumberofnameserverRRsintheAuthoritysection.
•ARCOUNT,2bytesSpecifiesthenumberofentriesintheAdditionalsection.
TheDNSQuestionSectionTheQuestionsectionofaDNSmessagecontainsthenumberofentriesspecifiedintheheader’sQDCOUNTfield.Inmostcases,thereisonlyoneentry.EachentryisformattedasshowninFigure15-8.
Figure15-8TheDNSQuestionsectionformat
Thefunctionsofthefieldsareasfollows:
•QNAME,variableContainstheDNS,domain,orzonenameaboutwhichinformationisbeingrequested
•QTYPE,2bytesContainsacodethatspecifiesthetypeofRRthequeryisrequesting
![Page 370: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/370.jpg)
•QCLASS,2bytesContainsacodethatspecifiestheclassoftheRRbeingrequested
DNSResourceRecordSectionsThethreeremainingsectionsofaDNSmessage,theAnswer,Authority,andAdditionalsections,eachcontainresourcerecordsthatusetheformatshowninFigure15-9.Thenumberofresourcerecordsineachsectionisspecifiedintheheader’sANCOUNT,NSCOUNT,andRCOUNTfields.
Figure15-9TheformatoftheDNSAnswer,Authority,andAdditionalsections
Thefunctionsofthefieldsareasfollows:
•NAME,variableContainstheDNS,domain,orzonenameaboutwhichinformationisbeingsupplied.
•TYPE,2bytesContainsacodethatspecifiesthetypeofRRtheentrycontains.
•CLASS,2bytesContainsacodethatspecifiestheclassoftheRR.
•TTL,4bytesSpecifiestheamountoftime(inseconds)thattheRRshouldbecachedintheservertowhichitisbeingsupplied.
•RDLENGTH,2bytesSpecifiesthelength(inbytes)oftheRDATAfield.
•RDATA,variableContainsRRdata,thenatureofwhichisdependentonitsTYPEandCLASS.ForanA-typerecordintheINclass,forexample,thisfieldcontainstheIPaddressassociatedwiththeDNSnamesuppliedintheNAMEfield.
Differenttypesofresourcerecordshavedifferentfunctionsand,therefore,maycontaindifferenttypesofinformationintheRDATAfield.Mostresourcerecords,suchastheNS,A,PTR,andCNAMEtypes,haveonlyasinglenameoraddressinthisfield,whileothershavemultiplesubfields.TheSOAresourcerecordisthemostcomplexinthe
![Page 371: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/371.jpg)
DomainNameSystem.Forthisrecord,theRDATAfieldisbrokenupintosevensubfields.
ThefunctionsoftheSOAresourcerecordsubfieldsareasfollows:
•MNAME,variableSpecifiestheDNSnameoftheprimarymasterserverthatwasthesourcefortheinformationaboutthezone.
•RNAME,variableSpecifiesthee-mailaddressoftheadministratorresponsibleforthezonedata.Thisfieldhasnoactualpurposeasfarastheserverisconcerned;itisstrictlyinformational.ThevalueforthisfieldtakestheformofaDNSname.Standardpracticecallsfortheperiodafterthefirstwordtobeconvertedtothe@symbolinordertousethevalueasane-mailaddress.
•SERIAL,4bytesContainsaserialnumberthatisusedtotrackmodificationstothezonedataontheprimarymasterserver.Thevalueofthisfieldisincremented(eithermanuallyorautomatically)ontheprimarymasterservereachtimethezonedataismodified,andtheslavecomparesitsvaluetotheonesuppliedbytheprimarymastertodeterminewhetherazonetransferisnecessary.
•REFRESH,4bytesSpecifiesthetimeinterval(inseconds)atwhichtheslaveshouldtransmitanSOAquerytotheprimarymastertodeterminewhetherazonetransferisneeded.
•RETRY,4bytesSpecifiesthetimeinterval(inseconds)atwhichtheslaveshouldmakerepeatattemptstoconnecttotheprimarymasterafteritsinitialattemptfails.
•EXPIRE,4bytesSpecifiesthetimeinterval(inseconds)afterwhichtheslaveserver’sdatashouldexpire,intheeventthatitcannotcontacttheprimarymasterserver.Oncethedatahasexpired,theslaveserverstopsrespondingtoqueries.
•MINIMUM,4bytesSpecifiesthetime-to-liveinterval(inseconds)thattheservershouldsupplyforalloftheresourcerecordsinitsresponsestoqueries.
DNSMessageNotationThelatterfoursectionsoftheDNSmessagearelargelyconsistentinhowtheynotatetheinformationintheirfields.DNS,domain,andzonenamesareallexpressedinthesameway,andthesectionsallusethesamevaluesfortheresourcerecordtypeandclasscodes.TheonlyexceptionsareafewadditionalcodesthatareusedonlyintheQuestionsection,calledQTYPESandQCLASSES,respectively.ThefollowingsectionsdescribehowthesevaluesareexpressedintheDNSmessage.
DNSNameNotationDependingonthefunctionofthemessage,anyorallofthefoursectionscancontainthefullyqualifiednameofahostsystem,thenameofadomain,orthenameofazoneonaserver.Thesenamesareexpressedasaseriesofunits,calledlabels,eachofwhichrepresentsasinglewordinthename.Theperiodsbetweenthewordsarenotincluded,so
![Page 372: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/372.jpg)
todelineatethewords,eachlabelbeginswithasinglebytethatspecifiesthelengthoftheword(inbytes),afterwhichthespecifiednumberofbytesfollows.Thisisrepeatedforeachwordinthename.Afterthefinalwordofafullyqualifiedname,abytewiththevalueof0isincludedtorepresentthenullvalueoftherootdomain.
ResourceRecordTypesAllofthedatadistributedbytheDomainNameSystemisstoredinresourcerecords.Querymessagesrequestcertainresourcerecordsfromservers,andtheserversreplywiththoseresourcerecords.TheQTYPEfieldinaQuestionsectionentryspecifiesthetypeofresourcerecordbeingrequestedfromtheserver,andtheTYPEfieldsintheAnswer,Authority,andAdditionalsectionentriesspecifythetypeofresourcerecordsuppliedbytheserverineachentry.Table15-1containstheresourcerecordtypesandthecodesusedtorepresenttheminthesefields.AllofthevaluesinthistablearevalidforboththeQTYPEandTYPEfields.Table15-2containsfouradditionalvaluesthatrepresentsetsofresourcerecordsthatarevalidfortheQTYPEfieldinQuestionsectionentriesonly.
Table15-1DNSResourceRecordTypesandValuesforUseintheTYPEorQTYPEField
Table15-2AdditionalValuesRepresentingSetsofResourceRecordsforUseintheQTYPEFieldOnly
ClassTypes
![Page 373: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/373.jpg)
TheQCLASSfieldintheQuestionsectionandtheCLASSfieldintheAnswer,Authority,andAdditionalsectionsspecifythetypeofnetworkforwhichinformationisbeingrequestedorsupplied.Althoughtheyperformedavalidfunctionatonetime,thesefieldsarenowessentiallymeaninglessbecausevirtuallyallDNSmessagesusetheINclass.CSNETandCHAOSclassnetworksareobsolete,andtheHesiodclassisusedforonlyafewexperimentalnetworksatMIT.Foracademicpurposesonly,thevaluesfortheCLASSandQCLASSvaluesareshowninTables15-3and15-4.
Table15-3ValuesfortheResourceRecordCLASSandQCLASSFields
Table15-4AdditionalValuefortheResourceRecordQCLASSFieldOnly
NameResolutionMessagesTheprocessofresolvingaDNSnameintoanIPaddressbeginswiththegenerationofaquerybytheresolverontheclientsystem.Figure15-10showsaquerymessage,capturedinanetworkmonitorprogram,generatedbyawebbrowsertryingtoconnecttotheURLwww.zacker.com/.Thevalueofthemessage’sOPCODEflagis0,indicatingthatthisisaregularquery,andtheRDflaghasavalueof1,indicatingthatthisisarecursivequery.Asaresult,theDNSserverreceivingthequery(whichiscalledCZ1)willberesponsibleforresolvingtheDNSnameandreturningtheresultstotheclient.TheQDCOUNTfieldindicatesthatthereisoneentryintheQuestionsectionandnoentriesinthethreeresourcerecordsections,whichisstandardforaquerymessage.TheQuestionsectionspecifiestheDNSnametoberesolved(www.zacker.com)andthetype(1=A)andclass(1=IN)oftheresourcerecordbeingrequested.
![Page 374: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/374.jpg)
Figure15-10Thenameresolutionquerymessagegeneratedbytheresolver
CZ1isnottheauthoritativeserverforthezacker.comdomain,nordoesithavetherequestedinformationinitscache,soitmustgenerateitsownqueries.CZ1firstgeneratesaquerymessageandtransmitsittooneoftherootnameservers(198.41.0.4)configuredintotheserversoftware.TheentryintheQuestionsectionisidenticaltothatoftheclient’squerymessage.TheonlydifferencesinthisqueryarethattheserverhasincludedadifferentvalueintheIDfield(4114)andhaschangedthevalueoftheRDflagto0,indicatingthatthisisaniterativequery.
TheresponsethatCZ1receivesfromtherootnameserverbypassesonestepoftheprocessbecausethisrootnameserverisalsotheauthoritativeserverforthecomtop-leveldomain.Asaresult,theresponsecontainstheresourcerecordthatidentifiestheauthoritativeserverforthezacker.comdomain.IftherequestedDNSnamehadbeeninatop-leveldomainforwhichtherootnameserverwasnotauthoritative,suchasoneofthecountry-codedomains,theresponsewouldcontainaresourcerecordidentifyingtheproperauthoritativeservers.
TheresponsemessagefromtherootdomainserverhasaQRbitthathasavalueof1,indicatingthatthisisaresponsemessage,andthesameIDvalueastherequest,enablingCZ1toassociatethetwomessages.TheQDCOUNTfieldagainhasavalueof1becausetheresponseretainstheQuestionsection,unmodified,fromthequerymessage.TheNSCOUNTandARCOUNTfieldsindicatethattherearetwoentrieseachintheAuthorityandAdditionalsections.ThefirstentryintheAuthoritysectioncontainstheNSresourcerecordforoneoftheauthoritativeserversforzacker.comknowntotherootname/top-leveldomainserver,andthesecondentrycontainstheNSrecordfortheother.Thetypeandclassvaluesarethesameasthoserequestedinthequerymessage;thetime-to-livevalueassignedtobothrecordsis172,800seconds(48hours).TheRDATAfieldinthefirstentryis16byteslongandcontainstheDNSnameofthefirstauthoritativeserver(ns1.secure.net).TheRDATAfieldinthesecondentryisonly6byteslongandcontainsonlythehostname(ns2)fortheotherauthoritativeserversinceit’sinthesamedomainasthefirstone.
![Page 375: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/375.jpg)
TheseAuthoritysectionentriesidentifytheserversthatCZ1needstocontacttoresolvethewww.zacker.comdomainname,butitdoessousingDNSnames.TopreventCZ1fromhavingtogothroughthiswholeprocessagaintoresolvens1.secure.netandns2.secure.netintoIPaddresses,therearetwoentriesintheAdditionalsectionthatcontaintheAresourcerecordsforthesetwoservers,whichincludetheirIPaddresses.
Usingtheinformationcontainedinthepreviousresponse,CZ1transmitsaquerytothefirstauthoritativeserverforthezacker.comdomain(ns1.secure.net–192.41.1.10).Exceptforthedestinationaddress,thisqueryisidenticaltotheonethatCZ1senttotherootnameserver.TheresponsemessagethatCZ1receivesfromthens1.secure.netserver(finally)containstheinformationthattheclientoriginallyrequested.ThismessagecontainstheoriginalQuestionsectionentryandtwoentrieseachintheAnswer,Authority,andAdditionalsections.
ThefirstentryintheAnswersectioncontainsaresourcerecordwithaTYPEvalueof5(CNAME)andatime-to-livevalueof86,400seconds(24hours).TheinclusionofaCNAMEresourcerecordinaresponsetoaqueryrequestinganArecordindicatesthatthehostnamewwwexistsinthezacker.comdomainonlyasacanonicalname(thatis,analiasforanothername),whichisspecifiedintheRDATAfieldaszacker.com.ThesecondentryintheAnswersectioncontainstheAresourcerecordforthenamezacker.com,whichspecifiestheIPaddress192.41.15.74intheRDATAfield.ThisistheIPaddressthattheclientsystemmustusetoreachthewww.zacker.comwebserver.TheentriesintheAuthorityandAdditionalsectionsspecifythenamesandaddressesoftheauthoritativeserverforzacker.comandareidenticaltotheequivalententriesintheresponsemessagefromtherootnameserver.
RootNameServerDiscoveryEachtimetheDNSserverstarts,itloadstheinformationstoredinitsdatabasefiles.Oneofthesefilescontainsrootnameserverhints.Actually,thisfilecontainsthenamesandaddressesofalltherootnameservers,buttheDNSserver,insteadofrelyingonthisdata,usesittosendaquerytothefirstoftherootnameservers,requestingthatitidentifytheauthoritativeserversfortherootdomain.Thisistoensurethattheserverisusingthemostcurrentinformation.Thequeryisjustlikethatforanameresolutionrequest,exceptthatthereisnovalueintheNAMEfield.
Thereplyreturnedbytherootnameservercontains13entriesinboththeAnswerandAdditionalsections,correspondingtothe13rootnameserverscurrentlyinoperation(seeFigure15-11).EachentryintheAnswersectioncontainstheNSresourcerecordforoneoftherootnameservers,whichspecifiesitsDNSname,andthecorrespondingentryintheAdditionalsectioncontainstheArecordforthatserver,whichspecifiesitsIPaddress.Alloftheseserversarelocatedinadomaincalledroot-server.netandhaveincrementalhostnamesfromatom.Becausetheinformationabouttheseserversdoesnotchangeoften,ifatall,theirresourcerecordscanhavealongtime-to-livevalue:518,400seconds(144hoursor6days)fortheNSrecordsand3,600,000(1,000hoursor41.67days)fortheArecords.
![Page 376: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/376.jpg)
Figure15-11Therootnameserver’sresponsemessage,containingtheRRsforall13rootnameservers
ZoneTransferMessagesAzonetransferisinitiatedbyaDNSserverthatfunctionsasaslaveforoneormorezoneswhenevertheserversoftwareisstarted.TheprocessbeginswithaniterativequeryforanSOAresourcerecordthattheslavesendstotheprimarymastertoensurethatitisthebestsourceforinformationaboutthezone(seeFigure15-12).ThesingleQuestionsectionentrycontainsthenameofthezoneintheQNAMEfieldandavalueof6fortheQTYPEfield,indicatingthattheserverisrequestingtheSOAresourcerecord.
![Page 377: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/377.jpg)
Figure15-12TheSOAquerymessagegeneratedbyaslaveservertodeterminewhetherazonetransferiswarranted
TheprimarymasterthenrepliestotheslavewitharesponsethatincludestheoriginalQuestionsectionandasingleAnswersectioncontainingtheSOAresourcerecordforthezone(seeFigure15-13).Theslaveusestheinformationintheresponsetoverifytheprimarymaster’sauthorityandtodeterminewhetherazonetransferisneeded.IfthevalueoftheSOArecord’sSERIALfield,asfurnishedbytheprimarymaster,isgreaterthantheequivalentfieldontheslaveserver,thenazonetransferisrequired.
Figure15-13TheresponsemessagefromtheprimarymasterservercontainingtheSOAresourcerecord
AzonetransferrequestisastandardDNSquerymessagewithaQTYPEvalueof252,whichcorrespondstotheAXFRtype.AXFRistheabbreviationforaresourcerecordsetthatconsistsofalloftherecordsinthezone.However,inmostcases,alloftheresourcerecordsinthezonewillnotfitintoasingleUDPdatagram.UDPisaconnectionless,unreliableprotocolinwhichtherecanbeonlyoneresponsemessageforeachquerybecausetheresponsemessagefunctionsastheacknowledgmentofthequery.Becausetheprimarymasterwillalmostcertainlyhavetousemultiplepacketsinordertosendalloftheresourcerecordsinthezonetotheslave,adifferentprotocolisneeded.Therefore,beforeittransmitsthezonetransferrequestmessage,theslaveserverinitiatesaTCPconnectionwiththeprimarymasterusingthestandardthree-wayhandshake.Oncetheconnectionisestablished,theslavetransmitstheAXFRqueryinaTCPpacketusingport53(seeFigure15-14).
![Page 378: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/378.jpg)
Figure15-14TheAXFRqueryrequestingazonetransfer,transmittedtotheprimarymasterserverusingaTCPconnection
Inresponsetothequery,theprimarymasterservertransmitsalloftheresourcerecordsintherequestedzoneasentriesintheAnswersection,asshowninFigure15-15.Onceallofthedatahasbeentransmitted,thetwosystemsterminatetheTCPconnectionintheusualmanner,andthezonetransferiscompleted.
Figure15-15Onepacketfromazonetransfertransmittedbytheprimarymasterserver
![Page 379: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/379.jpg)
CHAPTER
![Page 380: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/380.jpg)
16 InternetServices
Atonetime,thetermserverincomputernetworkingwasnearlyalwaysusedinthephrasefileserver,referringtoaPCrunninganetworkoperatingsystem(NOS)thatenablesuserstoaccesssharedfilesandprinters.However,therapidgrowthoftheInternethaschangedthecommonmeaningoftheterm.TomostInternetusers,serversaretheinvisiblesystemsthathostwebsitesorthatenablethemtosendandreceivee-mail.ForLANusers,serversstillfillthetraditionalfileandprintersharingroles,butalsoprovideapplication-relatedfunctions,suchasaccesstodatabases.Thus,peoplearegraduallylearningthataserverisbothasoftwareaswellasahardwareentityandthatasinglecomputercanactuallyfunctioninmultipleserverrolessimultaneously.
InternetserversaresoftwareproductsthatprovidetraditionalInternetservicestoclients,whetherornottheyareactuallyconnectedthroughtheInternet.Web,FTP,ande-mailareallservicesthatcanbeasusefulonaLAN,asmartphone,oratabletasontheInternet.Thischapterexaminesthetechnologybehindtheseservicesandtheproceduresforimplementingthemonyournetwork.
WebServersTheWebisaubiquitoustoolforbusiness,education,andrecreation.Alongwiththeproliferationofmobiledevices,a“webpresence”isnearlyrequiredformostbusinesses.ThebasicbuildingblocksoftheWebareasfollows:
•WebserversComputersrunningasoftwareprogramthatprocessesresourcerequestsfromclients
•BrowsersClientsoftwarethatgeneratesresourcerequestsandsendsthemtowebservers
•HypertextTransferProtocol(HTTP)TheTransmissionControlProtocol/InternetProtocol(TCP/IP)applicationlayerprotocolthatserversandbrowsersusetocommunicate
•HypertextMarkupLanguage(HTML)Themarkuplanguageusedtocreatewebpages
SelectingaWebServerAwebserverisactuallyarathersimpledevice.Whenyouseecomplexpagesfulloffancytextandgraphicsonyourmonitor,you’reactuallyseeingsomethingthatismoretheproductofthepagedesignerandthebrowsertechnologythanofthewebserver.Initssimplestform,awebserverisasoftwareprogramthatprocessesrequestsforspecificfilesfrombrowsersanddeliversthosefilestothebrowser.Theserverdoesnotreadthecontentsofthefiles,nordoesitparticipateintherenderingprocessthatcontrolshowawebpageisdisplayedinthebrowser.Thedifferencesbetweenwebserverproductsareintheadditionalfeaturestheyprovideandtheirabilitytohandlelargenumbersofrequests.
![Page 381: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/381.jpg)
WebServerFunctionsAwebserverisaprogramthatrunsinthebackgroundonacomputerandlistensonaparticularTCPportforincomingrequests.Simplyspeaking,theprocessisasfollows:
1.Acomputerclientasksforafile.
2.Theserverfindsthefile.
3.Theserverssendsaresponsetotheclient,usuallyaheaderaswellasthedata.
4.Theserverclosestheconnection.
ThestandardTCPportforanHTTPserveris80,althoughmostserversenableyoutospecifyadifferentportnumberforasiteandmayuseasecondportnumberfortheserver’sadministrativeinterface.Toaccessawebserverusingadifferentport,youmustspecifythatportnumberaspartoftheURL.
UniformResourceLocatorsTheformatoftheuniformresourcelocator(URL)thatyoutypeintoabrowser’sAddressfieldtoaccessaparticularwebsiteisdefinedinRFC1738,publishedbytheInternetEngineeringTaskForce(IETF).AURLconsistsoffourelementsthatidentifytheresourcethatyouwanttoaccess:
•ProtocolSpecifiestheapplicationlayerprotocolthatthebrowserwillusetoconnecttotheserver.SomeofthevaluesdefinedintheURLstandardareasfollows(othershavebeendefinedbyadditionalstandardspublishedsinceRFC3986,whichupdatedRFC1738):
•httpHypertextTransferProtocol
•ftpFileTransferProtocol
•mailtoMailaddress
•newsUsenetnews
•telnetReferencetointeractivesessions
•waisWideareainformationservers
•fileHost-specificfilenames
•ServernameSpecifiestheDNSnameorIPaddressoftheserver.
•PortnumberSpecifiestheportnumberthattheserverismonitoringforincomingtraffic.
•DirectoryandfileIdentifiesthelocationofthefilethattheservershouldsendtothebrowser.
TheformatofaURLisasfollows:
protocol://name:port/directory/file.html
Mostofthetime,usersdonotspecifytheprotocol,port,directory,andfileintheirURLs,andthebrowserusesitsdefaultvalues.WhenyouenterjustaDNSname,suchaswww.zacker.com,thebrowserassumestheuseoftheHTTPprotocol,port80,andtheweb
![Page 382: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/382.jpg)
server’shomedirectory.Fullyexpanded,thisURLwouldappearsomethinglikethefollowing:http://www.zacker.com:80/index.html
Theonlyelementthatcouldvaryamongdifferentserversisthefilenameofthedefaultwebpage,hereshownasindex.html.ThedefaultfilenameisconfiguredoneachserverandspecifiesthefilethattheserverwillsendtoaclientwhennofilenameisspecifiedintheURL.
Ifyouconfigureawebservertouseaportotherthan80tohostasite,usersmustspecifytheportnumberaspartoftheURL.Themainexceptiontothisiswhentheadministratorwantstocreateasitethatishiddenfromtheaverageuser.Somewebserverproducts,forexample,areconfigurableusingawebbrowser,andtheservercreatesaseparateadministrativesitecontainingtheconfigurationcontrolsfortheprogram.Duringthesoftwareinstallation,theprogrampromptstheadministratorforaportnumberthatitshouldusefortheadministrativesite.Thus,specifyingthenameoftheserveronabrowseropensthedefaultsiteonport80,butspecifyingtheservernamewiththeselectedportaccessestheadministrativesite.
Theuseofanonstandardportisnotreallyasecuritymeasurebecausethereareprogramsavailablethatcanidentifytheportsthatawebserverisusing.Theadministrativesiteforaserverusuallyhassecurityintheformofuserauthenticationaswell;theportnumberisjustameansofkeepingthesitehiddenfromcurioususers.
CGIMuchofthetrafficgeneratedbytheWebtravelsfromthewebservertothebrowser.TheupstreamtrafficfrombrowsertoserverconsistsmainlyofHTTPrequestsforspecificfiles.However,therearemechanismsbywhichbrowserscansendothertypesofinformationtoservers.Theservercanthenfeedtheinformationtoanapplicationforprocessing.TheCommonGatewayInterface(CGI)isawidelysupportedmechanismofthistype.Inmostcases,theusersuppliesinformationinaformbuiltintoawebpageusingstandardHTMLtagsandthensubmitstheformtoaserver.Theserver,uponreceivingthedatafromthebrowser,executesaCGIscriptthatdefineshowtheinformationshouldbeused.Theservermightfeedtheinformationasaquerytoadatabaseserver,useittoperformanonlinefinancialtransaction,oruseitforanyotherpurpose.
LoggingVirtuallyallwebservershavethecapabilitytomaintainlogsthattrackallclientaccesstothesiteandanyerrorsthathaveoccurred.Thelogstypicallytaketheformofatextfile,witheachserveraccessrequestorerrorappearingonaseparateline.Eachlinecontainsmultiplefields,separatedbyspacesorcommas.Theinformationloggedbytheserveridentifieswhoaccessedthesiteandwhen,aswellastheexactdocumentssenttotheclientbytheserver.
Mostwebserversenabletheadministratortochooseamongseveralformatsforthelogstheykeep.Someserversuseproprietarylogformats,whichgenerallyarenotsupportedbythestatisticsprograms,whileotherserversmayalsobeabletologserverinformationtoanexternaldatabaseusinganinterfacesuchasOpenDatabaseConnectivity(ODBC).Mostservers,however,supporttheCommonLogFileformatdefinedbytheNationalCenterforSupercomputingApplications(NCSA).Thisformat
![Page 383: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/383.jpg)
consistsofnothingbutone-lineentrieswithfieldsseparatedbyspaces.TheformatforeachCommonLogFileentryandthefunctionsofeachfieldareasfollows:remotehostlognameusernamedaterequeststatusbytes
•remotehostSpecifiestheIPaddressoftheremoteclientsystem.SomeserversalsoincludeaDNSreverselookupfeaturethatresolvestheaddressintoaDNSnameforloggingpurposes.
•lognameSpecifiestheremotelognameoftheuserattheclientsystem.Mostoftoday’sbrowsersdonotsupplythisinformation,sothefieldinthelogisfilledwithaplaceholder,suchasadash.
•usernameSpecifiestheusernamewithwhichtheclientwasauthenticatedtotheserver.
•dateSpecifiesthedateandtimethattherequestwasreceivedbytheserver.Mostserversusethelocaldateandtimebydefault,butmayincludeaGreenwichmeantimedifferential,suchas–0500forU.S.EasternStandardTime.
•requestSpecifiesthetextoftherequestreceivedbytheserver.
•statusContainsoneofthestatuscodesdefinedintheHTTPstandardthatspecifieswhethertherequestwasprocessedsuccessfullyand,ifnot,why.
•bytesSpecifiesthesize(inbytes)ofthefiletransmittedtotheclientbytheserverinresponsetotherequest.
ThereisalsoalogfileformatcreatedbytheWorldWideWebConsortium(W3C),calledtheExtendedLogFileformat,thataddressessomeoftheinherentproblemsoftheCommonLogFileformat,suchasdifficultiesininterpretingloggeddatabecauseofspaceswithinfields.TheExtendedLogFileprovidesanextendableformatwithwhichadministratorscanspecifytheinformationtobeloggedorinformationthatshouldn’tbelogged.TheformatfortheExtendedLogFileconsistsoffields,aswellasentries.Fieldsappearonseparatelines,beginningwiththe#symbol,andspecifyinformationaboutthedatacontainedinthelog.Thevalidfieldentriesareasfollows:
•#Version:integer.integerSpecifiestheversionofthelogfileformat.Thisfieldisrequiredineverylogfile.
•#Fields:[specifiers]Identifiesthetypeofdatacarriedineachfieldofalogentry,usingabbreviationsspecifiedintheExtendedLogFileformatspecification.Thisfieldisrequiredineverylogfile.
•#SoftwarestringIdentifiestheserversoftwarethatcreatedthelog.
•#Start-Date:datetimeSpecifiesthedateandtimethatloggingstarted.
•#End-Date:datetimeSpecifiesthedateandtimethatloggingceased.
•#Date:datetimeSpecifiesthedateandtimeatwhichaparticularentrywasaddedtothelogfile.
•#Remark:textContainscommentinformationthatshouldbeignoredbyallprocesses.
![Page 384: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/384.jpg)
Thesefieldsenableadministratorstospecifytheinformationtoberecordedinthelogwhilemakingitpossibleforstatisticsprogramstocorrectlyparsethedatainthelogentries.
RemoteAdministrationAllwebserversneedsomesortofadministrativeinterfacethatyoucanusetoconfiguretheiroperationalparameters.Evenano-frillsserverletsyoudefineahomedirectorythatshouldfunctionastherootofthesiteandotherbasicfeatures.Someserverproductsincludeaprogramthatyoucanrunonthecomputerthatprovidesthisinterface,butmanyproductshavetakentheopportunitytoincludeanadministrativewebsitewiththeproduct.Withasitelikethis,youcanconfiguretheserverfromanycomputerusingastandardwebbrowser.Thisisaconvenienttoolforthenetworkadministrator,especiallywhenthewebserversystemislocatedinaserverclosetorotherremotelocationorwhenonepersonisresponsibleformaintainingseveralservers.
Thebiggestproblemwiththisformofremoteadministrationissecurity,buttherearemechanismsthatcanpreventunauthorizedusersfrommodifyingtheserverconfiguration.Themostbasicofthesemechanisms,asmentionedearlier,istheuseofanonstandardportnumberfortheadministrativesite.Serversthatusenonstandardportstypicallyrequirethatyouspecifytheportnumberduringtheserverinstallation.
AsecondmethodistoincludeameansbywhichyoucanspecifytheIPaddressesoftheonlysystemsthataretobepermittedaccesstotheadministrativeinterface.IISincludesthismethod,andbydefault,theonlysystemthatcanaccesstheweb-basedinterfaceistheoneonwhichtheserverisinstalled.However,youcanopenuptheservertoremoteadministrationandspecifytheaddressesofotherworkstationstobegrantedaccessorspecifytheaddressesofsystemsthataretobedenied.
VirtualDirectoriesAwebserverutilizesadirectoryonthecomputer’slocaldriveasthehomedirectoryforthewebsiteithosts.TheservertransmitsthedefaultfilenameinthatdirectorytoclientswhentheyaccessthesiteusingaURLthatconsistsonlyofaDNSnameorIPaddress.Subdirectoriesbeneaththatdirectoryalsoappearassubdirectoriesonthewebsite.IIS,forexample,usestheC:\InetPub\wwwrootdirectoryasthedefaulthomedirectoryforitswebsite.IfthatwebserverisregisteredintheDNSwiththenamewww.zacker.com,thedefaultpagedisplayedbyabrowseraccessingthatsitewillbethedefault.htmfileinthewwwrootdirectory.AfileintheC:\InetPub\wwwroot\docsdirectoryontheserverwill,therefore,appearonthesiteinwww.zacker.com/docs.
Usingthissystem,allthefilesanddirectoriesthataretoappearonthewebsitemustbelocatedbeneaththehomedirectory.However,thisisnotaconvenientarrangementforeverysite.Onanintranet,forexample,administratorsmaywanttopublishdocumentsinexistingdirectoriesusingawebserverwithoutmovingthemtothehomedirectory.Tomakethispossible,someserverproductsenableyoutocreatevirtualdirectoriesonthesite.Avirtualdirectoryisadirectoryatanotherlocation—elsewhereonthedrive,onanotherdrive,orsometimesevenonanothercomputer’sshareddrive—thatispublishedonawebsiteusinganalias.Theadministratorspecifiesthelocationofthedirectoryandthealiasunderwhichitwillappearonthesite.Thealiasfunctionsasasubdirectoryonthesitethatuserscanaccessinthenormalmannerandcontainsthefilesandsubdirectoriesfromtheotherdrive.
![Page 385: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/385.jpg)
NOTESeeChapters25and26forinformationaboutwebandnetworksecurity.
HTMLTheHypertextMarkupLanguageisthelinguafrancaoftheWeb,butitactuallyhaslittletodowiththefunctionsofawebserver.Webserversareprogramsthatdeliverrequestedfilestoclients.ThefactthatmostofthesefilescontainHTMLcodeisimmaterialbecausetheserverdoesnotreadthem.Theonlywayinwhichtheyaffecttheserver’sfunctionsiswhentheclientparsestheHTMLcodeandrequestsadditionalfilesfromtheserverthatareneededtodisplaythewebpageinthebrowser,suchasimagefiles.Eveninthiscase,however,theimagefilerequestsarejustadditionalrequeststotheserver.
HTTPCommunicationbetweenwebserversandtheirbrowserclientsisprovidedbyanapplicationlayerprotocolcalledtheHypertextTransferProtocol.HTTPisarelativelysimpleprotocolthattakesadvantageoftheservicesprovidedbytheTCPprotocolatthetransportlayertotransferfilesfromserverstoclients.WhenaclientconnectstoawebserverbytypingaURLinabrowserorclickingahyperlink,thesystemgeneratesanHTTPrequestmessageandtransmitsittotheserver.Thisisanapplicationlayerprocess,butbeforeitcanhappen,communicationatthelowerlayersmustbeestablished.
UnlesstheuserorthehyperlinkspecifiestheIPaddressofthewebserver,thefirststepinestablishingtheconnectionbetweenthetwosystemsistodiscovertheaddressbysendinganameresolutionrequesttoaDNSserver.ThisaddressmakesitpossiblefortheIPprotocoltoaddresstraffictotheserver.Oncetheclientsystemknowstheaddress,itestablishesaTCPconnectionwiththeserver’sport80usingthestandardthree-wayhandshakeprocessdefinedbythatprotocol.
OncetheTCPconnectionisestablished,thebrowserandtheservercanexchangeHTTPmessages.HTTPconsistsofonlytwomessagetypes,requestsandresponses.Unlikethemessagesofmostotherprotocols,HTTPmessagestaketheformofASCIItextstrings,notthetypicalheaderswithdiscretecodedfields.Infact,youcanconnecttoawebserverwithaTelnetclientandrequestafilebyfeedinganHTTPcommanddirectlytotheserver.TheserverwillreplywiththefileyourequestedinitsrawASCIIform.
EachHTTPmessageconsistsofthefollowingelements:
•StartlineContainsarequestcommandorareplystatusindicator,plusaseriesofvariables
•Headers[optional]Containsaseriesofzeroormorefieldscontaininginformationaboutthemessageorthesystemsendingit
•EmptylineContainsablanklinethatidentifiestheendoftheheadersection
•Messagebody[optional]Containsthepayloadbeingtransmittedtotheothersystem
![Page 386: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/386.jpg)
HTTPRequestsThestartlineforallHTTPrequestsisstructuredasfollows:RequestTypeRequestURIHTTPVersion
HTTPstandardsdefineseveraltypesofrequestmessages,whichincludethefollowingvaluesfortheRequestTypevariable:
•GETContainsarequestforinformationspecifiedbytheRequestURIvariable.Thistypeofrequestaccountsforthevastmajorityofrequestmessages.
•HEADFunctionallyidenticaltotheGETrequest,exceptthatthereplyshouldcontainonlyastartlineandheaders;nomessagebodyshouldbeincluded.
•POSTRequeststhattheinformationincludedinthemessagebodybeacceptedbythedestinationsystemasanewsubordinatetotheresourcespecifiedbytheRequestURIvariable.
•OPTIONSContainsarequestforinformationaboutthecommunicationoptionsavailableontherequest/responsechainspecifiedbytheRequestURIvariable.
•PUTRequeststhattheinformationincludedinthemessagebodybestoredatthedestinationsysteminthelocationspecifiedbytheRequestURIvariable.
•DELETERequeststhatthedestinationsystemdeletetheresourceidentifiedbytheRequestURIvariable.
•TRACERequeststhatthedestinationsystemperformanapplicationlayerloopbackoftheincomingmessageandreturnittothesender.
•CONNECTReservedforusewithproxyserversthatprovideSSLtunneling.
TheRequestURIvariablecontainsauniformresourceidentifier(URI),atextstringthatuniquelyidentifiesaparticularresourceonthedestinationsystem.Inmostcases,thisvariablecontainsthenameofafileonawebserverthattheclientwantstheservertosendtoitorthenameofadirectoryfromwhichtheservershouldsendthedefaultfile.TheHTTPVersionvariableidentifiestheversionoftheHTTPprotocolthatissupportedbythesystemgeneratingtherequest.
Thus,whenausertypesthenameofawebsiteintoabrowser,therequestmessagegeneratedcontainsastartlinethatappearsasfollows:GET/HTTP/1.1
TheGETcommandrequeststhattheserversendafile.TheuseoftheforwardslashasthevaluefortheRequestURIvariablerepresentstherootofthewebsite,sotheserverwillrespondbysendingthedefaultfilelocatedintheserver’shomedirectory.
HTTPHeadersFollowingthestartline,anyHTTPmessagecanincludeaseriesofheaders,whicharetextstringsformattedinthefollowingmanner:
![Page 387: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/387.jpg)
FieldName:FieldValue
Here,theFieldNamevariableidentifiesthetypeofinformationcarriedintheheader,andtheFieldValuevariablecontainstheinformation.Thevariousheadersmostlyprovideinformationaboutthesystemsendingthemessageandthenatureoftherequest,whichtheservermayormaynotusewhenformattingthereply.Thenumber,choice,andorderoftheheadersincludedinamessagearelefttotheclientimplementation,buttheHTTPspecificationrecommendsthattheybeorderedusingfourbasiccategories.
GeneralHeaderFieldsGeneralheadersapplytobothrequestandresponsemessagesbutdonotapplytotheentity(thatis,thefileorotherinformationinthebodyofthemessage).ThegeneralheaderFieldNamevaluesareasfollows:
•Cache-ControlContainsdirectivestobeobeyedbycachingmechanismsatthedestinationsystem
•ConnectionSpecifiesoptionsdesiredforthecurrentconnection,suchthatitbekeptaliveforusewithmultiplerequests
•DateSpecifiesthedateandtimethatthemessagewasgenerated
•PragmaSpecifiesdirectivesthatarespecifictotheclientorserverimplementation
•TrailerIndicatesthatspecificheaderfieldsarepresentinthetrailerofamessageencodedwithchunkedtransfer-coding
•Transfer-EncodingSpecifieswhattypeoftransformation(ifany)hasbeenappliedtothemessagebodyinordertosafelytransmitittothedestination
•UpgradeSpecifiesadditionalcommunicationprotocolssupportedbytheclient
•ViaIdentifiesthegatewayandproxyserversbetweentheclientandtheserverandtheprotocolstheyuse
•WarningContainsadditionalinformationaboutthestatusortransformationofamessage
RequestHeaderFieldsRequestheadersapplyonlytorequestmessagesandsupplyinformationabouttherequestandthesystemmakingtherequest.TherequestheaderFieldNamevaluesareasfollows:
•AcceptSpecifiesthemediatypesthatareacceptableintheresponsemessage
•Accept-CharsetSpecifiesthecharactersetsthatareacceptableintheresponsemessage
•Accept-EncodingSpecifiesthecontentcodingsthatareacceptableintheresponsemessage
•Accept-LanguageSpecifiesthelanguagesthatareacceptableintheresponsemessage
•AuthorizationContainscredentialswithwhichtheclientwillbe
![Page 388: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/388.jpg)
authenticatedtotheserver
•ExpectSpecifiesthebehaviorthattheclientexpectsfromtheserver
•FromContainsane-mailaddressfortheusergeneratingtherequest
•HostSpecifiestheInternethostnameoftheresourcebeingrequested(usuallyaURL),plusaportnumberifdifferentfromthedefaultport(80)
•If-MatchUsedtomakeaparticularrequestconditionalbymatchingparticularentitytags
•If-Modified-SinceUsedtomakeaparticularrequestconditionalbyspecifyingthemodificationdateoftheclientcacheentrycontainingtheresource,whichtheservercomparestotheactualresourceandreplieswitheithertheresourceoracachereferral
•If-None-MatchUsedtomakeaparticularrequestconditionalbynotmatchingparticularentitytags
•If-RangeRequeststhattheservertransmitthepartsofanentitythattheclientismissing
•If-Unmodified-SinceUsedtomakeaparticularrequestconditionalbyspecifyingadatethattheservershouldusetodeterminewhethertosupplytherequestedresource
•Max-ForwardsLimitsthenumberofproxiesorgatewaysthatcanforwardtherequesttoanotherserver
•Proxy-AuthorizationContainscredentialswithwhichtheclientwillauthenticateitselftoaproxyserver
•RangeContainsoneormorebyterangesrepresentingpartsoftheresourcespecifiedbytheResourceURIvariablethattheclientisrequestingbesentbytheserver
•RefererSpecifiestheresourcefromwhichtheResourceURIvaluewasobtained
•TESpecifieswhichextensiontransfer-codingstheclientcanacceptintheresponseandwhethertheclientwillaccepttrailerfieldsinachunkedtransfer-coding
•User-AgentContainsinformationaboutthebrowsergeneratingtherequest
ResponseHeaderFieldsTheresponseheadersapplyonlytoresponsemessagesandprovideadditionalinformationaboutthemessageandtheservergeneratingthemessage.TheresponseheaderFieldNamevaluesareasfollows:
•Accept-RangesEnablesaservertoindicateitsacceptanceofrangerequestsforaresource(usedinresponsesonly)
•AgeSpecifiestheelapsedtimesinceacachedresponsewasgeneratedataserver
![Page 389: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/389.jpg)
•EtagSpecifiesthecurrentvalueoftheentitytagfortherequestedvariant
•LocationDirectsthedestinationsystemtoalocationfortherequestedresourceotherthanthatspecifiedbytheRequestURIvariable
•Proxy-AuthenticateSpecifiestheauthenticationschemeusedbyaproxyserver
•Retry-AfterSpecifieshowlongarequestedresourcewillbeunavailabletotheclient
•ServerIdentifiesthewebserversoftwareusedtoprocesstherequest
•VarySpecifiestheheaderfieldsusedtodeterminewhetheraclientcanuseacachedresponsetoarequestwithoutrevalidationbytheserver
•WWW-AuthenticateSpecifiesthetypeofauthenticationrequiredinorderfortheclienttoaccesstherequestedresource
EntityHeaderFieldsThetermentityisusedtodescribethedataincludedinthemessagebodyofaresponsemessage,andtheentityheadersprovideadditionalinformationaboutthatdata.TheentityheaderFieldNamevaluesareasfollows:
•AllowSpecifiestherequesttypessupportedbyaresourceidentifiedbyaparticularRequestURIvalue
•Content-EncodingSpecifiesadditionalcontent-codingmechanisms(suchasgzip)thathavebeenappliedtothedatainthebodyofthemessage
•Content-LanguageSpecifiesthelanguageofthemessagebody
•Content-LengthSpecifiesthelengthofthemessagebody,inbytes
•Content-LocationSpecifiesthelocationfromwhichtheinformationinthemessagebodywasderived,whenitisseparatefromthelocationspecifiedbytheResourceURIvariable
•Content-MD5ContainsanMD5digestofthemessagebody(asdefinedinRFC1864)thatwillbeusedtoverifyitsintegrityatthedestination
•Content-RangeIdentifiesthelocationofthedatainthemessagebodywithinthewholeoftherequestedresourcewhenthemessagecontainsonlypartoftheresource
•Content-TypeSpecifiesthemediatypeofthedatainthemessagebody
•ExpiresSpecifiesthedateandtimeafterwhichthecachedresponseistobeconsideredstale
•Last-ModifiedSpecifiesthedateandtimeatwhichtheserverbelievestherequestedresourcewaslastmodified
•Extension-HeaderEnablestheuseofadditionalentityheaderfieldsthatmustberecognizedbyboththeclientandtheserver
HTTPResponses
![Page 390: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/390.jpg)
TheHTTPresponsesgeneratedbywebserversusemanyofthesamebasicelementsastherequests.Thestartlinealsoconsistsofthreeelements,asfollows:HTTPVersionStatusCodeStatusPhrase
TheHTTPVersionvariablespecifiesthestandardsupportedbytheserver,usingthesamevalueslistedearlier.TheStatusCodeandStatusPhrasevariablesindicatewhethertherequesthasbeenprocessedsuccessfullybytheserverand,ifithasn’t,whynot.Thecodeisathree-digitnumber,andthephraseisatextstring.ThecodevaluesaredefinedintheHTTPspecificationandareusedconsistentlybyallwebserverimplementations.Thefirstdigitofthecodespecifiesthegeneralnatureoftheresponse,andthesecondtwodigitsgivemorespecificinformation.Thestatusphrasesaredefinedbythestandardaswell,butsomewebserverproductsenableyoutomodifythetextstringsinordertosupplymoreinformationtotheclient.Thecodesandphrasesdefinedbythestandardarelistedinthefollowingsections.
InformationalCodesInformationalcodesareusedonlyinresponseswithnomessagebodiesandhavethenumeral1astheirfirstdigit,asshownhere:
•100–ContinueIndicatesthattherequestmessagehasbeenreceivedbytheserverandthattheclientshouldeithersendanothermessagecompletingtherequestorcontinuetowaitforaresponse.Aresponseusingthiscodemustbefollowedbyanotherresponsecontainingacodeindicatingcompletionoftherequest.
•101–SwitchingProtocolAresponsetoanUpdaterequestbytheclientandindicatestheserverisswitchingaswell.Whilenotincommonuse,thiscodewascreatedtoallowmigrationtoanincompatibleprotocolversion.
SuccessfulCodesSuccessfulcodeshavea2astheirfirstdigitandindicatethattheclient’srequestmessagehasbeensuccessfullyreceived,understood,andaccepted.Thevalidcodesareasfollows:
•200–OKIndicatesthattherequesthasbeenprocessedsuccessfullyandthattheresponsecontainsthedataappropriateforthetypeofrequest.
•201–CreatedIndicatesthattherequesthasbeenprocessedsuccessfullyandthatanewresourcehasbeencreated.
•202–AcceptedIndicatesthattherequesthasbeenacceptedforprocessingbutthattheprocessinghasnotyetbeencompleted.
•203–NonauthoritativeInformationIndicatesthattheinformationintheheadersisnotthedefinitiveinformationsuppliedbytheserverbutisgatheredfromalocalorathird-partycopy.
•204–NoContentIndicatesthattherequesthasbeenprocessedsuccessfullybutthattheresponsecontainsnomessagebody.Itmaycontainheaderinformation.
•205–ResetContentIndicatesthattherequesthasbeenprocessedsuccessfullyandthattheclientbrowserusershouldresetthedocumentview.Thismessagetypicallymeansthatthedatafromaformhasbeenreceivedandthatthe
![Page 391: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/391.jpg)
browsershouldresetthedisplaybyclearingtheformfields.
•206–PartialContentIndicatesthattherequesthasbeenprocessedsuccessfullyandthattheserverhasfulfilledarequestthatusestheRangeheadertospecifypartofaresource.
RedirectionCodesRedirectioncodeshavea3astheirfirstdigitandindicatethatfurtheractionfromtheclient(eitherthebrowserortheuser)isrequiredtosuccessfullyprocesstherequest.Thevalidcodesareasfollows:
•300–MultipleChoicesIndicatesthattheresponsecontainsalistofresourcesthatcanbeusedtosatisfytherequest,fromwhichtheusershouldselectone.
•301–MovedPermanentlyIndicatesthattherequestedresourcehasbeenassignedanewpermanentURIandthatallfuturereferencestothisresourceshoulduseoneofthenewURIssuppliedintheresponse.
•302–FoundIndicatesthattherequestedresourceresidestemporarilyunderadifferentURIbutthattheclientshouldcontinuetousethesameRequestURIvalueforfuturerequestssincethelocationmaychangeagain.
•303–SeeOtherIndicatesthattheresponsetotherequestcanbefoundunderadifferentURIandthattheclientshouldgenerateanotherrequestpointingtothenewURI.
•304–NotModifiedIndicatesthattheversionoftherequestedresourceintheclientcacheisidenticaltothatontheserverandthatretransmissionoftheresourceisnotnecessary.
•305–UseProxyIndicatesthattherequestedresourcemustbeaccessedthroughtheproxyspecifiedintheLocationheader.
•306–UnusedNolongerusedandiscurrentlyreservedforfutureuse.
•307–TemporaryRedirectIndicatesthattherequestedresourceresidestemporarilyunderadifferentURIbutthattheclientshouldcontinuetousethesameRequestURIvalueforfuturerequestssincethelocationmaychangeagain.
•308–PermanentRedirectIndicatesthattheresourceisnowatanotherURL.Whilesimilartothe301responsecode,theexceptionfora308codeisthattheuseragentmustnotchangetheHTTPmethodused.
ClientErrorCodesClienterrorcodeshavea4astheirfirstdigitandindicatethattherequestcouldnotbeprocessedbecauseofanerrorbytheclient.Thevalidcodesareasfollows:
•400–BadRequestIndicatesthattheservercouldnotunderstandtherequestbecauseofmalformedsyntax
•401–UnauthorizedIndicatesthattheservercouldnotprocesstherequestbecauseuserauthenticationisrequired
•402–PaymentRequiredReservedforfutureuse
![Page 392: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/392.jpg)
•403–ForbiddenIndicatesthattheserverisrefusingtoprocesstherequestandthatitshouldnotberepeated
•404–NotFoundIndicatesthattheservercouldnotlocatetheresourcespecifiedbytheRequestURIvariable
•405–MethodNotAllowedIndicatesthattherequesttypecannotbeusedforthespecifiedRequestURI
•406–NotAcceptableIndicatesthattheresourcespecifiedbytheRequestURIvariabledoesnotconformtoanyofthedatatypesspecifiedintherequestmessage’sAcceptheader
•407–ProxyAuthenticationRequiredIndicatesthattheclientmustauthenticateitselftoaproxyserverbeforeitcanaccesstherequestedresource
•408–RequestTimeoutIndicatesthattheclientdidnotproducearequestwithintheserver’stimeoutperiod
•409–ConflictIndicatesthattherequestcouldnotbeprocessedbecauseofaconflictwiththecurrentstateoftherequestedresource,suchaswhenaPUTcommandattemptstowritedatatoaresourcethatisalreadyinuse
•410–GoneIndicatesthattherequestedresourceisnolongeravailableattheserverandthattheserverisnotawareofanalternativelocation
•411–LengthRequiredIndicatesthattheserverhasrefusedtoprocessarequestthatdoesnothaveaContent-Lengthheader
•412–PreconditionFailedIndicatesthattheserverhasfailedtosatisfyoneofthepreconditionsspecifiedintherequestheaders
•413–RequestEntityTooLargeIndicatesthattheserverisrefusingtoprocesstherequestbecausethemessageistoolarge
•414–RequestURITooLongIndicatesthattheserverisrefusingtoprocesstherequestbecausetheRequestURIvalueislongerthantheserveriswillingtointerpret
•415–UnsupportedMediaTypeIndicatesthattheserverisrefusingtoprocesstherequestbecausetherequestisinaformatnotsupportedbytherequestedresourcefortherequestedmethod
•416–RequestedRangeNotSatisfiableIndicatesthattheservercannotprocesstherequestbecausethedataspecifiedbytheRangeheaderintherequestmessagedoesnotexistintherequestedresource
•417–ExpectationFailedIndicatesthattheservercouldnotsatisfytherequirementsspecifiedintherequestmessage’sExpectheader
ServerErrorCodesServererrorcodeshavea5astheirfirstdigitandindicatethattherequestcouldnotbeprocessedbecauseofanerrorbytheserver.Thevalidcodesareasfollows:
•500–InternalServerErrorIndicatesthattheserverencounteredan
![Page 393: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/393.jpg)
unexpectedconditionthatpreventeditfromfulfillingtherequest
•501–NotImplementedIndicatesthattheserverdoesnotsupportthefunctionalityrequiredtosatisfytherequest
•502–BadGatewayIndicatesthatagatewayorproxyserverhasreceivedaninvalidresponsefromtheupstreamserveritaccessedwhileattemptingtoprocesstherequest
•503–ServiceUnavailableIndicatesthattheservercannotprocesstherequestbecauseofitbeingtemporarilyoverloadedorundermaintenance
•504–GatewayTimeoutIndicatesthatagatewayorproxyserverdidnotreceiveatimelyresponsefromtheupstreamserverspecifiedbytheURIorsomeotherauxiliaryserverneededtocompletetherequest
•505–HTTPVersionNotSupportedIndicatesthattheserverdoesnotsupport,orrefusestosupport,theHTTPprotocolversionusedintherequestmessage
Afterthestartline,aresponsemessagecancontainaseriesofheaders,justlikethoseinarequest,thatprovideinformationabouttheserverandtheresponsemessage.Theheadersectionconcludeswithablankline,afterwhichcomesthebodyofthemessage,typicallycontainingthecontentsofthefilerequestedbytheclient.Ifthefileislargerthanwhatcanfitinasinglepacket,theservergeneratesadditionalresponsemessagescontainingmessagebodiesbutnostartlinesorheaders.
FTPServersTheFileTransferProtocolisanapplicationlayerTCP/IPprotocolthatenablesanauthenticatedclienttoconnecttoaserverandtransferfilestoandfromtheothermachine.FTPisnotthesameassharingadrivewithanothersystemonthenetwork.Accessislimitedtoafewbasicfilemanagementcommands,andtheprimaryfunctionoftheprotocolistocopyfilestoyourlocalsystem,nottoaccesstheminplaceontheserver.
LikeHTTP,FTPusestheTCPprotocolforitstransportservicesandreliesonASCIItextcommandsforitsuserinterface.TherearenowmanygraphicalFTPclientsavailablethatautomatethegenerationandtransmissionoftheappropriatetextcommandstoaserver.
ThebigdifferencebetweenFTPandHTTP(aswellasmostotherprotocols)isthatFTPusestwoportnumbersinthecourseofitsoperations.WhenanFTPclientconnectstoaserver,itusesport21toestablishacontrolconnection.Thisconnectionremainsopenduringthelifeofthesession;theclientandserveruseittoexchangecommandsandreplies.Whentheclientrequestsafiletransfer,theserverestablishesasecondconnectiononport20,whichitusestotransferthefileandthenterminatesimmediatelyafterward.
FTPCommandsAnFTPclientconsistsofauserinterface,whichmaybetextbasedorgraphical,andauserprotocolinterpreter.Theuserprotocolinterpretercommunicateswiththeserver
![Page 394: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/394.jpg)
protocolinterpreterusingtextcommandsthatarepassedoverthecontrolconnection(seeFigure16-1).Whenthecommandscallforadatatransfer,oneoftheprotocolinterpreterstriggersadatatransferprocess,whichcommunicateswithalikeprocessontheothermachineusingthedataconnection.Thecommandsissuedbytheuserprotocolinterpreterdonotnecessarilycorrespondtothetraditionaltext-baseduserinterfacecommands.Forexample,toretrieveafilefromaserver,thetraditionaluserinterfacecommandisGETplusthefilename,butaftertheuserprotocolinterpreterreceivesthiscommand,itsendsanRETRcommandtotheserverwiththesamefilename.Thus,theuserinterfacecanbemodifiedforpurposesoflanguagelocalizationorotherreasons,butthecommandsusedbytheprotocolinterpretersremainconsistent.
Figure16-1TheprotocolinterpretersintheFTPclientandserverexchangecontrolmessages
ThefollowingsectionslistthecommandsusedbytheFTPprotocolinterpreters.
AccessControlCommandsFTPclientsusetheaccesscontrolcommandstologintoaserver,authenticatetheuser,andterminatethecontrolconnectionattheendofthesession.Thesecommandsareasfollows:
•USERusernameSpecifiestheaccountnameusedtoauthenticatetheclienttotheserver.
•PASSpasswordSpecifiesthepasswordassociatedwiththepreviouslyfurnishedusername.
•ACCTaccountSpecifiesanaccountusedforaccesstospecificfeaturesoftheserverfilesystem.TheACCTcommandcanbeissuedatanytimeduringthesessionandnotjustduringtheloginsequence,aswithUSER.
![Page 395: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/395.jpg)
•CWDpathnameChangestheworkingdirectoryintheserverfilesystemtothatspecifiedbythepathnamevariable.
•CDUPShiftstheworkingdirectoryintheserverfilesystemoneleveluptotheparentdirectory.
•SMNTpathnameMountsadifferentfilesystemdatastructureontheserver,withoutalteringtheuseraccountauthentication.
•REINTerminatesthecurrentsession,leavingthecontrolconnectionopenandcompletinganydataconnectiontransferinprogress.AnewUSERcommandisexpectedtofollowimmediately.
•QUITTerminatesthecurrentsessionandclosesthecontrolconnectionaftercompletinganydataconnectiontransferinprogress.
TransferParameterCommandsThetransferparametercommandspreparethesystemstoinitiateadataconnectionandidentifythetypeoffilethatistobetransferred.Thesecommandsareasfollows:
•PORThost/portNotifiestheserveroftheIPaddressandephemeralportnumberthatitexpectsadataconnectiontouse.Thehost/portvariableconsistsofsixintegers,separatedbycommas,representingthefourbytesoftheIPaddressandtwobytesfortheportnumber.
•PASVInstructstheservertospecifyaportnumberthattheclientwillusetoestablishadataconnection.Thereplyfromtheservercontainsahost/portvariable,likePORT.
•TYPEtypecodeSpecifiesthetypeoffiletobetransferredoveradataconnection.Currentlyusedoptionsareasfollows:
•AASCIIplain-textfile
•IBinaryfile
•STRUstructurecodeSpecifiesthestructureofafile.Thedefaultsetting,F(forFile),indicatesthatthefileisacontiguousbytestream.Twootheroptions,R(forRecord)andP(forPage),arenolongerused.
•MODEmodecodeSpecifiesthetransfermodeforadataconnection.Thedefaultsetting,S(forStream),indicatesthatthefilewillbetransferredasabytestream.Twootheroptions,B(forBlock)andC(forCompressed),arenolongerused.
FTPServiceCommandsTheFTPservicecommandsenabletheclienttomanagethefilesystemontheserverandinitiatefiletransfers.Thesecommandsareasfollows:
•RETRfilenameInstructstheservertotransferthespecifiedfiletotheclient.
•STORfilenameInstructstheservertoreceivethespecifiedfilefromthe
![Page 396: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/396.jpg)
client,overwritinganidenticallynamedfileintheserverdirectoryifnecessary.
•STOUInstructstheservertoreceivethefilefromtheclientandgiveitauniquenameintheserverdirectory.Thereplyfromtheservermustcontaintheuniquename.
•APPEpathnameInstructstheservertoreceivethespecifiedfilefromtheclientandappendittotheidenticallynamedfileintheserverdirectory.Ifnofileofthatnameexists,theservercreatesanewfile.
•ALLObytesAllocatesaspecifiednumberofbytesontheserverbeforetheclientactuallytransmitsthedata.
•RESTmarkerSpecifiesthepointinafileatwhichthefiletransfershouldberestarted.
•RNFRfilenameSpecifiesthenameofafiletoberenamed;mustbefollowedbyanRNTOcommand.
•RNTOfilenameSpecifiesthenewnameforthefilepreviouslyreferencedinanRNFRcommand.
•ABORAbortsthecommandcurrentlybeingprocessedbytheserver,closinganyopendataconnections.
•DELEfilenameDeletesthespecifiedfileontheserver.
•RMDpathnameDeletesthespecifieddirectoryontheserver.
•MKDpathnameCreatesthespecifieddirectoryontheserver.
•PWDReturnsthenameoftheserver’scurrentworkingdirectory.
•LISTpathnameInstructstheservertotransmitanASCIIfilecontainingalistofthespecifieddirectory’scontents,includingattributes.
•NLSTpathnameInstructstheservertotransmitanASCIIfilecontainingalistofthespecifieddirectory’scontents,withnoattributes.
•SITEstringCarriesnonstandard,implementation-specificcommandstotheserver.
•SYSTReturnsthenameoftheoperatingsystemrunningontheserver.
•STATfilenameWhenusedduringafiletransfer,returnsastatusindicatorforthecurrentoperation.Whenusedwithafilenameargument,returnstheLISTinformationforthespecifiedfile.
•HELPstringReturnshelpinformationspecifictotheserverimplementation.
•NOOPInstructstheservertoreturnanOKresponse.Thisisusedasasessionkeep-alivemechanism;thecommandperformsnootheractions.
FTPReplyCodesAnFTPserverrespondstoeachcommandsentbyaclientwithathree-digitreplycode
![Page 397: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/397.jpg)
andatextstring.AswithHTTP,thesereplycodesmustbeimplementedasdefinedintheFTPstandardonallserverssothattheclientcandetermineitsnextaction,butsomeproductsenableyoutomodifythetextthatisdeliveredwiththecodeanddisplayedtotheuser.
Thefirstdigitofthereplycodeindicateswhetherthecommandwascompletedsuccessfully,unsuccessfully,ornotatall.Thepossiblevaluesforthisdigitareasfollows:
•1##–PositivepreliminaryreplyIndicatesthattheserverisinitiatingtherequestedactionandthattheclientshouldwaitforanotherreplybeforesendinganyfurthercommands
•2##–PositivecompletionreplyIndicatesthattheserverhassuccessfullycompletedtherequestedaction
•3##–PositiveintermediatereplyIndicatesthattheserverhasacceptedthecommandbutthatmoreinformationisneededbeforeitcanexecuteitandthattheclientshouldsendanothercommandcontainingtherequiredinformation
•4##–TransientnegativecompletionreplyIndicatesthattheserverhasnotacceptedthecommandorexecutedtherequestedactionduetoatemporaryconditionandthattheclientshouldsendthecommandagain
•5##–PermanentnegativecompletionreplyIndicatesthattheserverhasnotacceptedthecommandorexecutedtherequestedactionandthattheclientisdiscouraged(butnotforbidden)fromresendingthecommand
Theseconddigitofthereplycodeprovidesmorespecificinformationaboutthenatureofthemessage.Thepossiblevaluesforthisdigitareasfollows:
•#0#–SyntaxIndicatesthatthecommandcontainsasyntaxerrorthathaspreventeditfrombeingexecuted
•#1#–InformationIndicatesthatthereplycontainsinformationthatthecommandrequested,suchasstatusorhelp
•#2#–ConnectionsIndicatesthatthereplyreferstothecontrolordataconnection
•#3#–AuthenticationandaccountingIndicatesthatthereplyreferstotheloginprocessortheaccountingprocedure
•#4#–UnusedCurrentlyunused.Isavailableforfutureuse.
•#5#–FilesystemIndicatesthestatusoftheserverfilesystemasaresultofthecommand
TheerrorcodesdefinedbytheFTPstandardareasfollows:
•110Restartmarkerreply
•120Servicereadyinnnnminutes
•125Dataconnectionalreadyopen;transferstarting
•150Filestatusokay;abouttoopendataconnection
![Page 398: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/398.jpg)
•200Commandokay
•202Commandnotimplemented,superfluousatthissite
•211Systemstatus,orsystemhelpreply
•212Directorystatus
•213Filestatus
•214Helpmessage
•215NAMEsystemtype
•220Servicereadyfornewuser
•221Serviceclosingcontrolconnection
•225Dataconnectionopen;notransferinprogress
•226Closingdataconnection
•227EnteringPassiveMode(h1,h2,h3,h4,p1,p2)
•230Userloggedin,proceed
•250Requestedfileactionokay,completed
•257“PATHNAME”created
•331Usernameokay,needpassword
•332Needaccountforlogin
•350Requestedfileactionpendingfurtherinformation
•421Servicenotavailable;closingcontrolconnection
•425Can’topendataconnection
•426Connectionclosed;transferaborted
•450Requestedfileactionnottaken
•451Requestedactionaborted;localerrorinprocessing
•452Requestedactionnottaken;insufficientstoragespaceinsystem
•500Syntaxerror,commandunrecognized
•501Syntaxerrorinparametersorarguments
•502Commandnotimplemented
•503Badsequenceofcommands
•504Commandnotimplementedforthatparameter
•530Notloggedin
•532Needaccountforstoringfiles
•550Requestedactionnottaken;fileunavailable(e.g.,filenotfound,noaccess)
![Page 399: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/399.jpg)
•551Requestedactionaborted;pagetypeunknown
•552Requestedfileactionaborted;exceededstorageallocation(forcurrentdirectoryordataset)
•553Requestedactionnottaken;filenamenotallowed
FTPMessagingAnFTPsessionbeginswithaclientestablishingaconnectionwithaserverbyusingeitheraGUIorthecommandlinetospecifytheserver’sDNSnameorIPaddress.ThefirstorderofbusinessistoestablishaTCPconnectionusingthestandardthree-wayhandshake.TheFTPserverislisteningonport21forincomingmessages,andthisnewTCPconnectionbecomestheFTPcontrolconnectionthatwillremainopenforthelifeofthesession.ThefirstFTPmessageistransmittedbytheserver,announcingandidentifyingitself,asfollows:220CZ2MicrosoftFTPService(Version5.0)
AswithallmessagestransmittedoveraTCPconnection,acknowledgmentisrequired.Duringthecourseofthesession,themessageexchangeswillbepunctuatedbyTCPACKpacketsfrombothsystems,asneeded.Afteritsendstheinitialacknowledgment,theclientpromptstheuserforanaccountnameandpasswordandperformstheuserloginsequence,asfollows:USERanonymous
331Anonymousaccessallowed,sendidentity(e-mailname)aspassword.
230Anonymoususerloggedin.
TheclienttheninformstheserverofitsIPaddressandtheportthatitwillusefordataconnectionsontheclientsystem,asfollows:PORT192,168,2,3,7,233
200PORTcommandsuccessful.
Thevalues192,168,2,and3arethefourdecimalbytevaluesoftheIPaddress,andthe7and233arethe2bytesoftheportnumbervalue,whichtranslatesas2025.Byconvertingthese2portbytestobinaryform(0000011111101001)andthenconvertingthewhole2-bytevaluetoadecimal,youget2025.
Atthispoint,theclientcansendcommandstotheserverrequestingfiletransfersorfilesystemprocedures,suchasthecreationanddeletionofdirectories.Onetypicalclientcommandistorequestalistingofthefilesintheserver’sdefaultdirectory,asfollows:NLST-l
Inresponsetothiscommand,theserverinformstheclientthatitisgoingtoopenadataconnectionbecausethelististransmittedasanASCIIfile.150OpeningASCIImodedataconnectionfor/bin/ls.
TheserverthencommencestheestablishmentofthesecondTCPconnection,usingitsownport20andtheclientport2025specifiedearlierinthePORTcommand.Oncethe
![Page 400: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/400.jpg)
connectionisestablished,theservertransmitsthefileithascreatedcontainingthelistingforthedirectory.Dependingonthenumberoffilesinthedirectory,thetransfermayrequirethetransmissionofmultiplepacketsandacknowledgments,afterwhichtheserverimmediatelysendsthefirstmessageinthesequencethatterminatesthedataconnection.Oncethedataconnectionisclosed,theserverrevertstothecontrolconnectionandfinishesthefiletransferwiththefollowingpositivecompletionreplymessage:226Transfercomplete.
Atthispoint,theclientisreadytoissueanothercommand,suchasarequestforanotherfiletransfer,whichrepeatstheentireprocessbeginningwiththePORTcommandorsomeotherfunctionthatusesonlythecontrolconnection.Whentheclientisreadytoterminatethesessionbyclosingthecontrolconnection,itsendsaQUITcommand,andtheserverrespondswithanacknowledgmentlikethefollowing:221
E-mailWhileInternetservicessuchastheWebandFTParewildlypopular,theservicethatistheclosesttobeingaubiquitousbusinessandpersonalcommunicationstoolise-mail.E-mailisauniquecommunicationsmediumthatcombinestheimmediacyofthetelephonewiththeprecisionofthewrittenword,andnoInternetserviceismorevaluabletothenetworkuser.Untilthemid-1990s,thee-mailsystemsyouwerelikelytoencounterwereself-contained,proprietarysolutionsdesignedtoprovideanorganizationwithinternalcommunications.Asthevalueofe-mailasabusinesstoolbegantoberecognizedbythegeneralpublic,businesspeoplebeganswappingthee-mailaddressessuppliedtothembyspecificonlineservices.However,ifyousubscribedtoadifferentservicethanyourintendedcorrespondent,youwereoutofluck.TheriseoftheInternetrevolutionizedthee-mailconceptbyprovidingasingle,worldwidestandardformailcommunicationsthatwasindependentofanysingleserviceprovider.Today,e-mailaddressesarealmostascommonastelephonenumbers,andvirtuallyeverynetworkwithanInternetconnectionsuppliesitsuserswithe-mailaddresses.
E-mailAddressingThee-mailaddressformatsoonbecomessecondnaturetobeginninge-mailusers.AnInternete-mailaddressconsistsofausernameandadomainname,separatedbyan“at”symbol(@),[email protected],thedomainnameinane-mailaddress(whichiseverythingfollowingthe@symbol)identifiestheorganizationhostingthee-mailservicesforaparticularuser.Forindividualusers,thedomainistypicallythatofanISP,whichnearlyalwayssuppliesoneormoree-mailaddresseswithanInternetaccessaccount.Forcorporateusers,thedomainnameisusuallyregisteredtotheorganizationandisusuallythesamedomainusedfortheirwebsitesandotherInternetservices.
Theusernamepartofane-mailaddress(whichiseverythingbeforethe@symbol)representsthenameofamailboxthathasbeencreatedonthemailserverservicingthedomain.Theusernameoftenconsistsofacombinationofnamesand/orinitialsidentifying
![Page 401: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/401.jpg)
anindividualuserattheorganization,butit’salsocommontohavemailboxesforspecificrolesandfunctionsinthedomain.Forexample,mostdomainsrunningawebsitehaveawebmaster@mydomain.commailboxforcommunicationsconcerningthefunctionalityofthewebsite.
BecauseInternete-mailreliesonstandarddomainnamestoidentifymailservers,theDomainNameSystem(DNS)isanessentialpartoftheInternete-mailarchitecture.DNSserversstoreinformationinunitsofvarioustypescalledresourcerecords.TheMXresourcerecordistheoneusedtoidentifyane-mailserverinaparticulardomain.Whenamailserverreceivesanoutgoingmessagefromane-mailclient,itreadstheaddressoftheintendedrecipientandperformsaDNSlookupofthedomainnameinthataddress.TheservergeneratesaDNSmessagerequestingtheMXresourcerecordforthespecifieddomain,andtheDNSserver(afterperformingthestandarditerativeprocessthatmayinvolverelatingtherequesttootherdomainservers)replieswiththeIPaddressofthee-mailserverforthedestinationdomain.Theserverwiththeoutgoingmessagethenopensaconnectiontothedestinationdomain’smailserverusingtheSimpleMailTransferProtocol(SMTP).Itisthedestinationmailserverthatprocessestheusernamepartofthee-mailaddressbyplacingthemessageintheappropriatemailbox,whereitwaitsuntiltheclientpicksitup.
E-mailClientsandServersLikeHTTPandFTP,Internete-mailisaclient-serverapplication.However,inthiscase,severaltypesofserversareinvolvedinthee-mailcommunicationprocess.SMTPserversareresponsibleforreceivingoutgoingmailfromclientsandtransmittingthemailmessagestotheirdestinationservers.Theothertypeofserveristheonethatmaintainsthemailboxesandwhichthee-mailclientsusetoretrievetheirincomingmail.ThetwopredominantprotocolsforthistypeofserverarethePostOfficeProtocol,version3(POP3)andtheInternetMessageAccessProtocol(IMAP).Thisisanothercasewhereit’simportanttounderstandthatthetermserverreferstoanapplicationandnotnecessarilytoaseparatecomputer.Inmanycases,theSMTPandeitherthePOP3orIMAPserverrunonthesamecomputer.
E-mailserverproductsgenerallyfallintotwocategories,thosethataredesignedsolelyforInternete-mailandthosethatprovidemorecomprehensiveinternale-mailservicesaswell.TheformerarerelativelysimpleapplicationsthattypicallyprovideSMTPsupportandmayormaynotincludeeitherPOP3orIMAPaswell.Ifnot,youhavetopurchaseandinstallaPOP3orIMAPserveralsosothatyouruserscanaccesstheirmail.OneofthemostcommonSMTPserversusedontheInternetisafreeUnixprogramcalledsendmail,buttherearemanyotherproducts,bothopensourceandcommercial,thatrunonavarietyofcomputingplatforms.
Afterinstallingthemailserverapplications,theadministratorcreatesamailboxforeachuserandregisterstheserver’sIPaddressinaDNSMXresourcerecordforthedomain.ThisenablesotherSMTPserversontheInternettosendmailtotheusers’mailboxes.ClientsaccessthePOP3orIMAPservertodownloadmailfromtheirmailboxesandsendoutgoingmessagesusingtheSMTPserver.ISPstypicallyusemailserversofthistypebecausetheirusersarestrictlyconcernedwithInternete-mail.The
![Page 402: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/402.jpg)
servermayprovideotherconvenienceservicesforusersaswell,suchasweb-basedclientaccess,whichenablesuserstoaccesstheirmailboxesfromanywebbrowser.
Themorecomprehensivee-mailserversareproductsthatevolvedfrominternale-mailsystems.ProductslikeMicrosoftExchangestartedoutasserversthatacorporationwouldinstalltoprovideprivatee-mailservicetouserswithinthecompany,aswellasotherservicessuchascalendars,personalinformationmanagers,andgroupscheduling.AsInternete-mailbecamemoreprevalent,theseproductswereenhancedtoincludethestandardInternete-mailconnectivityprotocolsaswell.Today,asingleproductsuchasExchangeprovidesawealthofcommunicationsservicesforprivatenetworkusers.Onthistypeofe-mailproduct,themailmessagesandotherpersonaldataarestoredpermanentlyonthemailservers,andusersrunaspecialclienttoaccesstheirmail.Storingthemailontheservermakesiteasierforadministratorstobackitupandenablesuserstoaccesstheirmailfromanycomputer.E-mailapplicationssuchasExchangearemuchmoreexpensivethanInternet-onlymailservers,andadministeringthemismorecomplicated.
Ane-mailclientisanyprogramthatcanaccessauser’smailboxonamailserver.Somee-mailclientprogramsaredesignedstrictlyforInternete-mailandcanthereforeaccessonlySMTP,POP3,and/orIMAPservers.Therearemanyproducts,bothcommercialandfree,thatperformthesamebasicfunctions.Inmanycases,e-mailclientfunctionalityisintegratedintootherprograms,suchaspersonalinformationmanagers(PIMs).BecausetheInternete-mailprotocolsarestandardized,userscanrunanyInternete-mailclientwithanySMTP/POP3/IMAPservers.ConfiguringanInternete-mailclienttosendandretrievemailissimplyamatterofsupplyingtheprogramwiththeIPaddressesofanSMTPserver(foroutgoingmail)andaPOP3orIMAPserver(forincomingmail),aswellasthenameofamailboxonthePOP3/IMAPserveranditsaccompanyingpassword.
Themorecomprehensivee-mailserverproductsrequireaproprietaryclienttoaccessalloftheirfeatures.InthecaseofExchange,theclientistheMicrosoftOutlookprogramincludedaspartofthemanyMicrosoftOfficeversions.Outlookisanunusuale-mailclientinthatyoucanconfigureittooperateincorporate/workgroupmode,inwhichtheclientconnectstoanExchangeserver,orinInternet-onlymode.BothmodesenableyoutoaccessSMTPandPOP3/IMAPservices,butcorporate/workgroupmodeprovidesaccesstoalloftheExchangefeatures,suchasgroupscheduling,andstorestheuser’smailontheserver.Internet-onlymodestoresthemailonthecomputer’slocaldrive.
SimpleMailTransferProtocolSMTPisanapplicationlayerprotocolthatisstandardizedintheIETF’sRFC821document.SMTPmessagescanbecarriedbyanyreliabletransportprotocol,butontheInternetandmostprivatenetworks,theyarecarriedbytheTCPprotocol,usingwell-knownportnumber25attheserver.LikeHTTPandFTP,SMTPmessagesarebasedonASCIItextcommands,ratherthantheheadersandfieldsusedbytheprotocolsatthelowerlayersoftheprotocolstack.SMTPcommunicationscantakeplacebetweene-mailclientsandserversorbetweenservers.Ineachcase,thebasiccommunicationmodelisthesame.Onecomputer(calledthesender-SMTP)initiatescommunicationwiththeother(thereceiver-SMTP)byestablishingaTCPconnectionusingthestandardthree-way
![Page 403: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/403.jpg)
handshake.
SMTPCommandsOncetheTCPconnectionisestablished,thesender-SMTPcomputerbeginstransmittingSMTPcommandstothereceiver-SMTP,whichrespondswithareplymessageandanumericcodeforeachcommanditreceives.Thecommandsconsistofakeywordandanargumentfieldcontainingotherparametersintheformofatextstring,followedbyacarriagereturn/linefeed(CR/LF).
NOTETheSMTPstandardusesthetermssender-SMTPandreceiver-SMTPtodistinguishthesenderandthereceiveroftheSMTPmessagesfromthesenderandthereceiverofanactualmailmessage.Thetwoarenotnecessarilysynonymous.
Thecommandsusedbythesender-SMTPandtheirfunctionsareasfollows(theparenthesescontaintheactualtextstringstransmittedbythesendingcomputer):
•HELLO(HELO)Usedbythesender-SMTPtoidentifyitselftothereceiver-SMTPbytransmittingitshostnameastheargument.Thereceiver-SMTPrespondsbytransmittingitsownhostname.
•MAIL(MAIL)Usedtoinitiateatransactioninwhichamailmessageistobedeliveredtoamailboxbyspecifyingtheaddressofthemailsenderastheargumentand,optionally,alistofhoststhroughwhichthemailmessagehasbeenrouted(calledasourceroute).Thereceiver-SMTPusesthislistintheeventithastoreturnanondeliverynoticetothemailsender.
•RECIPIENT(RCPT)Identifiestherecipientofamailmessage,usingtherecipient’smailboxaddressastheargument.Ifthemessageisaddressedtomultiplerecipients,thesender-SMTPgeneratesaseparateRCPTcommandforeachaddress.
•DATA(DATA)Containstheactuale-mailmessagedata,followedbyaCRLF,aperiod,andanotherCRLF(<CRLF>.<CRLF>),whichindicatestheendofthemessagestring.
•SEND(SEND)Usedtoinitiateatransactioninwhichmailistobedeliveredtoauser’sterminal(insteadoftoamailbox).LiketheMAILcommand,theargumentcontainsthesender’smailboxaddressandthesourceroute.
•SENDORMAIL(SOML)Usedtoinitiateatransactioninwhichamailmessageistobedeliveredtoauser’sterminal,iftheyarecurrentlyactiveandconfiguredtoreceivemessages,ortotheuser’smailbox,iftheyarenot.TheargumentcontainsthesamesenderaddressandsourcerouteastheMAILcommand.
•SENDANDMAIL(SAML)Usedtoinitiateatransactioninwhichamailmessageistobedeliveredtoauser’sterminal,iftheyarecurrentlyactiveandconfiguredtoreceivemessages,andtotheuser’smailbox.Theargumentcontains
![Page 404: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/404.jpg)
thesamesenderaddressandsourcerouteastheMAILcommand.
•RESET(RSET)Instructsthereceiver-SMTPtoabortthecurrentmailtransactionanddiscardallsender,recipient,andmaildatainformationfromthattransaction.
•VERIFY(VRFY)Usedbythesender-SMTPtoconfirmthattheargumentidentifiesavaliduser.Iftheuserexists,thereceiver-SMTPrespondswiththeuser’sfullnameandmailboxaddress.
•EXPAND(EXPN)Usedbythesender-SMTPtoconfirmthattheargumentidentifiesavalidmailinglist.Ifthelistexists,thereceiver-SMTPrespondswiththefullnamesandmailboxaddressesofthelist’smembers.
•HELP(HELP)Usedbythesender-SMTP(presumablyaclient)torequesthelpinformationfromthereceiver-SMTP.Anoptionalargumentmayspecifythesubjectforwhichthesender-SMTPneedshelp.
•NOOP(NOOP)Performsnofunctionotherthantorequestthatthereceiver-SMTPgenerateanOKreply.
•QUIT(QUIT)Usedbythesender-SMTPtorequesttheterminationofthecommunicationschanneltothereceiver-SMTP.Thesender-SMTPshouldnotclosethechanneluntilithasreceivedanOKreplytoitsQUITcommandfromthereceiver-SMTP,andthereceiver-SMTPshouldnotclosethechanneluntilithasreceivedandrepliedtoaQUITcommandfromthesender-SMTP.
•TURN(TURN)Usedbythesender-SMTPtorequestthatitandthereceiver-SMTPshouldswitchroles,withthesender-SMTPbecomingthereceiver-SMTPandthereceiver-SMTPthesender-SMTP.Theactualroleswitchdoesnotoccuruntilthereceiver-SMTPreturnsanOKresponsetotheTURNcommand.
NOTENotallSMTPimplementationsincludesupportforallofthecommandslistedhere.TheonlycommandsthatarerequiredtobeincludedinallSMTPimplementationsareHELO,MAIL,RCPT,DATA,RSET,NOOP,andQUIT.
SMTPRepliesThereceiver-SMTPisrequiredtogenerateareplyforeachofthecommandsitreceivesfromthesender-SMTP.Thesender-SMTPisnotpermittedtosendanewcommanduntilitreceivesareplytothepreviousone.Thispreventsanyconfusionofrequestsandreplies.Thereplymessagesgeneratedbythereceiver-SMTPconsistofathree-digitnumericalvalueplusanexplanatorytextstring.Thenumberandthetextstringareessentiallyredundant;thenumberisintendedforusebyautomatedsystemsthattakeactionbasedonthereply,whilethetextstringisintendedforhumans.Thetextmessagescanvaryfromimplementationtoimplementation,butthereplynumbersmustremainconsistent.
Thereplycodesgeneratedbythereceiver-SMTPareasfollows(italicizedvaluesrepresentvariablesthatthereceiver-SMTPreplaceswithanappropriatetextstring):
![Page 405: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/405.jpg)
•211Systemstatus,orsystemhelpreply
•214Helpmessage
•220Domainserviceready
•221Domainserviceclosingtransmissionchannel
•250Requestedmailactionokay,completed
•251Usernotlocal;willforwardtoforward-path
•354Startmailinput;endwith<CRLF>.<CRLF>
•421Domainservicenotavailable,closingtransmissionchannel
•450Requestedmailactionnottaken:mailboxunavailable
•451Requestedactionaborted:localerrorinprocessing
•452Requestedactionnottaken:insufficientsystemstorage
•500Syntaxerror,commandunrecognized
•501Syntaxerrorinparametersorarguments
•502Commandnotimplemented
•503Badsequenceofcommands
•504Commandparameternotimplemented
•550Requestedactionnottaken:mailboxunavailable
•551Usernotlocal;pleasetryforward-path
•552Requestedmailactionaborted:exceededstorageallocation
•553Requestedactionnottaken:mailboxnamenotallowed
•554Transactionfailed
SMTPTransactionsAtypicalSMTPmailtransactionbegins(afteraTCPconnectionisestablished)withthesender-SMTPtransmittingaHELOcommandtoidentifyitselftothereceiver-SMTPbyincludingitshostnameasthecommandargument.Ifthereceiver-SMTPisoperational,itrespondswitha250reply.Next,thesender-SMTPinitiatesthemailtransactionbytransmittingaMAILcommand.Thiscommandcontainsthemailboxaddressofthemessagesenderastheargumentonthecommandline.Notethatthissenderaddressreferstothepersonwhogeneratedthee-mailmessageandnotnecessarilytotheSMTPservercurrentlysendingcommands.
NOTEInthecasewheretheSMTPtransactionisbetweenane-mailclientandanSMTPserver,thesenderofthee-mailandthesender-SMTPrefertothesamecomputer,butthereceiver-SMTPisnotthesameastheintendedreceiver(thatis,theaddressee)ofthee-mail.Inthecaseoftwo
![Page 406: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/406.jpg)
SMTPserverscommunicating,suchaswhenalocalSMTPserverforwardsthemailmessagesithasjustreceivedfromclientstotheirdestinationservers,neitherthesender-SMTPnorthereceiver-SMTPrefertotheultimatesenderandreceiverofthee-mailmessage.
Ifthereceiver-SMTPisreadytoreceiveandprocessamailmessage,itreturnsa250responsetotheMAILmessagegeneratedbythesender-SMTP.AfterreceivingapositiveresponsetoitsMAILcommand,thesender-SMTPproceedsbysendingatleastoneRCPTmessagethatcontainsasitsargumentthemailboxaddressofthee-mailmessage’sintendedrecipient.Iftherearemultiplerecipientsforthemessage,thesender-SMTPsendsaseparateRCPTcommandforeachmailboxaddress.Thereceiver-SMTP,onreceivinganRCPTcommand,checkstoseewhetherithasamailboxforthataddressand,ifso,acknowledgesthecommandwitha250reply.Ifthemailboxdoesnotexist,thereceiver-SMTPcantakeoneofseveralactions,suchasgeneratinga251UserNotLocal;WillForwardresponseandtransmittingthemessagetotheproperserverorrejectingthemessagewithafailureresponse,suchas550RequestedActionNotTaken:MailboxUnavailableor551UserNotLocal.Ifthesender-SMTPgeneratesmultipleRCPTmessages,thereceiver-SMTPmustreplyseparatelytoeachonebeforethenextcanbesent.
ThenextstepintheprocedureisthetransmissionofaDATAcommandbythesender-SMTP.TheDATAcommandhasnoargument,andisfollowedsimplybyaCRLF.OnreceivingtheDATAcommand,thereceiver-SMTPreturnsa354responseandassumesthatallofthelinesthatfollowarethetextofthee-mailmessageitself.Thesender-SMTPthentransmitsthetestofthemessage,onelineatatime,endingwithaperiodonaseparateline(inotherwords,aCRLF.CRLFsequence).Onreceiptofthisfinalsequence,thereceiver-SMTPrespondswitha250replyandproceedstoprocessthemailmessagebystoringitinthepropermailboxandclearingitsbuffers.
MultipurposeInternetMailExtensionSMTPisdesignedtocarrytextmessagesusing7-bitASCIIcodesandlinesnomorethan1,000characterslong.Thisexcludesforeigncharactersand8-bitbinarydatafrombeingcarriedine-mailmessages.TomakeitpossibletosendthesetypesofdatainSMTPe-mail,anotherstandardcalledtheMultipurposeInternetMailExtension(MIME)waspublishedinfiveRFCdocuments,numbered2045through2049.MIMEisessentiallyamethodforencodingvarioustypesofdataforinclusioninane-mailmessage.
ThetypicalSMTPe-mailmessagetransmittedaftertheDATAcommandbeginswithaheadercontainingthefamiliarelementsofthemessageitself,suchastheTo,From,andSubjectfields.MIMEaddstwoadditionalfieldstothisinitialheader,aMIME-VersionindicatorthatspecifieswhichversionofMIMEthemessageisusingandaContent-TypefieldthatspecifiestheformatoftheMIME-encodeddataincludedinthemessage.TheContent-TypefieldcanspecifyanyoneofseveralpredeterminedMIMEformats,oritcanindicatethatthemessageconsistsofmultiplebodyparts,eachofwhichusesadifferentformat.
Forexample,theheaderofamultipartmessagemightappearasfollows:
![Page 407: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/407.jpg)
MIME-Version:1.0
From:[email protected]
Subject:Networkdiagrams
Content-Type:multipart/mixed;boundary=gc0p4Jq0M2Yt08j34c0p
TheContent-Typefieldinthisexampleindicatesthatthemessageconsistsofmultipleparts,indifferentformats.Theboundaryparameterspecifiesatextstringthatisusedtodelimittheparts.Thevaluespecifiedintheboundaryparametercanbeanytextstring,justaslongasitdoesnotappearinthemessagetext.Afterthisheadercomestheseparatepartsofthemessage,eachofwhichbeginswiththeboundaryvalueonaseparatelineandaContent-Typefieldthatspecifiestheformatforthedatainthatpartofthemessage,asfollows:—gc0p4Jq0M2Yt08j34c0p
Content-Type:image/jpeg
Theactualmessagecontentthenappears,intheformatspecifiedbytheContent-Typevalue.
Theheaderforeachpartofthemessagecanalsocontainanyofthefollowingfields:
•Content-Transfer-EncodingSpecifiesthemethodusedtoencodethedatainthatpartofthemessage,usingvaluessuchas7-bit,8-bit,Base64,andBinary
•Content-IDOptionalfieldthatspecifiesanidentifierforthatpartofthemessagethatcanbeusedtoreferenceitinotherplaces
•Content-DescriptionOptionalfieldthatcontainsadescriptionofthedatainthatpartofthemessage
ThemostcommonlyrecognizableelementsofMIMEarethecontenttypesusedtodescribethenatureofthedataincludedaspartofane-mailmessage.AMIMEcontenttypeconsistsofatypeandasubtype,separatedbyaforwardslash,asinimage/jpeg.Thetypeindicatesthegeneraltypeofdata,andthesubtypeindicatesaspecificformatforthatdatatype.Theimagetype,forexample,hasseveralpossiblesubtypes,includingjpegandgif,whicharebothcommongraphicsformats.SystemsinterpretingthedatausetheMIMEtypestodeterminehowtheyshouldhandlethedata,eveniftheydonotrecognizetheformat.Forexample,anapplicationreceivingdatawiththetext/richtextcontenttypemightdisplaythecontenttotheuser,evenifitcannothandletherichtextformat.Becausethebasictypeistext,theapplicationcanbereasonablysurethatthedatawillberecognizabletotheuser.Iftheapplicationreceivesamessagecontainingimage/gifdata,however,andisincapableofinterpretingthegifformat,itcanbeequallysure,becausethemessagepartisoftheimagetype,thattheraw,uninterpreteddatawouldbemeaninglesstotheuserandasaresultwouldnotdisplayitinitsrawform.
ThesevenMIMEcontenttypesareasfollows:
•TextContainstextualinformation,eitherunformatted(subtype:plain)orenrichedbyformattingcommands
![Page 408: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/408.jpg)
•ImageContainsimagedatathatrequiresadevicesuchasagraphicaldisplayorgraphicalprintertoviewtheinformation
•AudioContainsaudioinformationthatrequiresanaudiooutputdevice(suchasaspeaker)topresenttheinformation
•VideoContainsvideoinformationthatrequiresthehardware/softwareneededtodisplaymovingimages
•ApplicationContainsuninterpretedbinarydata,suchasaprogramfile,orinformationtobeprocessedbyaparticularapplication
•MultipartContainsatleasttwoseparateentitiesusingindependentdatatypes
•MessageContainsanencapsulatedmessage,suchasthosedefinedbyRFC822,whichmaythemselvescontainmultiplepartsofdifferenttypes
PostOfficeProtocolThePostOfficeProtocol,version3(POP3)isaservicedesignedtoprovidemailboxservicesforclientcomputersthatarethemselvesnotcapableofperformingtransactionswithSMTPservers.Forthemostpart,thereasonfortheclientsrequiringamailboxserviceisthattheymaynotbecontinuouslyconnectedtotheInternetandarethereforenotcapableofreceivingmessagesanytimearemoteSMTPserverwantstosendthem.APOP3serveriscontinuouslyconnectedandisalwaysavailabletoreceivemessagesforofflineusers.Theserverthenretainsthemessagesinanelectronicmailboxuntiltheuserconnectstotheserverandrequeststhem.
POP3issimilartoSMTPinthatitreliesontheTCPprotocolfortransportservices(usingwell-knownport110)andcommunicateswithclientsusingtext-basedcommandsandresponses.AswithSMTP,theclienttransmitscommandstotheserver,butinPOP3,thereareonlytwopossibleresponsecodes,+OK,indicatingthesuccessfulcompletionofthecommand,and–ERR,indicatingthatanerrorhasoccurredtopreventthecommandfrombeingexecuted.InthecaseofPOP3,theserveralsosendstherequestede-mailmessagedatatotheclient,ratherthantheclientsendingoutgoingmessagestotheserverasinSMTP.
APOP3client-serversessionconsistsofthreedistinctstates:theauthorizationstate,thetransactionstate,andtheupdatestate.Thesestatesaredescribedinthefollowingsections.
TheAuthorizationStateThePOP3sessionbeginswhentheclientestablishesaTCPconnectionwithanactiveserver.OncetheTCPthree-wayhandshakeiscomplete,theservertransmitsagreetingtotheclient,usuallyintheformofan+OKreply.Atthispoint,thesessionenterstheauthorizationstate,duringwhichtheclientmustidentifyitselftotheserverandperformanauthenticationprocessbeforeitcanaccessitsmailbox.ThePOP3standarddefinestwopossibleauthenticationmechanisms.OneoftheseutilizestheUSERandPASScommands,whichtheclientusestotransmitamailboxnameandthepasswordassociated
![Page 409: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/409.jpg)
withittotheserverincleartext.Another,moresecure,mechanismusestheAPOPcommand,whichperformsanencryptedauthentication.
Whileintheauthorizationstate,theonlycommandpermittedtotheclientotherthanauthentication-relatedcommandsisQUIT,towhichtheserverrespondswitha+OKreplybeforeterminatingthesessionwithoutenteringthetransactionorupdatestates.
Oncetheauthenticationprocesshasbeencompletedandtheclientgrantedaccesstoitsmailbox,thesessionentersthetransactionstate.
TheTransactionStateOncethesessionhasenteredthetransactionstate,theclientcanbegintotransmitthecommandstotheserverwithwhichitretrievesthemailmessageswaitinginitsmailbox.Whentheserverentersthetransactionstate,itassignsanumbertoeachofthemessagesintheclient’smailboxandtakesnoteofeachmessage’ssize.Thetransactionstatecommandsusethesemessagenumberstorefertothemessagesinthemailbox.Thecommandspermittedwhilethesessionisinthetransactionstateareasfollows.WiththeexceptionoftheQUITcommand,allofthefollowingcommandscanbeusedonlyduringthetransactionstate.
•STATCausestheservertotransmitadroplistingofthemailboxcontentstotheclient.Theserverrespondswithasinglelinecontainingan+OKreply,followedonthesamelinebythenumberofmessagesinthemailboxandthetotalsizeofallthemessages,inbytes.
•LISTCausestheservertotransmitascanlistingofthemailboxcontentstotheclient.Theserverrespondswithamultilinereplyconsistingofa+OKonthefirstline,followedbyanadditionallineforeachmessageinthemailbox,containingitsmessagenumberanditssize,inbytes,followedbyalinecontainingonlyaperiod,whichindicatestheendofthelisting.AclientcanalsoissuetheLISTcommandwithaparameterspecifyingaparticularmessagenumber,whichcausestheservertoreplywithascanlistingofthatmessageonly.
•RETRCausestheservertotransmitamultilinereplycontainingan+OKreply,followedbythefullcontentsofthemessagenumberspecifiedasaparameterontheRETRcommandline.Aseparatelinecontainingonlyaperiodservesasadelimiter,indicatingtheendofthemessage.
•DELECausestheservertomarkthemessagerepresentedbythemessagenumberspecifiedasaparameterontheDELEcommandlineasdeleted.Oncemarked,clientscannolongerretrievethemessage,nordoesitappearindroplistingsandscanlistings.However,theserverdoesnotactuallydeletethemessageuntilitenterstheupdatestate.
•NOOPPerformsnofunctionotherthantocausetheservertogeneratean+OKreply.
•RSETCausestheservertounmarkanymessagesthathavebeenpreviouslymarkedasdeletedduringthesession.
•QUITCausesthesessiontoentertheupdatestatepriortotheterminationof
![Page 410: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/410.jpg)
theconnection.
TheUpdateStateOncetheclienthasfinishedretrievingmessagesfromthemailboxandperformingothertransactionstateactivities,ittransmitstheQUITcommandtotheserver,causingthesessiontotransitiontotheupdatestate.Afterenteringtheupdatestate,theserverdeletesallofthemessagesthathavebeenmarkedfordeletionandreleasesitsexclusiveholdontheclient’smailbox.Iftheserversuccessfullydeletesallofthemarkedmessages,ittransmitsa+OKreplytotheclientandproceedstoterminatetheTCPconnection.
InternetMessageAccessProtocolPOP3isarelativelysimpleprotocolthatprovidesclientswithonlythemostbasicmailboxservice.Innearlyallcases,thePOP3serverisusedonlyasatemporarystoragemedium;e-mailclientsdownloadtheirmessagesfromthePOP3serveranddeletethemfromtheserverimmediatelyafterward.Itispossibletoconfigureaclientnottodeletethemessagesafterdownloadingthem,buttheclientmustthendownloadthemagainduringthenextsession.TheInternetMessageAccessProtocol(IMAP)isamailboxservicethatisdesignedtoimproveuponPOP3’scapabilities.
IMAPfunctionssimilarlytoPOP3inthatitusestext-basedcommandsandresponses,buttheIMAPserverprovidesconsiderablymorefunctionsthanPOP3.ThebiggestdifferencebetweenIMAPandPOP3isthatIMAPisdesignedtostoree-mailmessagesontheserverpermanently,andIMAPprovidesawiderselectionofcommandsthatenableclientstoaccessandmanipulatetheirmessages.Storingthemailontheserverenablesuserstoeasilyaccesstheirmailfromanycomputerorfromdifferentcomputers.
Take,forexample,anofficeworkerwhonormallydownloadshere-mailmessagestoherworkcomputerusingaPOP3server.ShecancheckhermailfromherhomecomputerifshewantstobyaccessingthePOP3serverfromthere,butanymessagesthatshedownloadstoherhomecomputerarenormallydeletedfromthePOP3server,meaningthatshewillhavenorecordofthemonherofficecomputer,wheremostofhermailisstored.UsingIMAP,shecanaccessallofhermailfromeitherherhomeorofficecomputeratanytime,includingallofthemessagesshehasalreadyreadatbothlocations.
Tomakethestorageofclients’e-mailontheserverpractical,IMAPincludesanumberoforganizationalandperformancefeatures,includingthefollowing:
•Userscancreatefoldersintheirmailboxesandmovetheire-mailmessagesamongthefolderstocreateanorganizedstoragehierarchy.
•Userscandisplayalistofthemessagesintheirmailboxesthatcontainsonlytheheaderinformationandthenselectthemessagestheywanttodownloadintheirentirety.
•Userscansearchformessagesbasedonthecontentsoftheheaderfields,themessagesubject,orthebodyofthemessage.
WhileIMAPcanbeasensiblesolutionforacorporatee-mailsysteminwhichusersmightbenefitfromitsfeatures,itisimportanttorealizethatIMAPrequiresconsiderably
![Page 411: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/411.jpg)
moreinthewayofnetworkandsystemresourcesthanPOP3.Inadditiontothediskspacerequiredtostoremailontheserverindefinitely,IMAPrequiresmoreprocessingpowertoexecuteitsmanycommandsandconsumesmorenetworkbandwidthbecauseusersremainconnectedtotheserverformuchlongerperiodsoftime.Forthesereasons,POP3remainsthemailboxserverofchoiceforInternetserviceproviders,thelargestconsumersoftheseserverproducts.
![Page 412: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/412.jpg)
PART
![Page 413: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/413.jpg)
V NetworkOperatingServices
CHAPTER17
Windows
CHAPTER18
ActiveDirectory
CHAPTER19
Linux
CHAPTER20
Unix
CHAPTER21
OtherNetworkOperatingSystemsandNetworkingintheCloud
![Page 414: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/414.jpg)
CHAPTER
![Page 415: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/415.jpg)
17 Windows
Intheyearssinceitsinitialreleasein1985,Microsoft’sWindowsoperatingsystemhasbecomethemostprevalentoperatingsystemonthemarket.Window’sfamiliarinterfaceandeaseofuseenabledrelativelyunsophisticateduserstoinstallandmaintainlocalareanetworks(LANs),makingLANtechnologyaubiquitouspartofdoingbusiness.ThevariousversionsofWindows8(and8.1),thelatestincarnationsoftheoperatingsystem,aredesignedforusebymobiledevices,stand-alonecomputers,andthemostpowerfulservers.
TheRoleofWindowsWindowsoperatesonapeer-to-peermodel,inwhicheachsystemcanfunctionbothasaclientandasaserver.Asaresult,thesamefamiliarinterfaceisusedinallWindowscomputers,bothclientsandservers,simplifyingthelearningcurveforusersaswellasthedevelopmenteffortforsoftwaredesigners.
AtthetimeofWindowsNT’sintroduction,installingaserverwaslargelyamanualprocessinwhichyouhadtomodifytheserver’sconfigurationfilesinordertoloadtheappropriatedrivers.Windows,ontheotherhand,hadanautomatedinstallationprogrammuchlikethoseofmostapplications.Whiletheprocessofsettingupearliernetworksrequiredconsiderableexpertise,manypeoplediscoveredthatareasonablysavvyPCusercouldinstalltheWindowsoperatingsystem(OS)andWindowsapplicationswithlittledifficulty.
AmajorfactorthatcontributedtoWindows’riseinpopularitywasitsadoptionofTransmissionControlProtocol/InternetProtocol(TCP/IP)asitsdefaultprotocols.AstheInternetgrew,amarketdevelopedforaplatformthatwaseasiertousethanUnixthatwouldrunInternetandintranetserverapplications,andWindowsfitthebillnicely.Eventually,majordatabaseengineswererunningonWindowsservers,andthesimilarityoftheclientandserverplatformsstreamlinedthedevelopmentprocess.
VersionsThefirstversionofWindowsNT(whichwasgiventheversionnumber3.1toconformwiththethen-currentversionofWindows)wasintroducedin1993.Themotivationbehinditwastocreateanew32-bitOSfromthegroundupthatleftallvestigesofDOSbehind.AlthoughtheinterfacewasnearlyidenticalinappearancetothatofaWindows3.1system,NTwasacompletelynewOSinmanyfundamentalways.Backwardcompatibilitywithexistingapplicationsisafactorthathasalwayshinderedadvancesinoperatingsystemdesign,andonceMicrosoftdecidedthatrunninglegacyprogramswasnottobeaprioritywithWindowsNT,itwasfreetoimplementradicalchanges.
ThevariousversionsofWindowsNTfellintothreedistinctgenerations,basedontheuserinterface.ThefirstgenerationconsistedofWindowsNT3.1,3.5,and3.51,allthree
![Page 416: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/416.jpg)
ofwhichusethesameWindows3.1–styleinterface.Version3.1usedNetBEUIasitsdefaultprotocol,whichimmediatelylimiteditsusetorelativelysmallnetworks.TCP/IPandIPXsupportwereavailable,butonlythroughtheSTREAMSinterface.
ThesecondgenerationconsistedofWindowsNT4.0,whichwasreleasedin1996asaninterimupgradeleadingtowardthemajorinnovationthatMicrosoftbeganpromisingin1993.NT4usedthesameinterfaceintroducedinWindows95andpositionedtheOSmorepositivelyasanInternetplatformwiththeinclusionoftheInternetExplorerwebbrowserandInternetInformationServices—acombinationWorldWideWeb,FTP,andGopherserver.
ThethirdgenerationwasWindows2000,whichwasthelong-awaitedreleaseoftheoperatingsystemthatwasoriginallycode-namedCairo.TheWindows2000interfacewasarefinedversionoftheNT4/Windows95graphicaluserinterface(GUI),butthebiggestimprovementwastheinclusionofActiveDirectory,anenterprisedirectoryservicethatrepresentedaquantumleapoverthedomain-baseddirectoryserviceincludedinWindowsNT.WindowsXPwasthenext-generationoperatingsystemthatbroughttheDOS-basedworldofWindows95,98,andMEtogetherwiththeWindowsNT/2000designtoformasingleproductlinethatwassuitableforbothhomeandofficecomputers.
SinceWindowsXP(whichwasnolongerautomaticallyupdatedafterApril2014),therehavebeenseveralnewsystems.WindowsVistawasreleasedin2006andincludedIPv6,comprehensivewirelessnetworking,and64-bitsupport.Vistareceivedgeneralcriticismbasedonseveralfactors,suchasperformance,whichwascriticizedasnotbeingmuchofanimprovementoverWindowsXP.ManyusersresoundinglyattackedtheenhancementsthatweresupposedtocreateadditionalsecuritysuchastheproductactivationrequirementsandthepersistentUserAccountControl(UAC)securityfeature.(UACinWindowsVistarequiredapprovalofeachapplicationbeforeitcouldbeutilized.)Inretrospect,WindowsVistaisoftenconsideredtobeoneofthebiggesttechfailuresoftheearlyyearsofthe21stcentury.
AfterthefailureofWindowsVista,MicrosoftintroducedWindows7in2009.Originallydesignedasanincrementalupgrade,thisversionincludedarevampedUACandmuchbetterperformanceandintuitiveinterface.Itofferedimprovedperformancewiththemulticoreprocessorsthatwerebecomingcommon,supportformoremoderngraphicscards,mediafeatures,andfastboottimes,aswellassupportforvirtualharddisks.
In2013,MicrosoftintroducedWindows8.Windows8wasvisuallyquitedifferentfromearliersystemsandwasdesignedtoworkontouchscreens(suchasthoseonmobiledevices)aswellaswithamouseandkeyboard.Bycombiningthemobile-friendlyscreenswiththeWindowsdesktopwithwhichmostwerefamiliar,theresultwasasystemthatpleasednoone.Withinafewmonths(byMicrosoftstandards),Windows8.1wasreleased,whichkeptmanyofthefeaturesofthe“mobile”screensbutmadethedesktopmoreaccessibletopleasedesktopusers.
Microsofthastraditionallyreleaseditsserversoftwareinconjunctionwithitsoperatingsystems.However,startingwithWindowsServer2008(R2),ithassometimeschangedreleasetimes.Thelatestversion,WindowsServer2012R2,however,was
![Page 417: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/417.jpg)
releasedatthesametimeasWindows8.1inOctoberof2013.
ServicePacksTraditionally,MicrosofthasreleasedregularupdatestotheWindowsproductsintheformofservicepacks,whichcontainnumerousfixesandupgradesinonepackage,usingasingleinstallationroutine.Microsoftwasoneofthefirstsoftwarecompaniestoadoptthisupdatereleasemethod,whichwasavastimprovementoverdozensofsmallpatchreleases(sometimescalledhotfixes)thataddressedsingle,specificissues.Apartfromtheinconvenienceofdownloadingandinstallingmanysmallpatches,thisupdatemethodwasatechnicalsupportnightmarebecauseitwasdifficultforboththeuserandthetechniciantoknowexactlywhichpatcheshadbeeninstalled.ServicepacksweredesignedtodetectthecomponentsinstalledonaWindowscomputerandinstallonlytheupdatesneededbythosecomponents.
Servicepacksconsistofasinglereleaseforallofthevariouseditionsofanoperatingsystem.Servicepacksoftenconsistofmorethanjustbugfixes.Theymayincludeupgradedversionsofoperatingsystemutilities,newfeatures,orentirelynewprograms.Allofthecomponentsareinstalledatthesametimebytheservicepack’ssetupprogram.Servicepacksaresometimes(butnotalways)cumulative,meaningthateachsuccessiveservicepackforaparticularproductcontainsthecontentsofallofthepreviousservicepacksforthatproduct.ThissimplifiestheprocessofinstallingWindowsonanewcomputerorupdatingonethathasn’tbeenpatchedinsometime,butitalsocausestheservicepackreleasestogrowverylarge.MicrosoftmakesitsservicepacksavailableasfreedownloadsoronCD-ROMs,forwhichyoumustpaypostage,handling,andmediafees.
Again,traditionally,Microsoft’spolicywastoproducesecurityfixesforboththecurrentservicepackandthepreviousone.ITpeopleappreciatedthisbecausethisallowedplentyoftimetotestthenewupdatebeforeitwasdeployedacrosstheirnetworks.However,whenthefirstupdatetoWindows8.1wasreleasedinApril2014,thispolicyseemstohavechanged.MicrosoftstatedthatthisupdatewasmandatoryandthatallfuturesecurityupdateswouldrequiretheAprilupdatetobeinstalled.Thispolicyandtheupdatemaysignaltheendofservicepacksastheypreviouslybeenknown.
MicrosoftTechnicalSupportForthenetworkadministratorwhoisheavilycommittedtotheuseofMicrosoftproducts,MicrosoftTechNetwasasubscription-basedCD-ROMproductthatwasaninvaluableresourcefortechnicalinformationandproductupdatesthatendedin2013.ThemonthlyreleasestypicallyincludedsixormoreCD-ROMscontainingresourcekits,documentation,theentireKnowledgeBaseforalloftheMicrosoftproducts,andalotofothermaterial.
Startingin2013,Microsoftreplacedthisprogramwithanumberoffreeresources,includingtheTechNetEvaluationCenterlocatedathttp://technet.microsoft.com/en-US/evalcenter.ThesenewservicesforITprofessionalsincludeTechNetVirtualLabsforfreeonlinetesting.Thisenvironmentisdesignedtoevaluatenewproducts;the
![Page 418: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/418.jpg)
documentationstatesthatthetestingcanbecompletedonlineinlessthantwohours,sothereisnoneedtoinstallevaluationcopieslocally.MicrosoftalsohaspaidsubscriptionsforaccesstobothcurrentandpriorsoftwareversionsthroughitsMSDNandMAPSprograms.BothofferITprofessionalsthechancetodownloadproducts,askquestions,testproducts,andtakee-learningclassesonMicrosoftproducts.
Inaddition,MicrosofthascreatedaprogramforstudentscalledDreamSpark.Thisprogramallowsregisteredstudentstodownloadsoftwarefortestingandstudy.Forsmallbusinessstartups,asimilarprogramcalledBizSparkisavailablebasedoncertaineligibilitycriteria.Thereareadditional(free)coursesavailablethroughtheMicrosoftVirtualAcademysiteatwww.microsoftvirtualacademy.com.
OperatingSystemOverviewWindowssystemsaremodularoperatingsystemsthataredesignedtotakeadvantageoftheadvancedcapabilitiesbuiltintothelatestprocessors,whileleavingbehindthememoryandstorageconstraintsimposedbyDOS-basedoperatingsystems.EarlyoperatingsystemssuchasDOSweremonolithic—thatis,theentireOSconsistedofasinglefunctionalunit,whichmadeitdifficulttoupgradeandmodify.BycreatinganOScomposedofmanyseparatecomponents,Microsoftmadeiteasiertoupgradeandmodifypartsoftheoperatingsystemwithoutaffectingotherelementsintheoverallfunctionalityofthewhole.
KernelModeComponentsTheWindowsoperatingsystemsarecomposedofcomponentsthatruninoneoftwomodes:kernelmodeandusermode(seeFigure17-1).Acomponentrunninginkernelmodehasfullaccesstothesystem’shardwareresourcesviathehardwareabstractionlayer(HAL),whichisavirtualinterfacethatisolatesthekernelfromthecomputerhardware.AbstractingthekernelfromthehardwaremakesitfareasiertoporttheOStodifferenthardwareplatforms.
![Page 419: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/419.jpg)
Figure17-1Windowsarchitecture
TheOSkernelitselfisresponsiblefordelegatingspecifictaskstothesystemprocessororprocessorsandotherhardware.Tasksconsistofprocesses,brokendownintothreads,whicharethesmallestunitsthatthekernelcanscheduleforexecutionbyaprocessor.Athreadisasequenceofinstructionstowhichthekernelassignsaprioritylevelthatdetermineswhenitwillbeexecuted.Whenthecomputerhasmultipleprocessors,thekernelrunsonallofthemsimultaneously,sharingaccesstospecificmemoryareasandallocatingthreadstospecificprocessorsaccordingtotheirpriorities.
InadditiontotheHALandthekernel,Windows’executiveservicesruninkernelmode.Theseexecutiveservicesconsistofthefollowingcomponents.
ObjectManagerWindowscreatesobjectsthatfunctionasabstractrepresentationsofoperatingsystemresources,suchashardwaredevicesandfilesystementities.Anobjectconsistsofinformationabouttheresourceitrepresentsandalistofmethods,whichareproceduresusedtoaccesstheobject.Afileobject,forexample,consistsofinformationsuchasthefile’snameandmethodsdescribingtheoperationsthatcanbeperformedonthefile,suchasopen,close,anddelete.
TheWindowsObjectManagermaintainsahierarchical,globalnamespaceinwhichtheobjectsarestored.Forexample,whenthesystemloadsakernelmodedevicedriver,itregistersadevicenamewiththeObjectManager,suchas\Device\CDRom0foraCD-ROMdriveor\Device\Serial0foraserialport.Theobjectsthemselvesarestoredindirectoriessimilartothoseinafilesystem,buttheyarenotpartofanyWindowsfilesystem.Inadditiontohardwaredevices,objectscanreferencebothabstractandconcreteentities,includingthefollowing:
•Files
![Page 420: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/420.jpg)
•Directories
•Processes
•Threads
•Memorysegments
•Semaphores
Byusingastandardformatforallobjects,regardlessofthetypeofentitiestheyrepresent,theObjectManagerprovidesaunifiedinterfaceforobjectcreation,security,monitoring,andauditing.Accesstoobjectsinthenamespaceisprovidedtosystemprocessesusingobjecthandles,whichcontainpointerstotheobjectsandtoaccesscontrolinformation.
NOTEThekernelmodeobjectsdiscussedherearenotequivalenttotheobjectsintheActiveDirectorydatabase.Theyaretwocompletelydifferenthierarchies.ActiveDirectoryrunsinusermodewithintheWindowssecuritysubsystem.
Usually,theonlyplacesthatyouseedevicesreferredtobytheseobjectnamesareentriesintheregistry’sHKEY_LOCAL_MACHINE\HARDWAREkeyanderrormessagessuchasthosedisplayedintheinfamous“bluescreenofdeath.”ApplicationstypicallyrunintheWin32subsystem,whichisausermodecomponentthatcannotuseinternalWindowsdevicenames.Instead,theWin32subsystemreferencesdevicesusingstandardMS-DOSdevicenames,likedrivelettersandportdesignationssuchasCOM1.TheseMS-DOSnamesexistasobjectsintheObjectManager’snamespace,inadirectorycalled\??,buttheydonothavethesamepropertiesastheoriginalresources;theyareactuallyonlysymboliclinkstotheequivalentWindowsdevicenames.
SecurityReferenceMonitorEveryWindowsobjecthasanaccesscontrollist(ACL)thatcontainsaccesscontrolentries(ACEs)thatspecifythesecurityidentifiers(SIDs)ofusersorgroupsthataretobepermittedaccesstotheobject,aswellasthespecificactionsthattheuserorgroupcanperform.Whenausersuccessfullylogsontothecomputer,Windowscreatesasecurityaccesstoken(SAT)thatcontainstheSIDsoftheuserandallthegroupsofwhichtheuserisamember.Whenevertheuserattemptstoaccessanobject,theSecurityReferenceMonitorisresponsibleforcomparingtheSATwiththeACLtodeterminewhethertheusershouldbegrantedthataccess.
ProcessandThreadManagerTheProcessandThreadManagerisresponsibleforcreatinganddeletingtheprocessobjectsthatenablesoftwaretorunonaWindowssystem.Eachprocess(orsoftwareprogram)hasitsuniqueidentifier,andathreadistheidentifierforthepartoftheprogramthatiscurrentlyrunning.Aprocessobjectincludesavirtualaddressspaceandacollectionofresourcesallocatedtotheprocess,aswellasthreadscontainingtheinstructionsthatwillbeassignedtothesystemprocessors.Whenamachinehasonlyoneprocessor,each
![Page 421: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/421.jpg)
threadmustberunbyitself.Afterthatthreadhascompleted,theprocessorexecutesthenextthread.Onamachinewithmorethanoneprocessor,aprogram(application)withmultiplethreadscanexecutethosemultiplethreads,withonethreadbeingrunoneachprocessor.
VirtualMemoryManagerTheabilitytousevirtualmemorywasoneofthemajorPCcomputingadvancementsintroducedintheIntel80386processor,andWindowsNTand2000weredesignedaroundthiscapability.Virtualmemoryistheabilitytousethecomputer’sdiskspaceasanextensiontothephysicalmemoryinstalledinthemachine.
EveryprocesscreatedonaWindowscomputerbytheProcessManagerisassignedavirtualaddressspacethatappearstobe4GBinsize.TheVirtualMemoryManager(VMM)isresponsibleformappingthatvirtualaddressspacetoactualsystemmemory,asneeded,in4KBunitscalledpages.Whenthereisnotenoughphysicalmemoryinthecomputertoholdallofthepagesallocatedbytherunningprocesses,theVMMswapstheleastrecentlyusedpagestoafileonthesystem’sharddiskdrivecalledPagefile.sys.Thisswappingprocessisknownasmemorypaging.
LocalProcedureCallFacilityTheenvironmentalsubsystemsthatruninWindows’usermode(suchastheWin32subsystem)areutilizedbyapplications(alsorunninginusermode)inaserver-clientrelationship.Themessagesbetweentheclientsandserversarecarriedbythelocalprocedurecall(LPC)facility.Localprocedurecallsareessentiallyaninternalizedversionoftheremoteprocedurecallsusedformessagingbetweensystemsconnectedbyanetwork.
Whenanapplication(functioningasaclient)makesacallforafunctionthatisprovidedbyoneoftheenvironmentalsubsystems,amessagecontainingthatcallistransmittedtotheappropriatesubsystemusingLPCs.Thesubsystem(functioningastheserver)receivesthemessageandrepliesusingthesametypeofmessage.Theprocessiscompletelytransparenttotheapplication,whichisnotawarethatthefunctionisnotimplementedinitsowncode.
I/OManagerTheI/OManagerhandlesallofaWindowscomputer’sinput/outputfunctionsbyprovidingauniformenvironmentforcommunicationbetweenthevariousdriversloadedonthemachine.UsingthelayeredarchitectureshowninFigure17-2,theI/OManagerenableseachdrivertoutilizetheservicesofthedriversinthelowerlayers.Forexample,whenanapplicationneedstoaccessafileonadrive,theI/OManagerpassesanI/Orequestpacket(IRP)generatedbyafilesystemdriverdowntoadiskdriver.SincetheI/OManagercommunicateswithallofthedriversinthesameway,therequestcanbesatisfiedwithoutthefilesystemhavinganydirectknowledgeofthediskdevicewherethefileisstored.
![Page 422: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/422.jpg)
Figure17-2TheI/OManagerprovidesalayeredinterfacebetweenWindowsdrivers.
WindowManagerTheWindowManager,alongwiththeGraphicalDeviceInterface(GDI),isresponsibleforcreatingthegraphicaluserinterfaceusedbyWindowsapplications.ApplicationsmakecallstoWindowManagerfunctionsinordertocreatearchitecturalelementsonthescreen,suchasbuttonsandwindows.Inthesameway,theWindowManagerinformstheapplicationwhentheusermanipulatesscreenelementsbymovingthecursor,clickingbuttons,orresizingawindow.
![Page 423: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/423.jpg)
UserModeComponentsInadditiontothekernelmodeservices,Windowshastwotypesofprotectedsubsystemsthatruninusermode:environmentsubsystemsandintegralsubsystems.TheenvironmentsubsystemsenableWindowstorunapplicationsthatweredesignedforvariousOSenvironments,suchasWin32.Integralsubsystems,likethesecuritysystem,performvitalOSfunctions.UsermodesubsystemsareisolatedfromeachotherandfromtheWindowsexecutiveservicessothatmodificationstothesubsystemcodedonotaffectthefundamentaloperabilityoftheOS.Ifausermodecomponentsuchasasubsystemorapplicationshouldcrash,theothersubsystemsandtheWindowsexecutiveservicesarenotaffected.
TheWin32SubsystemWin32istheprimaryenvironmentsubsystemthatprovidessupportforallnativeWindowsapplications.AlloftheotherenvironmentsubsystemsincludedwithWindowsareoptionalandloadedonlywhenaclientapplicationneedsthem,butWin32isrequiredandrunsatalltimes.Thisisbecauseitisresponsibleforhandlingthekeyboardandmouseinputsandthedisplayoutputforalloftheothersubsystems.SincetheyrelyonWin32APIcalls,theotherenvironmentsubsystemscanallbesaidtobeclientsofWin32.
TheDOS/Win16SubsystemUnlikeearlierversionsofWindows,Windows2000andNTdidnotrunaDOSkernel,andasaresult,theycouldnotshellouttoaDOSsession.Instead,2000andNTemulatedDOSusingasubsystemthatcreatesvirtualDOSmachines(VDMs).EveryDOSapplicationusedaseparateVDMthatemulatedanIntelx86processorinVirtual86mode(evenonanon-Intelsystem).Alloftheapplication’sinstructionsrannativelywithintheVDMexceptforI/Ofunctions,whichwereemulatedusingvirtualdevicedrivers(VDDs).VDDsconvertedtheDOSI/OfunctionsintostandardWindowsAPIcallsandfedthemtotheI/OManager,whichsatisfiedthecallsusingthestandardWindowsdevicedrivers.
NOTEBecauseofthisemulation,notallDOSprogramsareguaranteedtorunoptimally.
ServicesAserviceisaprogramorothercomponentthatWindowsloadswiththeOSbeforeauserlogsonorseesthedesktopinterface.Servicesusuallyloadautomaticallyandpermitnointerferencefromthesystemuserasthey’reloading.Thisisincontrasttoothermechanismsthatloadprogramsautomatically,suchastheStartupprogramgroup.Auserwithappropriaterightscanstart,stop,andpauseservicesusingtheServicesconsoleortheNETcommandandalsospecifywhetheraparticularserviceshouldloadwhenthesystemstarts,notloadatall,orrequireamanualstartup.SeeFigure17-3fortheoptions.
![Page 424: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/424.jpg)
Figure17-3TheNETcommandisusedfromthecommandprompt.
Userswithoutadministrativerightscannotcontroltheservicesatall,whichmakestheservicesausefultoolfornetworkadministrators.Youcan,forexample,configureaworkstationtoloadaparticularserviceatstartup,anditwillrunwhetherauserlogsonornot.TheServerservice,forexample,whichenablesnetworkuserstoaccessthecomputer’sshares,loadsautomaticallybydefault.Evenifnoonelogsontothecomputer,itispossibletoaccessitssharesfromthenetwork.
TheWindowsNetworkingArchitectureNetworkingisanintegralpartofWindows,andtheoperatingsystemsuseamodularnetworkingarchitecturethatprovidesagreatdealofflexibilityforthenetworkadministrator.WhilenotperfectlyanalogoustotheOpenSystemsInterconnection(OSI)referencemodel,theWindowsnetworkingarchitectureisstructuredinlayersthatprovideinterchangeabilityofmodulessuchasnetworkadapterdriversandprotocols.Figure17-4showsthebasicstructureofthenetworkingstack.
Figure17-4TheWindowsnetworkingarchitecture
Windowsreliesontwoprimaryinterfacestoseparatethebasicnetworkingfunctions,calledtheNDISinterfaceandTransportDriverInterface(TDI).Betweenthesetwointerfacesaretheprotocolsuitesthatprovidetransportservicesbetweencomputersonthenetwork:TCP/IP,NetBEUI,andIPX.Althoughtheyhavedifferentfeatures,thesethreesetsofprotocolsareinterchangeablewhenitcomestobasicnetworkingservices.AWindowscomputercanuseanyoftheseprotocolsorallofthemsimultaneously.TheTDIandNDISinterfacesenablethecomponentsoperatingaboveandbelowthemtoaddresswhicheverprotocolisneededtoperformaparticulartask.
TheNDISInterface
![Page 425: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/425.jpg)
TheNetworkDriverInterfaceSpecification(NDIS)isastandarddevelopedjointlybyMicrosoftand3Comthatdefinesaninterfacebetweenthenetworklayerprotocolsandthemediaaccesscontrol(MAC)sublayerofthedatalinklayerprotocol.TheNDISinterfaceliesbetweenthenetworkadapterdriversandtheprotocoldrivers.Protocolsdonotcommunicatedirectlywiththenetworkadapter;instead,theygothroughtheNDISinterface.ThisenablesaWindowscomputertohaveanynumberofnetworkadaptersandanynumberofprotocolsinstalled,andanyprotocolcancommunicatewithanyadapter.
ThelatestversionofNDISis6.10,whichappearedinWindowsVista.NDIS6.30isincludedinWindows8,andNDIS6.40withWindows8.1.ItisimplementedonaWindows8systemintwoparts:theNDISwrapper(Ndis.sys)andtheNDISMACdriver.TheNDISwrapperisnotdevicespecific;itcontainscommoncodethatsurroundstheMACdriversandprovidestheinterfacebetweenthenetworkadapterdriversandtheprotocoldriversinstalledinthecomputer.ThisreplacestheProtocolManager(PROTMAN)usedbyotherNDISversionstoregulateaccesstothenetworkadapter.
TheNDISMACdriverisdevicespecificandprovidesthecodeneededforthesystemtocommunicatewiththenetworkinterfaceadapter.Thisincludesthemechanismforselectingthehardwareresourcesthedeviceuses,suchastheIRQandI/Oportaddress.AllofthenetworkinterfaceadaptersinaWindowssystemmusthaveanNDISdriver,whichisprovidedbyvirtuallyallofthemanufacturersproducingNICstoday.
TheTransportDriverInterfaceTheTransportDriverInterface(TDI)performsroughlythesamebasicfunctionastheNDISwrapperbuthigherupinthenetworkingstack.TheTDIfunctionsastheinterfacebetweentheprotocoldriversandthecomponentsoperatingabovethem,suchastheserverandtheredirectors.Trafficmovingupanddownthestackpassesthroughtheinterfaceandcanbedirectedtoanyoftheinstalledprotocolsorothercomponents.
AbovetheTDI,Windowshasseveralmorecomponentsthatapplicationsusetoaccessnetworkresourcesinvariousways,usingtheTDIastheinterfacetotheprotocoldrivers.BecauseWindowsisapeer-to-peeroperatingsystem,therearecomponentsthathandletrafficrunninginbothdirections.ThemostbasicofthesecomponentsaretheWorkstationandServerservices,whichenablethesystemtoaccessnetworkresourcesandprovidenetworkclientswithaccesstolocalresources(respectively).Alsoatthislayerareapplicationprogramminginterfaces(APIs),suchasNetBIOSandWindowsSockets,whichprovideapplicationsrunningonthesystemspecialaccesstocertainnetworkresources.
EffectivewithWindows8,whichhastwoworkingmodes,MetroandDesktop,TDIisbeingphasedout.(Youmayseeamessage“TDIfiltersandLSPsarenotallowed”whenworkinginMetromode.)MostappsthatworkedinWindows7alsoworkinDesktopmode,includingLSP.However,MetromodecannotusethenormalWinAPIandinsteadusesWinRT,whichhasbeendevelopedespeciallyforWindows8.
NOTELayerServiceProtocolsisaretiredMicrosoftWindowsservicethatcouldinsertitselfintotheTCP/IPprotocolstackandmodifyandintercept
![Page 426: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/426.jpg)
bothinboundandoutboundtraffic.
TheWorkstationServiceWhenyouopenafileorprintadocumentinanapplication,theprocessisthesamewhetherthefileorprinterispartofthelocalsystemoronthenetwork,asfarastheuserandtheapplicationareconcerned.TheWorkstationservicedetermineswhethertherequestedfileorprinterislocaloronthenetworkandsendstherequesttotheappropriatedriver.Byprovidingaccesstonetworkresourcesinthisway,theWorkstationserviceisessentiallytheclienthalfofWindows’client-servercapability.
TheWorkstationserviceconsistsoftwomodules:Services.exe,theServiceControlManager,whichfunctionsastheusermodeinterfaceforallservices;andtheWindowsnetworkredirector.Whenanapplicationrequestsaccesstoafile,therequestgoestotheI/OManager,whichpassesittotheappropriatefilesystemdriver.Theredirectorisalsoafilesystemdriver,butinsteadofprovidingaccesstoalocaldrive,theredirectortransmitstherequestdownthroughtheprotocolstacktotheappropriatenetworkresource.TheI/OManagertreatsaredirectornodifferentlyfromanyotherfilesystemdrivers.WindowsinstallsaredirectorfortheMicrosoftWindowsnetworkbydefault.
TheMultipleUNCProviderInthecaseofasystemwithmultiplenetworkclients(andmultipleredirectors),Windowsusesoneoftwomechanismsfordeterminingwhichredirectoritshoulduse,dependingonhowanapplicationformatsitsrequestsfornetworkresources.ThemultipleUNCprovider(MUP)isusedforapplicationsthatuseUniformNamingConvention(UNC)namestospecifythedesiredresource,andthemultiproviderrouter(MPR)isusedforapplicationsthatuseWin32networkAPIs.
TheUNCdefinestheformatthatWindowsusesforidentifyingnetworkitems.UNCnamestakethefollowingform:
\server\share
TheMultiproviderRouterForapplicationsthatrequestaccesstonetworkresourcesusingtheWin32networkAPIs(alsoknownastheWNetAPIs),themultiproviderrouterdetermineswhichredirectorshouldprocesstherequests.Inadditiontoaredirector,anetworkclientinstalledonaWindowscomputerincludesaproviderDLLthatfunctionsasaninterfacebetweentheMPRandtheredirector.TheMPRpassestherequeststhatitreceivesfromapplicationstotheappropriateproviderDLLs,whichpassthemtotheredirectors.
TheServerServiceJustastheWorkstationserviceprovidesnetworkclientcapabilities,theServerserviceenablesotherclientsonthenetworktoaccessthecomputer’slocalresources.Whentheredirectoronaclientsystemtransmitsarequestforaccesstoafileonaserver,thereceivingsystempassestherequestuptheprotocolstacktotheServerservice.TheServer
![Page 427: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/427.jpg)
serviceisafilesystemdriver(calledSrv.sys)thatisstartedbytheServiceControlManager,justliketheWorkstationservice,thatoperatesjustabovetheTDI.WhentheServerservicereceivesarequestforaccesstoafile,itgeneratesareadrequestandsendsittotheappropriatelocalfilesystemdriver(suchastheNTFSorFATdriver)throughtheI/OManager.ThelocalfilesystemdriveraccessestherequestedfileintheusualmannerandreturnsittotheServerservice,whichtransmitsitacrossthenetworktotheclient.TheServerservicealsoprovidessupportforprintersharing,aswellasremoteprocedurecalls(RPCs)andnamedpipes,whichareothermechanismsusedbyapplicationstocommunicateoverthenetwork.
APIsServicesarenottheonlycomponentsthatinteractwiththeTDIonaWindowssystem.Applicationprogramminginterfaces,suchasNetBIOSandWindowsSockets,alsosendandreceivedatathroughtheTDI,enablingcertaintypesofapplicationstocommunicatewithothernetworksystemswithoutusingtheServerandWorkstationservices.WindowsalsosupportsotherAPIsthatoperatehigherupinthestackandusethestandardservicestoreachtheTDI.
NetBIOSNetBIOSwasanintegralcomponentofMicrosoftWindowsnetworkingthroughWindowsXPbecauseitprovidesthenamespaceusedtoidentifythedomains,computers,andsharesonthenetwork.BecauseofitsdependenceonNetBIOS,Windowssupportsitinallofitsprotocols.NetBEUIisinherentlydesignedforusewithNetBIOScommunications,andtheNetBIOSoverTCP/IP(NetBT)standardsdefinedbytheInternetEngineeringTaskForce(IETF)enableitsusewiththeTCP/IPprotocols.BecauseNetBIOScouldbeusedtogatherinformationaboutyournetwork(andeachcomputer),manypeopledisableitinbothWindows7andWindows8.
NOTEIntoday’snetworks,NetBIOSisoftenusedforfileandprintsharingonalocalnetwork.Thisleavesanopenpathforhackers.Youcanremovetheriskintwoways.DisableNetBIOSthroughyournetworkconnectionsettingsonyourEthernetadapterordisabletheportsusedbyNetBIOS:
UDP137,theNetBIOSnameserviceport
UDP138,theNetBIOSdatagramserviceport
TCP139,theNetBIOSsessionserviceport
WindowsSocketsTheWindowsSocketsspecificationdefinesoneoftheAPIsthatismostcommonlyusedbyapplicationsbecauseitistheacceptedstandardforInternetnetworkaccess.Webbrowsers,FTPclients,andotherInternetclientandserverapplicationsalluseWindowsSockets(Winsock)togainaccesstonetworkresources.UnlikeNetBIOS,WinsockdoesnotsupportalloftheWindowsprotocols.WhileitcanbeusedwithNWLink(IPX),theoverwhelmingmajorityofWinsockapplicationsuseTCP/IPexclusively.Aswith
![Page 428: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/428.jpg)
NetBIOS,WinsockisimplementedinWindowsasakernelmodeemulatorjustabovetheTDIandausermodedriver,calledWsock32.dll.
FileSystemsTheFATfilesystemwasaholdoverfromtheDOSdaysthatthedevelopersoftheoriginalWindowsNTproductwereseekingtotranscend.Whileanadequatesolutionforaworkstation,the16-bitFATfilesystemusedbyDOScannotsupportthelargevolumestypicallyrequiredonservers,anditlacksanysortofaccesscontrolmechanism.
FAT16ThetraditionalDOSfilesystemdividedaharddiskdriveintovolumesthatwerecomposedofuniformlysizedclustersandusedafileallocationtable(FAT)tokeeptrackofthedatastoredineachcluster.Eachdirectoryonthedrivecontainedalistofthefilesinthatdirectoryand,inadditiontothefilenameandotherattributes,specifiedtheentryintheFATthatrepresentedtheclustercontainingthebeginningofthefile.ThatfirstFATentrycontainedareferencetoanotherentrythatreferencesthefile’ssecondcluster,thesecondentryreferencesthethird,andsoon,untilenoughclustersareallocatedtostoretheentirefile.ThisisknownasaFATchain.
NOTEItwasonlywiththeintroductionoftheFAT32filesystemthatthetraditionalFATfilesystemcametobecalledFAT16.Inmostcases,referencestoaFATdrivewithoutanumericalidentifierrefertoaFAT16drive.
TheotherlimitingfactoroftheFATfilesystemisthatasclustersgrowlarger,moredrivespaceiswastedbecauseofslack.Slackisthefractionofaclusterleftemptywhenthelastbitofdatainafilefailstocompletelyfillthelastclusterinthechain.When3KBofdatafromafileislefttostore,forexample,avolumewith4KBclusterswillcontain1KBofslack,whileavolumewith64KBclusterswillwaste61KB.WindowsNTisdesignedtobeaserverOSaswellasaworkstationOS,andserversarenaturallyexpectedtohavemuchlargerdrives.Theamountofslackspaceandthe4GBlimitonvolumesizearenotacceptableforaserverOS.
TheothermajorshortcomingoftheFATfilesystemistheamountofinformationabouteachfilethatisstoredonthediskdrive.Inadditiontothedataitself,aFATdrivemaintainsthefollowinginformationabouteachfile:
•FilenameLimitedtoaneight-characternameplusathree-characterextension
•AttributesContainsfourusablefileattributes:Read-only,Hidden,System,andArchive
•Date/timeSpecifiesthedateandtimethatthefilewascreatedorlastmodified
•SizeSpecifiesthesizeofthefile,inbytes
![Page 429: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/429.jpg)
FAT32Asharddiskdrivecapacitiesgrewovertheyears,thelimitationsoftheFATfilesystembecamemoreofaproblem.Toaddresstheproblem,Microsoftcreatedafilesystemthatused32-bitFATentriesinsteadof16-bitones.Thelargerentriesmeantthattherecouldbemoreclustersonadrive.TheresultswerethatthemaximumsizeofaFAT32volumeis2terabytes(or2,048GB)insteadof2GBforaFAT16drive,andtheclusterscanbemuchsmaller,thusreducingthewastebecauseofslackspace.
TheFAT32filesystemwasintroducedintheWindows95OSR2releaseandwasalsoincludedinWindows98,WindowsME,andWindows2000.FAT32supportedlargervolumesandsmallerclusters,butitdidnotprovideanyappreciablechangeinperformance,anditstilldidnothavetheaccesscontrolcapabilitiesneededfornetworkserverslikeNTFSdoes.
NTFSNTFSwasthefilesystemintendedtobeusedthroughWindows7.Withoutit,youcannotinstallActiveDirectoryorimplementthefileanddirectory-basedpermissionsneededtosecureadrivefornetworkuse.BecauseitusesacompletelydifferentstructurethanFATdrives,youcannotcreateNTFSdrivesusingtheFDISKutility.
IntheNTFSfilesystem,filestaketheformofobjectsthatconsistofanumberofattributes.UnlikeDOS,inwhichthetermattributetypicallyrefersonlytotheRead-only,System,Hidden,andArchiveflags,NTFStreatsalloftheinformationregardingthefileasanattribute,includingtheflags,thedates,thesize,thefilename,andeventhefiledataitself.NTFSalsodiffersfromFATinthattheattributesarestoredwiththefile,insteadofinaseparatedirectorylisting.
TheequivalentstructuretotheFATonanNTFSdriveiscalledthemasterfiletable(MFT).UnlikeFAT,however,theMFTcontainsmorethanjustpointerstootherlocationsonthedisk.Inthecaseofrelativelysmallfiles(uptoapproximately1,500bytes),alloftheattributesareincludedintheMFT,includingthefiledata.Whenlargeramountsofdataneedtobestored,additionaldiskclusterscalledextentsareallocated,andpointersareincludedwiththefile’sattributesintheMFT.TheattributesstoredintheMFTarecalledresidentattributes;thosestoredinextentsarecallednonresidentattributes.
InadditiontothefourstandardDOSfileattributes,anNTFSfileincludesaCompressionflag;twodates/timesspecifyingwhenthefilewascreatedandwhenitwaslastmodified;andasecuritydescriptorthatidentifiestheownerofthefile,liststheusersandgroupsthatarepermittedtoaccessit,andspecifieswhataccesstheyaretobegranted.
ResilientFileSystemStartingwithWindowsServer2012andWindowsServer8,MicrosofthasintroducedResilientFileSystem(ReFS),animprovedsystemthathastheabilitytohandlemuchhighervolumesandcansharestoragepoolsacrossmachines.ItisbuiltontheNTFS,andoneofitsmainadvantagesistheabilitytodetectallformsofdiskcorruption.Primarilydesignedforstorageatthispoint,itcannotbootanoperatingsystemorbeusedon
![Page 430: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/430.jpg)
removablemedia.
TheWindowsRegistryTheregistryisthedatabasewhereWindowsstoresnearlyallofitssystemconfigurationdata.Asasystemornetworkadministrator,you’llbeworkingwiththeregistryinavarietyofways,sincemanyoftheWindowsconfigurationtoolsfunctionbymodifyingentriesintheregistry.Theregistryisahierarchicaldatabasethatisdisplayedinmostregistryeditorapplicationsasanexpandabletree,notunlikeadirectorytree.Attherootofthetreearefivecontainers,calledkeys,withthefollowingnames:
•HKEY_CLASSES_ROOTContainsinformationonfileassociations—thatis,associationsbetweenfilenameextensionsandapplications.
•HKEY_CURRENT_USERContainsconfigurationinformationspecifictotheusercurrentlyloggedontothesystem.Thiskeyistheprimarycomponentofauserprofile.
•HKEY_LOCAL_MACHINEContainsinformationonthehardwareandsoftwareinstalledinthecomputer,thesystemconfiguration,andtheSecurityAccountsManagerdatabase.Theentriesinthiskeyapplytoallusersofthesystem.
•HKEY_USERSContainsinformationonthecurrentlyloadeduserprofiles,includingtheprofilefortheuserwhoiscurrentlyloggedonandthedefaultuserprofile.
•HKEY_CURRENT_CONFIGContainshardwareprofileinformationusedduringthesystembootsequence.
Inmostcases,youworkwiththeentriesintheHKEY_LOCAL_MACHINEandHKEY_CURRENT_USERkeys(oftenabbreviatedastheHKLMandHKCU,respectively)whenyouconfigureaWindowssystem,whetheryouareawareofitornot.Whenthekeysaresavedasfiles,asinthecaseofuserprofiles,they’reoftenreferredtoashives.Whenyouexpandoneofthesekeys,youseeaseriesofsubkeys,ofteninseverallayers.Thekeysandsubkeysfunctionasorganizationalcontainersfortheregistryentries,whichcontaintheactualconfigurationdataforthesystem.Aregistryentryconsistsofthreecomponents:thevaluename,thevaluetype,andthevalueitself.
Thevaluenameidentifiestheentryforwhichavalueisspecified.Thevaluetypespecifiesthenatureofthedatastoredintheentry,suchaswhetheritcontainsabinaryvalue,analphanumericstringofagivensize,ormultiplevalues.Thevaluetypesfoundintheregistryareasfollows:
•REG_SZIndicatesthatthevalueconsistsofastringofalphanumericcharacters.Manyoftheuser-configurablevaluesintheregistryareofthistype.
•REG_DWORDIndicatesthatthevalueconsistsofa4-bytenumericalvalueusedtospecifyinformationsuchasdeviceparameters,servicevalues,andothernumericconfigurationparameters.
•REG_MULTI_SZSameastheREG_SZvaluetype,exceptthattheentry
![Page 431: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/431.jpg)
containsmultiplestringvalues.
•REG_EXPAND_SZSameastheREG_SZvaluetype,exceptthattheentrycontainsavariable(suchas%SystemRoot%)thatmustbereplacedwhenthevalueisaccessedbyanapplication.
•REG_BINARYIndicatesthatthevalueconsistsofrawbinarydata,usuallyusedforhardwareconfigurationinformation.Youshouldnotmodifytheseentriesmanuallyunlessyouarefamiliarwiththefunctionofeverybinarybitinthevalue.
•REG_FULL_RESOURCE_DESCRIPTORIndicatesthatthevalueholdsconfigurationdataforhardwaredevicesintheformofaninformationrecordwithmultiplefields.
Theregistryhierarchyislargeandcomplex,andthenamesofitskeysandentriesareoftencryptic.Locatingthecorrectentrycanbedifficult,andthevaluesareoftenlessthanintuitive.Whenyouedittheregistrymanually,youmustbecarefultosupplythecorrectvalueforthecorrectentryortheresultscanbecatastrophic.Anincorrectregistrymodificationcanhaltthecomputerorpreventitfrombooting,forcingyoutoreinstallWindowsfromscratch.
Becauseoftheregistry’ssensitivitytoimproperhandling,selectingthepropertooltomodifyitiscrucial.Thetrade-offinWindows’registryeditingtoolsisbetweenasafe,easy-to-useinterfacewithlimitedregistryaccessandcomprehensiveaccessusingalessintuitiveinterface.ThefollowingsectionsexaminethevariousregistryeditingtoolsincludedwithWindows.
TheControlPanelAlthoughitisn’tevidentfromtheinterface,mostofthefunctionsintheWindowsControlPanelworkbymodifyingsettingsintheregistry.TheControlPanel’sgraphicalinterfaceprovidesuserswithsimplifiedaccesstotheregistryandpreventsthemfromintroducingincorrectvaluesduetotypographicalerrors.YoucanalsouseWindows’securitymechanismstopreventunauthorizedaccesstocertainregistrysettingsthroughtheControlPanel.ThemaindisadvantageofusingtheControlPaneltomodifytheregistryisthatitprovidesuseraccesstoonlyasmallfractionoftheregistry’ssettings.
TheSystemPolicyEditorSystempoliciesarecollectionsofregistrysettingssavedinapolicyfilethatyoucanconfigureaWindowscomputertoloadwheneverauserlogsontothesystemorthenetwork.YoucancreatedifferentsetsofpoliciesforeachofyournetworkuserssothatwhenJohnDoelogsontoaworkstation,hiscustomizedregistrysettingsaredownloadedtothecomputerandloadedautomatically.WindowsincludesatoolcalledtheSystemPolicyEditorthatyoucanusetocreatepolicyfiles;youcanalsouseittomodifytheregistrydirectly.LiketheControlPanel,theSystemPolicyEditorusesagraphicalinterfacetosetregistryvalues,butitisfarmoreconfigurablethantheControlPanelandcanprovideaccesstoagreatmanymoreregistryentries.
ThesystempoliciesthattheSystemPolicyEditorlistsinitshierarchicaldisplayarederivedfromafilecalledapolicytemplate.ThetemplateisanASCIItextfilewithan
![Page 432: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/432.jpg)
.admextensionthatusesaspecialformattodefinehoweachpolicyshouldappearintheSystemPolicyEditorandwhichregistrysettingseachpolicyshouldmodify.Windowsincludesseveraltemplatefilesthatdefinepoliciesforawiderangeofsystemsettings,someofwhicharealsoconfigurablethroughtheControlPanel.Becausecreatinganewsystempolicyissimplyamatterofcreatinganewtemplate,softwaredeveloperscanincludewiththeirproductstemplatefilesthatdefineapplication-specificsystempolicies.Youcanalsocreateyourowntemplatestomodifyotherregistrysettings.
TheprocessofsettingvaluesforasystempolicybyusingtheSystemPolicyEditorconsistsofnavigatingthroughthehierarchicaldisplayandselectingapolicy.Somepoliciesconsistofasinglefeaturethatyoucantoggleonandoff,whileothershaveadditionalcontrolsintheformofcheckboxes,pull-downmenus,ordataentryfields.Tocreateapolicyfile,youselectthepoliciesyouwanttoset,specifyvaluesforthem,andthensavethemtoafilewitha.polextension.
TheSystemPolicyEditorcanalsodirectlymodifytheWindowsregistry,however.WhenyouselectFile|OpenRegistry,theprogramconnectstotheregistryonthelocalmachine.Whenyouconfigureapolicy,theprogramappliesthenecessarychangesdirectlytotheregistry.Inaddition,whenyouchooseFile|Connect,youcanselectanotherWindowscomputeronthenetworkandmodifyitsregistryfromyourremotelocation.
TheuseofcustomizabletemplatefilesmakestheSystemPolicyEditorafarmorecomprehensiveregistry-editingtoolthantheControlPanel.Youcanspecifyvaluesforawiderrangeofregistryentries,whilestillretainingtheadvantagesofthegraphicalinterface.BecausethechangesthattheSystemPolicyEditormakestotheregistryarecontrolledbythepolicytemplate,thepossibilityofamisspelledvalueinadataentryfieldstillexists,butthechancesofanincorrectvaluedamagingthesystemisfarlessthanwheneditingtheregistrymanually.
GroupPoliciesWindowsgrouppoliciesarethenextstepintheevolutionofthesystempoliciesfoundinWindowsNTand98.GrouppoliciesincludealloftheregistrymodificationcapabilitiesfoundinNTsystempolicies,plusagreatdealmore,suchastheabilitytoinstallandupdatesoftware,implementdiskquotas,andredirectfoldersonuserworkstationstonetworkshares.WhileNTsystempoliciesareassociatedwithdomainusersandgroups,WindowsgrouppoliciesareassociatedwithActiveDirectoryobjects,suchassites,domains,andorganizationalunits.
TheRegistryEditorsWindowsincludesaRegistryEditor,calledregedit.exe,thatprovidesdirectaccesstotheentireregistry.TherearemanyWindowsfeaturesyoucanconfigureusingtheRegistryEditorthatarenotaccessiblebyanyotheradministrativeinterface.TheseprogramsarethemostpowerfulandcomprehensivemeansofmodifyingregistrysettingsinWindowsandalsothemostdangerous.Theseeditorsdonotsupplyfriendlynamesfortheregistryentries,andtheydonotusepull-downmenusorcheckboxestospecifyvalues.Youmustlocate(orcreate)thecorrectentryandsupplythecorrectvalueintheproperformat,ortheresultscanbewildlyunpredictable.WindowsinstallstheRegistryEditorwiththeOS,but
![Page 433: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/433.jpg)
itdoesnotcreateshortcutsforthemintheStartmenuoronthedesktop.YoumustlaunchtheRegistryEditorbyusingtheRundialogbox,byusingWindowsExplorer,orbycreatingyourownshortcuts.LiketheSystemPolicyEditor,theRegistryEditorenablesyoutoconnecttoanotherWindowssystemonthenetworkandaccessitsregistry.
NOTEMakingregistryadjustmentscancausemajorissueswithyourcomputer.Registryeditingshouldbedoneonlyafteracompleteregistrybackup.
OptionalWindowsNetworkingServicesInadditiontoitscoreservices,Windows,particularlyintheServerversions,includesalargecollectionofoptionalservicesthatyoucanchoosetoinstalleitherwiththeOSoratanytimeafterward.Someoftheseservicesarediscussedinthefollowingsections.
ActiveDirectoryActiveDirectory,theenterprisedirectoryserviceincludedwithmostWindowsServerproducts,isahierarchical,replicateddirectoryservicedesignedtosupportnetworksofvirtuallyunlimitedsize.FormoreinformationonActiveDirectory,seeChapter18.
MicrosoftDHCPServerUnlikeNetBEUIandIPX,usingtheTCP/IPprotocolsonanetworkrequiresthateachcomputerbeconfiguredwithauniqueIPaddress,aswellasotherimportantsettings.ADynamicHostConfigurationProtocol(DHCP)serverisanapplicationdesignedtoautomaticallysupplyclientsystemswithTCP/IPconfigurationsettingsasneeded,thuseliminatingatediousmanualnetworkadministrationchore.
MicrosoftDNSServerTheDomainNameSystem(DNS)facilitatestheuseoffamiliarnamesforcomputersonaTCP/IPnetworkinsteadoftheIPaddressestheyusetocommunicate.DesignedforuseontheInternet,DNSserversresolvedomainnames(Internetdomainnames,notNTdomainnames)intoIPaddresses,eitherbyconsultingtheirownrecordsorbyforwardingtherequesttoanotherDNSserver.TheDNSserverincludedwithWindowshasaservertofunctionontheInternetinthiscapacity.
WindowsInternetNamingServiceWindowsInternetNamingService(WINS)isanotherservicethatsupportstheuseofTCP/IPonaWindowsnetwork.Windows9xandNTidentifiedsystemsusingNetBIOSnames,butinordertotransmitapackettoamachinewithagivennameusingTCP/IP,thesenderhadtofirstdiscovertheIPaddressassociatedwiththatname.WINSisessentiallyadatabaseserverthatstorestheNetBIOSnamesofthesystemsonthenetworkandtheirassociatedIPaddresses.Whenasystemwantstotransmit,itsendsaquerytoaWINSservercontainingtheNetBIOSnameofthedestinationsystem,andtheWINSserver
![Page 434: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/434.jpg)
replieswithitsIPaddress.
![Page 435: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/435.jpg)
CHAPTER
![Page 436: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/436.jpg)
18 ActiveDirectory
Thedomain-baseddirectoryserviceusedbyWindowsoncecameunderfireforitsinabilitytoscaleuptosupportlargernetworks.Anenterprisenetworkthatconsistsofmultipledomainsislimitedinitscommunicationbetweenthosedomainstothetrustrelationshipsthatadministratorsmustmanuallyestablishbetweenthem.Inaddition,becauseeachdomainmustbemaintainedindividually,theaccountadministrationprocessiscomplicatedenormously.SincetheoriginalWindowsNT3.1releasein1993,Microsoftpromisedtodeliveramorerobustdirectoryservicebettersuitedforuseonlargenetworks,andfinallyMicrosoftaccomplishedthetaskinWindows2000withActiveDirectory.
ActiveDirectory(AD)isanobject-oriented,hierarchical,distributeddirectoryservicesdatabasesystemthatprovidesacentralstorehouseforinformationaboutthehardware,software,andhumanresourcesofanentireenterprisenetwork.BasedonthegeneralprinciplesoftheX.500globaldirectorystandards,networkusersarerepresentedbyobjectsintheActiveDirectorytree.Administratorscanusethoseobjectstograntusersaccesstoresourcesanywhereonthenetwork,whicharealsorepresentedbyobjectsinthetree.Unlikeaflat,domain-basedstructureforadirectory,ActiveDirectoryexpandsthestructureintomultiplelevels.ThefundamentalunitoforganizationintheActiveDirectorydatabaseisstillthedomain,butagroupofdomainscannowbeconsolidatedintoatree,andagroupoftreescanbeconsolidatedintoaforest.Administratorscanmanagemultipledomainssimultaneouslybymanipulatingthetreeandcanmanagemultipletreessimultaneouslybymanipulatingaforest.
Adirectoryserviceisnotonlyadatabaseforthestorageofinformation,however.Italsoincludestheservicesthatmakethatinformationavailabletousers,applications,andotherservices.ActiveDirectoryincludesaglobalcatalogthatmakesitpossibletosearchtheentiredirectoryforparticularobjectsusingthevalueofaparticularattribute.Applicationscanusethedirectorytocontrolaccesstonetworkresources,andotherdirectoryservicescaninteractwithADusingastandardizedinterfaceandtheLightweightDirectoryAccessProtocol(LDAP).
ActiveDirectoryArchitectureActiveDirectoryiscomposedofobjects,whichrepresentthevariousresourcesonanetwork,suchasusers,usergroups,servers,printers,andapplications.Anobjectisacollectionofattributesthatdefinetheresource,giveitaname,listitscapabilities,andspecifywhoshouldbepermittedtouseit.Someofanobject’sattributesareassignedautomaticallywhenthey’recreated,suchasthegloballyuniqueidentifier(GUID)assignedtoeachone,whileothersaresuppliedbythenetworkadministrator.Auserobject,forexample,hasattributesthatstoreinformationabouttheuseritrepresents,suchasanaccountname,password,telephonenumber,ande-mailaddress.Attributesalsocontaininformationabouttheotherobjectswithwhichtheuserinteracts,suchasthegroupsofwhichtheuserisamember.Therearemanydifferenttypesofobjects,eachofwhichhasdifferentattributes,dependingonitsfunctions.
![Page 437: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/437.jpg)
ActiveDirectoryprovidesadministratorsanduserswithaglobalviewofthenetwork.EarlierWindowsNTdirectoryservicescouldusemultipledomains,butinsteadofmanagingtheusersofeachdomainseparately,forexample,asinWindowsNT4.0,ADadministratorscreateasingleobjectforeachuserandcanuseittograntthatuseraccesstoresourcesinanydomain.
Eachtypeofobjectisdefinedbyanobjectclassstoredinthedirectoryschema.Theschemaspecifiestheattributesthateachobjectmusthave,theoptionalattributesitmayhave,thetypeofdataassociatedwitheachattribute,andtheobject’splaceinthedirectorytree.TheschemaarethemselvesstoredasobjectsinActiveDirectory,calledclassschemaobjectsandattributeschemaobjects.Aclassschemaobjectcontainsreferencestotheattributeschemaobjectsthattogetherformtheobjectclass.Thisway,anattributeisdefinedonlyonce,althoughitcanbeusedinmanydifferentobjectclasses.
TheschemaisextensiblesothatapplicationsandservicesdevelopedbyMicrosoftorthirdpartiescancreatenewobjectclassesoraddnewattributestoexistingobjectclasses.ThisenablesapplicationstouseActiveDirectorytostoreinformationspecifictotheirfunctionsandprovidethatinformationtootherapplicationsasneeded.Forexample,ratherthanmaintainitsowndirectory,ane-mailserverapplicationsuchasMicrosoftExchangecanmodifytheActiveDirectoryschemasothatitcanuseADtoauthenticateusersandstoretheire-mailinformation.
ObjectTypesTherearetwobasictypesofobjectsinActiveDirectory,calledcontainerobjectsandleafobjects.Acontainerobjectissimplyanobjectthatstoresotherobjects,whilealeafobjectstandsaloneandcannotstoreotherobjects.Containerobjectsessentiallyfunctionasthebranchesofthetree,andleafobjectsgrowoffofthebranches.ActiveDirectoryusescontainerobjectscalledorganizationalunits(OUs)tostoreotherobjects.Containerscanstoreothercontainersorleafobjects,suchasusersandcomputers.Theguidingruleofdirectorytreedesignisthatrightsandpermissionsflowdownwardthroughthetree.Assigningapermissiontoacontainerobjectmeansthat,bydefault,alloftheobjectsinthecontainerinheritthatpermission.Thisenablesadministratorstocontrolaccesstonetworkresourcesbyassigningrightsandpermissionstoasinglecontainerratherthantomanyindividualusers.
Bydefault,anActiveDirectorytreeiscomposedofobjectsthatrepresenttheusersandcomputersonthenetwork,thelogicalentitiesusedtoorganizethem,andthefoldersandprinterstheyregularlyaccess.Theseobjects,theirfunctions,andtheiconsusedtorepresentthemintoolssuchasActiveDirectoryUsersandComputersarelistedinTable18-1.
![Page 438: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/438.jpg)
Table18-1SomeActiveDirectoryObjectTypes
ObjectNamingEveryobjectintheActiveDirectorydatabaseisuniquelyidentifiedbyanamethatcanbeexpressedinseveralforms.ThenamingconventionsarebasedontheLightweightDirectoryAccessProtocol(LDAP)standarddefinedinRFC2251,publishedbytheInternetEngineeringTaskForce(IETF).Thedistinguishedname(DN)ofanobjectconsistsofthenameofthedomaininwhichtheobjectislocated,plusthepathdownthedomaintreethroughthecontainerobjectstotheobjectitself.Thepartofanobject’snamethatisstoredintheobjectiscalleditsrelativedistinguishedname(RDN).
NOTETheLightweightDirectoryAccessProtocolisanadaptationoftheDirectoryAccessProtocol(DAP)designedforusebyX.500directories.ActiveDirectorydomaincontrollersandseveralotherdirectoryservicesuseLDAPtocommunicatewitheachother.
Byspecifyingthenameoftheobjectandthenamesofitsparentcontainersuptotherootofthedomain,theobjectisuniquelyidentifiedwithinthedomain,eveniftheobjecthasthesamenameasanotherobjectinadifferentcontainer.Thus,ifyouhavetwousers,calledJohnDoeandJaneDoe,youcanusetheRDNjdoeforbothofthem.Aslongastheyarelocatedindifferentcontainers,theywillhavedifferentDNs.
CanonicalNamesMostActiveDirectoryapplicationsrefertoobjectsusingtheircanonicalnames.AcanonicalnameisaDNinwhichthedomainnamecomesfirst,followedbythenamesoftheobject’sparentcontainersworkingdownfromtherootofthedomainandseparatedbyforwardslashes,followedbytheobject’sRDN,asfollows:mgh.com/sales/inside/jdoe
![Page 439: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/439.jpg)
Inthisexample,jdoeisauserobjectintheinsidecontainer,whichisinthesalescontainer,whichisinthemgh.comdomain.
LDAPNotationThesameDNcanalsobeexpressedinLDAPnotation,whichwouldappearasfollows:cn=jdoe,ou=inside,ou=sales,dc=mgh,dc=com
Thisnotationreversestheorderoftheobjectnames,startingwiththeRDNontheleftandthedomainnameontheright.TheelementsareseparatedbycommasandincludetheLDAPabbreviationsthatdefineeachtypeofelement.Theseabbreviationsareasfollows:
•cnCommonname
•ouOrganizationalunit
•dcDomaincomponent
Inmostcases,LDAPnamesdonotincludetheabbreviations,andtheycanbeomittedwithoutalteringtheuniquenessorthefunctionalityofthename.ItisalsopossibletoexpressanLDAPnameinaURLformat,asdefinedinRFC1959,whichappearsasfollows:ldap://cz1.mgh.com/cn=jdoe,ou=inside,ou=sales,dc=mgh,dc=com
Thisformatdiffersinthatthenameofaserverhostingthedirectoryservicemustappearimmediatelyfollowingtheldap://identifier,followedbythesameLDAPnameasshownearlier.ThisnotationenablesuserstoaccessActiveDirectoryinformationusingastandardwebbrowser.
GloballyUniqueIdentifiersInadditiontoitsDN,everyobjectinthetreehasagloballyuniqueidentifier(GUID),whichisa128-bitnumberthatisautomaticallyassignedbytheDirectorySystemAgentwhentheobjectiscreated.UnliketheDN,whichchangesifyoumovetheobjecttoadifferentcontainerorrenameit,theGUIDispermanentandservesastheultimateidentifierforanobject.
UserPrincipalNamesDistinguishednamesareusedbyapplicationsandserviceswhentheycommunicatewithActiveDirectory,buttheyarenoteasyforuserstounderstand,type,orremember.Therefore,eachuserobjecthasauserprinciplename(UPN)thatconsistsofausernameandasuffix,separatedbyan@symbol,justlikethestandardInternete-mailaddressformatdefinedinRFC822.Thisnameprovidesuserswithasimplifiedidentityonthenetworkandinsulatesthemfromtheneedtoknowtheirplaceinthedomaintreehierarchy.
Inmostcases,theusernamepartoftheUPNistheuserobject’sRDN,andthesuffixistheDNSnameofthedomaininwhichtheuserobjectislocated.However,ifyournetworkconsistsofmultipledomains,youcanopttouseasingledomainnameasthesuffixforallofyourusers’UPNs.Thisway,theUPNcanremainunchangedevenifyou
![Page 440: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/440.jpg)
movetheuserobjecttoadifferentdomain.
TheUPNisaninternalnamethatisusedonlyontheWindows2000network,soitdoesn’thavetoconformtotheuser’sInternete-mailaddress.However,usingyournetwork’se-maildomainnameasthesuffixisagoodideasothatusershavetorememberonlyoneaddressforaccessinge-mailandloggingontothenetwork.
NOTEYoucanusetheActiveDirectoryDomainsandTrustsconsoletospecifyalternativeUPNsuffixessothatallofyouruserscanlogontothenetworkusingthesamesuffix.
Domains,Trees,andForestsWindowshasalwaysbaseditsnetworkingparadigmondomains,andallbutsmallnetworksrequiremultipledomainstosupporttheirusers.ActiveDirectorymakesiteasiertomanagemultipledomainsbycombiningthemintolargerunitscalledtreesandforests.WhenyoucreateanewActiveDirectorydatabasebypromotingaservertodomaincontroller,youcreatethefirstdomaininthefirsttreeofanewforest.Ifyoucreateadditionaldomainsinthesametree,theyallsharethesameschema,configuration,andglobalcatalogserver(GCS,amasterlistdirectoryofActiveDirectoryobjectsthatprovidesuserswithanoverallviewoftheentiredirectory)andareconnectedbytransitivetrustrelationships.
Trustrelationshipsarehowdomainsinteractwitheachothertoprovideaunifiednetworkdirectory.IfDomainAtrustsDomainB,theusersinDomainBcanaccesstheresourcesinDomainA.InWindowsNTdomains,trustrelationshipsoperateinonedirectiononlyandmustbeexplicitlycreatedbynetworkadministrators.Ifyouwanttocreateafullnetworkoftrustsbetweenthreedomains,forexample,youmustcreatesixseparatetrustrelationshipssothateachdomaintrustseveryotherdomain.ActiveDirectoryautomaticallycreatestrustrelationshipsbetweendomainsinthesametree.Thesetrustrelationshipsflowinbothdirections,areauthenticatedusingtheKerberossecurityprotocol,andaretransitive,meaningthatifDomainAtrustsDomainBandDomainBtrustsDomainC,thenDomainAautomaticallytrustsDomainC.Atree,therefore,isasingleadministrativeunitthatencompassesanumberofdomains.Theadministrativenightmareofmanuallycreatingtrustrelationshipsbetweenlargenumbersofdomainsisdiminished,andusersareabletoaccessresourcesonotherdomains.
Thedomainsinatreeshareacontiguousnamespace.UnlikeaWindowsNTdomain,whichhasasingle,flatname,anActiveDirectorydomainhasahierarchicalnamethatisbasedontheDNSnamespace,suchasmycorp.com.Sharingacontiguousnamespacemeansthatifthefirstdomaininatreeisgiventhenamemycorp.com,thesubsequentdomainsinthattreewillhavenamesthatbuildontheparentdomain’sname,suchassales.mycorp.comandmis.mycorp.com(seeFigure18-1).
![Page 441: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/441.jpg)
Figure18-1ActiveDirectoryparentandchilddomains
Theparent-childrelationshipsinthedomainhierarchyarelimitedsolelytothesharingofanamespaceandthetrustrelationshipsbetweenthem.Unlikethecontainerhierarchywithinadomain,rightsandpermissionsdonotflowdownthetreefromdomaintodomain.
Inmostcases,asingletreeissufficientforanetworkofalmostanysize.However,itispossibletocreatemultipletreesandjointheminaunitknownasaforest.Allofthedomainsinaforest,includingthoseinseparatetrees,sharethesameschema,configuration,andGCS.Everydomaininaforesthasatransitivetrustrelationshipwiththeotherdomains,regardlessofthetreestheyarein.Theonlydifferencebetweenthetreesinaforestisthattheyhaveseparatenamespaces.Eachtreehasitsownrootdomainandchilddomainsthatbuildoffofitsname.Thefirstdomaincreatedinaforestisknownastheforestrootdomain.
Themostcommonreasonforhavingmultipletreesisthemergingoftwoorganizations,bothofwhichalreadyhaveestablisheddomainnamesthatcannotbereadilyassimilatedintoonetree.Usersareabletoaccessresourcesinothertreesbecausethetrustrelationshipsbetweendomainsindifferenttreesarethesameasthosewithinasingletree.Itisalsopossibletocreatemultipleforestsonyournetwork,buttheneedforthisisrare.
Differentforestsdonotsharethesameschema,configuration,andGCS,noraretrustrelationshipsautomaticallycreatedbetweenforests.Itispossibletomanuallycreateunidirectionaltrustsbetweendomainsindifferentforests,justasyouwouldonaWindowsNTnetwork.Inmostcases,though,theprimaryreasonforcreatingmultipleforestsistocompletelyisolatetwoareasofthenetworkandpreventinteractionbetweenthem.
DNSandActiveDirectoryWindowsNTisbasedonNetBIOSandusesaNetBIOSnameservercalledWindowsInternetNamingService(WINS)tolocatecomputersonthenetworkandresolvetheirnamesintoIPaddresses.TheprimarylimitationofNetBIOSandWINSisthattheyuseaflatnamespace,whereasActiveDirectory’snamespaceishierarchical.TheADnamespaceisbasedonthatoftheDomainNameSystem(DNS),sothedirectoryusesDNSserversinsteadofWINStoresolvenamesandlocatedomaincontrollers.YoumusthaveatleastoneDNSserverrunningonyournetworkinorderforActiveDirectorytofunction
![Page 442: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/442.jpg)
properly.
ThedomainsinActiveDirectoryarenamedusingstandardDNSdomainnames,whichmayormaynotbethesameasthenamesyourorganizationusesontheInternet.If,forexample,youhavealreadyregisteredthedomainnamemycorp.comforusewithyourInternetservers,youcanchoosetousethatsamenameastheparentdomaininyourADtreeorcreateanewnameforinternaluse.Thenewnamedoesn’thavetoberegisteredforInternetuse,becauseitsusewillbelimitedtoyourWindows2000networkonly.
DNSisbasedonresourcerecords(RRs)thatcontaininformationaboutspecificmachinesonthenetwork.Traditionally,administratorsmustcreatetheserecordsmanually,butonaWindowsnetwork,thiscausesproblems.Thetaskofmanuallycreatingrecordsforhundredsofcomputersislonganddifficult,anditiscompoundedbytheuseoftheDynamicHostConfigurationProtocol(DHCP)toautomaticallyassignIPaddressestonetworksystems.BecausetheIPaddressesonDHCP-managedsystemscanchange,theremustbeawayfortheDNSrecordstobeupdatedtoreflectthosechanges.
TheMicrosoftDNSserversupportsdynamicDNS(DDNS),whichworkstogetherwithMicrosoftDHCPServertodynamicallyupdatetheresourcerecordsforspecificsystemsastheirIPaddresseschange.
GlobalCatalogServerTosupportlargeenterprisenetworks,ActiveDirectorycanbebothpartitionedandreplicated,meaningthatthedirectorycanbesplitintosectionsstoredondifferentservers,andcopiesofeachsectioncanbemaintainedonseparateservers.Splittingupthedirectoryinthisway,however,makesitmoredifficultforapplicationstolocatespecificinformation.Therefore,ActiveDirectorymaintainstheglobalcatalog,whichprovidesanoverallpictureofthedirectorystructure.WhileadomaincontrollercontainstheActiveDirectoryinformationforonedomainonly,theglobalcatalogisareplicaoftheentireActiveDirectory,exceptthatitincludesonlytheessentialattributesofeachobject,knownasbindingdata.
Becausetheglobalcatalogconsistsofasubstantiallysmalleramountofdatathantheentiredirectory,itcanbestoredonasingleserverandaccessedmorequicklybyusersandapplications.TheglobalcatalogmakesiteasyforapplicationstosearchforspecificobjectsinActiveDirectoryusinganyoftheattributesincludedinthebindingdata.
DeployingActiveDirectoryAllofthearchitecturalelementsofActiveDirectorythathavebeendescribedthusfar,suchasdomains,trees,andforests,arelogicalcomponentsthatdonotnecessarilyhaveanyeffectonthephysicalnetwork.Inmostcases,networkadministratorscreatedomains,trees,andforestsbasedonthepoliticaldivisionswithinanorganization,suchasworkgroupsanddepartments,althoughgeographicalelementscancomeintoplayaswell.Physically,however,anActiveDirectoryinstallationismanifestedasacollectionofdomaincontrollers,splitintosubdivisionscalledsites.
![Page 443: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/443.jpg)
CreatingDomainControllersAdomaincontroller(DC)isasystemthathostsallorpartoftheActiveDirectorydatabaseandprovidestheservicestotherestofthenetworkthroughwhichapplicationsaccessthatdatabase.Whenauserlogsontothenetworkorrequestsaccesstoaspecificnetworkresource,theworkstationcontactsadomaincontroller,whichauthenticatestheuserandgrantsaccesstothenetwork.
ActiveDirectoryhasonlyonetypeofdomaincontroller.Wheninstallingaserver,youhavetospecifywhetheritshouldbeaprimarydomaincontroller(PDC),abackupdomaincontroller(BDC),oramemberserver.Onceasystemisinstalledasadomaincontrollerforaspecificdomain,thereisnowaytomoveittoanotherdomainorchangeitbacktoamemberserver.AllWindowsserversstartoutasstand-aloneormemberservers;youcanthenpromotethemtodomaincontrollersandlaterdemotethembacktomemberservers.ActiveDirectoryhasnoPDCsorBDCs;alldomaincontrollersfunctionaspeers.
AserverthatistofunctionasadomaincontrollermusthaveatleastoneNTFS5.0drivetoholdtheActiveDirectorydatabase,logfiles,andthesystemvolume,anditmusthaveaccesstoaDNSserverthatsupportstheSRVresourcerecordand(optionally)dynamicupdates.IfthecomputercannotlocateaDNSserverthatprovidesthesefeatures,itofferstoinstallandconfiguretheMicrosoftDNSServersoftwareontheWindowssystem.
DirectoryReplicationEverydomainonyournetworkshouldberepresentedbyatleasttwodomaincontrollersforreasonsoffaulttolerance.OnceyournetworkisreliantonActiveDirectoryforauthenticationandotherservices,inaccessibledomaincontrollerswouldbeamajorproblem.Therefore,eachdomainshouldbereplicatedonatleasttwodomaincontrollerssothatoneisalwaysavailable.Directoryservicereplicationisnothingnew,butActiveDirectoryreplicatesitsdomaindatadifferentlyfromWindowsNT.
WindowsNTdomainsarereplicatedusingatechniquecalledsinglemasterreplication,inwhichasinglePDCwithread-writecapabilitiesreplicatesitsdatatooneormoreBDCsthatareread-only.Inthismethod,replicationtrafficalwaystravelsinonedirection,fromthePDCtotheBDCs.IfthePDCfails,oneoftheBDCscanbepromotedtoPDC.ThedrawbackofthisarrangementisthatchangestothedirectorycanbemadeonlytothePDC.Whenanadministratorcreatesanewuseraccountormodifiesanexistingone,forexample,theUserManagerforDomainsutilitymustcommunicatewiththePDC,evenifitislocatedatadistantsiteconnectedbyaslowWANlink.
ActiveDirectoryusesmultiplemasterreplication,whichenablesadministratorstomakechangesonanyofadomain’sreplicas.ThisiswhytherearenolongerPDCsorBDCs.Theuseofmultiplemastersmakesthereplicationprocessfarmoredifficult,however.Insteadofsimplycopyingthedirectorydatafromonedomaincontrollertoanother,theinformationoneachdomaincontrollermustbecomparedwiththatonalloftheotherssothatthechangesmadetoeachreplicaarepropagatedtoeveryotherreplica.Inaddition,it’spossiblefortwoadministratorstomodifythesameattributeofthesameobjectontwodifferentreplicasatvirtuallythesametime.Thereplicationprocessmustbe
![Page 444: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/444.jpg)
abletoreconcileconflictsliketheseandseetoitthateachreplicacontainsthemostup-to-dateinformation.
MultimasterDataSynchronizationSomedirectoryservices,suchasNDS,basetheirdatasynchronizationalgorithmsontimestampsassignedtoeachdatabasemodification.Whicheverchangehasthelatertimestampistheonethatbecomesoperativewhenthereplicationprocessiscompleted.Theproblemwiththismethodisthattheuseoftimestampsrequirestheclocksonallofthenetwork’sdomaincontrollerstobepreciselysynchronized,whichisdifficulttoarrange.TheActiveDirectoryreplicationprocessreliesontimestampsinonlycertainsituations.Instead,ADusesupdatesequencenumbers(USNs),whichare64-bitvaluesassignedtoallmodificationswrittentothedirectory.Wheneveranattributechanges,thedomaincontrollerincrementstheUSNandstoresitwiththeattribute,whetherthechangeresultsfromdirectactionbyanadministratororreplicationtrafficreceivedfromanotherdomaincontroller.
Theonlyproblemwiththismethodiswhenthesameattributeismodifiedontwodifferentdomaincontrollers.IfanadministratorchangesthevalueofaspecificattributeonServerBbeforeachangemadetothesameattributeonServerAisfullypropagatedtoallofthereplicas,thenacollisionissaidtohaveoccurred.Toresolvethecollision,thedomaincontrollersusepropertyversionnumberstodeterminewhichvalueshouldtakeprecedence.UnlikeUSNs,whichareasinglenumericalsequencemaintainedseparatelybyeachdomaincontroller,thereisonlyonepropertyversionnumberforeachobjectattribute.
Whenadomaincontrollermodifiesanattributeasaresultofdirectactionbyanetworkadministrator,itincrementsthepropertyversionnumber.However,whenadomaincontrollerreceivesanattributemodificationinthereplicationtrafficfromanotherdomaincontroller,itdoesnotmodifythepropertyversionnumber.Adomaincontrollerdetectscollisionsbycomparingtheattributevaluesandpropertyversionnumbersreceivedduringareplicationeventwiththosestoredinitsowndatabase.Ifanattributearrivingfromanotherdomaincontrollerhasthesamepropertyversionnumberasthelocalcopyofthatattributebutthevaluesdon’tmatch,acollisionhasoccurred.Inthiscase,andonlyinthiscase,thesystemusesthetimestampsincludedwitheachoftheattributestodeterminewhichvalueisnewerandshouldtakeprecedenceovertheother.
SitesAsingledomaincanhaveanynumberofdomaincontrollers,allofwhichcontainthesameinformation,thankstotheADreplicationsystem.Inadditiontoprovidingfaulttolerance,youcancreateadditionaldomaincontrollerstoprovideuserswithlocalaccesstothedirectory.InanorganizationwithofficesinmultiplelocationsconnectedbyWANlinks,itwouldbeimpracticaltohaveonlyoneortwodomaincontrollersbecauseworkstationswouldhavetocommunicatewiththeADdatabaseoverarelativelyslow,expensiveWANconnection.Therefore,administratorsoftencreateadomaincontrollerateachlocationwherethereareresourcesinthedomain.
TherelativelyslowspeedoftheaverageWANconnectionalsoaffectsthereplication
![Page 445: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/445.jpg)
processbetweendomaincontrollers,andforthisreason,ActiveDirectorycanbreakupadomainintosites.Asiteisacollectionofdomaincontrollersthatareassumedtobewellconnected,meaningthatallofthesystemsareconnectedusingthesamerelativelyhigh-speedLANtechnology.TheconnectionsbetweensitesareassumedtobeWANsthatareslowerandpossiblymoreexpensive.
Theactualspeedoftheintrasiteandintersiteconnectionsisnotanissue.Theissueistherelativespeedbetweenthedomaincontrollersatthesamesiteandthoseatdifferentsites.ThereasonfordividingadomainintologicalunitsthatreflectthephysicallayoutofthenetworkistocontrolthereplicationtrafficthatpassesovertheslowerWANlinks.ActiveDirectoryalsousessitestodeterminewhichdomaincontrolleraworkstationshouldaccesswhenauthenticatingauser.Wheneverpossible,authenticationproceduresuseadomaincontrollerlocatedonthesamesite.
IntrasiteReplicationThereplicationofdatabetweendomaincontrollerslocatedatthesamesiteiscompletelyautomaticandself-regulating.AcomponentcalledtheKnowledgeConsistencyChecker(KCC)dynamicallycreatesconnectionsbetweenthedomaincontrollersasneededtocreateareplicationtopologythatminimizeslatency.Latencyistheperiodoftimeduringwhichtheinformationstoredonthedomaincontrollersforasingledomainisdifferent—thatis,theintervalbetweenthemodificationofanattributeononedomaincontrollerandthepropagationofthatchangetotheotherdomaincontrollers.TheKCCtriggersareplicationeventwheneverachangeismadetotheADdatabaseonanyofthesite’sreplicas.
TheKCCmaintainsatleasttwoconnectionstoeachdomaincontrolleratthesite.Thisway,ifacontrollergoesoffline,replicationbetweenalloftheotherdomaincontrollersisstillpossible.TheKCCmaycreateadditionalconnectionstomaintaintimelycontactbetweentheremainingdomaincontrollerswhilethesystemisunavailableandthenremovethemwhenthesystemcomesbackonline.Inthesameway,ifyouaddanewdomaincontroller,theKCCmodifiesthereplicationtopologytoincludeitinthedatasynchronizationprocess.Asarule,theKCCcreatesareplicationtopologyinwhicheachdomaincontrollerisnomorethanthreehopsawayfromanyotherdomaincontroller.Becausethedomaincontrollersarealllocatedonthesamesite,theyareassumedtobewellconnected,andtheKCCiswillingtoexpendnetworkbandwidthintheinterestofreplicationspeed.Allupdatesaretransmittedinuncompressedformbecauseeventhoughthisrequiresthetransmissionofmoredata,itminimizestheamountofprocessingneededateachdomaincontroller.
Replicationoccursprimarilywithindomains,butwhenmultipledomainsarelocatedatthesamesite,theKCCalsocreatesconnectionsbetweentheglobalcatalogserversforeachdomainsothattheycanexchangeinformationandcreateareplicaoftheentireActiveDirectorycontainingthesubsetofattributesthatformthebindingdata.
IntersiteReplicationBydefault,adomainconsistsofasinglesite,calledDefault-First-Site-Name,andanyadditionaldomainsyoucreateareplacedwithinthatsite.Youcan,however,usethe
![Page 446: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/446.jpg)
ActiveDirectorySitesandServicesconsoletocreateadditionalsitesandmovedomainsintothem.Justaswithdomainsinthesamesite,ActiveDirectorycreatesareplicationtopologybetweendomainsindifferentsites,butwithseveralkeydifferences.
BecausetheWANlinksbetweensitesareassumedtobeslower,ActiveDirectoryattemptstominimizetheamountofreplicationtrafficthatpassesbetweenthem.First,therearefewerconnectionsbetweendomaincontrollersatdifferentsitesthanwithasite;thethree-hopruleisnotobservedfortheintersitereplicationtopology.Second,allreplicationdatatransmittedoverintersiteconnectionsiscompressedtominimizetheamountofbandwidthutilizedbythereplicationprocess.Finally,replicationeventsbetweensitesarenotautomaticallytriggeredbymodificationstotheActiveDirectorydatabase.Instead,replicationcanbescheduledtooccuratspecifiedtimesandintervalstominimizetheeffectonstandardusertrafficandtotakeadvantageoflowerbandwidthcostsduringoff-hours.
MicrosoftManagementConsoleMicrosoftManagementConsole(MMC)isanapplicationthatprovidesacentralizedadministrationinterfaceformanyoftheservicesincludedinWindows,includingthoseusedtomanageActiveDirectory.Windowsreliesonseparatemanagementapplicationsformanyofitsservices,suchastheDHCPManager,WINSManager,andDiskAdministrator.Windowsconsolidatesalloftheseapplications,andmanyothers,intoMMC.MostofthesystemadministrationtasksfortheoperatingsystemarenowperformedthroughMMC.
MMChasnoadministrativecapabilitiesofitsown;itis,essentially,ashellforapplicationmodulescalledsnap-insthatprovidetheadministrativefunctionsformanyofWindows’applicationsandservices.Snap-instaketheformoffileswithan.mscextensionthatyouloadeitherfromthecommandlineorinteractivelythroughtheMMCmenus.Windowssuppliessnap-infilesforallofitstools,buttheinterfaceisdesignedsothatthird-partysoftwaredeveloperscanusetheMMCarchitecturetocreateadministrationtoolsfortheirownapplications.
MMCcanloadmultiplesnap-inssimultaneouslyusingtheWindowsmultiple-documentinterface(MDI).Youcanusethiscapabilitytocreateacustomizedmanagementinterfacecontainingallofthesnap-insyouuseonaregularbasis.WhenyourunMMC(bylaunchingtheMmc.exefilefromtheRundialogbox)andselectConsole|New,yougetanemptyConsoleRootwindow.ByselectingConsole|Add/RemoveSnap-in,youcanbuildalistoftheinstalledsnap-insandloadselectedonesintotheconsole.Thevarioussnap-insappearinanexpandable,Explorer-likedisplayintheleftpaneofMMC’smainscreen,asshowninFigure18-2.
![Page 447: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/447.jpg)
Figure18-2Workingwithsnap-insinWindows7
NOTEInWindows8or8.1,locatetheWindowsSystemsappandchooseRun.
ManyofWindow’sadministrativetools,suchasActiveDirectorySitesandServices,areactuallypreconfiguredMMCconsoles.SelectingComputerManagementfromthePrograms/AdministrativeToolsgroupintheStartmenudisplaysaconsolethatcontainsacollectionofthebasicadministrationtoolsforaWindowssystem.Bydefault,theComputerManagementconsoleadministersthelocalsystem,butyoucanuseallofitstoolstomanagearemotenetworksystembyselectingAction|ConnectToAnotherComputer.
CreatingandConfiguringSitesSplittinganetworkintositeshasnoeffectonthehierarchyofdomains,trees,andforeststhatyouhavecreatedtorepresentyourenterprise.However,sitesstillappearasobjectsinActiveDirectory,alongwithseveralotherobjecttypesthatyouusetoconfigureyournetwork’sreplicationtopology.TheseobjectsarevisibleonlyintheActiveDirectorySitesandServicestool.TheobjectcalledDefault-First-Site-Nameiscreatedautomaticallywhenyoupromotethefirstserveronyournetworktoadomaincontroller,alongwithaserverobjectthatappearsintheServersfolderbeneathit.Serverobjectsarealwayssubordinatetositeobjectsandrepresentthedomaincontrollersoperatingatthatsite.Asitecancontainserverobjectsfordomaincontrollersinanynumberofdomains,locatedinanytreeorforest.Youcanmoveserverobjectsbetweensitesasneeded.
Theothertwoimportantobjecttypesassociatedwithsitesandserversaresubnetandsitelinkobjects.SubnetobjectsrepresenttheparticularIPsubnetsthatyouuseatyour
![Page 448: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/448.jpg)
varioussitesandareusedtodefinetheboundariesofthesite.Whenyoucreateasubnetobject,youspecifyanetworkaddressandsubnetmask.Whenyouassociateasitewithasubnetobject,serverobjectsforanynewdomaincontrollersthatyoucreateonthatsubnetareautomaticallycreatedinthatsite.Youcanassociatemultiplesubnetobjectswithaparticularsitetocreateacompletepictureofyournetwork.
SitelinkobjectsrepresenttheWANlinksonyournetworkthatActiveDirectorywillusetocreateconnectionsbetweendomaincontrollersatdifferentsites.ActiveDirectorysupportstheuseoftheInternetProtocol(IP)andtheSimpleMailTransportProtocol(SMTP)forsitelinks,bothofwhichappearintheInter-SiteTransportsfolderinActiveDirectorySitesandServices.AnSMTPsitelinkcantaketheformofanyapplicationsyouusetosende-mailusingtheSMTPprotocol.Whenyoucreateasitelinkobject,youselectthesitesthatareconnectedbytheWANlinktheobjectrepresents.TheattributesofsitelinkobjectsincludevariousmechanismsfordeterminingwhenandhowoftenActiveDirectoryshouldusethelinktotransmitreplicationtrafficbetweensites:
•CostThecostofasitelinkcanreflecteitherthemonetarycostoftheWANtechnologyinvolvedorthecostintermsofthebandwidthneededforotherpurposes.
•ScheduleThisspecifiesthehoursofthedayduringeachdayoftheweekthatthelinkcanbeusedtocarryreplicationtraffic.
•ReplicationperiodThisspecifiestheintervalbetweenreplicationproceduresthatusethislink,subjecttothescheduledescribedpreviously.
Bydefault,ActiveDirectorycreatesanIPsitelinkobject,DEFAULTIPSITELINK,thatyoucanuseasisorcanmodifytoreflectthetypeoflinkusedtoconnectyoursites.IfallofyoursitesareconnectedbyWANlinksofthesametype,youdon’thavetocreateadditionalsitelinkobjectsbecauseasinglesetofschedulingattributesshouldbeapplicableforallofyourintersiteconnections.IfyouusevarioustypesofWANconnections,however,youcancreateaseparatesitelinkobjectforeachtypeandconfigureitsattributestoreflecthowyouwantittobeused.
ThereisanothertypeofobjectthatyoucancreateintheInter-SiteTransportscontainer,calledasitelinkbridgeobject,thatisdesignedtomakeitpossibletoroutereplicationtrafficthroughoneremotesitetoothers.Bydefault,thesitelinksyoucreatearetransitive,meaningthattheyarebridgedtogether,enablingthemtoroutereplicationtraffic.Forexample,ifyouhaveasitelinkobjectconnectingSiteAtoSiteBandanotheroneconnectingSiteBtoSiteC,thenSiteAcansendreplicationtraffictoSiteC.Ifyouwant,youcandisablethedefaultbridgingbyopeningthePropertiesdialogboxfortheIPfolderandclearingtheBridgeAllSiteLinkscheckbox.Ifyoudothis,youmustmanuallycreatesitelinkbridgeobjectsinordertoroutereplicationtrafficinthisway.Asitelinkbridgeobjectgenerallyrepresentsarouteronthenetwork.Whileasitelinkobjectgroupstwositeobjects,asitelinkbridgeobjectgroupstwositelinkobjects,makingitpossibleforreplicationtraffictoberoutedbetweenthem.
Onceyouhavecreatedobjectsrepresentingthesitesthatformyournetworkandthelinksthatconnectthem,theKCCcancreateconnectionsthatformthereplicationtopologyfortheentireinternetwork,subjecttothelimitationsimposedbythesitelink
![Page 449: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/449.jpg)
objectattributes.TheconnectionscreatedbytheKCC,bothwithinandbetweensites,appearasobjectsintheNTDSSettingscontainerbeneatheachserverobject.Aconnectionobjectisunidirectional,representingthetrafficrunningfromtheserverunderwhichtheobjectappearstothetargetserverspecifiedasanattributeoftheobject.Inmostcases,thereshouldbenoneedtomanuallycreateorconfigureconnectionobjects,butitispossibletodoso.Youcancustomizethereplicationtopologyofyournetworkbycreatingyourownconnectionsandschedulingthetimesduringwhichtheymaybeused.ManuallycreatedconnectionobjectscannotbedeletedbytheKCCtoaccommodatechangingnetworkconditions;theyremaininplaceuntilyoumanuallyremovethem.
DesigninganActiveDirectoryAswithanyenterprisedirectoryservice,theprocessofdeployingActiveDirectoryonyournetworkinvolvesmuchmorethansimplyinstallingthesoftware.Theplanningprocessis,inmanycases,morecomplicatedthantheconstructionofthedirectoryitself.Naturally,thelargeryournetwork,themorecomplicatedtheplanningprocesswillbe.YoushouldhaveaclearideaoftheformthatyourADstructurewilltakeandwhowillmaintaineachpartofitbeforeyouactuallybegintodeploydomaincontrollersandcreateobjects.
Inmanycases,theplanningprocesswillrequiresomehands-ontestingbeforeyoudeployActiveDirectoryonyourproductionnetwork.Youmaywanttosetupatestnetworkandtrysomeforestdesignsbeforeyoucommityourselftoanyoneplan.Althoughatestnetworkcan’tfullysimulatetheeffectsofhundredsofusersworkingatonce,thetimethatyouspendfamiliarizingyourselfwiththeActiveDirectorytoolsandprocedurescanonlyhelpyoulaterwhenyou’rebuildingthelivedirectoryservice.
PlanningDomains,Trees,andForestsActiveDirectoryexpandsthescopeofthedirectoryservicebytwoordersofmagnitudebyprovidingtreesandforeststhatyoucanusetoorganizemultipledomains.Inaddition,thedomainsthemselvescanbesubdividedintosmalleradministrativeentitiescalledorganizationalunits.Tousethesecapabilitieseffectively,youmustevaluateyournetworkinlightofbothitsphysicallayoutandtheneedsoftheorganizationthatitserves.
CreatingMultipleTreesInmostcases,asingletreewithoneormoredomainsissufficienttosupportanenterprisenetwork.ThemainreasonforcreatingmultipletreesisifyouhavetwoormoreexistingDNSnamespacesthatyouwanttoreflectinActiveDirectory.Forexample,acorporationthatconsistsofseveraldifferentcompaniesthatoperateindependentlycanusemultipletreestocreateaseparatenamespaceforeachcompany.Althoughtherearetransitivetrustrelationshipsbetweenallofthedomainsinatree,separatetreesareconnectedonlybytrustsbetweentheirrootdomains.
Ifyouhaveseverallevelsofchilddomainsineachtree,theprocessofaccessingaresourceinadifferenttreeinvolvesthepassingofauthenticationtrafficupfromthedomaincontainingtherequestingsystemtotherootofthetree,acrosstotherootofthe
![Page 450: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/450.jpg)
othertree,anddowntothedomaincontainingtherequestedresource.Ifthetreesoperateautonomouslyandaccessrequestsforresourcesinothertreesarerare,thismaynotbemuchofaproblem.Ifthetrustrelationshipsinadirectorydesignlikethisdocausedelaysonaregularbasis,youcanmanuallycreatewhatareknownasshortcuttrustsbetweenchilddomainslowerdowninbothtrees.
Justasyoucancreatemultipletreesinaforest,youcancreatemultipleforestsintheActiveDirectorydatabase.Scenariosinwhichtheuseofmultipleforestsisnecessaryareevenrarerthanthosecallingformultipletreesbecauseforestshavenoinherenttrustrelationshipsbetweenthematallanduseadifferentglobalcatalog,makingitmoredifficultforuserseventolocateresources.Youmaywanttouseaseparateforestforalab-basedtestnetworkorforaprojectthatyoudon’twantothernetworkuserstoknowevenexists.
![Page 451: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/451.jpg)
CHAPTER
![Page 452: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/452.jpg)
19 Linux
DevelopedasacollegeprojectbyLinusTorvaldsofSweden,theLinuxoperatingsystemhasemergedasoneofthemostpopularUnixvariants.ThischaptercoverstheadvantagesanddisadvantagesofLinux,Linuxfilesystems,andhowtoworkwithLinuxfiles.
UnderstandingLinuxWrittenintheCprogramminglanguage,LinuxusesGNUtools,whicharefreelyavailable.Likeothervariants,LinuxisavailableasafreedownloadfromtheInternetinversionsformoststandardhardwareplatformsandiscontinuallyrefinedbyanadhocgroupofprogrammerswhocommunicatemainlythroughInternetmailinglistsandnewsgroups.Becauseofitspopularity,manyLinuxmodulesandapplicationshavebeendeveloped.Oftennewfeaturesandcapabilitiesaretheresultofprogrammersadaptingtheexistingsoftwarefortheirownusesandthenpostingtheircodeforotherstouse.Astheproductincreasesinpopularity,morepeopleworkonitinthisway,andthedevelopmentprocessaccelerates.ThisactivityhasalsoledtothefragmentationoftheLinuxdevelopmentprocess.ManydifferentLinuxversionsareavailable,whicharesimilarintheirkernelfunctionsbutvaryinthefeaturestheyinclude.SomeoftheseLinuxpackagesareavailablefordownloadontheInternet,butthegrowthinthepopularityoftheoperatingsystem(OS)hasledtocommercialdistributionreleasesaswell.
NOTEGNUisanoperatingsystemannouncedin1993thatcontainstotallyfreesoftware.Accordingtowww.gnu.org,GNUstandsforGNU’sNotUnix.
LinuxDistributionsManyLinuxvariationsareavailablefreeforthedownload,andothersrequiresomesortofpaymentordonation.Table19-1showssomeoftheLinuxdistributions(oftencalleddistros)available.Theyarelistedinalphabeticorder,notinorderofpopularity.
![Page 453: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/453.jpg)
Table19-1SomeLinuxDistros
Today’sLinuxsystemsrunondevicesfromtabletsandcellphonestoworkstationsandhigh-endservers.Sincethesystemisopensource(meaningthatitisavailableforanyone),asproblemsorglitchesoccur,anyoneworldwidecanreporttheproblem,andmanypeoplewillwritecodetofixtheissueforfutureusers.AsLinuxhasmatured,somenewerusersjustwanttousetheprogram,notwritecode.Theseuserswantaprogramthattheycandownloadanduserightaway.Itisforthoseusersthatsomecompanieshavedevelopeddistributionsthatareguaranteedtowork“outofthebox.”ThesecompaniesrequirepaymentforLinuxandofferbothtechnicalsupportandwarrantiesonthedownloadedprogram.
AdvantagesandDisadvantagesofLinuxBesidesbeinganopensourcesystem,Linuxoftenrequireslessdiskspacethanmanyotheroperatingsystems.Thereareotheradvantagesaswell:
•Sincethesystemisopensource,manypeoplehavecontributedtoitsstability.
•Securityflawsareoftenfoundbeforetheybecomeanissue.
•Itsrobustadaptabilityadjuststomanysituations.
•Itiseasilycustomizableandupdatable.
•Appsareusuallyfree,andthenumberofappsisincreasing.
•Linuxisscalable,meaningitcanbeusedastheoperatingsystemforsmallitemssuchaswirelessroutersandtabletstolarge,multitieredsystemssuchasstorageclustersanddatacenters.
Opensourcealsohassomedisadvantages:
•Applicationsmaybemoredifficulttofindandlearn(althoughtodaymanyapplicationsareavailable,andsomeevenlooklikemorefamiliarWindowsprograms).Forexample,OpenOfficeandLibreOfficebothofferasetofapplicationsincludingawordprocessor,aspreadsheet,andapresentation
![Page 454: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/454.jpg)
manager.ThescreenslookmuchthesameinWindowsandLinux,asshowninFigure19-1.
Figure19-1TheOpenOfficeWriterscreenlookssimilarinbothWindowsandLinux.
•TherearemanydistributionsofLinux,soitcanbedifficulttotransferknowledgeofonedistrotoanother.
•Linuxcanbeconfusingatfirstfornewusers.
ThepopularityofLinuxhasreachedthepointatwhichitisexpandingbeyondUnix’straditionalmarketofcomputerprofessionalsandtechnicalhobbyists.Inpart,thisisbecauseofabacklashagainstMicrosoft,whichsomepeoplebelieveisclosetoholdingamonopolyonoperatingsystems.Whenyoupayfora“commercial”LinuxreleasesuchasUbuntu,youdownloadnotonlytheOSandsourcecodebutalsoavarietyofapplications,productdocumentation,andtechnicalsupport,whichareoftenlackinginthefreedownloadreleases.Otherdistributorsprovidesimilarproductsandservices,butthisdoesnotnecessarilymeanthattheseLinuxversionsarebinarycompatible.Insomecases,softwarewrittenforonedistributionwillnotrunonanotherone.
ThefreeLinuxdistributionsprovidemuchofthesamefunctionalityasthecommercialonesbutinalessconvenientpackage.Thedownloadscanbelargeandtimeconsuming,andyoumayfindyourselfinterruptingtheinstallationprocessfrequentlytotrackdownsomeessentialpieceofinformationortodownloadanadditionalmoduleyoudidn’tknowyouneeded.OneofthebiggestadvantagesofLinuxoverotherUnixvariantsisitsexcellentdriversupport.Devicedriversareanintegralpartofanyoperatingsystem,andifUnixisevergoingtobecomearivaltoWindowsinthepersonalcomputermainstream,it’sgoingtohavetorunonthesamecomputersthatrunWindows,usingthesameperipherals.ManyoftheotherUnixvariantshaverelativelylimiteddevicedriversupport.IfyouaretryingtoinstallaUnixproductonanIntel-basedcomputerwiththelatestandgreatestvideoadapter,forexample,youmaynotbeabletofindadriverthattakesfulladvantageofitscapabilities.
Devicedrivers,eventhoseincludedwithoperatingsystems,aregenerallywrittenbythedevicemanufacturer.Notsurprisingly,hardwaremanufacturersdevotemostoftheirdriverdevelopmentattentiontoWindows,withothersystemsgettingonlyperfunctorysupport,ifanyatall.ThefansofLinuxarelegion,however,andtheOS’sdevelopmentmodelhasledtheoperatingsystem’ssupporterstodeveloptheirowndriversformanyofthedevicescommonlyfoundinIntel-basedcomputers.IfyouarehavingtroublefindingappropriatedriversforyourhardwarethatrunonotherUnixvariants,youaremorelikelytohavesuccesswithLinux.
Forexample,acomputerrunningLinuxasitsOSandApacheasitswebserversoftwareisapowerfulcombinationthatiseasilyequalorsuperiortomostofthecommercialproductsonthemarket—andthesoftwareiscompletelyfree.
![Page 455: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/455.jpg)
FileSystemsForthemanycomputeruserswhoarefamiliarwiththeMicrosoftNTFSandtheolderFATfilesystem,themyriadoffilesystemsavailableinopensourceoperatingsystemscanbedaunting.Table19-2showssomeofthefilesystemsthatareavailableforLinuxusers.
Table19-2LinuxFileSystems
BitsandBytesAlldatainacomputerisacombinationofzerosandones.Eachzerooroneisdesignatedasabit.Abyteconsistsof8bits.Forexample,00110111isonebyte.Thereareanumberofotherdesignations,indicatingtheamountofstoragespaceavailableineachdesignation.Today,harddrivesaremeasuredinterabytes,whilerandomaccessmemory(RAM)iscurrentlymeasuredingigabytes.
•Akilobyteis1,024bytesshownas1KB.
•Amegabyteis1,024kilobytes,shownas1MB.
•Agigabyteis1,024megabytes,shownas1GB.
•Aterabyteis1,024gigabytes,shownas1TB.
•Apetabyteis1,024terabytes,shownas1PB.
•Aexabtyeis1,024petabytes,shownas1EB.
NOTEAnoldtechiesayingisthat4bits=1nibble.
NOTEAlegacysystemisonethatisoutdated,unsupported,orobsolete.Someorganizationsstilluseoldersystemsbecauseofsoftwareorhardwarerequirements.
![Page 456: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/456.jpg)
LinuxInstallationQuestionsBeforeyouinstallLinuxonamachine,youshouldknowtheanswerstothefollowing:
•Haveyoureadthedocumentationforthedistributionyoudownloaded?
•Willthisdistributionworkonthehardwareyouareusing?
•HowmuchRAMisavailableonthismachine?
•DoyouwanttoinstalljustaworkstationorcreateaLinuxserver?Canyoudownloadallthenecessarysoftware?
•DoyouhavetocreateaCDorDVDfromthedownloadedfile?Normally,Linuxdownloadsarein.isoformat,andmanyrequirethatyouburnthedownloadedfiletoaCDorDVDinordertoperformtheinstallation.
•Doyouunderstandhowtousean.isofile?
•IsLinuxthemainoperatingsystemoroneofseveral?
•Doyouneedtocreateanewpartitionbeforeyouinstallthesystem?
•SinceLinuxexpectstobeonanetwork,whatistheIPaddressandhostname?
BootingLinuxWhenyoubootyourLinuxcomputer,thereareseveralstepstotheprocess,asshowninFigure19-2.Intextmode,onceyourLinuxterminaldisplaystheloginpromptaswhitelettersonablackbackground,youenteryourusernameandpassword(pressingenteraftereach).
![Page 457: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/457.jpg)
Figure19-2ThebootsequenceinLinux
LoggingOutofLinuxIntextmode,enterthelogoutcommandandpressenter.
DirectoryStructure
![Page 458: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/458.jpg)
MostLinuxdistributionscontainthedirectoriesdescribedinTable19-3.
Table19-3TypicalLinuxDirectories
QuickCommandsinLinuxYoucanuseseveralcommandsinLinuxtofindyourwayaround.Table19-4listsseveralcommoncommandsandtheresultingaction.Thecommandstructureisasfollows:
Table19-4CommonLinuxCommands
commandoption(s)argument(s)
Eachwouldbeshownfromtherootprompt,suchasthis:root@username:~#command
![Page 459: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/459.jpg)
Unlikeotheroperatingsystems,Linuxcommandsarecasesensitive.
WorkingwithLinuxFilesForthosefamiliarwithWindowspathnames,thisishowyouwouldfindafile:C:\MyFolder\MyFinances\MyBudget.txt
TofindthesamefileinLinux,youwouldusethispathway:/MyFolder/MyFinances/MyBudget.txt
Youmaynoteseveraldifferencesinthetwo.First,thereisnodrivenameshown.Linuxmountstherootpartitionwhenthecomputerfirstboots.Therefore,allthefilesandfoldersarefoundat/.Second,theslashesareforwardslashesinsteadofthebackslashesinWindows.Also,inLinux,allfilesandfolderarecasesensitive,whileinWindows,casedoesnotmatter.InLinux,/School/English/essay1.txtisadifferentfilethan/School/English/Essay1.txt.
Linuxfilesystemsareoftenmorereliablethanothersystemsbecauseofseveralfactors.
JournalingInmorefamiliarfilesystems,eachfileiswrittendirectlytoalocationontheharddrive,andifthecomputershutsdownforanyreason,theinformationinthatfilemaybelostorcorrupted.Afilesystemthatjournalsfirstwritesinformationtoaspecialfilecalledajournalthatisstoredonanotherpartoftheharddrive.Thisjournalcontainsdataaboutboththefileandlocationandismucheasiertoretrieveifthereisaproblem.Atanygiventime,thissystemhasthreepossiblestates:asavedfile,ajournalreportthatshowsthefileasnotbeingsaved,orajournalfilethatshowsinconsistenciesbutcanberebuilt.
Thissystemismorereliablethansystemswritingdirectlytotheharddrive.Somesystemswritethedatatwice,whichcanpreventcorruptionandsaveafterapowerorsoftwareproblemrequirestheusertorebootthesystem.
EditingOneofthebestfeaturesofaLinux(orUnix)fileisthatitcanbeeditedwhileitisopen.Unix/Linuxfilesareindexedbynumber(calledainode)thatcontainstheattributessuchasname,permissions,location,andsoon.Whenafileisdeleted,theinodeisjustunlinkedfromthefilename.Ifotherprogramsareusingthatfile,thelinktotheoperatingsystemisstillopenandwillbeupdatedaschangesaremadetoit.
LackofFragmentationFATandNTFSsystemsdonotkeepallthepiecesoftheirfilestogetherinordertoutilizespacemoreefficiently.Whilethispracticesavedspaceinthesmallerharddrivesoftheday,itmadefordifficultieswhenitcametoperformancebecausetheprocessorwouldhavetoconnectthepartsofthefilesbeforetheycouldberun.Startingwiththeext3system,Linuxfileblocksarekepttogether.
![Page 460: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/460.jpg)
![Page 461: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/461.jpg)
CHAPTER
![Page 462: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/462.jpg)
20 Unix
Unixisamultiuser,multitaskingoperatingsystem(OS)withrootsthatdatebacktothelate1960s.Itwasdevelopedthroughoutthe1970sbyresearchersatAT&T’sBellLabs,finallyculminatinginUnixSystemVRelease1in1983.Duringthistime,andsincethen,manyotherorganizationshavebuilttheirownvariantsontheUnixformula,andnowdozensofdifferentoperatingsystemsfunctionusingthesamebasicUnixcomponents,includingbothAppleandLinux.Thiswaspossiblebecause,fromthebeginning,Unixhasbeenmoreofacollaborativeresearchprojectthanacommercialproduct.Whilesomecompaniesguardthesourcecodetotheiroperatingsystems,manyUnixdevelopersmaketheircodefreelyavailable.ThisenablesanyonewiththeappropriateskillstomodifytheOStotheirownspecifications.
Unixisnotauser-friendlyOS,norisitcommonlyfoundonthedesktopoftheaveragepersonalcomputeruser.Toitsdetractors,UnixisanoutdatedOSthatreliesprimarilyonanarchaic,character-basedinterface.Toitsproponents,however,Unixisthemostpowerful,flexible,andstableOSavailable.Asisusuallythecase,bothopinionsarecorrecttosomedegree.
YouarenotgoingtoseeracksofUnix-basedgamesandotherrecreationalsoftwareatthecomputerstoreanytimesoon,norareyoulikelytoseeofficesfullofemployeesrunningproductivityapplications,suchaswordprocessorsandspreadsheets,onUnixsystems.However,whenyouuseabrowsertoconnecttoawebsite,there’sagoodchancethattheserverhostingthesiteisrunningsomeformofUnix.Yoursmartphone,tablet,orMacusesaformofUnix.Inaddition,manyoftheverticalapplicationsdesignedforspecificindustries,suchasthoseusedwhenyoubookahotelroomorrentacar,runonUnixsystems.Inthisinstance,wearediscussingthebaseformofUnix,akatheterminalorcommandline.
Asaserveroperatingsystem,Unixhasareputationforbeingstableenoughtosupportmission-criticalapplications,portableenoughtorunonmanydifferenthardwareplatforms,andscalableenoughtosupportauserbaseofalmostanysize.AllUnixsystemsuseTransmissionControlProtocol/InternetProtocol(TCP/IP)astheirnativeprotocols,sotheyarenaturallysuitedforuseontheInternetandfornetworkingwithotheroperatingsystems.Infact,UnixsystemswereinstrumentalinthedevelopmentoftheInternetfromanexperimentindecentralized,packet-switchednetworkingtotheworldwidephenomenonitistoday.
UnixPrinciplesMorethanotheroperatingsystems,Unixisbasedonaprincipleofsimplicitythatmakesithighlyadaptabletomanydifferentneeds.ThisisnottosaythatUnixissimpletousebecausegenerallyitisn’t.Rather,itmeansthattheOSisbasedonguidingprinciplesthattreatthevariouselementsofthecomputerinasimpleandconsistentway.Forexample,aUnixsystemtreatsphysicaldevicesinthecomputer,suchastheprinter,thekeyboard,and
![Page 463: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/463.jpg)
thedisplay,inthesamewayasittreatsthefilesanddirectoriesonitsdrives.Youcancopyafiletothedisplayortoaprinterjustasyouwouldcopyittoanotherdirectoryandusethedeviceswithanyotherappropriatefile-basedtools.
AnotherfundamentalprincipleofUnixistheuseofsmall,simpletoolsthatperformspecificfunctionsandthatcaneasilyworktogetherwithothertoolstoprovidemorecomplexfunctions.Insteadoflargeapplicationswithmanybuilt-infeatures,Unixoperatingsystemsarefarmorelikelytoutilizeasmalltoolthatprovidesabasicservicetoothertools.Agoodexampleisthesortcommand,whichtakesthecontentsofatextfile,sortsitaccordingtouser-suppliedparameters,andsendstheresultstoanoutputdevice,suchasthedisplayoraprinter.Inadditiontoapplyingthecommandtoanexistingtextfile,youcanuseittosorttheoutputofothercommandsbeforedisplayingorprintingit.
Theelementthatletsyoujointoolsinthiswayiscalledapipe(|),whichenablesyoutouseonetooltoprovideinputtooracceptoutputfromanothertool.DOScanusepipestoredirectstandardinputandoutputinvariousways,butUnixincludesamuchwidervarietyoftoolsandcommandsthatcanbecombinedtoprovideelaborateandpowerfulfunctions.
Thus,Unixisbasedonrelativelysimpleelements,butitsabilitytocombinethoseelementsmakesitquitecomplex.Whilealargeapplicationattemptstoanticipatetheneedsoftheuserbycombiningitsfunctionsinvariouspredeterminedways,Unixsuppliesuserswiththetoolsthatprovidethebasicfunctionsandletsthemcombinethetoolstosuittheirownneeds.TheresultisanOSwithgreatflexibilityandextensibilitybutthatrequiresanoperatorwithmorethantheaveragecomputeruser’sskillstotakefulladvantageofit.However,theoperatorhastorememberallthecommands.
Becauseofthisguidingprinciple,Unixisinmanywaysa“programmer’soperatingsystem.”Ifatooltoperformacertaintaskisnotincluded,youusuallyhavetheresourcesavailabletofashiononeyourself.ThisisnottosaythatyouhavetobeaprogrammertouseUnix,butmanyofthetechniquesthatprogrammersusewhenwritingcodeareinstrumentaltotheuseofmultipletoolsontheUnixcommandline.
Ifallofthistalkofprogrammingandcommand-linecomputingisintimidating,beassuredthatitisquitepossibletoinstall,maintain,anduseaUnixsystemwithoutasubstantialinvestmentinlearningcommand-linesyntax.SomeoftheUnixoperatingsystemsarebeinggearedmoreandmoretotheaveragecomputeruser,withmostofthecommonsystemfunctionsavailablethroughthegraphicaluserinterface(GUI).Youcanperformmostofyourdailycomputingtasksontheseoperatingsystemswithouteverseeingacommandprompt.
ThevariousUnixoperatingsystemsarebuiltaroundbasicelementsthatarefundamentallythesame,buttheyincludevariouscollectionsoftoolsandprograms.Dependingonwhichvariantyouchooseandwhetheritisacommercialproductorafreedownload,youmayfindthattheOScomescompletewithmodulessuchaswebandDNSserversandotherprograms,oryoumayhavetoobtaintheseyourself.However,oneoftheotherprinciplesofUnixdevelopmentthathasenduredthroughtheyearsisthecustomofmakingthesourcecodeforUnixsoftwarefreelyavailabletoeveryone.TheresultofthisopensourcemovementisawealthofUnixtools,applications,andothersoftwarethatis
![Page 464: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/464.jpg)
freelyavailablefordownloadfromtheInternet.
Insomecases,programmersmodifyexistingUnixmodulesfortheirownpurposesandthenreleasethosemodificationstothepublicdomainsothattheycanbeofhelptoothers.SomeprogrammerscollaborateonUnixsoftwareprojectsassomethingofahobbyandreleasetheresultstothepublic.OneofthebestexamplesofthisistheLinuxoperatingsystem,whichwasdesignedfromthebeginningtobeafreeproductandwhichhasnowbecomeoneofthemostpopularUnixvariantsinusetoday.
UnixArchitectureBecauseUnixisavailableinsomanyvariants,Unixoperatingsystemscanrunonavarietyofhardwareplatforms.ManyoftheUnixvariantsareproprietaryversionscreatedbyspecificmanufacturerstorunontheirownhardwareplatforms.Mostofthesoftware-onlyUnixsolutionsrunonIntel-basedPCs,andsomeareavailableinversionsformultipleplatforms.
ThehardwarerequirementsforthevariousUnixplatformsvarygreatly,dependingonthefunctionsrequiredofthemachine.YoucanrunLinuxonanold386,forexample,aslongasyoudon’texpecttouseaGUIorrunaserversupportingalargenumberofusers.Today,manylargebusinessesareusingLinuxasacost-savingalternativebecauseevenmid-rangeUnixserverscancostmorethan$200,000,includinghardware.
NomatterwhathardwareaUnixsystemuses,thebasicsoftwarecomponentsarethesame(seeFigure20-1).Thekernelisthecoremodulethatinsulatestheprogramsrunningonthecomputerfromthehardware.Thekernelusesdevicedriversthatinteractwiththespecifichardwaredevicesinstalledinthecomputertoperformbasicfunctionssuchasmemorymanagement,input/output,interrupthandling,andaccesscontrol.
Figure20-1BasiccomponentsofaUnixsystem
TheUnixkernelprovidesapproximately100systemcallsthatprogramscanusetoexecutecertaintasks,suchasopeningafile,executingaprogram,andterminatinga
![Page 465: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/465.jpg)
process.However,thesystemcallscanvarywildlydependingonthevariant.Thesearethebuildingblocksthatprogrammersusetointegratehardware-relatedfunctionsintotheirapplications’morecomplextasks.ThesystemcallscanvarybetweenthedifferentUnixversionstosomeextent,particularlyinthewaythatthesysteminternalsperformthedifferentfunctions.
Abovethekernelistheshell,whichprovidestheinterfaceyouusetoissuecommandsandexecuteprograms.Theshellisacommandinterpreter,muchlikeCommand.cominDOSandCmd.exeinWindows,whichprovidesacharacter-basedcommandpromptthatyouusetointeractwiththesystem.Theshellalsofunctionsasaprogramminglanguageyoucanusetocreatescripts,whicharefunctionallysimilartooldDOSbatchfilesbutmuchmoreversatileandpowerful.
UnlikeWindows,whichlimitsyoutoasinglecommandinterpreter,Unixtraditionallyhasseveralshellsyoucanchoosefrom,withdifferentcapabilities.TheshellsthatareincludedwithparticularUnixoperatingsystemsvary,andothersareavailableasfreedownloads.Often,theselectionofashellisamatterofpersonalpreference,guidedbytheuser’spreviousexperience.Thebasiccommandsusedforfilemanagementandotherstandardsystemtasksarethesameinalloftheshells.Thedifferencesbecomemoreevidentwhenyourunmorecomplexcommandsandcreatescripts.
TheoriginalUnixshellisaprogramcalledshthatwascreatedbySteveBourneandiscommonlyknownastheBourneshell.Someoftheothercommonshellsareasfollows:
•cshKnownastheCshellandoriginallycreatedforusewithBerkeleySoftwareDistribution(BSD)Unix;utilizesasyntaxsimilartothatoftheClanguageandintroducesfeaturessuchasacommandhistorylist,jobcontrol,andaliases.ScriptswrittenfortheBourneshellusuallyneedsomemodificationtorunintheCshell.
•kshKnownastheKornshell;buildsontheBourneshellandaddselementsoftheCshell,aswellasotherimprovements.ScriptswrittenfortheBourneshellusuallycanrunintheKornshellwithoutmodification.
•bashThedefaultshellusedbyLinux;closelyrelatedtotheKornshell,withelementsoftheCshell.
Runningontopoftheshellarethecommandsthatyouusetoperformtasksonthesystem.Unixincludeshundredsofsmallprograms,usuallycalledtoolsorcommands,whichyoucancombineonthecommandlinetoperformcomplextasks.HundredsofothertoolsareavailableontheInternetthatyoucancombinewiththoseprovidedwiththeOS.Unixcommand-linetoolsareprograms,butdon’tconfusethemwiththecomplexapplicationsusedbyotheroperatingsystems,suchasWindows.Unixhasfull-blownapplicationsaswell,butitsrealpowerliesinthesesmallprograms.AddinganewtoolonaUnixsystemdoesnotrequireaninstallationprocedure;yousimplyhavetospecifytheappropriatelocationofthetoolinthefilesysteminorderfortheshelltorunit.
UnixVersionsThesheernumberofUnixvariantscanbebewilderingtoanyonetryingtofindthe
![Page 466: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/466.jpg)
appropriateoperatingsystemforaparticularapplication.However,apartfromsystemsintendedforspecialpurposes,virtuallyanyUnixOScanperformwellinavarietyofroles,andtheselectionyoumakemaybebasedmoreoneconomicfactors,hardwareplatform,orpersonaltastethanonanythingelse.If,forexample,youdecidetopurchaseproprietaryUnixworkstations,you’llbeusingtheversionoftheOSintendedforthemachine.IfyouintendtorunUnixonIntel-basedcomputers,youmightchoosetheOSbasedontheGUIthatyoufeelmostcomfortablewith,oryoumightbelookingforthebestbargainyoucanfindandlimityourselftotheversionsavailableasfreedownloads.ThefollowingsectionsdiscusssomeofthemajorUnixversionsavailable.
UnixSystemVUnixSystemVistheculminationoftheoriginalUnixworkbegunbyAT&T’sBellLabsinthe1970s.Upuntilrelease3.2,theprojectwaswhollydevelopedbyAT&T,evenwhileotherUnixworkwasongoingattheUniversityofCaliforniaatBerkeleyandotherplaces.UnixSystemVRelease4(SVR4),releasedinthelate1980s,consolidatedthebenefitsoftheSVRoperatingsystemwiththoseofBerkeley’sBSD,Sun’sSunOS,andMicrosoft’sXenix.ThisreleasebroughttogethersomeofthemostimportantelementsthatarenowindeliblyassociatedwiththenameUnix,includingnetworkingelementssuchastheTCP/IPInternetPackagefromBSD,whichincludesfiletransfer,remotelogin,andremoteprogramexecutioncapabilities,andtheNetworkFileSystem(NFS)fromSunOS.
AT&TeventuallysplititsUnixdevelopmentprojectoffintoasubsidiarycalledUnixSystemLaboratories(USL),whichreleasedSystemVRelease4.2.In1993,AT&TsoldUSLtoNovell,whichreleaseditsownversionofSVR4underthenameUnixWare.InlightofpressurefromtheothercompaniesinvolvedinUnixdevelopment,NovelltransferredtheUnixtrademarktoaconsortiumcalledX/Open,thusenablinganymanufacturertodescribeitsproductasaUnixOS.In1995,NovellsoldallofitsinterestinUnixSVR4andUnixWaretotheSantaCruzOperation(SCO),whichownsittothisday.In1997,SCOreleasedUnixSystemVRelease5(SVR5)underthenameOpenServer,aswellasversion7ofitsUnixWareproduct.ThesearethedescendantsoftheoriginalAT&Tproducts,andtheyarestillonthemarket.
BSDUnixIn1975,oneoftheoriginaldevelopersofUnix,KenThompson,tookasabbaticalattheUniversityofCaliforniaatBerkeley,andwhilethere,heportedhiscurrentUnixversiontoaPDP-11/70system.Theseedheplantedtookroot,andBerkeleybecameamajordeveloperofUnixinitsownright.BSDUnixintroducedseveralofthemajorfeaturesassociatedwithmostUnixversions,includingtheCshellandthevitexteditor.SeveralversionsofBSDUnixappearedthroughoutthe1970s,culminatingin3BSD.In1979,theU.S.DepartmentofDefense’sAdvancedResearchProjectsAgency(DARPA)fundedthedevelopmentof4BSD,whichcoincidedwiththedevelopmentandadoptionoftheTCP/IPnetworkingprotocols.FormoreinformationaboutBSDUnix,seeChapter21.
UnixNetworking
![Page 467: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/467.jpg)
Unixisapeer-to-peernetworkoperatingsystem,inthateverycomputeriscapableofbothaccessingresourcesonothersystemsandsharingitsownresources.Thesenetworkingcapabilitiestakethreebasicforms,asfollows:
•Theabilitytoopenasessiononanothermachineandexecutecommandsonitsshell
•Theabilitytoaccessthefilesystemonanothermachine,usingaservicelikeNFS
•Theabilitytorunaservice(calledadaemon)ononesystemandaccessitusingaclientonanothersystem
TheTCP/IPprotocolsareanintegralpartofallUnixoperatingsystems,andmanyoftheTCP/IPprogramsandservicesthatmaybefamiliartoyoufromworkingwiththeInternetarealsoimplementedonUnixnetworks.Forexample,UnixnetworkscanuseDNSserverstoresolvehostnamesintoIPaddressesanduseBOOTPorDHCPserverstoautomaticallyconfigureTCP/IPclients.StandardInternetservicessuchasFileTransferProtocol(FTP)andTelnethavelongbeenavitalelementofUnixnetworking,asareutilitiessuchasPingandTraceroute.
ThefollowingsectionsexaminethetypesofnetworkaccessusedonUnixsystemsandthetoolsinvolvedinimplementingthem.
UsingRemoteCommandsOneformofnetworkaccessthatisfarmorecommonlyusedonUnixthanonothernetworkoperatingsystemsistheremoteconsolesession,inwhichauserconnectstoanothercomputeronthenetworkandexecutescommandsonthatsystem.Oncetheconnectionisestablished,commandsenteredbytheuserattheclientsystemareexecutedbytheremoteserver,andtheoutputisredirectedoverthenetworkbacktotheclient’sdisplay.It’simportanttounderstandthatthisisnottheequivalentofaccessingasharednetworkdriveonaWindowscomputerandexecutingafile.Inthelattercase,theprogramrunsusingtheclientcomputer’sprocessorandmemory.WhenyouexecuteacommandonaUnixcomputerusingaremoteconsolesession,theprogramactuallyrunsontheothercomputer,usingitsresources.
BecauseUnixreliesheavilyonthecommandprompt,character-basedremotesessionsaremoreusefulthantheyareinamoregraphicallyorientedenvironmentlikethatofWindows.
BerkeleyRemoteCommandsTheBerkeleyremotecommandswereoriginallypartofBSDUnixandhavesincebeenadoptedbyvirtuallyeveryotherUnixOS.Sometimesknownasther*commands,thesetoolsareintendedprimarilyforuseonlocalareanetworks(LANs),ratherthanoverwideareanetwork(WAN)orInternetlinks.Thesecommandsenableyounotonlytoopenasessiononaremotesystembuttoperformspecifictasksonaremotesystemwithoutlogginginandwithoutworkinginteractivelywithashellprompt.
![Page 468: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/468.jpg)
rloginTherlogincommandestablishesaconnectiontoanothersystemonthenetworkandprovidesaccesstoitsshell.Onceconnected,anycommandsyouenterareexecutedbytheothercomputerusingitsprocessor,filesystem,andothercomponents.Toconnecttoanothermachineonthenetwork,youuseacommandlikethefollowing:rlogin[-lusername]hostname
wherethehostnamevariablespecifiesthenameofthesystemtowhichyouwanttoconnect.
NOTEYoucansometimesusetheIPaddressinsteadofyourhostname.Authenticationisrequiredforthetargetsystemtoestablishtheconnection,whichcan
happenusingeitherhost-leveloruser-levelsecurity.Tousehost-levelsecurity,theclientsystemmustbetrustedbytheserverbyhavingitshostnamelistedinthe/etc/host.equivfileontheserver.Whenthisisthecase,theclientlogsinwithoutausernameorpasswordbecauseitisautomaticallytrustedbytheservernomatterwho’susingthesystem.
User-levelsecurityrequirestheuseofausernameandsometimesapassword,inadditiontothehostname.Bydefault,rloginsuppliesthenameoftheusercurrentlyloggedinontheclientsystemtotheremotesystem,aswellasinformationaboutthetypeofterminalusedtoconnect,whichistakenfromthevalueoftheTERMvariable.Thenamedusermusthaveanaccountintheremotesystem’spassworddatabase,andiftheclientsystemisnottrustedbytheremotesystem,theremotesystemmaythenprompttheclientforthepasswordassociatedwiththatusername.It’salsopossibletologinusingadifferentusernamebyspecifyingitontherlogincommandlinewiththe-lswitch.
Fortheusernametobeauthenticatedbytheremotesystemwithoutusingapassword,itmustbedefinedasanequivalentuserbybeinglistedina.rhostsfilelocatedintheuser’shomedirectoryonthatsystem.The.rhostsfilecontainsalistofhostnamesandusernamesthatspecifywhetherauserworkingonaspecificmachineshouldbegrantedimmediateaccesstothecommandprompt.Dependingonthesecurityrequirementsfortheremotesystem,the.rhostsfilescanbeownedeitherbytheremoteusersthemselvesorbytherootaccountonthesystem.Addinguserstoyour.rhostsfileisasimplewayofgivingthemaccesstoyouraccountonthatmachinewithoutgivingthemthepassword.
NOTETherootaccountonaUnixcomputerisabuilt-insuperuserthathasfullaccesstotheentiresystem,muchliketheAdministratoraccountinWindowsbutevenmorepowerful(dependingontheversionofWindows).
Onceyouhavesuccessfullyestablishedaconnectiontoaremotesystem,youcanexecuteanycommandinitsshellthatyouwouldonyourlocalsystem,exceptforthosethatlaunchgraphicalapplications.Youcanalsouserloginfromtheremoteshelltoconnecttoathirdcomputer,givingyousimultaneousaccesstoallthree.Toterminatetheconnectiontoaremotesystem,youcanusetheexitcommand,presstheCTRL-Dkeycombination,ortypeatildefollowedbyaperiod(~.).
![Page 469: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/469.jpg)
rshInsomeinstances,youmaywanttoexecuteasinglecommandonaremotesystemandviewtheresultingoutputwithoutactuallyloggingin.Youcandothiswiththershcommand,usingthefollowingsyntax:rshhostnamecommand
wherethehostnamevariablespecifiesthesystemonwhichyouwanttoopenaremoteshell,andthecommandvariableisthecommandtobeexecutedontheremotesystem.Unlikerlogin,interactiveauthenticationisnotpossiblewithrsh.Forthecommandtowork,theusermusthaveeitheraproperlyconfigured.rhostsfileontheremotesystemoranentryinthe/etc/host.equivfile.Thershcommandprovidesessentiallythesamecommand-linecapabilitiesasrlogin,exceptthatitworksforonlyasinglecommandanddoesnotmaintainanopensession.
NOTEThershcommandwascalledremshonHP-UXsystems.TherearemanycasesinwhichcommandsprovidingidenticalfunctionshavedifferentnamesonvariousUnixoperatingsystems.
rcpThercpcommandisusedtocopyfilestoorfromaremotesystemacrossanetworkwithoutperforminganinteractivelogin.Thercpfunctionsmuchlikethecpcommandusedtocopyfilesonthelocalsystem,usingthefollowingsyntax:rcp[-r]sourcehost:filenamedesthost:filename
wherethesourcehost:filenamevariablespecifiesthehostnameofthesourcesystemandthenameofthefiletobecopied,andthedesthost:filenamevariablespecifiesthehostnameofthedestinationsystemandthenamethatthefileshouldbegivenonthatsystem.Youcanalsocopyentiredirectoriesbyaddingthe-rparametertothecommandandspecifyingdirectorynamesinsteadoffilenames.Aswithrsh,thereisnologinprocedure,sotousercp,eithertheclientsystemmustbetrustedbytheremotesystemortheusermustbelistedinthe.rhostsfile.
SecureShellCommandsThedownsideoftheBerkeleyremotecommandsisthattheyareinherentlyinsecure.Passwordsaretransmittedoverthenetworkincleartext,makingitpossibleforintruderstointerceptthem.Becauseofthissusceptibilitytocompromise,manyadministratorsprohibittheuseofthesecommands.Toaddressthisproblem,thereisaSecureShellprogramthatprovidesthesamefunctionsasrlogin,rsh,andrcp,butwithgreatersecurity.TheequivalentprogramsintheSecureShellarecalledslogin,ssh,andscp.Theprimarydifferencesinusingthesecommandsarethattheconnectionisauthenticatedonbothsidesandallpasswordsandotherdataaretransmittedinencryptedform.
DARPACommandsTheBerkeleyremotecommandsaredesignedforuseonlikeUnixsystems,butthe
![Page 470: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/470.jpg)
DARPAcommandsweredesignedaspartoftheTCP/IPprotocolsuiteandcanbeusedbyanytwosystemsthatsupportTCP/IP.VirtuallyallUnixoperatingsystemsincludeboththeclientandserverprogramsforTelnet,FTP,andTrivialFileTransferProtocol(TFTP)andinstallthembydefault,althoughsomeadministratorsmaychoosetodisablethemlater.
telnetThetelnetcommandissimilarinitsfunctionalitytorlogin,exceptthattelnetdoesnotsendanyinformationabouttheuserontheclientsystemtotheserver.Youmustalwayssupplyausernameandpasswordtobeauthenticated.AswithalloftheDARPAcommands,youcanuseaTelnetclienttoconnecttoanycomputerrunningaTelnetserver,evenifitisrunningadifferentversionofUnixoranon-UnixOS.Thecommandsyoucanusewhileconnected,however,arewhollydependentontheOSrunningtheTelnetserver.If,forexample,youinstallaTelnetserveronaWindowssystem,youcanconnecttoitfromaUnixclient,butonceconnected,youcanuseonlythecommandsrecognizedbyWindows.SinceWindowsisnotprimarilyacharacter-basedOS,itscommand-linecapabilitiesarerelativelylimited,unlessyouinstalloutsideprograms.
ftpTheftpcommandprovidesmorecomprehensivefiletransfercapabilitiesthanrcpandenablesaclienttoaccessthefilesystemonanycomputerrunninganFTPserver.However,insteadofaccessingfilesinplaceontheothersystem,ftpprovidesonlytheabilitytotransferfilestoandfromtheremotesystem.Forexample,youcannoteditafileonaremotesystem,butyoucandownloadittoyourownsystem,edititthere,andthenuploadthenewversiontotheoriginallocation.LikewithTelnet,usersmustauthenticatethemselvestoanFTPserverbeforetheyaregrantedaccesstothefilesystem.ManysystemsrunningFTP,suchasthoseontheInternet,supportanonymousaccess,buteventhisrequiresanauthenticationprocessofsortsinwhichtheusersuppliesthename“anonymous”andtheserverisconfiguredtoacceptanypassword.
tftpThetftpcommandusestheTrivialFileTransferProtocoltocopyfilestoorfromaremotesystem.WhereasftpreliesontheTransmissionControlProtocolatthetransportlayer,tftpusestheUserDatagramProtocol(UDP).BecauseUDPisaconnectionlessprotocol,noauthenticationbytheremotesystemisneeded.However,thislimitsthecommandtocopyingonlyfilesthatarepubliclyavailableontheremotesystem.TheTFTPprotocolwasdesignedprimarilyforusebydisklessworkstationsthathavetodownloadanexecutableoperatingsystemfilefromaserverduringthebootprocess.
NetworkFileSystemSharingfilesisanessentialpartofcomputernetworking,andUnixsystemsuseseveralmechanismstoaccessfilesonothersystemswithoutfirsttransferringthemtoalocaldrive,aswithftpandrcp.ThemostcommonlyusedofthesemechanismsistheNetworkFileSystem(NFS),whichwasdevelopedbySunMicrosystemsinthe1980sandhasnow
![Page 471: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/471.jpg)
beenstandardizedbytheInternetEngineeringTaskForce(IETF)asRFC1094(NFSVersion2)andRFC1813(NFSVersion3).ByallowingNFStobepublishedasanopenstandard,Sunmadeitpossibleforanyonetoimplementtheservice,andtheresultisthatNFSsupportisavailableforvirtuallyeveryOSinusetoday.
PracticallyeveryUnixvariantavailableincludessupportforNFS,whichmakesitpossibletosharefilesamongsystemsrunningdifferentUnixversions.Non-Unixoperatingsystems,suchasWindowsandNetWare,canalsosupportNFS,butaseparateproduct(marketedbyeitherthemanufacturerorathirdparty)isrequired.SinceWindowsandNetWarehavetheirowninternalfile-sharingmechanisms,theseotheroperatingsystemsmostlyrequireNFSonlytointegrateUnixsystemsintotheirnetworks.
NFSisaclient-serverapplicationinwhichaservermakesallorpartofitsfilesystemavailabletoclients(usingaprocesscalledexportingorsharing),andaclientaccessestheremotefilesystembymountingit,whichmakesitappearjustlikepartofthelocalfilesystem.NFSdoesnotcommunicatedirectlywiththekernelonthelocalcomputerbutratherreliesontheremoteprocedurecalls(RPC)service,alsodevelopedbySun,tohandlecommunicationswiththeremotesystem.RPChasalsobeenreleasedasanopenstandardbySunandpublishedasanIETFdocumentcalledRFC1057.ThedatatransmittedbyNFSisencodedusingamethodcalledExternalDataRepresentation(XDR),asdefinedinRFC1014.Inmostcases,theserviceusestheUDPprotocolfornetworktransportandlistensonport2049.
NFSisdesignedtokeeptheserversideoftheapplicationassimpleaspossible.NFSserversarestateless,meaningtheydonothavetomaintaininformationaboutthestateofaclienttofunctionproperly.Inotherwords,theserverdoesnotmaintaininformationaboutwhichclientshavefilesopen.Intheeventthataservercrashes,clientssimplycontinuetosendtheirrequestsuntiltheserverresponds.Ifaclientcrashes,theservercontinuestooperatenormally.Thereisnoneedforacomplicatedreconnectionsequence.Becauserepeatediterationsofthesameactivitiescanbetheconsequenceofthisstatelessness,NFSisalsodesignedtobeasidempotentaspossible,meaningthattherepeatedperformanceofthesametaskwillnothaveadeleteriouseffectontheperformanceofthesystem.NFSserversalsotakenopartintheadaptationoftheexportedfilesystemtotheclient’srequirements.Theserversuppliesfilesysteminformationinageneralizedform,anditisuptotheclienttointegrateitintoitsownfilesystemsothatapplicationscanmakeuseofit.
ThecommunicationbetweenNFSclientsandserversisbasedonaseriesofRPCproceduresdefinedintheNFSstandardandlistedinTable20-1.Thesebasicfunctionsenabletheclienttointeractwiththefilesystemontheserverinallofthewaysexpectedbyatypicalapplication.AnInternet-DraftreleasedinApril2014byIETFdescribesminorupdatestoearlierNFSversions.Thegoalofthisrevision,accordingtothedraft,isto“improveaccessandgoodperformanceontheInternet,providestrongsecurity,goodcross-platforminteroperability,andisdesignedforprotocolextensionswhichdonotcompromisebackwardcompatibility.”(Seehttp://tools.ietf.org/html/draft-ietf-nfsv4-rfc3530bis-33#section-1.1formoreinformation.)
![Page 472: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/472.jpg)
Table20-1SomeRPCProceduresinNFSVersions
OnasystemconfiguredtofunctionasanNFSserver,youcancontrolwhichpartsofthefilesystemareaccessibletoclientsbyusingcommandssuchasshareonSolarisandSVR4systemsandexportfsonLinuxandHP-UX.Usingthesecommands,youspecifywhichdirectoriesclientscanaccessandwhatdegreeofaccesstheyareprovided.Youcanchoosetoshareadirectoryonaread-onlybasis,forexample,orgrantread-writeaccess,andyoucanalsodesignatedifferentaccesspermissionsforspecificusers.
Clientsystemsaccessthedirectoriesthathavebeensharedbyaserverbyusingthemountcommandtointegratethemintothelocalfilesystem.Themountcommandspecifiesadirectorysharedbyaserver,theaccessthatclientapplicationsshouldhavetotheremotedirectory(suchasread-writeorread-only),andthemountpointfortheremotefiles.Themountpointisadirectoryonthelocalsysteminwhichthesharedfilesanddirectorieswillappear.Applicationsandcommandsrunningontheclientsystemcanreferencetheremotefilesjustasiftheywerelocatedonalocaldrive.
Client-ServerNetworking
![Page 473: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/473.jpg)
Client-servercomputingisthebasisfornetworkingonUnixsystems,asitisonmanyothercomputingplatforms.Unixisapopularapplicationserverplatformlargelybecauseitsrelativesimplicityandflexibilityenablethecomputertodevotemoreofitsresourcestowarditsprimaryfunction.OnaWindowsserver,forexample,asignificantamountofsystemresourcesaredevotedtorunningtheGUIandothersubsystemsthatmayhavelittleornothingtodowiththeserverapplicationsthatareitsprimaryfunctions.Whenyoudedicateacomputertofunctioningasawebserver,forexample,andyouwantittobeabletoserviceasmanyclientsaspossible,itmakessensetodisableallextraneousfunctions,whichissomethingthatisfareasiertodoonaUnixsystemthaninWindows.
ServerapplicationsonUnixsystemstypicallyrunasdaemons,whicharebackgroundprocessesthatruncontinuously,regardlessofthesystem’sotheractivities.TherearemanycommercialserverproductsavailableforvariousUnixversionsandalsoagreatmanythatareavailablefreeofcharge.BecausetheTCP/IPprotocolswerelargelydevelopedontheUnixplatform,UnixserversoftwareisavailableforeveryTCP/IPapplicationinexistence.
![Page 474: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/474.jpg)
CHAPTER
![Page 475: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/475.jpg)
21 OtherNetworkOperatingSystemsandNetworkingintheCloud
Additionaloperatingsystemshavebeencreatedascomputinghasevolved.Today,manyusersareturningtothecloudfornetworking(andotherservices).Astechnologyadvances,newmethodsandapproacheswilldevelop.
HistoricalSystemsIn1977,aUnix-basedoperatingsystemwasdevelopedbytheUniversityofCalifornia,Berkeley.ThissystemwasoriginallyanextensionofAT&TResearch’sUnixoperatingsystem.Eventually,BerkeleySoftwareDistribution(BSD)Unixcametobetheoperatingsystem(OS)thatmanyotherorganizationsusedasthebasisfortheirownUnixproducts,includingSunMicrosystems’SunOS.TheresultisthatmanyoftheprogramswrittenforoneBSD-basedUnixversionarebinary-compatiblewithotherversions.OncetheSVR4releaseconsolidatedthebestfeaturesofBSDandseveralotherUnixversionsintooneproduct,theBSDproductbecamelessinfluentialandculminatedinthe4.4BSDversionin1992.
AlthoughmanyoftheUnixvariantsthatarepopulartodayoweagreatdebttotheBSDdevelopmentproject,theversionsofBSDthatarestillcommonlyusedarepublicdomainoperatingsystems,suchasFreeBSD,Linux,NetBSD,andOpenBSD.AlloftheseoperatingsystemsarebasedonBerkeley’s4.4BSDreleaseandcanbedownloadedfromtheInternetfreeofchargeandusedforprivateandcommercialapplicationsatnocost.
FreeBSDFreeBSD,availableatfreebsd.org/inversionsfortheIntelandAlphaplatforms,isbasedontheBerkeley4.4BSD-Lite2releaseandisbinary-compatiblewithLinux,SCO,SVR4,andNetBSDapplications.TheFreeBSDdevelopmentprojectisdividedintotwobranches:theSTABLEbranch,whichincludesonlywell-testedbugfixesandincrementalenhancements,andtheCURRENTbranch,whichincludesallofthelatestcodeandisintendedprimarilyfordevelopers,testers,andenthusiasts.ThecurrentstableversionasofJanuary2015is10.1.
NetBSDNetBSD,availableatnetbsd.org/,isderivedfromthesamesourcesasFreeBSDbutboastsportabilityasoneofitshighestpriorities.NetBSDisavailableinformalreleasesfor15hardwareplatforms,rangingfromIntelandAlphatoMac,SPARC,andMIPSprocessors,includingthosedesignedforhandheldWindowsCEdevices.Manyotherportsareinthedevelopmentalandexperimentalstages.NetBSD’sbinarycompatibilityenablesittosupportapplicationswrittenformanyotherUnixvariants,includingBSD,FreeBSD,HP/UX,Linux,SVR4,Solaris,SunOS,andothers.Networkingcapabilitiessupported
![Page 476: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/476.jpg)
directlybythekernelincludeNFS,IPv6,networkaddresstranslation(NAT),andpacketfiltering.ThelatestversionofNetBSD,releasedinSeptember2014is6.1.5.
OpenBSDOpenBSDisavailableatopenbsd.org/;thecurrentversionis5.6,releasedinNovember2014.LiketheotherBSD-derivedoperatingsystems,OpenBSDisbinary-compatiblewithmostofitspeers,includingFreeBSD,SVR4,Solaris,SunOS,andHP/UX,anditcurrentlysupports20hardwareplatforms,includingIntel,Alpha,SPARC,PowerPC,andothers.However,thetopprioritiesofOpenBSD’sdevelopersaresecurityandcryptography.BecauseOpenBSDisanoncommercialproduct,itsdevelopersfeeltheycantakeamoreuncompromisingstanceonsecurityissuesanddisclosemoreinformationaboutsecuritythancommercialsoftwaredevelopers.Also,becauseitisdevelopedinanddistributedfromCanada,OpenBSDisnotsubjecttotheAmericanlawsthatprohibittheexportofcryptographicsoftwaretoothercountries.Thedevelopersare,therefore,morelikelytotakeacryptographicapproachtosecuritysolutionsthanareAmerican-basedcompanies.
OracleSolarisSunMicrosystems(sun.com)becameinvolvedinUnixdevelopmentintheearly1980s,whenitsoperatingsystemwasknownasSunOS.In1991,SuncreatedasubsidiarycalledSunSoftthatbeganworkonanewUnixversionbasedonSVR4,whichitcalledSolaris.PurchasedbyOraclein2010,OracleSolarisisnowacompletecloudinfrastructureoperatingsystemandbillsitselfasthe“industry’smostwidelydeployedUnixoperatingsystem”andthe“firstfullyvirtualizedoperatingsystem.”Seethenextsectiontolearnmoreaboutcloudcomputing.
OperatingintheCloudWorking“inthecloud”isnotanewconcept.WhenVannevarBushandJ.C.R.LickliderwereformulatingtheAdvancedResearchProjectsAgencyNetwork(ARPANET)inthe1960s,Lickliderenvisionedthe“IntergalacticComputerNetwork.”ApaperwrittenwithRobertW.Taylorin1968entitled“TheComputerasaCommunicationDevice”predictedthatcomputernetworkswouldbeusedforcommunication.Althoughhisideaswerenotrealizeduntiltheavailabilityofhigherbandwidthsinthe1990s,muchofwhathedescribedisusedtoday.HispaperisstillavailableatseverallocationsontheInternet,includinghttp://memex.org/licklider.pdf.
HistoryoftheCloudThetermcloudcomputinghasbeeninuseforseveraldecades.Whiletheexactoriginseemstobeunknown,acloudsymbolhaslongbeenusedtorepresenttheInternetwhencreatingcomputerdiagrams.And,theclouditselfisanetworkedgroupofserversthatcanbeaccessedovertheInternet,makingitpossibletoobtainservices,resources,andstoragefromanyworldlocationwhereanInternetconnectionisavailable.
PrecursorstotheCloud
![Page 477: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/477.jpg)
Inthe1950s,mainframecomputerswereusedforcommunicationatlargecompaniesanduniversities.Manywereincapableofprocessinginformationbutwereaccessiblefromso-calledthin-clientworkstations.Theseunitswerequitecostly,andtimeonthemwasoftenrentedtoothers;therefore,“time-sharing”becameapopularmethodofrecoupingthehighcostoftheseunits.
In1960,theDataphonewascreatedbyAT&TtoconvertdigitalcomputersignalstoanalogsignalssothedigitalsignalscouldbesentviaAT&T’slong-distancenetwork.Onlinetransactionprocessingbecameavailableovertelephonelinesin1964.CreatedbyIBMforAmericanAirlines,telephonelineslinked65citiestoIBMcomputers.
Thefirstphoto-digitalstoragesystemwascreatedbyIBMin1967andcouldreadandwriteuptoatrillionbitsofinformation.Modemsappearedin1970,andresource-sharingbecamecommonplacethankstoARPANETandseveraluniversities.E-mailfirstappearedin1971,andtheEthernetmethodwascreatedin1973.
In1975,TelenetbecamethecommercialequivalentofARPANETandlinkedcomputersinsevencities.By1979,Usenetcameintocommonusageandexistedthroughthe1990s.TransmissionControlProtocol/InternetProtocol(TCP/IP)wasadoptedin1980,andwithinafewyears,ARPANETwasdividedintotwosegments:MILNETformilitaryuseandARPANETforcivilianusage.ThisciviliansegmentbecameknownastheInternetin1995.In1989,thefirstInternetserviceproviders(ISPs)appearedinboththeUnitedStatesandAustralia.
By1990,HypertextMarkupLanguage(HTML),createdbyTimBerners-Lee,madetheWorldWideWebpossible.ThespecificationsBerners-Leedevelopedmadeitpossibleforbrowserstosendqueriestoserversandviewdocumentsonlinked,farawaysites.Shortlythereafter,thefirstcommercialwebbrowsersoftware(Mosaic)wasreleasedforseveraloperatingsystems.In1991,Berners-LeefoundedtheW3ConsortiumfordevelopmentontheWorldWideWeb.
Ascomputingpower,bandwidthavailability,andcomputersthemselvesgainedwiderusage,sometelecommunicationfirmsstartedofferingvirtualprivatenetworks(VPNs)totheirlargercustomers.Thesenetworksmadeitpossiblefordatatobeprocessedacrossapublicorsharednetworkasifthenetworkwasfunctioningasaprivatenetwork.VPNsoperateinasimilarmannertowideareanetworksandallowuserstosecurelyconnectofficesandpersonnelacrosswidelyseparatedgeographicaldistances.Table21-1showshowthecloudhasevolvedfromthemainframesofthe1950s.
![Page 478: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/478.jpg)
Table21-1ComputingThroughtheDecades
EarlyCloudProvidersWidelyacceptedasthebeginningofcloudcomputingserviceswastheSalesforce.comwebsite,whichlaunchedin1999,providingbusinessapplicationsandothercustomerrelationshipmanagement(CRM)products.Stillinbusiness,itoffersawidevarietyofsalesandmarketingproducts.
In2002,AmazonunveileditsAmazonWebServices,whichofferedstorageandcomputationservices.ItalsowasthefirstappearanceoftheAmazonMechanicalTurk,aservicethatprovidesbusinesseswithworkerswhoperformtasksthatcomputerscannotyetaccomplish.Amazon’sElasticComputeCloud(EC2)wasintroducedin2006.Thisserviceprovidescomputerrentaltimetoindividualsandsmallcompaniesonwhichtheycanruntheirownprograms.
Googlejoinedthecloudin2009whenitoffered,alongwithseveralotherservices,GoogleApps,whichissimilartowell-knowndesktopsoftwareproducts;usingGoogleApps,ausercancreatewordprocessingdocuments,spreadsheets,andpresentationsonline.Fromthere,userscansavethemtotheirowncomputeraswellasaccessthefilefromanylocationwithanInternetconnection.
BenefitsoftheCloudTherearemanybenefitsforbothbusinessandindividualswhenworkinginthecloud.Thefollowingarejustsomeofthebenefitsofthecloud:
•AccessibilityDatastoredinthecloudcanbeaccessedfromanywhere.FilescanbesharedandupdatedonanydevicethathasInternetconnectivity.Allservicescanbeusedondemandwithoutoutsideinteraction.
![Page 479: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/479.jpg)
•AffordabilityApplicationscanbeusedasneeded,insteadofinvestinginhardwareorsoftwarethatmaybeneededonlypartofthetime.Thecloudalsoeliminateslong-termcommitmenttoanyspecifictechnology.
•AvailabilityNearlyanyserviceoneneedsisavailableforafeefromacloudprovider.
•CompetitiveadvantagesEspeciallyforsmallerbusinesses,technicalexpertisecanbeexpensive.Companiesutilizingthecloudfortechnicalservicescanoperateatmuchlesscostthanthosebusinesseswhohavein-housestaff.
•DisasterrecoveryInformationstoredinthecloudisavailableatanytime.Ifadisasterstrikes,dataisstillavailable.
•EfficiencyBecauseoftheeconomiesofscaleinherenttocloudproviders,costsper“transaction”aremuchsmallerthanin-houseoperations.Also,theload-balancingcapabilitiesincreasereliability.
•ElasticityAsbusinessgrows,thecloudprovidesscalability.
•TheftprotectionInformationstoredonalaptoportabletcanbecompromisedifitisstolen.Werethesameinformationstoredinthecloudratherthanonthemobiledevice,thedatawouldnotbeatrisk.
DisadvantagesintheCloudAswithanytechnology,therearedisadvantagestocloudcomputing,coveredinthefollowingsections.
SecurityThemostcommonconcernwhendiscussingmovingtothecloudissecurity.Malware,hackers,andunauthorizedaccessbecomemajorconcerns,andrelyingonathirdpartytoensureconfidentialclientdataorpatentedinternalinformationcanbeamajorissue.
LossofControlInternaldataandinformationarenolongerunderyourimmediatecontrol.Ifapplicationsareruninanotherlocation,theymayexperiencedowntime,slowresponses,orotherproblemsthatcanaffectdailyworkloads.
DependencyIfanenterprisecannotconnecttotheInternet,cloudcomputingbecomesaliabilityinsteadofanasset;therefore,reliable,consistent,high-speedInternetaccessiscritical.Also,onceacompanyiscommittedtoaspecificcloudvendor,itcanbedifficulttomovetoanothersupplier.
InitialCostSmallcompaniesoftenfindtheinitialinvestmentcanbecostly.Researchingexactlywhatacompanyrequiresandcomparingthoserequirementstoservicesofferedbyeachoutside
![Page 480: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/480.jpg)
servicecanhelpfindthelowestcost.
Also,beforecommittingtoaspecificvendorforoutsidecloudservices,companiesmustensuretheirequipmentiscompatiblewithanoutsidecloudserviceprovidertoeliminateanyadditionalin-houseequipmentpurchases.
LackofRedundancyEachservice,especiallythoseofferingdatastorage,offersdifferentlevelsofdatastorageprotection,oftenwithdifferentpricepoints.Evenwhenallisgoingwell,equipmentcanmalfunction.
HowtheCloudWorksToday,cloudcompaniesareeverywhere.But,howdoesthecloudwork?Thecloudworksinmuchthesamewayasyourofficecomputer.However,insteadofinstallingapplicationsorstoringdatalocally,yourapplications,yourdata,andeventheprocessorareinstalledonacomputerinanotherlocation.Figure21-1showsthetraditionalsetupforanofficecomputerwithdataandapplicationsstoredonadesktop(orlaptop)computerwithinoneoffice.
![Page 481: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/481.jpg)
Figure21-1Atypicalofficecomputersetupwithcomputers,server,storage,andwebaccess
Withresources,software,information,andevenoperatingsystemsavailableinthecloudtoday,itispossibleforbusinessesandindividualstobypasstheonsitestorageandserverandhaveallstorage,applications,andprocessingdoneviathecloud,asshowninFigure21-2.
![Page 482: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/482.jpg)
Figure21-2Thecloudprovidesmanyservicesthatwereoncehandledonsite.
Front-EndCloudArchitectureThefrontendofthecloudarchitectureistheclientinterface,themethodbywhichtheenduserconnectstotheInternet.Itincludesthewaytheclient(enduser)connectstotheInternet,suchasane-mailclientthatuseswebbrowsersortask-specificapplications.
Back-EndCloudArchitectureAtthebackendarealltheresourcesthecloudprovides.Thiscanbestorage,software,platforms,andsecurity,asshowninFigure21-3.
![Page 483: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/483.jpg)
Figure21-3Thearchitectureofcloudcomputing
MiddlewareTheresourcesatthebackendusemiddlewaretosupportthevariouscomponents.Middlewarewasonceatermthatdefinedthesoftwareconnectingapplicationsandnetworks.However,todaymiddlewarecanbeconstruedasacloudintermediary;it’ssoftwarethatallowsothercomponentstoworktogether.Thereareseveraltypesofmiddleware,someofwhichareshownhere:
•Content/data-centricThismethodallowsuserstoobtainspecificitemsbyauniqueidentifier,ratherthangoingthroughservers.
•DatabaseThismiddlewareallowsdirectaccesstodatabases,includingSQLdatabases.
•EmbeddedThistypeprovidescommunicationbetweenotherembeddedapplicationsorbetweenembeddedoperatingsystemsandexternalapplications.
•Message-orientedThisenablesdisbursementofapplicationsovervariousplatformsandoperatingsystems.Itisthemostcommonlyused.
•PortalsWhileportalsarenotalwaysconsideredmiddleware,theycreateconnectionsbetweentheuser’sdeviceandback-endservices.
•TransactionThistype,whichisbecomingmorecommon,includeswebapplicationserversandtransactionapplications.
ComponentsBack-endcomponentsvaryfromservicetoservicebutgenerallyhavethreemainparts:
![Page 484: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/484.jpg)
•DatastorageMostcloudservicesofferthiscomponent.Whetherstoredbytheserviceitself,byacloudapplication,orbytheuser,itisoftendesignedtostoremorethanonecopyofeachdataset.
•ApplicationserverEachserverwithintheserviceisusuallydesignedtoperformorprovideonlyoneserviceorfunction.Inmostcases,applicationserversareavailablefortheclientinterface.
•ControlnodesThesetask-specificcomputersconnecttodatastorageorapplicationserversbytheInternetorothernetworks.Theyaretheconnectionbetweenthefront-endarchitectureandservers,maintainingcommunicationandproperdataflowbetweenthetwo.
CloudTypesTherearefourmaintypesofcloudservices.Eachhasitsownadvantagesanddisadvantages.
PublicCloudPubliccloudsareownedandmanagedbyaprivatecompanythatofferstheservicetousers.Theservicesareseparatefromtheusers,andusershavenocontroloverthestructureofthecompany’sequipmentornetwork.Therearemanycompaniesofferingtheseservicestoday,suchasAmazon,Google,andMicrosoft.
Userspayonlyfortheservices,sometimesforshort-termusagetocompleteatime-criticalprojectoroveralongerterm,suchastostoredataoff-site.ThiscanreducethecapitalexpendituresforequipmentandITsupportwithinanorganization.
Whilesuchservicesarescalableandusuallyreliable,becauseofitspublicnature,publiccloudsarevulnerabletomalwareandotherattacks.Moreover,somecompaniescannottakeadvantageofpubliccloudservicesbecauseofsecurityregulationswithintheirindustry.Also,publiccloudscanbeslowerthanin-housenetworks.
PrivateCloudPrivateclouds(alsocalledinternalclouds)areownedandoperatedbyonegroup,company,ororganization.Forexample,theresourcesareusedbyofficesinthreedifferentcities,buttheequipmentandotherassetsarekeptinafourthlocation.Thecompanyownsandmaintainscontrolovertheentirecloud.
Whiletheinitialcostsofcreatingsuchanetworkmaybehigh,thismethodcanalleviatesomesecurityconcernsandgivemuchmorecontrolthanthatofpublicofferings.Privatecloudscanofferthesameservicesaspublicclouds,asdiscussedin“CloudServiceModels”laterinthischapter.
HybridCloudAhybridcloudserviceutilizesbothpublicandprivateclouds,eachofwhichhaveseparateuses.Forexample,acompanymayuseitsinternalinfrastructure(thatis,itsownprivatecloud)forsecurity,speed,orprivacyandthencontractwithanoutsidedatastorage
![Page 485: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/485.jpg)
service.
CommunityCloudEssentially,thiscloudserviceisdesignedforusebyagroupthatwantsmorecontrolthancanbeobtainedfromapubliccloudservice.Thismodelcanbeeithermanagedbythecommunityorcontractedwithanoutsideservice.Itisusuallyformedtoaddressacommonissue,suchasregulatorycomplianceorsecurity.
CloudServiceModelsAscloudcomputingisbecomingmorewidespread,thereareseveraltypesofcloudservicesofferedbytoday’svendors.Severalofthecommonlyusedtypesarediscussedhere.
InfrastructureasaServiceInfrastructureasaservice(IaaS)replacesmanyofthephysicalassetsusedincomputing.Userspayregularfees,oftenmonthlyorannually,touseservers,usenetworks,orstoredataonacomputeratalocationotherthantheirphysicaloffice.Thissavescostsassociatedwithrunningandmaintaininghardwarelocally.
IaaSisoftenplatformindependent,andtheusersarechargedforonlytheresourcestheyactuallyuse.Sincetheinfrastructureexpenseissharedamongalltheusers,hardwareexpenseisgreatlyreduced.Paymentfortheservicecanbeona“pay-as-you-go”basis,wheretheuserpaysforbothsoftwareandinfrastructure,or“bring-your-own-license,”wherethebusinesssuppliesitsownsoftwarelicensesandusesonlytheinfrastructureinthecloud.
Mostprovidersofferauserinterfacethatservesasthemanagementconsolefortheclient.Loggingonwithapasswordofferstheclientmuchthesamegraphicuserinterface(GUI)withwhichtheyarealreadyfamiliar.IaaSisespeciallyusefulforbusinessesthataregrowingrapidlyorhaveperiodswhentheworkloadisespeciallyheavy.
Thisserviceeliminatestheneedtoupgradehardwareandprovidesflexibilityaslongasahigh-speedconnectiontotheInternetisavailable.Providersnormallymanagetheservers,harddrives,networking,andstorage.Someevenofferdatabaseservicesandmessagingqueues.Theuserisstillresponsibleformanagingtheirapplicationsanddata.Mostprovidersrequirethattheusermaintainmiddlewareaswell.
BenefitsofIaaSThereareseveralbenefitstousingIaaS,asshownhere:
•StretchesfinancialresourcesWhencompaniesneedtogrowbutcurrentlyhavelimitedfinancialresources,IaaSisusefulforaccesstoenterprise-levelstructureswithouttheneedtoinvestinmorehardware.Thisfreesfundsforaddingpersonnelorenhancedmarketingcampaigns.
•FlexibilityTheflexibilityofusingjusttheserviceacompanyneeds,suchas
![Page 486: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/486.jpg)
hardware(asaservice)orstorage(asaservice),isanotheradvantagetoIaaS.Thispay-as-you-usemethodcanbeuseful.
•DisasterrecoveryBecauseinformationisstoredawayfromtheuser’sfacility,recoverycanbemuchfasterintheeventoffire,weather-relatedincidents,orothercatastrophes.
•ScalabilityForbusinesseswithtemporarybusycycles,usingIaaScanallowuserstoaccommodatetheschedulesefficiently.
DisadvantagesofIaaSInadditiontotheissuesofusingtheclouddiscussedin“DisadvantagesintheCloud”earlierinthischapter,therearesomespecificIaaSconcerns:
•UseofmobiledevicesBecauseofitson-demandnature,mobiledeviceaccesscancauseusagetoexhausttheresourcesavailable.
•InternalrequirementsIfusersdonotclearlydefineandunderstandtheirneeds,IaaSmayendupcostingmorethaninvestinginadditionalequipment.
•MinimalusageIfthecompanyusageisminimal,IaaSmaynotbethebestsolution.
PlatformasaServiceThesecondlayerinthecloud“stack”isplatformasaservice(PaaS).TheNationalInstituteofStandardsandTechnology(NIST)definesPaaSasfollows:
“PlatformasaService(PaaS).Thecapabilityprovidedtotheconsumeristodeployontothecloudinfrastructureconsumer-createdoracquiredapplicationscreatedusingprogramminglanguages,libraries,services,andtoolssupportedbytheprovider.Theconsumerdoesnotmanageorcontroltheunderlyingcloudinfrastructureincludingnetwork,servers,operatingsystems,orstorage,buthascontroloverthedeployedapplicationsandpossiblyconfigurationsettingsfortheapplication-hostingenvironment.”
PaaSisdesignedfordevelopingandmanagingapplications,asopposedtoIaaS,whichistheprovisionoftheunderlyinghardwareresourcesrequiredinbusiness.Thecloudserviceprovidesboththelower-levelinfrastructureresourcesandtheapplicationdevelopmentanddeploymentstructure.Inthisway,applicationdeveloperscanfocusonthedevelopmentandmanagementofnewapplications.
BenefitsofPaaSAscloudcomputinggrows,thedifferencesbetweenIaaSandPaaSareblurring.Evenso,theabilitytocreate,test,assess,anddeploynewsoftwareapplicationsmakesPaaSappealingforsomeofthefollowingreasons:
•NophysicalinvestmentTheabilitytorentthehardwareresourcesnecessarytodevelopnewsoftwaremakesitpossiblefordeveloperstofocusontheirapplications.
•AnyonecanbeadeveloperUsingawebbrowser,evennovicescancreateanapplication.Usingbrowser-basedsoftwaredevelopmenttools,thedeveloperneedsonlyacomputerwithabrowserandInternetconnection.
![Page 487: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/487.jpg)
•AdaptableandflexibleDevelopershavecontrolofthefeatures,whichcanbechangedifnecessary.
•ConnectivityUsingtheInternet,developersindifferentgeographiclocationscanworkonthesameprojectatthesametimetobuildtheirapplications.
•FasttestinganddeployingTeamscanassessresponseandperformanceacrossmultiplelocations,platforms,andmachines.Smallapplicationsmeantforalimitedcustomerbasenowbecomemorecost-effective.
DisadvantagesofPaaSEvenasPaaSisbeingutilizedinthefield,therearesomeconcerns:
•LackofconfidenceinsecurityDevelopersofnewapplicationsorproductsoftenareconcernedaboutthesecrecyandsecurityofthatinformation.Skepticismaboutrevealingtheirplanstosomeoneoutsidethecompany(thecloudprovider)remainshigh.Otherclientsareconcernedaboutregulatorycomplianceanddataretention.
•SystemintegrationThereisachanceoftheapplicationnotworkingwithunderlyingresources.
•WorkaroundsSomeusershavereportedthenecessityofusingworkaroundstobypassthelimitationsinvolvedonvariousPaaSplatforms.
SoftwareasaServiceWiththeadventofOffice365andGoogleDocs,softwareasaserviceinsteadofaproducttobeinstalledandmaintainedonofficemachinesisbecomingmainstream.Thisfreesusersfromupdatingtheirapplicationsandinvestinginnewhardwareasnewfeaturesareaddedtotheapplication.Userspurchaseusagetimeratherthanalicense,essentiallyrentingtheapplication.
Insomecases,theuserspaynothing,likewithFacebookorsearchengines.Revenueisgeneratedbyadvertisingonthosesites.Insteadofinstallingthesoftwareonanindividualdevice,theuseraccessesthesiteviatheInternet.InsteadofpurchasinganewcomputerwithlotsofRAM,youcanaccessthesesitesfromasmartphoneortabletbecausealloftheheavy-dutytechnologyisontheservercomputer.
BenefitsofSaaSInadditiontothecostbenefitstotheuser,SaaSoffersthefollowing:
•LessuserresponsibilityThereisnoneedtoupgrade,maintain,orcustomizesoftwareapplications.
•AnywhereavailabilityWhetheratafootballgameorintheoffice,documents,spreadsheets,marketingplans,andanyotherdocumentscanbeaccessedquicklyonmostanydevicethatconnectswiththeInternet.
![Page 488: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/488.jpg)
DisadvantagesofSaaSDespiteitsconvenience,therearesomedownsidestoSaaS:
•SlownessAnapplicationaccessedovertheInternetviaabrowsermaybeslowerthanthesameprogramrunningonalocalcomputer.
•ComplianceThereareconcernsinsomeindustriesaboutdataregulationsandrequirements.SoftwareaccessedovertheInternetmaynotmeetthoseregulations.
•Third-partydependencyLikewithallcloudservices,SaaSisdependentonthecloudprovider.Thisisperhapsmostconcerningwhenusingsoftwarefordailytasks.
NetworkasaServiceAswiththeothercloudservices,networkasaservice(NaaS)deliversnetworkservicesovertheInternet.Insteadofinvestinginnetworkinghardware,software,andITstaff,abusinesscancreateaVPNoramobilenetworkwithonlyonecomputer,anInternetconnection,andamonthlyorpay-per-usesubscription.
![Page 489: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/489.jpg)
PART
![Page 490: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/490.jpg)
VI NetworkServices
CHAPTER22
NetworkClients
CHAPTER23
NetworkSecurityBasics
CHAPTER24
WirelessSecurity
CHAPTER25
OverviewofNetworkAdministration
CHAPTER26
NetworkManagementandTroubleshootingTools
CHAPTER27
BackingUp
![Page 491: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/491.jpg)
CHAPTER
![Page 492: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/492.jpg)
22 NetworkClients
Althoughnetworkadministratorsfrequentlyspendalotoftimeinstallingandconfiguringservers,theprimaryreasonfortheservers’existenceistheclients.Thechoiceofapplicationsandoperatingsystemsforyourserversshouldbebasedinpartontheclientplatformsandoperatingsystemsthathavetoaccessthem.Usuallyitispossibleforanyclientplatformtoconnecttoanyserver,onewayoranother,butthisdoesn’tmeanyoushouldchooseclientandserverplatformsfreelyandexpectthemalltoworkwelltogetherineverycombination.
Foreaseofadministration,it’sagoodideatousethesameoperatingsystemonallofyourclientworkstationswhereverpossible.Eventoday,manynetworkinstallationsusestandardIntel-basedPCsrunningsomeversionofMicrosoftWindows,butevenifyouchoosetostandardizeonWindows,youmayhavesomeuserswithspecialneedswhorequireadifferentplatform.Manynetworkadministratorsoverthelastthreetofouryearsaremuchmoreopentothefactthattheyhavetobereadyforanythingandeverythingintheiroperatingsystems.SincetheadventofiPadsandiPhonesandotherAppledevices,manycollegegraduatesmovingintothecorporateworldareusedtoworkingonAppleproducts,soyoungerITadministratorsarealreadyusedtoworkingwiththattypeofsystem.Graphicartists,forexample,areoftenaccustomedtoworkingonApplesystems,andotherusersmayneedUnixorLinux.Whenselectingserverplatforms,youshouldconsiderwhatisneededtoenableusersonvariousclientplatformstoaccessthem.
Whenyourunvariousserverplatformsalongwithmultipleclients,theprocessbecomesevenmorecomplicatedbecauseeachworkstationmightrequiremultipleclients.Theimpactofmultiplenetworkclientsontheperformanceofthecomputerdependsonexactlywhichclientsareinvolved.Thischapterexaminestheclientplatformscommonlyusedonnetworkstodayandthesoftwareusedtoconnectthemtovariousservers.
WindowsNetworkClientsAlthoughMicrosoftWindowsbeganasastand-aloneoperatingsystem,networkingsoonbecameaubiquitouspartofWindows,andallversionsnowincludeaclientthatenablesthemtoconnecttoanyotherWindowscomputer.WindowsnetworkingwasfirstintroducedintheWindowsNT3.1andWindowsforWorkgroupsreleasesin1993.TheWindowsnetworkingarchitectureisbasedonnetworkadapterdriverswrittentotheNetworkDeviceInterfaceSpecification(NDIS)standardand,originally,ontheNetBEUIprotocol.Later,TransmissionControlProtocol/InternetProtocol(TCP/IP)becamethedefaultnetworkingprotocol.
Windowsnetworkingisapeer-to-peersystemthatenablesanycomputeronthenetworktoaccessresourcesonanyothercomputer,aslongastheothercomputersarerunningaprotocolsupportedbyWindows.WhenMicrosoftintroducednetworkingintoWindows,thepredominantnetworkoperatingsystemwasNovellNetWare,whichusedtheclient-servermodelthatenablesclientstoaccessserverresourcesonly.Addingpeer-
![Page 493: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/493.jpg)
to-peernetworkingtoanalreadypopular,user-friendlyoperatingsystemsuchasWindowsledtoitsrapidgrowthinthebusinesslocalareanetwork(LAN)industryanditseventualencroachmentintoNetWare’smarketshare.
WindowsNetworkingArchitectureWindows3.1and3.11weretheonlymajorversionsoftheoperatingenvironmentthatlackedanetworkingstackoftheirown,butitwaspossibletouseMicrosoftClient3.0forMS-DOStoconnectthemtoaWindowsnetwork.AlloftheotherWindowsversionshavebuilt-innetworkingcapabilitiesthatenablethecomputertoparticipateonaWindowsnetwork.
ThebasicarchitectureoftheWindowsnetworkclientisthesameinalloftheoperatingsystems,althoughtheimplementationsdiffersubstantially.Initssimplestform,theclientfunctionalityusesthemodulesshowninFigure22-1.AtthebottomoftheprotocolstackisanNDISnetworkadapterdriverthatprovidesaccesstothenetworkinterfacecard(NIC)installedinthecomputer.Abovethenetworkadapterdriveraredriversfortheindividualprotocolsrunningonthesystem.Atthetopofthestackistheclientitself,whichtakestheformofoneormoreservices.
Figure22-1ThebasicWindowsclientarchitecture
ThesethreelayersformacompleteprotocolstackrunningfromtheapplicationlayeroftheOpenSystemsInterconnection(OSI)modeldowntothephysicallayer.Applicationsgeneraterequestsforspecificresourcesthatpassthroughamechanismthatdetermineswhethertheresourceislocatedonalocaldeviceoronthenetwork.RequestsfornetworkresourcesareredirecteddownthroughthenetworkingstacktotheNIC,whichtransmitsthemtotheappropriatedevices.Thefollowingsectionsexaminetheseelements
![Page 494: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/494.jpg)
inmoredetail.
NDISDriversTheNetworkDeviceInterfaceSpecificationwasdesignedbyMicrosoftand3ComtoprovideaninterfacebetweenthedatalinkandnetworklayersoftheOSImodelthatwouldenableasingleNICinstalledinacomputertocarrytrafficgeneratedbymultipleprotocols.Thisinterfaceinsulatestheprotocoldriversandothercomponentsattheupperlayersoftheprotocolstacksothattheprocessofaccessingnetworkresourcesisalwaysthesame,nomatterwhatNICisinstalledinthemachine.AslongasthereisanNDIS-compatibleNICdriveravailable,theinterfacecanpasstherequestsfromthevariousprotocoldriverstothecard,asneeded,fortransmissionoverthenetwork.
ThevariousWindowsnetworkclientsusedifferentversionsofNDISfortheiradapterdrivers,asshowninTable22-1.NDIS2wastheonlyversionoftheinterfacethatrunsintheIntelprocessor’srealmode,usingconventionalratherthanextendedmemory,anditusedadriverfilewitha.dosextension.MicrosoftClient3.0forMS-DOSreliedonthisversionofthespecificationfornetworkaccess,buttheprimaryjobofNDIS2wastofunctionasareal-modebackupforWindowsforWorkgroups,Windows95,98,andMe.AllfouroftheseoperatingsystemsincludedlaterversionsoftheNDISspecificationthatraninprotectedmode,butthereal-modedriverwasincludedforsituationsinwhichitwasimpossibletoloadtheprotected-modedriver.
Table22-1NDISVersionsandtheOperatingSystemsThatUseThem
TheprimaryadvantageoftheNDIS3driversincludedwithWindowsforWorkgroupsandthefirstWindowsNTreleaseswastheirabilitytoruninprotectedmode,whichcanusebothextendedandvirtualmemory.ThedrivertooktheformofanNDISwrapper,whichisgeneric,andaminiportdriverthatisdevicespecific.Becausemostoftheinterfacecodeispartofthewrapper,thedevelopmentofminiportdriversbyindividualNICmanufacturerswasrelativelysimple.
NDIS3.1,firstusedinWindows95,introducedplug-and-playcapabilitiestotheinterface,whichgreatlysimplifiedtheprocessofinstallingNICs.NDIS4providedadditionalfunctionality,suchassupportforinfraredandothernewmediaandpower-managementcapabilities.NDIS5addedaconnection-orientedservicethatsupportsthe
![Page 495: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/495.jpg)
ATMprotocolinitsnativemode,aswellasitsquality-of-servicefunctions.Inaddition,TCP/IPtaskoffloadingenabledenhancedNICstoperformfunctionsnormallyimplementedbythetransportlayerprotocol,suchaschecksumcomputationsanddatasegmenting,whichreducestheloadonthesystemprocessor.
NDIS6broughtimprovedperformanceforbothclientsandserversinadditiontosimplifiedresethandling,anditstreamlineddriverinitialization.NDIS6.4,thelatestversion,addedmorefunctions.
AlloftheWindowsnetworkclientsshipwithNDISdriversforanassortmentofthemostpopularNICsthatareinuseatthetimeoftheproduct’srelease.Thismeans,ofcourse,thatolderclientsdonotincludesupportforthelatestNICsonthemarket,buttheNICmanufacturersallsupplyNDISdriversfortheirproducts.
ProtocolDriversSinceWindows95,WindowsnetworkclientsallsupporttheuseofTCP/IP.WhenMicrosoftfirstaddednetworkingtoWindows,NetBEUIwasthedefaultprotocolbecauseitiscloselyrelatedtotheNetBIOSinterfacethatWindowsusestonamethecomputersonthenetwork.NetBEUIisself-adjustingandrequiresnoconfigurationormaintenanceatall,butitslackofroutingcapabilitiesmakesitunsuitablefortoday’snetworks.Thisshortcoming,plustheriseinthepopularityoftheInternet,ledtoTCP/IPbeingadoptedastheprotocolofchoiceonmostnetworks,despiteitsneedforindividualclientconfiguration.
TheIPXprotocolsuitewasdevelopedbyNovellforitsNetWareoperatingsystem,whichwasthemostpopularnetworkingsolutionatthetimethatWindowsnetworkingwasintroduced.AfterthereleaseofWindowsVistaandWindowsServer2003x645,youneedtocontactNovellforsupportoneitherIPXorSPX.NovellclientsupportforWindows7,8,and8.1aswellasWindowsx64canbefoundathttps://www.novell.com/documentation/windows_client.
ClientServicesTheupperlayersofthenetworkingstackinaWindowsclienttakedifferentnamesandforms,dependingontheoperatingsystem.Aserviceisaprogramthatrunscontinuouslyinthebackgroundwhiletheoperatingsystemisloaded,theequivalentofadaemoninUnix.
Inmostcases,theWindowsnetworkingarchitectureenablesyoutoinstalladditionalclientservicesthatcantakeadvantageofthesameprotocolandadaptermodulesastheWindowsnetworkclient.Forexample,toturnontheNetworkClientinWindows8.1,followthesesteps:
1.HolddowntheWindowskeyandpressI,andfromtheresultingSettingscolumnontherightsideofyourwindow,chooseControlPanel.
2.FromtheControlPanel,chooseNetworkAndInternet.
3.SelectNetworkAndInternetandthenNetworkAndSharingCenter.
4.Fromthecolumnontheleft,chooseChangeAdapterSettings.
![Page 496: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/496.jpg)
5.Fromthechoicesdisplayed,right-clickthenetworkadapteryouwanttouse.
6.Fromtheresultingmenu,chooseProperties,asshowninFigure22-2.
Figure22-2ChoosePropertiesfromtheright-clickmenu.
7.EnsurethattheClientForMicrosoftNetworkslistitemhasacheckinthecheckbox,asshowninFigure22-3.
![Page 497: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/497.jpg)
Figure22-3TheEthernetPropertiesdialoghasseveraloptionsforeachadapter.
8.ClickOKtoclosethedialogboxandthenclickControlPaneltoreturntotheControlPanelwindow.
NetWareClientsNovellNetWaredominatedthenetworkoperatingsystemmarketwhennetworkingwasbeingintegratedintotheWindowsoperatingsystems,sotheabilitytoaccesslegacyNetWareresourceswhilerunningaWindowsnetworkwasapriorityforMicrosoft’sdevelopmentteam.
NeitherWindows3.1norWindowsforWorkgroupsincludedaNetWareclient,butbothofthemfunctionedwiththeclientssuppliedbyNovell.Atthetimethatthe16-bit
![Page 498: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/498.jpg)
versionsofWindowswerereleased,NetWareclientsusedeithertheNetWareshell(NETX)ortheNetWareDOSRequestor(VLM)clientfortheupper-layerfunctionalityandusedeitheramonolithicorOpenDatalinkInterface(ODI)driverfortheNIC.Amonolithicdriverisasingleexecutable(calledIpx.com)thatincludesthedriversupportforaparticularNIC,whileODIistheNovellequivalentofNDIS,amodularinterfacethatpermitstheuseofmultipleprotocolswithasinglenetworkcard.ThecombinationofanODIdriverandtheVLMrequestorwasthemostadvancedNetWareclientavailableatthattime.
AlloftheseclientoptionsloadedfromtheDOScommandline,whichmeantthattheyprovidednetworkaccesstoDOSapplicationsoutsideofWindows,butalsomeantthattheyutilizedlargeamountsofconventionalanduppermemory.Infact,withoutacarefullyconfiguredbootsequenceoranautomatedmemorymanagementprogram,itwasdifficulttokeepenoughconventionalmemoryfreetoloadapplications.
MacintoshClientsManyoftoday’snetworkscontainworkstationswithdifferentoperatingsystems.AllMacintoshsystemsincludeanintegratednetworkinterface,andthishaslongbeentoutedasevidenceoftheplatform’ssimplicityandsuperiority.InearliertimesMacintoshworkstationsrequiredspecialtreatmenttoconnectthemtoanetworkrunningotherplatforms,suchasWindowsorUnix.However,sinceOSX’sinitialreleasetherehasbeennoproblemrunningaMaconaUnix-basednetwork(OSXisUnix)andfewissuesonaWindowsnetwork.
Inmostcases,however,youcanconfigureyournetworktohandleMacintoshclients,enablingMacuserstosharefileswithWindowsandotherclients.Ifyouselectapplicationsthatareavailableincompatibleversionsforthedifferentclientplatformsyou’rerunning,MacuserscanevenworkonthesamefilesasWindowsusers.
ConnectingMacintoshSystemstoWindowsNetworksOlderWindowsversionscontainedMicrosoftServicesforMacintosh,whichimplementedtheAppleTalkprotocolontheWindowscomputer,enablingMacintoshsystemstoaccessfileandprintersharesontheserver.UnlikeWindowsclients,olderMacsystemsdidnotparticipateaspeersontheWindowsnetwork.
Today,youdonotneedanyextrasoftwaretoaccessnetworkdrivesfromyourApplemachines.
1.OpenaFinderwindowbypressingCOMMAND-N.
2.ChoosefromoneoftheShareditemsintheleftcolumn,asshowninFigure22-4.
![Page 499: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/499.jpg)
Figure22-4TheMacintoshFinderwindowshowsshareditemsinanetwork.
NOTEAlternatively,youcanmaketheFinderutilityontheMacactivebypressingtheFindericon.ThenpressCOMMAND-Ktomanuallyenteraserver’saddress,orclicktheBrowsebuttontobrowsealistofavailableservers.
3.Eitherbrowseamongthesystemsorentertheappropriateaddress.
4.ClickConnectAstodeterminehowyouwanttoconnect.Youmaysigninasaguestorwitharegisteredusernameontheservertowhichyouaretryingtoconnect.
5.ClicktheConnectbuttoninthebottom-rightcornerofthewindowwhenfinished,asshowninFigure22-5.
![Page 500: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/500.jpg)
Figure22-5Connecttoaserveronthenetworkeitherasaguestorwitharegisteredusername.
MicrosoftServicesforMacintoshDiscontinuedin2011,MicrosoftServicesforMacintoshmadeitpossibleforMacintoshsystemstoaccessWindowsServershareswithoutmodifyingtheconfigurationoftheworkstations.
UnixClientsThreeprimarymechanismsprovideclient-serveraccessbetweenUnixsystems.Twoofthesehavebeenportedtomanyothercomputingplatforms,andyoucanusethemtoaccessUnixsystemsfromworkstationsrunningotheroperatingsystems.Thesethreemechanismsareasfollows:
•BerkeleyremotecommandsDesignedforUnix-to-Unixnetworking,thesecommandsprovidefunctionssuchasremotelogin(rlogin),remoteshellexecution(rsh),andremotefilecopying(rcp).
•DARPAcommandsDesignedtoprovidebasicremotenetworkingtasks,suchasfiletransfers(ftp)andterminalemulation(telnet),theDARPAcommandsoperateindependentlyoftheoperatingsystemandhavebeenportedtovirtuallyeveryplatformthatsupportstheTCP/IPprotocols.
•NetworkFileSystem(NFS)DesignedbySunMicrosystemsinthe1980stoprovidetransparentfilesharingbetweennetworksystems,NFShassincebeenpublishedasRFC1813,aninformationalrequestforcomments(RFC),bytheInternetEngineeringTaskForce(IETF).NFSisavailableonawiderangeofcomputingplatforms,enablingmostclientworkstationstoaccessthefilesonUnixsystems.
![Page 501: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/501.jpg)
ApplicationsInmostcases,theTCP/IPstacksonclientcomputersincludeapplicationsprovidingtheDARPAftpandtelnetcommands.SinceallUnixversionsrunFileTransferProtocol(FTP)andTelnetserverservicesbydefault,youcanusetheseclientapplicationstoaccessanyUnixsystemavailableonthenetwork.Theseserverapplicationshavebeenportedtootheroperatingsystemsaswell.
EarlierversionsofWindowsTCP/IPclientsincludedFTPandTelnetclientapplications,withtheexceptionofMicrosoftClient3.0forMS-DOS.InstallingthisclientprovidedaTCP/IPstackandtheWinsockdriverneededtorunInternetapplications,buttheFTPandTelnetprogramswerenotincluded.Youcould,however,usethird-partyFTPandTelnetclientstoaccessUnixandotherserversystems.
UnixAccessWhileFTPandTelnetprovidebasicaccesstoaUnixsystem,theyarenottheequivalentoffullclientcapabilities.Forexample,FTPprovidesonlybasicfiletransferandfilemanagementcapabilities.ToopenadocumentonaUnixsystemusingFTP,youmustdownloadthefiletoalocaldriveanduseyourapplicationtoopenitfromthere.NFS,ontheotherhand,enablestheclientsystemtoaccessaservervolumeasthoughitwereavailablelocally.NFSdownloadsonlytheblocksthattheclientapplicationneeds,insteadofthewholefile.
Thus,whileFTPandTelnetarenearlyalwaysavailableatnocost,clientsthatneedregularaccesstoUnixfilesystemsarebetteroffusingNFS.ThereareNFSproductsthatmakefilesystemcommunicationswithUnixsystemspossible.
ClientforNetworkFileSystems(NFS)andSubsystemforUnix-basedApplications(SUA)areavailablewithWindowscomputers(throughWindows7)toaccessUnixvolumesandtopublishtheirdrivesasNFSvolumesforUnixclients.TheproductalsoincludesaTelnetserverforWindows,aswellasapasswordsynchronizationdaemonforUnixsystems.Withtheservicesinplace,theWindowscomputersystemcanmapadrivelettertoanNFSvolumeonaUnixsystemorreferenceitusingeitherstandardUniversalNamingConvention(UNC)namesortheUnixserver:/exportformat.UnixsystemscanaccessWindowsdrivesjustastheywouldanyotherNFSvolume.
Windows7InterfaceToinstallSUAinWindows7UltimateorEnterpriseorWindowsServer2008R2,followthesesteps:
1.FromStart,clickControlPanelandchoosePrograms.
2.UnderProgramsAndFeatures,clickTurnWindowsFeaturesOnOrOff.
3.IftheUserAccountControldialogboxopens,clickContinue.Otherwise,proceedtothenextstep.
4.IntheWindowsFeaturesdialogbox,selecttheSubsystemForUNIX-basedApplicationscheckbox,asshowninFigure22-6.ClickOK.
![Page 502: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/502.jpg)
Figure22-6SubsystemForUNIX-basedApplicationscheckboxintheWindowsFeaturesdialogbox
5.ClickSetuptoruntheWinZipSelf-Extractorutility,asshowninFigure22-7.
Figure22-7WinZipSelf-Extractorutility
TheprogramappearsonyourStartmenu,asshowninFigure22-8.ThislinkcontainstheshellsandshortcutswithwhichyoucaneditUnix-baseditems.
![Page 503: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/503.jpg)
Figure22-8InstalledSUAontheWindows7Startmenu
Windows8InterfaceWhiletheSUAhasbeendeprecatedinWindows8.1andWindowsServer2012R2,youcanstilldownloadandinstallitinWindows8orServer2012.Gotowww.microsoft.com/en-us/download/confirmation.aspx?id=35512todownloadtheprogram;thenfollowthesesteps:
1.Downloadthepackagethatmatchesthearchitectureofthetargetcomputer.
2.Aftertheexecutableprogramisonyourcomputer,clickSetuptoopentheWinZipSelf-Extractorutility.
3.ClickSetuptoruntheself-extractorandinstalltheutilitiesandSDKforSUA.
![Page 504: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/504.jpg)
CHAPTER
![Page 505: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/505.jpg)
23 NetworkSecurityBasics
Securityisanessentialelementofanynetwork,andmanyofthedailymaintenancetasksperformedbythenetworkadministratoraresecurityrelated.Simplyput,allofthesecuritymechanismsprovidedbythevariouscomponentsofanetworkaredesignedtoprotectasystem’shardware,software,anddatafromaccidentaldamageandunauthorizedaccess.Thegoalofthesecurityadministrationprocessistoprovideuserswithaccesstoalloftheresourcestheyneed,whileinsulatingthemfromthosetheydon’tneed.Thiscanbeafinelinefortheadministratortodrawandadifficultonetomaintain.Properuseofallthesecurityadministrationtoolsprovidedbythenetworkcomponentsisessentialtomaintainingasecureandproductivenetwork.Therearemanydifferentsecuritymechanismsontheaveragenetwork;someareallbutinvisibletousersandattimestoadministrators,whileothersrequireattentiononadailybasis.Thisonechaptercannothopetoprovideanythingclosetoacomprehensivetreatiseonnetworksecurity,butitdoesexaminesomeofthemajorcomponentsyoucanusetoprotectyournetworkandyourdatafromunauthorizedaccess.
SecuringtheFileSystemAllofyourdataisstoredinfilesonyourcomputers,andprotectingthefilesystemisoneofthemostbasicformsofnetworksecurity.Notonlydoesfilesystemsecuritypreventunauthorizedaccesstoyourfiles,italsoenablesyoutoprotectyourdatafrombeingmodifiedordeleted,eitheraccidentallyordeliberately.Therearetwobasicformsofsecuritythatyoucanapplytothefilesystemonyourcomputers:accesspermissionsanddataencryption.
Filesystempermissionsarethemostcommonlyusedsecurityelementonnetworkservers.Allofthemajorserveroperatingsystemshavefilesystemsthatsupporttheuseofpermissionstoregulateaccesstospecificfilesanddirectories.Filesystempermissionstypicallytaketheformofanaccesscontrollist(ACL),whichisalistofusers(orgroupsofusers),maintainedbyeachfileanddirectory,thathavebeengrantedaspecificformofaccesstothatfileordirectory.EachentryintheACLcontainsauserorgroupname,plusaseriesofbitsthatdefinethespecificpermissionsgrantedtothatuserorgroup.
Itisstandardpracticeforafilesystemtobreakdownaccesspermissionsintoindividualtasks,suchasreadandwrite,andtoassignthemtousersseparately.Thisenablesthenetworkadministratortospecifyexactlywhataccesseachusershouldhave.Forexample,youmaywanttograntcertainusersthereadpermissiononly,enablingthemtoreadthecontentsofafilebutnotmodifyit.Manipulatingpermissionassignmentsisaneverydaytaskfortheadministratorofaproperlyprotectednetwork.
Thefollowingsectionsexaminethefilesystempermissions,asimplementedbyeachofthemajorserveroperatingsystemplatforms.
TheWindowsSecurityModel
![Page 506: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/506.jpg)
SecurityisanintegralpartoftheWindowsoperatingsystemdesign,andtofullyunderstandtheuseofpermissionsintheseoperatingsystems(OSs),ithelpstohavesomeknowledgeoftheoverallsecuritymodeltheyuse.ThesecuritysubsysteminWindowsisintegratedthroughouttheOSandisimplementedbyanumberofdifferentcomponents,asshowninFigure23-1.UnlikeotherWindowsenvironmentalsubsystemsrunninginusermode,thesecuritysubsystemisknownasanintegralsubsystembecauseitisusedbytheentireOS.AllofthesecuritysubsystemcomponentsinteractwithSecurityReferenceMonitor,thekernelmodesecurityarbitratorthatcomparesrequestsforaccesstoaresourcetothatresource’sACL.
Figure23-1TheWindowssecurityarchitecture
Theusermodesecuritysubsystemcomponentsandtheirfunctionsareasfollows:
•LogonProcessAcceptslogoninformationfromtheuserandinitiatestheauthenticationprocess
•LocalSecurityAuthority(LSA)Functionsasthecentralclearinghouseforthesecuritysubsystembyinitiatingthelogonprocess,callingtheauthenticationpackage,generatingaccesstokens,managingthelocalsecuritypolicy,andloggingauditmessages
•SecurityAccountsManager(SAM)Databasecontainingtheuserandgroupaccountsforthelocalsystem
•SecurityPolicyDatabaseContainspolicyinformationonuserrights,auditing,andtrustrelationships
•AuditLogContainsarecordofsecurity-relatedeventsandchangesmadetosecuritypolicies
Duringatypicaluserlogontothelocalmachine,thesecomponentsinteractasfollows:
1.ThelogonprocessappearsintheformoftheLogondialogboxproducedwhentheuserpressesCTRL-ALT-DELETEafterthesystemboots.Theuserthensuppliesausernameandpassword.
2.ThelogonprocesscallstheLSAthatrunstheauthenticationpackage.
3.Theauthenticationpackagecheckstheusernameandpasswordagainstthe
![Page 507: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/507.jpg)
localSAMdatabase.
4.Whentheusernameandpasswordareverified,theSAMrepliestotheauthenticationpackagewiththesecurityIDs(SIDs)oftheuserandallthegroupsofwhichtheuserisamember.
5.TheauthenticationpackagecreatesalogonsessionandreturnsittotheLSAwiththeSIDs.
6.TheLSAcreatesasecurityaccesstokencontainingtheSIDsandtheuserrightsassociatedwiththeSIDs,aswellasthenameoftheuserandthegroupstowhichtheuserbelongs,andsendsittothelogonprocess,signalingasuccessfullogon.ThesystemwillusetheSIDsinthistokentoauthenticatetheuserwheneverheorsheattemptstoaccessanyobjectonthesystem.
7.ThelogonsessionsuppliestheaccesstokentotheWin32subsystem,whichinitiatestheprocessofloadingtheuser’sdesktopconfiguration.
NOTEThisprocedureoccurswhenauserlogsonusinganaccountonthelocalmachineonly,notwhenloggingontoanActiveDirectorydomain.ActiveDirectorylogonsaremorecomplexandareexaminedlaterinthischapter.
MuchoftheWindowssecuritysubsystem’sworkistransparenttousersandadministrators.Thesecuritycomponentsthataremostconspicuousinday-to-dayactivitiesaretheSAMdatabase(whichholdsallthelocalWindowsuser,group,andcomputeraccounts)andActiveDirectory.EveryWindowssystemhasaSAMdatabaseforitslocalaccounts,acopyofwhichisstoredoneachdomaincontroller(DC).ActiveDirectoryisaseparateservicethathasitsownsecurityarchitecture,butforthepurposeofassigningpermissions,ActiveDirectoryobjectsfunctioninthesamewayasaccountsintheSAMdatabase.EveryobjectonthesystemthatisprotectedbyWindowssecurityincludesasecuritydescriptorthatcontainsanACL.TheACLconsistsofaccesscontrolentries(ACEs)thatspecifywhichusersandgroupsaretobegrantedaccesstotheobjectandwhataccesstheyaretoreceive.Whenyouspecifythepermissionsforanobject,suchasafile,directory,share,orregistrykey,youaremodifyingtheentriesinthatobject’sACL.ClickingtheAddbuttonontheSecuritypageinthePropertiesdialogboxforaspecificfolder,forexample(seeFigure23-2),displaysalistoftheusersandgroupsintheSAMdatabaseortheobjectsintheActiveDirectory.SelectingusersandgrantingthempermissiontoaccesstheshareaddstheuserstotheACLforthatshare.
![Page 508: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/508.jpg)
Figure23-2YouuseanActiveDirectoryUsersAndComputersdialogboxlikethisonetocreateACEsforWindowsobjects.
WhenyoulogontoanActiveDirectory,thesystemaccessesanaccountdatabasethatislocatedononeofthenetwork’sdomaincontrollersforauthentication.Theuser,group,andcomputeraccountsforthedomainarestoredintheDCsandareaccessedwheneveryouuseautilitythatmodifiestheACLsofsystemobjects.Duringadomainsession,youusethesameSecuritypageshowninFigure23-2toselecttheusersandgroupsinthedomainasyouwouldthoseinthelocalSAM.Youcanalsoselectusersandgroupsfromotherdomainsonthenetwork,aslongasthoseotherdomainsaretrustedbythedomaininwhichthesystemiscurrentlyparticipating.
WhenaWindowscomputerisamemberofadomain,thelocalSAMdatabasestillexists.TheLogOnToWindowsdialogboxletsyouselectadomainorthelocalsystemforthecurrentsession.NotethatadomainandalocalSAMdatabasecanhaveuserandgroupaccountswiththesamename.Thereis,forexample,anAdministratoraccountinthedomainandanAdministratoraccountforthelocalsystem,bothofwhichareautomaticallycreatedbydefault.Thesetwoaccountsarenotinterchangeable.Theycanhavedifferentpasswordsanddifferentrightsandpermissions.Toinstallanetworkadapterdriver,youmustbeloggedonastheadministratorofthelocalsystem(oranequivalent).Bydefault,adomainadministratoraccountdoesnothavetherightstomodifythehardwareconfigurationonthelocalsystem.
WindowsFileSystemPermissionsGrantingauserorgrouppermissionstoaccessaWindowsresourceaddsthemasanACEtotheresource’sACL.Thedegreeofaccessthattheuserorgroupisgranteddependsonwhatpermissionstheyareassigned.NTFSdefinessixstandardpermissionsforfilesandfolders—read,readandexecute,modify,write,listfoldercontents,andfullcontrol—plusoneextraforfoldersonly.ThestandardpermissionsforNTFSfilesandfoldersareactuallycombinationsofindividualpermissions.
Thefollowingarethefunctionsofthestandardpermissionswhenappliedtoafolder:
ReadEnablesauser/groupto
•Seethefilesandsubfolderscontainedinthefolder
•Viewtheownership,permissions,andattributesofthefolder
![Page 509: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/509.jpg)
ReadandExecuteEnablesauser/groupto
•Navigatethroughrestrictedfolderstoreachotherfilesandfolders
•PerformallactionsassociatedwiththeReadandListFolderContentspermissions
ModifyEnablesauser/groupto
•Deletethefolder
•PerformallactionsassociatedwiththeWriteandReadandExecutepermissions
WriteEnablesauser/groupto
•Createnewfilesandsubfoldersinsidethefolder
•Modifythefolderattributes
•Viewtheownershipandpermissionsofthefolder
ListFolderContentsEnablesauser/groupto
•Viewthenamesofthefilesandsubfolderscontainedinthefolder
FullControlEnablesauser/groupto
•Modifythefolderpermissions
•Takeownershipofthefolder
•Deletesubfoldersandfilescontainedinthefolder
•PerformallactionsassociatedwithalloftheotherNTFSfolderpermissions
Thefollowingarethefunctionsofthestandardpermissionswhenappliedtoafile:
ReadEnablesauser/groupto
•Readthecontentsofthefile
•Viewtheownership,permissions,andattributesofthefile
ReadandExecuteEnablesauser/groupto
•PerformallactionsassociatedwiththeReadpermission
•Runapplications
ModifyEnablesauser/groupto
•Modifythefile
•Deletethefile
•PerformallactionsassociatedwiththeWriteandReadandExecutepermissions
WriteEnablesauser/groupto
![Page 510: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/510.jpg)
•Overwritethefile
•Modifythefileattributes
•Viewtheownershipandpermissionsofthefile
FullControlEnablesauser/groupto
•Modifythefilepermissions
•Takeownershipofthefile
•PerformallactionsassociatedwithalloftheotherNTFSfilepermissions
Thefollowingaretheindividualpermissionsthatmakeupeachofthestandardpermissions:
ReadEnablesauser/groupto
•Listfolder/readdata
•Readattributes
•Readextendedattributes
•Readpermissions
•Synchronizewithmultithreaded,multiprocessingprograms
NOTEMultithreadedprogramsarethosethatcanbeusedbymorethanoneuseratatimewithouttheprogrambeingloadedbyeachuser.Eachrequestforsuchuseiscalledathread.Synchronizingpermissionsallowtheuser(orgroup)tocoordinate(synchronize)theuseofsuchprograms.Multiprocessingprogramsarethosethatcanberunbytwo(ormore)differentprocessorsonthesamecomputer.
ReadandExecuteEnablesauser/groupto
•Listfolder/readdata
•Readattributes
•Readextendedattributes
•Readpermissions
•Synchronizewithmultithreaded,multiprocessingprograms
•Traversefoldersandexecutefiles
ModifyEnablesauser/groupto
•Createfilesandwritedata
•Createfoldersandappenddata
•Deletefilesandfolders
![Page 511: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/511.jpg)
•Listfoldersandreaddata
•Readattributes
•Readextendedattributes
•Readpermissions
•Synchronizewithmultithreaded,multiprocessingprograms
•Writeattributes
•Writeextendedattributes
WriteEnablesauser/groupto
•Createfilesandwritedata
•Createfoldersandappenddata
•Readpermissions
•Synchronizewithmultithreaded,multiprocessingprograms
•Writeattributes
•Writeextendedattributes
ListFolderContentsEnablesauser/groupto
•Listfoldersandreaddata
•Readattributes
•Readextendedattributes
•Readpermissions
•Synchronizewithmultithreaded,multiprocessingprograms
•Traversefoldersandexecutefiles
FullControlEnablesauser/groupto
•Changepermissions
•Createfilesandwritedata
•Createfoldersandappenddata
•Deletefilesandfolders
•Deletesubfoldersandfiles
•Listfoldersandreaddata
•Readattributes
•Readextendedattributes
•Readpermissions
•Synchronizewithmultithreaded,multiprocessingprograms
![Page 512: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/512.jpg)
•Takeownership
•Writeattributes
•Writeextendedattributes
Thefunctionsoftheindividualpermissionsareasfollows:
•TraverseFolder/ExecuteFileTheTraverseFolderpermissionallowsordeniesuserstheabilitytomovethroughfoldersthattheydonothavepermissiontoaccess,soastoreachfilesorfoldersthattheydohavepermissiontoaccess(appliestofoldersonly).TheExecuteFilepermissionallowsordeniesuserstheabilitytorunprogramfiles(appliestofilesonly).
•ListFolder/ReadDataTheListFolderpermissionallowsordeniesuserstheabilitytoviewthefileandsubfoldernameswithinafolder(appliestofoldersonly).TheReadDatapermissionallowsordeniesuserstheabilitytoviewthecontentsofafile(appliestofilesonly).
•ReadAttributesAllowsordeniesuserstheabilitytoviewtheNTFSattributesofafileorfolder.
•ReadExtendedAttributesAllowsordeniesuserstheabilitytoviewtheextendedattributesofafileorfolder.
•CreateFiles/WriteDataTheCreateFilespermissionallowsordeniesuserstheabilitytocreatefileswithinthefolder(appliestofoldersonly).TheWriteDatapermissionallowsordeniesuserstheabilitytomodifythefileandoverwriteexistingcontent(appliestofilesonly).
•CreateFolders/AppendDataTheCreateFolderspermissionallowsordeniesuserstheabilitytocreatesubfolderswithinafolder(appliestofoldersonly).TheAppendDatapermissionallowsordeniesuserstheabilitytoadddatatotheendofthefilebutnottomodify,delete,oroverwriteexistingdatainthefile(appliestofilesonly).
•WriteAttributesAllowsordeniesuserstheabilitytomodifytheNTFSattributesofafileorfolder.
•WriteExtendedAttributesAllowsordeniesuserstheabilitytomodifytheextendedattributesofafileorfolder.
•DeleteSubfoldersandFilesAllowsordeniesuserstheabilitytodeletesubfoldersandfiles,eveniftheDeletepermissionhasnotbeengrantedonthesubfolderorfile.
•DeleteAllowsordeniesuserstheabilitytodeletethefileorfolder.
•ReadPermissionsAllowsordeniesuserstheabilitytoreadthepermissionsforthefileorfolder.
•ChangePermissionsAllowsordeniesuserstheabilitytomodifythepermissionsforthefileorfolder.
•TakeOwnershipAllowsordeniesuserstheabilitytotakeownershipofthe
![Page 513: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/513.jpg)
fileorfolder.
•SynchronizeAllowsordeniesdifferentthreadsofmultithreaded,multiprocessorprogramstowaitonthehandleforthefileorfolderandsynchronizewithanotherthreadthatmaysignalit.
PermissionsarestoredaspartoftheNTFSfilesystem,notinActiveDirectoryortheSAMdatabase.Tomodifythepermissionsforafileordirectory,youselecttheSecuritytabinthePropertiesdialogboxofafileorfoldertodisplaycontrolslikethoseshowninFigure23-3.HereyoucanaddusersandgroupsfromthelocalSAM,fromthecurrentdomain,andfromothertrusteddomains,andspecifythestandardpermissionsthateachoneistobeallowedordenied.
![Page 514: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/514.jpg)
Figure23-3FromthePropertiesdialogboxforNTFSfilesystemobjectsinWindows,usetheSecuritytabtoassignpermissions.
Aswithallfilesystems,thepermissionsthatyouassigntoafolderareinheritedbyallofthefilesandsubfolderscontainedinthatfolder.Byjudiciouslyassigningpermissionsthroughoutthefilesystem,youcanregulateuseraccesstofilesandfolderswithgreatprecision.
ClicktheAdvancedbuttontoopentheAdvancedSettingsdialogbox,asshowninFigure23-4.
Figure23-4TheAdvancedSecuritySettingsdialogboxenablesyoutoworkwithindividualpermissions.
IfthestandardNTFSpermissionsdonotprovideyouwiththeexactdegreeofaccesscontrolyouneed,youcanworkdirectlywiththeindividualpermissionsbyclickingtheAdvancedbuttonandthentheSharetabtodisplaythePermissionEntryForUsersdialogboxforthefileorfolder,liketheoneinFigure23-5.SelectanameduserandclickViewtoseewhatpermissionshavebeengranted.Youcanmodifythesepermissionsatwilltocustomizetheuser’sorgroup’saccesstothefilesystemresource.
![Page 515: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/515.jpg)
Figure23-5ThePermissionEntryForUsersdialogboxexplainswhatpermissionsaregrantedforaselecteduser.
Thefileanddirectorypermissionsapplytoeveryonewhoaccessestheobject,eitheronthelocalsystemorthroughthenetwork.Itisalsopossibletocontrolnetworkaccesstothefilesystembyusingsharepermissions.TomakeanNTFSdriveordirectoryavailableforaccessoverthenetwork,youhavetocreateashareoutofit,andshareshaveaccesscontrollistsjustlikefilesanddirectoriesdo.Tosetsharepermissions,youopenadrive’sorfolder’sPropertiesdialogbox,selecttheSharingtab,andclickthePermissionsbuttontodisplayadialogboxlikethatshowninFigure23-5.Toaccessthefilesonashare,anetworkusermusthavepermissionsforboththeshareandthefilesanddirectoriesintheshare.
Thepermissionsyoucangranttospecificusersandgroupsforsharesaredifferentfromthoseusedforfilesanddirectories.
NOTEInWindows,it’simportanttounderstandthatpermissionsarenotthesamethingasrights.Rightsarerulesthatidentifyspecificactionsauserisallowedtoperformonthelocalsystem,suchasAccessThisComputerFromTheNetworkandBackUpFilesAndDirectories.Manypeopleusethetermrightsincorrectlywhentheymeanpermissions,asin“Theuserhastherightstoaccessthedirectory.”
UnixFileSystemPermissionsUnixalsousespermissionstocontrolaccesstoitsfilesystem,butthesystemissubstantiallydifferentfromthoseofWindows.InUnix,thereareonlythreepermissions:read,write,andexecute.
Thefollowingaretheaccesstypesprovidedbyeachpermissionwhenappliedtoadirectory:
![Page 516: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/516.jpg)
•ReadEnablesausertolistthecontentsofthedirectory
•WriteEnablesausertocreateorremovefilesandsubdirectoriesinthedirectory
•ExecuteEnablesausertochangetothedirectoryusingthecdcommand
Thefollowingaretheaccesstypesprovidedbyeachpermissionwhenappliedtoafile:
•ReadEnablestheusertoviewthecontentsofthefile
•WriteEnablestheusertoalterthecontentsofthefile
•ExecuteEnablesausertorunthefileasaprogram
Eachofthesethreepermissionscanbeappliedtothreeseparateentities:thefile’sowner,thegrouptowhichthefilebelongs,andallotherusers.Whenyoulistthecontentsofadirectoryusingthels-lcommand,youseeadisplayforeachfileanddirectorylikethefollowing:-rwxr-xr--1csmithsales776Sep1509:34readme
Thefirstcharacterinthedisplayidentifiesthefilesystemelement,usingthefollowingvalues:
•-~File
•dDirectory
•bSpecialblockfile
•cSpecialcharacterfile
•lSymboliclink
•PNamedpipespecialfile
Thenextthreecharacters(rwx)indicatethepermissionsgrantedtotheownerofthefile(csmith).Inthiscase,theownerhasallthreepermissions.Thenextthreecharactersindicatethepermissionsgrantedtothefile’sgroup,andthefollowingthreeindicatethepermissionsgrantedtoallotherusers.Inthisexample,ther-xvalueindicatesthatthefile’sgroup(sales)hasbeengrantedthereadandexecutepermissionsonly,andther—valueindicatesthattheotherusershavebeengrantedonlythereadpermission.Tochangethepermissions,youusethechmodcommand.
ThisaccesscontrolmechanismiscommontoallUnixvariants,butitdoesn’tprovideanywherenearthegranularityoftheNTFSandNetWarefilesystems.Thesystemrecognizesonlythreebasicclassesofusers(users,groups,andothers),makingitimpossibletograntpermissionstoseveralusersindifferentgroupswhileblockingaccessbyeveryoneelse.Toaddressthisshortcoming,someUnixoperatingsystemsincludemoreadvancedaccesscontrolmechanisms.
VerifyingIdentitiesUserauthenticationisanotheroneoftheimportantsecuritymechanismsonadata
![Page 517: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/517.jpg)
network.Assigningfilesystempermissionstospecificusersispointlessunlessthesystemcanverifytheuser’sidentityandpreventunauthorizedpeoplefromassumingthatidentity.Authenticationisanexchangeofinformationthatoccursbeforeauserispermittedtoaccesssecurednetworkresources.Inmostcases,theauthenticationprocessconsistsoftheusersupplyinganaccountnameandanaccompanyingpasswordtothesystemhostingtheresourcestheuserwantstoaccess.Thesystemreceivingthenameandpasswordchecksthemagainstanaccountdirectoryand,ifthepasswordsuppliedisthecorrectoneforthataccount,grantstheuseraccesstotherequestedresource.
Applicationsandservicesusedifferenttypesofauthenticationmechanisms,rangingfromthesimpletotheextremelycomplex.Thefollowingsectionsexaminesomeofthesemechanisms.
FTPUserAuthenticationTheFileTransferProtocol(FTP)isabasicTransmissionControlProtocol/InternetProtocol(TCP/IP)servicethatenablesuserstouploadfilestoanddownloadthemfromanothercomputeronthenetwork,aswellastoperformbasicfilemanagementtasks.However,beforeanFTPclientcandoanyofthis,itmustauthenticateitselftotheFTPserver.FTPisanexampleofthesimplestpossibletypeofauthenticationmechanismandoneofthemostinsecure.AftertheFTPclientestablishesastandardTCPconnectionwiththeserver,itemploystheUSERandPASScommandstotransmitanaccountnameandpassword.Theserverchecksthecredentialsoftheuserandeithergrantsordeniesaccesstotheservice.
NOTEInmanycases,theauthenticationsequenceremainsinvisibletotheuseroperatingtheFTPclient.Thisisbecause,ontheInternet,accesstomanyFTPserversisunrestricted.Theserveracceptsanyaccountnameandpassword,andthetraditionistouseanonymousastheaccountnameandtheuser’se-mailaddressasthepassword.ManyFTPclientprogramsautomaticallysupplythisinformationwhenconnectingtoaservertosavetheuserfromhavingtosupplyitmanually.
TheFTPauthenticationprocessisinherentlyinsecurebecauseittransmitstheuser’saccountnameandpasswordoverthenetworkincleartext.AnyonerunningaprotocolanalyzerorotherprogramthatiscapableofcapturingthepacketstransmittedoverthenetworkanddisplayingtheircontentscanviewthenameandpasswordandusethemtogainaccesstotheFTPserver.Iftheusershouldhappentobeanetworkadministratorwhoisthoughtlessenoughtouseanaccountthatalsoprovideshigh-levelaccesstoothernetworkresources,thesecuritycompromisecouldbesevere.
Clearly,whileFTPmaybesuitableforbasicfiletransfertasks,youshouldnotcountonitsaccesscontrolmechanismtosecuresensitivedatabecauseitistooeasyfortheaccountpasswordstobeintercepted.
Kerberos
![Page 518: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/518.jpg)
AttheotherendofthespectrumofauthenticationmechanismsisasecurityprotocolcalledKerberos,developedbyMITandoriginallydefinedintheRFC1510documentpublishedbytheInternetEngineeringTaskForce(IETF).(Today’sversionisVersion5.)WindowsActiveDirectorynetworksuseKerberostoauthenticateusersloggingontothenetwork.BecauseKerberosreliesonthepublickeyinfrastructurewhenexchangingdatawiththeclientsandserversinvolvedintheauthenticationprocess,allpasswordsandothersensitiveinformationaretransmittedinencryptedforminsteadofcleartext.Thisensuresthatevenifanunauthorizedindividualweretocapturethepacketsexchangedduringtheauthenticationprocedure,nosecuritycompromisewouldresult.
OneofthefundamentalprinciplesofActiveDirectoryisthatitprovidesuserswithasinglenetworklogoncapability,meaningthatoneauthenticationprocedurecangrantauseraccesstoresourcesalloverthenetwork.Kerberosisaperfectsolutionforthistypeofarrangementbecauseitisdesignedtofunctionasanauthenticationservicethatisseparatefromtheservershostingtheresourcesthattheclientneedstoaccess.Forexample,duringanFTPauthentication,onlytwopartiesareinvolved,theclientandtheserver.Theserverhasaccesstothedirectorycontainingtheaccountnamesandpasswordinformationforauthorizedusers,checksthecredentialssuppliedbyeachconnectingclient,andeithergrantsordeniesaccesstotheserveronthatbasis.IftheclientwantstoconnecttoadifferentFTPserver,itmustperformtheentireauthenticationprocessalloveragain.
Bycontrast,duringanActiveDirectorylogon,theclientsendsitscredentialstotheKerberosKeyDistributionCenter(KDC)servicerunningonadomaincontroller,whichinKerberosterminologyiscalledanauthenticationserver(AS).OncetheAScheckstheclient’scredentialsandcompletestheauthentication,theclientcanaccessresourcesonserversalloverthenetwork,withoutperformingadditionalauthentications.Forthisreason,Kerberosiscalledatrustedthird-partyauthenticationprotocol.
PublicKeyInfrastructureWindowsusesapublickeyinfrastructure(PKI)thatstrengthensitsprotectionagainsthackingandotherformsofunauthorizedaccess.Intraditionalcryptography,alsocalledsecretkeycryptography,asinglekeyisusedtoencryptanddecryptdata.Fortwoentitiestocommunicate,theymustbothpossessthekey,whichimpliestheneedforsomepreviouscommunicationduringwhichthekeyisexchanged.Ifthekeyisinterceptedorcompromised,theentireencryptionsystemiscompromised.
ThefundamentalprincipleofaPKIisthatthekeysusedtoencryptanddecryptdataaredifferent.Eachsystemhasapublickeyusedtoencryptdataandaprivatekeyusedtodecryptit.Bysupplyingyourpublickeytoothersystems,youenablethemtoencryptdatabeforesendingittoyousothatyoucandecryptitusingyourprivatekey.However,thepublickeycannotdecryptthedataonceithasbeenencrypted.Thus,whileintrudersmayinterceptpublickeysastheyaretransmittedacrossthenetwork,theycan’taccessanyencrypteddataunlesstheyhavetheprivatekeysaswell,andprivatekeysarenevertransmittedoverthenetwork.
TheuseofaPKImakesitpossibletotransmitauthenticationdataacrossaWindowsnetworkwithgreatersecuritythanclear-textauthenticationmechanismslikethatofFTPorevenothersecretkeycryptographymechanisms.APKIalsoprovidesthecapabilityto
![Page 519: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/519.jpg)
usedigitalsignaturestopositivelyidentifythesenderofamessage.Adigitalsignatureisamethodforencryptingdatawithaparticularuser’sprivatekey.Otherusersreceivingthetransmissioncanverifythesignaturewiththeuser’spublickey.Changingevenonebitofthedatainvalidatesthesignature.Whenthetransmissionarrivesintact,thevalidsignatureprovesnotonlythatthetransmissionhasnotbeenchangedinanywaybutalsothatitunquestionablyoriginatedfromthesendinguser.Today,inmanylocations,adigitallysignedtransmissioncancarryasmuchlegalandethicalweightasasignedpaperdocument.
Kerberosauthenticationisbasedontheexchangeofticketsthatcontainanencryptedpasswordthatverifiesauser’sidentity.WhenauseronaWindowsclientsystemlogsontoanActiveDirectorydomain,ittransmitsalogonrequestcontainingtheuser’saccountnametoanAS,whichisanActiveDirectorydomaincontroller.TheKDCserviceonthedomaincontrollerthenissuesaticket-grantingticket(TGT)totheclientthatincludestheuser’sSID,thenetworkaddressoftheclientsystem,atimestampthathelpstopreventunauthorizedaccess,andthesessionkeythatisusedtoencryptthedata.TheASencryptstheresponsecontainingtheTGTusingakeythatisbasedonthepasswordassociatedwiththeuser’saccount(whichtheASalreadyhasinitsdirectory).WhentheclientreceivestheresponsefromtheAS,itdecryptsthemessagebypromptingtheuserforthepassword,whichisthedecryptionkey.Thus,theuser’sidentityisauthenticatedwithoutthepasswordbeingtransmittedoverthenetwork.
TheTGTisretainedbytheclientsystem,tobeusedasalicenseforfutureauthenticationevents.Itisessentiallyapassaffirmingthattheuserhasbeenauthenticatedandisauthorizedtoaccessnetworkresources.OnceaclienthasaTGT,itcanuseittoidentifytheuser,eliminatingtheneedtorepeatedlysupplyapasswordwhenaccessingvariousnetworkresources.
Whentheuserwantstoaccessaresourceonanetworkserver,theclientsendsarequesttoaticket-grantingservice(TGS)onthedomaincontroller,whichidentifiestheuserandtheresourceserverandincludesacopyoftheTGT.TheTGS,whichsharesthesessionkeyfortheTGTwiththeAS,decryptstheTGTtoaffirmthattheuserisauthorizedtoaccesstherequestedresource.TheTGSthenreturnsaservicetickettotheclientthatgrantstheuseraccesstothatparticularresourceonly.Theclientsendsanaccessrequesttotheresourceserverthatcontainstheuser’sIDandtheserviceticket.Theresourceserverdecryptstheserviceticketand,aslongastheuserIDmatchestheIDintheticket,grantstheuseraccesstotherequestedresource.Aclientsystemcanretainmultipleserviceticketstoprovidefutureaccesstovariousnetworkresources.Thissystemprotectsboththeserverandtheuserbecauseitprovidesmutualauthentication;theclientisauthenticatedtotheserverandtheservertotheclient.
DigitalCertificatesForthePKItooperate,computersmustexchangethepublickeysthatenabletheircorrespondentstoencryptdatabeforetransmittingittothemoverthenetwork.However,thedistributionofthepublickeyspresentsaproblem.Forthetransmissiontobetrulysecure,theremustbesomewaytoverifythatthepublickeysbeingdistributedactuallycamefromthepartytheypurporttoidentify.Forexample,ifyouremployersendsyouan
![Page 520: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/520.jpg)
e-mailencryptedwithyourpublickey,youcandecryptthemessageusingyourprivatekey,sureintheknowledgethatnoonecouldhaveinterceptedthemessageandreaditscontents.Buthowdoyouknowthemessagedidindeedcomefromyourbosswhenit’spossibleforsomeoneelsetohaveobtainedyourpublickey?Also,whatwouldstopsomeonefrompretendingtobeyouanddistributingapublickeythatotherscanusetosendencryptedinformationintendedforyou?
Oneanswertothesequestionsistheuseofdigitalcertificates.Acertificateisadigitallysignedstatement,issuedbyathirdpartycalledacertificateauthority(CA),thatbindsauser,computer,orserviceholdingaprivatekeywithitscorrespondingpublickey.BecausebothcorrespondentstrusttheCA,theycanbeassuredthatthecertificatestheyissuecontainvalidinformation.Acertificatetypicallycontainsthefollowing:
•SubjectidentifierinformationName,e-mailaddress,orotherdataidentifyingtheuserorcomputertowhichthecertificateisbeingissued
•SubjectpublickeyvalueThepublickeyassociatedwiththeuserorcomputertowhichthecertificateisbeingissued
•ValidityperiodSpecifieshowlongthecertificatewillremainvalid
•IssueridentifierinformationIdentifiesthesystemissuingthecertificate
•IssuerdigitalsignatureEnsuresthevalidityofthecertificatebypositivelyidentifyingitssource
OntheInternet,certificatesareusedprimarilyforsoftwaredistribution.Forexample,whenyourwebbrowserdownloadsaplug-increatedbyKoolStuffCorporationthatisrequiredtodisplayaparticulartypeofwebpage,acertificatesuppliedbytheserververifiesthatthesoftwareyouaredownloadingdidactuallycomefromKoolStuffGraphics.ThispreventsanyoneelsefrommodifyingorreplacingthesoftwareanddistributingitasKoolStuff’sown.
ThecertificatesusedontheInternetaretypicallydefinedbytheITU-TX.509standardandissuedbyaseparatecompanythatfunctionsastheCA.Oneofthemostwell-knownpublicCAsiscalledVeriSign.It’salsopossibletocreateyourowncertificatesforinternaluseinyourorganization.Youcanusecertificatestoauthenticateuserstowebservers,sendsecuree-mail,and(optionally)authenticateuserstodomains.Forthemostpart,theuseofcertificatesistransparenttousers,butadministratorscanmanagethemmanuallyusingtheCertificatessnap-infortheMicrosoftManagementConsole.
Today,thereareanumberofcertificateauthenticationservicesavailable.Nomatterwhichserviceisused,ensureyouhavethelatest,updatedversiontoforestallanysystemproblems,suchasthoseexperiencedduring2014andtheHeartbleedvulnerability.
Token-BasedandBiometricAuthenticationAlloftheauthenticationmechanismsdescribedthusfarrelyonthetransmissionofpasswordsbetweenclientsandservers.Passwordsareareasonablysecuremethodofprotectingdatathatissomewhatsensitive,butnotextremelyso.Whendatamustremaintrulysecret,passwordsareinsufficientforseveralreasons.Mostnetworkusershavea
![Page 521: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/521.jpg)
tendencytobesloppyaboutthepasswordstheyselectandhowtheyprotectthem.Manypeoplechoosepasswordsthatareeasyforthemtorememberandtype,unawarethattheycaneasilybepenetrated.Namesofspouses,children,orpets,aswellasbirthdaysandothersuchcommon-knowledgeinformation,donotprovidemuchsecurity.Inaddition,someuserscompromisetheirownpasswordsbywritingthemdowninobviousplacesorgivingthemtootherusersforthesakeofconvenience.Acarefullyplannedregimenofpasswordlengthandcompositionrequirements,rotations,andmaintenancepoliciescanhelpmakeyourpasswordsmoresecure.Therearealsomechanismsyoucanuseinadditiontopasswordsthatcangreatlyenhancethesecurityofyournetwork.
Toaddresstheinherentweaknessofpassword-basedauthenticationandprovidegreatersecurity,it’spossibleforeachusertoemployaseparatehardwaredeviceaspartoftheauthenticationprocess.Token-basedauthenticationisatechniqueinwhichtheusersuppliesauniquetokenforeachlogon,aswellasapassword.Thetokenisaone-timevaluethatisgeneratedbyaneasilyportabledevice,suchasasmartcard.Asmartcardisacreditcard–sizeddevicewithamicroprocessorinitthatsuppliesatokeneachtimetheuserrunsitthroughacardreaderconnectedtoacomputer.Theideabehindtheuseofatokenisthatapassword,eveninencryptedform,canbecapturedbyaprotocolanalyzerand“replayed”overthenetworktogainaccesstoprotectedresources.Becauseauser’stokenchangesforeachlogon,itcan’tbereused,socapturingitispointless.Token-basedauthenticationalsorequirestheusertosupplyapersonalidentificationnumber(PIN)orapasswordtocompletethelogonsothatifthesmartcardislostorstolen,itcan’tbeusedbyitselftogainaccesstothenetwork.Becausethistypeofauthenticationisbasedonsomethingyouhave(thetoken)andsomethingyouknow(thePINorpassword),thetechniqueisalsocalledtwo-factorauthentication.
Smartcardscanalsocontainotherinformationabouttheirusers,includingtheirprivatekeys.ThesecurityofWindowsPKIreliesontheprivateencryptionkeysremainingprivate.Typically,theprivatekeyisstoredontheworkstation,whichmakesitsusceptibletobothphysicalanddigitalintrusion.Storingtheprivatekeyonthecardinsteadofonthecomputerprotectsitagainsttheftorcompromiseandalsoenablestheusertoutilizethekeyonanycomputer.
Anothertoolthatcanbeusedtoauthenticateusersisabiometricscanner.Abiometricscannerisadevicethatreadsaperson’sfingerprints,retinalpatterns,orsomeotheruniquecharacteristicandthencomparestheinformationitgathersagainstadatabaseofknownvalues.WhileitmayseemthatweareventuringintoJamesBondterritory,thesedevicesdoexist,andtheyprovideexcellentsecuritysincetheuser’s“credentials”cannoteasilybemisplacedorstolen.Thedownsidetothistechnologyisitsgreatexpense,anditisusedonlyininstallationsrequiringextraordinarysecurity.
SecuringNetworkCommunicationsAuthenticationisameansforverifyingusers’identitiestoensurethattheyareauthorizedtoaccessspecificresources.Manyauthenticationsystemsuseencryptiontopreventpasswordsfrombeinginterceptedandcompromisedbythirdparties.However,authorizationprotocolssuchasKerberosuseencryptiononlyduringtheauthenticationprocess.Oncetheuserhasbeengrantedaccesstoaresource,theparticipationofthe
![Page 522: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/522.jpg)
authenticationprotocolandtheencryptionitprovidesends.Thus,youmayhavedatathatissecuredbypermissions(orevenbyfilesystemencryption)whileitisstoredontheserver,butonceanauthorizedclientaccessesthatdata,theserverusuallytransmitsitoverthenetworkinanunprotectedform.JustaswiththeFTPpasswordsdiscussedearlier,anintrudercouldconceivablycapturethepacketswhiletheytraveloverthenetworkandviewthedatacarriedinside.
Inmanycases,thedangerpresentedbyunprotectednetworktransmissionsisminor.Forinstanceswhenextraprotectioniswarranted,itispossibletoencryptdataasittravelsoverthenetwork.ThefollowingsectionsexaminetheIPSecurity(IPsec)protocolandtheSecureSocketsLayer(SSL)protocol,bothofwhicharecapableofencryptingdatabeforeitistransmittedoverthenetworkanddecryptingitonreceiptatthedestination.
IPsecVirtuallyallTCP/IPcommunicationusestheInternetProtocolatthenetworklayertocarrythedatageneratedbytheprotocolsoperatingattheupperlayers.IPsecisaseriesofstandardsthatdefineamethodforsecuringIPcommunicationsusingavarietyoftechniques,includingauthenticationandencryption.WindowssupportstheuseofIPsec,asdomanyUnixvariants.UnlikemanyotherTCP/IPprotocols,IPsecisdefinedbymanydifferentdocuments,allpublishedasrequestsforcomments(RFCs)bytheIETF.Youcanfindcurrentstandardsatietf.org.
AlthoughIPsecisusuallythoughtofprimarilyasanencryptionprotocol,itprovidesseveraldataprotectionservices,includingthefollowing:
•EncryptionTheIPsecstandardsallowfortheuseofvariousformsofencryption.Forexample,WindowscanusetheDataEncryptionStandard(DES)algorithmortheTripleDataEncryptionStandard(3DES)algorithm.DESusesa56-bitkeytoencrypteach64-bitblock,while3DESencryptseachblockthreetimeswithadifferentkey,for168-bitencryption.BothDESand3DESaresymmetricalencryptionalgorithms,meaningthattheyusethesamekeytoencryptanddecryptthedata.
•AuthenticationIPsecsupportsavarietyofauthenticationmechanisms,includingKerberos,InternetKeyExchange(IKE),digitalcertificates,andpresharedkeys.ThisenablesdifferentIPsecimplementationstoworktogether,despiteusingdifferentmethodsofauthentication.
•NonrepudiationByemployingpublickeytechnology,IPseccanaffixdigitalsignaturestodatagrams,enablingtherecipienttobecertainthatthedatagramwasgeneratedbythesigner.Thesendingcomputercreatesthedigitalsignaturesusingitsprivatekey,andthereceiverdecryptsthemusingthesender’spublickey.Sincenoonebutthesenderhasaccesstotheprivatekey,amessagethatcanbedecryptedusingthepublickeymusthaveoriginatedwiththeholderoftheprivatekey.Thesender,therefore,cannotdenyhavingsentthemessage.
•ReplaypreventionItissometimespossibleforanunauthorizedusertocaptureanencryptedmessageanduseittogainaccesstoprotectedresourceswithoutactuallydecryptingit,bysimplyreplayingthemessageinitsencrypted
![Page 523: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/523.jpg)
form.IPsecusesatechniquecalledcipherblockchaining(CBC)thataddsauniqueinitializationvectortothedataencryptionprocess.Theresultisthateachencrypteddatagramisdifferent,evenwhentheycontainexactlythesamedata.
•DataintegrityIPseccanaddacryptographicchecksumtoeachdatagramthatisbasedonakeypossessedonlybythesendingandreceivingsystems.Thisspecialtypeofsignature,alsocalledahashmessageauthenticationcode(HMAC),isessentiallyasummaryofthepacket’scontentscreatedusingasecret,sharedkey,whichthereceivingsystemcancomputeusingthesamealgorithmandcomparetothesignaturesuppliedbythesender.Ifthetwosignaturesmatch,thereceivercanbecertainthatthecontentsofthepackethavenotbeenmodified.
Encryptingnetworktransmissionsatthenetworklayerprovidesseveraladvantagesoverdoingitatanyotherlayer.First,network-layerencryptionprotectsthedatageneratedbyalloftheprotocolsoperatingattheupperlayersoftheprotocolstack.Someothersecurityprotocols,suchasSSL,operateattheapplicationlayerandthereforecanprotectonlyspecifictypesofdata.IPsecprotectsthedatageneratedbyanyapplicationorprotocolthatusesIP,whichisvirtuallyallofthem.
Second,networklayerencryptionprovidesdatasecurityovertheentirejourneyofthepacket,fromsourcetodestination.Thecomputerthatoriginatesthepacketencryptsit,anditremainsencrypteduntilitreachesitsfinaldestination.ThisnotonlyprovidesexcellentsecuritybutalsomeansthattheintermediatesystemsinvolvedinthetransmissionofthepacketdonothavetosupportIPsec.Arouter,forexample,receivespackets,stripsoffthedatalinklayerprotocolheaders,andrepackagesthedatagramsfortransmissionoveranothernetwork.Throughoutthisprocess,thedatagramremainsintactandunmodified,sothereisnoneedtodecryptit.
IPseciscomposedoftwoseparateprotocols:theIPAuthenticationHeader(AH)protocolandtheIPEncapsulatingSecurityPayload(ESP)protocol.Together,thesetwoprotocolsprovidethedataprotectionservicesjustlisted.IPseccanusethetwoprotocolstogether,toprovidethemaximumamountofsecuritypossible,orjustoneofthetwo.
IPAuthenticationHeaderTheIPAuthenticationHeaderprotocolprovidestheauthentication,nonrepudiation,replayprevention,anddataintegrityserviceslistedearlier,inotherwords,alloftheservicesIPsecprovidesexceptdataencryption.ThismeansthatwhenAHisusedalone,itispossibleforunauthorizeduserstoreadthecontentsoftheprotecteddatagrams,buttheycannotmodifythedataorreuseitwithoutdetection.
AHaddsanextraheadertoeachpacket,immediatelyfollowingtheIPheaderandprecedingthetransportlayerorotherheaderencapsulatedwithintheIPdatagram.ThefieldsoftheAHheaderareillustratedinFigure23-6.Thefunctionsofthefieldsareasfollows:
![Page 524: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/524.jpg)
Figure23-6TheAuthenticationHeaderprotocolheader
•NextHeader(1byte)IdentifiestheprotocolthatgeneratedtheheaderimmediatelyfollowingtheAHheader,usingvaluesdefinedinthe“AssignedNumbers”RFC.
•PayloadLength(1byte)SpecifiesthelengthoftheAHheader.
•Reserved(2bytes)Reservedforfutureuse.
•SecurityParametersIndex(4bytes)Containsavaluethat,incombinationwiththeIPaddressofthedestinationsystemandthesecurityprotocolbeingused(AHorESP),formsasecurityassociationforthedatagram.Asecurityassociationisacombinationofparameters(suchastheencryptionkeyandsecurityprotocolstobeused)thatthesendingandreceivingsystemsagreeuponbeforetheybegintoexchangedata.ThesystemsusetheSPIvaluetouniquelyidentifythissecurityassociationamongothersthatmayexistbetweenthesametwocomputers.
•SequenceNumber(4bytes)ImplementstheIPsecreplaypreventionservicebycontainingaunique,incrementingvalueforeachpackettransmittedbyasecurityassociation.Thereceivingsystemexpectseverydatagramitreceivesinthecourseofaparticularsecurityassociationtohaveadifferentvalueinthisfield.Packetswithduplicatevaluesarediscarded.
•AuthenticationData(variable)Containsanintegritycheckvalue(ICV)thatthesendingcomputercalculatesfortheentireAHheader,includingtheAuthenticationDatafield(whichissettozeroforthispurpose)andtheencapsulatedprotocolheader(orheaders)anddatathatfollowtheAHheader.ThereceivingsystemperformsthesameICVcalculationandcomparestheresultstothisvaluetoverifythepacket’sintegrity.
TheIPstandarddictatesthattheProtocolfieldintheIPheadermustidentifytheprotocolthatgeneratedthefirstheaderfoundinthedatagram’spayload.Normally,thefirstheaderinthepayloadisaTCPorUDPheader,sotheProtocolvalueis6or17,respectively.ICMPdatacanalsobecarriedinIPdatagrams,withaProtocolvalueof1.WhenIPsecaddsanAHheader,itbecomesthefirstheaderfoundinthedatagram’spayload,sothevalueoftheProtocolfieldischangedto51.Tomaintaintheintegrityoftheprotocolstack,theNextHeaderfieldintheAHheaderidentifiestheprotocolthatfollowsAHinthedatagram.InthecaseofdatagramsthatuseAHalone,theNextHeaderfieldcontainsthevaluefortheTCP,UDP,orICMPprotocolformerlyfoundintheIPheader’sProtocolfield.IfIPsecisusingbothAHandESP,theAHNextHeaderfieldcontainsavalueof50,whichidentifiestheESPprotocol,andESP’sownNextHeaderfieldidentifiestheTCP,UD,orICMPprotocoldataencapsulatedwithin.
![Page 525: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/525.jpg)
IPEncapsulatingSecurityPayloadUnlikeAH,theESPprotocolcompletelyencapsulatesthepayloadcontainedineachdatagram,usingbothheaderandfooterfields,asshowninFigure23-7.ThefunctionsoftheESPfieldsareasfollows:
Figure23-7TheEncapsulatingSecurityPayloadprotocolframe
•SecurityParametersIndex(4bytes)Containsavaluethat,incombinationwiththeIPaddressofthedestinationsystemandthesecurityprotocolbeingused(AHorESP),formsasecurityassociationforthedatagram.Asecurityassociationisacombinationofparameters(suchastheencryptionkeyandsecurityprotocolstobeused)thatthesendingandreceivingsystemsagreeuponbeforetheybegintoexchangedata.ThesystemsusetheSPIvaluetouniquelyidentifythissecurityassociationamongothersthatmayexistbetweenthesametwocomputers.
•SequenceNumber(4bytes)ImplementstheIPsecreplaypreventionservicebycontainingaunique,incrementingvalueforeachpackettransmittedbyasecurityassociation.Thereceivingsystemexpectseverydatagramitreceivesinthecourseofaparticularsecurityassociationtohaveadifferentvalueinthisfield.Packetswithduplicatevaluesarediscarded.
•PayloadData(variable)ContainstheoriginalTCP,UDP,orICMPheaderanddatafromthedatagram.
•Padding(0–255bytes)Somealgorithmsarecapableonlyofencryptingdatainblocksofaspecificlength.Thisfieldcontainspaddingtoexpandthesizeofthepayloaddatatotheboundaryofthenext4-byteword.
•PadLength(1byte)SpecifiesthesizeofthePaddingfield,inbytes.
•NextHeader(1byte)IdentifiestheprotocolthatgeneratedtheheaderimmediatelyfollowingtheESPheader,usingvaluesdefinedinthe“AssignedNumbers”RFC.
•AuthenticationData(variable)OptionalfieldthatcontainsanICVthatthesendingcomputercalculatesforallthefieldsfromthebeginningoftheESPheadertotheendoftheESPtrailer(excludingtheoriginalIPheaderandtheESPAuthenticationDatafielditself).ThereceivingsystemperformsthesameICVcalculationandcomparestheresultstothisvaluetoverifythepacket’sintegrity.
ESPencryptsthedatabeginningattheendoftheESPheader(thatis,theendoftheSequenceNumberfield)andproceedingtotheendoftheNextHeaderfieldintheESP
![Page 526: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/526.jpg)
footer.ESPisalsocapableofprovidingitsownauthentication,replayprevention,anddataintegrityservices,inadditiontothoseofAH.TheinformationthatESPusestocomputetheintegritysignaturerunsfromthebeginningoftheESPheadertotheendoftheESPtrailer.TheoriginalIPheaderfromthedatagramisnotincludedinthesignature(althoughitisintheAHsignature).ThismeansthatwhenIPsecusesESPalone,it’spossibleforsomeonetomodifytheIPheadercontentswithoutthechangesbeingdetectedbytherecipient.AvoidingthispossibilityiswhytheuseofbothAHandESPisrecommendedformaximumprotection.Figure23-8showsapacketusingboththeAHandESPprotocolsandshowsthesignedandencryptedfields.
Figure23-8AnIPdatagramusingbothAHandESP
SSLSecureSocketsLayerisaseriesofprotocolsprovidingmanyofthesameservicesasIPsecbutinamorespecializedrole.InsteadofprotectingallTCP/IPtrafficbysigningandencryptingnetworklayerdatagrams,SSLisdesignedtoprotectonlytheTCPtrafficgeneratedbyspecificapplications,mostnotablytheHypertextTransferProtocol(HTTP)trafficgeneratedbywebserversandbrowsers.Inmostcases,whenyouuseawebbrowsertoconnecttoasecuredsite(forthepurposeofconductingacreditcardorothertransaction),theclientandserveropenaconnectionthatissecuredbySSL,usuallyevidencedbyanicononthebrowser’sstatusbar.ThemajorwebserversandbrowsersallsupportSSL,withtheresultthatitsuseisvirtuallytransparenttotheclient.
SSLconsistsoftwoprimaryprotocols:theSSLRecordProtocol(SSLRP)andtheSSLHandshakeProtocol(SSLHP).SSLRPisresponsibleforencryptingtheapplicationlayerdataandverifyingitsintegrity,whileSSLHPnegotiatesthesecurityparametersusedduringanSSLsession,suchasthekeysusedtoencryptanddigitallysignthedata.
SSLHandshakeProtocolClientsandserversthatuseSSLexchangeacomplexseriesofSSLHPmessagesbeforetheytransmitanyapplicationdata.Thismessageexchangeconsistsoffourphases,whichareasfollows:
•EstablishsecuritycapabilitiesDuringthisphase,theclientandtheserverexchangeinformationabouttheversionsofSSLtheyuseandtheencryptionandcompressionalgorithmstheysupport.Thesystemsneedthisinformationinordertonegotiateasetofparameterssupportedbybothparties.
![Page 527: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/527.jpg)
•ServerauthenticationandkeyexchangeIftheserverneedstobeauthenticated,itsendsitscertificatetotheclient,alongwiththealgorithmsandkeysthatitwillusetoencrypttheapplicationdata.
•ClientauthenticationandkeyexchangeAfterverifyingtheserver’scertificateasvalid,theclientrespondswithitsowncertificate,iftheserverhasrequestedone,plusitsownencryptionalgorithmandkeyinformation.
•FinishTheclientandserveruseaspecialprotocolcalledtheSSLChangeCipherSpecProtocoltomodifytheircommunicationstousetheparameterstheyhaveagreeduponintheearlierphases.Thetwosystemssendhandshakecompletionmessagestoeachotherusingthenewparameters,whichcompletestheestablishmentofthesecureconnectionbetweenthetwocomputers.ThetransmissionofapplicationdatausingSSLRPcannowbegin.
SSLRecordProtocolTheprocessbywhichSSLRPpreparesapplicationlayerdatafortransmissionoverthenetworkconsistsoffivesteps,whichareasfollows:
1.FragmentationSSLRPsplitsthemessagegeneratedbytheapplicationlayerprotocolintoblocksnomorethan2kilobyteslong.
2.CompressionOptionally,SSLRPcancompresseachfragment,butthecurrentimplementationsdonotdothis.
3.SignatureSSLRPgeneratesamessageauthenticationcode(MAC)foreachfragment,usingasecretkeyexchangedbythetransmittingandreceivingsystemsduringtheSSLHPnegotiation,andappendsittotheendofthefragment.
4.EncryptionSSLRPencryptseachfragmentwithanyoneofseveralalgorithmsusingkeysofvarioussizes.Theencryptionissymmetrical,withakeythatisalsoexchangedduringtheSSLHPnegotiation.
5.EncapsulationSSLRPaddsaheadertoeachfragmentbeforepassingitdowntotheTCPprotocolforfurtherencapsulation.
Afterthisentireprocessiscompleted,eachSSLRPfragmentconsistsofthefollowingfields:
•ContentType(1byte)Identifiestheapplicationlayerprotocolthatgeneratedthedatafragment
•MajorVersion(1byte)SpecifiesthemajorversionofSSLinuse
•MinorVersion(1byte)SpecifiestheminorversionofSSLinuse
•CompressedLength(2bytes)SpecifiesthelengthoftheDatafield
•Data(upto2kilobytes)Containsafragmentof(possiblycompressed)applicationlayerdata
•MessageAuthenticationCode(0,16,or20bytes)Containsthedigitalsignatureforthefragment,whichthereceivingsystemusestoverifyitsintegrity
![Page 528: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/528.jpg)
FirewallsAfirewallisahardwareorsoftwareentitythatprotectsanetworkfromintrusionbyoutsideusersbyregulatingthetrafficthatcanpassthrougharouterconnectingittoanothernetwork.ThetermismostoftenusedinrelationtoprotectionfromunauthorizedusersontheInternet,butafirewallcanalsoprotectalocalareanetwork(LAN)fromusersonotherLANs,eitherlocalorwideareanetworks(WANs).Withoutsomesortofafirewallinplace,outsideuserscanaccessthefilesonyournetwork,plantviruses,useyourserversfortheirownpurposes,orevenwipeyourdrivesentirely.
Completelyisolatinganetworkfromcommunicationwithothernetworksisnotdifficult,butthisisnotthefunctionofafirewall.Afirewallisdesignedtopermitcertaintypesoftraffictopassovertherouterbetweenthenetworks,whiledenyingaccesstoallothertraffic.YouwantyourclientworkstationstobeabletosendHTTPrequestsfromtheirwebbrowserstoserversontheInternetandfortheserverstobeabletoreply,butyoudon’twantoutsideusersontheInternettobeabletoaccessthoseclients.Firewallsuseseveraldifferentmethodstoprovidevaryingdegreesofprotectiontonetworksystems.Aclientworkstationhasdifferentprotectionrequirementsthanawebserver,forexample.
Dependingonthesizeofyournetwork,thefunctionofyourcomputers,andthedegreeofrisk,firewallscantakemanyforms.Thetermhascometobeusedtorefertoanysortofprotectionfromoutsideinfluences.Infact,atruefirewallisreallyasetofsecuritypoliciesthatmaybeimplementedbyseveraldifferentnetworkcomponentsthatworktogethertoregulatenotonlythetrafficthatispermittedintothenetwork,butpossiblyalsothetrafficthatispermittedout.InadditiontopreventingInternetusersfromaccessingthesystemsonyournetwork,youcanuseafirewalltopreventcertaininternalusersfromsurfingtheWeb,whileallowingthemtheuseofInternete-mail.
Aninexpensivesoftwarerouterprogramcanusenetworkaddresstranslation(NAT)toenableclientworkstationsonasmallnetworktouseunregisteredIPaddresses,andinaloosesenseoftheterm,thisisaformofafirewall.AlargecorporationwithmultipleT-1connectionstotheInternetismorelikelytohaveasystembetweentheinternalnetworkandtheInternetroutersthatisrunningsoftwarededicatedtofirewallfunctions.Somefirewallcapabilitiesareintegratedintoarouter,whileotherfirewallsareseparatesoftwareproductsthatyoumustinstallonacomputer.
Firewallprotectioncanstemfromeitheroneofthefollowingtwobasicpolicies,thechoiceofwhichisgenerallydependentonthesecurityrisksinherentinthenetworkandtheneedsofthenetworkusers:
•Everythingnotspecificallypermittedisdenied.
•Everythingnotspecificallydeniedispermitted.
Thesetwopoliciesareessentiallyareflectionofseeingaglassasbeingeitherhalffullorhalfempty.Youcanstartwithanetworkthatiscompletelysecuredineverywayandopenupportalspermittingthepassageofspecifictypesoftraffic,oryoucanstartwithacompletelyopennetworkandblockthetypesoftrafficconsideredtobeintrusive.Theformermethodismuchmoresecureandisgenerallyrecommendedinallenvironments.However,ittendstoemphasizesecurityovereaseofuse.Thelattermethodislesssecure
![Page 529: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/529.jpg)
butmakesthenetworkeasiertouse.Thismethodalsoforcestheadministratortotrytoanticipatethetechniquesbywhichthefirewallcanbepenetrated.IfthereisonethingthatisknownforcertainaboutthedigitalvandalsthatinhabittheInternet,itisthattheyareendlesslyinventive,andkeepingupwiththeirdiabolicalactivitiescanbedifficult.
Networkadministratorscanuseavarietyoftechniquestoimplementthesepoliciesandprotectthedifferenttypesofsystemsonthenetwork.Thefollowingsectionsexaminesomeofthesetechniquesandtheapplicationsforwhichthey’reused.
PacketFiltersPacketfilteringisafeatureimplementedonroutersandfirewallsthatusesrulesspecifiedbytheadministratortodeterminewhetherapacketshouldbepermittedtopassthroughthefirewall.Therulesarebasedontheinformationprovidedintheprotocolheadersofeachpacket,includingthefollowing:
•IPsourceanddestinationaddresses
•Encapsulatedprotocol
•Sourceanddestinationport
•ICMPmessagetype
•Incomingandoutgoinginterface
Byusingcombinationsofvaluesforthesecriteria,youcanspecifypreciseconditionsunderwhichpacketsshouldbeadmittedthroughthefirewall.Forexample,youcanspecifytheIPaddressesofcertaincomputersontheInternetthatshouldbepermittedtousetheTelnetprotocoltocommunicatewithaspecificmachineonthelocalnetwork.Asaresult,allpacketsdirectedtothesystemwiththespecifieddestinationIPaddressandusingport23(thewell-knownportfortheTelnetprotocol)arediscarded,exceptforthosewiththesourceIPaddressesspecifiedintherule.Usingthisrule,thenetworkadministratorscanpermitcertainremoteusers(suchasotheradministrators)toTelnetintonetworksystems,whileallothersaredeniedaccess.Thisisknownasservice-dependentfilteringbecauseitisdesignedtocontrolthetrafficforaparticularservice,suchasTelnet.
Service-independentfilteringisusedtopreventspecifictypesofintrusionthatarenotbasedonaparticularservice.Forexample,ahackermayattempttoaccessacomputeronaprivatenetworkbygeneratingpacketsthatappearasthoughtheyoriginatedfromaninternalsystem.Thisiscalledspoofing.AlthoughthepacketsmighthavetheIPaddressofaninternalsystem,theyarriveattherouterthroughtheinterfacethatisconnectedtotheInternet.AproperlyconfiguredfiltercanassociatetheIPaddressesofinternalsystemswiththeinterfacetotheinternalnetworksothatpacketsarrivingfromtheInternetwiththosesourceIPaddressescanbedetectedanddiscarded.
Packetfilteringisafeatureintegratedintomanyrouters,sonoextramonetarycostisinvolvedinimplementingprotectioninthisway,andnomodificationtoclientsoftwareorproceduresisrequired.However,creatingacollectionoffiltersthatprovidesadequateprotectionforanetworkagainstmosttypesofattackrequiresadetailedknowledgeofthewayinwhichthevariousprotocolsandserviceswork,andeventhenthefiltersmaynotbe
![Page 530: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/530.jpg)
sufficienttopreventsometypesofintrusion.Packetfilteringalsocreatesanadditionalprocessingburdenontherouter,whichincreasesasthefiltersbecomemorenumerousandcomplex.
NetworkAddressTranslationNetworkaddresstranslationisatechniquethatenablesaLANtouseprivate,unregisteredIPaddressestoaccesstheInternet.ANATserverorarouterwithNATcapabilitiesmodifiestheIPdatagramsgeneratedbyclientstomakethemappearasthoughtheywerecreatedbytheNATserver.TheNATserver(whichhasaregisteredIPaddress)thencommunicateswiththeInternetandrelaystheresponsestotheoriginalclient.BecausetheclientsdonothavevalidInternetIPaddresses,theyareinvisibletooutsideInternetusers.
ProxyServersProxyservers,alsoknownasapplication-levelgateways,provideamuchstricterformofsecuritythanpacketfilters,buttheyaredesignedtoregulateaccessonlyforaparticularapplication.Inessence,aproxyserverfunctionsasthemiddlemanbetweentheclientandtheserverforaparticularservice.Packetfilteringisusedtodenyalldirectcommunicationbetweentheclientsandserversforthatservice;alltrafficgoestotheproxyserverinstead.
Becausetheproxyserverhasmuchmoredetailedknowledgeofthespecificapplicationanditsfunctions,itcanmorepreciselyregulatethecommunicationsgeneratedbythatapplication.Afirewallmightrunindividualproxyserversforeachoftheapplicationsneededbyclientsystems.
ThemostcommonformofproxyserverusedtodayisfortheWeb.Theclientbrowsersonthenetworkareconfiguredtosendalloftheirrequeststotheproxyserver,insteadoftotheactualInternetservertheywanttoreach.Theproxyserver(whichdoeshaveaccesstotheInternet)thentransmitsarequestforthesamedocumenttotheappropriateserverontheInternetusingitsownIPaddressasthesourceoftherequest,receivesthereplyfromtheserver,andpassestheresponseontotheclientthatoriginallygeneratedtherequest.
Becauseonlytheproxyserver’saddressisvisibletotheInternet,thereisnowayforInternetintruderstoaccesstheclientsystemsonthenetwork.Inaddition,theserveranalyzeseachpacketarrivingfromtheInternet.Onlypacketsthatareresponsestoaspecificrequestareadmitted,andtheservermayevenexaminethedataitselffordangerouscodeorcontent.Theproxyserverisinauniquepositiontoregulateusertrafficwithgreatprecision.Atypicalwebproxyserver,forexample,enablesthenetworkadministratortokeepalogofusers’webactivities,restrictaccesstocertainsitesorcertaintimesofday,andevencachefrequentlyaccessedsitesontheproxyserveritself,enablingotherclientstoaccessthesameinformationmuchmorequickly.
Thedrawbacksofproxyserversarethatyouneedanindividualserverforeveryapplication,andmodificationstotheclientprogramarerequired.Awebbrowser,forexample,mustbeconfiguredwiththeaddressoftheproxyserverbeforeitcanuseit.Traditionally,manualconfigurationofeachclientbrowserwasneededtodothis,buttherearenowproxyserverproductsthatcanenablethebrowsertoautomaticallydetectaserver
![Page 531: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/531.jpg)
andconfigureitselfaccordingly.
Circuit-LevelGatewaysAcircuit-levelgateway,afunctionthatisusuallyprovidedbyapplication-levelgatewayproducts,enablestrustedusersontheprivatenetworktoaccessInternetserviceswithallthesecurityofaproxyserverbutwithoutthepacketprocessingandfiltering.ThegatewaycreatesaconduitbetweentheinterfacetotheprivatenetworkandtheInternetinterface,whichenablestheclientsystemtosendtrafficthroughthefirewall.ThegatewayserverstillsubstitutesitsownIPaddressforthatoftheclientsystemsothattheclientisstillinvisibletoInternetusers.
CombiningFirewallTechnologiesTherearevariouswaysinwhichthesefirewalltechnologiescanbecombinedtoprotectanetwork.ForarelativelysimpleinstallationinwhichonlyclientaccesstotheInternetisrequired,packetfilteringorNATalone—orpacketfilteringincombinationwithaproxyserver—canprovideasufficientfirewall.Addingtheproxyserverincreasesthesecurityofthenetworkbeyondwhatpacketfilteringprovidesbecauseapotentialintruderhastopenetratetwolevelsofprotection.However,ifyourunserversthatmustbevisibletotheInternet,theproblembecomesmorecomplicated.
Oneofthemostsecurefirewallarrangementsyoucanuseforthistypeofenvironmentiscalledascreenedsubnetfirewall.Thisconsistsofademilitarizedzone(DMZ)networkbetweentheprivatenetworkandtheInternet.Usingtworouterswithpacket-filteringcapabilities,youcreateaDMZnetworkthatcontainsyourproxyserver,aswellasyourweb,e-mail,andFTPservers,andanyothermachinesthatmustbevisibletotheInternet.
ThetworoutersareconfiguredtoprovidesystemsontheprivatenetworkandtheInternetwithacertaindegreeofaccesstocertainsystemsontheDMZnetwork,butnotrafficpassesdirectlythroughtheDMZ.UsersfromtheInternetmustthenpassthroughthreeseparatelayersofsecurity(router,proxy,androuter)beforetheycanaccessasystemontheprivatenetwork.
Firewallsofthistypearecomplexmechanismsthatmustbeconfiguredspecificallyforaparticularinstallationandcanrequireagreatdealoftime,money,andexpertisetoimplement.Thepricesofcomprehensivefirewallsoftwareproductsforenterprisenetworkscanrunwellintofivefigures,anddeployingthemisnotsimplyamatterofrunninganinstallationprogram.However,comparedtothepotentialcostinlostdataandproductivityofahackerintrusion,theefforttakentoprotectyournetworkisnotwasted.
![Page 532: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/532.jpg)
CHAPTER
![Page 533: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/533.jpg)
24 WirelessSecurity
Withtoday’sproliferationofwirelessappliances,itisessentialthatnetworksbeprotectedfromunauthorizedaccess.Withthemanymobiledevicesusedtoday,networksecurityismoreimportantthanever.Awirelessnetworkisonethatuseshigh-frequencyradiosignalstosendandreceiveinformationinsteadofcablesthatconnectvariousappliancestoeachother.Thedevicescanrangefromprinterstolaptopsandfromtabletstofileservers.
ThetechnologyavailabletodaymakesitpossibleforbusinessestoallowemployeeaccessfromanyplacewithintheirnetworkareaorfromanyWi-Fihotspot.NotethatWi-Fihasbeendefinedinvariousways,amongthemwirelessfidelityorwirelessInternet.Wi-Fi,basedontheIEEE802.11protocolstandard,isatrademarkednamebelongingtotheWi-FiAlliance.Thistradeassociationformedin1999asanonprofit,internationalgrouptopromotethetechnology.
Thischapterdiscussesthevariousmethodsofsecurityspecificallyforwirelessdevicesandnetworks,bothathomeandinbusinesssettings.
WirelessFunctionalitySinceWi-Fiisbasedonthetransmissionofradiosignalsonasinglefrequency,thesignalsarevulnerabletointerception.Bothanadvantageanddisadvantageofwirelessconnectivityisthatdevicesarepotentiallycompatiblewitheverythingfromyourrackservertoagamedevice.
WirelessNetworkComponentsWhilesimilartowirednetworks,awirelessnetworkmusthaveseveralcomponentstofunctionproperly.
WirelessNetworkAdapters/WirelessNetworkInterfaceCardsWhileavailableasstand-alonedevicestobeconnectedwithUniversalSerialBus(USB)connectors,todaywirelessnetworkadaptersareusuallyincludedincomputersorotherdevicestobeusedonawirelessnetwork.Forsmallnetworks,suchasthoseinahome,theseadapters(ornetworkinterfacecards[NICs])areoftenallthatisneededtocreateapeer-to-peeroradhocnetworkthatallowssuchdevicesascomputers,printers,tablets,andsoontotalktoeachother.
WirelessRouterThebroadbandwirelessrouterconsistsofanaccesspoint,severalEthernetportstoconnecttowireddevicesonyournetworksuchasprinters,andabroadbandwideareanetworkporttoconnecttotheInternet.(See“WirelessAccessPoints”laterinthischapterformoreinformationonaccesspoints.)Itusuallyincludesabuilt-inDynamicHostConfigurationProtocol(DHCP)serverthatassignsanIPaddresstoeachconnected
![Page 534: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/534.jpg)
device.AstheInternetgateway,eachrouteralsocontainsatwo-wayradiothatbothtransmitsandreceivesradiosignalsandcomesequippedwithatleastoneantennatoincreasetherangeoftheradiosignal.)Today’swirelessrouterusuallyincludesDomainNameSystem(DNS)settings,asdiscussedinChapter15,andafirewall,anditiscapableofencryptionforaddedsecurity.
WirelessRepeater/RangeExpander/SignalBoosterToboostthesignalsemittedbytherouter,arepeatercanbeinstalledtoeitherarouteroranaccesspointtoensuresignalsarebeingtransmittedandreceived.Thiscanbeusefulifyourdevicesareondifferentfloorsofabuilding.
WirelessRouterTypesDependingonthetypeofnetworkwithwhichyouwillbeworking,severalIEEE802.11technologiesareavailableforyourwirelessrouter,aswellasotherstandardsfordifferentuses.SeeTable24-1forsomecomparisons.
Table24-1RouterStatistics
Single-BandandDual-BandRoutersThemaindifferencebetweensingle-bandanddouble-bandroutersistherangeofthesignal.Asarule,single-bandrouters,usinga2.4GHzband,transmitweakersignalsthandual-banddevices.Sincedual-bandrouters,whichcontainboth2.4GHzand5.0GHzbands,canusemorethanonesignalband,theirrange,signalstrength,andoftenspeedcanbegreater.Notallwirelessdevicescanrunonthe5.0GHzband,sothereisoftennotasmuchtrafficonthatfrequency.
Single-BandRoutersManydevicesusethe2.4GHzbandwidthfoundinsingle-bandrouters.Someoftheseareasfollows:
•Cordlessphones
•Microwaveovens
•Babymonitors
•Bluetoothappliances
![Page 535: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/535.jpg)
•Wi-Fiaccesspoints
•Smartphones
•Televisionstationsandtowers
•RemotecontrollersforTVandcable
•Gamecontrollers
Thesingle-bandfrequencyhasthreenonoverlappingchannelswithwhichtowork,butasyoucansee,themanyotherusersofthisbandwidthcancreatequiteabottleneckforyournetwork.Thiswidespreadusagecancreateinterferenceonyourconnectionandslowdowntransmissions.Whileithasahigherrangethanthe5.0GHzfrequency,the5.0GHzfrequencyallowsmorebandwidththrough.
Dual-BandRoutersTheseroutershaveboth2.4GHzand5.0GHzbands,sospeedisenhanced,makingthisbandsuitableforbothgamingandvideostreaming.Sincefewerdevicesusethe5.0GHzband,thereislesschanceforinterferenceonthisfrequency;5.0GHzhas23nonoverlappingchannelsavailable.Ifmultipledevicesconnecttoyourrouteratthesametime,considerasimultaneousdual-bandrouter.
Dual-bandrouterscanbeeithersimultaneousorselectable.Simultaneousdual-bandroutershavethefollowing:
•Twotimesthebandwidthofthesingle-bandrouter
•AdedicatedWi-Finetworkforhigh-speedtransmission,suchasvideo
•TwoseparateWi-Finetworksoperatingatthesametime
Selectabledual-bandroutershavethefollowing:
•HavetoselectoneWi-Finetwork
•Havethesamebandwidthasthesingle-bandrouter
OtherConsiderationsWhendecidingonarouterforyourwirelessnetwork,considertheageofyourcurrenthardware.Today’shardwareneedshigherbandwidths,soifyourcompanyanditsemployeeshavenotebooks,tablets,smartphones,orothersuchdevices,dual-bandroutersareimportant.
Also,mostroutershaveEthernetportsthatallowconnectionsviaEthernetcables.Thisconnectioncanaddspeedandreliabilityforthatdevice.
WirelessTransmissionThewirelessnetworkinterfacecontrollerinyourdeviceconvertsdigitaldataintoradiowavesand,inturn,sendsthemtoyourwirelessrouter.TherouterthenbroadcaststheradiowavestotheInternet.Thesmall,wirelessnetworkformedbytheNICsandtheroutercanbeaccessedbyanyonewithinrangeoftheradiosignals.Somehavedescribedtherouterasasmallradiostation,capableofbothbroadcastingandreceivingsignals.
![Page 536: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/536.jpg)
WirelessAccessPointsAwirelessaccesspoint(WAP)canbepartofawirelessrouterorastand-alonedevice.Somestand-aloneWAPsareusedasboostersforbothbusinessandhomenetworks.AllsuchpointsaremanagedbyawirelessLANcontrollertocontrolauthentication,transmissionchannels,radio-frequency(RF)power,andsecurity.
Manylibraries,cafes,andotherbusinessesofferpublicWAPsfortheircustomers.Theselocations,calledhotspots,meanthatInternetconnectivityisavailableatthatlocation.Whiletheseaccesspointsprovidegreatconvenience,theyalsocanbesecurityrisks.
WAPsaredirectlyconnectedtoawiredEthernetconnectionandprovidethelinkthatallowsseveraldevicestobeconnectedtothiswiredconnection.ThereareseveralwaysyoucanensurethatyouraccesspointsufferstheleastamountofinterferencewiththehighestpossibleInternetspeed:
•PlacementManyobstaclestogoodconnectionsareonthefloor(orground)levelofyouroffice.ConsiderputtingyourWAPhigherup,perhapsonahighshelforeventheceiling.
•VicinityIfyouhaveseveraldevicesusingthesameWAP,thebestlocationforyourWAPisnearestthedeviceyouusethemost.Thestrongestsignalisalwaystheclosesttoyouraccesspoint.
•Line-of-sightThebestlocationforyouraccesspointisinaclearline-of-sightwithyourprimarydevice.Anyimpedimentwilldecreasesignalstrength.
•NonreflectivityReflectionfromwindows,brightcountertops,ormirrorscaninterferewithWi-Fisignals.Positionyouraccesspointsothatthesignalsdonotbounceoffreflectivesurfaces.
NOTEWhenseveraldevicesequippedwithwirelessnetworkadaptersareclosetogether,theycancommunicatewithouteitheraWAPorarouter.Thistypeofwirelessnetworkisknownasanadhocnetwork.
SettingUpaWirelessAccessPointWAPscomewithadefaultIPaddress,someofwhichareassignedbyDHCPandotherswithpreviouslyassignedaddresses.ThebottomoftheboxinwhichtheWAPwasshippedwillshowwhichmethodisused.MostWAPswillconnecttothenearestexistingnetworkconnection.Whileeachmodelisslightlydifferent,allrequireatleastthesethreesteps.Keepawrittennoteofeachofthesesettingsasyouproceed.Youwillneedtheinformationwhenconnectingthisnetworktoyourcomputer.
•Servicesetidentifier(SSID)Createanameforthiswirelessnetwork.Thisisalsoknownasthenetworkname.
•InfrastructureversusadhocChooseInfrastructure.
•EncryptionThisisasecuritymeasure.Ensureitison,usingthe
![Page 537: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/537.jpg)
recommendedsettingsonthedevice.See“UnderstandingEncryption”laterinthischapter.
SomeWAPscomewithaCDorDVDwithbasicconfigurationinstructions.Othersrequirethatyouconnecttothemanufacturer’swebsiteandfollowtheinstructionsonthesite.
ConfiguringaWirelessRouterAfteryouhavephysicallyconnectedyourroutertoabroadbandInternetconnectionwithanEthernetcable,connectatleastonecomputertoyourrouterwithanEthernetcable.Afteryouhaveconfiguredtherouter,youcandisconnectthiscomputer.
1.LocatetheIPaddressoftherouter.Formostrouters,thisaddressis192.168.1.1.
2.Usingthecomputerattachedtoyourrouter,openawebbrowserandentertheIPaddressoftherouterinthebrowser’saddressbar.Youwillbepromptedforyournameandpassword,asshownhere.Dependingontheroutermodel,thiscanbe“password”and“password”or“admin”and“password.”Theroutermayshowthisinformationonanattachedlabelorincludeitinthewrittendocumentation.Somewebsitesallowyoutoleaveoneorbothfieldsblank.
![Page 538: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/538.jpg)
3.Logontoyourrouter,andyouaretakentoeithertherouter’smainmenuorthestatusscreen,asintheexampleofanASUSRT-N66Ushownhere.
4.Enteryournetworkname.ThefieldisusuallyNameorSSID.Mostroutersuse“default”orthebrandnameoftherouter.EnsureyouhaveenabledSSIDbroadcastsoyournetworkisactive.
5.Setasecurity/encryptionmethod.ThebestchoiceisWPA2-PSK(Pre-sharedKeyModeorPersonalMode).See“SecuringaWirelessRouter”laterinthischapterformoreinformation.
6.Enterapassword/passphraseforyournetwork.Makesurethisincludesuppercaseandlowercaseletters,numbers,andsymbols.Thebestchoiceshaveatleast8to13charactersandcontainnowordsfoundinadictionary.Makeanoteofthispassword.(Butdonotputitonastickynoteonyourmonitor!)
7.Applyyoursettings.Oncetherouterhascompleteditssetup,youcanuseyourwirelessnetwork.
8.Changetherouterusernameandpasswordfromthedefaultsthatcamewithyourrouter.Makeanoteofthemboth.
9.Testthenetworkbyconnectingadevice.Aslongasthenewdeviceiswithinrange,itshouldseeyournetworkandaskforthepassword/passphrase.Onceyou
![Page 539: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/539.jpg)
haveenteredthatphrase,yourdevicewillrememberthenetworkandconnectautomaticallyeachtimeitispoweredonwithinrangeofthenetwork.
10.Wheneverythingisfunctioning,logoutofyourrouter.
CreatingaSecureWirelessNetworkThetermsecurewirelessnetworkmaybeacontradictioninterms.Allwirelessnetworksandthedevicestheyconnectarevulnerabletooutsiders.AddthisunderstandingtothefactthatevenITprofessionalsseldomuseeffectivesecuritymeasures,andyouhavethepotentialforwidespreadattacks.
SecuringaWirelessHomeNetworkSincewirelesssignalscanbeaccessedbyanyonewithinrange,includingyournext-doorneighbor,theramificationsofunsecuredhomenetworksaregreat.ByusurpingyourInternetsignal,thespeedbywhichyoucanconnectisdecreasedasthesignalissharedwithothercomputers(ormobiledevices).Theuseofyoursignalcanalsoopenapathwayforhackersusingprogramsthatcangainpersonalinformationfromyourcomputerorinsertmalwareontoyoursystem.
Youcanensureyourhomenetworkisprotectedinseveralways.
ChangingtheUsernameandPasswordSincemostroutermanufacturerswanttomakeitaseasyaspossibleforthehomeusertosetupawirelessnetwork,defaultpasswordsareavailableonthemanufacturer’swebsiteaswellasmanyplacesontheInternet.Checkinanydocumentationthatcamewithyourrouterordownloadthedocumentationfromthewebsite.Toaccessyourwirelessrouter,followthesesteps:
1.Determinethedefaultusernameandpasswordforyourmodelrouter.
2.Type192.168.1.1intotheaddressbarofanywebbrowser.
3.Enterthedefaultusernameandpasswordtoopenyourrouter’sinterface.
4.Findtheadministrativesectionthatdisplaystheusernameandpassword.Theimageyouseewillbedifferent,dependingontherouterbrandyouareusing.
5.Changeboththeusernameandthepassword,accordingtotheinstructionsonyourrouter.Ensureyourpasswordcontainssymbols,uppercaseandlowercaseletters,andnumbers.Thebestonescontainatleast8characters,and13isevenbetter.Also,considerchangingthepasswordevery60to90daystobemoresecure.
6.Savethechanges.
ChangingtheNetworkNameChangingyourSSIDhelpsinseveralways.First,itmakesiteasywhenconnectingnewdevicestoanavailablewirelessnetwork.Somefamilieshaveonenetworkfortheparents
![Page 540: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/540.jpg)
andanotherforcellphoneorlaptopconnection.Evenifoutsidescannersfindyournetwork,theycannotjoinwithouttheappropriatepassword.
Tochangethename,opentherouteradministrativewindowasdescribedearlierandfindthelocationofyourwirelessname,asshownhere.
ApplyingMediaAccessControlFiltersMostwirelessroutersprovideawaywithwhichyoucanadd,orwhitelist,thedevicesthatconnecttoyourwirelessnetwork.Considerlistingthemediaaccesscontrol(MAC)addressesofthemostcommonlyconnecteddevices,suchassmartphones.Eachdevicehasitsownaddress,andyoucanlistthoseaddressesinyourrouter’sMACfilter,asshownnext.
EnablingStrongEncryption
![Page 541: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/541.jpg)
EnsurethatyourrouterissettoWi-FiProtectedAccess2(WPA2)ratherthantheolderWEPsetting.See“UnderstandingEncryption”laterinthischapterformoreinformation.
OtherOptionsYouhaveacoupleotheroptions,discussedhere:
•Ensurethatyourrouterhasthelatestupdates.Gotoyourmanufacturer’swebsiteanddownloadthelatestfirmware.
•Use“antiWi-Fi”paintononeofthewalls.However,sincethisspecialpainthaschemicalsthatabsorbradiosignals,donotpaintthistypeofpaintintheentireroom.
SecuringaBusinessNetworkWirelessbusinessnetworkshavemanyofthesameissuesashomenetworks.However,theremaybemoretoolswithwhichtoalleviatetheseproblemsbecauseITprofessionalsareusually(butnotalways!)moreawareoftheissues.
Whenworkingwithasmallorlargewirelessnetworkinabusinesssetting,understandtheprocessandaddresseachconcernandthenfollowthroughonaregularbasistoatleastlessenthethreatofinfiltration.
CreatingaSecurityPolicyforWirelessNetworksThefirststepinanypolicyisidentifyingtheneedsandenumeratingthemethodstosatisfyeachneed.Thepolicyshouldincludeatleastthefollowing:
•Whatdevicesareincludedsuchasbothcompany-ownedandemployee-ownedlaptops,smartphones,tablets,andsoforth
•WhatWAPscanbeconnectedtothenetwork
•Whatprotectionorsettingsarerequiredonallconnectedorpotentially
![Page 542: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/542.jpg)
connecteddevices
•Howdevicesareconfigured,suchaswhatdevicescanconnectonlytotheInternetorwhichsitesareontheInternet
•Howthepolicywillbeenforced
SettingUpProtectionWirednetworkscanbeprotectedphysicallybyeliminatingEthernetconnectivity.Inawirelesssetting,accesspointsandotherdevicesmustbeprotectedfromtheft,tampering,orotherphysicalassault.Considerusingtouchpadlocksonallstorageandwiringclosetstoeliminateunauthorizedvisits.
Passwordsshouldberequiredforbothinternalandexternaluseonallnetworkdevices.Setatimewhenallpasswordsmustbechanged,anddonotallowthesamepasswordtobeusedmorethanonce.
Ensureyourwirelessnetworkencryptionisreviewedandrevisedasnecessary.Thisshouldbedoneonatleastaquarterlybasis.Aspartofthispolicy,ensurethatwirelessdevicesdonothaveadministrationrightsaccesstothenetwork.
MACIdentificationFilteringWhiletrackingtheMACaddressesofdevicesconnectedtoahomewirelessnetworkcanbeeffective,inmostbusinessenvironmentsitcanbeproblematic.Thereareoftentoomanydevices,toomanychanges,andtoomuchchanceofincorrectlyenteredMACaddressestomakethisaviablepracticeinallbutverysmallnetworks.
SegmentationofAccessBestpracticesoftenlimitnetworkaccessbygrouporneed.Forexample,someresourcescanbeaccessedonlythroughavirtualprivatenetwork(VPN),orfiletransferscanbeblocked.Thispolicyshouldbeestablishedandreviewedonaregularbasis.
UsingAnti-malwareAsmalwarebecomesincreasinglydestructive,networkadministratorsmustensurethattheirsystemsareprotected.Adware,worms,Trojans,andotherpotentiallyunwantedprograms(PUPs)caninfectbothwirelessandwireddevices.
RemoteAuthenticationDial-InUserServiceThismodeofWPA2providesgreatersecurityandrequireseitherahostedserviceoraRemoteAuthenticationDial-InUserService(RADIUS)server.802.1X/RADIUScanincreasesecuritybutcanalsobedifficultforendusersunlesstheirdeviceispreconfiguredtousethislevelofsecurity.Sincetrackingandreportsarebasedonthenameoftheclients,itiseasiertorestrictcertainusers.
MaintainingSecurityMeasureonanOngoingBasisNopoliciesorprocedurescansurviveinavacuum.Ateverylevel,ensurethepoliciesare
![Page 543: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/543.jpg)
followedbyeachemployeeanddepartment.Considerusingcompanymeetingsforeducationoncurrentsecurityissuesandrequirethatallnewemployeeshavecopiesofthepolicies.
SecuringaWirelessRouterWhensettingupawirelessrouter,thereareseveralwaystoensureitssecurity:
•Disableremoteadministrativemanagement.Ifnooneoutsidecanaccesstheadministrativetools,thelikelihoodofunauthorizedadministrativechangesislessened.
•ConsiderchangingthedefaultIPaddressofyourrouter.Usingsomethinglesscommoncanfoilcross-siterequestforgery(CSRF)attacksonyournetwork.Theseattackstransmitunwantedrequestsinwebapplicationsandcompromiseuserdata.
•Whenworkingwiththerouter,requireeveryonetoactuallylogout.
•EnsurethatAESWPA2isturnedon,andeliminateWPS.Also,changedefaultpasswords.
•Aswithallrouters,updatethefirmwareregularly.Itisgoodpracticetocreatealogtoensureallfirmwareandsoftwareareupdatedonaschedule.
SecuringMobileDevicesWhilethetermsmobileandwirelessareoftenusedassynonyms,theyaredifferent.Mobiledevicesareportable,containinternalbatteriesandthereforeneednoexternalpower,andcanbetakenanywhere.Toexchangedata,thedevicemustbeconnectedtoamobilenetworkbutdoesnotneedtobeattachedtoanyhardwareinfrastructure.Themobilenetwork,however,mustbeconnectedatsomepointtoahardwiredsystem.
Wirelessdoesnotmeanportableormobile.WirelessnetworkscanconnectdevicestotheInternetoreachother,mustbeconnectedtoanexternalpowersource,andareusuallykeptinoneplace.Whilewirelessnetworkscanaccessmobilenetworks,they,too,must,atsomepoint,connecttoahardwired,broadbandInternetconnection.Securityformobiledevices,therefore,differsfromthatofnonportabledevices.
Althoughphoneandtabletsecurityisnotstrictlypartofnetworking,manybusinessesprovidetheseelectronicdevicesforusebytheiremployees.Thefollowingaresomeofthewaysyouandyouremployeescanprotectthesedevicesand,inturn,protectyournetwork:
•Educateyouremployeesaboutphishing,maliciousorunknownphonenumbers,andopenWi-Finetworks.Createawrittencompanypolicyabouttheusageofthesedevices.
•EnablepasswordsorPINsoneachdevice.Somephonesacceptonlyacertainnumberoftriesforthecorrectpasswordandthenlockthephone.
•Makesurealloperatingsystemupdatesareloadedontoeachdevice.
•Installantivirusandanti-malwareappsonalldevicesandensuretheyare
![Page 544: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/544.jpg)
keptuptodate.
•Installanduseencryptionsoftwareoneachdevice.
•Donotdownloadunapprovedapps.EachITdepartmentshouldmaintainalistofapprovedappsforcompanydevices.
•TurnoffbothWi-FiandBluetoothsettingswhenthedeviceisnotbeingused.Inthisway,unknowndevicescannotconnecttothenetworkthroughthedevice.
•Periodicallycheckeachdevicetoensureithasnotbeencompromised.Lookforsuchitemsasthefollowing:
•Checkforodddatapatterns.
•Checkforunverifiablechargesoncellphoneinvoices.
•Lookforunapprovedappsonthedevice.
•Ensurephysicalsecurityofdeviceswhennotbeingusedbytheemployee.
•Eachdevicehasbuilt-inlimitationsfromthefactory.Ensuretheselimitationsarestillinplaceandthedevicehasnotbeen“jailbroken.”
WhatAretheRisks?Therisksinwirelesstechnologycancreatehavoconyournetworkandthroughoutyourcompany.Whilesecurityisimportantwhenworkingwithawirednetwork,itiscriticalwhenworkingwithawirelessnetwork.Whetherathome,inabusiness,orinthecloud,therearemanywaysinwhichyourwirelessnetworkcanbecompromised.
UnsecuredHomeNetworksWhilemostbusinessnetworkshaveatleastsomepasswordorpassphraseprotection,openwirelessbusinessnetworksarenotcommon.However,homenetworksthatconnectcomputers,tablets,laptops,smartphones,andotherdevicesposesecurityissuesnotonlytothehomeownerbuttoother,moreprotectednetworks,suchasthebusinesswherethathomenetworkownerworks.Adhocnetworksareespeciallyvulnerabletooutsiders.
Withoutencryption,anyonecanconnecttoanetworkforbothlegalandillegalpurposes.Ifanetworkisinpromiscuousmode,thatis,unprotected,anyonewithinrangecanusethenetwork.Ifanext-doorneighboraccessesanunprotectedwirelessnetworkanddownloadsanythingillegally,theactioncanbetracedtotheoriginalIPaddress,andtheownerofthenetworkcouldbechargedwiththecrime.
Alldataonsuchnetworksistransmittedinplaintext.Thatis,itislegibletoanyonewhocanaccesstheinformation.Witheasilyobtainablesoftware,outsiderscanreadanydatathatwasrelayedonthisnetwork.ThisincludescreditcardorotherpersonalinformationenteredintoawebsitewithoutanHTTPSconnection.
Somehotspotaccesspointsareunencrypted,sobecautiouswhenaccessingsensitive
![Page 545: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/545.jpg)
dataatyourlocalcoffeeshop.Thepersonintentlystudyingalaptopacoupleoftablesawaycouldbewatchingyourdatainterchange.
Thefollowingarethepossiblethreatsforunsecurednetworks:
•PasswordcapturePasswordsfore-mailaccountsaresometimessentintheclear,meaninganyonecouldaccesspersonale-mailandtakeadvantageofanypersonalinformationfoundinthosee-mails.
•DataaccessIffilesharingisturnedon,anyonewithaccesstoanunsecurednetworkcanreadthedatathroughoutthesharedfiles.
•SpamandothermalwareWhenanunsecuredwirelessnetworkishacked,thehackercanusethedevicesonthatnetworkasthesourceforspamandothermalware.
WirelessInvasionToolsAswirelesssecuritymeasuresareapplied,softwareandhardwaredevicesaredevelopedtoovercomethemeasures.Someofthesearediscussedhere.
HiddenSSIDLocatersTherearesomesecuritysuggestionsthatencourageuserstohidethenameorSSIDoftheirnetwork.WhenanSSIDishidden,snoopingutilityprogramscanfindthenetworkquickly.Ifawirelessnetworkissuspected,simplymonitoringthatnetworkwilleventuallyrevealanattemptedconnection,andaspartoftheconnectionprocess,thenameoftheSSIDisrevealed.Devicesattempttoconnecttothehiddennetworkatalltimes.
MACAddressCapturesWhenwirelesspacketsaretransmitted,thedeviceMACaddressesareincluded.Hackerssimplychangetheirhardware’sMACaddressandlogontothenetworkwiththatdevice.
WEPandWPA1TheencryptioninWEPisvulnerabletodecryption,andthereforeanydevicestillsettoWEPshouldbeupdatedorreplaced.ThefirstversionofWPAisalsovulnerable.EnsureallwirelessroutersaresettoWPA2.
Wi-FiProtectedSetupSomeroutershaveaPINwithwhichadevicecanconnecttoyournetworkinsteadofusingapassphrase.Somesoftwareprogramscangothroughallpossiblenumberconnectionsuntiltherouteracknowledgesthattherightonehasbeenfound.ManysecurityexpertsrecommenddisablingWi-FiProtectedSetup(WPS)forthisreason.
PasswordVulnerabilitiesWithWPA2,passwordsandpassphrasescanbebetween8and63characters.Dictionaryattacksoftwareinterceptsarouterpacketandrunsthroughallpossiblecombinationstodiscoverthepasswordorpassphrase.Usingstrongpasswordsandpassphraseswith
![Page 546: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/546.jpg)
numbers,letters,andsymbolsisthebestmethod.
UnderstandingEncryptionEncryptionisaprocessthatmakestransmitteddataunreadablebythosenotauthorizedtoseeit.Whensendinginformationonawirelessnetwork,itisespeciallyimportanttounderstandhowandwhenencryptionisapplied.Successfulencryptionmethodscoverbothstatic,storedinformationandtransmitteddata.
At-RestEncryptionInformationprocessedandstoredincompanyservers,especiallyincompaniesthatmaintainfinancialormedicaldata,isregulatedandprotectedbygovernmentregulation.However,recenteventshaveprovedthateventhisinformationissubjecttoattackandisvulnerabletooutsidesources.Encryptioncanbeappliedtoindividualfilesortoalldatastoredonaserverorgroupofservers.Thereareseveralmethodstoprotectsuchdata.
FileorFolderEncryptionAtthefileorfolderlevel,noonecanopenthefileorthefolderwithouttheappropriateencryptionkey.Therearesoftwareprogramsthatencryptanddecryptthefileoncetheappropriatekeyisentered.Theseprogramsofferoptionssuchastheabilitytoautomaticallyencryptspecificfiletypes,encryptfilescreatedbyparticularusersorapplications,orencryptallfilesandfoldersdesignatedbythesystemadministrator.
Thismethodprotectsonlythedatawithinthefilesorfolders.Itdoesnotprotectfileorfoldernames.Often,copyingormovingthesefileswilldecryptthedata.
Full-Disk(orWhole-Disk)EncryptionSomeoperatingsystemscomewithutilitiestoencryptanentireharddrive.MacOScomeswithFileVaultencryption,Windows8.1includesPervasiveDeviceEncryption,andearlierversionsofWindowsincludedBitLocker.Thereareseveralfreefull-diskencryptionsoftwarepackagesavailable.Theonlywaytoaccesstheinformationonaprotecteddiskiswiththeappropriateauthorizationkey.
VolumeandVirtualEncryptionThismethodencryptsonlyapartitiononaharddrive,leavingsectionsofthediskopenandunencrypted.Theprocessencryptsafile,creatingacontainerthatcanholdotherfilesandfolders.Thiscontainercanbeaccessedonlywiththeproperkey.EncryptedcontainersoftenholdbootandsystemvolumesonaPC,externalharddrives,andUSBflashdrives.Sincecontainersareportable,thecontentscanbecopiedortransferredacrossmediums.SeeTable24-2foracomparisonofthesemethods.
![Page 547: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/547.jpg)
Table24-2At-RestEncryptionMethods
In-TransitEncryptionDatathatisbeingtransmittedissaidtobeintransit.Severaltypesofencryptiontechniquescanbeappliedtodataasitmovesacrossanetwork.Themainfocusofthesetechniquesistopreventunauthorizedusersfromseeingthedata.
TransportLayerSecurity/SecureSocketsLayerMostwebsitesthatrequirepersonalinformationuseeitherTransportLayerSecurity(TLS)ortheearlierSecureSocketsLayer(SSL)toprotectthisdata.Websitesthatemploythislevelofsecurityareshownwiththeinitialhttpsratherthanthenormalhttp(whichstandsforHypertextTransferProtocol)intheaddress.HTTPoperatesintheapplicationlayeroftheInternetProtocolsuite.
NOTEOriginally,HTTPSstoodforHypertextTransferProtocolwithSSL.Today,itindicatesthatthesiteusesTLS.
WPA2WPA2isWi-FiProtectedAccessII,aprogramdevelopedbytheWi-FiAlliancetoalleviatetheweaknessesinWPA.
InternetProtocolSecurityThismethodoperatesintheInternetlayeroftheInternetProtocolsuiteandthereforeprotectsalldataattheupperlayers.Itcanbeappliedinbothtransportandtunnelmodes:
•Intunnelmode,theentirepacketisencrypted.Thismodeisusedtocreatevirtualprivatenetworks(see“VirtualPrivateNetwork”next),host-to-networktransmissionssuchasremoteuseraccessconnections,andprivatecommunicationsuchashost-to-hosttransmissions.
•Transportmodeencryptsonlythemessageofthepacket,nottheheader.
VirtualPrivateNetworkThisisanencryptedprivate“throughway”betweentwoentitiesthatallowsinformationtobetransmittedsecurely.Onceestablished,theseconnectionsofferthefollowing:
•Confidentialityinthatanyunauthorized“snooper”wouldseeonlyencrypteddata
![Page 548: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/548.jpg)
•Authenticationofthesender
•Messageintegrity
•IncludesIPsecandTLS
![Page 549: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/549.jpg)
CHAPTER
![Page 550: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/550.jpg)
25 OverviewofNetworkAdministration
Althoughbusinessnetworksoftenrunavarietyofoperatingsystems,particularlyontheirservers,manyuserworkstationsrunsomeformofWindows.WhetheryouagreewithMicrosoftthattheWindowsinterfaceisuserfriendlyandintuitive,thereisnoquestionthatadministeringafleetofhundredsorthousandsofWindowsworkstationsisanextremelyformidabletask.Inaddition,thischaptercoversnetworkadministrationinformationontheothermainoperatingsystemsinusetoday,MacOSandLinux.
Nearlyallsoftwareincludestoolsthatnetworkadministratorscanusetosimplifytheprocessofinstalling,managing,andmaintainingtheoperatingsystemonalargenumberofworkstations.Thischapterexaminessomeofthesetoolsandhowyoucanusethemtoconfigureworkstationsenmasse,ratherthanworkingonthemoneatatime.
Oneoftheprimarygoalsofanynetworkadministratorshouldbetocreateworkstationconfigurationsthatarestandardizedandconsistentsothatwhenproblemsoccur,thesupportstaffisfullyacquaintedwiththeuser’sworkingenvironment.Failuretodothiscangreatlyincreasethetimeandeffortneededtotroubleshootproblems,thusincreasingtheoverallcostofoperatingthecomputer.Unfortunately,usershaveatendencytoexperimentwiththeircomputers,suchasmodifyingtheconfigurationsettingsorinstallingunauthorizedsoftware.Thiscanmakethesystemunstableandcaninterferewiththemaintenanceandtroubleshootingprocesses.Therefore,itisadvisablethatadministratorsimposesomeformofrestraintsonnetworkworkstationstopreventthisunauthorizedexperimentation.
Featuressuchasuserprofilesandsystempoliciesarebasictoolsyoucanusetodothisonmostnetworksystems,towhateverdegreeyoujudgeisnecessaryforyourusers.Usingthesetools,youcanlimittheprogramsthatasystemisabletorun,denyaccesstocertainelementsoftheoperatingsystem,andcontrolaccesstonetworkresources.Imposingrestrictivepoliciesandlimitingusers’accesstotheirworkstationscanbesensitiveundertakings,andnetworkadministratorsshouldcarefullyconsiderthecapabilitiesoftheirusersbeforemakingdecisionslikethese.Unsophisticatedcomputeruserscanbenefitandmayevenappreciatearestrictedenvironmentthatinsulatesthemfromthemoreconfusingelementsoftheoperatingsystem.However,userswithmoreexperiencemighttakeoffenseatbeinglimitedtoasmallsubsetofthecomputer’sfeatures,andtheirproductivitymayevenbeimpairedbyit.
LocatingApplicationsandDatainWindowsSystemsOneofthebasictasksofthenetworkadministratoristodecidewheredatashouldbestoredonthenetwork.Networkworkstationsrequireaccesstooperatingsystemfiles,applications,anddata,andthelocationswheretheseelementsarestoredisanimportantpartofcreatingasafeandstablenetworkenvironment.Someadministratorsactuallyexercisenocontroloverwhereusersstorefiles.Fortunately,mostWindowsapplicationsinstallthemselvestoadefaultdirectorylocatedintheC:\ProgramFilesfolderonthelocal
![Page 551: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/551.jpg)
system,whichprovidesameasureofconsistencyifnothingelse.Someapplicationsevencreatedefaultdatadirectoriesonthelocaldrive,butleavinguserstotheirowndeviceswhenitcomestostoringtheirdatafilesisaninherentlydangerouspractice.Manyusershavelittleornoknowledgeoftheircomputer’sdirectorystructureandlittleornotraininginfilemanagement.Thiscanresultinfilesfordifferentapplicationsallbeingdumpedintoasinglecommondirectoryandleftunprotectedfromaccidentaldamageorerasure.
Server-BasedOperatingSystemsIntheearlydaysofWindows,runningtheoperatingsystemfromaserverdrivewasapracticalalternativetohavingindividualinstallationsoneveryworkstation.Storingtheoperatingsystemfilesonaserverenabledthenetworkadministratornotonlytopreventthemfrombeingtamperedwithoraccidentallydeleted,butalsotoupgradealltheworkstationsatonce.Thetechniquealsosaveddiskspaceontheworkstation’slocaldrive.However,astheyearspassed,thecapacityofatypicalharddriveonanetworkworkstationgrewenormously,asdidthesizeoftheWindowsoperatingsystemitself.
Today,thepracticeofinstallinganoperatingsystemontoamappedserverdriveisnotpractical.AworkstationrunningWindowsmustloadmanymegabytesoffilesjusttobootthesystem,andwhenyoumultiplythisbyhundredsofcomputers,theamountofnetworktrafficcreatedbythispracticecouldsaturateeventhefastestnetwork.Inaddition,diskspaceshortagesarenotabigproblemnowthatworkstationsroutinelyshipwithdrivesthatholdanywherefrom500GBto1TBormore.Installingtheoperatingsystemontothelocaldriveis,inmostcases,theobvioussolution.
However,newertechnologiesareavailabletodaythatareonceagainmakingitpracticaltorunaWindowsoperatingsystemfromaserver.Thistime,theworkstationsdonotdownloadtheentireoperatingsystemfromtheserverdrive.Instead,theworkstationsfunctionasclientterminalsthatconnecttoaterminalserver.Theworkstationoperatingsystemandapplicationsactuallyrunontheserver,whiletheterminalfunctionssolelyasaninput/outputdevice.Asaresult,theworkstationsrequireonlyminimalresourcesbecausetheservertakesmostoftheburden.
Server-BasedApplicationsRunningapplicationsfromaserverdriveratherthanindividualworkstationinstallationsisanotherwaytoprovideaconsistentenvironmentforyourusersandminimizethenetwork’sadministrativeburden.Atitssimplest,youdothisbyinstallinganapplicationintheusualmannerandspecifyingadirectoryonanetworkdriveinsteadofalocaldirectoryasthelocationfortheprogramfiles.Windowsapplicationsarerarelysimple,however,andtheprocessisusuallymorecomplicated.
Runningapplicationsfromserverdriveshasbothadvantagesanddisadvantages.Ontheplusside,aswithserver-basedoperatingsystems,yougetdiskspacesavingsonthelocaldrives,theabilitytoprotecttheapplicationfilesagainstdamageordeletion,andtheabilitytoupgradeandmaintainasinglecopyoftheapplicationfilesratherthanindividualcopiesoneachworkstation.Thedisadvantagesarethatserver-basedapplicationsnearlyalwaysrunmoreslowlythanlocalones,generateasubstantialamountofnetworktraffic,
![Page 552: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/552.jpg)
anddonotfunctionwhentheserverismalfunctioningorotherwiseunavailable.
InthedaysofDOS,applicationswereself-containedandusuallyconsistedofnomorethanasingleprogramdirectorythatcontainedalloftheapplication’sfiles.Youcouldinstalltheapplicationtoaserverdriveandthenletothersystemsuseitsimplybyrunningtheexecutablefile.Today’sapplicationsaremuchmorecomplex,andtheinstallationprogramismorethanjustameansofcopyingfiles.Inadditiontotheprogramfiles,aWindowsapplicationinstallationmayincluderegistrysettingsandWindowsDLLsthatmustbeinstalledonthelocalmachine,aswellasaprocedureforcreatingtheStartmenuentriesandiconsneededtolaunchtheapplication.
Whenyouwanttoshareaserver-basedapplicationwithmultipleworkstations,youusuallystillhavetoperformacompleteinstallationoneachcomputer.ThisistoensurethateachworkstationhasalloftheDLLfiles,registrysettings,andiconsneededtoruntheapplication.Onewaytoimplementaserver-basedapplicationistoperformacompleteinstallationoftheprogramoneachworkstation,specifyingthesamedirectoryonaserverdriveasthedestinationfortheprogramfilesineachcase.Thisway,eachworkstationreceivesallofthenecessaryfilesandmodifications,andonlyonecopyoftheapplicationfilesisstoredontheserver.
However,anotherimportantissueistheabilitytomaintainindividualconfigurationsettingsforeachofthecomputersaccessingtheapplication.Whenoneusermodifiestheinterfaceofasharedapplication,youdon’twantthosemodificationstoaffecteveryotheruser.Asaresult,eachoftheapplication’susersmustmaintaintheirowncopiesoftheapplicationconfigurationsettings.Whetherthisisaneasytask,orevenapossibleone,dependsonhoweachindividualapplicationstoresitsconfigurationsettings.If,forexample,thesettingsarestoredintheregistryoraWindowsINIfile,theinstallationprocesswillcreateaseparateconfigurationoneachworkstation.However,ifthesettingsarestoredwiththeprogramfilesontheserverbydefault,youmusttakestepstopreventeachuser’schangesfromoverwritingthoseoftheotherusers.
Insomecases,itispossibletoconfigureanapplicationtostoreitsconfigurationsettingsinanalternativelocation,enablingyoutoredirectthemtoeachworkstation’slocaldriveortoeachuser’shomedirectoryonaserver.Ifthisisnotpossible,theapplicationmaynotbesuitableforuseinasharedenvironment.Inmanycases,themostpracticalwaytorunapplicationsfromaserveristoselectapplicationsthathavetheirownnetworkingcapabilities.MicrosoftOffice,forexample,letsyoucreateanadministrativeinstallationpointonaserverthatyoucanusetoinstalltheapplicationonyourworkstations.Whenyouperformeachinstallation,youcanselectwhethertheapplicationfilesshouldbecopiedtothelocaldrive,runfromtheserverdrive,orsplitbetweenthetwo.
Manycompaniesaremovingtowardcloud-basedappsthesedays,whichcanberunonvirtuallyanyOSandanydevicethathasanInternetconnectionandawebbrowser,eliminatingtheneedforinstallinganyfiles.Thesewouldalsobeconsideredserver-basedapplications.
StoringDataFiles
![Page 553: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/553.jpg)
Onmostoftoday’sWindowsnetworks,boththeoperatingsystemandtheapplicationsareinstalledonlocalworkstationdrives,butitisstilluptothenetworkadministratortodecidewherethedatafilesgeneratedandaccessedbyusersshouldbestored.Thetwoprimaryconcernsthatyoumustevaluatewhenmakingthisdecisionareaccessibilityandsecurity.Usersmustcertainlyhaveaccesstotheirowndatafiles,buttherearealsofilesthathavetobesharedbymanyusers.Importantdatafilesalsohavetobeprotectedfrommodificationanddeletionbyunauthorizedpersonnelandhavetobebackeduptoanalternativemediumtoguardagainstadisaster,suchasafireordiskfailure.
Datafilescomeinvarioustypesandformatsthatcanaffectthewayinwhichyoustorethem.Individualuserdocuments,suchasthosecreatedinwordprocessororspreadsheetapplications,aredesignedforusebyonepersonatatime,whiledatabasescansupportsimultaneousaccessbymultipleusers.Inmostcases,databasefilesarestoredonthecomputerrunningthedatabaseserverapplication,soadministratorscanregulateaccesstothemwithfilesystempermissionsandprotectthemwithregularbackups.Othertypesoffilesmayrequireadditionalplanning.
SincemanyWindowsoperatingsystemsarepeer-to-peernetworkoperatingsystems,youcanallowuserstostoretheirdocumentfilesoneithertheirlocaldrivesoraserverandstillsharethemwithotherusersonthenetwork.However,thereareseveralcompellingreasonswhyitisbetterforalldatafilestobestoredonservers.Thefirstandmostimportantreasonistoprotectthefilesfromlossduetoaworkstationordiskfailure.Serversaremorelikelytohaveprotectivemeasuresinplace,suchasRAIDarraysormirroreddrives,andaremoreeasilybackedup.Serversalsomakethedataavailableatalltimes,whileaworkstationmightbeturnedoffwhentheuserisabsent.
Thesecondreasonisaccesscontrol.AlthoughWindowsworkstationsandserversbothhavethesamecapabilitieswhenitcomestograntingaccesspermissionstospecificusers,usersrarelyhavetheskillsortheinclinationtoprotecttheirownfileseffectively,anditisfareasierfornetworkadministratorstomanagethepermissionsonasingleserverthanonmanyindividualworkstations.Anotherimportantreasonforstoringdataonserversisthatsharingthedrivesoneveryworkstationcanmakeitmuchmoredifficulttolocateinformationonthenetwork.TolookataWindowsdomainandseedozensorhundredsofcomputers,eachwithitsownshares,makesthetaskoflocatingaspecificfilemuchmorecomplicated.Limitingthesharestoarelativelyfewserverssimplifiestheprocess.
Asaresult,thebeststrategyformostWindowsnetworksistoinstalltheoperatingsystemandapplicationsonlocaldrivesandimplementastrategyforstoringalldatafilesonnetworkservers.Themostcommonpracticeistocreateahomedirectoryforeachuseronaserver,towhichtheyhavefullaccesspermissions.Youshouldthenconfigureallapplicationstostoretheirfilesinthatdirectory,bydefault,sothatnovaluabledataisstoredonlocaldrives.Dependingontheneedsofyourusers,youcanmakethehomedirectoriesprivate,sothatonlytheuserwhoownsthedirectorycanaccessit,orgrantallusersread-onlyaccesstoallofthehomedirectories.Thismakesitpossibleforuserstosharefilesatwillsimplybygivinganotheruserthefilenameorlocation.
WhenyoucreateauserobjectintheWindowsActiveDirectoryorauseraccountinaWindowsdomain,youhavetheoptionofcreatingahomedirectoryfortheuseratthesametime.Bydefault,usersaregivenfullcontrolovertheirhomedirectories,andnoone
![Page 554: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/554.jpg)
elseisgivenanyaccessatall.Youmaywanttomodifythesepermissionstograntaccesstothedirectorytotheotherusersonthenetworkor,attheveryleast,toadministrators.
SettingEnvironmentVariablesinWindowsInWindows7,opentheEnvironmentVariablesdialogbox.Todoso,followthesesteps:
1.ClickStartandchooseControlPanel.
2.ClickUserAccounts.
3.SelectChangeMyEnvironmentVariablesfromtheTaskpaneontheleftofyourscreen.TheEnvironmentVariablesdialogboxappears,asshowninFigure25-1.
Figure25-1TheEnvironmentVariablesdialogboxinWindows7
Fromthisdialogbox,youcancreateanewenvironmentvariableormodifyanexistingone.
![Page 555: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/555.jpg)
InWindows8,ittakesafewmoresteps.
1.ClicktheDesktoptile,andfromthedesktop,clickStart.
2.Right-clickthedesktopfolder,andfromthecontextmenu,chooseFileExplorer.
3.Right-clickThisPCattheleftsideofyourwindow.Fromthecontextmenuthatappears,clickProperties.
4.AttheleftpaneoftheSystemwindowthatopens,selectAdvancedSystemSettings.
5.FromtheSystemPropertiesdialogbox,selecttheAdvancedtab.YouwillseetheEnvironmentVariablesbuttonatthebottomrightoftheAdvancedtab.
6.ClickNewtoaddanewvariableorclickEdittomakechangestoanexistingvariable.UsetheDeleteoptiontodeleteavariable.
7.ClickOKwhenyouhavemadeyourchoices.
SettingEnvironmentVariablesinLinuxInLinux,enterthefollowingcommandatashellprompt,dependingonwhichshellyouareusing:
csh/tcsh:setenvvariablevalue
bash/ksh:exportvariable=value
Inthiscase,variableisthenameoftheenvironmentvariableandvalueisthevalueyouwanttoassigntothisvariable.
SettingEnvironmentVariablesinOSXWhenyouareusingMacOSX,youmustfirstopenaterminalwindow.Ifyouwanttorunjobsfromthecommandline,enterthefollowingcommand:
exportvariable=value
Inthisexample,variableisthenameoftheenvironmentvariableandvalueisthevalueyouwanttoassigntothisvariable.Youcandetermineanyenvironmentvariablesthathavebeensetwiththeenvcommand.
ControllingtheWorkstationEnvironmentInanorganizationcomposedofexpertcomputerusers,youcanleaveeveryonetotheirowndeviceswhenitcomestomanagingtheirWindowsdesktops.Experienceduserscancreatetheirowndesktopicons,managetheirownStartmenushortcuts,andmaptheirowndriveletters.However,notmanynetworkshaveonlypowerusers;inmostcases,itisbetterforthenetworkadministratortocreateaviableandconsistentworkstationenvironment.
DriveMappingsinWindows
![Page 556: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/556.jpg)
Manylesssophisticatedcomputerusersdon’tfullyunderstandtheconceptofanetworkandhowaserverdrivecanbemappedtoadriveletteronalocalmachine.AusermayhavethedriveletterFmappedtoaparticularserverdriveandassumethatotherusers’systemsareconfiguredthesameway.Ifworkstationdrivemappingsareinconsistent,confusionresultswhenoneusertellsanotherthatafileislocatedontheFdrive,andtheotheruser’sFdrivereferstoadifferentshare.Toavoidproblemslikethese,administratorsshouldcreateaconsistentdrive-mappingstrategyforuserswhowillbesharingthesameresources.
Asanexample,inmanycasesuserswillhaveadepartmentalorworkgroupserverthatistheir“home”server,andit’sagoodideaforeveryworkstationtohavethesamedrivelettermappedtothathomeserver.Ifthereareapplicationserversthatprovideresourcestoeveryoneonthenetwork,suchasacompanydatabaseserver,theneverysystemshouldusethesamedrivelettertoreferencethatserver,ifadriveletterisneeded.Implementingminorpolicieslikethesecansignificantlyreducethenumberofnuisancecallstothenetworkhelpdeskgeneratedbypuzzledusers.
Toimplementasetofconsistentdrivemappingsforyourusers,youcancreatelogonscriptfilescontainingNETUSEcommandsthatmapdrivestotheappropriateserverseachtimetheuserlogsontothenetwork.Bystructuringthecommandsproperly,youshouldbeabletocreateasinglelogonscriptformultipleusers.Tomapadrivelettertoeachuser’sownhomedirectory,youuseacommandlikethefollowing:
NETUSEX:/home
wherehomeisthenameofthedirectory.
MappingaWindowsDriveinLinuxBeforeyoucanshareaWindowsdrive,ensurethatyournetworksettingsallowtheconnection.Todoso,gototheNetworkandSharingCenter.InWindows7,chooseChangeAdvancedSharingSettings.ToaccesstheNetworkCenterinWindows8,accesstheNetworkandSharingCenterthroughControlPanel|NetworkAndInternet.Turnonnetworkdiscoveryandfileandprintersharing,asshowninFigure25-2.
![Page 557: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/557.jpg)
Figure25-2ChangesettingsinWindowsNetworkandSharingCentertoenablemappingaLinuxdrive.
CreateafolderonyourWindowsmachinetoshare.ThisexampleusesafolderonthedesktopnamedLinuxShare.Right-clickthenewfolderandclickPropertiestoopenthePropertiesdialogbox.ClicktheSharingtabandchooseAdvancedSharing.
Click“Sharethisfolder.”
ClickPermissionstoopenthePermissionsdialogbox.Addorremovetheuseraccounts(ontheWindowscomputer)andindicatethecontrolsyouwantapplied.ClickOKtocloseeachwindow.WhilestillinthePropertiesdialogbox,selecttheSecuritytab.Ensurethepermissionsshowinginthistabarethesameasyousetintheearlierdialogs.Ifallisthesame,clickClosetoclosethedialogbox.YournewfolderisnowsharedandavailabletoyourLinuxcomputer.
YourLinuxcomputermusthaveeitherDIFSorSMBFS.TheLinuxkernelyouareusingmustbeconfiguredforbinarydistribution.ThefollowingarethecommandstoinstallCIFS/SMBFSforUbuntu,Debian,andRedHat.Foreach,youmustfirstopenaterminal:
•InRedHat,thecommandissudoyuminstallcifs-utils.
•InDebianorUbuntu,thecommandissudoapt-getinstallsmbfs.
Then,createadirectoryandmountyoursharedfoldertothatdirectory.Usethefollowingcommand:mkdir~/Desktop/Windows-LinuxShare
sudomount.cifs//WindowsPC/Share/home/MyComputer/Desktop/Windows-
LinuxShare-ouser=Bobbi
YoumaybepromptedfortherootpasswordforbothyourLinuxandWindowscomputers.
MappingaWindowsDriveinAppleOSX
![Page 558: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/558.jpg)
MacOSXcontainsashortcutwithwhichyoucaneasilymapandaccessnetworkdriveswithoutanyextrasoftware.
1.OpentheFinderutility.
2.PressCOMMAND-SHIFT-Ktoopentheappropriateserverconnections.
3.Thedialogboxthatopensallowsyoutoentertheappropriatenetworkaddressorbrowsethenetwork.ClicktheConnectbuttonatthebottomrightofthewindowwhenyouhavelocatedthedrive.
UserProfilesCreatinguserprofilesisamethodofstoringtheshortcutsanddesktopconfigurationsettingsforindividualusersinadirectory,whereacomputercanaccessthemduringthesystemstartupsequence.Bycreatingseparateprofilesfordifferentusers,eachpersoncanretrievetheirownsettingswhentheylogon.Whenyoustoremultipleprofilesonalocalmachine,youmakeitpossibleforuserstosharethesameworkstationwithoutoverwritingeachother’ssettings.Whenyoustoretheprofilesonanetworkserver,userscanaccesstheirsettingsfromanynetworkworkstation;thisiscalledaroamingprofile.Inaddition,youcanforceuserstoloadaspecificprofileeachtimetheylogontoasystemandpreventthemfromchangingit;thisiscalledamandatoryprofile.
TheregistryonaWindowscomputercontainstwofilesonthelocaldrive,calledSystem.datandNTUser.dat.NTUser.datcorrespondstotheHKEY_CURRENT_USERkeyintheregistry,whichcontainsalloftheenvironmentalsettingsthatapplytotheuserwhoiscurrentlyloggedon.OnaWindowsoperatingsystemafterWindowsME,thecorrespondingfileiscalledNtuser.dat.Thisfile,calledaregistryhive,formsthebasisofauserprofile.ByloadinganNtuser.datfileduringthelogonsequence,thecomputerwritesthesettingscontainedinthefiletotheregistry,andtheythenbecomeactiveonthesystem.
Theuserhivecontainsthefollowingtypesofsystemconfigurationsettings:
•Alluser-definablesettingsforWindowsExplorer
•Persistentnetworkdriveconnections
•Networkprinterconnections
•Alluser-definablesettingsintheControlPanel,suchastheDisplaysettings
•Alltaskbarsettings
•Alluser-definablesettingsforWindowsaccessories,suchasCalculator,Notepad,Clock,Paint,andHyperTerminal
•AllbookmarkscreatedintheWindowsHelpsystem
Inadditiontothehive,auserprofilecanincludesubdirectoriesthatcontainshortcutsandotherelementsthatformpartsoftheworkstationenvironment.Thesesubdirectoriesareasfollows:
•ApplicationDataContainsapplication-specificdata,suchascustom
![Page 559: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/559.jpg)
dictionaryfiles
•CookiesContainscookiesusedbyInternetExplorertostoreinformationaboutthesystem’sinteractionwithspecificInternetsites
•DesktopContainsshortcutstoprogramsandfilesthatappearontheWindowsdesktop
•FavoritesContainsshortcutstoprograms,files,andURLsthatappearinInternetExplorer’sFavoriteslist
•LocalSettingsThisdirectorycontainsthefollowingsubfolders:
•ApplicationData
•History
•Temp
•TemporaryInternetFiles
•MyDocumentsContainsshortcutstopersonaldocumentsandotherfiles
•NetHoodContainsshortcutsthatappearintheNetworkNeighborhoodwindow
•PrintHoodContainsshortcutsthatappearinthePrinterswindow
•RecentContainsshortcutstofilesthatappearintheDocumentsfolderintheStartmenu
•SendToContainsshortcutstoprogramsandfilesystemlocationsthatappearinthecontextmenu’sSendTofolder
•StartMenuContainsfoldersandshortcutstoprogramsandfilesthatappearintheStartmenu
•TemplatesContainsshortcutstodocumenttemplates
NOTETheNetHood,PrintHood,andTemplatesdirectoriesarehiddenbydefault.Toviewthem,youmustconfigureWindowsExplorertodisplayhiddenfiles.
Betweenthehiveandthesubdirectories,theuserprofileconfiguresmostofauser’sworkstationenvironment—includingcosmeticelements,suchasscreencolorsandwallpaper,andoperationalelements,suchasdesktopiconsandStartmenushortcuts.Themoreconcreteelementsofthesystemconfiguration,suchashardwaredevicedriversandsettings,arenotincludedintheuserprofile.If,forexample,youinstallanewpieceofhardwareonasystem,alluserswillhaveaccesstoit,regardlessofwhichprofileisinuse.
Bydefault,WindowscreatesauserprofileforeachdifferentuserwhologsontothemachineandstoresthemintheDocumentsandSettingsfolderdirectoryonthesystemdrive.Thesystemalsocreatesadefaultuserprofileduringtheoperatingsysteminstallationprocessthatfunctionsasatemplateforthecreationofnewprofiles.Ifthereareelementsthatyouwantincludedinallofthenewprofilescreatedonacomputer,you
![Page 560: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/560.jpg)
canmakechangestotheprofileintheDefaultUsersubdirectorybeforeanyoftheuserslogon.Thesystemwillthencopythedefaultprofiletoanewsubdirectoryeachtimeanewuserlogson.ChangingtheDefaultUsersubdirectorydoesnotaffecttheuserprofilesthathavealreadybeencreated,however.
CreatingRoamingProfilesWindowsstoresuserprofilesonthelocalmachinebydefault.Youcanmodifythis
behaviorbyspecifyingalocationonanetworkserverforaparticularuser’sprofileinthesameWindowsProfilepageorUserEnvironmentProfiledialogboxinwhichyouspecifiedthelocationoftheuser’shomedirectory.Theprofileservercanbeanysystemthatisaccessiblebytheworkstation.Onceyouspecifythelocationfortheprofile,theoperatingsystemontheworkstationcopiestheactiveprofiletotheserverdrivethenexttimetheuserlogsoffthenetwork.
Thebestwaytoorganizeuserprofilesonthenetworkistodesignateasinglemachineasaprofileserverandcreatesubdirectoriesnamedforyourusers,inwhichtheprofileswillbestored.Whenyouspecifythelocationoftheprofiledirectoryforeachuser,youcanusethe%UserName%variableaspartofthepath,asfollows:\\Ntserver\Profiles\%UserName%
Thesystemthenreplacesthe%UserName%variablewiththeuser’slogonname,aslongasthevariableappearsonlyonceinthepathandthevariableisthelastsubdirectoryinthepath.Inotherwords,thepath\Ntserver\Users\%UserName%\Profilewouldnotbeacceptable.However,thesystemdoesrecognizeanextensionaddedtothevariable,making\Ntserver\Profiles\%UserName%.mananacceptablepath.
Storinguserprofilesonaserverdoesnotdeletethemfromtheworkstationfromwhichtheyoriginated.Oncetheserver-basedprofileiscreated,eachlogonbytheusertriggersthefollowingprocess:
1.Theworkstationcomparestheprofileontheserverwiththeprofileontheworkstation.
2.Iftheprofileontheserverisnewerthanthatontheworkstation,thesystemcopiestheserverprofiletotheworkstationdriveandloadsitfromthereintomemory.
3.Ifthetwoprofilesareidentical,theworkstationloadstheprofileonthelocaldriveintomemorywithoutcopyingfromtheserver.
4.Whentheuserlogsoff,theworkstationwritestoboththelocaldriveandtheserveranychangesthathavebeenmadetotheregistrykeysandshortcutdirectoriesthatmakeuptheprofile.
Becausetheprofileisalwaysloadedfromtheworkstation’slocaldrive,evenwhenanewversioniscopiedfromtheserver,itisimportanttoconsidertheramificationsofmakingchangestotheprofilefromanothermachine.If,forexample,anadministratormodifiesaprofileontheserverbydeletingcertainshortcuts,thesechangeswilllikelyhavenoeffectbecausethoseshortcutsstillexistontheworkstationandcopyingtheserverprofiletotheworkstationdrivedoesnotdeletethem.Tomodifyaprofile,youmustmake
![Page 561: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/561.jpg)
changesonboththeserverandworkstationcopies.
Oneofthepotentialdrawbacksofstoringuserprofilesonanetworkserveristheamountofdatathatmustbetransferredonaregularbasis.Theregistryhiveandthevariousshortcutsubdirectoriesareusuallynotaproblem.Butif,forexample,aWindowsuserstoresmanymegabytesworthoffilesintheMyDocumentsdirectory,thetimeneededtocopythatdirectorytotheserverandreaditbackagaincanproduceanoticeabledelayduringthelogoffandlogonprocesses.
CreatingMandatoryProfilesWhenusersmodifyelementsoftheirWindowsenvironment,theworkstationwritesthosechangestotheiruserprofilessothatthenexttimetheylogon,thechangestakeeffect.However,it’spossibleforanetworkadministratortocreatemandatoryprofilesthattheusersarenotpermittedtochangesothatthesameworkstationenvironmentloadseachtimetheylogon,regardlessofthechangestheymadeduringthelastsession.Topreventusersfrommodifyingtheirprofileswhenloggingoffthesystem,yousimplychangethenameoftheregistryhiveintheserverprofiledirectoryfromNtuser.dattoNtuser.manorfromUser.dattoUser.man.WhentheworkstationdetectstheMANfileintheprofiledirectory,itloadsthatinsteadoftheDATfileanddoesnotwriteanythingbacktotheprofiledirectoryduringthelogoffprocedure.
NOTEWhencreatingamandatoryprofile,besurethattheuserisnotloggedontotheworkstationwhenyouchangetheregistryhivefileextensionfrom.datto.man.Otherwise,thehivewillbewrittenbacktotheprofilewitha.datextensionduringthelogoff.
Anothermodificationyoucanmaketoenforcetheuseoftheprofileistoadda.manextensiontothedirectoryinwhichtheprofileisstored.Thispreventstheuserfromloggingontothenetworkwithoutloadingtheprofile.Iftheserveronwhichtheprofileisstoredisunavailable,theusercan’tlogon.Ifyouchoosetodothis,besuretoaddthe.manextensionbothtothedirectorynameandtothepathspecifyingthenameoftheprofiledirectoryintheuserobject’sPropertiesdialogboxortheUserEnvironmentProfiledialogbox.
It’simportanttonotethatmakingprofilesmandatorydoesnotpreventusersfrommodifyingtheirworkstationenvironments;itjustpreventsthemfromsavingthosemodificationsbacktotheprofile.Also,makingaprofilemandatorydoesnotinitselfpreventtheuserfrommanuallymodifyingtheprofilebyaddingordeletingshortcutsoraccessingtheregistryhive.Ifyouwanttoexercisegreatercontrolovertheworkstationtopreventusersfrommakinganychangestotheinterfaceatall,youmustuseanothermechanism,suchassystempolicies,andbesuretoprotecttheprofiledirectoriesontheserverusingfilesystempermissions.
ReplicatingProfilesIfyouintendtorelyonserver-baseduserprofilestocreateworkstationenvironmentsforyourusers,youshouldtakepainstoensurethatthoseprofilesarealwaysavailabletoyour
![Page 562: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/562.jpg)
userswhentheylogon.Thisisparticularlytrueifyouintendtousemandatoryprofileswith.manextensionsonthedirectorynamesbecauseiftheserveronwhichtheprofilesarestoredismalfunctioningorunavailable,theuserscannotlogon.OnewayofdoingthisistocreateyourprofiledirectoriesonadomaincontrollerandthenusetheDirectoryReplicatorserviceinWindowstocopytheprofiledirectoriestotheotherdomaincontrollersonthenetworkonaregularbasis.
Onceyouhavearrangedfortheprofiledirectoriestobereplicatedtoallofyourdomaincontrollers,youcanusethe%LogonServer%variableineachuser’sprofilepathtomakesuretheycanalwaysaccesstheprofilewhenloggingon,asinthefollowingexample:
\\%LogonServer%\users\%UserName%
Duringthelogonprocess,theworkstationreplacesthe%LogonServer%variablewiththenameofthedomaincontrollerthatauthenticatedtheuser.Sincetheprofiledirectorieshavebeencopiedtoallofthedomaincontrollers,theworkstationalwayshasaccesstotheprofileaslongasithasaccesstoadomaincontroller.Ifnodomaincontrollerisavailable,youhavemuchbiggerproblemstoworryaboutthanuserprofiles.
CreatingaNetworkDefaultUserProfileWindowssystemshaveadefaultuserprofiletheyuseasatemplateforthecreationofnewprofiles.Asmentionedearlier,youcanmodifythisdefaultprofilesothatallofthenewprofilescreatedonthatmachinehavecertaincharacteristics.Itisalsopossibletocreateadefaultuserprofileonyournetworktoprovidethesameserviceforallnewprofilescreatedonthenetwork.
ControllingtheWorkstationRegistryTheregistryisthecentralrepositoryforconfigurationdatainmostWindowssystems,andexercisingcontrolovertheregistryisamajorpartofasystemadministrator’sjob.Theabilitytoaccessaworkstation’sregistryineitheraremoteorautomatedfashionenablesyoutocontrolvirtuallyanyaspectofthesystem’sfunctionalityandalsoprotecttheregistryfromdamageduetounauthorizedmodifications.
UsingSystemPoliciesNearlyallWindowsoperatingsystemsincludesystempolicies,whichenableyoutoexerciseagreatdealofcontroloveraworkstation’senvironment.Bydefiningasetofpoliciesandenforcingthem,youcancontrolwhatelementsoftheoperatingsystemyourusersareabletoaccess,whatapplicationstheycanrun,andtheappearanceofthedesktop.Systempoliciesarereallynothingmorethancollectionsofregistrysettingsthatarepackagedintoasystempolicyfileandstoredonaserverdrive.Whenauserlogsontothenetwork,theworkstationdownloadsthesystempolicyfilefromtheserverandappliestheappropriatesettingstotheworkstation’sregistry.Becauseworkstationsloadthepolicyfileautomaticallyduringthelogonprocess,userscan’tevadethem.Thismakessystempoliciesanexcellenttoolforlimitingusers’accesstotheWindowsinterface.
![Page 563: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/563.jpg)
Usingsystempoliciesisanalternativetomodifyingregistrykeysdirectlyandreducesthepossibilityofsystemmalfunctionsduetotypographicalorothererrors.Insteadofbrowsingthroughtheregistrytree,searchingforcryptickeysandvaluenames,andenteringcodedvalues,youcreatesystempolicyfilesusingagraphicalutilitycalledSystemPolicyEditor(SPE).SPEdisplaysregistrysettingsintheformofpolicies,plain-EnglishphraseswithstandardWindowsdialogboxelementsarrangedinatreelikehierarchy,suchastheLocalGroupPolicyEditordialogasseeninFigure25-3.
Figure25-3TheLocalGroupPolicyEditordialogbox
InbothWindows7andWindows8,youmustusetheRuncommandtoopenSPE.InWindows7,typegpedit.mscinthesearchbox;inWindows8,findtheRunapp,typegpedit.msc,andclickOK,asshowninFigure25-4.
Figure25-4OpeningtheLocalGroupPolicyEditorfromtheRuncommandorapp
SystemPolicyTemplates
![Page 564: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/564.jpg)
SystemPolicyEditorissimplyatoolforcreatingpolicyfiles;ithasnocontroloverthepoliciesitcreates.Thepoliciesthemselvescomefromsystempolicytemplates,whichareASCIIfilesthatcontaintheregistrykeys,possiblevalues,andexplanatorytextthatmakeupthepoliciesdisplayedinSPE.Forexample,thefollowingexcerptfromtheCommon.admpolicytemplatecreatestheRemoteUpdatepolicy:
AlloftheWindowsoperatingsystemsincludeavarietyofadministrativetemplatefilesinadditiontotheSPEprogramitself.Thesefilescurrentlyhavethe.admxextension,althoughearlierversionsused.adm.Otherapplications,suchasMicrosoftOfficeandInternetExplorer,includetheirowntemplatefilescontainingpoliciesspecifictothoseapplications,andyoucanevencreateyourowncustomtemplatestomodifyotherregistrysettings.
ByselectingOptions|PolicyTemplate,youcanloadthetemplatesthatSPEwillusetocreatepolicyfiles.YoucanloadmultipletemplatesintoSPE,andthepoliciesinthemwillbecombinedintheprogram’sinterface.WheneveryoulaunchSPE,itloadsthetemplatesthatitwasusingwhenitwaslastshutdown,aslongasthefilesarestillinthesamelocations.WhenyouusemultiplepolicytemplatesinSPE,itispossibleforpoliciesdefinedintwodifferenttemplatestoconfigurethesameregistrysetting.Ifthistypeofduplicationoccurs,thepolicyclosesttothebottomofthehierarchyintheobject’sPropertiesdialogboxtakesprecedence.
SystemPolicyFilesUsingSPE,youcancreatepoliciesthatapplytoonlyspecificusers,groups,andcomputers,aswellascreateDefaultUserandDefaultComputerpolicies.Policiesformultiplenetworkusersandcomputersarestoredinasinglefilethateverycomputerdownloadsfromaserverasitlogsontothenetwork.
![Page 565: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/565.jpg)
RestrictingWorkstationAccesswithSystemPoliciesOneoftheprimaryfunctionsofsystempoliciesistopreventusersfromaccessingcertainelementsoftheoperatingsystem.Thereareseveralreasonsfordoingthis,suchasthese:
•Prohibitingusersfromrunningunauthorizedsoftware
•Preventingusersfromadjustingcosmeticelementsoftheinterface
•Insulatingusersfromfeaturestheycannotusesafely
Bydoingthesethings,youcanpreventusersfromwastingtimeonnonproductiveactivitiesandcausingworkstationmalfunctionsthroughmisguidedexperimentationthatrequiretechnicalsupporttofix.Thefollowingsectionsdescribehowyoucanusespecificsystempoliciestocontroltheworkstationenvironment.
RestrictingApplicationsOneoftheprimarycausesofinstabilityonWindowsworkstationsistheinstallationofincompatibleapplications.MostWindowssoftwarepackagesincludedynamiclinklibrary(DLL)modulesthatgetinstalledtotheWindowssystemdirectories,andmanytimesthesemodulesoverwriteexistingfileswithnewversionsdesignedtosupportthatapplication.TheproblemwiththistypeofsoftwaredesignisthatinstallinganewversionofaparticularDLLmayaffectotherapplicationsalreadyinstalledinthesystemthatareusingtheDLL.
Thewaytoavoidproblemsstemmingfromthistypeofversionconflictistoassembleagroupofapplicationsthatsuppliestheusers’needsandthentesttheapplicationsthoroughlytogether.Onceyouhavedeterminedthattheapplicationsarecompatible,youinstallthemonyourworkstationsandpreventusersfrominstallingothersoftwarethatcanintroduceincompatibleelements.Restrictingtheworkstationsoftwarealsopreventsusersfrominstallingnonproductiveapplications,suchasgames,thatcanoccupylargeamountsoftime,diskspace,andevennetworkbandwidth.
NOTEThiskindoftestingcantakealotoftime.AnotherpotentialsourceofunauthorizedsoftwareistheInternet.Ifyouaregoingto
provideyouruserswithaccesstoservicessuchastheWeb,youmaywanttotakestepstopreventthemfrominstallingdownloadedsoftware.Onewayofdoingthis,andofpreventingallunauthorizedsoftwareinstallations,istousesystempoliciesthatpreventusersfromrunningthesetupprogramneededtoinstallthesoftware.Someofthepoliciesthatcanhelpyoudothisareasfollows:
•RemoveRunCommandfromStartmenuPreventstheuserfromlaunchingapplicationinstallationprogramsbypreventingaccesstotheRundialogbox.
•RunOnlyAllowedWindowsApplicationsEnablestheadministratortospecifyalistofexecutablefilesthataretheonlyprogramstheuserispermittedtoexecute.Whenusingthispolicy,besuretoincludeexecutablesthatareneededfornormalWindowsoperation,suchasSystray.exeandExplorer.exe.
LockingDowntheInterfaceTherearemanyelementsoftheWindowsinterfacethatunsophisticatedusersdonotneedtoaccess,andsuppressingtheseelementscanprevent
![Page 566: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/566.jpg)
themorecurioususersfromexploringthingstheydon’tunderstandandpossiblydamagingthesystem.Someofthepoliciesyoucanusetodothisareasfollows:
•RemoveFoldersfromSettingsonStartmenuSuppressestheappearanceoftheControlPanelandPrintersfoldersintheStartmenu’sSettingsfolder.ThispolicydoesnotpreventusersfromaccessingtheControlPanelinotherways,butitmakestheuserfarlesslikelytoexploreitoutofidlecuriosity.YoucanalsosuppressspecificControlPaneliconsonWindowssystemsusingpoliciessuchasthefollowing:
•RestrictNetworkControlPanel
•RestrictPrinterSettings
•RestrictPasswordsControlPanel
•RestrictSystemControlPanel
•RemoveTaskbarfromSettingsonStartmenuPreventsusersfrommodifyingtheStartmenuandtaskbarconfigurationsettings.
•RemoveRunCommandfromStartmenuPreventsusersfromlaunchingprogramsorexecutingcommandsusingtheRundialogbox.ThispolicyalsoprovidesuserswithadditionalinsulationfromelementssuchastheControlPanelandthecommandprompt,bothofwhichcanbeaccessedwithRuncommands.
•HideAllItemsonDesktopSuppressesthedisplayofalliconsontheWindowsdesktop.IfyouwantyouruserstorelyontheStartmenutolaunchprograms,youcanusethispolicytoremovethedistractionofthedesktopicons.
•DisableRegistryEditingToolsDirectaccesstotheWindowsregistryshouldbelimitedtopeoplewhoknowwhatthey’redoing.Thispolicypreventsusersfromrunningtheregistry-editingtoolsincludedwiththeoperatingsystem.
•DisableContextMenusfortheTaskbarPreventsthesystemfromdisplayingacontextmenuwhenyouclickthesecondarymousebuttononataskbaricon.
Youcanalsousesystempoliciestosecurethecosmeticelementsoftheinterface,preventingusersfromwastingtimeadjustingthescreencolorsanddesktopwallpaper.Inaddition,youcanconfiguretheseitemsyourselftocreateastandardizeddesktopforallofyournetwork’sworkstations.
Asanalternativetouserprofiles,systempoliciesenableyoutoconfigurewithgreaterprecisiontheshortcutsfoundontheWindowsdesktopandintheStartmenu.Insteadofaccessinganentireuserprofileasawhole,youcanspecifythelocationsofindividualshortcutdirectoriesforvariouselementsoftheinterface.
ProtectingtheFileSystemLimitingaccesstothefilesystemisanotherwayofprotectingyourworkstationsagainstusertampering.Ifyoupreconfiguretheoperatingsystemandapplicationsonyournetworkworkstationsandforceyouruserstostoreallofthedatafilesonserverdrives,thereisnocompellingreasonwhyusersshouldhavedirectaccesstothelocalfilesystem.Byblockingthisaccesswithsystempolicies,youcan
![Page 567: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/567.jpg)
preventusersfrommoving,modifying,ordeletingfilesthatarecrucialtotheoperationoftheworkstation.Youcanlimitusers’accesstothenetworkalso,usingpoliciessuchasthefollowing:
•HideDrivesinMyComputerSuppressesthedisplayofalldrivelettersintheMyComputerwindow,includingbothlocalandnetworkdrives.
•HideNetworkNeighborhoodSuppressesthedisplayoftheNetworkNeighborhoodiconontheWindowsdesktopanddisablesUNCconnectivity.Forexample,whenthispolicyisenabled,userscan’taccessnetworkdrivesbyopeningawindowwithaUNCnameintheRundialogbox.
•NoEntireNetworkinNetworkNeighborhoodSuppressestheEntireNetworkiconintheNetworkNeighborhoodwindow,preventingusersfrombrowsingnetworkresourcesoutsidethedomainorworkgroup.
•NoWorkgroupContentsinNetworkNeighborhoodSuppressestheiconsrepresentingthesystemsinthecurrentdomainorworkgroupintheNetworkNeighborhoodwindow.
•RemoveFindCommandfromStartMenuSuppressestheFindcommand,preventingusersfromaccessingdrivesthatmayberestrictedinotherways.If,forexample,youusetheHiddenattributetoprotectthelocalfilesystem,theFindcommandcanstillsearchthelocaldriveanddisplaythehiddenfiles.
Lockingdownthefilesystemisadrasticstep,onethatyoushouldconsiderandplanforcarefully.Onlycertaintypesofuserswillbenefitfromthisrestrictedaccess,andothersmayseverelyresentit.Inadditiontosystempolicies,youshouldbepreparedtousefilesystempermissionsandattributestopreventspecifictypesofuseraccess.
Aboveall,youmustmakesurethatthesystempoliciesyouusetorestrictaccesstoyourworkstationsdonotinhibitthefunctionalityyourusersneedtoperformtheirjobsandthatthefeaturesyouplantorestrictarenotaccessiblebyothermethods.Forexample,youmightpreventaccesstotheControlPanelbyremovingthefolderfromtheSettingsgroupintheStartmenu,butuserswillstillbeabletoaccessitfromtheMyComputerwindowortheRundialogbox,unlessyourestrictaccesstothoseaswell.
DeployingSystemPoliciesTheuseofsystempoliciesbyaWindowscomputerisitselfcontrolledbyapolicycalledRemoteUpdate,whichisapplicabletoalloftheWindowsoperatingsystems.Thispolicyhasthreepossiblesettings:
•OffThesystemdoesnotusesystempoliciesatall.
•AutomaticThesystemcheckstherootdirectoryoftheNetlogonshareontheauthenticatingdomaincontrollerforapolicyfilecalledNtconfig.polorConfig.pol.
•ManualThesystemchecksforapolicyfileinadirectoryspecifiedasthevalueofanotherpolicycalledPathforManualUpdate.
UsingtheRemoteUpdatepolicy,youcanconfigureyoursystemstoaccesspolicy
![Page 568: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/568.jpg)
filesfromthedefaultlocationorfromanylocationyouname.Forworkstationstohaveaccesstothepolicyfilesatalltimes,itisagoodideatoreplicatethemtoallofyourdomaincontrollers,eithermanuallyorautomatically,justlikeyoucandowithuserprofiles.
![Page 569: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/569.jpg)
CHAPTER
![Page 570: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/570.jpg)
26 NetworkManagementandTroubleshootingTools
Nomatterhowwelldesignedandwellconstructedyournetworkis,therearegoingtobetimeswhenitdoesnotfunctionproperly.Partofthejobofanetworkadministratoristomonitortheday-to-dayperformanceofthenetworkandcopewithanyproblemsthatarise.Todothis,youmusthavetheappropriatetools.InChapter2,youlearnedaboutthesevenlayersofthenetworkingstackasdefinedintheOpenSystemsInterconnection(OSI)referencemodel.Breakdownscanoccuratvirtuallyanylayer,andthetoolsusedtodiagnoseproblemsatthevariouslayersarequitedifferent.Knowingwhatresourcesareavailabletoyouisalargepartofthetroubleshootingbattle;knowinghowtousethemproperlyisanotherlargepart.
OperatingSystemUtilitiesManyadministratorsareunawareofthenetworktroubleshootingcapabilitiesthatarebuiltintotheirstandardoperatingsystems,andasaresult,theysometimesspendmoneyneedlesslyonthird-partyproductsandoutsideconsultants.Thefollowingsectionsexaminesomeofthenetworktroubleshootingtoolsthatareprovidedwiththeoperatingsystemscommonlyusedontoday’snetworks.
WindowsUtilitiesTheWindowsoperatingsystemsincludeavarietyoftoolsthatyoucanusetomanageandtroubleshootnetworkconnections.MostofthesetoolsareincludedinvariousWindowspackages,althoughtheymaytakeslightlydifferentforms.Tolearnmoreabouteachutility,typeitsnamefollowedbyaspaceandthen/?.
NOTEWhileCommandPromptcommandslooksimilartooldMS-DOScommands,theyarenotDOScommandsbecausethecurrentWindowsconfigurationsdonotcontainMS-DOS.
AccessingtheCommandPromptinWindows7ThesetoolsareexercisedattheCommandPromptline.InWindows7,thereareseveralwaystoaccesstheCommandPrompt:
•ChooseStart|AllPrograms|Accessories|CommandPrompt,asshowninFigure26-1.
![Page 571: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/571.jpg)
Figure26-1CommandPromptintheAccessoriesfolder
•Typecmd.exeintheStartsearchbox.
•TypecommandintheStartsearchboxandselectCommandPromptfromtheresultingmenu.
AccessingtheCommandPromptinWindows8.1YoucanquicklyaccesstheCommandPromptinWindows8.1inthefollowingways:
•HolddowntheWindowskeyandpressR.ThisopenstheRundialogbox.TypecmdandclickOK(orEnter),asshowninFigure26-2.
Figure26-2UsetheRundialogboxinWindows8.1.
•HolddowntheWindowskeyandpressX(orright-clicktheStartbutton)toopenthePowerUsermenu.ChooseCommandPrompt,asshowninFigure26-3.
![Page 572: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/572.jpg)
Figure26-3FindCommandPromptonthePowerUsermenu.
•FromtheAppsscreen,onatouchscreen,swipetotherighttofindtheWindowsSystemsection.ClickCommandPrompt.Whenusingamouse,dragyourmousefromtherightsideofthescreen.
Net.exeTheNETcommandistheprimarycommand-linecontrolfortheWindowsnetworkclient.YoucanuseNETtoperformmanyofthesamenetworkingfunctionsthatyoucanperformwithgraphicalutilities,suchasWindowsExplorerinWindows7orFileExplorerinWindows8.BecauseNETisacommand-lineutility,youcanincludethecommandsin
![Page 573: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/573.jpg)
logonscriptsandbatchfiles.Forexample,youcanusethiscommandtologonandoffofthenetwork,mapdriveletterstospecificnetworkshares,startandstopservices,andlocatesharedresourcesonthenetwork.
Tousetheprogram,youexecutethefilefromthecommandlinewithasubcommand,whichmaytakeadditionalparameters.ThesesubcommandsandtheirfunctionsarelistedinTable26-1,withsomeofthekeyfunctionsbeingexaminedinthefollowingsections.ThesubcommandsdisplaywhenyoutypeNETintheCommandPromptdialog,asshowninFigure26-4.
Table26-1WindowsNETSubcommands
![Page 574: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/574.jpg)
Figure26-4NETsubcommands
TCP/IPUtilitiesTransmissionControlProtocol/InternetProtocol(TCP/IP)hasbecomethemostcommonlyusedprotocolsuiteinthenetworkingindustry,andmanynetworkadministrationandtroubleshootingtasksinvolveworkingwithvariouselementsoftheseprotocols.BecausevirtuallyeverycomputingplatformsupportsTCP/IP,anumberofbasictoolshavebeenportedtomanydifferentoperatingsystems,someofwhichhavealsobeenadaptedtospecificneeds.Thefollowingsectionsexaminesomeofthesetoolsbutdosomorefromtheperspectiveoftheirbasicfunctionalityandusefulnesstothenetworkadministratorthanfromtheoperationalelementsofspecificimplementations.
PingPingisunquestionablythemostcommonTCP/IPdiagnostictoolandisincludedinvirtuallyeveryimplementationoftheTCP/IPprotocols.Inmostcases,Pingisacommand-lineutility,althoughsomegraphicalormenu-drivenversionsareavailablethatuseadifferentinterfacetoperformthesametasks.ThebasicfunctionofPingistosendamessagetoanotherTCP/IPsystemonthenetworktodeterminewhethertheprotocolstackuptothenetworklayerisfunctioningproperly.BecausetheTCP/IPprotocolsfunctioninthesamewayonallsystems,youcanusePingtotesttheconnectionbetweenanytwocomputers,regardlessofprocessorplatformoroperatingsystem.
PingworksbytransmittingaseriesofEchoRequestmessagestoaspecificIPaddressusingtheInternetControlMessageProtocol(ICMP).WhenthecomputerusingthatIPaddressreceivesthemessages,itgeneratesanEchoReplyinresponsetoeachEchoRequestandtransmitsitbacktothesender.ICMPisaTCP/IPprotocolthatusesseveraldozenmessagetypestoperformvariousdiagnosticanderror-reportingfunctions.ICMPmessagesarecarrieddirectlywithinIPdatagrams.Notransportlayerprotocolisinvolved,soasuccessfulPingtestindicatesthattheprotocolstackisfunctioningproperlyfromthenetworklayerdown.IfthesendingsystemreceivesnorepliestoitsEchoRequests,somethingiswrongwitheitherthesendingorreceivingsystemorthenetworkconnectionbetweenthem.
WhenPingisimplementedasacommand-lineutility,youusethefollowingsyntaxtoperformaPingtest:PINGdestination
wherethedestinationvariableisreplacedbythenameoraddressofanothersystemonthe
![Page 575: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/575.jpg)
network.ThedestinationsystemcanbeidentifiedbyitsIPaddressorbyaname,assumingthatanappropriatemechanismisinplaceforresolvingthenameintoanIPaddress.Thismeansyoucanuseahostnameforthedestination,aslongasyouhaveaDNSserverorHOSTSfiletoresolvethename.OnWindowsnetworks,youcanalsouseNetBIOSnames,alongwithanyofthestandardmechanismsforresolvingthem,suchasWINSservers,broadcasttransmissions,oranLMHOSTSfile.
ThescreenoutputproducedbyapingcommandonaWindowssystemlookslikeFigure26-5.
Figure26-5ResultofusingthepingcommandinaWindows7system
TheprogramdisplaysaresultlineforeachofthefourEchoRequestmessagesitsendsbydefault,specifyingtheIPaddressoftherecipient,thenumberofbytesofdatatransmittedineachmessage,theamountoftimeelapsedbetweenthetransmissionoftherequestandthereceiptofthereply,andthetargetsystem’stimetolive(TTL).TheTTListhenumberofroutersthatapacketcanpassthroughbeforeitisdiscarded.
Pinghasotherdiagnosticusesapartfromsimplydeterminingwhetherasystemisupandrunning.IfyoucansuccessfullypingasystemusingitsIPaddressbutpingssenttothesystem’snamefail,youknowthatamalfunctionisoccurringinthenameresolutionprocess.Whenyou’retryingtocontactanInternetsite,thisindicatesthatthereisaproblemwitheitheryourworkstation’sDNSserverconfigurationortheDNSserveritself.IfyoucanpingsystemsonthelocalnetworksuccessfullybutnotsystemsontheInternet,youknowthereisaproblemwitheitheryourworkstation’sDefaultGatewaysettingortheconnectiontotheInternet.
NOTESendingapingcommandtoasystem’sloopbackaddress(127.0.0.1)teststheoperabilityoftheTCP/IPprotocolstack,butitisnotanadequatetestofthenetworkinterfacebecausetrafficsenttotheloopbackaddresstravelsdowntheprotocolstackonlyasfarasthenetworktransportlayerandisredirectedbackupwithouteverleavingthecomputerthroughthenetworkinterface.
![Page 576: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/576.jpg)
InmostPingimplementations,youcanuseadditionalcommand-lineparameterstomodifythesizeandnumberoftheEchoRequestmessagestransmittedbyasinglepingcommand,aswellasotheroperationalcharacteristics.IntheWindowsPing.exeprogram,forexample,theparametersareasfollows:ping[-t][-a][-ncount][-lsize][-f][-iTTL][-vTOS][-rcount][-s
count][[-jhost-list]|[-khost-list]][-wtimeout]destination
•-tPingsthespecifieddestinationuntilstoppedbytheuser(withCTRL-C)
•-aResolvesdestinationIPaddressestohostnames
•-ncountSpecifiesthenumberofEchoRequeststosend
•-lsizeSpecifiesthesizeoftheEchoRequestmessagestosend
•-fSetstheIPDon’tFragmentflagineachEchoRequestpacket
•-iTTLSpecifiestheIPTTLvaluefortheEchoRequestpackets
•-vTOSSpecifiestheIPTypeofService(TOS)valuefortheEchoRequestpackets
•-rcountRecordstheIPaddressesoftheroutersforthespecifiednumberofhops
•-scountRecordsthetimestampfromtheroutersforthespecifiednumberofhops
•-jhost-listSpecifiesapartiallistofroutersthatthepacketsshoulduse
•-khost-listSpecifiesacompletelistofroutersthatthepacketsshoulduse
•-wtimeoutSpecifiesthetime(inmilliseconds)thatthesystemshouldwaitforeachreply
Therearemanydifferentapplicationsfortheseparametersthatcanhelpyoumanageyournetworkandtroubleshootproblems.Forexample,bycreatinglarger-than-normalEchoRequestsandsendinglargenumbersofthem(orsendingthemcontinuously),youcansimulateusertrafficonyournetworktotestitsabilitytostandupunderheavyuse.Youcanalsocomparetheperformanceofvariousroutesthroughyournetwork(orthroughtheInternet)byspecifyingtheIPaddressesoftheroutersthattheEchoRequestpacketsmustusetoreachtheirdestinations.The-jparameterprovidesloosesourcerouting,inwhichthepacketsmustusetherouterswhoseIPaddressesyouspecifybutcanuseotherroutersalso.The-kparameterprovidesstrictsourcerouting,inwhichyoumustspecifytheaddressofeveryrouterthatpacketswillusetoreachtheirdestination.
PathpingCombiningthefeaturesofbothTracertandPing,Pathping,designedfornetworkswithmorethanonerouterbetweenhosts,sendsaseriesofpacketstoeachrouteralongtheroutetothehost.AnypacketlossatanylinkalongtherouteispinpointedbyPathping.
TracerouteorTracertTracerouteisanotherutilitythatisusuallyimplementedasacommand-lineprogramand
![Page 577: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/577.jpg)
includedinmostTCP/IPprotocolstacks,althoughitsometimesgoesbyadifferentname.OnMac,Linux,orUnixsystems,thecommandiscalledtraceroute,butWindowsimplementsthesamefunctionsinaprogramcalledTracert.exe.ThefunctionofthistoolistodisplaytheroutethatIPpacketsaretakingtoreachaparticulardestinationsystem.
EachoftheentriesinatracerepresentsarouterthatprocessedthepacketsgeneratedbytheTracerouteprogramonthewaytotheirdestination.Ineachentrytherearethreenumericalfiguresthatspecifytheround-triptimetothatrouter,inmilliseconds,followedbytheDNSnameandIPaddressoftherouter.Inatracetoanoverseasdestination,theround-triptimesarerelativelyhighandcanprovideyouwithinformationaboutthebackbonenetworksyourISPusesandthegeographicalpaththatyourtraffictakes.Forexample,whenyourunatracetoadestinationsystemonanothercontinent,youcansometimestellwhenthepathcrossesanoceanbyasuddenincreaseintheround-triptimes.Onaprivatenetwork,youcanuseTraceroutetodeterminethepaththroughyourroutersthatlocaltraffictypicallytakes,enablingyoutogetanideaofhowtrafficisdistributedaroundyournetwork.
MostTracerouteimplementationsworkbytransmittingthesametypeofICMPEchoRequestmessagesusedbyPing,whileothersuseUDPpacketsbydefault.TheonlydifferenceinthemessagesthemselvesisthattheTracerouteprogrammodifiestheTTLfieldforeachsequenceofthreepackets.TheTTLfieldisaprotectivemechanismthatpreventsIPpacketsfromcirculatingendlesslyaroundanetwork.EachrouterthatprocessesapacketdecrementstheTTLvaluebyone.IftheTTLvalueofapacketreacheszero,therouterdiscardsitandreturnsanICMPTimetoLiveExceededinTransiterrormessagetothesystemthatoriginallytransmittedit.
InthefirstTraceroutesequence,thepacketshaveaTTLvalueof1,sothatthefirstrouterreceivingthepacketsdiscardsthemandreturnserrormessagesbacktothesource.Bycalculatingtheintervalbetweenamessage’stransmissionandthearrivaloftheassociatederror,Traceroutegeneratestheround-triptimeandthenusesthesourceIPaddressintheerrormessagetoidentifytherouter.Inthesecondsequenceofmessages,theTTLvalueis2,sothepacketsreachthesecondrouterintheirjourneybeforebeingdiscarded.ThethirdsequenceofpacketshasaTTLvalueof3,andsoon,untilthemessagesreachthedestinationsystem.
ItisimportanttounderstandthatalthoughTraceroutecanbeausefultool,acertainamountofimprecisionisinherentintheinformationitprovides.Justbecauseapackettransmittedrightnowtakesacertainpathtoadestinationdoesnotmeanthatapackettransmittedaminutefromnowtothatsamedestinationwilltakethatsamepath.Networks(andespeciallythoseontheInternet)aremutable,androutersaredesignedtocompensateautomaticallyforthechangesthatoccur.TheroutetakenbyTraceroutepacketstotheirdestinationcanchange,eveninthemidstofatrace,soitisentirelypossibleforthesequenceofroutersdisplayedbytheprogramtobeacompositeoftwoormoredifferentpathstothedestinationbecauseofchangesthatoccurredinmidstream.Onaprivatenetwork,thisislesslikelytobethecase,butitisstillpossible.
RouteTheroutingtableisavitalpartofthenetworkingstackonanyTCP/IPsystem,eventhose
![Page 578: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/578.jpg)
thatdonotfunctionasrouters.Thesystemusestheroutingtabletodeterminewhereitshouldtransmiteachpacket.TheRoute.exeprograminWindowsandtheroutecommandincludedwithmostotherversionsenableyoutoviewtheroutingtableandaddordeleteentriestoit.ThesyntaxfortheWindowsRoute.exeprogramisasfollows:ROUTE[-f][-p][command[destination][MASKnetmask][gateway][METRIC
metric][IFinterface]]
Thecommandvariabletakesoneofthefollowingfourvalues:
•PRINTDisplaysthecontentsoftheroutingtable
•ADDCreatesanewentryintheroutingtable
•DELETEDeletesanentryfromtheroutingtable
•CHANGEModifiestheparametersofaroutingtableentry
TheotherparametersusedontheRoute.execommandlineareasfollows:
•–fDeletesalloftheentriesfromtheroutingtable
•–pCreatesapermanententryintheroutingtable(calledapersistentroute)whenusedwiththeADDcommand
•destinationSpecifiesthenetworkorhostaddressoftheroutingtableentrybeingadded,deleted,orchanged
•MASKnetmaskSpecifiesthesubnetmaskassociatedwiththeaddressspecifiedbythedestinationvariable
•gatewaySpecifiestheaddressoftherouterusedtoaccessthehostornetworkaddressspecifiedbythedestinationvariable
•METRICmetricIndicatestherelativeefficiencyoftheroutingtableentry
•IFinterfaceSpecifiestheaddressofthenetworkinterfaceadapterusedtoreachtherouterspecifiedbythegatewayvariable
NetstatNetstatisacommand-lineutilitythatdisplaysnetworktrafficstatisticsforthevariousTCP/IPprotocolsand,dependingontheplatform,maydisplayotherinformationaswell.NearlyalloperatingsystemssupportNetstat.Thecommand-lineparametersforNetstatcanvaryindifferentimplementations,butoneofthemostbasiconesisthe-sparameter,whichdisplaysthestatisticsforeachofthemajorTCP/IPprotocols,asshowninFigure26-6.
![Page 579: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/579.jpg)
Figure26-6NetstatcreatesadisplayofIPstatistics.
Apartfromthetotalnumberofpacketstransmittedandreceivedbyeachprotocol,NetstatprovidesvaluableinformationabouterrorconditionsandotherprocessesthatcanhelpyoutroubleshootnetworkcommunicationproblemsatvariouslayersoftheOSImodel.TheWindowsversionofNetstatalsocandisplayEthernetstatistics(usingthe-eparameter),whichcanhelptoisolatenetworkhardwareproblems.
Whenexecutedwiththe-aparameter,NetstatdisplaysinformationabouttheTCP
![Page 580: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/580.jpg)
connectionscurrentlyactiveonthecomputerandtheUDPservicesthatarelisteningforinput.TheStatecolumnindicateswhetheraconnectioniscurrentlyestablishedoraprogramislisteningonaparticularportformessagesfromothercomputers,waitingtoestablishanewconnection.
NslookupNslookupisautilitythatenablesyoutosendqueriesdirectlytoaparticularDNSserverinordertoresolvenamesintoIPaddressesorrequestotherinformation.Unlikeothernameresolutionmethods,suchasusingPing,NslookupletsyouspecifywhichserveryouwanttoreceiveyourcommandssothatyoucandeterminewhetheraDNSserverisfunctioningproperlyandwhetheritissupplyingthecorrectinformation.OriginallydesignedforUnixsystems,anNslookupprogramisavailableonMac,Linux,andWindowssystems.Nslookupcanrunineitherinteractiveornoninteractivemode.Totransmitasinglequery,youcanusenoninteractivemode,usingthefollowingsyntaxfromthecommandprompt:Nslookuphostnamenameserver
ReplacethehostnamevariablewiththeDNSnameorIPaddressthatyouwanttoresolve,andreplacethenameservervariablewiththenameoraddressoftheDNSserverthatyouwanttoreceivethequery.Ifyouomitthenameservervalue,theprogramusesthesystem’sdefaultDNSserver.
TorunNslookupininteractivemode,youexecutetheprogramfromthecommandpromptwithnoparameters(tousethedefaultDNSserver)orwithahypheninplaceofthehostnamevariable,followedbytheDNSservername,asfollows:Nslookup–nameserver
Theprogramproducesapromptintheformofananglebracket(>),atwhichyoucantypethenamesoraddressesyouwanttoresolve,aswellasalargenumberofcommandsthataltertheparametersthatNslookupusestoquerythenameserver.Youcandisplaythelistofcommandsbytypinghelpattheprompt.Toexittheprogram,pressCTRL-C.
IpconfigTheIpconfigprogramisasimpleutilityfordisplayingasystem’sTCP/IPconfigurationparameters.ThisisparticularlyusefulwhenyouareusingDynamicHostConfigurationProtocol(DHCP)serverstoautomaticallyconfigureTCP/IPclientsonyournetworkbecausethereisnoothersimplewayforuserstoseewhatsettingshavebeenassignedtotheirworkstations.Nearlyallsystemsincludetheipconfigcommand(derivedfrominterfaceconfiguration).
NetworkAnalyzersAnetworkanalyzer,sometimescalledaprotocolanalyzer,isadevicethatcapturesthetraffictransmittedoveranetworkandanalyzesitspropertiesinanumberofdifferentways.Theprimaryfunctionoftheanalyzeristodecodeanddisplaythecontentsofthepacketscapturedfromyournetwork.Foreachpacket,thesoftwaredisplaystheinformationfoundineachfieldofeachprotocolheader,aswellastheoriginalapplicationdatacarriedinthepayloadofthepacket.Analyzersoftencanprovidestatisticsaboutthe
![Page 581: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/581.jpg)
trafficcarriedbythenetworkaswell,suchasthenumberofpacketsthatuseaparticularprotocolandtheamountoftrafficgeneratedbyeachsystemonthenetwork.Anetworkanalyzerisalsoanexcellentlearningtool.Thereisnobetterwaytoacquaintyourselfwithnetworkingprotocolsandtheirfunctionsthanbyseeingtheminaction.
Thereisawidevarietyofnetworkanalyzerproducts,rangingfromself-containedhardwaredevicescostingthousandsofdollarstosoftware-onlyproductsthatarerelativelyinexpensiveorfree.
Anetworkanalyzerisessentiallyasoftwareapplicationrunningonacomputerwithanetworkinterface.Thisiswhyproductscaneitherincludehardwareortaketheformofsoftwareonly.AtravelingnetworkconsultantmighthaveaportablecomputerwithcomprehensivenetworkanalyzersoftwareandavarietyofNICstosupportthedifferentnetworksatvarioussites,whileanadministratorsupportingaprivatenetworkmightbebetterservedbyalessexpensivesoftware-basedanalyzerthatsupportsonlythetypeofnetworkrunningatthatsite.
AnetworkanalyzertypicallyworksbyswitchingtheNICinthecomputeronwhichitrunsintopromiscuousmode.Normally,aNICexaminesthedestinationaddressinthedatalinklayerprotocolheaderofeachpacketarrivingatthecomputer,andifthepacketisnotaddressedtothatcomputer,theNICdiscardsit.ThispreventstheCPUinthesystemfromhavingtoprocessthousandsofextraneouspackets.WhentheNICisswitchedintopromiscuousmode,however,itacceptsallofthepacketsarrivingoverthenetwork,regardlessoftheiraddresses,andpassesthemtothenetworkanalyzersoftwareforprocessing.Thisenablesthesystemtoanalyzenotonlythetrafficgeneratedbyanddestinedforthesystemonwhichthesoftwareisrunning,butalsothetrafficexchangedbyothersystemsonthenetwork.
Oncetheapplicationcapturesthetrafficfromthenetwork,itstorestheentirepacketsinabufferfromwhichitcanaccessthemlaterduringtheanalysis.Dependingonthesizeofyournetworkandtheamountoftrafficitcarries,thiscanbeanenormousamountofdata,soyoucanusuallyspecifythesizeofthebuffertocontroltheamountofdatacaptured.Youcanalsoapplyfilterstolimitthetypesofdatatheanalyzercaptures.
FilteringDataBecauseofthesheeramountofdatatransmittedovermostnetworks,controllingtheamountofdatacapturedandprocessedbyanetworkanalyzerisanimportantpartofusingtheproduct.Youexercisethiscontrolbyapplyingfilterseitherduringthecaptureprocessorafterward.Whenyoucapturerawnetworkdata,theresultscanbebewilderingbecauseallthepacketsgeneratedbythevariousapplicationsonmanynetworksystemsaremixedtogetherinachronologicaldisplay.Tohelpmakemoresenseoutofthevastamountofdataavailable,youcanapplyfiltersthatcausetheprogramtodisplayonlythedatayouneedtosee.
Twotypesoffiltersareprovidedbymostnetworkanalyzers:
•CapturefiltersLimitthepacketsthattheanalyzerreadsintoitsbuffers
•DisplayfiltersLimitthecapturedpacketsthatappearinthedisplay
![Page 582: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/582.jpg)
Usually,bothtypesoffiltersfunctioninthesameway;theonlydifferenceisinwhentheyareapplied.Youcanchoosetofilterthepacketsastheyarebeingreadintotheanalyzer’sbuffersorcaptureallofthedataonthenetworkandusefilterstolimitthedisplayofthatdata(orboth).
Youcanfilterthedatainanetworkanalyzerinseveraldifferentways,dependingonwhatyou’retryingtolearnaboutyournetwork.Ifyou’reconcernedwiththeperformanceofaspecificcomputer,forexample,youcancreateafilterthatcapturesonlythepacketsgeneratedbythatmachine,thepacketsdestinedforthatmachine,orboth.Youcanalsocreatefiltersbasedontheprotocolsusedinthepackets,makingitpossibletocaptureonlytheDNStrafficonyournetwork,forexample,oronpatternmatches,enablingyoutocaptureonlypacketscontainingaspecificASCIIorhexadecimalstring.Bycombiningthesecapabilities,usingBooleanoperatorssuchasANDandOR,youcancreatehighlyspecificfiltersthatdisplayonlytheexactinformationyouneed.
AgentsHardware-basednetworkanalyzersareportableanddesignedtoconnecttoanetworkatanypoint.Software-basedproductsarenotasportableandoftenincludeamechanism(sometimescalledanagent)thatenablesyoutocapturenetworktrafficusingtheNICinadifferentcomputer.Usingagents,youcaninstalltheanalyzerproductononemachineanduseittosupportyourentirenetwork.Theagentisusuallyadriverorservicethatrunsonaworkstationelsewhereonthenetwork.Previously,manyversionsofWindowsincludedtheWindowsNetworkMonitor,autilitythatprovidedremotecapturecapabilities.Thisapplicationwasforcapturingallthetrafficonyournetwork.
In2012,MicrosoftreleasedtheNetworkMessageAnalyzer,advertisedas“muchmorethananetworksnifferorpackettracingtool.”Thisutility,afreedownload,allowsyoutocapture,display,andanalyzemessageandtrafficonyourWindowsnetwork.
Whenyourunanetworkanalyzeronasystemwithasinglenetworkinterface,theapplicationcapturesthedataarrivingoverthatinterfacebydefault.Ifthesystemhasmorethanoneinterface,youcanselecttheinterfacefromwhichyouwanttocapturedata.Whentheanalyzeriscapableofusingagents,youcanusethesamedialogboxtospecifythenameoraddressofanothercomputeronwhichtheagentisrunning.Theapplicationthenconnectstothatcomputer,usesitsNICtocapturenetworktraffic,andtransmitsittothebuffersinthesystemrunningtheanalyzer.Whenyouuseanagentonanothernetworksegment,however,it’simportanttobeawarethatthetransmissionsfromtheagenttotheanalyzerthemselvesgenerateasignificantamountoftraffic.
TrafficAnalysisSomenetworkanalyzerscandisplaystatisticsaboutthetrafficonthenetworkwhileitisbeingcaptured,suchasthenumberofpacketspersecond,brokendownbyworkstationorprotocol.Dependingontheproduct,youmayalsobeabletodisplaythesestatisticsingraphicalform.Youcanusethisinformationtodeterminehowmuchtrafficeachnetworksystemoreachprotocolisgenerating.
Usingthesecapabilities,youcandeterminehowmuchofyournetworkbandwidthis
![Page 583: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/583.jpg)
beingutilizedbyspecificapplicationsorspecificusers.If,forexample,younoticethatuserJohnDoe’sworkstationisgeneratingadisproportionateamountofHTTPtraffic,youmightconcludethatheisspendingtoomuchcompanytimesurfingtheWebwhenheshouldbedoingotherthings.Withcarefulapplicationofcapturefilters,youcanalsoconfigureanetworkanalyzertoalertyouofspecificconditionsonyournetwork.Someproductscangeneratealarmswhentrafficofaparticulartypereachescertainlevels,suchaswhenanEthernetnetworkexperiencestoomanycollisions.
Inadditiontocapturingpacketsfromthenetwork,someanalyzerscangeneratethem.Youcanusetheanalyzertosimulatetrafficconditionsatpreciselevels,toverifytheoperationalstatusofthenetwork,ortostress-testequipment.
ProtocolAnalysisOncetheanalyzerhasanetworktrafficsampleinitsbuffers,youcanexaminethepacketsingreatdetail.Inmostcases,thepacketscapturedduringasampleperiodaredisplayedchronologicallyinatablethatliststhemostimportantcharacteristicsofeachone,suchastheaddressesofthesourceanddestinationsystemsandtheprimaryprotocolusedtocreatethepacket.Whenyouselectapacketfromthelist,youseeadditionalpanesthatdisplaythecontentsoftheprotocolheadersandthepacketdata,usuallyinbothrawanddecodedforms.
Thefirstapplicationforatoolofthistypeisthatyoucanseewhatkindsoftrafficarepresentonyournetwork.If,forexample,youhaveanetworkthatusesWANlinksthatareslowerandmoreexpensivethantheLANs,youcanuseananalyzertocapturethetrafficpassingoverthelinkstomakesurethattheirbandwidthisnotbeingsquanderedonunnecessarycommunications.
Oneofthefeaturesthatdifferentiateshigh-endnetworkanalyzerproductsfromthemorebasiconesistheprotocolsthattheprogramsupports.Tocorrectlydecodeapacket,theanalyzermustsupportalltheprotocolsusedtocreatethatpacketatalllayersoftheOSIreferencemodel.Forexample,abasicanalyzerwillsupportEthernetandpossiblyTokenRingatthedatalinklayer,butifyouhaveanetworkthatusesFDDIorATM,youmayhavetobuyamoreelaborateandexpensiveproduct.Thesameistrueattheupperlayers.VirtuallyallanalyzerssupporttheTCP/IPprotocols,andmanyalsosupportIPXandNetBEUI,butbesurebeforeyoumakeapurchasethattheproductyouselectsupportsalltheprotocolsyouuse.Youshouldalsoconsidertheneedforupgradestosupportfutureprotocolmodifications,suchasIPv6.
Bydecodingapacket,theanalyzerisabletointerpretthefunctionofeachbitanddisplaythevariousprotocolheadersinauser-friendly,hierarchicalformat.Theanalyzerhasdecodedtheprotocolheaders,andthedisplayindicatesthattheHTTPdataiscarriedinaTCPsegment,whichinturniscarriedinanIPdatagram,whichinturniscarriedinanEthernetframe.Youcanexpandeachprotocoltoviewthecontentsofthefieldsinitsheader.
Anetworkanalyzerisapowerfultoolthatcanjustaseasilybeusedforillicitpurposesasfornetworktroubleshootingandsupport.Whentheprogramdecodesapacket,itdisplaysallofitscontents,includingwhatmaybesensitiveinformation.TheFTP
![Page 584: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/584.jpg)
protocol,forexample,transmitsuserpasswordsincleartextthatiseasilyvisibleinanetworkanalyzerwhenthepacketsarecaptured.Anunauthorizeduserrunningananalyzercaninterceptadministrativepasswordsandgainaccesstoprotectedservers.ThisisonereasonwhytheversionofNetworkMonitorincludedwithWindows2000andNTislimitedtocapturingthetrafficsenttoandfromthelocalsystem.
CableTestersNetworkanalyzerscanhelpyoudiagnosemanytypesofnetworkproblems,buttheyassumethatthephysicalnetworkitselfisfunctioningproperly.Whenthereisaproblemwiththecableinstallationthatformsthenetwork,adifferenttypeoftool,calledacabletester,isrequired.Cabletestersareusuallyhandhelddevicesthatyouconnecttoanetworkinordertoperformavarietyofdiagnostictestsonthesignal-conductingcapabilitiesofthenetworkcable.Asusual,thereisawiderangeofdevicestochoosefromthatvarygreatlyintheirpricesandcapabilities.Simpleunitsareavailableforafewhundreddollars,whiletop-of-the-linemodelscancostseveralthousanddollars.Somecombinationtesterscanconnecttovarioustypesofnetworkcables,suchasunshieldedtwisted-pair(UTP),shieldedtwisted-pair(STP),andcoaxial,whileotherscantestonlyasinglecabletype.Forcompletelydifferentsignalingtechnologies,suchasfiber-opticcable,youneedaseparatedevice.
Cabletestersareratedforspecificcablestandards,suchasCategory5,sothattheycandeterminewhetheracable’sperformanceiscompliantwiththatstandard.Thisiscalledcontinuitytesting.Duringacableinstallation,acompetenttechniciantestseachlinktoseewhetheritisfunctioningproperly,takingintoaccountproblemsthatcanbecausedbythequalityofthecableitselforbythenatureoftheinstallation.Forexample,agoodcabletestertestsforelectricalnoisecausedbyproximitytofluorescentlightsorotherelectricalequipment;crosstalkcausedbysignalstravelingoveranadjacentwire;attenuationcausedbyexcessivelylongcablesegmentsorimproperlyratedcable;andkinkedorstretchedcables,asindicatedbyspecificlevelsofcapacitance.
Inadditiontotestingtheviabilityofaninstallation,cabletestersaregoodfortroubleshootingcablingproblems.Forexample,atesterthatfunctionsasatime-delayreflectometercandetectbreaksorshortsinacablebytransmittingahigh-frequencysignalandmeasuringtheamountoftimeittakesforthesignaltoreflectbacktothesource.Usingthistechnique,youcandeterminethatacablehasabreakorotherfaultacertaindistanceawayfromthetester.Knowingthattheproblemis20feetaway,forexample,canpreventyoufromhavingtopokeyourheadupintotheceilingeveryfewfeettocheckthecablesrunningthroughthere.Sometesterscanalsohelpyoulocatetheroutethatacabletakesthroughwallsorceilings,usingatonegeneratorthatsendsastrongsignaloverthecablethatcanbedetectedbythetesterunitwhenitisnearby.
Allnetworkproblemscanbesolvedbyrecognizingthesignsofspecificsymptomsandtyingthosetotheactualfaultinasystem.Thespeedofisolatingandrepairingthediscrepancyisdependentonthetechnician’sknowledgeofthetoolsavailableandnetworkarchitecture.
![Page 585: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/585.jpg)
CHAPTER
![Page 586: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/586.jpg)
27 BackingUp
Oneoftheprimaryfunctionsofacomputernetworkistostore,manipulate,andsupplydata,andprotectingthatdataagainstdamageorlossisacrucialpartofthenetworkadministrator’sjobdescription.Harddiskdrivescontainmostoftherelativelyfewmovingpartsinvolvedinthenetworkdatastorageprocessandareconstructedtoincrediblytighttolerances.Asaresult,theycananddofailonoccasion,causingserviceinterruptionsanddataloss,andserverdrivesworkthehardestofall.Whenyouexaminetheinnerworkingsofaharddrive,youmayactuallywonderwhytheydon’tfailmoreoften.Inadditiontomechanicaldrivefailures,datalosscanoccurformanyothercauses,includingviruses,computertheft,naturaldisaster,orsimpleusererror.Toprotectthedatastoredonyournetwork,itisabsolutelyessentialthatyouperformregularbackupstoanalternativestoragemedium.
Whenbackingupinformationforonecomputer,youmayuseanexternalharddrive,aclouddestination,aCD/DVD,orevenaflashdrive.Manyindividualssimplycopyinformationfromtheirsmartphoneontotheircomputerandcallit“good.”Whilebackingupdataisanimportantmaintenancetaskforallcomputers,itisparticularlyvitalonanetwork,forseveralreasons.First,thedatatendstobemoreimportant;alossofcrucialdatacanbeacatastropheforabusinessthatresultsinlosttime,money,business,reputation,andinsomecasesevenlives.Second,networkdataisoftenmorevolatilethanthedataonastand-alonecomputerbecausemanydifferentusersmightaccessandmodifyitonaregularbasis.
Networkbackupsdifferfromstand-alonecomputerbackupsinfourmajorways:speed,capacity,automation,andprice.Abusinessnetworktypicallyhasdatastoredonmanydifferentcomputers,andthat,combinedwiththeever-increasingdrivecapacitiesintoday’scomputers,meansthatanetworkbackupsolutionmayhavetoprotectthousandsofterabytesofdata.Tobackupthismuchdata,backupdrivesthatarecapableofunprecedentedspeedsarerequired.
Thebigadvantageofbackingupmultiplecomputersthatareallconnectedtoanetworkisthatyoucanuseonebackupdrivetoprotectmanycomputers,usingavarietyofmethodstotransferthedata(asshowninFigure27-1),ratherthanaseparatedriveoneachcomputer.
![Page 587: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/587.jpg)
Figure27-1Allnetworkdevicescantransmitdatatoavarietyofdevices.
Forthistobepractical,thenetworkadministratormustbeabletocontrolthebackupprocessforallofthecomputersfromacentrallocation.Withoutthistypeofautomation,theadministratorwouldhavetotraveltoeachcomputertocreateanindividualbackupjob.Byinstallingthebackupdriveandbackupsoftwareononeofthenetwork’scomputers,youcreateabackupserverthatcanprotectalloftheothercomputersonthenetwork.
Automationalsoenablesbackupstooccurduringnightorothernonworkinghours,whenthenetworkisidle.Backingupremotecomputersnaturallyentailstransferringlargeamountsofdataacrossthenetwork,whichgeneratesalotoftrafficthatcanslowdownnormalnetworkoperations.Inaddition,datafilesthatarebeingusedbyapplicationsarefrequentlylockedopen,meaningthatnootherapplicationcangainaccesstothem.Thesefilesareskippedduringatypicalbackupjobandarethereforenotprotected.Networkbackupsoftwareprogramsenableyoutoschedulebackupjobstooccuratanytimeofthedayornight,whenthefilesareavailableforaccess.Withappropriatehardware,theentirebackupprocesscanruncompletelyunattended.
Anetworkbackupsolutionconsistsattheveryleastofabackupdrive,backupmediaforthedrive,andbackupsoftware.Dependingontheamountandtypeofdatatobebackedupandtheamountoftimeavailabletoperformthebackups,youmayalsoneedotherequipment,suchasmultiplebackupdrives,anautochanger,oroptionalsoftwarecomponents.Selectingappropriatehardwareandsoftwareforyourbackupneedsandlearningtousethemcorrectlyaretheessentialelementsofcreatingaviablenetworkbackupsolution.Inmanycases,backupproductsarenotcheap,butasthesayinggoes,youcanpaynoworyoucanpaylater.
BackupHardware
![Page 588: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/588.jpg)
Youcanusevirtuallyanytypeofdrivethatemploysremovablemediaasabackupdrive.WritableCDorDVD-ROMdrivesarepossiblesolutions,asareexternalharddrives,internalredundantarrayofindependent(inexpensive)disks(RAID)systems,magnetictapedrives,network-attachedsystems(NASs),orcommercialcloudbackupservices.However,whilesomeofthesemethodsareusefulforsinglecomputersorsmallbusinessnetworks,theyarenotasusefulforlargebusinessnetworkbackups,fortwomainreasons:insufficientcapacityandexcessivemediacost.Oneofthemainobjectivesofanetworkbackupsolutionistoavoidtheneedformediachangesduringajobsothattheentireprocesscanrununattended.
Storingbacked-updataoff-siteisthebestwaytoprotectdata.Thedatacanbestoredinthecloud,usingeithercommercialcloudbackupservicesoranin-housecloudlocation.Evenifyouusetraditionaldatabackuphardware,consideroff-sitestorageforthishardware.Youcanhousethestoragedevicesinadifferent,securelocation.DeviceswiththecapabilityofstoringinformationfrommultiplecomputersthathasbeenaccessedoverthebusinessnetworkoreventheInternetarethenormtoday.Forsmallcompanies,theoff-sitestoragecanbeanexternalharddrivehousedinabanksafety-depositboxorevenasbasicasadesignatedITpersonwhotakesthedevicehomewiththem.
Inadditiontostorageprotection,youneedanetworkbackupsolutiontoretainthehistoryoftheprotecteddataforagivenperiodsothatit’spossibletorestorefilesthatareseveralweeksormonthsold.Maintainingabackuparchivelikethisrequiresalotofstorage,andthepriceofthemediumisamajorfactorintheoveralleconomyofthebackupsolution.
Theresultofthisneedforhighmediacapacitiesandlowmediacostsisthatsomecombinationofexternalharddisks,RAIDsystems,ormagnetictapebecomesthebackupmediumofchoiceinanetworkenvironment.Magnetictapescanholdenormousamountsofdatainasmallpackage,andthecostofthemediaislow.Inaddition,bothexternaldisksandmagnetictapesaredurableandeasytostore.
NOTEManynetworksusedatastoragetechnologiessuchasRAIDtoincreasedataavailabilityandprovidefaulttolerance.However,despitethatthesetechnologiescanenableyournetworktosurviveaharddrivefailureorsimilarproblem,theyarenotareplacementforregularbackups.Viruses,fires,andothercatastrophescanstillcauseirretrievabledatalossinharddrive–basedstoragearrays,whilebackupswithoff-sitestorageprovideprotectionagainsttheseoccurrences.
BackupCapacityPlanningMagnetictape,externalharddisks,and,morerecently,cloudstoragecapabilitiesandnetwork-attachedstoragedevicesareseveralofthemethodsofdatabackuptechnology,andasaresult,therearemanydifferentformatsanddrives.Inadditiontothepriceandcompatibilityconsiderationsimportanttoeverypurchase,thecriteriayoushouldusetoevaluatebackupsolutionsarecapacity,reliability,andmediacosts,plusthespeedatwhichthedrivecancopydatatothemedium.Together,thecapacityandthetransferspeed
![Page 589: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/589.jpg)
dictatewhetherthedriveiscapableofbackingupyourdatainthetimeyouhaveavailable.Notsurprisingly,thebackupdriveswithgreatercapacityandfasterspeedscommandhigherprices.Dependingonyoursituation,youmaybeabletotradeoffsomespeedforincreasedcapacityoremphasizemaximumspeedovercapacity.
HardDiskDrivesHarddiskdrives(HDDs)havebeenthemainstayformanysmallnetworks,includinghomenetworks,forseveralyears.Theyareavailablebothasportable(orlaptop-class)anddesktopmodels,withtheportabledrivesusingthepowerfromtheconnectingUSBcable.Desktopdrivesoftenrequireconnectiontopowerandoftencomewithaninternalfantopreventtheoverheatingthatcansometimesoccurwiththesmaller,portableunits.
BothtypesareeasilyattachedtoanydevicewithaUniversalSerialBus(USB)port.Mostarefairlyquietandsomewhatdependable.Theyusuallycontainrotatingdisks,usually2.5-inchdrivesintheportableunitsand3.5-inchdrivesinthedesktopmodels.Ifyouareconsideringoneoftheserelativelyinexpensivesolutionsforyourbackup,makesurethatthestoragecapacityisseveraltimeslargerthantheinformationyouwanttosaveortheharddriveyouwanttobackup.Also,thespeedatwhichtheexternaldevicerunsisdeterminedbytheconnectionspeed.Forexample,aUSB3.0connectionwillbefasterthanaUSB2.0port.ConsidertheinformationinTable27-1whenmakingyourdecision.
Table27-1ProsandConsofaUSB-ConnectedHDD
Solid-StateDrivesWithnomovingparts,solid-statedrives(SSDs)aremorereliable,faster,andmoredurable.Today,mostofthesedrivesaredesignedtolooklikeexternalHDDs;however,atthiswriting,theyarestillexpensivewhencalculatingdollarspergigabytewhencomparedwithHDDs.HDDsworkbestwithfilesthathavebeenwrittenwithcontiguousblocks,likemostinternaldrivesdotoday.SSDsstoredataonsemiconductorchipsinsteadofmagnetically.Thetransistors(cells)arewiredinseries,ratherthanparallelasinHDDs.Solid-statedriveshavebothadvantagesanddisadvantagesaswell,asshowninTable27-2.
Table27-2ProsandConsofSDDs
![Page 590: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/590.jpg)
MultipleHardDrives(Multidrives)Asnetworksandtheirstoragerequirementsgrow,thethirdUSBconnectionoptionisaRAIDsystemwithmultipledisksconnectedtoonecomputer.Theseunitsareusuallysmallenclosuresholdingtwoormoreharddrivesthat“mirror”eachother.See“RAIDSystems”laterinthischapterformoreinformation.
ConnectionsUSB2.0(andnow3.0and3.1),eSATA,FireWire,andThunderboltareallmethodsbywhichyourexternaldrivescanbeconnectedtoyourcomputer.Eachoptionoffersvariousadvantagesanddisadvantages.
USB2.0and3.0USBconnectionshavebeenaroundsince1996,withUSB2.0becomingthestandardby2001.USBconnectorsstandardizeconnectionsbetweenyourcomputerandthemanyperipheralsavailable.Fromkeyboardstonetworkadapterstodigitalcameras,theUSBporthasmadeconnectionsquickandeasy.USBhasreplacedtheearlierserialandparallelportconnectionsand,sinceitusuallyhasitsownpower,hasevenreplacedseparatepowerappliancesinsomecases.ManynewdevicescomewithbothUSB2.0andUSB3.0connections.Youcandeterminethetypeofconnectionbytheindicatoronthedevice,asshowninFigure27-2.
Figure27-2USB2.0and3.0connectorsandsymbols
USB2.0and3.0arecompatiblewitheachother;however,theperformancewilldefaulttothelowerofthetwoconnectionsbeingused.
ThedifferencesbetweenthevariousconnectorsareshowninTable27-3.
Table27-3USBConnectorDifferences
eSATAExternalSerialAdvancedTechnologyAttachment(eSATA)wasoftenusedby
![Page 591: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/591.jpg)
manybecauseitofferedfasterdatatransferspeedsthanothermethods,insomecasesthreetimesthatofUSB2.0orFireWire400.ConnecteddirectlytoaSATAharddriveonacomputersothatthecomputer’sprocessorwasdealingwithonlyonedevice,thethroughputtransferspeedwasfasterthanUSBconnections,wheretheprocessorwashandlingseveralUSBdevicesatthesametime.ConnectedtoaninternalSATAdrive,eSATAconnectionsofferedSATAdrivespeed.WiththeadventofUSB3.0devicesandThunderbolt,eSATAdrivesnolongerhavethespeedadvantage.
Today,inabusinessnetworkenvironment,usingeSATAcanhelpprotectyoursystem.WiththeproliferationofUSBdevicesoneachworkstation,thechanceforaccidentalinputofmalwareortheoutputofdataisgreatbyanyonewithaccesstothoseUSBports.SomemanagersdisabletheUSBportsandenabletheuseofexternaldriveswitheSATA.
Forthosewhoneedtoconnecttheircomputerstoothermedia,suchasTVDVRsorothermediadevices,themostcommoninterfaceisstilleSATA.eSATAmakesstorageforlargemediafilesefficientandquick.
Toconnecttoanexternalharddrive,boththatHDDandthecomputermusthavetheeSATAconnector,andyoumustuseaneSATAcable.Thiscablecanbenolongerthan2meters(6.5feet),sodistanceisanissue,andbothUSBandFireWireconnectionscanbelonger.
FireWireWithtransferratesofupto400Mbps,FireWire400wasfastandefficientwhenitwasintroducedbyAppleearlyin1986asareplacementfortheparallelSCSIbus.TheIEEE1394(FireWire)standardwasoriginallydesignedforhigh-speedtransfer,specificallyforlargevideoandaudiofiles.FireWirecanconnectupto63devices,anditallowspeer-to-peercommunicationwithoutinvolvingeithertheprocessororthecomputermemory(USBrequiresthatdevicesbeconnectedtoacomputerinordertotransferinformation).FireWireisalsohot-swappable(asisUSB),meaningthatyoucanremovethedevicewithoutturningoffthecomputer.FireWire800arrivedin2002andwasstandardonApplemachinesuntiltheadventofThunderbolt.(See“Thunderbolt”laterinthischapterformoreinformation.)FireWire400haseitherafour-pinorsix-pinconnection,whileFireWire800hasninepins,asshowninFigure27-3.
![Page 592: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/592.jpg)
Figure27-3FireWire400andFireWire800cablesandports
Devicesequippedwithsix-pinFireWirecansupplytheirownpowerdirectionfromtheircomputerconnection,upto1.5ampsat8to30volts.Devicesthatcomewiththefour-pinconfigurationsavespacebyomittingthetwopowerpins.FireWire800withitsnine-pindesignoffersgroundingtoprotecttheotherwires.FireWire800isbackwardcompatiblewithFireWire400;however,transferspeedwillbethatoftheslowerFireWire400(seeTable27-4).
Table27-4FireWire400andFireWire800Specifications
In2007and2008,FireWireS1600andS3200wereintroducedtocompetewithUSB3.0.Thedevelopmentcamewiththesamenine-pinconnectionasFireWire800,buteventhoughthesystemwasdeveloped,someunitswerenotavailableuntil2012.Therefore,fewdevicesotherthansomeSonycamerasusedthenewertechnology.
ThunderboltIn2011,AppledevicesincludedanewportcalledThunderboltthathadthecapabilitiesandspeedofFireWireandUSB,alongwithexternaldisplaycapabilities
![Page 593: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/593.jpg)
forVideoGraphicsArray(VGA),HighDefinitionMultimediaInterface(HDMI),DisplayPort,andDigitalVideoInterface(DVI).WhilenotalldeviceshadtheabilitytouseThunderbolt,foratime,thisinterfacehadthefastesttransferrate.Someusersreportedbeingabletotransfera15GBHDmovieinlessthanoneminute.
WhilesomeWindowsmachinescontainThunderboltconnections,mostdevicesusingthistechnologyarefortheMac.AsUSB3.0hasbecomethestandard,Thunderbolt’sspeedytransferrateisoftenmatchedbytheUSBconnection.However,formediatransfersandconnectivitytovideodevices,Thunderboltisuseful.
AsUSB3.1isbeingreleased,Thunderbolt3isduetobeonstoreshelvesinearly2015.ThistechnologyistiedtonewIntelarchitecture,whichisalsodueinearly2015.
NOTEThunderboltwasdevelopedbybothAppleandIntel.WirelessWhilethethoughtofnowirescansoundappealing,especiallyifyouhaveawireless(WiFi)network,backinguptoawirelessexternaldrivecanbeasecurityrisk.Ifyouuseencryptiononyourwirelessnetwork,considerencryptingtheexternalharddriveaswell.Today,thereareseveraltypesofencryptionprotocolstohelpprotectbothyournetworkandyourexternaldevice:
•WiredEquivalentPrivacy(WEP)wascreatedinthe1990s,anditsnamedescribesitsmainsellingpoint,whichisthatitisequivalenttoawirednetwork.Asdataonwirelessnetworksistransmittedbyradiowaves,WEPaddssomedegreeofsecuritytothesystembyencryptingor“coding”thedatabeingtransmitted.WEPhasseveraldifferentlevelsofsecurity,from64-bitthrough256-bit,eachofwhichrequiredentranceofastringofhexadecimalcharactersthatwerethentranslatedintoasecurealgorithm.
•WEPhassomeserioussecurityflaws,suchasthefollowing:
•Outsidedevicesbeingabletointerjectnewdatafrommobilestations
•Theabilitytodecryptthedatafromanotheraccesspoint
•Theability,insomecases,toanalyzethetransmitteddataand,afteratime,decryptit
•Wi-FiProtectedAccess(WPA),availablesince2003,wasoriginallydesignedtosolvesomeofthesecurityissueswithWEP.WPAhasnowbeensupersededbyWPA2.WPA2usesmuchofthesamealgorithmsasWPAbutwithenhancedconfidentiality.
Noencryptionsystemormechanismisfoolproof.However,runningawirelessdevicewithoutsomesystemcancreatehavoc.
RAIDSystemsThemassstoragesubsystemsusedinnetworkserversfrequentlygobeyondjusthavinggreatercapacitiesandfasterdrives.Therearealsomoreadvancedstoragetechnologiesthatprovidebetterperformance,reliability,andfaulttolerance.RAIDisthemostcommon
![Page 594: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/594.jpg)
ofthesetechnologies.ARAIDarrayisagroupofharddrivesthatfunctiontogetherinanyoneofvariousways,calledlevels.TherearesixbasicRAIDlevels,numberedfrom0to5,plusseveralotherRAIDstandardsthatareproprietaryorvariationsononeoftheotherlevels.ThedifferentRAIDlevelsprovidevaryingdegreesofdataprotectionandperformanceenhancement.
Originallydesignedforlargenetworkstostorelargeamountsofdataatalowcost,RAIDcanalsobeaviablebackupsolutionforsmallernetworksaswell.Today,youmayseeRAIDonasinglecomputerwithtwoharddrivesconnectedtocreatemorestoragecapacity,orwithtwodrives,withonebeingusedasaduplicate(clone)oftheother.Thatway,ifdrive1fails,alltheinformationisavailableondrive2withnointerruptionofservice.
UsingRAIDRAIDcanbeimplementedinhardwareorsoftware,inwholeorinpart.Third-partysoftwareproductscanprovideotherRAIDlevels.Generallyspeaking,however,thebestRAIDperformancecomesfromahardwareRAIDimplementation.
HardwareRAIDsolutionscanrangefromdedicatedRAIDcontrollercards(whichyouinstallintoaserverlikeanyotherPCIexpansioncardandconnecttoyourharddrives)tostand-aloneRAIDdrivearrays.ARAIDcontrollercardtypicallycontainsacoprocessorandalargememorycache.ThishardwareenablesthecontrolleritselftocoordinatetheRAIDactivity,unlikeasoftwaresolutionthatutilizesthecomputer’sownmemoryandprocessor.WhenyouuseahardwareRAIDsolution,thedrivearrayappearstothecomputerasasingledrive.Alloftheprocessingthatmaintainsthestoreddataisinvisible.
ARAIDdrivearrayisaunit,eitherseparateorintegratedintoaserver,thatcontainsaRAIDcontrollerandslotsintowhichyouinsertharddiskdrives,likethoseshowninFigure27-4.Insomecases,theslotsaremerelycontainersforthedrives,andyouusestandardSCSIandpowercablestoconnectthemtotheRAIDcontrollerandtothecomputer’spowersupply.Inhigher-endarrays,thedrivesplugdirectlyintoabackplane,whichconnectsallofthedevicestotheSCSIbus,suppliesthemwithpower,andeliminatestheneedforseparatecables.Insomecases,thedrivesarehot-swappable,meaningthatyoucanreplaceamalfunctioningdrivewithoutpoweringdownthewholearray.Somearraysalsoincludeahotstandbydrive,whichisanextradrivethatremainsidleuntiloneoftheotherdrivesinthearrayfails,atwhichtimethestandbydriveimmediatelytakesitsplace.Someserversarebuiltaroundanarrayofthistype,whileinothercasesthearrayisaseparateunit,eitherstandingaloneormountedinarack.Theseseparatedrivearraysarewhatyouusewhenyouwanttobuildaserverclusterwithshareddrives.
![Page 595: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/595.jpg)
Figure27-4Stand-aloneRAIDdrivearrays
WhetheryouimplementRAIDusingsoftwareorhardware,youchoosetheRAIDlevelthatbestsuitsyourinstallation.AlthoughthevariousRAIDlevelsarenumberedconsecutively,thehigherlevelsarenotalways“better”thantheloweronesineverycase.Insomecases,forexample,youaretradingoffspeedordiskspaceinreturnforaddedprotection,whichmaybewarrantedinoneinstallationbutnotinanother.ThevariouslevelsofRAIDaredescribedinthefollowingsections.
RAID0:DiskStripingDiskstripingisamethodforenhancingtheperformanceoftwoormoredrivesbyusingthemconcurrently,ratherthanindividually.Technically,diskstripingisnotRAIDatallbecauseitprovidesnoredundancyandthereforenodataprotectionorfaulttolerance.Inastripedarray,theblocksofdatathatmakeupeachfilearewrittentodifferentdrivesinsuccession.Inafour-drivearraylikethatshowninFigure27-5,forexample,thefirstblock(A)iswrittentothefirstdrive,thesecondblock(B)iswrittentotheseconddrive,andsoon,throughthefourthblock(D).Thenthefifthblock(E)iswrittentothefirstdrive,thesixth(F)iswrittentotheseconddrive,andthepatterncontinuesuntilalloftheblockshavebeenwritten.OperatingthedrivesinparallelincreasestheoverallI/OperformanceofthedrivesduringbothreadsandwritesbecausewhilethefirstdriveisreadingorwritingblockA,theseconddriveismovingitsheadsintopositiontoreadorwriteblockB.Thisreducesthelatencyperiodcausedbytheneedtomovetheheadsbetweeneachblockinasingledrivearrangement.Toreducethelatencyevenfurther,youcanuseaseparatecontrollerforeachdrive.
![Page 596: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/596.jpg)
Figure27-5RAIDlevel0
Asmentionedearlier,diskstripingprovidesnoadditionalprotectiontothedataandindeedevenaddsanelementofdanger.IfoneofthedrivesinaRAID0arrayshouldfail,theentirevolumeislost,andrecoveringthedatadirectlyfromthediskplattersismuchmoredifficult,ifnotimpossible.However,diskstripingprovidesthegreatestperformanceenhancementofanyoftheRAIDlevels,largelybecauseitaddstheleastamountofprocessingoverhead.RAID0issuitableforapplicationsinwhichlargeamountsofdatamustberetrievedonaregularbasis,suchasvideoandhigh-resolutionimageediting,butyoumustbecarefultobackupyourdataregularly.
NOTEIt’spossibletostripedataacrossaseriesofharddriveseitheratthebytelevelorattheblocklevel(oneblocktypicallyequals512bytes).Byte-levelstripingisbettersuitedtothestorageoflargedatarecordsbecausethecontentsofarecordcanbereadinparallelfromthestripesondifferentdrives,thusimprovingthedatatransferrate.Block-levelstripingisbettersuitedforthestorageofsmalldatarecordsinanenvironmentwheremultipleconcurrentrequestsarecommon.Asinglestripeismorelikelytocontainanentirerecord,whichenablesthevariousdrivesinthearraytoprocessindividualrequestsindependentlyandsimultaneously.
RAID1:DiskMirroringandDuplexingDiskmirroringanddiskduplexingarethesimplestarrangementsthattrulyfitthedefinitionofRAID.Diskmirroringisatechniquewheretwoidenticaldrivesareconnectedtothesamehostadapter,andalldataiswrittentobothofthedrivessimultaneously,asshowninFigure27-6.Thisway,thereisalwaysabackup(ormirror)copyofeveryfileimmediatelyavailable.Ifoneofthedrivesshouldfail,theothercontinuestooperatewithnointerruptionwhatsoever.Whenyoureplaceorrepairthemalfunctioningdrive,allofthedatafromthemirroriscopiedtoit,thusreestablishingtheredundancy.Diskduplexingisanidenticalarrangement,exceptthatthetwodrivesareconnectedtoseparatecontrollers.Thisenablesthearraytosurviveafailureofoneofthedisksoroneofthecontrollers.
![Page 597: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/597.jpg)
Figure27-6RAIDlevel1
Obviously,diskmirroringprovidescompleteharddrivefaulttolerance,anddiskduplexingprovidesbothdriveandcontrollerfaulttolerancebecauseacompletecopyofeveryfileisalwaysavailableforimmediateaccess.However,mirroringandduplexingdothiswiththeleastpossibleefficiencybecauseyourealizeonlyhalfofthediskspacethatyouarepayingfor.Two10GBdrivesthataremirroredyieldonlya10GBvolume.Asyouwillsee,otherRAIDlevelsprovidetheirfaulttolerancewithgreaterefficiency,asfarasavailablediskspaceisconcerned.
Diskmirroringandduplexingdoenhancediskperformanceaswell,butonlyduringreadoperations.Duringwriteoperations,thefilesarewrittentobothdrivessimultaneously,resultinginthesamespeedasasingledrive.Whenreading,however,thearraycanalternatebetweenthedrives,doublingthetransactionrateofasingledrive.Inshort,writeoperationsaresaidtobeexpensiveandreadoperationsefficient.Likediskstriping,mirroringandduplexingaretypicallyimplementedbysoftwareandarecommonfeaturesinserveroperatingsystemslikeWindows2000.However,asmentionedearlier,usingthesystemprocessorandmemoryforthispurposecandegradetheperformanceoftheserverwhendiskI/Oisheavy.
RAID2:HammingECCRAID2isaseldom-usedarrangementwhereeachofthedisksinadrivearrayisdedicatedtothestorageeitherofdataoroferrorcorrectingcode(ECC).Asthesystemwritesfilestothedatadisks,italsowritestheECCtodrivesdedicatedtothatpurpose.Whenreadingfromthedatadrives,thesystemverifiesthedataascorrectusingtheerrorcorrectioninformationfromtheECCdrives.TheECCinthiscaseishammingcode,whichwasthesametypeofECCusedonSCSIharddrivesthatsupporterrorcorrection.BecauseallSCSIharddrivesalreadysupportedECCandbecausearelativelylargenumberofECCdriveswererequiredforthedatadrives,RAID2isaninefficientmethodthathasalmostneverbeenimplementedcommercially.
RAID3:ParallelTransferwithSharedParityARAID3arrayisacombinationofdatastripingandthestorageofatypeofECCcalledparityonaseparatedrive.RAID3requiresaminimumofthreedrives,withtwoormoreofthedrivesholdingdatastripedatthebytelevelandonedrivededicatedtoparityinformation.TheuseofstripingonthedatadrivesenhancesI/Operformance,justasinRAID0,andusingonedriveinthearrayforparityinformationaddsfaulttolerance.Wheneverthearrayperformsareadoperation,itusestheinformationontheparitydrive
![Page 598: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/598.jpg)
toverifythedatastoredonthestripeddrives.Becauseonlyoneofthedrivesholdstheparityinformation,yourealizeagreateramountofusablediskspacefromyourarraythanyoudowithRAID2.Ifoneofthestripeddrivesshouldfail,thedataitcontainscanbereconstructedusingtheparityinformation.However,thisreconstructiontakeslongerthanthatofRAID1(whichisimmediate)andcandegradeperformanceofthearraywhileitisoccurring.
WhenyouhitRAID3andthelevelsaboveit,theresourcesrequiredbythetechnologymakethemmuchmoredifficulttoimplementinsoftwareonly.MostserversthatuseRAID3orhigheruseahardwareproduct.
RAID4:IndependentDataDiskswithSharedParityRAID4issimilartoRAID3,exceptthatthedrivesarestripedattheblocklevel,ratherthanatthebytelevel.Thereisstillasingledrivedevotedtoparityinformation,whichenablesthearraytorecoverthedatafromafaileddriveifneeded.TheperformanceofRAID4incomparisontoRAID3iscomparableduringreadoperations,butwriteperformancesuffersbecauseoftheneedtocontinuallyupdatetheinformationontheparitydrive.RAID4isalsorarelyusedbecauseitoffersfewadvantagesoverRAID5.
RAID5:IndependentDataDiskswithDistributedParityRAID5isthesameasRAID4,exceptthattheparityinformationisdistributedamongallofthedrivesinthearray,insteadofbeingstoredonadrivededicatedtothatpurpose.Becauseofthisarrangement,thereisnoparitydrivetofunctionasabottleneckduringwriteoperations,andRAID5providessignificantlybetterwriteperformancethanRAID4,alongwiththesamedegreeoffaulttolerance.Therebuildprocessintheeventofadrivefailureisalsomademoreefficientbythedistributedparityinformation.ReadperformancesuffersslightlyinRAID5,however,becausethedriveheadsmustskipovertheparityinformationstoredonallofthedrives.
RAID5isthelevelthatisusuallyimpliedwhensomeonereferstoaRAIDarraybecauseitprovidesagoodcombinationofperformanceandprotection.Inafour-diskarray,only25percentofthediskspaceisdevotedtoparityinformation,asopposedto50percentinaRAID1array.
RAID6:IndependentDataDiskswithTwo-DimensionalParityRAID6isavariationonRAID5thatprovidesadditionalfaulttolerancebymaintainingtwoindependentcopiesoftheparityinformation,bothofwhicharedistributedamongthedrivesinthearray.Thetwo-dimensionalparityschemegreatlyincreasesthecontrolleroverheadsincetheparitycalculationsaredoubled,andthearray’swriteperformanceisalsodegradedbecauseoftheneedtosavetwiceasmuchparityinformation.However,aRAID6arraycansustainmultiplesimultaneousdrivefailureswithoutdatalossandisanexcellentsolutionforread-intensiveenvironmentsworkingwithmission-criticaldata.
RAID7:AsynchronousRAIDRAID7isaproprietarysolutionmarketedbyStorageComputerCorporation,whichconsistsofastripeddataarrayandadedicatedparitydrive.ThedifferenceinRAID7is
![Page 599: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/599.jpg)
thatthestoragearrayincludesitsownembeddedoperatingsystem,whichcoordinatestheasynchronouscommunicationswitheachofthedrives.Asynchronouscommunication,inthiscontext,meansthateachdriveinthearrayhasitsowndedicatedhigh-speedbusanditsowncontrolanddataI/Opaths,aswellasaseparatecache.TheresultisincreasedwriteperformanceoverotherRAIDlevelsandveryhighcachehitratesundercertainconditions.ThedisadvantagesofRAID7areitshighcostandthedangerresultingfromanyinvestmentinaproprietarytechnology.
RAID10:StripingofMirroredDisksRAID10isacombinationofthediskstripingusedinRAID0andthediskmirroringusedinRAID1.Thedrivesinthearrayarearrangedinmirroredpairs,anddataisstripedacrossthem,asshowninFigure27-7.Themirroringprovidescompletedataredundancywhilethestripingprovidesenhancedperformance.ThedisadvantageofRAID10isthehighcost(atleastfourdrivesarerequired)andthesamelowdatastorageefficiencyasRAID1.
Figure27-7RAIDlevel10
RAID0+1:MirroringofStripedDisksRAID0+1istheoppositeofRAID10.Insteadofstripingdataacrossmirroredpairsofdisks,RAID0+1takesanarrayofstripeddisksandmirrorsit.TheresultingperformanceissimilartothatofRAID10,butasingledrivefailureturnsthearraybacktoasimpleRAID0installation.
Network-AttachedStorageNetwork-attachedstorageisatermthatisgenerallyappliedtoastand-alonestoragesubsystemthatconnectstoanetworkandcontainseverythingneededforclientsandserverstoaccessthedatastoredthere.AnNASdevice,sometimescalledanetwork
![Page 600: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/600.jpg)
storageappliance,isnotjustaboxwithapowersupplyandanI/Obuswithharddrivesinstalledinit.Theunitalsohasaself-containedfilesystemandastripped-down,proprietaryoperatingsystemthatisoptimizedforthetaskofservingfiles.TheNASapplianceisessentiallyastand-alonefileserverthatcanbeaccessedbyanycomputeronthenetwork.NASappliancescanreducecostsandsimplifythedeploymentandongoingmanagementprocesses.Becausetheapplianceisacompleteturnkeysolution,thereisnoneedtointegrateseparatehardwareandoperatingsystemproductsorbeconcernedaboutcompatibilityissues.
NASappliancescanconnecttonetworksindifferentways,anditisherethatthedefinitionofthetechnologybecomesconfusing.AnNASserverisadevicethatcanrespondtofileaccessrequestsgeneratedbyanyothercomputeronthenetwork,includingclientsandservers.
TherearetwodistinctmethodsfordeployinganNASserver,however.YoucanconnecttheappliancedirectlytotheLAN,usingastandardEthernetconnection,enablingclientsandserversaliketoaccessitsfilesystemdirectly,oryoucanbuildadedicatedstoragenetwork,usingEthernetorFibreChannel,enablingyourserverstoaccesstheNASandsharefileswithnetworkclients.
Thelattersolutionplacesanadditionalburdenontheservers,butitalsomovestheI/OtrafficfromtheLANtoadedicatedstoragenetwork,thusreducingnetworktrafficcongestion.WhichoptionyouchooselargelydependsonthetypeofdatatobestoredontheNASserver.IfyouusetheNAStostoreusers’ownworkfiles,forexample,itcanbeadvantageoustoconnectthedevicetotheLANandletusersaccesstheirfilesdirectly.However,iftheNASservercontainsdatabasesore-mailstores,aseparateapplicationserverisrequiredtoprocessthedataandsupplyittoclients.Inthiscase,youmaybenefitmorebycreatingadedicatedstoragenetworkthatenablestheapplicationservertoaccesstheNASserverwithoutfloodingtheclientnetworkwithI/Otraffic.
MagneticTapeDrivesUnlikeothermassstoragedevicesusedincomputers,magnetictapedrivesdonotproviderandomaccesstothestoreddata.Harddisksandopticaldrivesallhaveheadsthatmovebackandforthacrossaspinningmedium,enablingthemtoplacetheheadatanylocationonthediskalmostinstantaneouslyandreadthedatastoredthere.Themagnetictapedrivesusedincomputersworkjustlikeaudiotapedrives;thetapeispulledoffofaspoolanddraggedacrossaheadtoreadthedata,asshowninFigure27-8.Thisiscalledlinearaccess.Toreadthedataatapointneartheendofatape,thedrivemustunspoolalloftheprecedingtapebeforeaccessingthedesiredinformation.Becausetheyarelinearaccessdevices,magnetictapedrivesarenotmountedasvolumesinthecomputer’sfilesystem.Youcan’tassignadrivelettertoatapeandaccessitsfilesthroughadirectorydisplay,asyoucanwithaCD-ROMorafloppydisk.Magnetictapedrivesareusedexclusivelybybackupsoftwareprograms,whicharespecificallydesignedtoaccessthem.
![Page 601: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/601.jpg)
Figure27-8Linearaccessdrivesleavethetapeinthecartridgeandpressitagainststaticheads.
Linearaccessdevicesliketapedrivesalsocannotconvenientlyuseatablecontaininginformationaboutthefilestheycontain,aswithahardorfloppydisk.Whenabackupsystemwritesharddrivefilestotape,itreadstheinformationabouteachfilefromtheharddrive’sfileallocationtable(orwhateverequivalentthatparticulardrive’sfilesystemuses)andwritesittotapeasaheaderbeforecopyingthefileitself.Thefileisfrequentlyfollowedbyanerrorcorrectioncodethatensuresthevalidityofthefile.Thisway,alloftheinformationassociatedwitheachfileisfoundatonelocationonthetape.However,sometapedrivetechnologies,suchasdigitalaudiotape(DAT)anddigitallineartape(DLT),docreateanindexoneachtapeofallthefilesitcontains,whichfacilitatestherapidrestorationofindividualfiles.
TapeDriveInterfacesToevaluatebackuptechnologies,it’sagoodideatofirstestimatetheamountofdatayouhavetoprotectandtheamountoftimeyouwillhaveforthebackupjobstorun.Theobjectistoselectadrive(ordrives)thatcanfitallofthedatayouneedtoprotectduringtheaveragebackupjobonasingledeviceinthetimeavailable.Besuretoconsiderthatitmaynotbenecessaryforyoutobackupallofthedataonallofyourcomputersduringeverybackupjob.Mostofthefilesthatmakeupacomputer’soperatingsystemandapplicationsdonotchange,soitisn’tnecessarytobackthemupeveryday.Youcanbacktheseuponceaweekorevenmoreseldomandstillprovideyourcomputerswithsufficientprotection.Theimportantfilesthatyoushouldbackupeverydayarethedataandsystemconfigurationfilesthatchangefrequently,allofwhichmightadduptofarlessdata.
Inadditiontothecapabilitiesofthedrive,youmustconsidertheinterfacethat
![Page 602: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/602.jpg)
connectsittothecomputerthatwillhostit.Whenusingatapedrive,theprocessofwritingdatatoamagnetictaperequiresthatthetapedrivereceiveaconsistentstreamofdatafromthecomputer.Interruptionsinthedatastreamforcethetapedrivetostopandstartrepeatedly,whichwastesbothtimeandtapecapacity.
MagneticTapeCapacitiesThestoragecapacityofamagnetictapeisoneofitsmostdefiningcharacteristicsandcanalsobeoneofthemostpuzzlingaspectsofthebackupprocess.Manyuserspurchasetapedriveswithratedcapacitiesandthenaredisappointedtofindthattheproductdoesnotstoreasmuchdataonatapeasthemanufacturerstates.Inmostcases,thisisnotamatteroffalseclaimsonthepartofthedrive’smaker.
Therearethreeelementsthatcanaffectthedatacapacityofamagnetictape,whichareasfollows:
•Compression
•Datastream
•Writeerrors
CompressionMagnetictapestoragecapacitiesareoftensuppliedbymanufacturersintermsofcompresseddata.Areputablemanufacturerwillalwaysstateinitsliteraturewhetherthecapacitiesitcitesarecompressedoruncompressed.Mostofthetapedrivesdesignedforcomputerbackupsincludehardware-basedcompressioncapabilitiesthatusestandarddatacompressionalgorithmstostorethemaximumamountofdataonatape.Incaseswherethedrivedoesnotsupporthardwarecompression,thebackupsoftwaremightimplementitsowncompressionalgorithms.Whenyouhaveachoice,youshouldalwaysusehardware-basedcompressionoversoftwarecompressionbecauseimplementingthedatacompressionprocessinthesoftwareplacesanadditionalprocessingburdenonthecomputer.Hardware-basedcompressionisperformedbyaprocessorinthetapedriveitselfandisinherentlymoreefficient.
NOTESomemanufacturersexpresstapedrivecapacitiesusingthetermnative.Adrive’snativecapacityreferstoitscapacitywithoutcompression.
Thedegreetowhichdatacanbecompressed,andthereforethecapacityofatape,dependsontheformatofthefilesbeingbackedup.Afileinaformatthatisalreadycompressed,suchasaGIFimageoraZIParchive,cannotbecompressedanyfurtherbythetapedrivehardwareorthebackupsoftwareandthereforehasacompressionratioof1:1.Otherfiletypescompressatdifferentratios,rangingfrom2:1,whichistypicalforprogramfilessuchasEXEsandDLLs,to8:1orgreater,aswithuncompressedimageformatslikeBMP.Itisstandardpracticeformanufacturerstoexpressthecompressedstoragecapacityofatapeusinga2:1compressionratio.However,youractualresultsmightvarygreatly,dependingonthenatureofyourdata.
![Page 603: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/603.jpg)
DataStreamTowritedatatothetapeinthemostefficientmanner,thetapedrivemustreceivethedatafromthecomputerinaconsistentstreamatanappropriaterateofspeed.Therateatwhichthedataarrivesatthetapedrivecanbeaffectedbymanyfactors,includingtheinterfaceusedtoconnectthedrivetothecomputer,thespeedofthecomputer’sprocessorandsystembus,orthespeedoftheharddriveonwhichthedataisstored.Whenyouarebackingupdatafromthenetwork,youaddthespeedofthenetworkitselfintotheequation.Evenifyouhaveahigh-qualitytapedriveinstalledinastate-of-the-artserver,slownetworkconditionscausedbyexcessivetrafficorfaultyhardwarecanstillaffectthespeedofthedatastreamreachingthetapedrive.Thisisoneofthereasonswhynetworkbackupsareoftenperformedatnightorduringotherperiodswhenthenetworkisnotbeingusedbyotherprocesses.
Tapedriveswritedatatothetapeinunitscalledframesorsometimesblocks,whichcanvaryinsizedependingonthedrivetechnologyandthemanufacturer.Theframeisthesmallestunitofdatathatthedrivecanwritetothetapeatonetime.Thedrivecontainsabufferequalinsizetotheframesituses,inwhichitstoresthedatatobebackedupasitarrivesfromthecomputer.Whenthebackupsystemisfunctioningproperly,thedataarrivesatthetapedrive,fillsupthebuffer,andtheniswrittentothetapewithnodelay.Thisenablesthetapedrivetoruncontinuously,drawingthetapeacrosstheheads,writingthebuffereddatatothetape,andthenemptyingthebufferforthenextincomingframe’sworthofdata.Thisiscalledstreaming.
NOTETheframesusedbytapedrivesdocorrespondinsizeorconstructionwiththedatalinklayerprotocolframesusedindatanetworking.
Whenthedataarrivesatthetapedrivetooslowly,thedrivehastostopthetapewhileitwaitsforthebuffertofillupwithdata.Thisprocessofconstantlystoppingandstartingthetapeiscalledshoe-shining,anditisoneofthemainsignalsthatthedriveisnotrunningproperly.Thebufferhasabuilt-indataretentiontimeout,afterwhichthedriveflushesthebufferandwritesitscontentstotape,whetherit’sfullofdataornot.Ifthebufferisnotfullwhenthetimeoutperiodexpires,thedrivepadsouttheframewithnonsensedatatofillitupandthenwritesthecontentsofthebuffer(includingthepadding)tothetape.Theendresultisthateachframewrittentothetapecontainsonlyafractionoftheactualdatathatitcanhold,thusreducingtheamountofusabledatastoredonthetape.
Thewaytoavoidhavingpartiallyfilledbuffersflushedtotapeistoensurethattherearenobottlenecksinthepathfromthesourcesofyourdatatothetapedrive.Thepathisonlyasfastasitsslowestcomponent,andtospeedupthedatatransferrate,youmayhavetodoanyofthefollowing:
•Replaceharddriveswithfastermodels
•Installthetapedriveinafastercomputer
•Reducetheprocessingloadonthecomputerhostingthetapedrive
•Schedulebackupjobstooccurduringperiodsoflownetworktraffic
![Page 604: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/604.jpg)
WriteErrorsAnotherpossiblereasonfordiminishedtapecapacityisanexcessofrecoverablewriteerrors.Awriteerrorisconsideredtoberecoverablewhenthetapedrivedetectsabadframeonthetapewhilethedataisstillinthebuffer,makingitpossibleforthedrivetoimmediatelywritethesameframetothetapeagain.Drivestypicallydetecttheseerrorsbypositioningareadheadrightnexttothewriteheadsothatthedrivecanreadeachframeimmediatelyafterwritingit.
Whenthedriverewritesaframe,itdoesnotoverwritethebadframebyrewindingthetape;itsimplywritesthesameframetothetapeagain,immediatelyfollowingthefirstone.Thismeansthatoneframe’sworthofdataisoccupyingtwoframes’worthoftape,andiftherearemanyerrorsofthistype,asignificantamountofthetape’sstoragecapacitycanbewasted.Recoverablewriteerrorsaremostoftencausedbydirtyheadsinthetapedriveorbadmedia.Mostbackupsoftwareproductscankeeptrackofanddisplaythenumberofrecoverablewriteerrorsthatoccurduringaparticularbackupjob.Thefirstthingyoushoulddowhenyounoticethatmorethanahandfulofrecoverablewriteerrorshaveoccurredduringabackupjobistocleanthedriveheadsusingapropercleaningtapeandthenrunatestjobusinganew,good-qualitytape.Iftheerrorscontinue,thismightbeanindicationofamoreserioushardwareproblem.
NOTEDirtydriveheadsarethesinglemostcommoncauseoftapedriveproblems.Theimportanceofregularheadcleaningcannotbeoveremphasized.
BackupSoftwareForhomeandsmallbusinessnetworks,therearemanysoftwareproductsavailable,includingtheabilitytobackuptoaserverataremotelocation,suchasthecloud.Ifyoudecidethatyoumustpurchaseanetworkbackupsoftwarepackage,it’sagoodideatofamiliarizeyourselfwiththecapabilitiesofthevariousproductsonthemarketandthencomparethemwithyourneeds.Insomecases,youcanobtainevaluationversionsofbackupsoftwareproductsandtestthemonyournetwork.Thiscanhelpyouidentifypotentialproblemsyoumayencounterwhilebackingupyournetwork.Thefollowingsectionsexaminesomeofthebasicfunctionsofabackupsoftwarepackageandhowtheyapplytoatypicalnetworkbackupsituation.
NOTEWhileavailableinearlierversions,Windows8.1doesnotcontainaBackupandRestoreutility.
SelectingBackupTargetsThesimplesttypeofbackupjobisafullbackup,inwhichyoubackuptheentirecontentsofacomputer’sdrives.However,fullbackupsusuallyaren’tnecessaryonadailybasisbecausemanyofthefilesstoredonacomputerdonotchangeandbecausefullbackupscantakealotoftimeandusealotofstoragecapacity.Oneofthebeststrategieswhen
![Page 605: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/605.jpg)
planningabackupsolutionforanetworkistopurchaseadrivethatcansaveallofyourdatafilesandtheimportantsystemconfigurationfilesonasinglemedia.Thisenablesyoutopurchasealessexpensivedriveandstillprovideyournetworkwithcompleteprotection.
Beingselectiveaboutwhatyouwanttobackupcomplicatestheprocessofcreatingabackupjob,andagoodbackupsoftwareprogramprovidesseveraldifferentwaystoselectthecomputers,drives,directories,orfiles(collectivelycalledtargets)thatyouwanttobackup.Selectingadriveordirectoryforbackupincludesallofthefilesandsubdirectoriesitcontainsaswell.Youcanthendeselectcertainfilesorsubdirectoriesthatyouwanttoexcludefromthebackup.Somebackupsoftwareprogramscanalsolistthetargetsforabackupjobintextform.Whenyou’recreatingalarge,complexjobinvolvingmanycomputers,thisformatcansometimesbeeasiertocomprehendandmodify.
UsingFiltersTheexpandabledisplayisgoodforselectingbackuptargetsbasedonthedirectorystructure,butitisn’tpracticalforothertypesoftargetselection.Manyapplicationsandoperatingsystemscreatetemporaryfilesasthey’rerunning,andthesefilesarefrequentlynamedusingaspecificpattern,suchasaTMPextension.Inmostcases,youcansafelyexcludethesefilesfromabackupbecausetheywouldonlybeautomaticallydeletedatalatertimeanyway.However,manuallydeselectingallofthefileswithaTMPextensioninadirectorydisplaywouldbeverytimeconsuming,andyoualsohavenoassurancethattheremightnotbeotherTMPfilesonyourdriveswhenthebackupjobactuallyruns.
Toselect(ordeselect)filesbasedoncharacteristicssuchasextension,filename,date,size,andattributes,mostbackupsoftwareprogramsincludefilters.Afilterisamechanismthatisappliedtoallorpartofabackuptargetthatinstructsthesoftwaretoincludeorexcludefileswithcertaincharacteristics.Forexample,toexcludeallfileswithaTMPextensionfromabackupjob,youwouldapplyanexcludefiltertothedrivesthatspecifiedthefilemask*.tmp.
Youcanusefiltersinmanywaystolimitthescopeofabackupjob,suchasthefollowing:
•Createanincludefilterspecifyingamodificationdatetobackupallthefilesthathavechangedsinceaparticularday
•Createexcludefiltersbasedonfileextensionstoavoidbackingupprogramfiles,suchasEXEsandDLLs
•Createafilterbasedonaccessdatestoexcludeallfilesfromabackupthathaven’tbeenaccessedinthelast30days
IncrementalandDifferentialBackupsThemostcommontypeoffilterusedinbackupsisonethatisbasedontheArchiveattribute.Thisisthefilterthatbackupsoftwareproductsusetoperformincrementalanddifferentialbackups.Fileattributesaresinglebitsincludedwitheveryfileonadiskdrivethatarededicatedtoparticularfunctions.Differentfilesystemshavevariousattributes,butthemostcommononesfoundinalmostallfilesystemsareRead-only,Hidden,and
![Page 606: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/606.jpg)
Archive.TheRead-onlyandHiddenattributesaffecthowspecificfilesaremanipulatedanddisplayedbyfilemanagementapplications.Undernormalconditions,afilewiththeHiddenattributeactivatedisinvisibletotheuser,andaRead-onlyfilecan’tbemodified.TheArchiveattributehasnoeffectinanormalfilemanagementapplication,butbackupprogramsuseittodeterminewhetherfilesshouldbebackedup.
Atypicalbackupstrategyforanetworkconsistsofafullbackupjobthatisrepeatedeveryweekwithdailyincrementalordifferentialjobsinbetween.Whenyouconfigureabackupsoftwareprogramtoperformafullbackupofadrive,thesoftwaretypicallyresetstheArchiveattributeoneachfile,meaningthatitchangesthevalueofalltheArchivebitsto0.Afterthefullbackup,wheneveranapplicationorprocessmodifiesafileonthedrive,thefilesystemautomaticallychangesitsArchivebittoavalueof1.ItisthenpossibletocreateabackupjobthatusesanattributefiltertocopytotapeonlythefileswithArchivebitvaluesof1,whicharethefilesthathavechangedsincethelastfullbackup.Theresultisabackupjobthatusesfarlesstapeandtakesfarlesstimethanafullbackup.
AnincrementalbackupjobisonethatcopiesonlythefilesthathavebeenmodifiedsincethelastbackupandthenresetstheArchivebitsofthebacked-upfilesto0.Thismeansthateachincrementaljobyouperformcopiesonlythefilesthathavechangedsincethelastjob.IfyouperformyourfullbackupsonSunday,Monday’sincrementaljobconsistsofthefilesthathavechangedsinceSunday’sfullbackup.Tuesday’sincrementaljobconsistsofthefilesthathavechangedsinceMonday’sincremental,Wednesday’sjobconsistsofthefileschangedsinceTuesday,andsoforth.Filesthataremodifiedfrequentlymightbeincludedineachoftheincrementaljobs,whileoccasionallymodifiedfilesmightbebackeduponlyonceortwiceaweek.
Theadvantageofperformingincrementaljobsisthatyouusetheabsoluteminimumamountoftimeandstoragecapacitybecauseyouneverbackupanyfilesthathaven’tchanged.Thedrawbackofusingincrementaljobsisthatinordertoperformacompleterestorationofadriveordirectory,youhavetorestorethecopyfromthelastfullbackupandthenrepeatthesamerestorejobfromeachoftheincrementalsperformedsincethatfullbackup,inorder.Thisisbecauseeachoftheincrementaljobsmaycontainfilesthatdon’texistontheotherincrementalsandbecausetheymightcontainnewerversionsoffilesonthepreviousincrementals.Bythetimeyoucompletetherestoreprocess,youhaverestoredalloftheuniquefilesonalloftheincrementalsandoverwrittenalloftheolderversionsofthefileswiththelatestones.
Ifyouhavealotofdatatobackupandwantthemosteconomicalsolution,performingincrementaljobsisthewaytogo.Therestoreprocessismorecomplex,butperformingafullrestoreofadriveis(ideally)arelativelyrareoccurrence.Whenyouhavetorestoreasinglefile,youjusthavetomakesurethatyourestorethemostrecentcopyfromtheappropriatefullorincrementalbackuptape.
AdifferentialbackupjobdiffersfromanincrementalonlyinthatitdoesnotresettheArchivebitsofthefilesitbacksup.Thismeansthateachdifferentialjobbacksupallofthefilesthathavechangedsincethelastfullbackup.IfafileismodifiedonMonday,thedifferentialjobsbackituponMonday,Tuesday,Wednesday,andsoon.Theadvantageofusingdifferentialjobsisthattoperformacompleterestore,youhavetorestoreonlyfromthelastfullbackupandthemostrecentdifferentialbecauseeachdifferentialhasallofthe
![Page 607: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/607.jpg)
filesthathavechangedsincethelastfullbackup.Thedisadvantageofdifferentialsisthattheyrequiremoretimeandtapebecauseeachjobincludesallofthefilesfromthepreviousdifferentialjobs.Ifyourtapedrivehassufficientcapacitytostoreallofyourmodifieddataforafullweekonasingletape,differentialsarepreferabletoincrementalsbecausetheysimplifytherestorationprocess.
Inmostcases,theincrementalanddifferentialbackupoptionsarebuiltintothesoftware,soyoudon’thavetousefilterstomanipulatetheArchiveattributes.Thesoftwaretypicallyprovidesameansofselectingfromamongbasicbackuptypeslikethefollowing:
•NormalPerformsafullbackupofallselectedfilesandresetstheirArchivebits
•CopyPerformsafullbackupofallselectedfilesanddoesnotresettheirArchivebits
•IncrementalPerformsabackuponlyoftheselectedfilesthathavechangedanddoesnotresettheirArchivebits
•DifferentialPerformsabackuponlyoftheselectedfilesthathavechangedandresetstheirArchivebits
•DailyPerformsabackuponlyoftheselectedfilesthathavechangedtoday
•WorkingSetPerformsabackuponlyoftheselectedfilesthathavebeenaccessedinaspecifiednumberofdays
NOTEDifferentbackupsoftwareproductsmaynotprovidealloftheseoptionsormayprovideadditionaloptions.Theymayalsorefertotheseoptionsusingdifferentnames.
BackingUpOpenFilesThesinglebiggestproblemyouarelikelytoencounterwhileperformingbackupsinanetworkenvironmentisthatofopenfiles.Whenafileisbeingusedbyanapplication,inmostcasesitislockedopen,meaningthatanotherapplicationcannotopenitatthesametime.Whenabackupprogramwithnospecialopenfilecapabilitiesencountersafilethatislocked,itsimplyskipsitandproceedstothenextfile.Theactivitylogkeptbythebackupsoftwaretypicallyliststhefilesthathavebeenskippedandmaydeclareabackupjobashavingfailedwhenfilesareskipped(evenwhenthevastmajorityoffileswerebackedupsuccessfully).Obviously,skippedfilesarenotprotectedagainstdamageorloss.
Openfilesareoneofthemainreasonsforperformingbackupsduringtimeswhenthenetworkisnotinuse.Evenduringoff-hours,filescanbeleftopenforavarietyofreasons.Forexample,usersmayleavetheircomputersattheendofthedaywithfilesloadedintoanapplication.Theagentsincludedwithmostnetworkbackupproductsarecapableofbackingupfilesleftopeninthisway.Thisisoneofthebigadvantagesofusinganagent,ratherthansimplyaccessingfilesthroughthenetwork.
Themostcriticaltypeofopenfilesituationinvolvesapplicationsanddatafilesthat
![Page 608: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/608.jpg)
areleftrunningcontinuously,suchasdatabaseande-mailservers.Theseapplicationsoftenmustrunaroundtheclock,andsincetheirdatafilesareconstantlybeingaccessedbytheapplication,theyarealwayslockedopen.Anormalbackupproductcanbackupmostofanapplication’sprogramfilesinacaselikethis,butthemostimportantfiles,containingthedatabasesthemselvesorthee-mailstores,areskipped.Thisisamajoromissionthatmustbeaddressedinordertofullyprotectanetwork.
Inmostcases,networkbackupproductsarecapableofbackinguplivedatabasesande-mailstores,butyoumustpurchaseextrasoftwarecomponentstodoso.Networkbackupsoftwareproductsusuallyhaveoptionalmodulesforeachofthemajordatabaseande-mailproducts,whicharesoldseparately.Theoptionalcomponentmayconsistofanupgradetothemainbackupapplication,aprogramthatrunsonthedatabaseore-mailserver,orboth.Theseoptionsgenerallyworkbycreatingatemporarydatabasefileore-mailstore(sometimescalledadeltafile)thatcanprocesstransactionswithclientsandotherserverswhiletheoriginaldatafilesintheserverarebeingbackedup.Oncethebackupiscomplete,thetransactionsstoredinthedeltafileareappliedtotheoriginaldatabaseandnormalprocessingcontinues.
NOTEManycloudbackupstrategiesbackupopenfilesontheflywhenachangeismadetoit.
RecoveringfromaDisasterAnotheradd-onmoduleavailablefrommanybackupsoftwaremanufacturersisadisasterrecoveryoption.Inthiscontext,adisasterisdefinedasacatastrophiclossofdatathatrendersacomputerinoperable,suchasafailureoftheharddrivecontainingtheoperatingsystemfilesinaserver.Thistypeofdatalosscanalsoresultfromavirusinfection,theft,fire,ornaturaldisaster,suchasastormorearthquake.Assumingyouhavebeendiligentlyperformingyourregularbackupsandstoringcopiesoff-site,yourdatashouldbesafeifadisasteroccurs.However,restoringthedatatoanewdriveorareplacementservernormallymeansthatyoumustfirstreinstalltheoperatingsystemandthebackupsoftware,whichcanbealengthyprocess.Adisasterrecoveryoptionisameansofexpeditingtherestorationprocessinthistypeofscenario.
Adisasterrecoveryoptionusuallyworksbycreatingsomeformofbootmediumthatprovidesonlytheessentialcomponentsneededtoperformarestorejobfromabackup.Intheeventofadisaster,anetworkadministratoronlyhastorepairorreplaceanycomputerhardwarethatwaslostordamaged,insertaCD/DVD,andbootthecomputer.Thedisasterrecoverydisksuppliesthefilesneededtobringthecomputertoabasicoperationalstatefromwhichyoucanperformarestore,usingyourmostrecentbackup.
JobSchedulingAnotherimportantpartofanetworkbackupsoftwareproductisitsabilitytoschedulejobstooccuratparticulartimes.Somerudimentarybackupsoftwareproducts(suchasthosethatcomefreewithanexternalharddrive)canonlyexecuteabackupjobimmediately.Aneffectivenetworkbackupsolutionrequiresthatyoucreateaseriesofjobsthatexecuteat
![Page 609: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/609.jpg)
regularintervals,preferablywhenthenetworkisnototherwiseinuse.Agoodbackupsoftwareproductcanbeconfiguredtoexecutejobsatanytimeofthedayornightandrepeatthematspecifiedintervals,suchasdaily,weekly,andmonthly.Morecomplicatedschedulingoptionsarealsouseful,suchastheabilitytoexecuteajobonthelastdayofthemonth,thefirstFridayofthemonth,oreverythreeweeks.
Thetypesofjobsyoucreateandhowoftenyourunthemshoulddependontheamountofdatayouhavetobackup,theamountoftimeyouhavetoperformthebackups,thecapabilitiesofyourhardware,andtheimportanceofyourdata.Forexample,atypicalnetworkbackupscenariowouldcallforafullbackupperformedonceaweek,andincrementalordifferentialjobsperformedontheotherdays,withallofthejobsrunningduringthenight.
RotatingMediaNetworkbackupsoftwareproductstypicallyenableyoutocreateyourownbackupstrategybycreatingandschedulingeachjobseparately,butmostalsohavepreconfiguredjobscenariosthataresuitableformostnetworkconfigurations.Thesescenariosusuallyincludeamediarotationscheme,whichisanotherpartofaneffectivenetworkbackupstrategy.Amediarotationschemeisanorganizedpatternofdevicelabelingandallocationthatenablesyoutofullyprotectyournetworkusingtheminimumpossiblenumberofdevices.Youcanconceivablyuseanewdriveforeverybackupjobyourun,butthiscangetveryexpensive.Whenyoureusedrivesinstead,youmustbecarefulnottooverwriteadriveyoumaystillneedintheeventofadisaster.
ThemostcommonmediarotationschemeimplementedbybackupsoftwareproductsiscalledGrandfather-Father-Son.Thesethreegenerationsrefertomonthly,weekly,anddailybackupjobs,respectively.The“Son”jobsruneachdayandaretypicallyincrementalsordifferentials.Theschemecallsforseveraldrives(dependingonhowmanydaysperweekyouperformbackups),whicharereusedeachweek.Forexample,youwouldhaveadrivedesignatedfortheWednesdayincrementaljob,whichyouoverwriteeveryWednesday.The“Father”jobsaretheweeklyfullbackups,whichareoverwritteneachmonth.Therewillbefourorfiveweeklyjobseachmonth(dependingonthedayyouperformthejobs).Thedrivesyouuseforthefirstfullbackupofthemonth,forexample,willbeoverwrittenduringthefirstfullbackupofthenextmonth.The“Grandfather”jobsaremonthlyfullbackups,themediaforwhicharereusedonceeveryyear.
TIPThemonthlydrivesinthemediarotationareoftendesignatedforoff-sitestorage,whichisanessentialpartofagoodbackupstrategy.Diligentlymakingbackupswilldoyouandyourcompanynogoodifthebuildingburnsdown,takingallofyourbackupdriveswithit.Periodicfullbackupsshouldbestoredatasecuredsite,suchasafireproofvaultorabanksafedepositbox.Someadministratorssimplybringthetapeshomeonaregularbasis,whichcanbeequallyeffective.
BackupAdministration
![Page 610: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/610.jpg)
Whencreatinganautomatednetworkbackupsolution,properplanningandpurchasingarethemostimportantfactors.Oncethesystemisinplace,thereshouldbelittleuserinteractionrequired,exceptformakingsurethattheproperdriveisconnectedeachday.It’salsoimportantfortheadministratortomakesurethatthebackupjobsareexecutingasdesigned.
EventLoggingNetworkbackupsoftwareproductsnearlyalwayshaveanindicatorthatspecifieswhethereachbackupjobhascompletedsuccessfullyorhasfailed.However,simplycheckingthisindicatordoesnotnecessarilygiveanadequatepictureofthejob’sstatus.Thecriteriausedtoevaluateajob’ssuccessorfailurecanvaryfromproducttoproduct.Ajobfailurecanbeanindicationofamajorproblem,suchasahardwarefailurethathaspreventedanydatafrombeingwrittentotheexternaldrive.Withsomeproducts,asinglefilethatisskippedbecauseitislockedopencancauseajobtobelistedashavingfailed,eventhoughalloftheotherfileshavebeensuccessfullywritten.
Tocheckthestatusofthejobingreaterdetail,youexaminetheeventlogsmaintainedbythesoftware.Backuplogscancontainavaryingamountofdetail,andmanysoftwareproductsletyouspecifywhatinformationyouwanttobekeptinthelog.Afullorcompletelogcontainsanexhaustiveaccountofthebackupjob,includingalistofallofthefilescopied.Thistypeoflogcontainseverythingyoucouldeverwanttoknowaboutabackupjob,includingwhichtargetswerebackedupandwhichwereskipped,aswellasanyerrorsthatmayhaveoccurred.Thecompletefilelistingcausesaloglikethistobeenormousinmostcases,andtheaverageadministratorislesslikelytocheckthelogsregularlywhenit’snecessarytoscrollthroughhundredsofpagesoffilenamestodoso.
Maintainingafulllogmightbeagoodideaasyouarelearningtheintricaciesofyourbackupsoftware,butafterthefirstfewjobs,you’llprobablywanttoreconfigurethesoftwaretokeepasummarylogcontainingonlythedetailsthatyouneedtoexamineonaregularbasis,suchaswhethertargetcomputerswerebackedupornot,thenamesoffilesthatwereskipped,anderrormessages.Administratorsshouldexaminethelogsfrequentlytomakesurethatthebackupjobsarerunningasplanned.
PerformingRestoresLogsandsuccessindicatorsareusuallyreliablemethodsofconfirmingthatyourbackupsarecompletingsuccessfully,buttheyarenosubstituteforperformingaregularseriesoftestrestores.Thewholereasonforrunningbackupsinthefirstplaceissoyoucanrestoredatawhennecessary.Ifyoucan’tdothis,thenallofthetimeandmoneyyou’vespentiswasted.It’sentirelypossibleforajobtobelistedashavingcompletedsuccessfullyandforthelogstoindicatethatallofthetargetshavebeenbackedup,onlytofindthatit’simpossibletorestoreanydata.Thereasonsforthisaremany,buttherearemanyhorrorstoriestoldbynetworkadministratorsaboutpeoplewhohavediligentlyperformedbackupsformonthsoryearsandhavecarefullylabeledandstoredthebackupsonlytofindthatwhentheysufferadisaster,everythingisblank.Performingtestrestoresonaregularbasiscanpreventthissortofcatastrophe.
![Page 611: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/611.jpg)
Backupsoftwareproductshavearestorefunctionthatusuallylooksalotliketheinterfaceyouusetocreatebackupjobs.Youcanbrowsethroughadirectorystructuretolocatethefilesthatyouwanttorestore.Whenyoubrowseinthisway,youarelookingatanindexofallofthestoredfiles.Withouttheindex,thesoftwarehasnowayofknowingwhatfilesarewhere.Allbackupsoftwareproductscreateanindexforeachbackupjobtheycomplete,butwheretheystoretheindexcanvary.
![Page 612: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/612.jpg)
Index
Pleasenotethatindexlinkspointtopagebeginningsfromtheprintedition.Locationsareapproximateine-readers,andyoumayneedtopagedownoneormoretimesafterclickingalinktogettotheindexedmaterial.
Symbols
|(pipe),joiningtools,386
Numbers
2BIQdataencoding,NorthAmerica,123
4B3Tdataencoding,Europe,123
5-4-3rule
appliedtoEthernetcabling,177
calculatingnetworkperformanceoverEthernet,178–179
10BaseEthernet
10Base-2.SeeThinEthernet(10Base-2)
10Base-5.SeeThickEthernet(10Base-5)
10Base-F,176
10Base-T,172,174–175,187
autonegotiationsystemand,195
cablingstandards,178
100BaseEthernet
100Base-FX,191
100Base-T,172,174–175
100Base-T4,190–191
100Base-TX,187,190
autonegotiationsystem,194–195
cablelengthrestrictions,191
full-duplexoperationand,187
hubconfigurations,191–193
overviewof,189
physicallayeroptions,189–190
![Page 613: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/613.jpg)
timingcalculations,193–194
100Baselinkpulse(FLP),autonegotiationsystemand,195
100VG-AnyLAN
medium-dependentinterface,206
overviewof,202–203
sublayersof,203–206
workingwith,206–207
1000BaseEthernet.SeealsoGigabitEthernet
1000Base-LX,199–200
1000Base-SX,200
1000Base-T,195,200
full-duplexoperationand,187
A
A(address)resourcerecord,292
AAL(ATMadaptationlayer),135
abortdelimiterframe,TokenRing,218
abstractsyntax,presentationlayer,33
accesscontrolentries(ACEs),Windowssecuritymodel,350,423
accesscontrol,FTPcommandsfor,327
accesscontrollists.SeeACLs(accesscontrollists)
accesspoints.SeeAPs(accesspoints)
ACEs(accesscontrolentries),Windowssecuritymodel,350,423
ACKframes,CSMA/CD,111
ACKmessages,TCP,275
ACLs(accesscontrollists)
filesystemsecurity,421–422
Windowssecuritymodel,350,423
ACR(attenuation-to-crosstalk),cablecategoriesand,88
activemonitor(AM),TokenRing,216
AD(ActiveDirectory)
architecture,364
![Page 614: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/614.jpg)
creating/configuringsites,373–375
creatingdomaincontrollers,369–370
deploying,369
directoryreplication,370–372
DNSand,368–369
domains,trees,forests,367–368
globalcatalogserver,369
MMC(MicrosoftManagementConsole)and,372–373
objectnaming,365–367
objecttypes,364–365
asoptionalWindowsnetworkingservice,360
overviewof,363
planningdomains,trees,andforests,375–376
Windowssecuritymodel,423–424
adhocinfrastructure
settingupwirelessaccesspoints,451
WLANs,101–102
AddressResolutionProtocol.SeeARP(AddressResolutionProtocol)
addressesframe,MAC,110
addressing
ATM,134–135
atdatalinklayer,23
IPaddresses.SeeIPaddresses
MACaddresses.SeeMACaddresses
networkingand,8
adjustedringlength(ARL),TokenRing,213
administration
ofbackups,515–516
controllingworkstations,468
creatingdefaultuserprofile,474
deployingsystempolicies,479
mandatoryprofiles,473
![Page 615: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/615.jpg)
mappingdrives,468–470
overviewof,463
profilereplication,473–474
ofregistry,474
remoteadministrationofwebservers,317
restrictingworkstationaccess,476–479
roamingprofiles,472–473
ofserver-basedapplications,464–465
ofserver-basedoperatingsystems,464
settingenvironmentvariables,466–468
storingdatafiles,465–466
systempolicyfiles,476
systempolicytemplates,474–476
userprofiles,470–472
ADSL(asymmetricaldigitalsubscriberline),124–125
AdvancedResearchProjectsAgencyNetwork(ARPANET)
cloudenvisionedbyfoundersof,398
precursorstocloudcomputing,399
agents,usewithnetworkanalyzers,492
AH(AuthenticationHeader)protocol,438–439
AllRingsBroadcast(ARB),TokenRing,60
AM(activemonitor),TokenRing,216
AM(amplitudemodulated)signaling,20
AmazonWebServices,400
AmericanNationalStandardsInstitute.SeeANSI(AmericanNationalStandardsInstitute)
AmericanWireGauge(AWG),cablesizein,80
amplitudemodulated(AM)signaling,20
analog
leasedlines,118
physicallayersignaling,20
ANSI(AmericanNationalStandardsInstitute)
100Base-Xstandard,190
![Page 616: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/616.jpg)
cablingstandard,81–82
FDDIstandard,220
FibreChannelstandard,199
anti-malware,456
anycastaddresses,IPv6,264
APIs(applicationprogramminginterfaces)
TDIserviceand,354
WindowsOSs,355–356
applicationlayer,ofOSImodel,34–35
application-levelgateways(proxyservers),444
applicationprogramminginterfaces.SeeAPIs(applicationprogramminginterfaces)
applications
administeringserver-based,464–465
client-serverarchitectureand,11–12
leased-line,120–121
restrictingonworkstationswithsystempolicies,477
router,64–65
wirelessnetwork,98–100
APs(accesspoints)
802.11infrastructuretopology,102–103
wireless.SeeWAPs(wirelessaccesspoints)
ARB(AllRingsBroadcast),TokenRing,60
architecture
ActiveDirectory,364
client-server,11–12,104,393–395
cloudcomputing,402–403
GigabitEthernet,196
TCP/IP,236–237
UnixOSs,387–388
Windowsnetworking,352–353,411–413
ARL(adjustedringlength),TokenRing,213
ARP(AddressResolutionProtocol)
![Page 617: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/617.jpg)
caching,256
messageformat,254
overviewof,253–254
resolvingMACaddressestoIPaddresses,237
transactions,254–255
ARPANET(AdvancedResearchProjectsAgencyNetwork)
cloudenvisionedbyfoundersof,398
precursorstocloudcomputing,399
AS(authenticationserver),Kerberosand,433–434
AS(autonomoussystems),routingand,72
association,WLANbasicserviceset,101–102
asymmetricaldigitalsubscriberline(ADSL),124–125
asymmetricalmultiprocessing,140
AsynchronousTransferMode.SeeATM(AsynchronousTransferMode)
at-restencryption,459–460
ATMadaptationlayer(AAL),135
ATM(AsynchronousTransferMode)
adaptationlayer,135
addressing,134–135
backbonespeedand,157
cablecategoriesand,88
Ethernetcompatibilitycomparedto,165
overviewof,130–132
physicallayer,132–133
support,135
virtualcircuits,134
attachmentunitinterface.SeeAUI(attachmentunitinterface)
attenuation,ofsignalovercabling,49
attenuation-to-crosstalk(ACR),cablecategoriesand,88
attributeschemaobjects,364
attributes,TCP/IP,235–236
auditing,Windowssecuritymodel,422
![Page 618: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/618.jpg)
AUI(attachmentunitinterface)
fiber-opticcablingand,176
forThickNetcabling,173
authentication
digitalcertificates,434–435
FTPuserauthentication,431–432
functionsofPPP,246
IPsecfeatures,437
Kerberos,432–433
loggingintoUnixsystems,390
overviewof,432
PKIand,433–434
protocolsinPPP,250
token-basedandbiometric,435–436
AuthenticationHeader(AH)protocol,438–439
Authenticationphase,connectionestablishmentinPPP,252
authenticationserver(AS),Kerberosand,433–434
authorizationstate,POP3,339–340
autonegotiationsystem,100BaseEthernet,194–195
autonomoussystems(AS),routingand,72
AWG(AmericanWireGauge),cablesizein,80
B
Bchannels,ISDN,122–123
back-endarchitecture,cloudcomputing,402–403
backbones
differingdefinitions,152
faulttolerance,157–158
ininternetworkdesign,155–157
selectingLANprotocolfor,158–159
typesof,157
backingoffprocess,collisionsand,169–170
![Page 619: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/619.jpg)
backplane
connectingRAIDdrivesto,502
indistributedbackbone,157
backupsoftware
backingupopenfiles,513
disasterrecovery,514
filters,511
incrementalanddifferentialbackups,511–513
overviewof,510
rotatingbackupmedia,514–515
schedulingbackups,514
selectingbackuptargets,510–511
backups
administering,515–516
capacityplanning,497
connectionmethods,498–501
disasterrecovery,514
diskdrivesfor,498
filteringscopeof,511
hardwarefor,497
incrementalanddifferential,511–513
magnetictapecapacity,508–510
magnetictapedriveinterfaces,507–508
magnetictapedrives,507
NASdevices,506–507
ofopenfiles,513
overviewof,495–496
RAIDsystems,502–506
rotatingmediafor,514–515
scheduling,514
selectingbackuptargets,510–511
softwarefor,510
![Page 620: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/620.jpg)
bandwidth
ISDNservices,122
LANsvs.WANs,115–116
NICselectionand,45
packet-switchingservices,127
physicaldevicespeedmeasuredin,40
baseband,broadbandcomparedwith,4
bashshell,Unix,388
BasicRateInterface(BRI),ISDN,122
basicserviceset.SeeBSS(basicserviceset),WLANs
basicservicesetID(BSSID),MACframeaddressfield,110
BayonetNeill-Concelmanconnectors.SeeBNC(BayonetNeill-Concelman)connectors
BC-P(BorderGatewayProtocol),72
beaconreceiveauto-removaltest,218
beacontransmitauto-removaltest,217
beaconing,TokenRing,217–218
Berkeleyremotecommands
Unixclientsand,418
Unixremotecommands,390
bindingdata,storedinglobalcatalog,369
biometricscanners,authenticationwith,435–436
bitrepeatmode,tokenpassing,213
blocks,writingdatatotapedrives,509
Bluetooth,aswirelessnetwork,98
BNC(BayonetNeill-Concelman)connectors
connectingcoaxialcable,85
repeatersand,50
ThinNetusing,174
bootingLinuxcomputer,381
BOOTP,Unixand,389
BorderGatewayProtocol(BC-P),72
bottlenecks,NICselectionand,44–45
![Page 621: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/621.jpg)
boundedmedia,97
Bourneshell,Unix,388
BPDUs(bridgeprotocoldataunits),57
branchingtreeconfiguration,ofEthernethubs,212
BRI(BasicRateInterface),ISDN,122
bridgeloops,58–59
bridgeprotocoldataunits(BPDUs),57
bridges
bridgeloops,58–59
defined,9
designated,57
EthernettoTokenRing,61–62
ISDNcommunicationsatdatalinklayer,123
overviewof,55–57
sourceroutebridging,60–61
sourceroutetransparentbridging,63
translationalbridging,62
transparentbridging,58
WANstoLANs,113–114
broadband
basebandcomparedwith,4
ISDN,136
broadcastaddresses,inEthernetframe,182
broadcastdomains,collisiondomainscontrastedwith,52
broadcastindicators,60–61
broadcaststorms
bridgeloopsand,59
troubleshootingEthernet,201
browsers
HTTProleinbrowser/servercommunication,318
webserversand,313
BSDUnix
![Page 622: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/622.jpg)
Berkeleyremotecommands,390
historicalNOSs,397–398
Unixvarieties,389
BSS(basicserviceset),WLANs
adhoctopology,101–102
distributionsystem,104
infrastructuretopology,102–103
overviewof,101
BSSID(basicservicesetID),MACframeaddressfield,110
bursts,framerelaynetworks,127
bus-architectureswitching,75
businterface,NICselectionand,44
busmastering,NICfeatures,42
bustopology
cablingpatterns,6
mixingandlinksegmentsconnecting,54
businessnetworks,securing,455–456
bypassswitch,FDDItopology,222
C
Cprogramminglanguage,377
Cshell,Unix,388
cablemodems,86
cabletesters,493–494
cablednetworks
advantagesanddisadvantagesof,98–99
wirelessnetworksvs.,97–98
cables
5-4-3ruleappliedto,177
100BaseEthernetlengthrestrictions,191
attenuationofsignalover,49
Cat5e,Cat6/6a,Cat7,88–89
![Page 623: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/623.jpg)
coaxial,84–85
connectorpinouts,89–92
connectorsforfiber-opticcable,94–95
constructionoffiber-opticcable,93–94
crossovercables,54
datalinklayerstandards,84
Ethernetspecificationguidelines,176
Ethernetspecificationleeway,180–181
fiber-optic,93
FibreChannelphysicallayer,145
NICselectionand,43–44
overviewof,79
propertiesof,79–81
segments,4
standards,81–82
STP,92–93
ThickNet,85,172–173
ThinNet,85–86,173–174
TIA/EIA-568standard,82–84
TokenRing,210
topologies,5–8
TVserviceover,86
twistedpair,86
UTP,86–88,178
cachedatapersistence,DNSservers,296–297
caching,ARP(AddressResolutionProtocol),256
canonicalname(CNAME),DNSresourcerecords,292
capacityplanning,forbackupsystem,497
capturefilters,datafiltering,491
carriersense
CSMA/CDphase,169
GMIIsignals,198
![Page 624: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/624.jpg)
CarrierSenseMultipleAccesswithCollisionAvoidance(CSMA/CA),110–111
CarrierSenseMultipleAccesswithCollisionDetection.SeeCSMA/CD(CarrierSenseMultipleAccesswithCollisionDetection)
CAs(certificateauthorities),434–435
case,server,138
Cat5/5ecable
in1000Base-T,200
cabletesters,494
coaxialcable,88
EIA/TIAcablecategories,80
selectingnetworkmedium,154
inTokenRing,210
Cat6/6acable
coaxialcable,88
EIA/TIAcablecategories,80
selectingnetworkmedium,154
Cat7cable,89
categories,cable.Seealsobyspecificcategories
in1000Base-T,200
specificationsandtypes,87–89
TIA/EIA-568colorcodes,87
CAUs(controlaccessunits),TokenRing,211–212
CBIR(committedburstinformationrate)
framerelaynetworks,127
PVCswithown,129
CCITT(ConsultativeCommitteeforInternationalTelephoneandTelegraphy),13
CDdrives,backuphardware,497
CDDI(CopperDistributedDataInterface),FDDIsublayers,224
cellheader,ATM,133
celllosspriority(CLP),ATMcells,133–134
cellswitching,packetswitchingcomparedwith,4
cells,encapsulationterminology,17
certificateauthorities(CAs),434–435
![Page 625: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/625.jpg)
certificates,digital,434–435
CGI(CommonGatewayInterface),315
ChallengeAuthenticationProtocol(CHAP),250
channelserviceunit/dataserviceunit(CSU/DSU),120
CHAP(ChallengeAuthenticationProtocol),250
cheapernet.SeeThinEthernet(10Base-2)
checkpoints,indialogseparation,31–32
chmodcommand,changingpermissionswith,431
CIDR(ClasslessInter-DomainRouting),237
CIFS(CommonInternetFileSystem),147–148
CIR(committedinformationrate)
framerelaynetworks,127
PVCswithown,129
circuit-levelgateways,445
circuitswitching
ISDNas,122
packetswitchingcomparedwith,5
WANservices,127
ClassIhubs,100BaseEthernet,192
ClassIIhubs,100BaseEthernet,192
classschemaobjects,364
classes
FibreChannelservice,146–147
objectclass,364
classes,IPaddress
overviewof,240–241
specialaddresses,241–242
unregisteredaddresses,241
ClasslessInter-DomainRouting(CIDR),237
clear-to-send(CTS)messages,CSMA/CA,111
ClientforNetworkFileSystems(NFS),419
client-serverarchitecture
![Page 626: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/626.jpg)
802.11infrastructuretopology,104
overviewof,11
UnixOSs,393–395
clients
e-mail,333–334
HTTPclienterrorcodes,324–325
networkclients.Seenetworkclients
cloud
advantagesof,400–401
backupcapacityplanning,497
disadvantagesof,401–402
earlyproviders,399–400
framerelayusingFRADstoconnectto,128
howitworks,402–404
IaaSservicemodel,405–406
NaaSservicemodel,408
overviewof,399
PaaSservicemodel,406–407
packet-switchingservicesusingnetwork,127
precursors,399
SaaSservicemodel,407–408
selectingWANprotocolforinternetworkdesign,159
typesofservices,404–405
CLP(celllosspriority),ATMcells,133–134
clustering,multiprocessingserver,141–143
CNAME(canonicalname),DNSresourcerecords,292
coaxialcable
cabletesters,493–494
Cat5e,88
Cat6/6a,88
Cat7,89
connectorpinouts,89–92
![Page 627: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/627.jpg)
overviewof,84–85
repeatersand,50
shieldedtwisted-pair.SeeSTP(shieldedtwisted-pair)cable
thickEthernet,85
thinEthernet,85–86
TVserviceover,86
twistedpair,86
unshieldedtwistedpair.SeeUTP(unshieldedtwistedpair)
collapse,networkdegradation,170
collapsedbackbones
distributedbackbonescomparedwith,157
fiber-opticcableand,95
collapsed(logical)ring,TokenRing,210
collisiondetection
inCSMA/CD,169
GMIIsignals,198
physicallayerspecifications,19
collisiondomains,broadcastdomainscontrastedwith,52
collisions
comparingTokenRingandEthernet,209
CSMA/CD,168–170
dialogseparationand,31
Ethernetand,168–171
late,171
troubleshootingEthernet,201
collisions,indirectoryreplication,370
command(MAC)frame,TokenRing,218
commandprompt,accessinginWindows7and8,482
commands,LinuxOSs,381–383
commands,Unix
DARPAcommands,392–393
remotecommands,390–392
![Page 628: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/628.jpg)
committedburstinformationrate(CBIR)
framerelaynetworks,127
PVCswithown,129
committedinformationrate(CIR)
framerelaynetworks,127
PVCswithown,129
CommonGatewayInterface(CGI),315
CommonInternetFileSystem(CIFS),147–148
CommonLogFileformat,315–316
communication,betweenlayersofOSImodel
dataencapsulationand,14–16
encapsulationterminology,17–18
horizontalcommunication,16
overviewof,14
verticalcommunication,17
communicationsecurity
AuthenticationHeaderprotocol,438–439
EncapsulatingSecurityPayloadprotocol,439–440
IPsec,436–437
overviewof,436
SSL,440–442
communications
FibreChannel,146–147
ISDN,122–123
betweenlayersofOSImodel,30–31
communitycloud,typesofcloudservices,405
compression,magnetictapecapacityand,508
computers
bootingLinuxcomputer,381
connectingintoworkgroups,5
mainframe,399
selectingforSOHOnetworkdesign,153–154
![Page 629: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/629.jpg)
concentrators.Seealsohubs;MAUs(multistationaccessunits),6
connectiondevices
bridgeloops,58–59
bridges,55–57
bridgingEthernetandTokenRingnetworks,61–62
hubconfigurations,53–55
hubtypes,50–53
ICMProutingfunctions,70–71
Layer3switching,76–77
multiple-layerswitching,77
overviewof,49
packetmanagement,70
repeaters,49–50
routeselection,69
routerapplications,64–65
routerfunctions,65–66
routers,63
routingprotocols,71–72
routingtables,66–68
routingvs.switching,75
sourceroutebridging,60–61
sourceroutetransparentbridging,63
staticanddynamicrouting,68–69
switchtypes,73–75
switches,72–73
translationalbridging,62
transparentbridging,58
virtualLANs,75–76
connectionestablishment,functionsofPPP,246
connection-orientedprotocols
connectionlessprotocolscomparedwith,26–27
LCCsublayerfunctions,184
![Page 630: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/630.jpg)
transportlayerand,27–28
connectionlessprotocols
connection-orientedprotocolscomparedwith,26–27
LCCsublayerfunctions,184
transportlayerand,27–28
connections
LANsvs.WANs,115–116
optionsforbackuphardware,498–501
PSTNorPOTSWAN,117–118
connections,TCP
establishing,274–276
terminating,280–281
connectors.Seealsobyindividualtypes
connectorpinouts,89–92
fiber-opticcable,94–95
forhubsandrepeaters,50
NICselectionand,44
straightthroughwiringand,53
ThinNetcable,174
TokenRing,210
UTPcable,175
ConsultativeCommitteeforInternationalTelephoneandTelegraphy(CCITT),13
containerobjects,ActiveDirectory,364–365
contentiontime(slottime),collisionsand,169
continuitytesting,cabletesters,494
controlaccessunits(CAUs),TokenRing,211–212
controlfield,LLCheaderfields,184–185
controlframes,802.11atMAClayer,108–110
controlpanel,WindowsOSs,359
convergencesublayer(CS),ATMadaptionlayer,135
coppercables
compatibilitywithfiber-optic,159
![Page 631: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/631.jpg)
physicallayercablingand,18
shielded.SeeSTP(shieldedtwisted-pair)cable
unshielded.SeeUTP(unshieldedtwistedpair)
CopperDistributedDataInterface(CDDI),FDDIsublayers,224
county-code(international)domains,289
CRC(cyclicalredundancycheck)
collisionsand,169
errordetectionatdatalinklayer,24
troubleshootingEthernet,201
crimpers,forworkingwithcoaxialcable,86
cross-siterequestforgery(CSRF),securingwirelessrouters,456
crossbarswitching,hardwareconfigurationforswitches,74
crossovercables
connectingtohubvia,175
uplinkportand,54
UTP,91
cryptography.Seealsoencryption,433
CS(convergencesublayer),ATMadaptionlayer,135
CSMA/CA(CarrierSenseMultipleAccesswithCollisionAvoidance),110–111
CSMA/CD(CarrierSenseMultipleAccesswithCollisionDetection)
collisionsonEthernetnetworksand,170–171
GigabitEthernetusing,196
IEEE802.3standard,166–167
mediaaccesscontrol,8,24,110–111,166
overviewof,168–170
CSRF(cross-siterequestforgery),securingwirelessrouters,456
CSU/DSU(channelserviceunit/dataserviceunit),120
CTS(clear-to-send)messages,CSMA/CA,111
cut-throughswitches,73
cybersquatting,controllingdomainnamesforprofit,288–289
cyclicalredundancycheck.SeeCRC(cyclicalredundancycheck)
D
![Page 632: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/632.jpg)
Dchannels,ISDNcommunications,122–123
DA(destinationaddress),MACframeaddressfield,110
DACs(dualattachmentconcentrators),FDDItopology,221–223
daemons,Unixserverapplicationsrunningas,395
daisychains,cablingpatterns,7
DAP(DirectoryAccessProtocol),365
DARPAcommands,Unix,392–393,418
DASs(dualattachmentstations),FDDItopology,221–223
databuffering,NICfunctions,40
datacenters,internetworkdesign,161–162
dataencapsulation
incommunicationbetweenlayersofOSImodel,14–16
terminology,17–18
dataencoding/decoding
NICfunctions,41
telephonecompanies,123
datafield,inEthernetframe,182–183
datafiles,storing,465–466
dataframes
802.11atMAClayer,108–110
FDDI,225–227
TokenRing,218–219
dataintegrity,IPsecfeatures,437
datalinkconnectionidentifiers(DLCIs),framerelay,129–130
datalinklayer,ofOSImodel
802.11,110–113
addressing,23
bridgingEthernetandTokenRingnetworks,61–62
cablestandards,84
errordetection,24
framerelayat,127
frames,108–110
![Page 633: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/633.jpg)
interfacebetweendatalinkandphysicallayers,198
ISDNcommunicationsat,123
LCC(logicallinkcontrol)sublayerof,183–186
MAC(mediaaccesscontrol)sublayerof,183
mediaaccesscontrol,23–24
overviewof,22–23
protocolindicator,24
switchesoperatingat,72
datastream,magnetictapecapacityand,509
datatransfer
NICfunctions,40
TCP,277–279
datatransmission/reception,NICfunctions,41
datagrams
encapsulationterminology,17
fragmenting,259–260
packaging,256–259
DC(domaincontrollers)
creating,369–370
sitesascollectionof,371
Windowssecuritymodel,423
DDNS(dynamicDNS),369
dedicatedconnections,118
dedicatedstoragenetwork,deployingNASserveras,148
deltafiles,513
demandpriority,in100VG-AnyLAN,203
demilitarizedzone(DMZ),445
deployingActiveDirectory
creatingdomaincontrollers,369–370
directoryreplication,370
intersitereplication,372
intrasitereplication,371–372
![Page 634: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/634.jpg)
multimasterdatasynchronization,370–371
overviewof,369
sites,370–371
deployingsystempolicies,479
designatedbridges,57
designingnetworks
backbonefaulttolerance,157–158
backboneoptionsforinternetworkdesign,157
connectinginternetworkstoremotenetworks,159
datacenters,161–162
finalizingdesign,162
gettingapproval,153
internetworkdesign,155
locatingequipmentforinternetworkdesign,160
overviewof,151–152
planninginternetaccess,160
reasonforneeding,152
segmentsandbackbonesforinternetworkdesign,155–157
selectingbackboneLANprotocolforinternetworkdesign,158–159
selectingcomputersforSOHOdesign,153–154
selectingnetworkmediumforSOHOdesign,154–155
selectingnetworkspeedforSOHOdesign,155
selectingprotocolsforSOHOdesign,154
selectingWANprotocolforinternetworkdesign,159–160
smalloffice/homeoffice(SOHO)design,153
wiringclosets,161
desktop,lockingdownWindowsinterface,478
destinationaddress(DA),MACframeaddressfield,110
destinationaddress,inEthernetframe,181
destinationserviceaccesspoint(DSAP),184
destinationunreachablemessages,ICMPerrormessages,268–269
devicedrivers
![Page 635: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/635.jpg)
NDISdriversforMacclients,353
NDISdriversforWindowsclients,352–353,413–415
DHCP(DynamicHostConfigurationProtocol)
assigningIPaddresses,239–240,368–369
ipconfigand,490
asoptionalWindowsnetworkingservice,360–361
Unixand,389
dialogs,sessionlayer
defined,30
dialogcontrol,31–32
dialogseparation,32–33
differentialbackups,511–513
DifferentialManchester,inTokenRing,21–22,210
digitalcertificates,434–435
digitalleasedlines,WANs
hardware,120
overviewof,118–119
digitalmodem,120
digitalsignals,physicallayer,20–21
digitalsignatures,publickeyinfrastructureand,433
digitalsubscriberline.SeeDSL(digitalsubscriberline)
direct-sequencespreadspectrum(DSSS),physicallayermedia,104–106
DirectoryAccessProtocol(DAP),365
directorypermissions,Unix,431
directoryreplication
ActiveDirectory,370–372
intersitereplication,372
intrasitereplication,371–372
multimasterdatasynchronization,370–371
overviewof,370
sites,370–371
directoryschema,364
![Page 636: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/636.jpg)
directoryservices.SeeAD(ActiveDirectory)
directorystructure,Linux,381–382
disasterrecovery
advantagesofcloudcomputing,401
frombackup,514
performingrestore,516
diskdrives
backupcapacityplanning,497
forbackups,498
HDDs(harddiskdrives),498
magnetictape.Seemagnetictape
mapping,468–470
SSDs(solid-statedrives),498–499
diskduplexing,RAID,504
diskmirroring,RAID,504,506
diskstriping,RAID,503,506
displayfilters,datafiltering,491
distinguishednames(DN),365–366
distributedbackbones,collapsedbackbonescomparedwith,157
distributeddatabase,DNSas,290
distributionsystem(DS)
802.11,104
leased-linetypes,119
distributions(distros),Linux,377–378
DIXEthernetII,166
DLCIs(datalinkconnectionidentifiers),framerelay,129–130
DMA(directmemoryaccess),40
DMZ(demilitarizedzone),445
DN(distinguishednames),365–366
DNS(DomainNameSystem)
ActiveDirectoryand,368–369
applicationprotocolsofTCP/IPsuite,237
![Page 637: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/637.jpg)
.comdomainconflicts,288
county-code(international)domains,289
cybersquatting,288–289
DNSrequests,293–294
domainnamingprocess,285–287
dynamicupdates,300
emailaddressingand,332–333
functionsof,291–292
headerfields,301–303
hosttables,283–284
loadbalancing,296
messageformat,301
messagenotation,305–307
nameregistration,299–300
nameresolutionmessages,307–309
objectivesof,284–285
overviewof,283
QuestionsectionofDNSmessage,303
resolvers,293
resolvingdomainnames,294–296
ResourceRecordsectionofDNSmessage,303–305
resourcerecords,292–293
reversenameresolution,297–298
rootnameserverdiscovery,309–310
rootnameservers,294
second-leveldomains,289–290
servercaching,296–297
subdomains,290–291
supplyinguser-friendlynames,244–245
top-leveldomains,287–288
Unixand,389
zonetransfermessages,310–312
![Page 638: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/638.jpg)
zonetransfers,300–301
DNSqueries
generating,293
recursiveanditerative,293–294
DNSservers
DDNSsupport,369
loadbalancing,297
asoptionalWindowsnetworkingservice,361
overviewof,285
primarymasterandsecondarymasterroles,300–301
queryingwithnslookup,490
requests,293–294
resolvingdomainnames,294–296
rootnameserverdiscovery,309–310
rootnameservers,294
servercaching,296–297
DNStree,285
domaincontrollers.SeeDC(domaincontrollers)
domainnamespeculators,288
DomainNameSystem.SeeDNS(DomainNameSystem)
domainnames,emailaddressingand,332
domains
ActiveDirectory,367–368
basicelementsofDNS,285
.comdomainconflicts,288
county-code(international)domains,289
namingprocess,286–287
overviewof,285–286
planningActiveDirectorydomains,375–376
resolvingdomainnames,294–296
second-leveldomains,289–290
subdomains,290–291
![Page 639: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/639.jpg)
top-level,287–288
DOSenvironmentsubsystem,inWindowsOSs,351–352
dotteddecimalnotation,inIPv4,238
drivers.Seedevicedrivers
DS(distributionsystem)
802.11,104
leased-linetypes,119
DSAP(destinationserviceaccesspoint),184
DSL(digitalsubscriberline)
overviewof,124
routerapplications,64
typesandpropertiesof,125
DSSS(direct-sequencespreadspectrum),physicallayermedia,104–106
dualattachmentconcentrators(DACs),FDDItopology,221–223
dualattachmentstations(DASs),FDDItopology,221–223
dual-bandrouters,448–449
dualhoming,FDDItopology,223
dualringoftrees,FDDItopology,221
DVDdrives,497
dynamicDNS(DDNS),369
DynamicHostConfigurationProtocol.SeeDHCP(DynamicHostConfigurationProtocol)
dynamicrouting,68–69,262
dynamictopology,WLANs,101
dynamicupdates,DNSnames,300
E
addressing,332–333
clientsandservers,333–334
IMAP,341–342
MIME,337–339
overviewof,332
![Page 640: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/640.jpg)
POP3,339
POP3authorizationstate,339–340
POP3transactionstate,340
POP3updatestate,341
SMTP,334
SMTPcommands,334–336
SMTPreplies,336–337
SMTPtransactions,337
earlycollisions.Seealsocollisions,171,201
earlytokenrelease(ETR)
FDDI,228
TokenRing,214
EC(errorcontrol),ATMcells,134
ECC(errorcorrectingcode),RAID2,504–505
EchoReplymessage,ICMPqueries,270
EchoRequestmessage
ICMPqueries,270
pingutilityand,486
edgeswitch,packet-switchingservice,127
EGP(ExteriorGatewayProtocol),72
EIA(ElectronicIndustriesAlliance)
cablecategories,80
cablingstandards,82
TIA/EIA-568colorcodes,87
TIA/EIA-568standard,82–84
TIA/EIA-568standardforconnectorpinouts,89–90
EMI(electromagneticinterference)
selectingnetworkmediumand,154
STPcableprotectedagainst,92
EncapsulatingSecurityPayload(ESP)protocol,439–440
encapsulation.Seedataencapsulation
encryption
![Page 641: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/641.jpg)
backingupwirelessnetworks,501
configuringwirelessrouters,452
IPsecfeatures,436
at-restencryption,459–460
risksrelatedtounsecuredhomenetworks,458
securinghomenetworks,454
settingupwirelessaccesspoints,451
in-transitencryption,460–461
end-to-endprotocols
PPP.SeePPP(Point-to-PointProtocol)
SLIP.SeeSLIP(SerialLineInternetProtocol)
endpoints,systemareanetwork,142
entities,HTTP,322
environmentsubsystems,inWindowsOSs,351
environmentvariables,466–468
ephemeralportnumbers,244
equipment,internetworkdesign,160
errorcodes,HTTP
clienterrorcodes,324–325
servererrorcodes,325
errorcontrol(EC),ATMcells,134
errorcorrectingcode(ECC),RAID2,504–505
errorcorrection,TCP,279–280
errordetection
atdatalinklayer,24
attransportlayer,29–30
errormessages,ICMP,266–270
errors
Ethernet,200–201
TokenRing,218–220
writeerrorsinmagnetictape,510
eSATA(ExternalSerialAdvancedTechnologyAttachment),498–499
![Page 642: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/642.jpg)
ESP(EncapsulatingSecurityPayload)protocol,439–440
ESS(extendedservicesset),104
Ethernet.Seealsobyspecifictypes
5-4-3ruleappliedtocabling,177
bridgingEthernetandTokenRingnetworks,61–62
cablecategoriesand,88–89
cablingguidelines,176
cablingspecificationleeway,180–181
calculatingnetworkperformance,178–179
collisions/collisionavoidance,168–171
Ethernetframe,181
EthernetIIframeformat,183
fiber-opticEthernet,175–176
full-duplexEthernet,186–188
GigabitEthernetasLANprotocol,144
IEEE802.3frameformat,181–183
LCCsublayer,183–186
MACaddresses,23
multipointrepeaters,51
overviewof,165–166
packetfragmentation,70
physicallayercablingand,18
physicallayerguidelines,171–172
segmentoptions,176
selectingnetworkprotocol,154
selectingnetworkspeed,155
SNAPheader,186
standards,166–168
ThickEthernet(10Base-5),172–173
ThinEthernet(10Base-2),173–174
translationalbridging,62
Twisted-PairEthernet(10Base-T/100Base-T),174–175
![Page 643: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/643.jpg)
UTPcablelength,51
UTPcabling,178
worst-casepath,179–180
Ethernetframe.Seealsoframes
EthernetIIframeformat,183
IEEE802.3frameformat,181–183
LCCsublayer,183–186
overviewof,181
EthernetII
frameformat,183
historyof,166
IEEE802.3comparedwith,167–168
Ethernettroubleshooting
errortypes,200–201
isolatingtheproblem,202
overviewof,200
Ethertype,EthernetIIframeformat,183
ETR(earlytokenrelease)
FDDI,228
TokenRing,214
eventlogs,backupadministration,515–516
exchange,FibreChannelcommunications,146
exporting/sharing,NFS(NetworkFileSystem),393
ext2/ext3/ext4,Linuxfilesystems,380
ExtendedLogFileformat,316
extendedservicesset(ESS),104
ExteriorGatewayProtocol(EGP),72
ExternalSerialAdvancedTechnologyAttachment(eSATA),498–499
F
fabrictopology,FibreChannelnetwork,145–146
fan,purchasingserver,138–139
![Page 644: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/644.jpg)
FastEthernet
backbonespeedand,156
cablecategoriesand,88
collisiondetection,187
full-duplexoperationand,187
selectingnetworkspeed,155
fasthopsystem,802.11FHSS,105
FAT16
Linuxfilesystems,380
Windowsfilesystems,356
FAT32
Linuxfilesystems,380
Windowsfilesystems,356–357
faulttolerance
backbones,157–158
withserverclustering,141–142
ofUTPnetworks,175
FC-0-5layers,FibreChannel,144
FCS(framechecksequence)
collisionsand,169
errordetectionatdatalinklayer,24
inEthernetframe,183
inGigabitEthernet,197
FDDI(FiberDistributedDataInterface)
backbonespeedand,156
Ethernetcompatibilitycomparedto,165
MAClayer,224–228
overviewof,220–221
physicallayer,225
PMDlayer,224–225
stationmanagementlayer,228–231
sublayersof,224
![Page 645: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/645.jpg)
topologyof,221–224
typesofmediaaccesscontrol,24
FHSS(frequency-hoppingspectrum),physicallayer
frame,106–107
overviewof,104–106
FiberDistributedDataInterface.SeeFDDI(FiberDistributedDataInterface)
fiber-opticcable
alternativetocoppercable,79
connectors,94–95
constructionof,93–94
inFDDI,220
NICselectionand,46
overviewof,93
physicallayercablingand,18
selectingbackboneLANprotocol,158–159
selectingnetworkmedium,154
Fiber-opticEthernet
full-duplexoperationand,187
overviewof,175–176
physicallayeroptions,172
Fiber-OpticInter-RepeaterLink(FOIRL),176
fiber-opticMAU(FOMAU),176
Fiber-PMDstandard,FDDIsublayers,224
FibreChannel
ANSIspecification,199
HSM,144–147
SANsusing,148–149
FileExplorer(Windows8),482
filepermissions
Unix,431
Windows,425
fileservers,313
![Page 646: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/646.jpg)
filesystems
filepermissions,425
folderpermission,424–425
LinuxOSs,380
NTFSpermissions,428–430
protectingwithsystempolicies,478–479
securing,421–422
Unixpermissions,430–431
userandgrouppermissions,426–428
WindowsOSs,356–357
Windowssecuritymodel,422–424
FileTransferProtocol.SeeFTP(FileTransferProtocol)
files
backingupopenfiles,513
encryption,459
HSM.SeeHSM(hierarchicalstoragemanagement)
systempolicies,476
workingwithLinuxfiles,383
filters
backup,511
data,491–492
FINcontrol,TCPconnectiontermination,280–281
firewalls
circuit-levelgateways,445
combiningtypesof,445
NAT,444
overviewof,442–443
packetfilters,443–444
proxyservers,444
FireWire(IEEE1394),498,500–501
flowcontrol
full-duplexEthernet,188
![Page 647: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/647.jpg)
TCP,280
attransportlayer,29
flowlabel,IPv6,264
FLP(100Baselinkpulse),autonegotiationsystemand,194–195
FM(frequencymodulated)signals,physicallayer,20
foiltwisted-pair(FTP),92
FOIRL(Fiber-OpticInter-RepeaterLink),176
folders
encryption,459
Windowspermissions,424–425
FOMAU(fiber-opticMAU),176
forestrootdomain,368
forests,ActiveDirectory
overviewof,367–368
planning,375–376
forwarders,DNS,294
FQDN(fullyqualifieddomainnames),DNS,287
fractionalT-1service,120
FRADs(frame-relayaccessdevices),127–129
fragmentation
lackinginLinuxOSs,383
atnetworklayer,26
ofpackets,70
framechecksequence.SeeFCS(framechecksequence)
framerelay
hardware,127–129
messaging,129–130
overviewof,127
virtualcircuits,129
frame-relayaccessdevices(FRADs),127–129
frames
in100VG-AnyLAN,203–205
![Page 648: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/648.jpg)
802.11datalinklayer,108–110
802.11physicallayer,106–108
802.3standard,181–183
dataencapsulationand,15–17
EthernetIIframeformat,183
LCPframeinPPP,248–250
MTUs(maximumtransferunits),61
PPP,247–248
roleofNICsinconstructing,40
TokenRing,218
writingdatatotapedrives,509
FreeBSD,397–398
frequency-hoppingspectrum(FHSS),physicallayer
frame,106–107
overviewof,104–106
frequencymodulated(FM)signals,physicallayer,20
frequencyoffset,OFDMsensitivityto,105
front-endarchitecture,cloudcomputing,402–403
ftpcommand,Unix,392,418
FTP(FileTransferProtocol)
applicationprotocolsofTCP/IPsuite,237
commands,326–328
datatransfer,277
messaging,331–332
replycodes,329–331
servers,325–326
Unixand,389
userauthentication,431–432
FTP(foiltwisted-pair),92
full-disk(wholedisk)encryption,459
full-duplexEthernet
applications,188
![Page 649: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/649.jpg)
flowcontrol,188
overviewof,186–187
requirementsfor,187
fullduplexsystems
NICfeatures,41–42
TCPas,275
fullmeshtopology,159–160
fullyqualifieddomainnames(FQDN),DNS,287
G
gateways
application-level,444
circuit-level,445
GDI(GraphicalDeviceInterface),inWindowsOSs,351
genericflowcontrol(GFC),ATMcells,133
GFC(genericflowcontrol),ATMcells,133
giantpackets,troubleshootingEthernet,201
GigabitEthernet
architectureof,196
backbonespeedand,157
cablecategoriesand,88–89
full-duplexoperationand,187
GMII,198
asLANprotocol,144
mediaaccesscontrol,196–198
overviewof,196
physicalcodingsublayer,198
physicallayeroptions,199–200
physicalmediumsublayers,199
selectingnetworkspeed,155
gigabitmedium-independentinterface(GMII),198
globalcatalogserver,ActiveDirectory,369
![Page 650: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/650.jpg)
globaldomains,287
globalunicastaddresses,IPv6,265
globallyuniqueidentifier(GUID)
assignedtoobjects,364
overviewof,366
GMII(gigabitmedium-independentinterface),198
Google,earlycloudproviders,400
GraphicalDeviceInterface(GDI),inWindowsOSs,351
grouppolicies,Windows,359–360
groups
Unixpermissions,431
Windowspermissions,426–428
GUID(globallyuniqueidentifier)
assignedtoobjects,364
overviewof,366
H
HAL(hardwareabstractionlayer),348
half-duplexEthernet,186
handshakes,ISDNcommunications,123
harddiskdrives(HDDs),498
hardware
backup,497
clusternetworking,142–143
clusterstorage,143
framerelay,127–129
ISDN,123–124
leased-line,119–120
multiprocessing,140
Unixrequirements,387
hardwareabstractionlayer(HAL),348
hardwareaddresses.SeeMACaddresses
![Page 651: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/651.jpg)
HDDs(harddiskdrives),498
HDSL(high-bit-ratedigitalsubscriberline)
deployedbylocaltelephonecarriers,124–125
leased-linehardware,120
headerfields
DNS,301–303
HTTP,319–322
IP,256–259
IPv6,263–264
LLCsublayer,184–185
TCP,273–274
UDP,271–272
heartbeats,servercluster,142
hierarchicalstar,cablingpattern,7
hierarchicalstoragemanagement.SeeHSM(hierarchicalstoragemanagement)
high-bit-ratedigitalsubscriberline(HDSL)
deployedbylocaltelephonecarriers,124–125
leased-linehardware,120
homenetworks
risksrelatedtounsecuredhomenetworks,457–458
securingwirelessnetworks,453–455
horizontalnetworks.Seesegments
hosttables
overviewof,283
problemswith,284
hosts,IPaddressesidentifyingnetworkhosts,238
hotfixes,Windowsupdates,347
hotswappabledrives,RAID,502
hotspots
creating,98
wirelessaccesspoints,450
HSM(hierarchicalstoragemanagement)
![Page 652: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/652.jpg)
FibreChannelnetworking,144–147
networkstoragesubsystems,147–149
overviewof,143–144
HTML(HypertextMarkupLanguage)
foundingofWorldWideWeband,399
overviewof,318
webserversand,313
HTTP(HypertextTransferProtocol)
datatransfer,277
headers,319–322
overviewof,318
requests,318–319
responses,322–325
webserversand,313
hubs
in10Base-Tnetworks,175
in100Basenetworks,191–193
branchingtreeconfigurationof,212
configurations,53
connectingusingcrossovercables,175
DACs(dualattachmentconcentrators),221
inhierarchicalstartopology,7
MAUs(multistationaccessunits),52–53
modular,55
overviewof,50
passive,50
repeating,active,andintelligent,51–52
stackable,54–55
instartopology,6
uplinkport,53–54
hybridcloud,405
HypertextMarkupLanguage.SeeHTML(HypertextMarkupLanguage)
![Page 653: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/653.jpg)
HypertextTransferProtocol.SeeHTTP(HypertextTransferProtocol)
I
I/OManager,inWindowsOSs,351
IaaS(infrastructureasaservice),cloudservicemodels,405–406
IANA(InternetAssignedNumbersAuthority)
registeringIPaddresses,240–241
well-knownports,244
IBMCablingSystem(ICS)TypeI,TokenRing,210
IBMdataconnectors(IDCS),210
IBSS(independentbasicserviceset),102
ICANN(InternetCorporationforAssignedNamesandNumbers)
counteractingcybersquatting,289
domainregistration,288
ICMP(InternetControlMessageProtocol)
fordiagnosticsanderrorreporting,237
errormessages,266–270
overviewof,266
querymessages,270–271
routingand,70–71
ICS(IBMCablingSystem)TypeI,TokenRing,210
IDCS(IBMdataconnectors),210
IEEE802.1d(spanningtreealgorithm),56
IEEE802.2standard,183
IEEE802.3standard
100VG-AnyLANusing802.3frames,204
Ethernetframeformat,181–183
EthernetIIcomparedwith,167–168
fiber-opticalternatives,176
full-duplexEthernetin802.3xsupplement,186
GigabitEthernetdefinedin802.3zsupplement,196
historyof,166–167
![Page 654: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/654.jpg)
linksegmentsandmixingsegments,176
physicallayerspecifications,19
IEEE802.5(TokenRing)
100VG-AnyLANusing802.5frames,204
comparingTokenRingandEthernet,209
IEEE802.11standard
amendments,106
datalinklayer,110–113
physicallayerframes,106–108
physicallayermedia,101–106
physicallayertopologies,101–104
wirelessLAN,100
IEEE802.12standard(100VG-AnyLAN),202
IEEE1394(FireWire)standard,498,500–501
IEEE(InstituteofElectricalandElectronicEngineers)
historyof,166–167
MACaddresses,23
networkingstandards,10
registryofNICmanufacturers,41
shorthandidentifiersforEthernetnetworks,167–168
IETF(InternetEngineeringTaskForce)
Kerberosprotocol,432–433
networkingstandards,11
NFSstandard,393
objectnamingconventions,365
roleindevelopmentofdomainnamesystem,284–285
IMAP(InternetMessageAccessProtocol)
incomingemailserver,333–334
overviewof,341–342
in-transitencryption,460
incrementalbackups,511–513
independentbasicserviceset(IBSS),102
![Page 655: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/655.jpg)
indicationprimitives,facilitatingcommunicationbetweenOSIlayers,31
IndustryStandardArchitecture(ISA)bus,45–46
informationformat,LLCcontrolfield,185
infrared,physicallayer
frame,107
overviewof,104–106
infrastructureasaservice(IaaS),cloudservicemodels,405–406
infrastructuretopology
settingupwirelessaccesspoints,451
WLANs,101
initialsequencenumber(ISN),TCP,274
installingLinuxOS,381
InstituteofElectricalandElectronicEngineers.SeeIEEE(InstituteofElectricalandElectronicEngineers)
integralsubsystems,inWindowsOSs,351
IntegratedServicesforDigitalNetworks.SeeISDN(IntegratedServicesforDigitalNetworks)
interference,wirelessnetworksand,98
interframegapshrinkage,incalculatingnetworkperformance,178–179
interiorgatewayroutingprotocols,71
intermediatesystems,inrouting,261
international(county-code)domains,289
InternationalOrganizationforStandardization.SeeISO(InternationalOrganizationforStandardization)
Internet
leasedlineapplication,120–121
PSTNlinesusedfor,118
InternetAssignedNumbersAuthority(IANA)
registeringIPaddresses,240–241
well-knownports,244
InternetControlMessageProtocol.SeeICMP(InternetControlMessageProtocol)
InternetCorporationforAssignedNamesandNumbers(ICANN)
counteractingcybersquatting,289
![Page 656: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/656.jpg)
domainregistration,288
InternetEngineeringTaskForce.SeeIETF(InternetEngineeringTaskForce)
InternetMessageAccessProtocol(IMAP)
incomingemailserver,333–334
overviewof,341–342
InternetProtocolControlProtocol(IPCP)
connectionestablishmentinPPP,253
IPCPframeinPPP,250–251
Internetserviceproviders(ISPs),241
Internetservices
e-mail,332
e-mailaddressing,332–333
e-mailclientsandservers,333–334
FTPcommands,326–328
FTPmessaging,331–332
FTPreplycodes,329–331
FTPservers,325–326
HTML,318
HTTP,318
HTTPheaders,319–322
HTTPrequests,318–319
HTTPresponses,322–325
IMAP,341–342
MIME,337–339
overviewof,313
POP3,339
POP3authorizationstate,339–340
POP3transactionstate,340
POP3updatestate,341
SMTP,334
SMTPcommands,334–336
SMTPreplies,336–337
![Page 657: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/657.jpg)
SMTPtransactions,337
webserverfunctions,314–317
webservers,313
internetworkdesign
backbonefaulttolerance,157–158
backboneoptions,157
connectingtoremotenetworks,159
datacenters,161–162
finalizing,162
locatingequipment,160
overviewof,155
planninginternetaccess,160
segmentsandbackbones,155–157
selectingbackboneLANprotocol,158–159
selectingWANprotocol,159–160
wiringclosets,161
internetworks,LANsand,8–9
interruptrequestline(IRQ),NICsrequiring,47
intersitereplication,372
intrasitereplication,371–372
invasiontools,wirelessnetworks,458–459
IPaddresses
classes,240–241
comparingIPv4withIPv6,238
configuringwirelessrouters,451
functionsofIPprotocol,256
IPversions,237
IPv4,237–239
IPv4addressclasses,240
IPv6,263–264
IPv6addressstructure,265
IPv6addresstypes,264–265
![Page 658: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/658.jpg)
networkaddressing,8
inpacketdelivery,256
registering,239–240
resolvingdomainnamesto,294–296
resolvingMACaddressesto,237
reversenameresolution,297
specialaddresses,241–242
subnetmasks,239
subnetting,242–243
unregisteredaddresses,241
IP(InternetProtocol)
addressing,256
defined,237
fragmentingdatagrams,259–260
headerfields,256–259
overviewof,255–256
packagingdatagrams,256
routersand,63
routing,25,261–262
versions,237
ipconfigcommand,490
IPCP(InternetProtocolControlProtocol)
connectionestablishmentinPPP,253
IPCPframeinPPP,250–251
IPsec
AuthenticationHeaderprotocol,438–439
EncapsulatingSecurityPayloadprotocol,439–440
encryptionand,460
overviewof,436–437
IRQ(interruptrequestline),NICsrequiring,47
ISA(IndustryStandardArchitecture)bus,45–46
ISDN(IntegratedServicesforDigitalNetworks)
![Page 659: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/659.jpg)
communications,122–123
DSLspeedvs.,124
hardware,123–124
overviewof,121–122
routerapplications,64
services,122
SONETatphysicallayerofbroadband,136
ISN(initialsequencenumber),TCP,274
ISO(InternationalOrganizationforStandardization)
networkingstandards,10
roleindevelopmentofOSImodel,13
sessionlayerprotocols,30
ISPs(Internetserviceproviders),241
ITU-T(TelecommunicationsStandardizationSectorofInternationalTelecommunicationsUnion)
roleindevelopmentofOSImodel,13
X.509standardforcertificates,435
J
jabbering
malfunctioningnetworkinterface,170
troubleshootingEthernet,201
jampatterns,collisionsand,169
jitter,TokenRingmonitorsreducing,216
journaling,LinuxOSs,383
K
KCC(KnowledgeConsistencyChecker),371–372
KDC(KeyDistributionCenter),433–434
Kerberos
authenticationmechanisms,432–433
ticketexchangeinauthentication,433–434
kernelmodecomponents,Windows,348–351
![Page 660: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/660.jpg)
kernelmodule,Unix,387
KeyDistributionCenter(KDC),433–434
keys,Windowsregistry,357
KnowledgeConsistencyChecker(KCC),371–372
Kornshell(ksh),Unix,388
L
labels,DNSnamenotation,305
LAMs(lobeattachmentmodules),TokenRing,212
LANs(localareanetworks)
datacentersjoining,161–162
firewallsand,442
internetworks,8–9
overviewof,3–4
routerapplicationsand,64
selectingbackboneLANprotocol,158–159
WANbridges/routersconnectionsto,113–114
wideareanetworkscomparedwith,9–10
wireless.SeeWLANs(wirelessLANs)
workgroups,5
LAPD(LinkAccessProcedureforDChannel),123,129
LAPF(LinkAccessProcedureforFrame-modeBearerServices),129
laptopcomputers,NICselectionand,46
last-miletechnologies,ISDNandDSL,121
late(out-of-window)collisions,171,201
latencybuffer,inTokenRing,216
latency,minimizingduringdirectoryreplication,371
Layer3switching,76–77
Layer4switching,77
LC(localorLucentconnector),usewithfiber-opticcable,94
LCP(LinkControlProtocol),248–250
LCW(linkcodeword),195
![Page 661: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/661.jpg)
LDAP(LightweightDirectoryAccessProtocol)
DNnotation,366
objectnamingconventions,365
workingwithActiveDirectory,363
leafobjects,ActiveDirectory,364–365
learningbridges.Seetransparentbridging
leasedlines,WANs
applications,120–121
hardware,119–120
overviewof,118–119
typesof,119–120
legacydevices,49
lengthfield,inEthernetframe,182
LightweightDirectoryAccessProtocol.SeeLDAP(LightweightDirectoryAccessProtocol)
linearaccess,onmagnetictape,507
LinkAccessProcedureforDChannel(LAPD),123,129
LinkAccessProcedureforFrame-modeBearerServices(LAPF),129
linkcodeword(LCW),195
LinkControlProtocol(LCP),248–250
LinkDeadphase,PPPconnections,251
link-localaddresses,IPv6,265
LinkOpenphase,PPPconnections,253
linkqualitymonitoring,PPPconnections,252
linksegments
connectingbus,54
IEEE802.3standardforsegments,176
LinkTerminationphase,PPPconnections,253
LinuxOSs
advantages/disadvantages,378–379
bootingandloggingout,381
commands,381–383
directorystructure,381
![Page 662: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/662.jpg)
distributions,377–378
drivemappings,469–470
filesystem,380
hostsfile,283
installation,381
overviewof,377
routingtables,67
selectingcomputersforSOHOdesign,153–154
settingenvironmentvariables,468
workingwithfiles,383
LLC(logicallinkcontrol)sublayer
100VG-AnyLANsublayers,203
applications,186
GigabitEthernet,196
headerfields,184–185
IEEE802.3standard,167
overviewof,183–184
loadbalancing
backbonesand,158
DNS,296
serverclusteringfor,141–142
lobeattachmentmodules(LAMs),TokenRing,212
lobecable,TokenRing,210
localareanetworks.SeeLANs(localareanetworks)
LocalGroupPolicyEditor,475
localorLucentconnector(LC),usewithfiber-opticcable,94
localprocedurecall(LPC)facility,inWindowsOSs,350–351
LocalSecurityAuthority(LSA),Windowssecuritymodel,422
logical(collapsed)ring,TokenRing,210
logicallinkcontrolsublayer.SeeLLC(logicallinkcontrol)sublayer
logicaltopology,physicaltopologycomparedwith,8
login/logout,Linux,381
![Page 663: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/663.jpg)
login,Windows,422
logs
CommonLogFileformat,315–316
eventlogs,515–516
ExtendedLogFileformat,316
Windowssecuritymodel,422
looptopology,FibreChannelnetwork,145
loopbackstate,TokenRingMAUs,212
LPC(localprocedurecall)facility,inWindowsOSs,350–351
LSA(LocalSecurityAuthority),Windowssecuritymodel,422
![Page 664: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/664.jpg)
M
MACaddresses
datalinklayerand,23
inEthernetframe,182
networkaddressing,8
partsinassigning,41
resolvingtoIPaddresses,237
risksrelatedtounsecuredhomenetworks,458
MAC(mediaaccesscontrol)
100VG-AnyLANsublayers,203–204
comparingTokenRingandEthernet,209
CSMA/CDand,166
FDDIsublayers,224–228
frames,108–110
forfull-duplexflowcontrol,188
GigabitEthernet,196–198
IEEE802.3standard,167
networkingand,8
NICfunctions,40
overviewof,110–111
physicallayerspecifications,19
securingbusinessnetworks,455
securinghomenetworks,454
Macintoshclients
connectingtoWindowsnetworks,415–418
overviewof,415
MacintoshOSs
mappingWindowsdrivein,470
routingtables,67
selectingcomputersforSOHOdesign,153–154
settingenvironmentvariables,468
![Page 665: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/665.jpg)
magnetictape
capacity,508–509
driveinterfaces,507–508
drives,507
planningbackups,497
writeerrors,510
mailexchanger(MX)
DNSresourcerecords,292
emailaddressingand,333
mainframecomputers,399
malware
anti-malware,456
risksrelatedtounsecuredhomenetworks,458
management
gettingapprovalfornetworkdesign,153
tools.Seeutilities
managementframes,802.11atMAClayer,108–110
Manchesterencodingscheme
Ethernetsignals,210
overviewof,21
mandatoryprofiles
creating,473
defined,470
MANs(metropolitanareanetworks),10
mapping
diskdrives,468–470
transportlayerservicestonetworklayerservices,28
massivelyparallelprocessing(MPP),140
masterserver,DNSservers,300
matrixswitching,hardwareconfigurationforswitches,74
MAUs(mediumattachmentunits).Seealsotransceivers
fiber-optic(FOMAU),176
![Page 666: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/666.jpg)
forThickNetcabling,173
MAUs(multistationaccessunits)
cablingTokenRingnetworks,50
comparedwithhubs,52–53
systemcapabilityforjoiningTokenRing,214–215
inTokenRing,210–213
maximumcollisiondiameter,Ethernetcablingand,177
maximumsegmentsize(MSS),TCP,277–278
maximumtransferunits.SeeMTUs(maximumtransferunits)
MDI(mediumdependentinterface)
100VG-AnyLAN,206
connectingMAUtocable,173
MDI(multiple-documentinterface),loadingmultipleMMCsnap-ins,372
media
physicallayer,101,104–106
rotatingbackupmedia,514–515
mediaaccesscontrol.SeeMAC(mediaaccesscontrol)
mediumdependentinterface(MDI)
100VG-AnyLAN,206
connectingMAUtocable,173
medium-independentinterface(MMI)sublayers,206
memory,purchasingserver,139
messageformat,DNS,301
messagenotation,DNS,305–307
messages,PDUsatapplicationlayer,17
messaging,framerelay,129–130
metropolitanareanetworks(MANs),10
MicrosoftManagementConsole(MMC)
creating/configuringsites,373–375
managingActiveDirectory,372–373
MicrosoftServicesforMacintosh,418
Microsofttechnicalsupport,347–348
![Page 667: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/667.jpg)
middleware,cloudcomputingand,404
MIME(MultipurposeInternetMailExtension)
contenttypes,339
encodingdataforinclusioninemailmessages,337–339
mirroreddisk,clusterstoragehardware,143
mixingsegments
connectingbus,54
IEEE802.3standard,176
MLT-3(Multi-LevelTransition),225
MMC(MicrosoftManagementConsole)
creating/configuringsites,373–375
managingActiveDirectory,372–373
MMI(medium-independentinterface)sublayers,206
mobiledevices,securing,456–457
modularhubs
hubconfigurations,53
overviewof,55
monitors,TokenRing
contention,216
monitorsettingbit,213
overviewof,216–218
mountcommands,Unix,395
mountingremotefilesystems,393
MPP(massivelyparallelprocessing),140
MPR(multiproviderrouter),WindowsOSs,354–355
MS-DOS,412
MSAs(multisourceagreements),LCCsublayerfunctions,184
MSAU(multistationaccessunit),inringtopology,6
MSS(maximumsegmentsize),TCP,277–278
MTUs(maximumtransferunits)
datagramfragmentingand,259
framesizeand,61
![Page 668: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/668.jpg)
translationalbridgingand,62
Multi-LevelTransition(MLT-3),225
multicastaddresses
ClassDIPaddresses,241
inEthernetframe,182
IPv6,264
multihomedsystems
defined,63
IPaddressesand,238
multimasterdatasynchronization,370–371
multimodefiber-opticcable,93–94,145
multipleaccessphase,inCSMA/CD,169
multiple-documentinterface(MDI),loadingmultipleMMCsnap-ins,372
multiple-layerswitching,77
multiplemasterreplication,deployingActiveDirectory,370
multipleUNCprovider(MUP),Windows,354
multipointrepeaters,Ethernethubs,51
multiportrepeaters,starnetworksand,9
multiproviderrouter(MPR),WindowsOSs,354–355
MultipurposeInternetMailExtension(MIME)
contenttypes,339
encodingdataforinclusioninemailmessages,337–339
multisourceagreements(MSAs),LCCsublayerfunctions,184
multistationaccessunit(MSAU),inringtopology,6
multistationaccessunits.SeeMAUs(multistationaccessunits)
MUP(multipleUNCprovider),Windows,354
MX(mailexchanger)
DNSresourcerecords,292
emailaddressingand,333
N
NaaS(networkasaservice),cloudservicemodels,408
![Page 669: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/669.jpg)
nameregistration,DNS,299–300
nameresolution.SeealsoDNS(DomainNameSystem)
messages,307–309
process,294–296
reversenameresolution,297–298
nameserver(NS),DNSresourcerecords,292
NAS(networkattachedstorage)
backuphardware,497
backups,506–507
defined,144
overviewof,147–148
NAT(networkaddresstranslation)
firewallsand,442
IPfeatures,237
overviewof,444
NationalCenterforSupercomputingApplications(NCSA),315–316
NationalInstituteofStandardsandTechnology(NIST),406
NAUN(nearestactiveupstreamneighbor),TokenRing,217
NAV(networkallocationvector),CSMA/CA,111
NCPs(NetworkControlProtocols),inPPP,250–251,253
NCSA(NationalCenterforSupercomputingApplications),315–316
NDIS(NetworkDriverInterfaceSpecification)
Macdrivers,353
Windowsdrivers,413–414
Windowsnetworkingand,352–353,411–412
wrapper,353
near-endcrosstalk,DSLservice,124
nearendcrosstalk(NEXT),cablecategoriesand,88
nearestactiveupstreamneighbor(NAUN),TokenRing,217
nearlinestorage,HSM,143
negativecaching,DNSservers,296
NETcommands,WindowsOSs
![Page 670: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/670.jpg)
fromcommandprompt,485
drivemappingwithNETUSE,468–469
listof,484
overviewof,482–483
NetBEUI(NetBIOSExtendedUserInterface)
sessionlayerprotocols,30
Windowsnetworkingarchitecturebasedon,412
NetBIOS(NetworkBasicInput/OutputSystem)
APIsthatworkwithWindowsOSs,355
comparingDNSandActiveDirectory,368
sessionlayerprotocols,30
NetBSD,398
netstatcommand
displayingnetworktrafficstatisticswith,488–490
displayingroutingtables,67
NetWareclients,415
networkadapters
integrated,46
wireless,447
networkaddresstranslation.SeeNAT(networkaddresstranslation)
networkadministration.Seeadministration
networkallocationvector(NAV),CSMA/CA,111
networkanalyzers
agents,492
analyzingprotocolswith,493
analyzingtrafficwith,492
overviewof,490–491
networkasaservice(NaaS),cloudservicemodels,408
networkattachedstorage.SeeNAS(networkattachedstorage)
NetworkBasicInput/OutputSystem.SeeNetBIOS(NetworkBasicInput/OutputSystem)
networkclients
accessingUnixsystems,418–419
![Page 671: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/671.jpg)
applicationsforUnixclients,418
connectingMacclientstoWindowsnetworks,415–418
Macclients,415
NDISdriversforWindowsclients,413–414
NetWareclients,415
overviewof,411
protocoldriversforWindowsclients,414
Unixclients,418
Windows7interface,419–420
Windows8interface,420
Windowsclientservices,414–415
Windowsclients,411–412
Windowsnetworkarchitecture,412–413
networkcommunicationsecurity.Seecommunicationsecurity
NetworkControlProtocols(NCPs),inPPP,250–251,253
NetworkDriverInterfaceSpecification.SeeNDIS(NetworkDriverInterfaceSpecification)
NetworkFileSystem.SeeNFS(NetworkFileSystem)
NetworkInformationCenter(NIC),maintainingregistryofhostnames,284
networkinterface
jabbering,170
NICselectionand,44
networkinterfaceadapters.SeeNICs(networkinterfacecards)
networkinterfacecards.SeeNICs(networkinterfacecards)
networklayer,ofOSImodel
connection-orientedandconnectionlessprotocols,26–27
fragmenting,26
ISDNcommunicationsat,123
overviewof,25
routing,25–26
networklayerprotocolconnectionestablishment,functionsofPPP,246
networkmedium,selectingforSOHOnetworkdesign,154–155
networksecurity.Seesecurity
![Page 672: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/672.jpg)
networksegments.Seesegments
networkstorageappliance
defined,147
NASand,506
networkstoragesubsystems
NAS,147–148
overviewof,147
SANs,148–149
Network-to-NetworkInterface(NNI),ATM,133
networkingstack.Seeprotocolstack
networks,introduction
addressing,8
basebandvs.broadband,4
cablesandtopologies,5–8
client-serverarchitecture,11
localareanetworks,3–4
mediaaccesscontrol,8
operatingsystemsandapplications,11–12
overviewof,3
packetswitchingvs.circuitswitching,4–5
protocolsandstandards,10–11
repeaters,bridges,switches,androuters,8–9
wideareanetworks,9–10
NEXT(nearendcrosstalk),cablecategoriesand,88
NFS(NetworkFileSystem)
NASusing,147–148
Unixclientsand,418–419
UnixOSs,393–395
NIC(NetworkInformationCenter),maintainingregistryofhostnames,284
NICs(networkinterfacecards)
addressingand,8
features,41–42
![Page 673: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/673.jpg)
functions,40–41
hardwareresourcerequirements,47–48
OUIs(organizationallyuniqueidentifiers),182
overviewof,39
selecting,43–46
TokenRing,211
wireless,447
NIST(NationalInstituteofStandardsandTechnology),406
NLP(normallinkpulse),194
NNI(Network-to-NetworkInterface),ATM,133
Non-ReturntoZeroInverted(NRZI),FDDIsignalingscheme,225
nonrepudiation,IPsecfeatures,437
normallinkpulse(NLP),194
NOSs(networkoperatingsystem)
ActiveDirectory.SeeAD(ActiveDirectory)
client-serverarchitectureand,11
cloud-based.Seecloud
historicalsystems,397–398
Linux.SeeLinuxOSs
Unix.SeeUnixOSs
Windows.SeeWindowsOSs
NRZI(Non-ReturntoZeroInverted),FDDIsignalingscheme,225
NS(nameserver),DNSresourcerecords,292
nslookuputility,490
NT1(NetworkTermination1),ISDN,123–124
NTFS
Linuxfilesystems,380
permissions,428–430
Windowsfilesystems,357
Windowsnetworkclients,411
O
![Page 674: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/674.jpg)
objecthandles,referencingobjectsinWindows,349–350
ObjectManager,349–350
objects
defined,364
naming,365–367
typesinActiveDirectory,364–365
WindowsObjectManager,349–350
octets,IPv4addresses,265
OFDM(orthogonalfrequencydivisionmultiplexing)
frame,107–108
overviewof,105–106
openfiles,backingup,513
OpenShortestPathFirst(OSPF),72
opensource
advantages/disadvantagesofLinux,379–380
LinuxOSs,377–378
OpenSystemsInterconnectionmodel.SeeOSI(OpenSystemsInterconnection)model
OpenBSD,398
operatingsystems.SeeOSs(operatingsystems)
OracleSolaris,398
organizationalunits(OUs),ActiveDirectorycontainerobjects,364
organizationallyuniqueidentifiers(OUIs),182
orthogonalfrequencydivisionmultiplexing(OFDM)
frame,107–108
overviewof,105–106
OSI(OpenSystemsInterconnection)model
applicationlayer,34–35
communicationbetweenlayersof,14
dataencapsulationand,14–16
datalinklayerof,22–24
encapsulationterminology,17–18
facilitatingcommunicationbetweenOSIlayers,30–31
![Page 675: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/675.jpg)
horizontalcommunication,16
networklayer,25–27
networkingprotocolsand,10
overviewof,13–14
physicallayerof,18–22
presentationlayer,33–34
sessionlayer,30–33
transportlayer,27–30
verticalcommunication,17
Windowsnetworkingarchitectureand,413
OSPF(OpenShortestPathFirst),72
OSs(operatingsystems)
administeringserver-based,464
networkoperatingsystems.SeeNOSs(networkoperatingsystem)
overviewof,11–12
OUIs(organizationallyuniqueidentifiers),182
OUs(organizationalunits),ActiveDirectorycontainerobjects,364
out-of-window(late)collisions,171,201
P
PaaS(platformasaservice),cloudservicemodels,406–407
packetbursting,GigabitEthernet,197
packetcollisions.Seealsocollisions,169
packetfiltering
defined,55–56
firewallsand,443–444
packetswitching
circuitswitchingcomparedwith,4–5
WANservices,126–127
packets
discarding,70
encapsulationterminology,17
![Page 676: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/676.jpg)
fragmentationof,70
IPaddressesforpacketdelivery,256
segmentationandreassemblyattransportlayer,29
understanding,4–5
padding
attainingallowablelengthofEthernetframe,182–183
GigabitEthernet,197
PAM(PulseAmplitudeModulation),in1000Base-T,200
PAP(PasswordAuthenticationProtocol),250
paralleldetection,autonegotiationsystemand,195
parallelprocessing,139–140
parallel/serialconversion,NICfunctions,40–41
ParallelTasking,NICfeatures,42
parity,RAIDvarietiesand,505–506
pass-throughservice
presentationlayer,33
UDPas,271
passivehubs,50
PasswordAuthenticationProtocol(PAP),250
passwords
risksrelatedtounsecuredhomenetworks,458
securinghomenetworks,453
vulnerabilities,459
patchcable,TokenRing,210
patchreleases,Windowsupdates,347
pathping,487
pause-time,full-duplexflowcontrol,188
payload,ATM,134
PBX(privatebranchexchange)
ISDNcommunicationsatdatalinklayer,123
leasedlines,118
PCI(PeripheralComponentInterconnect)bus,45–46
![Page 677: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/677.jpg)
PCS(physicalcodingsublayer),GigabitEthernet,198–199
PDUs(protocoldataunits)
dataencapsulationand,15,17
LCCsublayerfunctions,184
LLCcontrolfieldand,185
peer-to-peernetwork
802.11adhoctopologyoperatingas,102
Unixas,389
Windowsas,345
performance,calculatingperformanceoverEthernet,178–179
PeripheralComponentInterconnect(PCI)bus,45–46
permanentvirtualcircuits(PVC)
ATM,134
framerelay,129
permissions
filepermissions,425
filesystemsecurity,421–422
folderpermission,424–425
NTFS,428–430
Unix,430–431
userandgrouppermissions,426–428
Windowssecuritymodel,422–424
personalidentificationnumber(PIN),intoken-basedauthentication,435–436
phantomvoltage,TokenRingMAUs,212
phaselooplock(PLL)circuits,20
physicalcharacteristics,wiredvs.wirelessnetworks,99
physicalcodingsublayer(PCS),GigabitEthernet,198–199
physicalenvironment,accessingwirelessnetworks,98
physicallayer,OSImodel
100BaseEthernetoptions,189–191
802.11frames,106–108
802.11media,101–106
![Page 678: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/678.jpg)
802.11topologies,101–104
Ethernetguidelines,171–172
FDDIsublayer,224–225
FibreChannel,145
GigabitEthernetoptions,199–200
interfacebetweendatalinkandphysicallayers,198
overviewof,18–19
signaling,19–22
specifications,19
TokenRing,209–210
physicalmediumattachment(PMA),199
physicalmediumdependent.SeePMD(physicalmediumdependent)
physicalmedium-independent(PMI),203,205–206
physicalmediumsublayers,GigabitEthernet,199
physicaltopology,logicaltopologycomparedwith,8
PIN(personalidentificationnumber),intoken-basedauthentication,435–436
pingutility
ICMPand,266
implementingfromcommand-line,485–486
overviewof,483
parameters,486–487
Unixand,389
pipe(|),joiningtools,386
PKI(publickeyinfrastructure)
digitalcertificates,434–435
Kerberosand,432–433
overviewof,433–434
plainoldtelephoneservice.SeePOTS(plainoldtelephoneservice)
plaintext,risksrelatedtounsecuredhomenetworks,458
planning
internetworkdesign,160
networkdesign.Seedesigningnetworks
![Page 679: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/679.jpg)
platformasaservice(PaaS),cloudservicemodels,406–407
plenum,forcabling,80
PLL(phaselooplock)circuits,20
plug-and-play,NICselectionand,47
PMA(physicalmediumattachment),199
PMD(physicalmediumdependent)
100VG-AnyLANsublayers,203
FDDIsublayer,224–225
overviewof,199
PMI(physicalmedium-independent),203,205–206
pointofpresence.SeePOP(pointofpresence)
Point-to-PointProtocol.SeePPP(Point-to-PointProtocol)
point-to-pointprotocols
PPP.SeePPP(Point-to-PointProtocol)
SLIP.SeeSLIP(SerialLineInternetProtocol)
point-to-pointtopology,FibreChannelnetwork,145
polarsignaling,physicallayersignaling,21
policies
securingbusinessnetworks,455
Windowssecuritymodel,422
POP(pointofpresence)
frame-relayconnectiontonearest,127
ISDNandDSLusing,121
ISDNhardwareand,123
leasedlines,118
POP3(PostOfficeProtocolversion3)
authorizationstate,339–340
incomingemailserver,333–334
overviewof,339
transactionstate,340
updatestate,341
portablecomputing,NICselectionand,46
![Page 680: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/680.jpg)
ports
connectingworkstationstoFDDInetwork,222
TCP/IP,244
PostOfficeProtocolversion3.SeePOP3(PostOfficeProtocolversion3)
POTS(plainoldtelephoneservice)
DSLand,121,124–125
ISDNand,121
WANconnections,117–118
powersupplies
NICselectionand,47
purchasingservers,138
PPP(Point-to-PointProtocol)
authenticationprotocolsin,250
connectionestablishment,251–253
frameformat,247–248
LCPframein,248–250
forlinklayercommunication,237
networkcontrolprotocolsin,250–251
overviewof,246–247
selectingnetworkprotocol,154
preamble,inEthernetframe,181
presentationcontextidentifier,34
presentationlayer,ofOSImodel,33–34
PresentationServiceAccessPoint(PSAP),33
PRI(PrimaryRateInterface),ISDN,122
primarymasterrole,DNSservers,300
privatebranchexchange(PBX)
ISDNcommunicationsatdatalinklayer,123
leasedlines,118
privatecloud,405
privatekeys,433
ProcessandThreadManager,inWindows,350
![Page 681: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/681.jpg)
processes,WindowsOSs,349
processors
purchasingserver,139
usingmultiple,139–143
programmedI/O,fordatatransfer,40
programs,Unix,387–388
promiscuousmode
bridgesand,55
networkanalyzersand,194
riskofoperatingin,458
properties,cable,79–81
protocolanalyzers.Seenetworkanalyzers
protocoldataunits.SeePDUs(protocoldataunits)
protocolstack
OSImodel,13
overviewof,10
TCP/IPmodel,14
protocols
applicationlayer,34
ATMadaptionlayer,135
classesoftransportlayerprotocols,28
connection-orientedandconnectionless,26–27
datalinkprotocolinNICselection,43
defined,235
FibreChannel,144–145
networkingstandardsand,10–11
protocoldriverssupportingWindowsclients,414–415
routingprotocols,71–72
selectingbackboneLANprotocol,158–159
selectingforSOHOnetworkdesign,154
selectingWANprotocol,159–160
sessionlayer,30
![Page 682: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/682.jpg)
TCP/IPprotocolstack,236–237
topologiescontrastedwith,22
transportlayer,27–28
protocols,networking
Ethernet.SeeEthernet
FDDI.SeeFDDI(FiberDistributedDataInterface)
TokenRing.SeeTokenRing
proxyservers(application-levelgateways),444
PSAP(PresentationServiceAccessPoint),33
PSTN(publicswitchedtelephonenetwork),117–118
PTI(payloadtypeidentifier),ATMcells,133
PTR(pointer),DNSresourcerecords,292
publiccloud,404–405
publickeyinfrastructure.SeePKI(publickeyinfrastructure)
publickeys,433
publicswitchedtelephonenetwork(PSTN),117–118
PulseAmplitudeModulation(PAM),in1000Base-T,200
PVC(permanentvirtualcircuits)
ATM,134
framerelay,129
Q
QCLASSfield,DNSresourcerecords,306–307
QTYPEfield,DNSresourcerecords,305–306
quanta,full-duplexflowcontrol,188
quartetsignaling,in100VG-AnyLAN,202,205
querymessages,ICMP,270–271
Questionsection,ofDNSmessages,303
R
r*commands,Unix,390
RA(receiveraddress),MACframeaddressfield,110
![Page 683: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/683.jpg)
radiofrequency(RF),wirelessaccesspointsand,450
RADIUS(RemoteAuthenticationDial-InUserService),456
RADSL(rateadaptivedigitalsubscriberline),125
RAID0(diskstriping),503
RAID1(diskmirroringandduplexing),504
RAID2(HammingECC),504–505
RAID3(paralleltransferwithsharedparity),505
RAID4(independentdatadiskswithsharedparity),505
RAID5(independentdatadiskswithdistributedparity),505
RAID6(independentdatadiskswithtwo-dimensionalparity),505–506
RAID7(asynchronousRAID),506
RAID10(stripingofmirroreddisks),506
RAID(RedundantArrayofInexpensiveDisks)
backuphardware,497
overviewof,502–503
varietiesof,503–506
rangeextender,addingtorouteroraccesspoint,448
RapidSpanningTreeProtocol(RSTP),57
rateadaptivedigitalsubscriberline(RADSL),125
rcpcommand,Unix,391–392
RD(receivedata),53
RDN(relativedistinguishednames),365–367
reassembly,ofpacketsattransportlayer,29
receivedata(RD),53
receiveraddress(RA),MACframeaddressfield,110
recovery/restore.Seedisasterrecovery
redirect,ICMPerrormessages,269
redundancy,lackingincloudservices,402
RedundantArrayofInexpensiveDisks.SeeRAID(RedundantArrayofInexpensiveDisks)
referrals,DNS,293
ReFS(ResilientFileSystem),357
registry
![Page 684: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/684.jpg)
controllingworkstationregistry,474
keysandvalues,358
overviewof,357
registryeditors,360
registryeditors
lockingdownWindowsinterfacewithsystempolicies,478
RegistryEditor(regedit.exe),360
registryhive,userprofilesand,470–471
relativedistinguishednames(RDN),365–367
reliability,wiredvs.wirelessnetworks,99
remoteadministration,webservers,317
RemoteAuthenticationDial-InUserService(RADIUS),456
remotecommands,Unix,390–392,418
remotenetworks,connectingto,159
RemoteUpdate,deployingsystempolicies,479
repeatstate,TokenRing,215
repeatermediaaccesscontrol(RMAC),203–205
repeaters
addingtorouteroraccesspoint,448
defined,9
overviewof,49–50
repeating,active,andintelligenthubs,51–52
replayprevention,IPsec,437
replication.Seedirectoryreplication
replycodes
FTP,329–331
SMTP,336–337
requestforcomments(RFCs)
PPPstandards,247
TCP/IPstandards,236
requests,HTTP
overviewof,318–319
![Page 685: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/685.jpg)
requestheaderfields,320–321
ResilientFileSystem(ReFS),357
resolvers,DNS
generatingDNSqueries,293
overviewof,285
resourcerecords.SeeRRs(resourcerecords)
responses,HTTP
clienterrorcodes,324–325
informationalcodes,322–323
overviewof,322
redirectioncodes,323–324
responseheaderfields,321
servererrorcodes,325
successfulcodes,323
reversenameresolution,DNS,297–298
RF(radiofrequency),wirelessaccesspointsand,450
RFCs(requestforcomments)
PPPstandards,247
TCP/IPstandards,236
RG-8coaxialcable
runlengths,156
ThickNetusing,85,172
RG-58cable,ThinNetusing,85–86,173–174
RIF(routinginformationfield),sourceroutebridging,60,63
RII(routinginformationindicator),sourceroutebridging,60
ringerrormonitor,TokenRing,218
ringpolling,identifyingnearestTokenRingneighbor,217
ringtopology
cablingpatterns,6
double-ringinFDDI,221
selectingWANprotocolforinternetworkdesign,160
inTokenRing,209–210
![Page 686: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/686.jpg)
RIP(RoutingInformationProtocol),72
RJ-45connectors
networkinterfaceinNICselection,44
straightthroughwiringand,53
twistedpaircableusing,89
usewithhubs,50
rlogincommand,Unix,390–391
RMAC(repeatermediaaccesscontrol),203–205
roamingprofiles
creating,472–473
defined,470
rootbridges,56
rootnameservers,DNS
discovery,309–310
overviewof,294
rootpartition,Linux,383
rootpathcosts,56
round-tripsignaldelaytime
in100BaseEthernet,193–194
calculating,178–179
round-triptime,TCP,280
routecommand
creatingstaticentriesinroutingtable,68
displayingroutingtables,67
viewing/workingwithroutingtables,488
routeselection,69
RouterAdvertisement,ICMPquerymessages,270–271
RouterSolicitation,ICMPquerymessages,270
routers
applications,64–65
connectingLANstoWANs,113–114
defined,9
![Page 687: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/687.jpg)
functions,65–66
handlingdatagramfragments,260
InternetControlMessageProtocolroutingfunctions,70–71
overviewof,63
packetmanagement,70
passingtrafficbetweennetworks,238–239
routeselection,69
routingprotocols,71–72
routingtables,66–68
routingvs.switching,75
staticanddynamicrouting,68–69
routers,wireless
configuring,451–453
overviewof,448
securing,456
typesof,448–450
routing
ICMPand,70–71
atnetworklayer,25–26
overviewof,261–262
protocols,71–72
routeselection,69
staticanddynamic,68–69
RoutingandRemoteAccessServer,69
routinginformationfield(RIF),sourceroutebridging,60,63
routinginformationindicator(RII),sourceroutebridging,60
RoutingInformationProtocol(RIP),72
routingtables
overviewof,66
parsing,67–68
viewing/workingwith,488
WindowsorLinuxsystems,67
![Page 688: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/688.jpg)
RPCprocedures,inNFSversions,394
RRs(resourcerecords)
emailaddressingand,333
ResourceRecordsectionofDNSmessage,303–305
typesof,292–293,305–306
rshcommand,Unix,391
RSTP(RapidSpanningTreeProtocol),57
RTS(request-to-send)messages,CSMA/CA,111
runtpackets
defined,171
troubleshootingEthernet,201
S
S-DISCONNECTprimitive,32
S-EXPEDITEDprimitive,32
S-RELEASEprimitive,32
S-SYNC-MAJORprimitive,33
S-SYNC-MINORprimitive,32
S-TOKEN-GIVEprimitive,32
S-TOKEN-PLEASEprimitive,32
SA(sourceaddress)
inEthernetframe,181
MACframe,110
SaaS(softwareasaservice),cloudservicemodels,407–408
Salesforce.com,earlycloudproviders,399–400
SAM(SecurityAccountsManager),422–424
SANs(systemareanetworks)
defined,144
FibreChannelassociationwith,144
overviewof,148–149
serverclustering,142
SAR(segmentationandreassemblylayer),ATMadaptionlayer,135
![Page 689: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/689.jpg)
SASs(single-attachmentstations),FDDItopology,221–223
SC(subscriber,standard,orSiemonconnector),usewithfiber-opticcable,94
scalability,advantages/disadvantagesofLinux,378–379
schedulingbackups,514
screenedsubnetfirewalls,445
ScTP(screenedtwistedpair),92
SDH(SynchronousDigitalHierarchy),136
SDSL(symmetricaldigitalsubscriberline),125
SEAL(SimpleandEfficientAdaptationLayer),135
second-leveldomains,289–290
secondary(slave)masterrole,DNSservers,300
secretkeycryptography,433
secureshellcommands,Unix,392
SecureSocketsLayer.SeeSSL(SecureSocketsLayer)
security
AuthenticationHeaderprotocol,438–439
circuit-levelgateways,445
communicationsecurity,436
digitalcertificates,434–435
disadvantagesofcloudcomputing,401
EncapsulatingSecurityPayloadprotocol,439–440
filepermissions,425
filesystemsecurity,421–422
firewalls,442–443,445
folderpermission,424–425
FTPuserauthentication,432
IPsec,436–437
Kerberosprotocolfor,432–433
NAT,444
NTFSpermissions,428–430
overviewof,421
packetfilters,443–444
![Page 690: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/690.jpg)
PKI,433–434
proxyservers,444
SSL,440–442
token-basedandbiometricauthentication,435–436
Unixfilesystempermissions,430–431
userandgrouppermissions,426–428
userauthentication,431–432
Windowssecuritymodel,422–424
wiredvs.wirelessnetworks,99
SecurityAccountsManager(SAM),422–424
securityextensions,IPv6,264
securityidentifiers(SIDs),350
securitypolicies,455
SecurityReferenceMonitor,inWindowsOSs,350
security,wireless
encryptionand,459–461
invasiontoolsandvulnerabilities,458–459
risksrelatedtounsecuredhomenetworks,457–458
securingbusinessnetwork,455–456
securinghomenetwork,453–455
securingmobiledevices,456–457
securingwirelessrouters,456
segmentationandreassemblylayer(SAR),ATMadaptionlayer,135
segmentation,ofpacketsattransportlayer,29
segments
bridgeloops,58–59
cables,4
Ethernetoptions,176
ininternetworkdesign,155–157
IPv6addressstructure,265
mixingandlinksegments,54
TCP,17,272
![Page 691: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/691.jpg)
self-timing,physicallayersignaling,21
sequences
FibreChannelcommunications,146
TCP,17,272
SerialLineInternetProtocol.SeeSLIP(SerialLineInternetProtocol)
Serverservice,WindowsOSs,355
servers,333–334
administeringserver-basedapplications,464–465
administeringserver-basedoperatingsystems,464
client-serverarchitecture,11
DNS.SeeDNSservers
FTP,325–326
hierarchicalstoragemanagement.SeeHSM(hierarchicalstoragemanagement)
HTTPservererrorcodes,325
Internetservers,313
multiprocessing,139–143
NAS,147–148
NICselectionand,48
overviewof,137
purchasing,137–139
SAN,148–149
webservers,313–317
serviceclasses,FibreChannel,146–147
service-dependentfiltering,packetfilters,443
service-independentfiltering,packetfilters,443
servicepacks,Windows,347
servicerequestprimitives,30–33
servicesetidentifier.SeeSSID(servicesetidentifier)
services
Internet.SeeInternetservices
ISDN,122
WANswitching,125–127
![Page 692: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/692.jpg)
services,WindowsOSs
NDIS,352–353
overviewof,352
Serverservice,355
TDI,353–354
Workstationservice,354–355
sessionlayer,ofOSImodel
dialogcontrol,31–32
dialogseparation,32–33
overviewof,30–31
SessionServiceAccessPoint(SSAP),33
shareddisk,clusterstoragehardware,143
sharedmemory
datatransfertechnologies,40
hardwareconfigurationforswitches,75
sharednothing,clusterstoragehardware,143
shells,Unix
overviewof,387–388
secureshellcommands,392
shieldedcables,81
shoe-shinning,delayinwritingdatatotapedrives,509
shortcuttrusts,betweenchilddomains,376
SIDs(securityidentifiers),350
signalbooster,addingtorouteroraccesspoint,448
signalqualityerrors(SQE),169
signalederrors,errordetectionattransportlayer,29
SimpleandEfficientAdaptationLayer(SEAL),135
SimpleMailTransferProtocol.SeeSMTP(SimpleMailTransferProtocol)
SimpleNetworkManagementProtocol(SNMP),52
single-attachmentstations(SASs),FDDItopology,221–223
single-bandrouters,448–449
singlemasterreplication,370
![Page 693: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/693.jpg)
singlemodefiber-opticcable,93–94,145
sitelinkbridgeobjects,374
sitelinkobjects,374
sites,ActiveDirectory
creating/configuring,373–375
intersitereplication,372
intrasitereplication,371–372
overviewof,370–371
slidingwindowflowcontrol,TCP,280
SLIP(SerialLineInternetProtocol)
forlinklayercommunication,237
overviewof,245–246
shortcomingsof,246
slottime(contentiontime),collisionsand,169
slowhopsystem,802.11FHSS,105
smalloffice/homeofficenetworkdesign
overviewof,153
selectingcomputers,153–154
selectingnetworkmedium,154–155
selectingnetworkspeed,155
selectingprotocols,154
smartcards,fortoken-basedauthentication,435–436
SMP(symmetricmultiprocessing)
hardwareandsoftware,140–141
overviewof,140
SMT(stationmanagement)layer,FDDI,224,228–231
SMTP(SimpleMailTransferProtocol)
applicationprotocolsofTCP/IPsuite,237
commands,334–336
overviewof,334
receivingoutgoingemailmessagesvia,333–334
replies,336–337
![Page 694: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/694.jpg)
supportforsitelinks,374
transactions,337
snap-ins,MMC,372–373
SNAP(SubnetworkAccessProtocol),186
SNMP(SimpleNetworkManagementProtocol),52
SOA(startofauthority),DNSresourcerecords,292
sockets,combiningIPaddressandport,244
software
forbackups,510–513
multiprocessing,140
softwareasaservice(SaaS),cloudservicemodels,407–408
SOHOdesign.Seesmalloffice/homeofficenetworkdesign
SONET(SynchronousOpticalNetwork),136
sortcommand,Unix,386
sourceaddress(SA)
inEthernetframe,181
MACframe,110
sourcequench,ICMPerrormessages,269
sourceroutebridging
bridgingEthernetandTokenRingnetworks,62
overviewof,60–61
SRT(sourceroutetransparent)bridging,63
sourceroutetransparent(SRT)bridging,63
sourcerouting,pingutilityand,487
sourceserviceaccesspoint(SSAP),184
spam,458
spanningtreealgorithm(STA),56
SPE(SystemPolicyEditor)
overviewof,474–476
registryeditingtool,359–360
speed
DSLvs.ISDN,124
![Page 695: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/695.jpg)
LANsvs.WANs,116
selectingnetworkspeedforSOHOnetworkdesign,155
wiredvs.wirelessnetworks,99
spoofing,packetfilters,443
SQE(signalqualityerrors),169
SRT(sourceroutetransparent)bridging,63
SSAP(SessionServiceAccessPoint),33
SSAP(sourceserviceaccesspoint),184
SSDs(solid-statedrives),498–499
SSID(servicesetidentifier)
configuringwirelessrouters,452
risksrelatedtounsecuredhomenetworks,458
securinghomenetworks,453
settingupwirelessaccesspoints,451
SSLhandshakeprotocol(SSLHP),441
SSLrecordprotocol(SSLRP),441–442
SSL(SecureSocketsLayer)
encryptionand,460
overviewof,440
SSLhandshakeprotocol,441
SSLrecordprotocol,441–442
SSLHP(SSLhandshakeprotocol),441
SSLRP(SSLrecordprotocol),441–442
ST(straight-tip)connectors
networkinterfaceinNICselection,44
usewithfiber-opticcable,94
UTPcabling,175
STA(spanningtreealgorithm),56
stackablehubs
hubconfigurations,53
overviewof,54–55
stand-alonehubs,53
![Page 696: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/696.jpg)
standards
ANSI.SeeANSI(AmericanNationalStandardsInstitute)
Ethernet,166–168
IEEE.SeeIEEE(InstituteofElectricalandElectronicEngineers)
IETF.SeeIETF(InternetEngineeringTaskForce)
networking,10–11
NFS,393
PPPstandards,247
TCP/IPstandards,236
USOCstandardforconnectorpinouts,89–90
X.509standardforcertificates,435
standards,cable
datalinklayer,84
overviewof,81–82
TIA/EIA-568,82–84
standbymonitors,TokenRing,216
starbustopology
cablingpatterns,6
configurationofEthernethubs,212
inFDDI,221
multiportrepeaters,9
selectingWANprotocolforinternetworkdesign,159
TokenRingand,210
star(hubandspoke)topology,6
Startmenu,lockingdownWindowsinterface,477–478
startofauthority(SOA),DNSresourcerecords,292
startofframedelimiter,inEthernetframe,181
stateless,NFSservers,393
staticrouting,68–69,262
stationmanagement(SMT)layer,FDDI,224,228–231
storage
hardwareforcluster,143
![Page 697: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/697.jpg)
HSM.SeeHSM(hierarchicalstoragemanagement)
storeandforward
byhubs,51
typesofswitches,73–74
STP(shieldedtwisted-pair)cable
100BaseEthernetrunningon,189
cabletesters,493–494
FibreChanneland,145
overviewof,92–93
TokenRingand,210
straightthroughwiring
RJ-45connectors,53
UTPcable,91
straight-tipconnectors.SeeST(straight-tip)connectors
streamingdata,writingdatatotapedrives,509
strippingstate,TokenRing,216
SUA(SubsystemforUnix-basedApplications)
accessingUnixsystems,419
UnixinterfaceforWindows7,419–420
UnixinterfaceforWindows8,420
subdomains,290–291
subnetmasks
IPaddressesand,239
subnettingand,242–243
subnetobjects,associationwithsitesandservers,374
subnets,identifiersinIPaddresses,242–243
SubnetworkAccessProtocol(SNAP),186
subscriber,standard,orSiemonconnector(SC),usewithfiber-opticcable,94
SubsystemforUnix-basedApplications.SeeSUA(SubsystemforUnix-basedApplications)
supervisoryformat,LLCcontrolfield,185
support,ATM,135
SVC(switchedvirtualcircuits)
![Page 698: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/698.jpg)
ATM,134
framerelay,129
switches
defined,9
full-duplexEthernetand,187
Layer3switching,76–77
multiple-layerswitching,77
overviewof,72–73
routingvs.switching,75
typesof,73–75
virtualLANs,75–76
switchinghubs,full-duplexEthernetusing,187
switchingservices,WANs,125–127
symboliclinks,referencingobjectsinWindows,349–350
symmetricmultiprocessing(SMP)
hardwareandsoftware,140–141
overviewof,140
symmetricaldigitalsubscriberline(SDSL),125
SYNmessages,TCP,274–276
SynchronousDigitalHierarchy(SDH),136
SynchronousOpticalNetwork(SONET),136
system
checkingcapabilityforjoiningTokenRing,214–215
operationalstatesinTokenRing,215–216
systemareanetworks.SeeSANs(systemareanetworks)
systempolicies
deploying,479
files,476
restrictingworkstationaccess,476–479
templates,474–476
WindowsOSs,359–360
SystemPolicyEditor(SPE)
![Page 699: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/699.jpg)
overviewof,474–476
registryeditingtool,359–360
T
T-1lines
addingtoframerelay,129
leased-lineapplications,120–121
leased-linehardware,120
NorthAmericantypes,119–120
PBX,118
T-connectors,BNC,174
TA(transmitteraddress),MACframeaddressfield,110
tapedrives.Seemagnetictape
taskbar,lockingdownWindowsinterface,478
tasks,WindowsOSs,349
TCP/IP(TransmissionControlProtocol/InternetProtocol)
architectureof,236–237
ARP,253–255
attributes,235–236
authenticationprotocolsinPPP,250
datagramfragmenting,259–260
datagrampacking,256–259
DNSnames,244–245
ICMP,266
ICMPerrormessages,266–270
ICMPquerymessages,270–271
IPaddressclasses,240–241
IPaddressregistration,239–240
IPaddressing,256
IP(InternetProtocol),255–256
IPversions,237
ipconfigcommand,490
![Page 700: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/700.jpg)
IPv4,237–239
IPv6,263–264
IPv6addressstructure,265
IPv6addresstypes,264–265
LCPframeinPPP,248–250
netstatcommand,488–490
networkaddressing,8
networkcontrolprotocolsinPPP,250–251
nslookuputility,490
overviewof,235
pathpingutility,487
pingutility,483,485–487
portsandsockets,244
PPPconnections,251–253
PPPframeformat,247–248
PPP(Point-to-PointProtocol),246–247
protocolstack,14
routecommand,488
routing,261–262
SLIP(SerialLineInternetProtocol),245–246
specialIPaddresses,241–242
standard,236
subnetmasks,239
subnetting,242–243
taskoffloading,414
TCP,272
TCPconnectionestablishment,274–276
TCPconnectiontermination,280–281
TCPdatatransfer,277–279
TCPerrorcorrection,279–280
TCPheader,273–274
traceroute(tracert)utility,487–488
![Page 701: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/701.jpg)
UDP,271–272
Unixusing,385
unregisteredIPaddresses,241
utilities,483
Windowsnetworkingarchitecturebasedon,412
TCP(TransmissionControlProtocol)
connectionestablishment,274–276
connectiontermination,280–281
datatransfer,277–279
encapsulationand,17
errorcorrection,279–280
header,273–274
operatingattransportlayerofTCP/IPsuite,237
overviewof,272
three-wayhandshake,339–340
transportlayerfunctions,29
TD(transportdata),straightthroughwiringand,53
TDI(TransportDriverInterface),353–354
TDM(timedivisionmultiplexing),digitalleasedlines,120
TDR(timedomainreflectometry),inworst-casepathcalculation,179
TE1(terminalequipment1),ISDN,123–124
TE2(terminalequipment2),ISDN,124
TechNetEvaluationCenter,Microsofttechnicalsupport,347
technicalsupport,347–348
TelecommunicationsIndustryAssociation.SeeTIA(TelecommunicationsIndustryAssociation)
TelecommunicationsStandardizationSectorofInternationalTelecommunicationsUnion(ITU-T),13
telecommunications,WANs,114–115
Telenet,precursorstocloudcomputing,399
telephonesystem,asexampleofcircuitswitchingnetwork,5
televisioncablemodems,86
telnetcommand
![Page 702: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/702.jpg)
applicationsavailabletoUnixclients,418
overviewof,389
UnixDARPAcommands,392
templates,systempolicies,474–476
terminalequipment1(TE1),ISDN,123–124
terminalequipment2(TE2),ISDN,124
tftpcommand,Unix,392–393
TGS(ticket-grantingservice),434
TGT(ticket-grantingticket),434
ThickEthernet(10Base-5)
historyof,166
maximumcollisiondiameter,177
overviewof,172–173
physicallayeroptions,172
RG-8/U,85
ThinEthernet(10Base-2),173–174
historyof,166
maximumcollisiondiameter,177
physicallayeroptions,172
RG-58,85–86
threads,WindowsOSs,349
three-wayhandshake,TCP,339–340
Thunderbolt,connectionsforbackupdevices,498,501
TIA(TelecommunicationsIndustryAssociation)
cablecategories,80
cablingstandards,82
TIA/EIA-568standard,82–84
TIA/EIA-568standardcolorcodes,87
TIA/EIA-568standardforconnectorpinouts,89–90
ticket-grantingservice(TGS),434
ticket-grantingticket(TGT),434
timedivisionmultiplexing(TDM),digitalleasedlines,120
![Page 703: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/703.jpg)
timedomainreflectometry(TDR),inworst-casepathcalculation,179
timeexceeded,ICMPerrormessages,269–270
TimetoLive(TTL)
cachedatapersistence,297
discardingpacketsand,70
timingcalculations
for100BaseEthernet,193–194
calculatingnetworkperformanceoverEthernet,178–180
TLS(TransportLayerSecurity),460
token-basedauthentication,435–436
tokenframe,TokenRing,218
tokenpassing
FDDI,228
monitoring,216
TokenRing,213–214
typesofmediaaccesscontrol,8,24
TokenRing
bridgingEthernetandTokenRingnetworks,61–62
cablingoptions,210
calculatingadjustedringlength,213
DifferentialManchester,21–22
errors,218–220
fragmentingand,26
frames,218
MACaddresses,23
MAUs,52–53,211–213
monitors,216–218
NICs,211
overviewof,209
packetfragmentation,70
physicallayer,209–210
STPcableusedwith,92
![Page 704: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/704.jpg)
systemcapabilityforjoining,214–215
systemoperationalstates,215–216
tokenpassing,213–214
translationalbridging,62
typesofmediaaccesscontrol,24
tokens
comparingTokenRingandEthernet,209
defined,213
top-leveldomains,287–288
topologies
bus,54
cablingpatterns,5–7
FDDI,221–224
FibreChannel,145–146
fullmesh,159–160
infrastructure,101,451
physicallayer,101–104
physicalvs.logical,8
protocolscontrastedwith,22
ring,209–210,221
starbus,9,159,210,212
WAN,115–117
TP(twistedpair)-PMDstandard,FDDIsublayers,224–225
TP0toTP4,classesoftransportlayerprotocols,28
traceroute(tracert)utility
overviewof,487–488
Unixand,389
traffic,accessingwirelessnetworks,98
transactionstate,POP3,340
transceivers
physicallayersignaling,19
forThickNetcabling,173
![Page 705: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/705.jpg)
transfersyntax,presentationlayer,33
transitivetrusts,trustrelationshipsbetweendomains,366
translationalbridging,62
TransmissionControlProtocol.SeeTCP(TransmissionControlProtocol)
TransmissionControlProtocol/InternetProtocol.SeeTCP/IP(TransmissionControlProtocol/InternetProtocol)
transmissionpower
accessingwirelessnetworks,98
LANsvs.WANs,116
transmissionrates
DSL,124
NICselectionand,43
transmitstate,TokenRing,215
transmitteraddress(TA),MACframeaddressfield,110
transparentbridging
bridgingEthernetandTokenRingnetworks,61–62
overviewof,58
sourceroutetransparentbridging,63
transportdata(TD),straightthroughwiringand,53
TransportDriverInterface(TDI),353–354
transportlayer,ofOSImodel
errordetectionandrecovery,29–30
flowcontrol,29
overviewof,27
protocolfunctions,29
protocolservicecombinations,27–28
segmentationandreassemblyofpackets,29
TransportLayerSecurity(TLS),460
trees,ActiveDirectory
objectsin,364
overviewof,367–368
planning,375–376
troubleshootingtools.Seeutilities
![Page 706: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/706.jpg)
truncatedbinaryexponentialbackoff,collisionsand,170
trunkring,double-ringinFDDI,221
trust,relationshipsbetweendomains,366
TTL(TimetoLive)
cachedatapersistence,297
discardingpacketsand,70
TVservice,overcoaxialcable,86
TWA(two-wayalternate)
dialogcontrolinsessionlayer,31
dialogseparationinsessionlayer,32
twistperinch,cablecategories,87
twistedpaircable
cablecategories,87–89
connectorpinouts,89–92
overviewof,86
STP(shieldedtwistedpair),92–93
UTP(unshieldedtwistedpair),86–88
Twisted-PairEthernet(10Base-T/100Base-T),172,174–175
twistedpair(TP)-PMDstandard,FDDIsublayers,224–225
two-factorauthentication,435–436
two-wayalternate(TWA)
dialogcontrolinsessionlayer,31
dialogseparationinsessionlayer,32
TWS(two-waysimultaneous)
dialogcontrolinsessionlayer,31
dialogseparationinsessionlayer,32
U
UDCs(universaldataconnectors),210
UDP(UserDatagramProtocol)
DNSmessagingand,301
encapsulationand,17
![Page 707: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/707.jpg)
operatingattransportlayerofTCP/IPsuite,237
overviewof,271–272
transportlayerfunctions,29
UDRP(UniformDomainNameResolutionPolicy),289
unboundedmedia
defined,97
physicallayer,101
UNC(UniformNamingConvention)
UnixOSs,419
WindowsOSs,354
UNI(UserNetworkInterface),ATM,133
unicastaddresses,IPv6,264–265
UniformDomainNameResolutionPolicy(UDRP),289
UniformNamingConvention(UNC)
UnixOSs,419
WindowsOSs,354
uniformresourcelocators(URLs)
elementsforidentifying/locatingresources,314–315
socketsand,244
unique-localaddresses,IPv6,265
universaldataconnectors(UDCs),210
UniversalSerialBus(USB)
connections,44
connectionsforbackupdevices,498–500
Unixclients
applicationsfor,418
overviewof,418
Windows7andWindows8interfaces,419–420
UnixOSs
advantagesofLinuxover,379
architecture,387–388
BSDUnix,389
![Page 708: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/708.jpg)
clientaccess,418–419
client/servernetworking,393–395
DARPAcommands,392–393
hostsfile,283
networkingwith,389
NFS(NetworkFileSystem),393–395
overviewof,385–386
permissions,430–431
principles,386–387
remotecommands,390–392
routingtables,67
selectingcomputersforSOHOdesign,153–154
UnixSystemV,388–389
versions,388
UnixSystemV,388–389
unshieldedcables,81
unshieldedtwistedpair.SeeUTP(unshieldedtwistedpair)
unsignalederrors,errordetectionattransportlayer,30
updatesequencenumbers(USNs),directoryreplicationand,370
updatestate,POP3,341
uplinkport,hubs,53–54
UPN(userprinciplename),assignedtouserobjects,366–367
URLs(uniformresourcelocators)
elementsforidentifying/locatingresources,314–315
socketsand,244
USB(UniversalSerialBus)
connections,44
connectionsforbackupdevices,498–500
UserDatagramProtocol.SeeUDP(UserDatagramProtocol)
usermodecomponents,WindowsOSs,351–352
UserNetworkInterface(UNI),ATM,133
userprinciplename(UPN),assignedtouserobjects,366–367
![Page 709: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/709.jpg)
userprofiles
creatingdefaultuserprofile,474
mandatoryprofiles,473
overviewof,470–472
replicating,473–474
roamingprofiles,472–473
username,securinghomenetworks,453
users
Unixpermissions,431
Windowspermissions,426–428
USNs(updatesequencenumbers),directoryreplicationand,370
USOCstandard,forconnectorpinouts,89–90
utilities
agentsusedwithnetworkanalyzers,492
cabletesters,493–494
filters,491–492
ipconfigcommand,490
NETcommands,483–485
netstatcommand,488–490
networkanalyzers,490–491
nslookuputility,490
pathping,487
pingutility,483,485–487
protocolanalyzers,493
routecommand,488
TCP/IP,483
traceroute(tracert)utility,487–488
trafficanalyzers,492
WindowsOSs,481–483
UTP(unshieldedtwistedpair)
100BaseEthernetrunningon,189
cablecategories,87–89
![Page 710: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/710.jpg)
cablelengthonEthernetnetworks,51
cableoptionsinTokenRing,210
cabletesters,493–494
compatibilityofcoppercablewithfiber-optic,159
connectorpinouts,89–92
Ethernetcablingstandards,178
overviewof,86–88
physicallayercablingand,18
selectingnetworkmedium,154–155
straightthroughwiringand,53
Twisted-PairEthernet(10Base-T/100Base-T),174–175
V
vampiretap,173
VC(virtualchannel),ATM,134
VCI(virtualchannelidentifier),ATMcells,133
VCs(virtualcircuits)
ATM,134
framerelay,129
packet-switchingservices,127
VDSL(veryhighbit-ratedigitalsubscriberline),125
VeriSigncertificateauthority,435
veryhighbit-ratedigitalsubscriberline(VDSL),125
videoadapter,138
virtualchannelidentifier(VCI),ATMcells,133
virtualchannel(VC),ATM,134
virtualcircuits.SeeVCs(virtualcircuits)
virtualdirectories,webservers,317
virtualmemory,350
virtualpathidentifier(VPI),ATMcells,133
virtualpath(VP),ATM,134
virtualprivatenetworks(VPNs)
![Page 711: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/711.jpg)
encryptionand,461
inevolutionofcloudcomputing,399
VLANs(virtualLANs),75–76
VMM(VirtualMemoryManager),inWindowsOSs,350
voicetelecommunications,PBX,118
voidframes,in100VG-AnyLAN,205
volumes,encrypting,459
VP(virtualpath),ATM,134
VPI(virtualpathidentifier),ATMcells,133
VPNs(virtualprivatenetworks)
encryptionand,461
inevolutionofcloudcomputing,399
vulnerabilities,wirelessnetworks,458–459
W
W3C(WorldWideWebConsortium)
ExtendedLogFileformat,316
foundingofWorldWideWeband,399
Wake-on-LAN(WoL),NICfeatures,42
WANs(wideareanetworks)
ATM,130–135
connectingtoremotenetworks,159
datacentersprovidingaccessto,161–162
DSL,124–125
firewallsand,442
framerelay,127–130
ISDN,121–124
leasedlines,118–121
localareanetworkscomparedwith,9–10
overviewof,113–114
PSTNconnections,117–118
routerapplicationsand,64
![Page 712: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/712.jpg)
selectingtopology,115–117
selectingWANprotocolforinternetworkdesign,159–160
SONET,136
switchingservices,125–127
telecommunicationsand,114–115
WAPs(wirelessaccesspoints)
accessingwirelessnetworksanddistancefrom,98
defined,97–98
overviewof,450
settingup,450–451
webservers
functionsof,314–317
HTTProleinbrowser/servercommunication,318
overviewof,313
selecting,314
well-knownports,244
WEP(WiredEquivalentPrivacy)
backingupwirelessnetworks,501
risksrelatedtounsecuredhomenetworks,458
whitelists,securinghomenetworks,454
wholedisk(full-disk)encryption,459
Wi-FiProtectedAccess.SeeWPA(Wi-FiProtectedAccess)
Wi-FiProtectedSetup(WPS),459
wideareanetworks.SeeWANs(wideareanetworks)
WiFi,asmostwidelyusedwirelessnetwork,98
Win16environmentsubsystem,351–352
Win32environmentsubsystem,351
Windows7
accessingcommandprompt,482
interfaceforUnixclients,419–420
settingenvironmentvariables,466–467
versionsofWindowsnetworkoperatingsystems,346
![Page 713: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/713.jpg)
Windows8
accessingcommandprompt,482
interfaceforUnixclients,420
settingenvironmentvariables,467
versionsofWindowsnetworkoperatingsystems,346–347
Windows2000,346
Windowsclients
clientservices,414–415
NDISdriversforWindowsclients,413–414
overviewof,411–412
protocoldriversforWindowsclients,414
Windowsnetworkarchitecture,412–413
WindowsExplorer(Windows7),482
WindowsforWorkgroups,411
WindowsInternetNamingService(WINS)
comparingDNSandActiveDirectory,368
asoptionalWindowsnetworkingservice,361
WindowsManager,351
WindowsNT,346
WindowsOSs
accessingcommandpromptinWindows7and8,482
APIsand,355–356
controlpanel,359
drivemappings,468–470
filepermissions,425
filesystems,356–357
folderpermission,424–425
kernelmodecomponents,348–351
lockingdownWindowsinterfacewithsystempolicies,477
Microsofttechnicalsupport,347–348
NDISdriversforWindowsclients,413–414
NDIS(NetworkDriverInterfaceSpecification),353
![Page 714: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/714.jpg)
NETcommands,483–485
networkingarchitecture,352–353
NTFSpermissions,428–430
optionalnetworkingservices,360–361
overviewandroleof,345
registry,357–359
registryeditors,360
routingtables,67
securitymodel,422–424
selectingcomputersforSOHOdesign,153–154
server-basedapplications,464–465
server-basedOSs,464
Serverservice,355
servicepacks,347
services,352
settingenvironmentvariables,466–467
storingdatafiles,465–466
systemandgrouppolicies,359–360
TDI(TransportDriverInterface),353–354
userandgrouppermissions,426–428
usermodecomponents,351–352
utilities,481–483
versions,346–347
Windows7interfaceforUnixclients,419–420
Windows8interfaceforUnixclients,420
Workstationservice,354–355
WindowsSockets(Winsock),355–356
WindowsVista,346
WindowsXP,346
WINS(WindowsInternetNamingService)
comparingDNSandActiveDirectory,368
asoptionalWindowsnetworkingservice,361
![Page 715: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/715.jpg)
Winsock(WindowsSockets),355–356
WiredEquivalentPrivacy(WEP)
backingupwirelessnetworks,501
risksrelatedtounsecuredhomenetworks,458
wirelessaccesspoints.SeeWAPs(wirelessaccesspoints)
wirelessLANs.SeeWLANs(wirelessLANs)
wirelessnetworks
advantagesanddisadvantagesof,98–99
applicationsof,98–100
backingup,501
components,447–448
configuringwirelessrouters,451–453
encryptionand,459–461
invasiontoolsandvulnerabilities,458–459
overviewof,97–98
risksrelatedtounsecuredhomenetworks,457–458
routertypes,448–450
securingbusinessnetwork,455–456
securinghomenetwork,453–455
securingmobiledevices,456–457
securingwirelessrouters,456
transmissionover,450
typesof,98
WAPs(wirelessaccesspoints),450–451
wirelessrouters.Seerouters,wireless
wiringclosets,internetworkdesign,161
WLANs(wirelessLANs)
datalinklayer,110–113
IEEE802.11standards,100
overviewof,97
physicallayerframes,106–108
physicallayermedia,101–106
![Page 716: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/716.jpg)
physicallayertopologies,101–104
wirelessnetworks,97–100
WoL(Wake-on-LAN),NICfeatures,42
workgroups,connectingcomputersinto,5
Workstationservice,WindowsOSs,354–355
workstations
administrationof,463
capabilityforjoiningTokenRing,214–215
connectingtoFDDInetwork,222
controlling,468
creatingmandatoryprofiles,473
creatingroamingprofiles,472–473
drivemappings,468–470
NICselectionand,48
policiesforrestrictingaccess,476–479
registryof,474
replicatingprofiles,473–474
userprofilesand,470–471
WorldWideWebConsortium(W3C)
ExtendedLogFileformat,316
foundingofWorldWideWeband,399
WorldWideWeb,foundingof,399
worst-casepath
for100BaseEthernet,194
calculatingnetworkperformance,179–180
WPA(Wi-FiProtectedAccess)
backingupwirelessnetworks,501
risksrelatedtounsecuredhomenetworks,458
securinghomenetworkswithWPA2,454
WPS(Wi-FiProtectedSetup),459
wrappedring,FDDItopology,221
writeerrors,magnetictape,510
![Page 717: index-of.co.ukindex-of.co.uk › Networking › Networking The Complete... · About the Author Bobbi Sandberg is a small business consultant and retired CPA who has been a trainer,](https://reader033.vdocuments.us/reader033/viewer/2022060320/5f0cea4b7e708231d437c2b5/html5/thumbnails/717.jpg)
X
X.509,ITU-Tstandardforcertificates,435
XDR(ExternalDataRepresentation),393
XPS,Linuxfilesystems,380
Z
zones,DNS
breakingdomainnamespaceintoadministrativezones,291
transfermessages,310–312
transfers,300–301