Networking Guide Part 3 - TCP/IP Fundamentals

Networking Guide Part 3 - TCP/IP Fundamentals

Introducing TCP/IP
Because TCP/IP is so central to working with the Internet and with intranets, you should understand it in detail. You’ll start with some background on TCP/IP and how it came about and then move on to the descriptions of the technical goals defined by the original designers. Then you’ll get a look at how TCP/IP compares to a theoretical model, the Open Systems Interconnect (OSI) model.


A Brief History of TCP/IP
The TCP/IP protocol was first proposed in 1973, but it was not until 1983 that a standardized version was developed and adopted for wide area use. In that same year, TCP/IP became the official transport mechanism for all connections to ARPAnet, a forerunner of the Internet.

Much of the original work on TCP/IP was done at the University of California at Berkeley, where computer scientists were also working on the Berkeley version of Unix (which eventually grew into the Berkeley Software Distribution [BSD] series of Unix releases). TCP/IP was added to the BSD releases, which in turn was made available to universities and other institutions for the cost of a distribution tape. Thus, TCP/IP began to spread in the academic world, laying the foundation for today’s explosive growth of the Internet and of intranets as well.

During this time, the TCP/IP family continued to evolve and add new members. One of the most important aspects of this growth was the continuing development of the certification and testing program carried out by the U.S. government to ensure that the published standards, which were free, were met. Publication ensured that the developers did not change anything or add any features specific to their own needs. This open approach has continued to the present day; use of the TCP/IP family of protocols virtually guarantees a trouble-free connection between many hardware and software platforms.



TCP/IP Design Goals
When the U.S. Department of Defense began to define the TCP/IP network protocols, their design goals included the following:

TCP/IP had to be independent of all hardware and software manufacturers. Even today, this is fundamentally why TCP/IP makes such good sense in the corporate world: It is not tied to IBM, Novell, Microsoft, DEC, or any other specific company.

It had to have good built-in failure recovery. Because TCP/IP was originally a military proposal, the protocol had to be able to continue operating even if large parts of the network suddenly disappeared from view, say, after an enemy attack.

It had to handle high error rates and still provide completely reliable end-to-end service.

It had to be efficient and have a low data overhead. The majority of data packets using the IP protocol have a simple, 20-byte header, which means better performance in comparison with other networks. A simple protocol translates directly into faster transmissions, giving more efficient service.

It had to allow the addition of new networks without any service disruptions.

As a result, TCP/IP was developed with each component performing unique and vital functions that allowed all the problems involved in moving data between machines over networks to be solved in an elegant and efficient way. Before looking at both TCP and IP individually, you should understand where TCP/IP fits into the broader world of network protocols and, particularly, how it compares to the theoretical reference model published by the International Organization for Standardization (ISO) as the OSI model.

Benefits of Using TCP/IP over Other Networking Protocols

There are several benefits to using the TCP/IP networking protocol:

TCP/IP is a widely published open standard and is completely independent of any hardware or software manufacturer.

TCP/IP can send data between different computer systems running completely different operating systems, from small PCs all the way to mainframes and everything in between.

TCP/IP is separated from the underlying hardware and will run over Ethernet, Token Ring, or X.25 networks and even over dial-up telephone lines.

TCP/IP is a routable protocol, which means it can send datagrams over a specific route, thus reducing traffic on other parts of the network.

TCP/IP has reliable and efficient data-delivery mechanisms.

TCP/IP uses a common addressing scheme. Therefore, any system can address any other system, even in a network as large as the Internet

(The popularity that the TCP/IP family of protocols enjoys today did not arise just because the protocols were there, or even because the U.S. government mandated their use. They are popular because they are robust, solid protocols that solve many of the most difficult networking problems, and do so in an elegant and efficient way.)

TCP/IP and the OSI Model

The OSI Model,” the OSI model divides computer-to-computer communications into seven connected layers; TCP/IP uses the Department of Defense (DoD) model, which describes communications in only four layers.
As you may remember from the OSI model, these layers are as follows:

Application Layer The highest layer; defines the manner in which applications interact with the network—including databases, e-mail, and terminal-emulation programs.

Presentation Layer Defines the way in which data is formatted, presented, converted, and encoded.

Session Layer Coordinates communications and maintains the session for as long as it is needed—performing security, logging, and administrative functions.

Transport Layer Defines protocols for structuring messages and supervises the validity of the transmission by doing some error checking.

Network Layer Defines data-routing protocols to ensure that the information arrives at the correct destination node.

Data Link Layer Validates the integrity of the flow of the data from one node to another by synchronizing blocks of data and controlling the flow.

Physical Layer Defines the mechanism for communicating with the transmission medium and the interface hardware.

(Note:- Although no commercially available networking protocol follows the OSI model exactly, most perform all the same functions.)


In the DoD model, the four layers are as follows:
Process/Application Layer The highest layer; applications such as FTP, Telnet, and others interact through this layer.

Host-to-Host Layer TCP and other protocols add transport data to the data packet.

Internet Layer Adds IP information to the packet.

Network Access Layer Defines the mechanism for communicating with the transmission medium and the interface hardware.

Each layer adds its own header and trailer data to the basic data packet and encapsulates the data from the layer above. On the receiving end, this header information is stripped, one layer at a time, until the data arrives at its final destination.

Now let’s look at how TCP and IP work together.

The Transmission Control Protocol

Transmission Control Protocol (TCP) is the transmission layer of the protocol and serves to ensure a reliable, verifiable data exchange between hosts on a network. TCP breaks data into pieces, first wrapping it with the information needed to route it to its destination and then reassembling the pieces at the receiving end of the communications link. The wrapped and bundled pieces are called datagrams . TCP puts a header on the datagram that provides the information needed to get the data to its destination. The most important information in the header includes the source and destination port numbers, a sequence number for the datagram, and a checksum.

The source port number and the destination port number ensure that the data is sent back and forth to the correct process running on each computer. The sequence number allows the datagrams to be rebuilt in the correct order in the receiving computer, and the checksum allows the protocol to check whether the data sent is the same as the data received. It does this by first totaling the contents of a datagram and inserting that number in the header. This is when IP enters the picture. Once the header is in the datagram, TCP passes the datagram to IP to be routed to its destination. The receiving computer then performs the same calculation, and if the two calculations do not match, an error has occurred somewhere along the line, and the datagram is re-sent.

In addition to the source and destination port numbers, the sequence number, and the checksum, a TCP header contains the following information:
Acknowledgment Number Indicates that the data was received successfully. If the datagram is damaged in transit, the receiver throws the data away and does not send an acknowledgment back to the sender. After a predefined time-out expires, the sender retransmits the data for which no acknowledgment was received.

Offset Specifies the length of the header.
Reserved Variables set aside for future use.
Flags Indicates that this packet is the end of the data or that the data is urgent.
Window Provides a way to increase packet size, which improves efficiency in data transfers.
Urgent Pointer Gives the location of urgent data.
Options A set of variables reserved for future use or for special options as defined by the user of the protocol.
Padding Ensures that the header ends on a 32-bit boundary.
The data in the packet immediately follows this header information.

The Actual Use of TCP Communications

The following list summarizes the TCP process:
Flow control allows two systems to cooperate in datagram transmission to prevent overflows and lost packets.

Acknowledgment lets the sender know that the recipient has received the information.

Sequencing ensures that packets arrive in the proper order.

Checksums allow easy detection of lost or corrupted packets.

Retransmission of lost or corrupted packets is managed in a timely way.

The Internet Protocol
The Network layer portion of TCP/IP is called Internet Protocol. IP is what actually moves the data from point A to point B, a process that is called routing.

IP is referred to as connectionless; that is, it does not swap control information (or handshaking information) before establishing an end-to-end connection and starting a transmission. The Internet Protocol must rely on TCP to determine that the data arrived successfully at its destination and to retransmit the data if it did not. IP’s only job is to route the data to its destination. In this effort, IP inserts its own header in the datagram once it is received from TCP. The main contents of the IP header are the source and destination addresses, the protocol number, and a checksum.

Note You may sometimes hear IP described as unreliable because it contains no error detection or recovery code.

Without the header provided by IP, intermediate routers between the source and destination—commonly called gateways —would not be able to determine where to route the datagram

The fields in the IP header include the following:

Version Defines the IP version number. Version 4 is the current standard, and values of 5 or 6 indicate that special protocols are being used. IP version 6 is currently supported by the newest equipment and is quickly becoming the new standard.

IHL (Internet Header Length) Defines the length of the header information. The header length can vary; the default header is five 32-bit words, and the sixth word is optional.

TOS (Type of Service) Indicates the kind or priority of the required service.

Total Length Specifies the total length of the datagram, which can be a minimum of 576 bytes and a maximum of 65,536 bytes.

Identification Provides information that the receiving system can use to reassemble fragmented datagrams.

Flags The first flag bit specifies that the datagram should not be fragmented and must therefore travel over subnetworks that can handle the size without fragmenting it; the second flag bit indicates that the datagram is the last of a fragmented packet.

Fragmentation Offset Indicates the original position of the data and is used during reassembly.

Time to Live Originally, the time in seconds that the datagram could be in transit; if this time was exceeded, the datagram was considered lost.

Now interpreted as a hop count and usually set to the default value of 32 (for 32 hops), this number is decremented by each router through which the packet passes.

Protocol Identifies the protocol type, allowing the use of non-TCP/IP protocols. A value of 6 indicates TCP, and a value of 17 indicates User Datagram Protocol (UDP).

Header Checksum An error-checking value that is recalculated at each stopover point; necessary because certain fields change.

TCP Header The header added by the TCP part of the protocol suite.

The data in the packet immediately follows this header information.


Gateways and Routing

As you already know, routing is the process of getting your data from point A to point B. Routing datagrams is similar to driving a car. Before you drive off to your destination, you determine which roads you will take to get there. And sometimes along the way, you may change your mind and alter your route.

The IP portion of the TCP/IP protocol inserts its header in the datagram, but before the datagram can begin its journey, IP determines whether it knows the destination. If it does know it, IP sends the datagram on its way. If it doesn’t know and can’t find out, IP sends the datagram to the host’s default gateway.

Each host on a TCP/IP network has a default gateway, an off-ramp for datagrams not destined for the local network. They’re going somewhere else, and the gateway’s job is to forward them to that destination if it knows where it is. Each gateway has a defined set of routing tables that tell the gateway the route to specific destinations.

Because gateways don’t know the location of every IP address, they have their own gateways that act just like any TCP/IP host. In the event that the first gateway doesn’t know the way to the destination, it forwards the datagram to its own gateway. This forwarding, or routing, continues until the datagram reaches its destination. The entire path to the destination is known as the route.

Datagrams intended for the same destination may actually take different routes to get there. Many variables determine the route. For example, overloaded gateways may not respond in a timely manner or may simply refuse to route traffic, and so they time out. That time-out causes the sending gateway to seek an alternate route for the datagram.

Routes can be predefined and made static, and alternate routes can be predefined, providing a maximum probability that your datagrams travel via the shortest and fastest route.

The Application Protocols

The following 12 applications were built on top of the TCP/IP protocol suite and are available on most implementations

Simple Network Management Protocol (SNMP)
SNMP allows network administrators to collect information about the network. It is a communications protocol for collecting information about devices on the network, including hubs, routers, and bridges. Each piece of information to be collected about a device is defined in a Management Information Base (MIB). SNMP uses UDP to send and receive messages on the network.

File Transfer Protocol (FTP)
FTP provides a mechanism for single or multiple file transfers between computer systems; when written in lowercase as “ftp,” it is also the name of the client software used to access the FTP server running on the remote host. The FTP package provides all the tools needed to look at files and directories, change to other directories, and transfer text and binary files from one system to another. FTP uses TCP to actually move the files.

Trivial File Transfer Protocol (TFTP)
TFTP is a “stripped down” version of FTP, primarily used to boot diskless workstations and to transfer boot images to and from routers. It uses a reduced feature set (fewer commands and a smaller overall program size). In addition to its reduced size, it also uses UDP instead of TCP, which makes for faster transfers, but with less reliability.

Simple Mail Transfer Protocol (SMTP)
SMTP allows for a simple e-mail service and is responsible for moving messages from one e-mail server to another. The e-mail servers run either Post Office Protocol (POP) or Internet Mail Access Protocol (IMAP) to distribute e-mail messages to users.

Post Office Protocol (POP)
POP provides a storage mechanism for incoming mail; the latest version of the standard is known as POP3. When a client connects to a POP3 server, all the messages addressed to that client are downloaded; there is no way to download messages selectively. Once the messages are downloaded, the user can delete or modify messages without further interaction with the server. In some locations, POP3 is being replaced by another standard, IMAP.

Internet Mail Access Protocol (IMAP)
IMAP allows users to download mail selectively, look at the message header, download just a part of a message, store messages on the e-mail server in a hierarchical structure, and link to documents and Usenet newsgroups. Search commands are also available so that users can locate messages based on their subject, header, or content. IMAP has strong authentication features and supports the Kerberos authentication scheme originally developed at MIT.

Telnet
Telnet is a terminal emulation package that provides a remote logon to another host over the network.

Internet Control Message Protocol (ICMP)
ICMP works at the IP Network layer level and provides the functions used for Network layer management and control. Routers send ICMP messages to respond to undeliverable datagrams by placing an ICMP message in an IP datagram and then sending the datagram back to the original source. The Ping command—used in network troubleshooting and described in Chapter 5, “Major Network Operating Systems”—uses ICMP.

Hypertext Transfer Protocol (HTTP)
HTTP is the command and control protocol used to manage communications between a web browser and a web server. When you access a web page on the Internet or on a corporate intranet, you see a mixture of text, graphics, and links to other documents or other Internet resources. HTTP is the mechanism that opens the related document when you select a link, no matter where that document is actually located.

Note Secure Hypertext Transfer Protocol (which you will see abbreviated as SHTTP, S-HTTP, or even HTTPS) is a secure version of HTTP that provides a variety of security mechanisms to the transactions between a web browser and the server. S-HTTP allows browsers and servers to sign, authenticate, and encrypt an HTTP network packet.

Address Resolution Protocol (ARP)
ARP helps to reference the physical hardware address of a network node to its IP address. Under ARP, a network interface card (NIC) contains a table (known as the address resolution cache) that maps logical addresses to the hardware addresses of nodes on the network. When a node needs to send a packet, it first checks the address resolution cache to see if the physical address information is already present. If so, that address is used, and network traffic is reduced; otherwise, a normal ARP request is made to determine the address

Network Time Protocol (NTP)
NTP, originally developed by Professor David Mills at the University of Delaware, is used to synchronize (or set) computer clocks to some standard time source, which is usually a nuclear clock. This protocol (along with synchronization utilities) keeps all computers on a network set to the same time. Time synchronization is important because many transactions are time and date stamped (in a database, for example). If the time on a server is out of synchronization with the time on two different computers, even by just a few seconds, the server will get confused. For example, one computer can seemingly enter a transaction, but the server will indicate that it occurred before it actually did. Because this time problem will crash the database server, it is important that these servers (and workstations) use NTP.

User Datagram Protocol (UDP)
UDP is a Transport layer connectionless protocol that does not provide the reliability services available with TCP. UDP gives applications a direct interface with IP and the ability to address a specific application process running on a host via a port number without setting up a connection session. UDP also uses IP to deliver its packets.

The Novell NetWare IPX/SPX Protocol Suite

The Novell NetWare proprietary protocol suite consists of two main parts:

Internetwork Packet eXchange (IPX)

Sequenced Packet eXchange (SPX)

IPX is based on the Xerox Network System (XNS) protocol developed in the 1970s and is an internetworking protocol that provides datagram services in the Network layer and also provides routing services. IPX is very efficient and uses a simple addressing scheme that is based on a 4-byte network number, a 6-byte node number, and a 2-byte socket number. A network number is assigned to each segment in the network. The node number or hardware address identifies a specific network interface card or device, and the socket number identifies a particular process in the computer.

IPX packets consist of a 30-byte header that includes the network, node, and socket addresses for the source and the destination, followed by the data area, which can be from 30 bytes (just the header) to 65,535 bytes in length. Most networks impose a more realistic maximum packet size of about 1500 bytes.

The IPX packet header contains the following fields:
Checksum For data integrity checking.
Packet Length Length of the packet in bytes.
Transport Control Number of routers a packet can cross before being discarded.
Packet Type The service that created the packet.
Destination Network Network address of the destination network.
Destination Node Media access control (MAC) address of the destination node.
Destination Socket Address of the process running on the destination node. Source Network Network address of the source network.
Source Node MAC address of the source node.
Source Socket Address of the process running on the source node.

The other part of the protocol suite, SPX, works at the Transport layer and guarantees packet delivery by making the destination node verify that the data was received correctly. If no response is received within a specified time, SPX retransmits the packet. If several retransmissions fail to return an acknowledgment, SPX assumes the connection has failed and informs the outside world of the error condition. All packets in the transmission are sent in sequence, and they all take the same path to their destination.

If we compare the IPX/SPX protocol suite to the TCP/IP family, IP and IPX are connectionless datagram protocols, and SPX and TCP are connectionoriented protocols. IPX provides routing and internetwork services similar to IP, and SPX provides Transport layer services similar to TCP. Novell NetWare uses two routing protocols:

Routing Information Protocol (RIP)

NetWare Link Services Protocol (NLSP)

NLSP is more efficient at maintaining routing information and adapting to changes in the network configuration and allows large or small networks to be connected without causing routing inefficiencies. This is because NLSP doesn’t determine a route based on the number of routers, but rather on the individual route’s “cost” (a value determined by several factors like speed, available bandwidth, etc.).

NetWare Core Protocol (NCP) is the main protocol used to manage service requests between a client and a server. It includes routines for logon requests, for manipulating files and directories, for opening semaphores, for printing, and for creating and destroying service connections. NCP was designed with the assumption that client and server would be physically close; once a router is added to the system, and connections are made over a wide area link, NCP creates network traffic congestion.

Ports and Sockets Explained

On a TCP/IP network, data travels from a port on the sending computer to a port on the receiving computer. A port is an address that identifies the application associated with the data. The source port number identifies the application that sent the data, and the destination port number identifies the application that receives the data. Each port is assigned a unique 16-bit number in the range of 0 through 65535. Additionally, there are two types of ports, TCP and UDP, that are based on their respective protocols.

Today, the very existence of ports and their numbers is more or less transparent to the users of the network, as many ports are standardized. Thus, a remote computer will know which port it should connect to for a specific service. For example, all servers that offer Telnet services do so on TCP port 23, and web servers normally run on TCP port 80. This means that when you dial up the Internet to connect to a web server via the Internet, you automatically connect to port 80, and when you use Telnet, you automatically connect to port 23. The TCP/IP protocol uses a modifiable lookup table to determine the correct port for the data type. Table 3.1 lists some of the well-known port numbers for common protocols.

Well-Known Port Numbers for Common Protocols
UDP port 15 NETSTAT

TCP port 21 FTP

TCP port 23 Telnet

TCP port 25 SMTP

UDP port 53 DNS

UDP port 69 TFTP

TCP port 70 Gopher

TCP port 79 Finger

TCP/UDP port 80 HTTP

TCP port 110 POP3

UDP port 111 RPC

TCP port 119 NNTP (Network News Transfer Protocol)

TCP port 123 NTP

UDP port 137 NetBIOS name service

UDP port 161 SNMP network monitor

UDP port 2049 NFS

In multiuser systems, a program can define a port on the fly if more than one user requires access to the same service at the same time. Such a port is known as a dynamically allocated port and is assigned only when needed— for example, when two remote computers dial into a third computer and simultaneously request Telnet services on that system.

The combination of an IP address (more on IP addresses in a moment) and a port number is known as a socket. A socket identifies a single network process in terms of the entire Internet. Two sockets—one on the sending system and one on the receiving host—are needed to define a connection for connection-oriented protocols, such as TCP. You may hear or see the terms socket and port used as if they are interchangeable terms, but they are not.

Note In the Novell NetWare world, a socket is part of an IPX internetwork address and acts as a destination for the IPX data packet. Most socket numbers are allocated dynamically, but a few are associated with specific functions.

Sockets were first developed as a part of the BSD Unix system kernel, in which they allow processes that are not running at the same time or on the same system to exchange information. You can read data from or write data to a socket just as you can do with a file. Socket pairs are bidirectional so that either process can send data to the other.

Understanding IP Addressing

IP moves data between computer systems in the form of a datagram, and each datagram is delivered to the destination port number that is contained in the datagram header. This destination port number, or address, is a standard 16-bit number that contains enough information to identify the receiving network and the specific host on that network for which the datagram is intended.

In this section, you’ll learn what IP addresses are, why they are so necessary, and how they are used in TCP/IP networking. But first, let’s clear up a possible source of confusion: Ethernet addresses and IP addresses.

Ethernet Addresses Explained
You may remember from an earlier section that TCP/IP is independent of the underlying network hardware. If you are running on an Ethernet-based network, be careful not to confuse the Ethernet hardware address and the IP address required by TCP/IP.

Each Ethernet network card (and any other NIC, for that matter) has its own unique hardware address, known as the media access control (MAC) address. This hardware address is predefined and preprogrammed on the NIC by the manufacturer of the board as a unique 48-bit number.

The first three parts of this address are called the Organizationally Unique Identifier (OUI) and are assigned by the Institute of Electrical and Electronics Engineers (IEEE). Manufacturers purchase OUIs in blocks and then assign the last three parts of the MAC address, making each assignment unique. Remember that the Ethernet address is predetermined and is hard-coded onto the NIC. IP addresses, however, are very different.

IP Addresses Explained
TCP/IP requires that each computer on a TCP/IP network have its own unique IP address. There are two addressing schemes for TCP/IP: IPv4 and IPv6. You should know how each of these schemes differs.

IPv4
An IPv4 address is a 32-bit number, usually represented as a four-part number, with each of the four parts separated by a period or decimal point. You may also hear this method of representation called dotted decimal or quad decimal. In the IPv4 address, each individual byte, or octet as it is sometimes called, can have a value in the range of 0 through 255.

Note The term octet is the Internet community’s own term for an 8-bit byte. It came into common use because some of the early computers attached to the Internet had bytes of more than 8 bits; for example, DEC’s systems have blocks of 18 bits.


The way these addresses are used varies according to the class of the network, so all you can say with certainty is that the 32-bit IPv4 address is divided in some way to create an address for the network and an address for each host. In general, though, the higher-order bits of the address make up the network part of the address, and the rest constitutes the host part of the address. In addition, the host part of the address can be divided further to allow for a subnetwork address. For more detail on this addressing scheme, see the “IPv4 Address Classifications” and “Understanding Subnets” sections later in this chapter.

Some host addresses are reserved for special use. For example, in all network addresses, host numbers 0 and 255 are reserved. An IPv4 host address with all host bits set to 0 identifies the network itself; so 52.0.0.0 refers to network 52. An IP address with all host bits set to 255 is known as a broadcast address. The broadcast address for network 204.176 is 204.176.255.255. A datagram sent to this address is automatically sent to every individual host on the 204.176 network.

ARIN (American Registry of Internet Numbers) assigns and regulates IP addresses on the Internet; you can get one directly from ARIN, or you can ask your Internet service provider (ISP) to secure an IP address on your behalf. Another strategy is to obtain your address from ARIN and only use it internally until you are ready to connect to the Internet.

Note If you are setting up an intranet and you don’t want to connect to the outside world through the Internet, you don’t need to register the IP addresses you use on your intranet with ARIN. Registering your addresses with ARIN simply ensures that the addresses you propose to use are unique over the entire Internet. If you are never going to connect to the Internet, there's no reason to worry about whether those addresses are redundant with a computer that isn't even on your network.


IPv6
IPv6 was originally designed because the number of available unregistered IPv4 addresses was running low. Because IPv6 uses a 128-bit addressing scheme, it has more than 79 octillion (that’s 79,000,000,000,000,000,000,000,000,000 to you and me) times as many available addresses as IPv4. Also, instead of using binary digits or decimal digits, IPv6 uses eight sets of four hexadecimal digits, like so:

3FFE:0B00:0800:0002:0000:0000:0000:000C

In addition, you can abbreviate these very long addresses by dropping leading zeros (like the zero before the B in “0B00”). You can also drop any single grouping of zero octets (as in the number above) between numbers as long as you replace them with a double colon (::) and they are complete octets (you can’t drop the three zeros in the second octet to make it just “B” instead of “0B00,” for example). If you apply this rule (known as the zero compression rule) to the above address, it would make the example address look like so:

3FFE:0B00:0800:0002::000C

Warning You can’t use the zero compression rule to drop more than one grouping of zero octets. For example, you can’t make 3FFE:0000:0000:0002:0000:0000: 0000:000C into 3FFE::0002::000C. This is also part of the zero compression rule: There can be only one set of double colons!


As with IPv4, there are several addresses that are reserved for special uses. The IPv6 address ::/0 is the default address for a host (like 0.0.0.0 in IPv4). The address ::1/128 is reserved for the local loopback (like 127.0.0.1 in IPv4). IPv6 also includes provisions for the old IPv4 hosts so they can be migrated to the new addressing scheme. This is accomplished by using the address ::xxx.xxx.xxx.xxx where the last four sets of digits refer to the old IPv4 address.

The way a host is configured is one very unique aspect of the IPv6 addressing scheme. Instead of an IP address, subnet mask, and default gateway, each station is required to have three different addresses. First of all, the host has an address from each upstream supplier, a local address, and a link-local address. The local address is a number like ::1/128 that defines the local host. The link-local address is the address for the local subnet.

Finally, IPv6 has some other unique addressing concepts, like autoconfiguration (similar to DHCP, but extended further) and neighbor discovery, whereby the IPv6 host discovers its network surroundings.

Note For more information on IPv6, check out RFC 2373 at www.faqs.org/rfcs.


IPv4 Address Classifications
In the 32-bit IP address, the number of bits used to identify the network and the host vary according to the network class of the address. If you never connect your intranet to the outside world and the Internet, you have no need to concern yourself with this information. If you do plan to connect to the Internet (and to do well on the exam), you’ll need to know that the several classes are as follows:

Class A is used for very large networks only. The high-order bit in a Class A network is always 0, which leaves 7 bits available to define 127 networks. The remaining 24 bits of the address allow each Class A network to hold as many as 16,777,214 hosts. Examples of Class A networks include General Electric, IBM, Hewlett-Packard, Apple, Xerox, DEC, Columbia University, and MIT. All possible Class A networks are in use; no more are available.

Class B is used for medium-sized networks. The two high-order bits are always 10 (that’s “one zero”, not “ten”), and the remaining bits are used to define 16,384 networks, each with as many as 65,534 hosts attached. Examples of Class B networks include Microsoft and Exxon. All Class B networks are in use; no more of them are available.

Class C is for smaller networks. The three high-order bits are always 110, and the remaining bits are used to define 2,097,152 networks, but each network can have a maximum of only 254 hosts. Class C networks are still available.

Class D is a special multicast address and cannot be used for networks. The four high-order bits are always 1110, and the remaining 28 bits allow access to more than 268 million possible addresses.

Class E is reserved for experimental purposes. The first four bits in the address are always 1111.

Because the bits used to identify the class are combined with the bits that define the network address, we can draw the following conclusions from the size of the first octet, or byte, of the address:

A value of 126 or less indicates a Class A address. The first octet is the network number; the next three, the host address.

A value of exactly 127 is reserved as a loopback test address. If you send a message to 127.0.0.1, the Ping doesn’t actually generate any network traffic. It does, however, test that TCP/IP is installed correctly. Using this number as a special test address has the unfortunate effect of wasting more than 24 million possible IP addresses.

A value of 128 through 191 is a Class B address. The first two octets are the network number, and the last two are the host address.

A value of 192 through 223 is a Class C address. The first three octets are the network address, and the last octet is the host address.

A value greater than 223 indicates a reserved address.

Tip Three other special address types are 10.x.x.x, 192.168.xxx.xxx, and 172.16.x.x– 172.31.x.x. These addresses are specified in RFC 1918 as being available to anyone who wants to use IP addressing on a private network, but does not want to connect to the Internet. Private addresses are those addresses that are not routed by Internet routers. Public addresses are those IP addresses that will be passed by Internet routers. You can use this address without the risk of compromising someone else’s registered network address.

Understanding Subnets

The IP addressing scheme provides a flexible solution to the task of addressing thousands of networks, but it is not without problems. The original designers did not envision the Internet growing as large as it has; at that time, a 32-bit address seemed so large that they quickly divided it into different classes of networks to facilitate routing rather than reserving more bits to manage the growth in network addresses. (Who ever thought we would need a PC with more than 640KB of memory?) To solve this problem, and to create a large number of new network addresses, another way of dividing the 32-bit address was developed, called subnetting.

An IP subnet modifies the IP address by using host address bits as additional network address bits. In other words, the dividing line between the network address and the host address is moved to the right, thus creating additional networks but reducing the number of hosts that can belong to each network.

When IP networks are subnetted, they can be routed independently, which allows a much better use of address space and available bandwidth. To subnet an IP network, you define a bit mask, known as a subnet mask, in which a bit pattern cancels out unwanted bits so that only the bits of interest remain.

Working out subnet masks is one of the most complex tasks in network administration and is not for the faint of heart. If your network consists of a single segment (in other words, there are no routers on your network), you will not have to use this type of subnetting; but if you have two or more segments (or subnets), you will have to make some sort of provision for distributing IP addresses appropriately. Using a subnet mask is the way to do just that.

The subnet mask is similar in structure to an IP address in that it has four parts, or octets, but now it defines three elements (network, subnet, and host) rather than two (network and host). It works a bit like a template that, when superimposed on top of the IP address, indicates which bits in the IP address identify the network and which bits identify the host. If a bit is on (such as a 1) in the mask, that equivalent bit in the address is interpreted as a network bit. If a bit is off (such as a 0) in the mask, the bit is part of the host address. The 32-bit value is then converted to dotted decimal notation. In general, you will use only one subnet mask on your network.

A subnet is only known and understood locally; to the rest of the Internet, the address is still interpreted as a standard IP address. Table 3.2 shows how this works for the standard IP address classes.

Default Subnet Masks for Standard IP Address Classes
Class - Subnet Mask Bit Pattern - Subnet Mask
A - 11111111 00000000 00000000 00000000 - 255.0.0.0

B - 11111111 11111111 00000000 00000000 - 255.255.0.0

C - 11111111 11111111 11111111 00000000 - 255.255.255.0


Routers then use the subnet mask to extract the network portion of the address so that they can send the data packets along the proper route on the network.

Because all the Class A and Class B networks are taken, you are most likely to encounter subnet-related issues when working with a Class C network. In the next section, you’ll get a detailed look at how to subnet a Class C network.

Why Subnet?

When faced with the choice of whether or not to subnet your network, you must remember several of the advantages to subnetting. The following list summarizes the advantages of the subnetting solution.

It reduces the size of routing tables.

It minimizes network traffic.

It isolates networks from others.

It maximizes performance.

It optimizes IP address space.

It enhances the ability to secure a network.

Subnetting a Class C Network
How do you find out the values that you can use for a Class C network subnet mask? Remember from a previous discussion that InterNIC defines the leftmost three octets in the address, leaving you with the rightmost octet for your own network addresses. If your network consists of a single segment, you have the following subnet mask:

11111111 11111111 11111111 00000000
When expressed as a decimal number, this is:

255.255.255.0
Because all of your addresses must match these leftmost 24 bits, you can do what you’d like with the last 8 bits, given a couple of exceptions that we’ll look at in a moment.

You might decide to divide your network into two equally sized segments, with, for example, the numbers 1 through 127 as the first subnet (00000001 through 01111111 in binary), and the numbers 128 through 255 as the second subnet (10000000 through 11111111 in binary). Now the number inside the subnets can vary only in the last seven places, and the subnet mask becomes:

255.255.255.128
In binary this is:

11111111.11111111.11111111.10000000
Tip Use the Windows Calculator in scientific mode (choose View Ø Scientific) to look at binary-to-decimal and decimal-to-binary conversions. Click the Bin (binary) button and then type the bit pattern that you want to convert. Click the Dec (decimal) button to display its decimal value. You can also go the other way, and display a decimal number in binary form.


Now let’s get back to the exceptions mentioned earlier. The network number is the first number in each range, so the first subnet’s network number is X.Y.Z.0, and the second is X.Y.Z.128 (X, Y, and Z are the octets assigned by InterNIC). The default router address is the second number in each range—X.Y.Z.1 and X.Y.Z.129—and the broadcast address is the last address, or X.Y.Z.127 and X.Y.Z.255. You can use all the other addresses within the range, as you see fit, on your network.

Class C Network Divided into Four Subnets

Network Number - First Address - Broadcast Address
X.Y.Z.0 X.Y.Z.1 X.Y.Z.63

X.Y.Z.64 X.Y.Z.65 X.Y.Z.127

X.Y.Z.128 X.Y.Z.129 X.Y.Z.191

X.Y.Z.192 X.Y.Z.193 X.Y.Z.255

Class C Network Divided into Eight Subnets

Network Number - First Address - Broadcast Address
X.Y.Z.0 X.Y.Z.1 X.Y.Z.31

X.Y.Z.32 X.Y.Z.33 X.Y.Z.63

X.Y.Z.64 X.Y.Z.65 X.Y.Z.95

X.Y.Z.96 X.Y.Z.97 X.Y.Z.127

X.Y.Z.128 X.Y.Z.129 X.Y.Z.159

X.Y.Z.160 X.Y.Z.161 X.Y.Z.191

X.Y.Z.192 X.Y.Z.193 X.Y.Z.223

X.Y.Z.224 X.Y.Z.225 X.Y.Z.255

Classless Internetwork Domain Routing (CIDR)

InterNIC no longer gives out addresses under the Class A, B, or C designations. Instead, it uses a method called Classless Internetwork Domain Routing (or CIDR, which is usually pronounced “cider”). CIDR networks are described as “slash x” networks; the x represents the number of bits in the IP address range that InterNIC controls. This allows InterNIC to define networks that fall between the old classifications, which means that you can get a range of addresses much better suited to your needs than in times past. In CIDR terms, a network classified as a Class C network under the old scheme becomes a slash 24 network, because InterNIC controls the leftmost 24 bits and you control the rightmost 8 bits.

Examples of CIDR Network Types

InterNIC Network Type - Subnet Mask - Approximate Number of IP Addresses

slash 8 255.0.0.0 16,000,000

slash 12 255.240.0.0 1,000,000

slash 16 255.255.0.0 65,536

slash 20 255.255.240.0 4,096

slash 21 255.255.248.0 2,048

slash 22 255.255.252.0 1,024

slash 23 255.255.254.0 512

slash 24 255.255.255.0 256

slash 25 255.255.255.128 128

slash 26 255.255.255.192 64

slash 27 255.255.255.224 32

slash 28 255.255.255.240 16

slash 29 255.255.255.248 8

slash 30 255.255.255.252 4

Note You can also combine multiple Class C networks into a single network using this same designation system. This process is known as supernetting

IP Proxy Servers Explained

A proxy server is one of several solutions to the problems associated with connecting your intranet or corporate network to the Internet. A proxy server is a program that handles traffic to external host systems on behalf of the client software running on the protected network; this means that clients access the Internet through the proxy server. It’s a bit like those oneway mirrors—you can see out, but a potential intruder cannot see in.

Note Another mechanism used to monitor and control traffic between the Internet and an internal network is a firewall. Although the functions performed by proxy servers and firewalls are related and are starting to appear in combination products, they’ll be presented in different chapters here

A proxy server sits between a user on your network and a server out on the Internet. Instead of communicating with each other directly, each talks to the proxy (in other words, to a “stand-in”). From the user’s point of view, the proxy server presents the illusion that the user is dealing with a genuine Internet server. To the real server on the Internet, the proxy server gives the illusion that the real server is dealing directly with the user on the internal network. So a proxy server can be both a client and a server; it depends on which way you are facing. The point to remember here is that the user is never in direct contact with the Internet server

The proxy server does more than just forward requests from your users to the Internet and back. Because it examines and makes decisions about the requests that it processes, it can control what your users can do. Depending on the details of your security policy, client requests can be approved and forwarded, or they can be denied. And rather than requiring that the same restrictions be enforced for all users, many advanced proxy server packages can offer different capabilities to different users.

Warning A proxy server can be effective only if it is the only type of connection between an internal network and the Internet. As soon as you allow a connection that does not go through a proxy server, your network is at risk.


Proxy Server Caching
Many proxy servers can cache documents, which is particularly useful if a number of clients request the same document independently. With caching, the client request is filled more quickly, and Internet traffic is reduced. The types of caching are as follows:

Active Caching The proxy server uses periods of low activity to go out and retrieve documents that it thinks will be requested by clients in the near future.

Passive Caching The proxy server waits for a client to make a request, retrieves the document, and then decides whether or not to cache the document.

Note Some documents, such as those from a paid subscription service or those requiring specific authentication, cannot be cached.

Large companies may have multiple proxy servers, and two caching standards have emerged: Internet Cache Protocol and Cache Array Routing Protocol.

Internet Cache Protocol (ICP)
Internet Cache Protocol (ICP) specifies a message format to be used for communications between proxy servers; these messages are used to exchange information about the presence or absence of a specific web page in the proxy server cache. Unfortunately, ICP is not scalable, and the number of ICP messages exchanged between proxy servers climbs rapidly as the number of proxy servers increases.

Cache Array Routing Protocol (CARP)
Cache Array Routing Protocol (CARP) offers a solution to the ICP problem by using multiple proxy servers with a single large cache. CARP removes the need for proxy server–to–proxy server communications and also prevents the information in the cache from becoming redundant over time. CARP is referred to as queryless distributed caching and is supported in Netscape and Microsoft proxy server products.

Name Resolution Methods

Internet host names are used because they are easier to remember than the long dotted decimal IP addresses. Host names are typically the name of a device that has a specific IP address, and on the Internet are part of what is known as a Fully Qualified Domain Name (FQDN). An FQDN consists of a host name and a domain name.

Although we have Social Security numbers and can remember them when we need to do so, life would be difficult if we had to remember the Social Security numbers of all our friends and associates. We might be able to remember the Social Security numbers of as many as 10 friends and relatives, but after that, things would get a bit difficult. Likewise, it’s easier to remember www.microsoft.com than it is to remember 198.105.232.6.

The process of finding the host name for any given IP address is known as name resolution, which can be performed in several ways: a HOSTS file, DNS, and WINS. But before you read about that, you need to first understand Internet domains and how they are organized.


Internet Domain Organization
On the Internet, domains are arranged in a hierarchical tree structure. The seven top-level domains currently in use are:

com: A commercial organization. Most companies will end up as part of this domain.

edu: An educational establishment, such as a university.

gov: A branch of the U.S. government.

int: An international organization, such as NATO or the United Nations.

mil: A branch of the U.S. military.

net: A network organization.

org: A nonprofit organization.

Warning Unfortunately, the word domain is used in several ways, depending on the context. In talking about the Internet, a domain refers to a collection of network host computers.

Your local ISP is probably a member of the .net domain, and your company is probably part of the .com domain. The .gov and .mil domains are reserved strictly for use by the government and the military within the United States. In other parts of the world, the final part of a domain name represents the country in which the server is located (.ca for Canada, .jp for Japan, .uk for Great Britain, and .ru for Russia, for example). Well over 130 countries are represented on the Internet. The .com domain is by far the largest, followed by the .edu domain.

If you want to contact someone within one of these domains by e-mail, you just add that person’s e-mail name to their domain name, separated by an at (@) sign. For example, if you want to e-mail the Prime Minister of India, send your e-mail to this address: primeminister@india.gov.edu

To increase the number of domain names available for use—after all, there is only one mcdonalds.com domain name available—several alternative toplevel domains have been suggested. These include .firm for businesses and companies, .store for businesses selling goods rather than services, .arts for cultural and entertainment organizations, and .info for informational services.

InterNIC assigns all Internet domain names and makes sure that a name is not duplicated. Names are assigned on a first come, first served basis, but if you try to register a name that infringes on someone else’s registered trademark, your use of that name will be rescinded if the trademark holder objects.


Using HOSTS
Several automatic conversion systems are available to translate an IP address into a host name, and HOSTS is one of the simplest. You create a file called HOSTS and enter a line in the file for every system. Here’s an example:

198.34.56.25 myserver.com #My server's information
198.34.57.03 yourserver.com
Now comes the nasty part. You must store this ASCII file on every single workstation on your network; when you make a change, you must change the contents of the HOSTS file on every single workstation on your network. This is a simple but painful process inside a network. But what happens if you want to go outside of this network to other networks or to the Internet? The file size would be simply enormous. Fortunately, there are better solutions, as you will see in the next two sections.

Note Any information entered to the right of a pound sign in a HOSTS file is ignored, so you can use this space for comments.


Using DNS
The abbreviation DNS stands for Domain Name Service. You use DNS to translate host names and domain names to IP addresses, and vice versa, by means of a standardized lookup table that the network administrator defines and configures. The system works just like a giant telephone directory.

Suppose you are using your browser to surf the Web, and you enter the URL http://www.microsoft.com to go to the Microsoft home page. Your web browser then asks the TCP/IP protocol to ask the DNS server for the IP address of www.microsoft.com. When your web browser receives this address, it connects to the Microsoft web server and downloads the home page. DNS is an essential part of any TCP/IP network, because it simplifies the task of remembering addresses; all you have to do is simply remember the host name and domain name.

DNS tables are composed of records. Each record is composed of a host name, a record type, and an address. There are several record types, including the address record, the mail exchange record, and the CNAME record.

The address record, commonly known as the A record, maps a host name to an IP address. The example below shows the address record for a host called mail in the company.com domain:

mail.company.com. IN A 204.176.47.9
The mail exchange (MX) record points to the mail exchanger for a particular host. DNS is structured so that you can actually specify several mail exchangers for one host. This feature provides a higher probability that e-mail will actually arrive at its intended destination. The mail exchangers are listed in order in the record, with a priority code that indicates the order in which the mail exchangers should be accessed by other mail delivery systems.

If the first priority doesn’t respond in a given amount of time, the mail delivery system tries the second one, and so on. Here are some sample mail exchange records:

hostname.company.com. IN MX 10 mail.company.com.
hostname.company.com. IN MX 20 mail2.company.com.
hostname.company.com. IN MX 30 mail3.company.com.
In this example, if the first mail exchanger, mail.company.com, does not respond, the second one, mail2.company.com, is tried, and so on.

The CNAME record, or canonical name record, is also commonly known as the alias record and allows hosts to have more than one name. For example, your web server has the host name www, and you want that machine to also have the name ftp so that users can use FTP to easily manage web pages. You can accomplish this with a CNAME record. Assuming that you already have an address record established for the host name www, a CNAME record that adds ftp as a host name would look something like this:

www.company.com. IN A 204.176.47.2
ftp.company.com. IN CNAME www.company.com.
When you put all these record types together in a file, it’s called a DNS table, and it might look like this:

mail.company.com. IN A 204.176.47.9
mail2.company.com. IN A 204.176.47.21
mail3.company.com. IN A 204.176.47.89
yourhost.company.com. IN MX 10 mail.company.com.
yourhost.company.com. IN MX 20 mail2.company.com.
yourhost.company.com. IN MX 30 mail3.company.com.
www.company.com. IN A 204.176.47.2
ftp.company.com. IN CNAME www.company.com.
Note You can establish other types of records for specific purposes, but we won’t go into those in this book. DNS can become very complex very quickly, and entire books are dedicated to the DNS system.


Using WINS
WINS, or Windows Internet Naming Service, is an essential part of the Microsoft networking topology. But before we get into the discussion of WINS, we must define a few terms, including these two protocols—NetBIOS and NetBEUI.

NetBIOS (pronounced net-bye-os) is an acronym formed from network basic input/output system, a Session layer network protocol originally developed by IBM and Sytek to manage data exchange and network access. NetBIOS provides an API (application programming interface) with a consistent set of commands for requesting lower-level network services to transmit information from node to node, thus separating the applications from the underlying network operating system. Many vendors provide either their own version of NetBIOS or an emulation of its communications services in their products.

NetBEUI (pronounced net-boo-ee) is an acronym formed from Net-BIOS Extended User Interface, an implementation and extension of IBM’s NetBIOS transport protocol from Microsoft. NetBEUI communicates with the network through Microsoft’s NDIS (Network Driver Interface Specification). Today, NetBEUI is shipped with all versions of Microsoft’s operating systems and is generally considered to have a lot of overhead. NetBEUI also has no networking layer and therefore no routing capability, which means that it is suitable only for small networks; you cannot build internetworks with NetBEUI, and so it is often replaced with TCP/IP. Microsoft has added extensions to NetBEUI in Windows NT to remove the limitation of 254 sessions per node; this extended version of NetBEUI is called the NetBIOS Frame (NBF).

WINS is used in conjunction with TCP/IP and maps NetBIOS names to IP addresses. For example, you have a print server on your LAN that you have come to know as PrintServer1. In the past, to print to that server you needed only to remember its name and to select that name from a list. However, TCP/IP is a completely different protocol and doesn’t understand NetBIOS names; it therefore has no way of knowing the location of those servers or their addresses. That’s where WINS comes in.

Each time you access a network resource on a Windows NT network using TCP/IP, your system needs to know the host name or IP address. If WINS is installed, you can continue using the NetBIOS names that you have previously used to access the resources, because WINS provides the crossreference from name to address for you.

Note A NetBIOS name doesn’t always refer to just a machine. Several services on a machine can also have their own NetBIOS names.

When you install and configure TCP/IP, as described later in this chapter, you’ll see a place to specify the WINS server addresses. These addresses are stored with the configuration, and TCP/IP uses them to query for host names and addresses when necessary. WINS is similar to DNS in that it cross-references host names to addresses; however, as mentioned earlier, WINS references NetBIOS names to IP addresses, but DNS references TCP/IP host names to IP addresses.

Another major difference between WINS and DNS is that WINS builds its own reference tables dynamically, but you have to configure DNS manually. When a workstation running TCP/IP is booted and attached to the network, it uses the WINS address settings in the TCP/IP configuration to communicate with the WINS server. The workstation gives the WINS server various pieces of information about itself such as the NetBIOS host name, the actual username logged on to the workstation, and the workstation’s IP address. WINS stores this information for use on the network and periodically refreshes it to maintain accuracy.

Microsoft, however, has developed a new DNS record—called DNS Server—that allows the DNS server to work in perfect harmony with a WINS server. The Microsoft DNS Server software currently ships with Windows NT. Here’s how it works: When a DNS query returns a WINS record, the DNS server then asks the WINS server for the host name address. Thus, you need not build complex DNS tables to establish and configure name resolution on your server; Microsoft DNS relies entirely on WINS to tell it the addresses it needs to resolve. And because WINS builds its tables automatically, you don’t have to edit the DNS tables when addresses change; WINS takes care of this for you.

Note Network Address Translation (NAT) is the process of converting between the IP addresses used on a corporate intranet or other private network and Internet IP addresses. This process makes it possible to use a large number of addresses within the private network without depleting the limited number of available numeric IP addresses. NAT is usually performed within a router.


You can use both WINS and DNS on your network, or you can use one without the other. Your choice is determined by whether your network is connected to the Internet and whether your host addresses are dynamically assigned. When you are connected to the Internet, you must use DNS to resolve host names and addresses, because TCP/IP depends on DNS service for address resolution.

Configuring TCP/IP on Windows Workstations

You will now take a look at how you can configure a Windows client to use TCP/IP. The information in this section assumes that you already have Windows 98 or Windows NT Workstation running on the client.
If you are using Plug and Play network interface cards, Microsoft Windows may have already recognized your TCP/IP network, however, Windows has not automatically recognized your TCP/IP connection or if you want to look at or change some of the configuration settings, stay with this guide.

Note There is very little difference between installing TCP/IP on a Windows 98 client and installing TCP/IP on a Windows NT Workstation client; the dialog boxes you use are virtually identical. Windows 98 is used in the discussion that follows.

To begin installing TCP/IP, follow these steps:

Quote:

---

Choose Start - Settings - Control Panel Ø Network to open the Network dialog box, which lists all of the currently installed network components.

(Tip You can also right-click the Network Neighborhood icon on the Windows Desktop and select Properties from the Shortcut menu to open the Network dialog box.)

Click Add to open the Select Network Component Type dialog box.

Select Protocol from the list of network components, and click Add to open the Select Network Protocol dialog box. This dialog box lists the various software manufacturers and their respective networking protocols.

Select Microsoft from the list of manufacturers, and select TCP/IP from the Network Protocols list.

Click OK to continue.

When you click OK, Windows installs the Microsoft TCP/IP protocol and displays it in the list of networking components in the Network dialog box. Clicking OK completes the installation, and the system prompts you to restart the computer so the changes can take effect.

---

TCP/IP Properties
Many configuration settings are associated with TCP/IP. To look at or change them, follow these steps:

Quote:

---

Choose Start - Settings - Control Panel - Network to open the Network dialog box.

Select TCP/IP, and click the Properties button to open the TCP/IP Properties dialog box.

Across the top of the TCP/IP Properties dialog box, you will see several tabs that you can choose from, including:

IP Address
Bindings
Gateway
Advanced
WINS Configuration
DNS Configuration
NetBIOS (if used)

Each tab controls the settings associated with a specific aspect of using TCP/IP under Windows, and in the sections that follow, you’ll get a look at all the settings you can configure on these tabs. The settings that you use on your system will obviously depend on the configuration of that system and exactly how you intend to use it. And in certain circumstances, you may see other tabs in the TCP/IP Properties dialog box. For example, if you are using NetBIOS, you will see a tab that lets you use NetBIOS over TCP/IP.

---

The IP Address Tab
You use the IP Address tab, to specify an IP address for this client. If you accept the default option, Obtain an IP Address Automatically, your computer obtains this address from the Dynamic Host Configuration Protocol (DHCP) server on your network or from an ISP if you are connecting directly to the Internet. (You can read more about DHCP in the following “DHCP” sidebar.)

If you select Specify an IP Address, you can enter the appropriate IP address and subnet mask for use on this computer

Real World Scenario: Using DHCP

The primary reason for using DHCP is to centralize the management of IP addresses. When the DHCP service is used, pools of IP addresses are assigned for automatic distribution to client computers on an as-needed basis. The address pools are centralized on the DHCP server, allowing all IP addresses on your network to be administered from a single server. It should be apparent that this saves loads of time when changing the IP addresses on your network. Instead of running around to every workstation and server and resetting the IP address to a new address, you simply reset the IP address pool on the DHCP server. The next time the client machines are rebooted, they are assigned new addresses.

If the client workstation cannot locate the DHCP server on the network automatically, you will see an error message to that effect when you restart the client workstation.

DHCP can, however, manage much more than the IP addresses of client computers. It can also assign DNS servers, gateway addresses, subnet masks, and many other tasks.

In the Windows family of operating systems, only computers running Windows NT Server 3.51 or later can act as a DHCP server; a computer running Windows 98 cannot be a DHCP server. In the Novell world, NetWare 4.11 comes with DHCP as a standard service. In NetWare 5, this service is administered using a Java-based snap-in module for the administrator utility called the DNS/DHCP Management Console.

The Bindings Tab

The Bindings tab of the TCP/IP Properties dialog box displays the bindings available on the computer and also lets you select the ones you want to use. When you install a new protocol, Windows binds the new protocol to all possible client and service components. In some cases, certain network components may not work if you have the wrong protocol bindings selected, so make sure that the bindings shown reflect the appropriate protocol.

The Network Driver Interface Specification

The Network Driver Interface Specification (NDIS), originally developed by Microsoft and 3Com in 1990, is a device driver specification that is independent of both the underlying network hardware and the networking protocol in use.

NDIS also provides protocol multiplexing so that multiple protocol stacks can be used at the same time on the same computer

The Gateway Tab
You use the Gateway tab to specify the IP address of one or more of the gateway routers installed on your network. To enter the information for a new gateway, type the IP address in the New Gateway box and click the Add button. The IP address will appear in the Installed Gateways box of this dialog box.


Note Windows uses the first gateway listed in the Installed Gateways box as the default gateway. To remove an installed gateway, select it from the list in the Installed Gateways box and click Remove.

The Advanced Tab
You use the Advanced tab to specify that Windows should use this protocol as the default if no protocol has been selected. No other configurable properties are available in this tab.

The WINS Configuration Tab
Selecting Disable WINS Resolution in the WINS Configuration tab, turns off the use of WINS; this is the default setting

If you select Enable WINS Resolution, you can enter IP address values for the primary WINS server and for a secondary WINS server on your network if one is available. The system first tries to use the primary WINS server for name resolution, but if it can’t find the primary WINS server, it will try to locate a secondary WINS server.

The Scope ID field may contain a set of text characters if you have an internetwork connection that uses NetBIOS over TCP/IP. When all of the computers in a group share the same Scope ID, they are able to communicate with each other, but not with computers outside the group. In most cases, the Scope ID field is left blank.

At the bottom of this dialog box, you will see the option button Use DHCP for WINS Resolution. Click this button if you want to enable DHCP to set up the WINS configuration.

The DNS Configuration Tab
You use the DNS Configuration tab of the TCP/IP Properties dialog box, to enable or disable DNS. When DNS is enabled, you can enter information into the Host, Domain, DNS Server Search Order, and Domain Suffix Search Order fields.

The Host field contains the name of the local computer, usually the name used to configure networking services, but it can be different. The name can include a set of alphanumeric characters and a hyphen, and a period is used as a separator.

You know from earlier in this chapter that an FQDN consists of the name of the host followed by the domain name. For example, if the name of the local computer is wallaby, and the domain is sybek.com, the FQDN is wallaby.sybek.com.

The Domain field is optional and, if used, contains the name of the DNS domain to which this computer belongs.

Note The term “domain” is used in different ways in different contexts. The domain specified here for DNS is not the same domain as a Windows NT domain, an OS/2 LAN Server domain, or a LAN Manager domain.


The DNS Server Search Order field can contain the IP addresses of as many as three DNS servers that can be used for name resolution services. To add the IP address of a DNS server, type the IP address in the entry field and click Add. To delete an IP address from the list, select an IP address and click Remove.

The Domain Suffix Search Order field contains a list of domain suffixes that the system can use when creating an FQDN from a short name. The system adds the local domain name to the short name and queries the DNS server for name resolution. If the FQDN is not resolved, the system appends each successive domain suffix in this list to the short name and retries for name resolution. To add a domain suffix to the list, type the domain name you want to add and click Add. If you want to delete a domain name from the list, select it and click Remove.

Tip If a Windows 98 client does not respond to the network as you expect, run the Windows 98 Networking Troubleshooter as a first step in tracking down the problem.


The Windows Registry
All of this TCP/IP configuration information is stored in the Windows Registry database, along with lots of other hardware and software configuration information. You can change most of the TCP/IP parameters by using the Network applet in Control Panel as you have just seen. Certain parameters, however, such as Time to Live and the default Type of Service, can be changed only by using the Registry Editor ( regedit.exe on Windows 98 or regedit32 on Windows NT). If you change some of these Registry parameters without detailed knowledge of TCP/IP configuration parameters, you may affect the performance of TCP/IP on your system in an adverse and unexpected way.

Tip If you are configuring TCP/IP on a Windows NT Workstation client, and you want to know more, check out the Microsoft KnowledgeBase article Q120642 on the Microsoft website at www.microsoft.com. This article covers all the standard, optional, and nonconfigurable TCP/IP parameters, and describes which parameters are updated by using the Network applet in Control Panel and which are changed using the Registry Editor.

Virtual LANs (VLANs)

With the introduction of Ethernet switches, and their subsequent replacement of Ethernet hubs in corporate LAN environments, came the power to manage traffic flow much more efficiently and in many different ways. One of those ways was to allow users on different switch ports to participate in their own network separate from, but still connected to, the other stations on the same or connected switch. This “network-within-a-network” concept became known as Virtual LAN (VLAN) technology.

Let’s say, for example, that you have a 48-port Ethernet switch. If you have a group of users that constantly use a particular server and produce very large amounts of broadcast traffic, you might want to separate them onto their own segment. But, with VLAN-capable switches, you are able to modify the segmentation within the switch itself, thus saving you the expense of additional network hardware. To do this, you would use the switch management software to assign the ports on which those users and their server were working to their own VLAN. The VLAN for this group could be VLAN #1, for example, and the VLAN everyone else is assigned to could be VLAN #2. Users would still be able to communicate with each other and their respective servers (assuming a router was installed), but broadcast traffic would be isolated.

With large, enterprise-capable switches, this benefit is realized even more so. With hundreds of ports, you can segment the network any way you’d like, even on the fly and into many different segments.

Summary
In this chapter, you learned the basics and applications of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite. First of all, you learned how TCP/IP works and about the various parts that make up TCP/ IP. Then, you learned about the Transport Control Protocol, the first part of TCP/IP, and how it is used to transport data within TCP/IP. Following that, you learned how the Network layer protocol IP is used.

In addition to these two protocols, you also learned of the various application protocols (like SMTP, FTP, and HTTP) and how they worked. Relating very closely to that was the idea of ports and sockets for each protocol and how each port was mapped to a specific protocol or was specified for each.

One concept that gives many people trouble is the concept of TCP/IP addressing, which was covered in this chapter for both IPv4 and IPv6. Also, those addresses must be resolved into “friendly” names, which was covered in the “Name Resolution Methods” section.

Also in this chapter, you learned how to configure TCP/IP on a Windowsbased workstation and all the steps to do so. Finally, you learned about Virtual LAN (VLAN) technologies and how they work within a network.

To Be able to recognize the different protocols within TCP/IP and be able to define the purpose and function of protocols within TCP/IP. The TCP/IP stack is made up of several protocols, which each perform such functions as protocol transport, file access, file transfer, and mail transfer. Some of these protocols include TCP, SMTP, IP, NNTP, HTTP, and FTP.

Be able to define the function of common TCP and UDP ports. You should know how to coordinate protocol name and function with port number.

Know how to identify IP addresses (IP v4, IPv6) and their default subnet masks. IPv4 = xxx.xxx.xxx.xxx where xxx is a number from 0 to 255, the default subnet mask is 255.0.0.0 for a Class A address (IP range is 0.x.x.x to 126.x.x.x), 255.255.0.0 for a Class B (IP range is 128.x.x.x to 191), and 255.255.255.0 for a Class C (192.x.x.x to 223.x.x.x).

IPv6 = xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx where x is a hexadecimal digit. IPv6 has no default subnet mask.

Know how to identify the purposes of subnetting and default gateways. The purpose of subnetting is to divide a network into two or more segments, gaining more addressable segments from a single address space. Default gateways are configured so that a host has an address to send a packet to when it can’t figure out a route to the destination address.

Know how to identify the difference between public and private networks. Public networks are networks that are open to the general public and, as such, use valid IP addresses that can be “seen” by the general public. The Internet is an example of a public network. Private networks, on the other hand, use addresses that cannot be seen by the general public and are generally not available for public use. Your company’s LAN is an example of a private network.

Be able to describe the main characteristics of VLANs. Virtual LANs (VLANs) are a feature of network switches that allow machines on different physical network segments to be organized into a virtual segment, or VLAN.

thanx for the info