Introduction to Computer Networks
Introduction to Computer Networks DAT21203
Basic Computer Networks DAT21203
Hannes MasandigNordiana Kassim Syarizul Amri Mohd HafizIda AryanieRafizah M. Hanifa Center for Diploma Studies Universiti Tun Hussein Onn Malaysia
Center for Diploma Studies Universiti Tun Hussein Onn Malaysia
Introduction to Computer Networks
Basic Computer Networks DAT21203
Editors
Hj. Hannes Masandig
Centre for Doploma Studies Universiti Tun Hussein Onn Malaysia
FEB 2014
Introduction to Computer Networks
Preface Introduction to computer network is a course that gives students the basic knowledge related to computer networks. The course content includes: Basic network, local area network (LAN), wide area network (WAN), internetworking, Internet, network operating systems and introduction to advanced topics. The goal of this course is to expose students to the basic concepts of data communications and networking technologies. Thus at the end of the course, students will be able to:
Understanding computer networks and data communications basic. OSI and TCP/IP reference model LAN, WAN and its associated technologies Advance and emerging networks technologies
I hope that this material will be of benefits to the students. Selamat berjaya. None can be done without the will of Allah. Wslm
Hj. Hannes Masandig
[email protected] Diploma in Information Technology Centre for Diploma Studies Universiti Tun Hussein Onn Malaysia
Forwards I would like to congratulate to those ladies and gentlemen in completing this teaching and learning module book entitled "Introduction to Computer Networks" for the course of basic computer networks; designed specifically for the Department of Information Technology Diplomas’ students of Universiti Tun Hussein Onn Malaysia. In preparation of this module, it is also the intention of the university itself that this module will guide our students in better understanding of the course’s content.I strongly support all efforts related to teaching and learning such as this to make the centre for diploma studies well known and respected not only in Malaysia but also abroad. Our University is confident that one day this centre for diploma studies will be at par with the foreign diplomas. Finally, I also hope that with the module could motivate our students to move forward and make impressive mark upon IT industries. I would like to extend my congratulations to all of those who are involved in these efforts either directly or indirectly and May Allah rewards you handsomely in this world and the hereafter. Ameen! Congratulation and Thank you.
Assoc. Prof. Miswan Surip Head of Department. Diploma in Information Technology Centre for Diploma Studies Universiti Tun Hussein Onn Malaysia
ii
Evaluations
Assignment 10% Test Quiz Project Labs Final Exam
20% 5% 15% 10% 40%
References/ Text Book a. Stallings, W. 2005. Business Data Communications, 5th Edition, New York: Prentice Hall. b. McGraw-Hill. c. Stallings, W. 2004. Data and Computer Communication, 7th Edition, New York: MacMillan. d. Comer, D. D. R. 2004. Computer Networks and Internets with Internet Applications, New Jersey: Prentice Hall. e. Tanenbaum, A.S. 2003, Computer Networks, 4th Edition, New Jersey: Prentice Hall.
iii
Table of contents Forwards ............................................................................................. ii Evaluations ........................................................................................ iii References/ Text Book ....................................................................... iii 1.0 NETWORK BASIC ....................................................................... 1 Objectives ........................................................................................ 1 1.1 Introduction to Networks .......................................................... 1 1.2 Basic Concept ............................................................................ 1 1.3 Reference Models....................................................................... 4 1.4 Standard Organization: ............................................................ 7 1.5 Basic data communications .................................................... 11 2.0 LOCAL AREA NETWORK (LAN) ............................................. 28 Objectives ...................................................................................... 28 2.1 LAN Technology ...................................................................... 28 2.2 Network Topology ................................................................... 28 2.3 Addressing Equipment............................................................ 30 2.4 LAN Wiring ............................................................................. 35 2.5 Hardware Interface ................................................................. 44 2.6 Transmission Technology ....................................................... 44 2.7 IEEE 802.11: Media Access, components and hardware. ...... 45 2.8 Data Link layer: concepts, protocols and technologies used . 46 3.0 WIDE AREA NETWORK (WAN)............................................... 49 Objectives ...................................................................................... 49 3.1 Switching ................................................................................. 49
iv
3.2 PSTN ....................................................................................... 52 3.3 Point to Point Protocol (PPP).................................................. 52 3.4 Introduction to Integrated Services Digital Network (ISDN) 53 3.5 x.25 .......................................................................................... 54 3.6 Frame Relay ............................................................................ 54 3.7 ATM ......................................................................................... 55 3.8 Gigabit Ethernet ..................................................................... 56 4.0 INTERCONNECTING NETWORK DEVICES ......................... 57 Objectives ...................................................................................... 57 4.1 The Internetworking Devices: repeaters, Bridges, Routers, Switches and Gateways ................................................................ 57 4.2 Differences LAN and WAN ..................................................... 60 4.3 General Routing Concepts ...................................................... 63 4.4 Address Internet / IP Addressing ........................................... 64 Understanding IP Addresses ........................................................ 65 Network Masks ............................................................................. 68 4.5 Subnet...................................................................................... 68 Understanding Subnetting ........................................................... 68 4.6 Transport Layer: The functions and protocols ....................... 73 4.7 Session Layer: The functions and protocols ........................... 76 4.8 Presentation Layer: The functions and protocols .................. 78 5.0 INTERNET ................................................................................. 80 Objectives ...................................................................................... 80 5.1 Protocol TCP / IP ..................................................................... 80 5.2 Internet structure ................................................................... 86 5.3 Internet address ...................................................................... 91 5.4 Internet Applications .............................................................. 95
v
5.5 E-Commerce ............................................................................ 98 5.6 Internet programming language. ......................................... 100 6.0 NETWORK OPERATING SYSTEM ........................................ 104 Objectives .................................................................................... 104 6.1 Network Operating System .................................................. 104 6.2 Types of Operating Systems ................................................. 104 7.0 ADVANCED TOPICS ............................................................... 124 Objectives .................................................................................... 124 7.1 Design and Installation Network ......................................... 124 7.2 Monitoring Network .............................................................. 150 7.3 Network Management Protocol (SNMP) .............................. 151 7.4 Network Security .................................................................. 152 7.5 Future networking technologies ........................................... 157
vi
1.0 NETWORK BASIC Objectives This introductory chapter covers; Network Concept: Configuration, Topology, Transmission Mode, Network Type Network Reference Models and Standard Organization Basic data communications
1.1 Introduction to Networks A computer network, or simply a network, is a collection of computers and other hardware interconnected by communication channels that allow sharing of resources and information. When one process in one device is able to send/receive data to/from one process residing in a remote device, the two devices are said to be networked. A network is a group of devices connected to each other. Networks may be classified into a wide variety of characteristics: the medium used to transport the data, communications protocol used, scale, topology, benefit, and organizational scope. Communication protocols define the rules and data formats for exchanging information in a computer network, providing the basis for network programming. Well-known communications protocols include Ethernet, a hardware and link layer standard that is ubiquitous in local area networks, and the Internet protocol suite, which defines a set of protocols for internetworking (i.e. data communication between multiple networks), for host-to-host data transfer, and for application-specific data transmission formats. 1.2 Basic Concept Network Configuration Network Configuration describes a broad range of activities associated with establishing and maintaining a data network. Network Configuration encompasses issues relating to enabling protocols from a software
1
perspective, and issues relating to routers, switches and firewalls from a hardware perspective. Topology Network topology is the arrangement of the various elements (links, nodes, etc.) of a computer or biological network. Essentially, it is the topologica structure of a network, and may be depicted physically or logically. Physical topology refers to the placement of the network's various components, including device location and cable installation, while logical topology shows how data flows within a network, regardless of its physical design. Distances between nodes, physical interconnections, transmission rates, and/or signal types may differ between two networks, yet their topologies may be identical. A good example is a local area network (LAN): Any given node in the LAN has one or more physical links to other devices in the network; graphically mapping these links results in a geometric shape that can be used to describe the physical topology of the network. Conversely, mapping the data flow between the components determines the logical topology of the network.
Transmission Mode A given transmission on a communications channel between two machines can occur in several different ways. The transmission is characterized by:
the direction of the exchanges the transmission mode: the number of bits sent simultaneously synchronization between the transmitter and receiver
Network Type One way to categorize the different types of computer network designs is by their scope or scale. For historical reasons, the networking industry refers to nearly every type of design as some kind of area network. Common examples of area network types are:
LAN - Local Area Network WLAN - Wireless Local Area Network WAN - Wide Area Network
2
MAN - Metropolitan Area Network SAN - Storage Area Network, System Area Network, Server Area Network, or sometimes Small Area Network CAN - Campus Area Network, Controller Area Network, or sometimes Cluster Area Network PAN - Personal Area Network DAN - Desk Area Network
LAN and WAN were the original categories of area networks, while the others have gradually emerged over many years of technology evolution. Note that these network types are a separate concept from network topologies such as bus, ring and star.
LAN - Local Area Network A LAN connects network devices over a relatively short distance. A networked office building, school, or home usually contains a single LAN, though sometimes one building will contain a few small LANs (perhaps one per room), and occasionally a LAN will span a group of nearby buildings. In TCP/IP networking, a LAN is often but not always implemented as a single IP subnet. In addition to operating in a limited space, LANs are also typically owned, controlled, and managed by a single person or organization. They also tend to use certain connectivity technologies, primarily Ethernet and Token Ring.
WAN - Wide Area Network As the term implies, a WAN spans a large physical distance. The Internet is the largest WAN, spanning the Earth. A WAN is a geographically-dispersed collection of LANs. A network device called a router connects LANs to a WAN. In IP networking, the router maintains both a LAN address and a WAN address. A WAN differs from a LAN in several important ways. Most WANs (like the Internet) are not owned by any one organization but rather exist under collective or distributed ownership and management. WANs tend to use
3
technology like ATM, Frame Relay and X.25 for connectivity over the longer distances. 1.3 Reference Models OSI According to the ISO standards, networks have been divided into 7 layers depending on the complexity of the functionality each of these layers provide. The detailed description of each of these layers is given in the notes below. We will first list the layers as defined by the standard in the increasing order of function complexity:
4
OSI
TCP/IP
Layer 7 - Application: The Application layer provides services to the software through which the user requests network services. This layer is not nor does it contain any applications, and your computer application software is not on this layer. In other words, a program like Microsoft Word does not exist at this layer, but browsers, FTP clients and mail clients do. Layer 6 - Presentation: This layer is concerned with data representation and code formatting. Layer 5 - Session: The Session layer establishes, maintains, and manages the communication session between computers. Layer 4 - Transport: The functions defined in this layer provide for the reliable transmission of data segments as well as the disassembly and assembly of the data before and after transmission.
5
Layer 3 - Network: This is the layer on which routing takes place. The Network layer defines the processes used to route data across the network and the structure and use of logical addressing. Layer 2 - Data Link: As its name suggests, this layer is concerned with the linkages and mechanisms used to move data about the network, including the topology, such as Ethernet or Token Ring, and also deals with the ways in which data is reliably transmitted.
Layer 1 - Physical: The Physical layer's name says it all. This layer defines the electrical and physical specifications for the networking media that carry the data bits across a network.
TCP/IP TCP/IP is actually a suite, or stack, of protocols that interconnect and work together to provide for reliable and efficient data communications across an internetwork. How the TCP/IP Protocol Stack Maps to the OSI Model
OSI Layers
TCP/IP Protocols
Application, Presentation, Session Transport Network Data Link, Physical
Telnet, FTP, SMTP, SNMP, DNS, HTTP TCP, UDP IP, ICMP, ARP, RARP Ethernet, Token Ring, FDDI*
6
* These are networking technologies that function at the Data Link and Physical layers. They aren't TCP/IP protocols or a part of the TCP/IP protocol stack.
1.4 Standard Organization: ANSI The American National Standards Institute (ANSI, pron.: /ˈænsiː/ an-see) is a private non-profit organization that oversees the development of voluntary consensus standards for products, services, processes, systems, and personnel in the United States. The organization also coordinates U.S. standards with international standards so that American products can be used worldwide. For example, standards ensure that people who own cameras can find the film they need for that camera anywhere around the globe. ANSI accredits standards that are developed by representatives of other standards organizations, government agencies, consumer groups, companies, and others. These standards ensure that the characteristics and performance of products are consistent, that people use the same definitions and terms, and that products are tested the same way. ANSI also accredits organizations that carry out product or personnel certification in accordance with requirements defined in international standards.[3] IEEE The Institute of Electrical and Electronics Engineers (IEEE, read I-Triple-E) is a professional association headquartered in New York City that is dedicated to advancing technological innovation and excellence. It has more than 400,000 members in more than 160 countries, about 51.4% of whom reside in the United States.[2][3] The IEEE is incorporated under the Not-for-Profit Corporation Law of the state of New York in the United States.[4] It was formed in 1963 by the merger of the Institute of Radio Engineers (IRE, founded 1912) and the American Institute of Electrical Engineers (AIEE, founded 1884). The major interests of the AIEE were wire communications (telegraphy and telephony) and light and power systems. The IRE concerned mostly radio engineering, and was formed from two smaller organizations, the Society of Wireless and Telegraph Engineers and the Wireless Institute. With the rise of 7
electronics in the 1930s, electronics engineers usually became members of the IRE, but the applications of electron tube technology became so extensive that the technical boundaries differentiating the IRE and the AIEE became difficult to distinguish. After World War II, the two organizations became increasingly competitive, and in 1961, the leadership of both the IRE and the AIEE resolved to consolidate the two organizations. The two organizations formally merged as the IEEE on January 1, 1963. Notable presidents of IEEE and its founding organizations include Elihu Thomson (AIEE, 1889–1890), Alexander Graham Bell (AIEE, 1891–1892), Charles Proteus Steinmetz (AIEE, 1901–1902), Lee De Forest (IRE, 1930), Frederick E. Terman (IRE, 1941), William R. Hewlett (IRE, 1954), Ernst Weber (IRE, 1959; IEEE, 1963), and Ivan Getting (IEEE, 1978). IEEE's Constitution defines the purposes of the organization as "scientific and educational, directed toward the advancement of the theory and practice of Electrical, Electronics, Communications and Computer Engineering, as well as Computer Science, the allied branches of engineering and the related arts and sciences."[1] In pursuing these goals, the IEEE serves as a major publisher of scientific journals and organizer of conferences, workshops, and symposia (many of which have associated published proceedings). It is also a leading standards development organization for the development of industrial standards (having developed over 900 active industry technical standards) in a broad range of disciplines, including electric power and energy, biomedical technology and healthcare, information technology, information assurance, telecommunications, consumer electronics, transportation, aerospace, and nanotechnology. IEEE develops and participates in educational activities such as accreditation of electrical engineering programs in institutes of higher learning. The IEEE logo is a diamond-shaped design which illustrates the right hand grip rule embedded in Benjamin Franklin's kite, and it was created at the time of the 1963 merger.[5] IEEE has a dual complementary regional and technical structure – with organizational units based on geography (e.g., the IEEE Philadelphia Section, IEEE South Africa Section [1]) and technical focus (e.g., the IEEE Computer Society). It manages a separate organizational unit (IEEE-USA) which recommends policies and implements programs specifically intended to benefit the members, the profession and the public in the United States.
8
The IEEE includes 38 technical Societies, organized around specialized technical fields, with more than 300 local organizations that hold regular meetings. The IEEE Standards Association is in charge of the standardization activities of the IEEE. ISO The International Organization for Standardization, widely known as ISO, is an international standard-setting body composed of representatives from various national standards organizations. Founded on February 23, 1947, the organization promotes worldwide proprietary, industrial, and commercial standards. It has its headquarters in Geneva, Switzerland.
IEC The International Electrotechnical Commission[1] (IEC; Commission électrotechnique internationale (CEI), in French) is a non-profit, nongovernmental international standards organization that prepares and publishes International Standards for all electrical, electronic and related technologies – collectively known as "electrotechnology". IEC standards cover a vast range of technologies from power generation, transmission and distribution to home appliances and office equipment, semiconductors, fibre optics, batteries, solar energy, nanotechnology and marine energy as well as many others. The IEC also manages three global conformity assessment systems that certify whether equipment, system or components conform to its International Standards. The IEC charter embraces all electrotechnologies including energy production and distribution, electronics, magnetics and electromagnetics, electroacoustics, multimedia and telecommunication, as well as associated general disciplines such as terminology and symbols, electromagnetic compatibility (by its Advisory Committee on Electromagnetic Compatibility, ACEC), measurement and performance, dependability, design and development, safety and the environment.
9
IAB The Internet Architecture Board (IAB) is the committee charged with oversight of the technical and engineering development of the Internet by the Internet Society (ISOC). It oversees a number of Task Forces, of which the most important are the Internet Engineering Task Force (IETF) and the Internet Research Task Force (IRTF). The body which eventually became the IAB was created originally by the United States Department of Defense's Defense Advanced Research Projects Agency with the name Internet Configuration Control Board during 1979; it eventually became the Internet Advisory Board during September, 1984, and then the Internet Activities Board during May, 1986 (the name was changed, while keeping the same acronym). It finally became the Internet Architecture Board, under ISOC, during January, 1992, as part of the Internet's transition from a U.S.-government entity to an international, public entity.
The IAB's current responsibilities include Architectural Oversight: The IAB provides oversight of, and occasional commentary on, aspects of the architecture for the network protocols and procedures used by the Internet. Standards Process Oversight and Appeal: The IAB provides oversight of the process used to create Internet Standards. The IAB serves as an appeal board for complaints of improper execution of the standards process, through acting as an appeal body in respect of an Internet Engineering Steering Group (IESG) standards decision. Request for Comments series: The IAB is responsible for editorial management and publication of the Request for Comments (RFC) document series. Internet Assigned Numbers Authority: In conjunction with the Internet Corporation for Assigned Names and Numbers (ICANN), the IAB is responsible for administration of the assignment of IETF protocol parameter values by the Internet Assigned Numbers Authority (IANA).
10
External Liaison: The IAB acts as representative of the interests of the IETF in liaison relationships with other organizations concerned with standards and other technical and organizational issues relevant to the worldwide Internet. Advice to the Internet Society: The IAB acts as a source of advice and guidance to the Board of Trustees and Officers of ISOC concerning technical, architectural, procedural, and (where appropriate) policy matters pertaining to the Internet and its enabling technologies. Internet Engineering Steering Group Confirmation: The IAB confirms the IETF Chair and IESG Area Directors, from nominations provided by the IETF Nominating Committee. Internet Research Task Force Chair: The IAB selects a chair of the IRTF for a renewable two year term
1.5 Basic data communications What is Data Communications? The distance over which data moves within a computer may vary from a few thousandths of an inch, as is the case within a single IC chip, to as much as several feet along the backplane of the main circuit board. Over such small distances, digital data may be transmitted as direct, two-level electrical signals over simple copper conductors. Except for the fastest computers, circuit designers are not very concerned about the shape of the conductor or the analog characteristics of signal transmission. Frequently, however, data must be sent beyond the local circuitry that constitutes a computer. In many cases, the distances involved may be enormous. Unfortunately, as the distance between the source of a message and its destination increases, accurate transmission becomes increasingly difficult. This results from the electrical distortion of signals traveling through long conductors, and from noise added to the signal as it propagates through a transmission medium. Although some precautions must be taken for data exchange within a computer, the biggest problems occur when data is transferred to devices outside the computer's circuitry. In this case, distortion and noise can become so severe that information is lost. Data Communications concerns the transmission of digital messages to devices external to the message source. "External" devices are generally
11
thought of as being independently powered circuitry that exists beyond the chassis of a computer or other digital message source. As a rule, the maximum permissible transmission rate of a message is directly proportional to signal power, and inversely proportional to channel noise. It is the aim of any communications system to provide the highest possible transmission rate at the lowest possible power and with the least possible noise. Communications Channels A communications channel is a pathway over which information can be conveyed. It may be defined by a physical wire that connects communicating devices, or by a radio, laser, or other radiated energy source that has no obvious physical presence. Information sent through a communications channel has a source from which the information originates, and a destination to which the information is delivered. Although information originates from a single source, there may be more than one destination, depending upon how many receive stations are linked to the channel and how much energy the transmitted signal possesses. In a digital communications channel, the information is represented by individual data bits, which may be encapsulated into multibit message units. A byte, which consists of eight bits, is an example of a message unit that may be conveyed through a digital communications channel. A collection of bytes may itself be grouped into a frame or other higher-level message unit. Such multiple levels of encapsulation facilitate the handling of messages in a complex data communications network. Any communications channel has a direction associated with it:
The message source is the transmitter, and the destination is the receiver. A channel whose direction of transmission is unchanging is referred to as a
12
simplex channel. For example, a radio station is a simplex channel because it always transmits the signal to its listeners and never allows them to transmit back. A half-duplex channel is a single physical channel in which the direction may be reversed. Messages may flow in two directions, but never at the same time, in a half-duplex system. In a telephone call, one party speaks while the other listens. After a pause, the other party speaks and the first party listens. Speaking simultaneously results in garbled sound that cannot be understood.
A full-duplex channel allows simultaneous message exchange in both directions. It really consists of two simplex channels, a forward channel and a reverse channel, linking the same points. The transmission rate of the reverse channel may be slower if it is used only for flow control of the forward channel. Serial Communications Most digital messages are vastly longer than just a few bits. Because it is neither practical nor economic to transfer all bits of a long message simultaneously, the message is broken into smaller parts and transmitted sequentially. Bit-serial transmission conveys a message one bit at a time through a channel. Each bit represents a part of the message. The individual bits are then reassembled at the destination to compose the message. In general, one channel will pass only one bit at a time. Thus, bit-serial transmission is necessary in data communications if only a single channel is available. Bit-serial transmission is normally just called serial transmission and is the chosen communications method in many computer peripherals. Byte-serial transmission conveys eight bits at a time through eight parallel channels. Although the raw transfer rate is eight times faster than in bitserial transmission, eight channels are needed, and the cost may be as much as eight times higher to transmit the message. When distances are short, it may nonetheless be both feasible and economic to use parallel channels in return for high data rates. The popular Centronics printer interface is a case where byte-serial transmission is used. As another example, it is common practice to use a 16-bit-wide data bus to transfer data between a microprocessor and memory chips; this provides the equivalent of 16 parallel
13
channels. On the other hand, when communicating with a timesharing system over a modem, only a single channel is available, and bit-serial transmission is required. This figure illustrates these ideas:
The baud rate refers to the signalling rate at which data is sent through a channel and is measured in electrical transitions per second. In the EIA232 serial interface standard, one signal transition, at most, occurs per bit, and the baud rate and bit rate are identical. In this case, a rate of 9600 baud corresponds to a transfer of 9,600 data bits per second with a bit period of 104 microseconds (1/9600 sec.). If two electrical transitions were required for each bit, as is the case in non-return-to-zero coding, then at a rate of 9600 baud, only 4800 bits per second could be conveyed. The channel efficiency is the number of bits of useful information passed through the channel per second. It does not include framing, formatting, and error detecting bits that may be added to the information bits before a message is transmitted, and will always be less than one.
The data rate of a channel is often specified by its bit rate (often thought erroneously to be the same as baud rate). However, an equivalent measure channel capacity is bandwidth. In general, the maximum data rate a channel
14
can support is directly proportional to the channel's bandwidth and inversely proportional to the channel's noise level. A communications protocol is an agreed-upon convention that defines the order and meaning of bits in a serial transmission. It may also specify a procedure for exchanging messages. A protocol will define how many data bits compose a message unit, the framing and formatting bits, any error-detecting bits that may be added, and other information that governs control of the communications hardware. Channel efficiency is determined by the protocol design rather than by digital hardware considerations. Note that there is a tradeoff between channel efficiency and reliability - protocols that provide greater immunity to noise by adding error-detecting and -correcting codes must necessarily become less efficient. Asynchronous vs. Synchronous Transmission Serialized data is not generally sent at a uniform rate through a channel. Instead, there is usually a burst of regularly spaced binary data bits followed by a pause, after which the data flow resumes. Packets of binary data are sent in this manner, possibly with variable-length pauses between packets, until the message has been fully transmitted. In order for the receiving end to know the proper moment to read individual binary bits from the channel, it must know exactly when a packet begins and how much time elapses between bits. When this timing information is known, the receiver is said to be synchronized with the transmitter, and accurate data transfer becomes possible. Failure to remain synchronized throughout a transmission will cause data to be corrupted or lost. Two basic techniques are employed to ensure correct synchronization. In synchronous systems, separate channels are used to transmit data and timing information. The timing channel transmits clock pulses to the receiver. Upon receipt of a clock pulse, the receiver reads the data channel and latches the bit value found on the channel at that moment. The data channel is not read again until the next clock pulse arrives. Because the transmitter originates both the data and the timing pulses, the receiver will read the data channel only when told to do so by the transmitter (via the clock pulse), and synchronization is guaranteed. Techniques exist to merge the timing signal with the data so that only a single channel is required. This is especially useful when synchronous
15
transmissions are to be sent through a modem. Two methods in which a data signal is self-timed are nonreturn-to-zero and biphase Manchester coding. These both refer to methods for encoding a data stream into an electrical waveform for transmission. In asynchronous systems, a separate timing channel is not used. The transmitter and receiver must be preset in advance to an agreed-upon baud rate. A very accurate local oscillator within the receiver will then generate an internal clock signal that is equal to the transmitter's within a fraction of a percent. For the most common serial protocol, data is sent in small packets of 10 or 11 bits, eight of which constitute message information. When the channel is idle, the signal voltage corresponds to a continuous logic '1'. A data packet always begins with a logic '0' (the start bit) to signal the receiver that a transmission is starting. The start bit triggers an internal timer in the receiver that generates the needed clock pulses. Following the start bit, eight bits of message data are sent bit by bit at the agreed upon baud rate. The packet is concluded with a parity bit and stop bit. One complete packet is illustrated below:
The packet length is short in asynchronous systems to minimize the risk that the local oscillators in the receiver and transmitter will drift apart. When high-quality crystal oscillators are used, synchronization can be guaranteed over an 11-bit period. Every time a new packet is sent, the start bit resets the synchronization, so the pause between packets can be arbitrarily long. Note
16
that the EIA232 standard defines electrical, timing, and mechanical characteristics of a serial interface. However, it does not include the asynchronous serial protocol shown in the previous figure, or the ASCII alphabet described next. The ASCII Character Set Characters sent through a serial interface generally follow the ASCII (American Standard Code for Information Interchange) character standard:
This standard relates binary codes to printable characters and control codes. Fully 25 percent of the ASCII character set represents nonprintable control codes, such as carriage return (CR) and line feed (LF). Most modern character-oriented peripheral equipment abides by the ASCII standard, and thus may be used interchangeably with different computers. Parity and Checksums Noise and momentary electrical disturbances may cause data to be changed as it passes through a communications channel. If the receiver fails to detect this, the received message will be incorrect, resulting in possibly serious consequences. As a first line of defense against data errors, they must be detected. If an error can be flagged, it might be possible to request that the faulty packet be resent, or to at least prevent the flawed data from being taken as correct. If sufficient redundant information is sent, one- or two-bit 17
errors may be corrected by hardware within the receiver before the corrupted data ever reaches its destination. A parity bit is added to a data packet for the purpose of error detection. In the even-parity convention, the value of the parity bit is chosen so that the total number of '1' digits in the combined data plus parity packet is an even number. Upon receipt of the packet, the parity needed for the data is recomputed by local hardware and compared to the parity bit received with the data. If any bit has changed state, the parity will not match, and an error will have been detected. In fact, if an odd number of bits (not just one) have been altered, the parity will not match. If an even number of bits have been reversed, the parity will match even though an error has occurred. However, a statistical analysis of data communication errors has shown that a singlebit error is much more probable than a multibit error in the presence of random noise. Thus, parity is a reliable method of error detection.
Another approach to error detection involves the computation of a checksum. In this case, the packets that constitute a message are added arithmetically. A checksum number is appended to the packet sequence so that the sum of data plus checksum is zero. When received, the packet sequence may be added, along with the checksum, by a local microprocessor. If the sum is nonzero, an error has occurred. As long as the sum is zero, it is highly unlikely (but not impossible) that any data has been corrupted during transmission.
Errors may not only be detected, but also corrected if additional code is added to a packet sequence. If the error probability is high or if it is not possible to
18
request retransmission, this may be worth doing. However, including errorcorrecting code in a transmission lowers channel efficiency, and results in a noticeable drop in channel throughput. Data Compression If a typical message were statistically analyzed, it would be found that certain characters are used much more frequently than others. By analyzing a message before it is transmitted, short binary codes may be assigned to frequently used characters and longer codes to rarely used characters. In doing so, it is possible to reduce the total number of characters sent without altering the information in the message. Appropriate decoding at the receiver will restore the message to its original form. This procedure, known as data compression, may result in a 50 percent or greater savings in the amount of data transmitted. Even though time is necessary to analyze the message before it is transmitted, the savings may be great enough so that the total time for compression, transmission, and decompression will still be lower than it would be when sending an uncompressed message. Some kinds of data will compress much more than others. Data that represents images, for example, will usually compress significantly, perhaps by as much as 80 percent over its original size. Data representing a computer program, on the other hand, may be reduced only by 15 or 20 percent. A compression method called Huffman coding is frequently used in data communications, and particularly in fax transmission. Clearly, most of the image data for a typical business letter represents white paper, and only about 5 percent of the surface represents black ink. It is possible to send a single code that, for example, represents a consecutive string of 1000 white pixels rather than a separate code for each white pixel. Consequently, data compression will significantly reduce the total message length for a faxed business letter. Were the letter made up of randomly distributed black ink covering 50 percent of the white paper surface, data compression would hold no advantages. Data Encryption Privacy is a great concern in data communications. Faxed business letters can be intercepted at will through tapped phone lines or intercepted microwave transmissions without the knowledge of the sender or receiver. To increase
19
the security of this and other data communications, including digitized telephone conversations, the binary codes representing data may be scrambled in such a way that unauthorized interception will produce an indecipherable sequence of characters. Authorized receive stations will be equipped with a decoder that enables the message to be restored. The process of scrambling, transmitting, and descrambling is known as encryption. Custom integrated circuits have been designed to perform this task and are available at low cost. In some cases, they will be incorporated into the main circuitry of a data communications device and function without operator knowledge. In other cases, an external circuit is used so that the device, and its encrypting/decrypting technique, may be transported easily. Data Storage Technology Normally, we think of communications science as dealing with the contemporaneous exchange of information between distant parties. However, many of the same techniques employed in data communications are also applied to data storage to ensure that the retrieval of information from a storage medium is accurate. We find, for example, that similar kinds of errorcorrecting codes used to protect digital telephone transmissions from noise are also used to guarantee correct readback of digital data from compact audio disks, CD-ROMs, and tape backup systems. Data Transfer in Digital Circuits Data is typically grouped into packets that are either 8, 16, or 32 bits long, and passed between temporary holding units called registers. Data within a register is available in parallel because each bit exits the register on a separate conductor. To transfer data from one register to another, the output conductors of one register are switched onto a channel of parallel wires referred to as a bus. The input conductors of another register, which is also connected to the bus, capture the information:
20
Following a data transaction, the content of the source register is reproduced in the destination register. It is important to note that after any digital data transfer, the source and destination registers are equal; the source register is not erased when the data is sent. The transmit and receive switches shown above are electronic and operate in response to commands from a central control unit. It is possible that two or more destination registers will be switched on to receive data from a single source. However, only one source may transmit data onto the bus at any time. If multiple sources were to attempt transmission simultaneously, an electrical conflict would occur when bits of opposite value are driven onto a single bus conductor. Such a condition is referred to as a bus contention. Not only will a bus contention result in the loss of information, but it also may damage the electronic circuitry. As long as all registers in a system are linked to one central control unit, bus contentions should never occur if the circuit has been designed properly. Note that the data buses within a typical microprocessor are funda-mentally half-duplex channels.
21
Transmission over Short Distances (< 2 feet) When the source and destination registers are part of an integrated circuit (within a microprocessor chip, for example), they are extremely close (thousandths of an inch). Consequently, the bus signals are at very low power levels, may traverse a distance in very little time, and are not very susceptible to external noise and distortion. This is the ideal environment for digital communications. However, it is not yet possible to integrate all the necessary circuitry for a computer (i.e., CPU, memory, disk control, video and display drivers, etc.) on a single chip. When data is sent off-chip to another integrated circuit, the bus signals must be amplified and conductors extended out of the chip through external pins. Amplifiers may be added to the source register:
Bus signals that exit microprocessor chips and other VLSI circuitry are electrically capable of traversing about one foot of conductor on a printed circuit board, or less if many devices are connected to it. Special buffer circuits may be added to boost the bus signals sufficiently for transmission over several additional feet of conductor length, or for distribution to many other chips (such as memory chips). Noise and Electrical Distortion Because of the very high switching rate and relatively low signal strength found on data, address, and other buses within a computer, direct extension of the buses beyond the confines of the main circuit board or plug-in boards 22
would pose serious problems. First, long runs of electrical conductors, either on printed circuit boards or through cables, act like receiving antennas for electrical noise radiated by motors, switches, and electronic circuits:
Such noise becomes progressively worse as the length increases, and may eventually impose an unacceptable error rate on the bus signals. Just a single bit error in transferring an instruction code from memory to a microprocessor chip may cause an invalid instruction to be introduced into the instruction stream, in turn causing the computer to totally cease operation. A second problem involves the distortion of electrical signals as they pass through metallic conductors. Signals that start at the source as clean, rectangular pulses may be received as rounded pulses with ringing at the rising and falling edges:
These effects are properties of transmission through metallic conductors, and become more pronounced as the conductor length increases. To compensate for distortion, signal power must be increased or the transmission rate decreased. Special amplifier circuits are designed for transmitting direct (unmodulated) digital signals through cables. For the relatively short distances between components on a printed circuit board or along a computer backplane, the amplifiers are in simple IC chips that operate from standard +5v power. The normal output voltage from the amplifier for logic '1' is slightly higher than 23
the minimum needed to pass the logic '1' threshold. Correspondingly for logic '0', it is slightly lower. The difference between the actual output voltage and the threshold value is referred to as the noise margin, and represents the amount of noise voltage that can be added to the signal without creating an error:
Transmission over Medium Distances (< 20 feet) Computer peripherals such as a printer or scanner generally include mechanisms that cannot be situated within the computer itself. Our first thought might be just to extend the computer's internal buses with a cable of sufficient length to reach the peripheral. Doing so, however, would expose all bus transactions to external noise and distortion even though only a very small percentage of these transactions concern the distant peripheral to which the bus is connected. If a peripheral can be located within 20 feet of the computer, however, relatively simple electronics may be added to make data transfer through a cable efficient and reliable. To accomplish this, a bus interface circuit is installed in the computer:
24
It consists of a holding register for peripheral data, timing and formatting circuitry for external data transmission, and signal amplifiers to boost the signal sufficiently for transmission through a cable. When communication with the peripheral is necessary, data is first deposited in the holding register by the microprocessor. This data will then be reformatted, sent with errordetecting codes, and transmitted at a relatively slow rate by digital hardware in the bus interface circuit. In addition, the signal power is greatly boosted before transmission through the cable. These steps ensure that the data will not be corrupted by noise or distortion during its passage through the cable. In addition, because only data destined for the peripheral is sent, the partyline transactions taking place on the computer's buses are not unnecessarily exposed to noise. Data sent in this manner may be transmitted in byte-serial format if the cable has eight parallel channels (at least 10 conductors for half-duplex operation), or in bit-serial format if only a single channel is available. Transmission over Long Distances (< 4000 feet) When relatively long distances are involved in reaching a peripheral device, driver circuits must be inserted after the bus interface unit to compensate for the electrical effects of long cables:
This is the only change needed if a single peripheral is used. However, if many peripherals are connected, or if other computer stations are to be linked, a local area network (LAN) is required, and it becomes necessary to drastically change both the electrical drivers and the protocol to send messages through the cable. Because multiconductor cable is expensive, bitserial transmission is almost always used when the distance exceeds 20 feet. In either a simple extension cable or a LAN, a balanced electrical system is used for transmitting digital data through the channel. This type of system 25
involves at least two wires per channel, neither of which is a ground. Note that a common ground return cannot be shared by multiple channels in the same cable as would be possible in an unbalanced system. The basic idea behind a balanced circuit is that a digital signal is sent on two wires simultaneously, one wire expressing a positive voltage image of the signal and the other a negative voltage image. When both wires reach the destination, the signals are subtracted by a summing amplifier, producing a signal swing of twice the value found on either incoming line. If the cable is exposed to radiated electrical noise, a small voltage of the same polarity is added to both wires in the cable. When the signals are subtracted by the summing amplifier, the noise cancels and the signal emerges from the cable without noise:
A great deal of technology has been developed for LAN systems to minimize the amount of cable required and maximize the throughput. The costs of a LAN have been concentrated in the electrical interface card that would be installed in PCs or peripherals to drive the cable, and in the communications software, not in the cable itself (whose cost has been minimized). Thus, the cost and complexity of a LAN are not particularly affected by the distance between stations. Transmission over Very Long Distances (greater than 4000 feet) Data communications through the telephone network can reach any point in the world. The volume of overseas fax transmissions is increasing constantly, and computer networks that link thousands of businesses, governments, and universities are pervasive. Transmissions over such distances are not generally accomplished with a direct-wire digital link, but rather with digitally-modulated analog carrier signals. This technique makes it possible to use existing analog telephone voice channels for digital data, although at considerably reduced data rates compared to a direct digital link.
26
Transmission of data from your personal computer to a timesharing service over phone lines requires that data signals be converted to audible tones by a modem. An audio sine wave carrier is used, and, depending on the baud rate and protocol, will encode data by varying the frequency, phase, or amplitude of the carrier. The receiver's modem accepts the modulated sine wave and extracts the digital data from it. Several modulation techniques typically used in encoding digital data for analog transmission are shown below:
Similar techniques may be used in digital storage devices such as hard disk drives to encode data for storage using an analog medium.
27
2.0 LOCAL AREA NETWORK (LAN) Objectives This chapter covers; LAN Technology; Network Topology, Addressing Equipment, LAN Wiring and Hardware Interface Transmission Technology; IEEE 802.11: Media Access, components and hardware. The collision and the collision domain Data Link layer; link layer concepts, protocols and technologies used
2.1 LAN Technology A local area network (LAN) is a computer network that interconnects computers in a limited area such as a home, school, computer laboratory, or office building using network media.[1] The defining characteristics of LANs, in contrast to wide area networks (WANs), include their usually higher datatransfer rates, smaller geographic area, and lack of a need for leased telecommunication lines. ARCNET, Token Ring and other technology standards have been used in the past, but Ethernet over twisted pair cabling, and Wi-Fi are the two most common technologies currently used to build LANs.
2.2 Network Topology
Network topology is the arrangement of the various elements (links, nodes, etc.) of a computer[1][2] or biological network.[3] Essentially, it is the topological[4] structure of a network, and may be depicted physically or logically. Physical topology refers to the placement of the network's various components, including device location and cable installation, while logical topology shows how data flows within a network, regardless of its physical
28
design. Distances between nodes, physical interconnections, transmission rates, and/or signal types may differ between two networks, yet their topologies may be identical. A good example is a local area network (LAN): Any given node in the LAN has one or more physical links to other devices in the network; graphically mapping these links results in a geometric shape that can be used to describe the physical topology of the network. Conversely, mapping the data flow between the components determines the logical topology of the network. There are two basic categories of network topologies:
Physical topologies Logical topologies
The shape of the cabling layout used to link devices is called the physical topology of the network. This refers to the layout of cabling, the locations of nodes, and the interconnections between the nodes and the cabling.[1] The physical topology of a network is determined by the capabilities of the network access devices and media, the level of control or fault tolerance desired, and the cost associated with cabling or telecommunications circuits. The logical topology, in contrast, is the way that the signals act on the network media, or the way that the data passes through the network from one device to the next without regard to the physical interconnection of the devices. A network's logical topology is not necessarily the same as its physical topology. For example, the original twisted pair Ethernet using repeater hubs was a logical bus topology with a physical star topology layout. Token Ring is a logical ring topology, but is wired a physical star from theMedia Access Unit. The logical classification of network topologies generally follows the same classifications as those in the physical classifications of network topologies but describes the path that the data takes between nodes being used as opposed to the actual physical connections between nodes. The logical topologies are generally determined by network protocols as opposed to being determined by the physical layout of cables, wires, and network devices or by the flow of the electrical signals, although in many cases the paths that the electrical signals take between nodes may closely match the logical flow of data, hence the convention of using the terms logical topology and signal topology interchangeably.
29
Logical topologies are often closely associated with Media Access Control methods and protocols. Logical topologies are able to be dynamically reconfigured by special types of equipment such as routers and switches.
The study of network topology recognizes eight basic topologies:[6]
Point-to-point Bus Star Ring or circular Mesh Tree Hybrid Daisy chain
2.3 Addressing Equipment LAN network address The first three octets of an IP address should be the same for all computers in the LAN. For example, if a total of 128 hosts exist in a single LAN, the IP addresses could be assigned starting with 192.168.1.x, where x represents a number in the range of 1 to 128. You could create consecutive LANs within the same company in a similar manner consisting of up to another 128 computers. Of course, you are not limited to 128 computers, as there are other ranges of IP addresses that allow you to build even larger networks.
30
There are different classes of networks that determine the size and total possible unique IP addresses of any given LAN. For example, a class A LAN can have over 16 million unique IP addresses. A class B LAN can have over 65,000 unique IP addresses. The size of your LAN depends on which reserved address range you use and the subnet mask (explained later in the article) associated with that range (see Table 1.). Address ranges and LAN sizes Address range
Subnet mask
Provides
Addresses per LAN
10.0.0.0 10.255.255.255.255
255.0.0.0
1 class A LAN
16,777,216
172.16.0.0 172.31.255.255
255.255.0.0
16 class B LANs
65,536
192.168.0.0 192.168.255.255
25.255.255.0 256 class C LANs
256
Network and broadcast addresses Another important aspect of building a LAN is that the addresses at the two extreme ends of the address range are reserved for use as the LAN's network address and broadcast address. The network address is used by an application to represent the overall network. Thebroadcast address is used by an application to send the same message to all other hosts in the network simultaneously. For example, if you use addresses in the range of 192.168.1.0 to 192.168.1.128, the first address (192.168.1.0) is reserved as the network address, and the last address (192.168.1.128) is reserved as the broadcast address. Therefore, you only assign individual computers on the LAN IP addresses in the range of 192.168.1.1 to 192.168.1.127:
Network address:
192.168.1.0
31
Individual hosts:
192.168.1.1 to 192.168.1.127
Broadcast address:
192.168.1.128
Subnet masks Each host in a LAN has a subnet mask. The subnet mask is an octet that uses the number 255 to represent the network address portion of the IP address and a zero to identify the host portion of the address. For example, the subnet mask 255.255.255.0 is used by each host to determine which LAN or class it belongs to. The zero at the end of the subnet mask represents a unique host within that network. Domain name The domain name, or network name, is a unique name followed by a standard Internet suffixes such as .com, .org, .mil, .net, etc. You can pretty much name your LAN anything if it has a simple dial-up connection and your LAN is not a server providing some type of service to other hosts directly. In addition, our sample network is considered private since it uses IP addresses in the range of 192.168.1.x. Most importantly, the domain name of choice should not be accessible from the Internet if the above constraints are strictly enforced. Lastly, to obtain an "official" domain name you could register through InterNIC, Network Solutions or Register.com. See theResources section later in this article for the Web sites with detailed instructions for obtaining official domain names. Hostnames Another important step in setting up a LAN is assigning a unique hostname to each computer in the LAN. A hostname is simply a unique name that can be made up and is used to identify a unique computer in the LAN. Also, the name should not contain any blank spaces or punctuation. For example, the following are valid hostnames that could be assigned to each computer in a LAN consisting of 5 hosts: hostname 1 - Morpheus; hostname 2 - Trinity; hostname 3 - Tank; hostname 4 - Oracle; and hostname 5 - Dozer. Each of these hostnames conforms to the requirement that no blank spaces or punctuation marks are present. Use short hostnames to eliminate excessive typing, and choose a name that is easy to remember. Table 2 summarizes what we have covered so far in this article. Every host in the LAN will have the same network address, broadcast address, subnet mask, and domain name because those addresses identify the network in its entirety. Each computer in the LAN will have a hostname and IP address
32
that uniquely identifies that particular host. The network address is 192.168.1.0, and the broadcast address is 192.168.1.128. Therefore, each host in the LAN must have an IP address between 192.168.1.1 to 192.168.127. Sample IP addresses for a LAN with 127 or fewer interconnected computers IP address
Example
Same/unique
Network address
192.168.1.0
Same for all hosts
Domain name
www.yourcompanyname.com Same for all hosts
Broadcast address
192.168.1.128
Same for all hosts
Subnet mask
255.255.255.0
Same for all hosts
Hostname
Any valid name
Unique to each host
Host addresses 192.168.1.x
x must be unique to each host Back to top
Assigning IP addresses in a LAN There are two ways to assign IP addresses in a LAN. You can manually assign a static IP address to each computer in the LAN, or you can use a special type of server that automatically assigns a dynamic IP address to each computer as it logs into the network. Static IP addressing Static IP addressing means manually assigning a unique IP address to each computer in the LAN. The first three octets must be the same for each host, and the last digit must be a unique number for each host. In addition, a unique hostname will need to be assigned to each computer. Each host in the LAN will have the same network address (192.168.1.0), broadcast address (192.168.1.128), subnet mask (255.255.255.0), and domain name (yourcompanyname.com). It's a good idea to start by visiting each computer in the LAN and jotting down the hostname and IP address for future reference. Dynamic IP addressing Dynamic IP addressing is accomplished via a server or host called DHCP
33
(Dynamic Host Configuration Program) that automatically assigns a unique IP address to each computer as it connects to the LAN. A similar service called BootP can also automatically assign unique IP addresses to each host in the network. The DHCP/ BootP service is a program or device that will act as a host with a unique IP address. An example of a DHCP device is a router that acts as an Ethernet hub (a communications device that allows multiple host to be connected via an Ethernet jack and a specific port) on one end and allows a connection to the Internet on the opposite end. Furthermore, the DHCP server will also assign the network and broadcast addresses. You will not be required to manually assign hostnames and domain names in a dynamic IP addressing scheme. The LAN hardware Assigning hostname and IP addresses will be useless if there is no hardware available to connect all the computers together. There are several different types of hardware schemes such as Ethernet, Token Ring, FDDI, Token Bus, etc. Since Ethernet is the most widely used hardware scheme, we will focus our attention on it. Ethernet is available from several different computer vendors, and it is relatively inexpensive. Ethernet is a 10-Mbps baseband LAN specification developed by Xerox, Intel, and Digital Equipment. In order to build an Ethernet hub you need the following: an Ethernet Network Interface Card (NIC) for each computer, an Ethernet compatible hub with at least the same number of ports as there will be computers in the LAN, and Ethernet cables (or 10BaseT cables) to connect each computer's NIC to the Ethernet hub. Also make sure that the hardware of choice is compatible with the Red Hat Linux operating system. This hardware/software compatibility information is usually found in the Requirements section on the back of the box of each product. Alternatively, you could ask a computer sales person about hardware/software requirements. You can usually save money by purchasing LAN cards as a package vs. purchasing them individually. When choosing an Ethernet hub ensure that it contains at least as many ports as there are computers that will participate in the LAN. It is always best to choose a hub with additional ports to allow for expansion. If you plan to use all of the computers in the LAN to access the Internet via a local Internet Service Provider (ISP), the router/Ethernet combo is an ideal choice. The router/Ethernet unit is normally configured using any computer that is connected to the LAN. Assuming that all computers in the LAN will be
34
running the Red Hat Linux operating system, a router will be required that can be configured using a Linux configuration program such as LinuxConf. Finally, choose network cables to allow for expansion. Typically, most Ethernet networks use 10BaseT cables with RJ45 jacks at each end. It's always a good idea to purchase cables that are 1 or 2 times longer than the required length in case the structure (topology) of the LAN changes in the future. 2.4 LAN Wiring Installing the hardware Assuming that all LAN hardware is available, the next step is to install it. First turn off all the computers that will participate in the LAN. Next, open the case on each computer and install each NIC in the appropriate slot on the motherboard, being careful to follow the manufacturer's instructions. Find a convenient but safe location for the Ethernet hub, preferably a centralized location in the same building or room along with the computers. Next, run the cable from the NIC in each computer to the Ethernet hub ensuring all cables are out of the way of users who will need physical access to each computer in the LAN. Moreover, make sure you follow all instructions provided with the LAN hardware before starting up any of the computers that will participate in the LAN. If you are using a router to connect the LAN to the Internet or using a DHCP server, you will need to do some configuration as required by the user's manual. Lastly, assuming all computers are attached to the Ethernet hub via the NIC and a specific port on the hub, you can now begin the software configuration process using the Red Hat operating system. Configuring the LAN How you configure the computers on the LAN will depend on whether the Red Hat OS was installed before or after the LAN hardware. If you installed the LAN hardware before installing Red Hat you will be prompted for network configuration during the Red Hat installation process. However, if you installed the Red Hat OS after the LAN hardware, a program called "Kudzu" will detect the newly installed Ethernet card and initiate the configuration process automatically. Follow these steps when configuring each Ethernet card using the "Kudzu" program:
35
1. During the bootup process look for a dialog box titled "Welcome to Kudzu." Press Enter to begin the configuration process. 2. Next, you should see another dialog box that displays the brand name for the installed Ethernet card. Press Enter again to continue. 3. After a brief delay you should see "Would You Like to Set up Networking". 4. Select the NO option using the Tab key and then press Enter. I will describe setting up networking using a utility called LinuxConf later in this article. At this point, the bootup process should continue normally and you will be required to log on to the computer as the root user. You should have been given the opportunity to create a root account during the initial installation of Red Hat.
36
Using LinuxConf to configure your Ethernet card You can use an application program called LinuxConf to configure or reconfigure the NIC of each computer in the LAN. You can launch the LinuxConf utility by typing linuxconf at the command prompt of any terminal window in the KDE or GNOME desktop environment. Another way to start the LinuxConf utility is to click the Main menu button, select System, then LinuxConf. When the LinuxConf application is displayed, follow the steps below to configure the Ethernet card: 1. From the LinuxConf tree structure, select Config, Networking, Client Tasks, Basic Host Information. 2. Type the fully qualified hostname that you assigned to this computer on the Host name tab. 3. Next, click the Adaptor 1 tab, which displays your Ethernet card settings. 4. Verify that the Enabled button is selected to ensure that the Ethernet card will be accessible. 5. Choose the Manual option if you will not be using a DHCP or BootP server on your LAN and continue to step 6. Otherwise, if you will be using a DHCP or BootP server, choose either DHCP or BootP accordingly and continue to step 12. 6. Enter this computer's hostname followed by a period and the domain name of the LAN for the Primary name + domain option. 7. Enter the computer's hostname in addition to any aliases separated by a blank space under the Aliases option. 8. Enter the IP address assigned to this computer next to IP Address (such as 192.168.1.1). 9. Type in 255.255.255.0 for the Netmask. 10. For net device, type eth0, which represents the first Ethernet card located inside the computer. 11. The driver or Kernel Module option for the Ethernet card should automatically be filled in upon exiting LinuxConf. 12. Click the Accept button to activate all changes. 13. Repeat steps 1-12 for each computer in the LAN, verifying that you've entered the correct hostname and the corresponding IP address. Nameserver specification Another important step in setting up LAN is to configure the Nameserver
37
specification, which is used by Linux to look up IP addresses when only the computer's hostname is given. There are two methods that are used by Red Hat Linux to resolve hostnames into IP addresses. One method is via Domain Name Services (DNS), and the other is by means of a local file at /etc/hosts. Locate the hosts file by typing cd /etc to change to the /etc directory. The /etc directory is where most system configuration files are found for each computer. Next, follow the steps below to resolve hostnames into IP address using the /etc/hosts file:
38
1. In the left column of LinuxConf, open the Nameserver specification (DNS) category. 2. Left-click the DNS Usage option. (The button should be pushed in.) 3. Enter localdomain next to the Search Domain 1 category. 4. If you know the primary and secondary IP addresses for the nameserver, which should be available for this Ethernet card, enter those in the IP of nameserver 1 and IP of nameserver 2 categories. Otherwise, you can leave those categories blank. 5. Left-click the Accept button to activate all changes. Hostname search path The hostname search path is used by Red Hat Linux to search for IP addresses assigned to hostnames. To configure the hostname search path so that the local host (/etc/hosts) file is used to resolve local hostnames, and the ISP domain services to resolve Internet domain services, follow these steps: 1. In the left column of LinuxConf, open the Routing and Gateways category. 2. Select the Host Name Search path option. 3. In the right column of LinuxConf, select the Multiple IPs for One Host option. 4. Select the hosts, dns option in the right portion of LinuxConf. 5. Left-click the Accept button to activate all changes. Setting up /etc/hosts The Red Hat Linux OS needs some way to find IP addresses within the LAN based on the each computer's hostname. I described earlier in the article that the Domain Name Service (DNS) is one method of resolving hostnames into IP addresses. In a DNS configuration the hostnames and IP addresses should already be listed in a pre-existing nameserver. Consult your local ISP to obtain those IP addresses. On the other hand, if there is a centralized nameserver, as with small LANs, a host file will need to be configured on each computer that was assigned a hostname, IP address, and any aliases. This configuration process involves editing a text file located at /etc/host. You will need to go to one of the computers in the LAN and follow the below steps in order to create and configure the /etc/hosts file:
39
1. In the left column of LinuxConf, open the Misc category. 2. Open the Information about hosts category. You should see an entry for this computer that includes the IP address, hostname, and any aliases. 3. Left-click the Add button once to add an entry for another host in the LAN. 4. Type the Primary + Domain Name for another host in the LAN in the dialog box that appears (such as trinity.yourcompanyname.com). 5. Type one or more aliases for this computer next to the Alias option (such as tank). 6. Enter the IP address for the hostname that you've assigned for this computer next to IP number. 7. Left-click the Accept button to activate all changes. 8. Repeat steps 1-7 for each computer in your LAN. After you have done steps 1-7 for all computers, the /etc/hosts tab of LinuxConf should list one entry for every computer in your LAN, in addition to the local host's loopback interface. The local host name should appear as localhost. Finally, you can save all changes and exit the LinuxConf application by following the steps below: 1. Left-click the Quit button in the /etc/host screen after all hostnames and IP addresses have been entered. 2. To exit the LinuxConf application, left-click the Quit button at the bottom-left corner. 3. Left-click the Activate the Changes button to activate all changes and exit LinuxConf. Repeat for every host Now that you have configured one computer in you LAN, you will need to go back and repeat all the above steps for each computer starting with the section "Configuring the LAN". If you would prefer a less time-consuming procedure of configuring each computer, you can modify the /etc/hosts file on each computer manually using a copy method. You can copy the /etc/hosts file that you have just created to a floppy disk or CD-ROM (if you have a writeable CD-ROM drive) and copy that file to the /etc directory of each computer in your LAN. To copy the /etc/hosts file to a floppy disk, type the command cp /etc/hosts /mnt/floppy at the command prompt. Do
40
this on the computer where you configured the initial /etc/hosts file using the LinuxConf utility. Next, take the floppy to each computer in the LAN and type the command cp /mnt/floppy hosts /etc/host in a terminal window. This will copy the hosts file to the /etc directory on each host. If you are using a CD-ROM, replace the /mnt/floppy/ in the above commands with //mnt/cdrom/ to copy files to and from a writeable CD-ROM. The /etc/hosts file, as you probably noticed, is just a text file with a list of hostnames and IP addresses separated into three columns. Lastly, make sure that the local computer and its associated IP address are listed twice and all the other computers in the LAN are listed only once. Testing the LAN To test the completely configured LAN, make sure that the computers are able to communicate with each other after the bootup process. You can start by typing reboot at the command prompt at a command terminal on each computer. This allows you to monitor the testing information that scrolls down the screen as a standard procedure during the Linux boot process. Look for the following information: Setting hostname:
Bringing up Interface lo:
or
Bringing up interface eth0 or The Setting hostname field should display the hostname that you assigned for this computer. The lo and eth0 interfaces should display [OK] to indicate that both tests were successful.
To determine whether each computer can communicate with every other computer in the LAN, use the ping command. Open any terminal window on the current host and type the command ping or , where or is the IP address and/or the hostname that you assigned to this computer. Note that you must type either the IP address or the hostname in order for the ping command to work properly. If you have configured the DNS nameserver specification properly, the ping command should resolve the hostname into a corresponding IP address. Otherwise, you will need to use the IP address that you should
41
currently already have listed for all computers in the LAN. The ping command will send messages across the LAN to the designated IP address or computer. You should see several messages or packets (consisting of bytes of information) if the computers are "talking" or communicating with each other. These packets look similar to the following: 64 bytes from 192.168.1.x : icmp_seq=0 ttl=255 time=0.8ms 64 bytes from 192.168.1.x : icmp_seq=0 ttl=255 time=0.8ms 64 bytes from 192.168.1.x : icmp_seq=0 ttl=255 time=0.8ms
Note that the "192.168.1" represents the LAN that this particular host is a member of and the x indicates the specific host number that you are attempting to ping (e.g. such as Oracle) which jointly makes up the IP address. You can press the Ctrl+C to terminate the test and you should see the following basic information about the entire ping test: --hostname.yourcompanyname.com ping statistics --4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.3/0.4/0.8 ms
Verify that the packet loss is 0%, which is an immediate indication that the test was successful. However, there is a problem if the ping command results in the following message: From hostname.comanyname.com (192.168.1.1): Destination Host Unreachable
This is an immediate indication that the two computers are not communicating at all. If the computers are not communicating, see the next section, "Troubleshooting the LAN". Otherwise, when you can successfully ping all other computers in the LAN from one designated computer, the overall basic communications functionality is indeed a success. At this point, you can consider this LAN to be a fully functional network that you can install and on which you can configure various network services as desired. Troubleshooting the LAN
42
If you are unable to ping another computer in the LAN, here's how to get to the source of the problem. First of all, it's a good idea to shut down every computer in the LAN using the halt command. At the command prompt on each computer, type halt. The main reason for shutting down all computers is to monitor feedback from the boot process when each computer is started up again. Check all cable connections between every computer, making sure that all RJ45 jacks are connected properly. After verifying that all the cables are secured properly, start each computer one at a time and look for the following response during the boot process: Setting hostname: hostname.networkname [OK]
You can turn on the interactive mode by typing I at the LILO boot prompt during the initial bootup process of Red Hat to get a closer view of the feedback. Ensure that the hostname and network name that was assigned to this computer is spelled correctly. If this is not the case, you will need to return to the Basic Host Information section of LinuxConf. In interactive mode you will be prompted to start several services. Respond to each question with Yes and pay close attention to results of various tests. If the Kudzu program detects an Ethernet card, then this an indication that the card was not properly configured the first time around. Proceed to let Kudzu configure the card. When you are prompted to configure the network, choose "Yes" and type the correct IP address and other related information for this particular computer. Another important response to examine carefully is the following: Bringing up interface eth0
[OK]
This line indicates whether the Ethernet card is working properly. If this test fails you should check all network settings using LinuxConf to ensure that the card was configured properly. If the network settings are correct, there is probably a defect in the Ethernet card itself. In order to verify this, consult the manufacturer of the Ethernet card or a computer technician to determine whether or not the card is defective. Repeat the preceding troubleshooting procedures on each new Ethernet card installed.
43
2.5 Hardware Interface Apart from the physical communications media themselves as described above, networks comprise additional basic hardware building blocks interconnecting their terminals, such as network interface cards (NICs), hubs, bridges, switches, and routers. Network interface cards A network card, network adapter, or NIC (network interface card) is a piece of computer hardware designed to allow computers to physically access a networking medium. It provides a low-level addressing system through the use of MAC addresses. Each Ethernet network interface has a unique MAC address which is usually stored in a small memory device on the card, allowing any device to connect to the network without creating an address conflict. Ethernet MAC addresses are composed of six octets. Uniqueness is maintained by the IEEE, which manages the Ethernet address space by assigning 3-octet prefixes to equipment manufacturers. The list of prefixes is publicly available. Each manufacturer is then obliged to both use only their assigned prefix(es) and to uniquely set the 3-octet suffix of every Ethernet interface they produce. 2.6 Transmission Technology Courses and textbooks in the field of data transmission typically deal with the following OSI model protocol layers and topics: Layer 1, the physical layer:
Channel coding including o Digital modulation schemes o Line coding schemes o Forward error correction (FEC) codes Bit synchronization Multiplexing Equalization Channel models
Layer 2, the data link layer:
Channel access schemes, media access control (MAC) Packet mode communication and Frame synchronization
44
Error detection and automatic repeat request (ARQ) Flow control
2.7 IEEE 802.11: Media Access, components and hardware. The collision and the collision domain In the seven-layer OSI model of computer networking, media access control (MAC) data communication protocol is a sublayer of the data link layer, which itself is layer 2. The MAC sublayer provides addressing and channel access control mechanisms that make it possible for several terminals or network nodes to communicate within a multiple access network that incorporates a shared medium, e.g. Ethernet. The hardware that implements the MAC is referred to as a medium access controller. The MAC sublayer acts as an interface between the logical link control (LLC) sublayer and the network's physical layer. The MAC layer emulates a fullduplex logical communication channel in a multi-point network. This channel may provide unicast, multicast or broadcast communication service. The local network address used in IP-Ethernet is called MAC address because it historically was part of the MAC layer in early Ethernet implementations. The MAC layer's addressing mechanism is called physical address or MAC address. A MAC address is a unique serial number. Once a MAC address has been assigned to a particular network interface (typically at time of manufacture), that device should be uniquely identifiable amongst all other network devices in the world. This guarantees that each device in a network will have a different MAC address (analogous to a street address). This makes it possible for data packets to be delivered to a destination within a subnetwork, i.e. hosts interconnected by some combination of repeaters, hubs, bridges and switches, but not by IP routers. Thus, when an IP packet reaches its destination (sub)network, the destination IP address (a layer 3 or network layer concept) is resolved with the Address Resolution Protocol for IPv4, or by Neighbor Discovery Protocol (IPv6) into the MAC address (a layer 2 concept) of the destination host. An example of a physical network is an Ethernet network, perhaps extended by wireless local area network (WLAN) access points and WLAN network adapters, since these share the same 48-bit MAC address hierarchy as Ethernet.
45
A MAC layer is not required in full-duplex point-to-point communication, but address fields are included in some point-to-point protocols for compatibility reasons.
Common multiple access protocols
Examples of common packet mode multiple access protocols for wired multi-drop networks are: CSMA/CD (used in Ethernet and IEEE 802.3) Token bus (IEEE 802.4) Token ring (IEEE 802.5) Token passing (used in FDDI) Examples of common multiple access protocols that may be used in packet radio wireless networks are: CSMA/CA (used in IEEE 802.11/WiFi WLANs) Slotted ALOHA Dynamic TDMA Reservation ALOHA (R-ALOHA) Mobile Slotted Aloha (MS-ALOHA) CDMA OFDMA
2.8 Data Link layer: concepts, protocols and technologies used In the seven-layer OSI model of computer networking, the data link layer is layer 2. In TCP/IP reference model, it corresponds to, or is part of the link layer. The data link layer is the protocol layer that transfers data between adjacent network nodes in a wide area network or between nodes on the same local area network segment.[1] The data link layer provides the functional and procedural means to transfer data between network entities and might provide the means to detect and possibly correct errors that may occur in the physical layer. Examples of data link protocols are Ethernet for local area networks (multi-node), the Point-to-Point Protocol (PPP), HDLC and ADCCP for point-to-point (dual-node) connections. The data link layer is concerned with local delivery of frames between devices on the same LAN. Data-link frames, as these protocol data units are called, do not cross the boundaries of a local network. Inter-network routing and global addressing are higher layer functions, allowing data-link protocols to 46
focus on local delivery, addressing, and media arbitration. In this way, the data link layer is analogous to a neighborhood traffic cop; it endeavors to arbitrate between parties contending for access to a medium. When devices attempt to use a medium simultaneously, frame collisions occur. Data-link protocols specify how devices detect and recover from such collisions, and may provide mechanisms to reduce or prevent them. Delivery of frames by layer-2 devices is effected through the use of unambiguous hardware addresses. A frame's header contains source and destination addresses that indicate which device originated the frame and which device is expected to receive and process it. In contrast to the hierarchical and routable addresses of the network layer, layer-2 addresses are flat, meaning that no part of the address can be used to identify the logical or physical group to which the address belongs. The data link thus provides data transfer across the physical link. That transfer can be reliable or unreliable; many data-link protocols do not have acknowledgments of successful frame reception and acceptance, and some data-link protocols might not even have any form of checksum to check for transmission errors. In those cases, higher-level protocols must provide flow control, error checking, and acknowledgments and retransmission. In some networks, such as IEEE 802 local area networks, the data link layer is described in more detail with media access control (MAC) and logical link control (LLC) sublayers; this means that the IEEE 802.2 LLC protocol can be used with all of the IEEE 802 MAC layers, such as Ethernet, token ring, IEEE 802.11, etc., as well as with some non-802 MAC layers such as FDDI. Other data-link-layer protocols, such as HDLC, are specified to include both sublayers, although some other protocols, such as Cisco HDLC, use HDLC's low-level framing as a MAC layer in combination with a different LLC layer. In the ITU-T G.hn standard, which provides a way to create a high-speed (up to 1 Gigabit/s) local area network using existing home wiring (power lines, phone lines and coaxial cables), the data link layer is divided into three sublayers (application protocol convergence, logical link control and medium access control). Within the semantics of the OSI network architecture, the data-link-layer protocols respond to service requests from the network layer and they perform their function by issuing service requests to the physical layer.
47
List of data-link-layer services
Encapsulation of network layer data packets into frames Frame synchronization Logical link control (LLC) sublayer: Error control (automatic repeat request,ARQ), in addition to ARQ provided by some transport-layer protocols, toforward error correction (FEC) techniques provided on the physical layer, and to error-detection and packet canceling provided at all layers, including the network layer. Data-link-layer error control (i.e. retransmission of erroneous packets) is provided in wireless networks and V.42 telephone network modems, but not in LAN protocols such as Ethernet, since bit errors are so uncommon in short wires. In that case, only error detection and canceling of erroneous packets are provided. Flow control, in addition to the one provided on the transport layer. Data-link-layer error control is not used in LAN protocols such as Ethernet, but in modems and wireless networks. Media access control (MAC) sublayer: Multiple access protocols for channel-access control, for example CSMA/CD protocols for collision detection and retransmission in Ethernet bus networks and hub networks, or the CSMA/CA protocol for collision avoidance in wireless networks. Physical addressing (MAC addressing) LAN switching (packet switching) including MAC filtering and spanning tree protocol Data packet queuing or scheduling Store-and-forward switching or cut-through switching Quality of Service (QoS) control Virtual LANs (VLAN)
48
3.0 WIDE AREA NETWORK (WAN) Objectives This chapter covers; Switching PSTN Point to Point Protocol (PPP) Introduction to Integrated Services Digital Network (ISDN) x.25 Frame Relay ATM Gigabit Ethernet
3.1 Switching Switching implementations are of two types;
Circuit switching Packet switching
Circuit switching Circuit switching is a methodology of implementing a telecommunications network in which two network nodes establish a dedicated communications channel (circuit) through the network before the nodes may communicate. The circuit guarantees the full bandwidth of the channel and remains connected for the duration of the communication session. The circuit functions as if the nodes were physically connected as with an electrical circuit. The defining example of a circuit-switched network is the early analog telephone network. When a call is made from one telephone to another,
49
switches within the telephone exchanges create a continuous wire circuit between the two telephones, for as long as the call lasts. Circuit switching contrasts with packet switching which divides the data to be transmitted into packets transmitted through the network independently. In packet switching, instead of being dedicated to one communication session at a time, network links are shared by packets from multiple competing communication sessions, resulting in the loss of the quality of service guarantees that are provided by circuit switching. In circuit switching, the bit delay is constant during a connection, as opposed to packet switching, where packet queues may cause varying and potentially indefinitely long packet transfer delays. No circuit can be degraded by competing users because it is protected from use by other callers until the circuit is released and a new connection is set up. Even if no actual communication is taking place, the channel remains reserved and protected from competing users. Virtual circuit switching is a packet switching technology that emulates circuit switching, in the sense that the connection is established before any packets are transferred, and packets are delivered in order. While circuit switching is commonly used for connecting voice circuits, the concept of a dedicated path persisting between two communicating parties or nodes can be extended to signal content other than voice. Its advantage is that it provides for continuous transfer without the overhead associated with packets making maximal use of available bandwidth for that communication. Its disadvantage is that it can be relatively inefficient because unused capacity guaranteed to a connection cannot be used by other connections on the same network. Message switching In telecommunications, message switching was the precursor of packet switching, where messages were routed in their entirety, one hop at a time. It was first introduced by Leonard Kleinrock in 1961. Message switching systems are nowadays mostly implemented over packet-switched or circuitswitched data networks. Each message is treated as a separate entity. Each message contains addressing information, and at each switch this information is read and the transfer path to the next switch is decided. Depending on network conditions, a conversation of several messages may not be transferred over the same path. Each message is stored (usually on hard drive due to RAM limitations) before being transmitted to the next
50
switch. Because of this it is also known as a 'store-and-forward' network. Email is a common application for Message Switching. A delay in delivering email is allowed unlike real time data transfer between two computers. Packet switching Packet Switching is a digital networking communications method that groups all transmitted data – regardless of content, type, or structure – into suitably sized blocks, called packets. First proposed for military uses in the early 1960s and implemented on small networks in 1968, this method of data transmission became one of the fundamental networking technologies behind the Internet and most local area networks. Packet Switching features delivery of variable-bit-rate data streams (sequences of packets) over a shared network. When traversing network adapters, switches, routers and other network nodes, packets are buffered and queued, resulting in variable delay and throughput depending on the traffic load in the network. Packet Switching contrasts with another principal networking paradigm, circuit switching, a method which sets up a limited number of dedicated connections of constant bit rate and constant delay between nodes for exclusive use during the communication session. In case of traffic fees (as opposed to flat rate), for example in cellular communication services, circuit switching is characterized by a fee per time unit of connection time, even when no data is transferred, while packet switching is characterized by a fee per unit of information. Packet mode communication may be utilized with or without intermediate forwarding nodes (packet switches or routers). In all packet mode communication, network resources are managed by statistical multiplexing or dynamic bandwidth allocation in which a communication channel is effectively divided into an arbitrary number of logical variable-bit-rate channels or data streams. Statistical multiplexing, packet switching and other store-and-forward buffering introduces varying latency and throughput in the transmission. Each logical stream consists of a sequence of packets, which normally are forwarded by the multiplexers and intermediate network nodes asynchronously using first-in, first-out buffering. Alternatively, the packets may be forwarded according to some scheduling discipline for fair queuing, traffic shaping or for differentiated or guaranteed quality of service, such as weighted fair queuing or leaky bucket. In case of a shared physical
51
medium, the packets may be delivered according to some packet-mode multiple access schemes.
3.2 PSTN The public switched telephone network (PSTN) is the network of the world's public circuit-switched telephone networks. It consists of telephone lines, fiber optic cables, microwave transmission links, cellular networks, communications satellites, and undersea telephone cables, all inter-connected by switching centers, thus allowing any telephone in the world to communicate with any other. Originally a network of fixed-line analog telephone systems, the PSTN is now almost entirely digital in its core and includes mobile as well as fixed telephones. The technical operation of the PSTN utilizes standards created by the ITU-T. These standards allow different networks in different countries to interconnect seamlessly. There is also a single global address space for telephone numbers based on the E.163 and E.164 standards. The combination of the interconnected networks and the single numbering plan make it possible for any phone in the world to dial any other phone.
3.3 Point to Point Protocol (PPP) In networking, the Point-to-Point Protocol (PPP) is a data link protocol commonly used in establishing a direct connection between two networking nodes. It can provide connection authentication, transmission encryption (using ECP, RFC 1968), and compression. PPP is used over many types of physical networks including serial cable, phone line, trunk line, cellular telephone, specialized radio links, and fiber optic links such as SONET. PPP is also used over Internet access connections (now marketed as "broadband"). Internet service providers (ISPs) have used PPP for customer dial-up access to the Internet, since IP packets cannot be transmitted over a modem line on their own, without some data link protocol. Two derivatives of PPP, Point-to-Point Protocol over Ethernet (PPPoE) and Point-to-Point Protocol over ATM (PPPoA), are used most commonly by Internet Service Providers (ISPs) to establish a Digital Subscriber Line (DSL) Internet service connection with customers.
52
PPP is commonly used as a data link layer protocol for connection over synchronous and asynchronous circuits, where it has largely superseded the older Serial Line Internet Protocol (SLIP) and telephone company mandated standards (such as Link Access Protocol, Balanced (LAPB) in the X.25 protocol suite). PPP was designed to work with numerous network layer protocols, including Internet Protocol (IP), TRILL, Novell's Internetwork Packet Exchange (IPX), NBF and AppleTalk.
3.4 Introduction to Integrated Services Digital Network (ISDN) Integrated Services Digital Network (ISDN) is a set of communication standards for simultaneous digital transmission of voice, video, data, and other network services over the traditional circuits of the public switched telephone network. It was first defined in 1988 in the CCITT red book.[1] Prior to ISDN, the telephone system was viewed as a way to transport voice, with some special services available for data. The key feature of ISDN is that it integrates speech and data on the same lines, adding features that were not available in the classic telephone system. There are several kinds of access interfaces to ISDN defined as Basic Rate Interface (BRI), Primary Rate Interface (PRI) and Broadband ISDN (B-ISDN). ISDN is a circuit-switched telephone network system, which also provides access to packet switched networks, designed to allow digital transmission of voice and data over ordinary telephone copper wires, resulting in potentially better voice quality than an analog phone can provide. It offers circuitswitched connections (for either voice or data), and packet-switched connections (for data), in increments of 64 kilobit/s. A major market application for ISDN in some countries is Internet access, where ISDN typically provides a maximum of 128 kbit/s in both upstream and downstream directions. Channel bonding can achieve a greater data rate; typically the ISDN B-channels of three or four BRIs (six to eight 64 kbit/s channels) are bonded. ISDN should not be mistaken for its use with a specific protocol, such as Q.931 whereby ISDN is employed as the network, data-link and physical layers in the context of the OSI model. In a broad sense ISDN can be considered a suite of digital services existing on layers 1, 2, and 3 of the OSI model. ISDN is designed to provide access to voice and data services simultaneously.
53
However, common use reduced ISDN to be limited to Q.931 and related protocols, which are a set of protocols for establishing and breaking circuit switched connections, and for advanced calling features for the user. They were introduced in 1986.[2] In a videoconference, ISDN provides simultaneous voice, video, and text transmission between individual desktop videoconferencing systems and group (room) videoconferencing systems.
3.5 x.25 X.25 is an ITU-T standard protocol suite for packet switched wide area network (WAN) communication. An X.25 WAN consists of packet-switching exchange (PSE) nodes as the networking hardware, and leased lines, plain old telephone service connections or ISDN connections as physical links. X.25 is a family of protocols that was popular during the 1980s with telecommunications companies and in financial transaction systems such as automated teller machines. X.25 was originally defined by the International Telegraph and Telephone Consultative Committee (CCITT, now ITU-T) in a series of drafts[1] and finalized in a publication known as The Orange Book in 1976.
While X.25 has been, to a large extent, replaced by less complex protocols, especially the Internet protocol (IP), the service is still used and available in niche and legacy applications.
3.6 Frame Relay Frame Relay is a standardized wide area network technology that specifies the physical and logical link layers of digital telecommunications channels
54
using a packet switching methodology. Originally designed for transport across Integrated Services Digital Network (ISDN) infrastructure, it may be used today in the context of many other network interfaces. Network providers commonly implement Frame Relay for voice (VoFR) and data as an encapsulation technique, used between local area networks (LANs) over a wide area network (WAN). Each end-user gets a private line (or leased line) to a Frame Relay node. The Frame Relay network handles the transmission over a frequently-changing path transparent to all end-user extensively-used WAN protocols. It is less expensive than leased lines and that is one reason for its popularity. The extreme simplicity of configuring user equipment in a Frame Relay network offers another reason for Frame Relay's popularity. With the advent of Ethernet over fiber optics, MPLS, VPN and dedicated broadband services such as cable modem and DSL, the end may loom for the Frame Relay protocol and encapsulation.[citation needed] However many rural areas remain lacking DSL and cable modem services. In such cases the least expensive type of non-dial-up connection remains a 64-kbit/s framerelay line. Thus a retail chain, for instance, may use Frame Relay for connecting rural stores into their corporate WAN.
3.7 ATM Asynchronous Transfer Mode (ATM) is, according to the ATM Forum, "a telecommunications concept defined by ANSI and ITU (formerly CCITT) standards for carriage of a complete range of user traffic, including voice, data, and video signals,"[1] and is designed to unify telecommunication and computer networks. It uses asynchronous time-division multiplexing,[2][3] and it encodes data into small, fixed-sized cells. This differs from approaches such as the Internet Protocol or Ethernet that use variable sized packets or frames. ATM provides data link layer services that run over a wide range of OSI physical Layer links. ATM has functional similarity with both circuit switched networking and small packet switched networking. It was designed for a network that must handle both traditional high-throughput data traffic (e.g., file transfers), and real-time, low-latency content such as voice and video. ATM uses a connection-oriented model in which a virtual circuit must be established between two endpoints before the actual data exchange begins.[3] ATM is a core protocol used over the SONET/SDH backbone of the
55
public switched telephone network (PSTN) and Integrated Services Digital Network (ISDN), but its use is declining in favour of all IP. ATM was developed to meet the needs of the Broadband Integrated Services Digital Network, as defined in the late 1980s.
3.8 Gigabit Ethernet In computer networking, gigabit Ethernet (GbE or 1 GigE) is a term describing various technologies for transmitting Ethernet frames at a rate of a gigabit per second (1,000,000,000 bits per second), as defined by the IEEE 802.3-2008 standard. It came into use beginning in 1999, gradually supplanting Fast Ethernet in wired local networks, where it performed considerably faster. The cables and equipment are very similar to previous standards and were very common and economical by 2010. Half-duplex gigabit links connected through hubs are allowed by the specification,[1] but full-duplex usage with switches is much more common.
56
4.0 INTERCONNECTING NETWORK DEVICES Objectives This chapter covers; Internetworking Devices; repeaters, Bridges, Routers, Switches and Gateways, LAN and WAN equipment Routing protocol Internet Addresses / IP Addressing, Subnetting Transport Layer: The functions and protocols Session Layer: The functions and protocols Presentation Layer: The functions and protocols
4.1 The Internetworking Devices: repeaters, Bridges, Routers, Switches and Gateways Repeaters and hubs A repeater is an electronic device that receives a signal, cleans it of unnecessary noise, regenerates it, and retransmits it at a higher power level, or to the other side of an obstruction, so that the signal can cover longer distances without degradation. In most twisted pair Ethernet configurations, repeaters are required for cable that runs longer than 100 meters. A repeater with multiple ports is known as a hub. Repeaters work on the physical layer of the OSI model. Repeaters require a small amount of time to regenerate the signal. This can cause a propagation delay which can affect network communication when there are several repeaters in a row. Many network architectures limit the number of repeaters that can be used in a row (e.g. Ethernet's 5-4-3 rule). Today, repeaters and hubs have been made mostly obsolete by switches (see below). Bridges A network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model. Bridges broadcast to all ports except the port on 57
which the broadcast was received. However, bridges do not promiscuously copy traffic to all ports, as hubs do, but learn which MAC addresses are reachable through specific ports. Once the bridge associates a port and an address, it will send traffic for that address to that port only. Bridges learn the association of ports and addresses by examining the source address of frames that it sees on various ports. Once a frame arrives through a port, its source address is stored and the bridge assumes that MAC address is associated with that port. The first time that a previously unknown destination address is seen, the bridge will forward the frame to all ports other than the one on which the frame arrived. Bridges come in three basic types: Local bridges: Directly connect LANs Remote bridges: Can be used to create a wide area network (WAN) link between LANs. Remote bridges, where the connecting link is slower than the end networks, largely have been replaced with routers. Wireless bridges: Can be used to join LANs or connect remote stations to LANs. Switches A network switch is a device that forwards and filters OSI layer 2 datagrams between ports based on the MAC addresses in the packets.[12] A switch is distinct from a hub in that it only forwards the frames to the ports involved in the communication rather than all ports connected. A switch breaks the collision domain but represents itself as a broadcast domain. Switches make forwarding decisions of frames on the basis of MAC addresses. A switch normally has numerous ports, facilitating a star topology for devices, and cascading additional switches. Some switches are capable of routing based on layer 3 addressing or additional logical levels; these are called multi-layer switches. The term switch is used loosely in marketing to encompass devices including routers and bridges, as well as devices that may distribute traffic on load or by application content (e.g., a Web URL identifier). Routers A router is an internetworking device that forwards packets between networks by processing information found in the datagram or packet (Internet protocol information from layer 3). In many situations, this information is processed in conjunction with the routing table (also known as
58
forwarding table). Routers use routing tables to determine what interface to forward packets (this can include the "null" also known as the "black hole" interface because data can go into it, however, no further processing is done for said data). Gateways A gateway may contain devices such as protocol translators, impedance matching devices, rate converters, fault isolators, or signal translators as necessary to provide system interoperability. It also requires the establishment of mutually acceptable administrative procedures between both networks. A protocol translation/mapping gateway interconnects networks with different network protocol technologies by performing the required protocol conversions. Loosely, a computer or computer program configured to perform the tasks of a gateway. For a specific case, see default gateway. Gateways, also called protocol converters, can operate at any network layer. The activities of a gateway are more complex than that of the router or switch as it communicates using more than one protocol. Both the computers of Internet users and the computers that serve pages to users are host nodes, while the nodes that connect the networks in between are gateways. For example, the computers that control traffic between company networks or the computers used by internet service providers (ISPs) to connect users to the internet are gateway nodes. In the network for an enterprise, a computer server acting as a gateway node is often also acting as a proxy server and a firewall server. A gateway is often associated with both a router, which knows where to direct a given packet of data that arrives at the gateway, and a switch, which furnishes the actual path in and out of the gateway for a given packet. On an IP network, clients should automatically send IP packets with a destination outside a given subnet mask to a network gateway. A subnet mask defines the IP range of a private network. For example, if a private network has a base IP address of 192.168.0.0 and has a subnet mask of 255.255.255.0, then any data going to an IP address outside of 192.168.0.X will be sent to that network's gateway. While forwarding an IP packet to another network, the gateway might or might not perform Network Address Translation.
59
A gateway is an essential feature of most routers, although other devices (such as any PC or server) can function as a gateway. A gateway may contain devices such as protocol translators, impedance matching devices, rate converters, fault isolators, or signal translators as necessary to provide system interoperability. It also requires the establishment of mutually acceptable administrative procedures between both networks. Most computer operating systems use the terms described above. Microsoft Windows, however, describes this standard networking feature as Internet Connection Sharing, which acts as a gateway, offering a connection between the Internet and an internal network. Such a system might also act as a DHCP server. Dynamic Host Configuration Protocol (DHCP) is a protocol used by networked devices (clients) to obtain various parameters necessary for the clients to operate in an Internet Protocol (IP) network. By using this protocol, system administration workload greatly decreases, and devices can be added to the network with minimal or no manual configurations. Firewalls A firewall is an important aspect of a network with respect to security. It typically rejects access requests from unsafe sources while allowing actions from recognized ones. The vital role firewalls play in network security grows in parallel with the constant increase in 'cyber' attacks for the purpose of stealing/corrupting data, planting viruses, etc.
4.2 Differences LAN and WAN Typically, a local area network exists in a house or a university campus, while a wide area network exists over many office buildings separated by a vast distance. The office buildings in a WAN may be in different countries or even continents. For example, the headquarters may be in USA, the regional office may be in the UK, and the branch office may be in India. The workers in these three buildings use a Wide Area Network to collaborate with each other. The Internet can also be considered as a WAN, with the Ethernet being a classic example of WAN. Let us have a look at the two structures and their differences In a LAN setup, devices are connected to a switch or a hub. Shared devices are also connected to a switch that is centrally located. In case the devices need to be connected to the Internet, the switch is then connected to the ISP and thus, to the Internet. The data that is shared amongst these devices is
60
stored in servers. If more devices need to be added, an extra hub or switch can be added. Local Area Network (LAN) has higher bandwidth, thus is faster when compared to a WAN. The maximum speed of a LAN can be 1000 megabits per second. As LAN is faster, it is widely preferred for sharing computers in a network. The network is easy to set up, most computers and laptops manufactured today come with the RJ45 port built-in on the motherboard, which is used to connect to the network. In case of older machines that do not have this port, a separate NIC (Network Interface Card) will be required to be installed. This card fits in the PCI slot on desktops, and the PCMCIA slot on laptops. The main advantage of using LAN is the ease of sharing. Computers, if connected to the same LAN, can even share a printer. The biggest hurdle that a firm faces while connecting computers in a LAN is the monitoring of traffic for the Internet. If there is too much load put on only one computer or on a shared device, the network speed may reduce. This can be circumvented by using a LAN traffic monitor, whose function is to keep a track of the bandwidth used. On the basis of setup and maintenance cost breakup, LAN is considered to be cheaper as compared to a WAN setup
61
In a WAN setup, computers that are present at different locations are interconnected. The devices are connected to the router and the routers are interconnected via T1 standards. This makes it difficult to expand a WAN network.
62
LAN
WAN
Wide Area Network (WAN) has a lower bandwidth, thus slowing the network. The speed of a WAN can go up to 150 megabits per second. This means the speed of a WAN is one-tenth the speed of a LAN. Though WAN is slower, it is used widely to share data. The best example of WAN is the Internet. The data on the Internet is accessible across continents. However, a WAN cannot share computer peripherals, so a computer in one country cannot use a printer in another country. To set up a WAN, a modem and a router is needed. Thus, if an additional device needs to be added to the network, a router needs to be configured and connected to the others in the network. As the number of devices in a WAN are greater than those connected in a LAN, there is a greater need for a monitoring device. A special-purpose computer is used, whose only purpose is to send and receive data from the Internet. Leased lines or satellites are used to connect devices in a WAN. While each of the two have their own advantages and disadvantages, there is also a distinct factor that helps one choose between a LAN and a WAN setup, and that is distance. If the locations to be connected are far apart, there is no point considering a LAN setup, as in spite of whatever advantages it may offer, it is not possible.
4.3 General Routing Concepts A routing protocol specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a computer network. Routing algorithms determine the specific
63
choice of route. Each router has a priori knowledge only of networks attached to it directly. A routing protocol shares this information first among immediate neighbors, and then throughout the network. This way, routers gain knowledge of the topology of the network. Although there are many types of routing protocols, three major classes are in widespread use on IP networks:
Interior gateway routing via link state routing protocols, such as OSPF and IS-IS
Interior gateway routing via path vector or distance vector protocols, such as IGRP and EIGRP
Exterior gateway routing. The Border Gateway Protocol (BGP) is the routing protocol used on the Internet for exchanging traffic between Autonomous Systems.
Many routing protocols are defined in documents called RFCs. Some versions of the Open System Interconnection (OSI) networking model distinguish routing protocols in a special sublayer of the Network Layer (Layer 3). The specific characteristics of routing protocols include the manner in which they avoid routing loops, the manner in which they select preferred routes, using information about hop costs, the time they require to reach routing convergence, their scalability, and other factors.
4.4 Address Internet / IP Addressing An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.[1] An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there."[2] The designers of the Internet Protocol defined an IP address as a 32-bit number[1] and this system, known as Internet Protocol Version 4 (IPv4), is still in use today. However, due to the enormous growth of the Internet and the predicted depletion of available addresses, a new version of IP (IPv6), using 128 bits for the address, was developed in 1995.[3] IPv6 was 64
standardized as RFC 2460 in 1998,[4] and its deployment has been ongoing since the mid-2000s. IP addresses are binary numbers, but they are usually stored in text files and displayed in human-readable notations, such as 172.16.254.1 (for IPv4), and 2001:db8:0:1234:0:567:8:1 (for IPv6). The Internet Assigned Numbers Authority (IANA) manages the IP address space allocations globally and delegates five regional Internet registries (RIRs) to allocate IP address blocks to local Internet registries (Internet service providers) and other entities. Understanding IP Addresses An IP address is an address used in order to uniquely identify a device on an IP network. The address is made up of 32 binary bits, which can be divisible into a network portion and host portion with the help of a subnet mask. The 32 binary bits are broken into four octets (1 octet = 8 bits). Each octet is converted to decimal and separated by a period (dot). For this reason, an IP address is said to be expressed in dotted decimal format (for example, 172.16.81.100). The value in each octet ranges from 0 to 255 decimal, or 00000000 - 11111111 binary. Here is how binary octets convert to decimal: The right most bit, or least significant bit, of an octet holds a value of 20. The bit just to the left of that holds a value of 21. This continues until the left-most bit, or most significant bit, which holds a value of 27. So if all binary bits are a one, the decimal equivalent would be 255 as shown here: 1 1 1 11111 128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255) Here is a sample octet conversion when not all of the bits are set to 1. 0 1000001 0 64 0 0 0 0 0 1 (0+64+0+0+0+0+0+1=65) And this is sample shows an IP address represented in both binary and decimal. 10. 1. 23. 19 (decimal) 00001010.00000001.00010111.00010011 (binary)
65
These octets are broken down to provide an addressing scheme that can accommodate large and small networks. There are five different classes of networks, A to E. This document focuses on addressing classes A to C, since classes D and E are reserved and discussion of them is beyond the scope of this document. Note: Also note that the terms "Class A, Class B" and so on are used in this document to help facilitate the understanding of IP addressing and subnetting. These terms are rarely used in the industry anymore because of the introduction of classless interdomain routing (CIDR). Given an IP address, its class can be determined from the three high-order bits. Figure 1 shows the significance in the three high order bits and the range of addresses that fall into each class. For informational purposes, Class D and Class E addresses are also shown.
66
Figure 1
In a Class A address, the first octet is the network portion, so the Class A example in Figure 1 has a major network address of 1.0.0.0 - 127.255.255.255. Octets 2, 3, and 4 (the next 24 bits) are for the network manager to divide into subnets and hosts as he/she sees fit. Class A addresses are used for networks that have more than 65,536 hosts (actually, up to 16777214 hosts!). In a Class B address, the first two octets are the network portion, so the Class B example in Figure 1 has a major network address of 128.0.0.0 191.255.255.255. Octets 3 and 4 (16 bits) are for local subnets and hosts. Class B addresses are used for networks that have between 256 and 65534 hosts. In a Class C address, the first three octets are the network portion. The Class C example in Figure 1 has a major network address of 192.0.0.0 233.255.255.255. Octet 4 (8 bits) is for local subnets and hosts - perfect for networks with less than 254 hosts.
67
Network Masks A network mask helps you know which portion of the address identifies the network and which portion of the address identifies the node. Class A, B, and C networks have default masks, also known as natural masks, as shown here: Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.255.0 An IP address on a Class A network that has not been subnetted would have an address/mask pair similar to: 8.20.15.1 255.0.0.0. To see how the mask helps you identify the network and node parts of the address, convert the address and mask to binary numbers. 8.20.15.1 = 00001000.00010100.00001111.00000001 255.0.0.0 = 11111111.00000000.00000000.00000000 Once you have the address and the mask represented in binary, then identifying the network and host ID is easier. Any address bits which have corresponding mask bits set to 1 represent the network ID. Any address bits that have corresponding mask bits set to 0 represent the node ID. 8.20.15.1 = 00001000.00010100.00001111.00000001 255.0.0.0 = 11111111.00000000.00000000.00000000 ----------------------------------net id | host id netid = 00001000 = 8 hostid = 00010100.00001111.00000001 = 20.15.1 4.5 Subnet Understanding Subnetting Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or C network. If you do not subnet, you are only able to use one network from your Class A, B, or C network, which is unrealistic. Each data link on a network must have a unique network ID, with every node on that link being a member of the same network. If you break a major 68
network (Class A, B, or C) into smaller subnetworks, it allows you to create a network of interconnecting subnetworks. Each data link on this network would then have a unique network/subnetwork ID. Any device, or gateway, connecting nnetworks/subnetworks has n distinct IP addresses, one for each network / subnetwork that it interconnects. In order to subnet a network, extend the natural mask using some of the bits from the host ID portion of the address to create a subnetwork ID. For example, given a Class C network of 204.17.5.0 which has a natural mask of 255.255.255.0, you can create subnets in this manner: 204.17.5.0 11001100.00010001.00000101.00000000 255.255.255.224 - 11111111.11111111.11111111.11100000 --------------------------|sub|---By extending the mask to be 255.255.255.224, you have taken three bits (indicated by "sub") from the original host portion of the address and used them to make subnets. With these three bits, it is possible to create eight subnets. With the remaining five host ID bits, each subnet can have up to 32 host addresses, 30 of which can actually be assigned to a device since host ids of all zeros or all ones are not allowed (it is very important to remember this). So, with this in mind, these subnets have been created. 204.17.5.0 255.255.255.224 host address range 1 to 30 204.17.5.32 255.255.255.224 host address range 33 to 62 204.17.5.64 255.255.255.224 host address range 65 to 94 204.17.5.96 255.255.255.224 host address range 97 to 126 204.17.5.128 255.255.255.224 host address range 129 to 158 204.17.5.160 255.255.255.224 host address range 161 to 190 204.17.5.192 255.255.255.224 host address range 193 to 222 204.17.5.224 255.255.255.224 host address range 225 to 254 Note: There are two ways to denote these masks. First, since you are using three bits more than the "natural" Class C mask, you can denote these addresses as having a 3-bit subnet mask. Or, secondly, the mask of 255.255.255.224 can also be denoted as /27 as there are 27 bits that are set in the mask. This second method is used with CIDR. With this method, one of these networks can be described with the notation prefix/length. For example, 204.17.5.32/27 denotes the network 204.17.5.32 255.255.255.224. When
69
appropriate the prefix/length notation is used to denote the mask throughout the rest of this document. The network subnetting scheme in this section allows for eight subnets, and the network might appear as: Figure 2
Notice that each of the routers in Figure 2 is attached to four subnetworks, one subnetwork is common to both routers. Also, each router has an IP address for each subnetwork to which it is attached. Each subnetwork could potentially support up to 30 host addresses. This brings up an interesting point. The more host bits you use for a subnet mask, the more subnets you have available. However, the more subnets available, the less host addresses available per subnet. For example, a Class C network of 204.17.5.0 and a mask of 255.255.255.224 (/27) allows you to have eight subnets, each with 32 host addresses (30 of which could be assigned to devices). If you use a mask of 255.255.255.240 (/28), the break down is: 204.17.5.0 11001100.00010001.00000101.00000000 255.255.255.240 - 11111111.11111111.11111111.11110000 --------------------------|sub |--Since you now have four bits to make subnets with, you only have four bits left for host addresses. So in this case you can have up to 16 subnets, each of which can have up to 16 host addresses (14 of which can be assigned to devices). Take a look at how a Class B network might be subnetted. If you have network 172.16.0.0 ,then you know that its natural mask is 255.255.0.0 or 172.16.0.0/16. Extending the mask to anything beyond 255.255.0.0 means you are subnetting. You can quickly see that you have the ability to create a lot
70
more subnets than with the Class C network. If you use a mask of 255.255.248.0 (/21), how many subnets and hosts per subnet does this allow for? 172.16.0.0 - 10101100.00010000.00000000.00000000 255.255.248.0 - 11111111.11111111.11111000.00000000 -----------------| sub |----------You are using five bits from the original host bits for subnets. This allows you to have 32 subnets (25). After using the five bits for subnetting, you are left with 11 bits for host addresses. This allows each subnet so have 2048 host addresses (211), 2046 of which could be assigned to devices. Note: In the past, there were limitations to the use of a subnet 0 (all subnet bits are set to zero) and all ones subnet (all subnet bits set to one). Some devices would not allow the use of these subnets. Cisco Systems devices allow the use of these subnets when theip subnet zero command is configured. Examples: Sample Exercise 1 Now that you have an understanding of subnetting, put this knowledge to use. In this example, you are given two address / mask combinations, written with the prefix/length notation, which have been assigned to two devices. Your task is to determine if these devices are on the same subnet or different subnets. You can do this by using the address and mask of each device to determine to which subnet each address belongs. DeviceA: 172.16.17.30/20 DeviceB: 172.16.28.15/20 Determining the Subnet for DeviceA: 172.16.17.30 - 10101100.00010000.00010001.00011110 255.255.240.0 - 11111111.11111111.11110000.00000000 -----------------| sub|-----------subnet = 10101100.00010000.00010000.00000000 = 172.16.16.0 Looking at the address bits that have a corresponding mask bit set to one, and setting all the other address bits to zero (this is equivalent to performing a logical "AND" between the mask and address), shows you to which subnet this address belongs. In this case, DeviceA belongs to subnet 172.16.16.0. 71
Determining the Subnet for DeviceB: 172.16.28.15 - 10101100.00010000.00011100.00001111 255.255.240.0 - 11111111.11111111.11110000.00000000 -----------------| sub|-----------subnet = 10101100.00010000.00010000.00000000 = 172.16.16.0 From these determinations, DeviceA and DeviceB have addresses that are part of the same subnet. Sample Exercise 2 Given the Class C network of 204.15.5.0/24, subnet the network in order to create the network in Figure 3 with the host requirements shown.
Looking at the network shown in figure above, you can see that you are required to create five subnets. The largest subnet must support 28 host addresses. Is this possible with a Class C network? and if so, then how? You can start by looking at the subnet requirement. In order to create the five needed subnets you would need to use three bits from the Class C host bits. Two bits would only allow you four subnets (22). Since you need three subnet bits, that leaves you with five bits for the host portion of the address. How many hosts does this support? 25 = 32 (30 usable). This meets the requirement. Therefore you have determined that it is possible to create this network with a Class C network. An example of how you might assign the subnetworks is: netA: 204.15.5.0/27 netB: 204.15.5.32/27
host address range 1 to 30 host address range 33 to 62
72
netC: 204.15.5.64/27 host address range 65 to 94 netD: 204.15.5.96/27 host address range 97 to 126 netE: 204.15.5.128/27 host address range 129 to 158
4.6 Transport Layer: The functions and protocols Transport layer or layer 4 provides end-to-end communication services for applications within a layered architecture of network components and protocols. The transport layer provides convenient services such as connection-oriented data stream support, reliability, flow control, and multiplexing. Transport layers are contained in both the TCP/IP model (RFC 1122),[2] which is the foundation of the Internet, and the Open Systems Interconnection (OSI) model of general networking. The definitions of the transport layer are slightly different in these two models. This article primarily refers to the TCP/IP model, in which TCP is largely for a convenient application programming interface to internet hosts, as opposed to the OSImodel definition of the transport layer. The most well-known transport protocol is the Transmission Control Protocol (TCP). It lent its name to the title of the entire Internet Protocol Suite, TCP/IP. It is used for connection-oriented transmissions, whereas the connectionless User Datagram Protocol (UDP) is used for simpler messaging transmissions. TCP is the more complex protocol, due to its stateful design incorporating reliable transmission and data stream services. Other prominent protocols in this group are the Datagram Congestion Control Protocol (DCCP) and the Stream Control Transmission Protocol (SCTP). Services There are many services that can be optionally provided by a transport-layer protocol, and different protocols may or may not implement them. Connection-oriented communication: It is normally easier for an application to interpret a connection as a data stream rather than having to deal with the
73
underlying connection-less models, such as the datagram model of the User Datagram Protocol (UDP) and of the Internet Protocol (IP). Byte orientation: Rather than processing the messages in the underlying communication system format, it is often easier for an application to process the data stream as a sequence of bytes. This simplification helps applications work with various underlying message formats. Same order delivery: The network layer doesn't generally guarantee that packets of data will arrive in the same order that they were sent, but often this is a desirable feature. This is usually done through the use of segment numbering, with the receiver passing them to the application in order. This can cause head-of-line blocking. Reliability: Packets may be lost during transport due to network congestion and errors. By means of an error detection code, such as a checksum, the transport protocol may check that the data is not corrupted, and verify correct receipt by sending an ACK or NACK message to the sender. Automatic repeat request schemes may be used to retransmit lost or corrupted data. Flow control: The rate of data transmission between two nodes must sometimes be managed to prevent a fast sender from transmitting more data than can be supported by the receiving data buffer, causing a buffer overrun. This can also be used to improve efficiency by reducing buffer underrun. Congestion avoidance: Congestion control can control traffic entry into a telecommunications network, so as to avoid congestive collapse by attempting to avoid oversubscription of any of the processing or link capabilities of the intermediate nodes and networks and taking resource reducing steps, such as reducing the rate of sending packets. For example, automatic repeat requests may keep the network in a congested state; this situation can be avoided by adding congestion avoidance to the flow control, including slow-start. This keeps the bandwidth consumption at a low level in the beginning of the transmission, or after packet retransmission. Multiplexing: Ports can provide multiple endpoints on a single node. For example, the name on a postal address is a kind of multiplexing, and distinguishes between different recipients of the same location. Computer applications will each listen for information on their own ports, which enables the use of more than one network service at the same time. It is part of the
74
transport layer in the TCP/IP model, but of the session layer in the OSI model. Protocol The exact definition of what qualifies as a transport-layer protocol is not firm. The following is a short list:
ATP, AppleTalk Transaction Protocol CUDP, Cyclic UDP DCCP, Datagram Congestion Control Protocol FCP, Fiber Channel Protocol IL, IL Protocol NBF, NetBIOS Frames protocol RDP, Reliable Datagram Protocol RUDP, Reliable User Datagram Protocol SCTP, Stream Control Transmission Protocol SPX, Sequenced Packet Exchange SST, Structured Stream Transport TCP, Transmission Control Protocol UDP, User Datagram Protocol UDP Lite µTP, Micro Transport Protocol
Comparison of transport-layer protocols
75
4.7 Session Layer: The functions and protocols The session layer provides the mechanism for opening, closing and managing a session between end-user application processes, i.e., a semi-permanent dialogue. Communication sessions consist of requests and responses that occur between applications. Session-layer services are commonly used in application environments that make use of remote procedure calls (RPCs). An example of a session-layer protocol is the OSI protocol suite session-layer protocol, also known as X.225 or ISO 8327. In case of a connection loss this protocol may try to recover the connection. If a connection is not used for a long period, the session-layer protocol may close it and re-open it. It provides for either full duplex or half-duplex operation and provides synchronization points in the stream of exchanged messages.[1] Other examples of session layer implementations include Zone Information Protocol (ZIP) – the AppleTalk protocol that coordinates the name binding process, and Session Control Protocol (SCP) – the DECnet Phase IV sessionlayer protocol. Within the service layering semantics of the OSI network architecture, the session layer responds to service requests from the presentation layer and issues service requests to the transport layer.
76
Services
Authentication Authorization Session restoration (checkpointing and recovery)
The session layer of the OSI model is responsible for session checkpointing and recovery. It allows information of different streams, perhaps originating from different sources, to be properly combined or synchronized. An example application is web conferencing, in which the streams of audio and video must be synchronous to avoid so-called lip synch problems. Floor control ensures that the person displayed on screen is the current speaker. Another application is in live TV programs, where streams of audio and video need to be seamlessly merged and transitioned from one to the other to avoid silent airtime or excessive overlap.
Protocols
ADSP, AppleTalk Data Stream Protocol ASP, AppleTalk Session Protocol H.245, Call Control Protocol for Multimedia Communication ISO-SP, OSI session-layer protocol (X.225, ISO 8327) iSNS, Internet Storage Name Service L2F, Layer 2 Forwarding Protocol L2TP, Layer 2 Tunneling Protocol NetBIOS, Network Basic Input Output System PAP, Password Authentication Protocol PPTP, Point-to-Point Tunneling Protocol RPC, Remote Procedure Call Protocol RTCP, Real-time Transport Control Protocol SMPP, Short Message Peer-to-Peer SCP, Session Control Protocol SOCKS, the SOCKS internet protocol, see Internet socket ZIP, Zone Information Protocol SDP, Sockets Direct Protocol
77
4.8 Presentation Layer: The functions and protocols The presentation layer is responsible for the delivery and formatting of information to the application layer for further processing or display.[4] It relieves the application layer of concern regarding syntactical differences in data representation within the end-user systems. An example of a presentation service would be the conversion of an EBCDIC-coded text computer file to an ASCII-coded file. The presentation layer is the lowest layer at which application programmers consider data structure and presentation, instead of simply sending data in form of datagrams or packets between hosts. This layer deals with issues of string representation - whether they use the Pascal method (an integer length field followed by the specified amount of bytes) or the C/C++ method (nullterminated strings, e.g. "thisisastring\0"). The idea is that the application layer should be able to point at the data to be moved, and the presentation layer will deal with the rest. Serialization of complex data structures into flat byte-strings (using mechanisms such as TLV or XML) can be thought of as the key functionality of the presentation layer. Encryption is typically done at this level too, although it can be done on the application, session, transport, or network layers, each having its own advantages and disadvantages.[1] Decryption is also handled at the presentation layer. For example, when logging off bank account sites the presentation layer will decrypt the data as it is received.[1] Another example is representing structure, which is normally standardized at this level, often by using XML. As well as simple pieces of data, like strings, more complicated things are standardized in this layer. Two common examples are 'objects' in object-oriented programming, and the exact way that streaming video is transmitted. In many widely used applications and protocols, no distinction is made between the presentation and application layers. For example, HyperText Transfer Protocol (HTTP), generally regarded as an application-layer protocol, has presentation-layer aspects such as the ability to identify
78
character encoding for proper conversion, which is then done in the application layer. Within the service layering semantics of the OSI network architecture, the presentation layer responds to service requests from the application layer and issues service requests to the session layer. In the OSI model: the presentation layer ensures the information that the application layer of one system sends out is readable by the application layer of another system. For example, a PC program communicates with another computer, one using extended binary coded decimal interchange code (EBCDIC) and the other using ASCII to represent the same characters. If necessary, the presentation layer might be able to translate between multiple data formats by using a common format. Services
Data conversion Character code translation Compression Encryption and Decryption
Protocols Other protocols sometimes considered at this level (though perhaps not strictly adhering to the OSI model) include:
Apple Filing Protocol (AFP) Independent Computing Architecture (ICA), the Citrix system core protocol Lightweight Presentation Protocol (LPP) NetWare Core Protocol (NCP) Network Data Representation (NDR) Telnet (a remote terminal access protocol) eXternal Data Representation (XDR) X.25 Packet Assembler/Disassembler Protocol (PAD)
79
5.0 INTERNET Objectives This chapter covers; TCP/IP Protocol Internet structure and Internet address Internet Applications: DNS, FTP, SMTP, HTTP and WWW Commerce Internet programming language.
5.1 Protocol TCP / IP TCP/IP TCP/IP is actually a suite, or stack, of protocols that interconnect and work together to provide for reliable and efficient data communications across an internetwork. The major protocols of the TCP/IP suite are:
Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Domain Name System (DNS) Internet Protocol (IP) Address Resolutions Protocol (ARP) File Transport Protocol (FTP) Simple Mail Transport Protocol (SMTP) Post Office Protocol (POP3) Interactive Mail Access Protocol (IMAP) Internet Control Message Protocol (ICMP) Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Hypertext Transfer Protocol (HTTP) TCP/IP Utilities (PING, Telnet, IPCONFIG, ARP, and more)
80
How the TCP/IP Protocol Stack Maps to the OSI Model OSI Layers
TCP/IP Protocols
Application, Presentation, Session Telnet, FTP, SMTP, SNMP, DNS, HTTP Transport
TCP, UDP
Network
IP, ICMP, ARP, RARP
Data Link, Physical
Ethernet, Token Ring, FDDI*
* These are networking technologies that function at the Data Link and Physical layers. They aren't TCP/IP protocols or a part of the TCP/IP protocol stack.
Application Layer Protocols
FTP FTP is a reliable, connection-oriented tool used to copy files from one computer to another over a TCP/IP network, such as the Internet of an intranet. Another flavor of FTP is Trivial File Transfer Protocol (TFTP), which is an unreliable (maintaining delivery is not guaranteed) file transfer protocol. Cisco routers use TFTP to store and retrieve configuration files from a TFTP server. Telnet Telnet is a terminal emulation protocol used on TCP/IP-based networks to remotely log into a remote device to run a program or manipulate data. Telnet was originally developed for ARPAnet and is an inherent part of the TCP/IP communications protocol. In the Cisco world, Telnet is used to access and configure routers from remote locations. Transport Layer Protocols
81
Network protocols are either connection-oriented or connectionless. Connection-oriented protocols - require that a direct connection be established between two devices before data can begin to transfer between the devices. Packets are transferred using a prescribed sequence of actions that include an acknowledgment to signal when a packet arrives, and possibly resending the packet if there are errors. This method is reliable and, as a result of its reliability and the overhead involved, much slower than connectionless protocols. Connectionless protocols - are largely based on your faith in the technology. Packets are sent over the network without regard to whether they actually arrive at their destinations. There are no acknowledgments or guarantees, but you can send a datagram to many different destinations at the same time. Connectionless protocols are fast because no time is used in establishing and tearing down connections. Connectionless protocols are also referred to as besteffort protocols.
Connection-Oriented and Connectionless Protocols Protocol Type FTP
Connectionoriented
IP
Connectionless
IPX
Connectionless
TCP
Connectionoriented
UDP
Connectionless
SPX
Connectionoriented
Establishing a connection-oriented connection involves the process of setting up sequence and acknowledgment fields and agreeing upon the port numbers to be used. This is accomplished by a three-step handshake process that works like this: Handshake one: Host 1 sends a synchronization message to Host 2
82
Handshake two: Host 2 acknowledges Host 1's synchronization message and sends back its own synchronization message. Handshake three: Host 1 acknowledges Host 2's synchronization message. At this point, the connection is successfully established and the applications can begin transferring data. Both TCP and UDP use port number to move information along to the application layer. The registering body, IANA (Internet Assigned Numbers Authority), divides port numbers into three groups: Well-known ports - are the most commonly used TCP/IP ports. These ports are in the range of 0 through 1023. These ports can be used only by system processes or privileged programs. Well-known ports are TCP ports but are usually registered to UDP services as well. Registered ports - are in the range of 1024 through 49151. Registered ports are used on most systems by user programs to create and control logical connections between proprietary programs. Dynamic (private) ports - are in the range of 49152 through 65525. These ports are unregistered and can be used dynamically for private connections. Additional information to know about port numbers: Port numbers below 256 are assigned to public applications. Port numbers 256 - 1023 are assigned to companies for saleable applications Port numbers above 1023 are dynamically assigned in the host application Source and destination port numbers don't have to be the same
Ports
83
Port Application Number 21
FTP
23
Telnet
25
SMTP
69
TFTP
80
HTTP
Transmission Control Protocol (TCP) TCP is a connection-oriented reliable, delivery protocol that ensures that packets arrive at their destination error-free. Using TCP is similar to sending a registered letter. When you send the letter, you know for sure that it will get to its destination and that you'll be notivied that it got there in good condition. What to know about TCP: Connection-oriented Reliable transfer Error-checking Full-duplex transmission Flow control Multiplexing On the Transport layer, packets are referred to as segments. The image below depicts the format of the TCP segment:
TCP Segment Description Field
Lenght in Bits
Purpose
Source port
16
The number of the calling port
Destination port
16
The number of the calling port
84
Sequence number
32
Used to ensure correct sequencing of data
Acknowledgment #
32
Sequence number of the next expected TCP octet
HLEN
4
Header lenght
Reserved
6
Set to zero
Code bits
6
Functions that set up and terminate the session
Window
16
Size of window sender can accept
Checksum
16
Sum of header and data fields (error correction feature)
Urgent Pointer
16
End of the urgent data
Option
0 or 32
Data
-
Maximum TCP segment size Data from upper layers
User Datagram Protocol (UDP) Remember that UDP is connectionless and unreliable.
UDP Datagram Description Field
Size Bits
in
Source port
16
The number of the calling port
Destination
16
The number of the called port
Purpose
85
port Length
16
The length of the datagram
Checksum
16
Sum of header and data fields (error correction feature)
Data
-
Data from upper layers
Network Layer Protocols A number of TCP/IP protocols operate on the Network layer of the OSI Model, including IP, ARP, RARP, BOOTP, and ICMP. Remember, the OSI Network layer is concerned with routing messages across the internetwork.
Internet Protocol (IP) Where TCP is connection-oriented, IP is connectionless. IP provides for the best-effort delivery of the packets (or datagrams) that it creates from the setments it receives from the Transport layer protocols. The IP protocol provides for logical addressing on the Network layer. The IP packet (or datagram) is variable length, and its format is shown below:
IP Datagram format 5.2 Internet structure
86
The Internet is basically a hierarchy that allows any Internet connected device in one geographic location, talk to another Internet connected device in another geographic location. The way that the information is transmitted varies greatly, and in some countries, wireless ham radios are even used to transmit email.
The seven open systems interconnection layers (OSI) are a staple of most networking textbooks. The idea is that a network will work on many different levels, or "layers" each of which will perform a supporting function for the next layer. The Network layers are the first three, being the physical link layer, the link layer, and the Network layer. Since the Internet is based on the Internet protocol which is in the Network Layer, and since the Internet can run on any number of different types of layers below that, we normally are not too concerned with the physical layers unless we are building an Ethernet cable, or transmitting an Internet signal through wireless means, and not to interested in the link layer unless we are registering a network card or router MAC address with our service provider.
OSI reference model
87
The top three layers (session, presentation, and application layers) are for program communication, and are completely independent of the network so that the two communicating programs could even be on the same machine. We also sometimes include the transport layer when discussing the Internet, and often link the transport with the network layer as in the TCP/IP protocols. Transmission Control Protocol (TCP) is in the transport layer, and Internet Protocol (IP) is in the Network layer. Most Internets based functions such as the World Wide Web, and email, use TCP/IP, so this is a basic building block for the Internet. The transport layer also makes sure that the top three layers are network independent. The Internet large network links together smaller networks to each other. This can then be sub divided into two types,
Clients: Servers (hosts)
88
Clients - Servers
Peer to peer (P2P)
client Client/server
Server
In Computer science client-server is a software architecture model consisting of two parts, client systems and server systems, both communicate over a computer network or on the same computer. A client-server application is a distributed system consisting of both client and server software. The client process always initiates a connection to the server, while the server process always waits for requests from any client. When both the client process and server process are running on the same computer, this is called a single seat setup. Another type of related software architecture is known as peer-to-peer, because each host or application instance can simultaneously act as both a client and a server (unlike centralized servers of the client-server model) and because each has equivalent responsibilities and status. Peer-to-peer architectures are often abbreviated using the acronym P2P. The client-server relationship describes the relation between the client and how it makes a service request from the server, and how the server can accept these requests, process them, and return the requested information to the client. The interaction between client and server is often described using sequence diagrams. Sequence diagrams are standardized in the Unified Modeling Language. Both client-server and P2P architectures are in wide usage today. The basic type of client-server architecture employs only two types of hosts: clients and servers. This type of architecture is sometimes referred to as twotier. The two-tier architecture means that the client acts as one tier and server process acts as the other tier.
89
The client-server architecture has become one of the basic models of network computing. Many types of applications have being written using the clientserver model. Standard networked functions such as E-mail exchange, web access and database access, are based on the client-server model. For example, a web browser is a client program at the user computer that may access information at any web server in the world. Client-Server model advantages and disadvantages Advantages In most cases, a client-server architecture enables the roles and responsibilities of a computing system to be distributed among several independent computers that are known to each other only through a network, so one of advantages of this model is greater ease of maintenance. For example, it is possible to replace, repair, upgrade, or even relocate a server while its clients remain both unaware and unaffected by that change. This independence from change is also referred to as encapsulation. All the data is stored on the servers, which generally have better security controls than most clients. Servers can better control access and resources, to guarantee that only those clients with the appropriate permissions may access and change data. Since data storage is centralized, updates to that data are much easier to administrators than what would be possible under a P2P architecture. Under a P2P architecture, data updates may need to be distributed and applied to each "peer" in the network, which is both time-consuming and error-prone, as there can be thousands or even millions of peers. Many advanced client-server technologies are already available which were designed to ensure security, user friendly interfaces, and ease of use. It works with multiple different clients of different specifications.
Disadvantages Networks traffic blocking is one of the problems related to the client-server model. As the number of simultaneous client requests to a given server increases, the server can become overloaded. Contrast that to a P2P network, where its bandwidth actually increases as more nodes are added, since the
90
P2P network's overall bandwidth can be roughly computed as the sum of the bandwidths of every node in that network. Comparing client-server model to the P2P model, if one server fail, clients’ requests cannot be served but in case of P2P networks, servers are usually distributed among many nodes. Even if one or more nodes fail, for example if a node failed to download a file the remaining nodes should still have the data needed to complete the download. 5.3 Internet address IPV4 IPV4 is version 4 of the Internet Protocol. Lets look at the structure of an IPV4 address. Address representations IPv4 addresses may be written in any notation expressing a 32-bit integer value, but for human convenience, they are most often written in the dotdecimal notation, which consists of four octets of the address expressed individually in decimal and separated by periods. The following table shows several representation formats: There are five classes of available IP ranges: Class A, Class B, Class C, Class D and Class E, while only A, B, and C are commonly used. Each class allows for a range of valid IP addresses. Below is a listing of these addresses.
91
Class
Address Range
Supports
Class 1.0.0.1 to A 126.255.255.254
Supports 16 million hosts on each of 127 networks.
Class 128.1.0.1 to B 191.255.255.254
Supports 65,000 hosts on each of 16,000 networks.
Class 192.0.1.1 to C 223.255.254.254
Supports 254 hosts on each of 2 million networks.
Class 224.0.0.0 to D 239.255.255.255
Reserved for multicast groups.
Class 240.0.0.0 to E 254.255.255.254
Reserved for future use, or Research and Development Purposes.
Ranges 127.x.x.x are reserved for the loopback or localhost, for example, 127.0.0.1 is the common loopback address. Range 255.255.255.255 broadcasts to all hosts on the local network. IP address breakdown Every IP address is broke down into four sets of octets that break down into binary to represent the actual IP address. The below table is an example of the IP 255.255.255.255. If you are new to binary, we highly recommend reading our binary and hexadecimal conversions section to get a better understanding of what we're doing in the below charts. IP:
255
255
255
255
Binary 11111111 11111111 11111111 11111111 value: Octet value:
8
8
8
8
If we were to break down the IP "166.70.10.23", you would get the below value. In the below table, the first row is the IP address, the second row is the
92
binary values, and the third row shows how the binary value equals the section of the IP address. 166
70
10
23
10100110
01000110
00001010
00010111
128+32+4+2=166
64+4+2=70
8+2=10
16+4+2+1=23
The class A addresses have the first bit zero, The next seven bits for the network id, or netuid, and the next 24 bits for the hostid. Similarly, class B addresses have the first two bits 10, and the next 14 bits as a netuid, and the next 16 bits as a hostid. A class C network has the first two bits 11, the next 21 bits for the netid, and the last 8 bits for the hostid. There is also something called a class D network that is reserved for broadcasting. examples of IPV4 addresses are: 161.184.138.36 public). 10.0.0.1 private). 192.168.2.100 C private). 169.34.100.52 B public). 172.18.20.35 B private).
10100001 10111000 10001010 01001000
(class C
00001010 00000000 00000000 00000001
(class A
11000000 10101000 00000010 01100100
(class
10101001 00100010 01100100 00110100
(class
10101100 00010010 00010100 00100011
(class
Internet packets, or Internet datagrams An Internet protocol packet, or datagram, is a morcel of information that is sent out on the net. For example if you send an email to someone, then your computer will break that email message down into small peices and "encapsulate" them into packets with some destination address. This encapsulation means that your message, or more likely a small part of your message, will be put inside of an Internet packet.
93
Here is the whole picture with an IPV4 datagram sandwiched between the lower link layer. Remember that all data including the message to be sent is stored in sent in binary format (zero's and ones):
IP datagram within a packet
Detail for this can be seen in Chapter 9.6.2 of "Data Communications Computer Networks, and Open Systems", Third Edition by Fred Halsall published by Addison Wesley. IPV6 IPV6 is version 6 of the Internet Protocol. Based on RFC 2373, version 6 of the Internet Protocol has a vastly increased address space over the IPV4 version. IPV6 allows for 128 bit addressing, or 2 to the power of 128, or 3.40282e+38 devices on the network. IPV6 notation is slightly different than IPV4 in that hex numbers (base 16) are used rather than decimal (base 10) numbers. As taken from the RFC Examples are:
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 1080:0:0:A0:8:800:200C:417A As well any zeros in a row can be ignored as in: 1080:0:0:0:8:800:200C:417A a unicast address FF01:0:0:0:0:0:0:101 a multicast address 0:0:0:0:0:0:0:1 the loopback address 0:0:0:0:0:0:0:0 the unspecified addresses
94
become 1080::8:800:200C:417A a unicast address FF01::101 a multicast address ::1 the loopback address :: the unspecified addresses Please remember this notation as you may need to use it on the world wide web someday if your name services are not working. Besides being able to handle many more than one device per person on earth, IPV6 should provide some new ways of doing things such as better encryption through the net, and complete source identity (ie. know where it is coming from) such as when it comes to sending emails since we can now bury the actual MAC address right into the datagrams. What about IPV5? IPV5 was an experimental protocol called ST2 for delivering faster and more reliable services. It was abandoned in favour IPV6
5.4 Internet Applications DNS The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates easily memorised domain names to the numerical IP addresses needed for the purpose of locating computer services and devices worldwide. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet. An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com translates to the addresses 192.0.43.10 (IPv4) and 2001:500:88:200::10 (IPv6). Unlike a phone book, the DNS can be quickly updated, allowing a service's location on the network to change without affecting the end users, who continue to use the same host name. Users take advantage of this when they use meaningful Uniform Resource Locators
95
(URLs) and e-mail addresses without having to know how the computer actually locates the services. The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains. This mechanism has made the DNS distributed and fault tolerant and has helped avoid the need for a single central register to be continually consulted and updated. Additionally, the responsibility for maintaining and updating the master record for the domains is spread among many domain name registrars, who compete for the end-user's (the domain-owner's) business. Domains can be moved from registrar to registrar at any time. The Domain Name System also specifies the technical functionality of this database service. It defines the DNS protocol, a detailed specification of the data structures and data communication exchanges used in DNS, as part of the Internet Protocol Suite. The Internet maintains two principal namespaces, the domain name hierarchy[1] and the Internet Protocol (IP) address spaces.[2] The Domain Name System maintains the domain name hierarchy and provides translation services between it and the address spaces. Internet name servers and a communication protocol implement the Domain Name System.[3] A DNS name server is a server that stores the DNS records for a domain name, such as address (A or AAAA) records, name server (NS) records, and mail exchanger (MX) records (see also list of DNS record types); a DNS name server responds with answers to queries against its database.
FTP File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host or to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.[1] FTP users may authenticate themselves using a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server
96
is configured to allow it. For secure transmission that hides (encrypts) the username and password, and encrypts the content, FTP is often secured with SSL/TLS ("FTPS"). SSH File Transfer Protocol ("SFTP") is sometimes also used instead, but is technologically different.
The first FTP client applications were command-line applications developed before operating systems had graphical user interfaces, and are still shipped with most Windows, Unix, and Linux operating systems.[2][3] Dozens of FTP clients and automation utilities have since been developed for desktops, servers, mobile devices, and hardware, and FTP has been incorporated into hundreds of productivity applications, such as Web page editors. SMTP Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks. SMTP was first defined by RFC 821 (1982, eventually declared STD 10),[1] and last updated by RFC 5321 (2008)[2] which includes the Extended SMTP (ESMTP) additions, and is the protocol in widespread use today. SMTP uses TCP port 25. The protocol for new submissions (MSA) is effectively the same as SMTP, but it uses port 587 instead. SMTP connections secured by SSL are known by the shorthand SMTPS, though SMTPS is not a protocol in its own right. While electronic mail servers and other mail transfer agents use SMTP to send and receive mail messages, user-level client mail applications typically use SMTP only for sending messages to a mail server for relaying. For receiving messages, client applications usually use either the Post Office Protocol (POP) or the Internet Message Access Protocol (IMAP) or a proprietary system (such as Microsoft Exchange or Lotus Notes/Domino) to access their mail box accounts on a mail server.
HTTP The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems.[1] HTTP is the foundation of data communication for the World Wide Web.
97
Hypertext is a multi-linear set of objects, building a network by using logical links (the so-called hyperlinks) between the nodes (e.g. text or words). HTTP is the protocol to exchange or transfer hypertext. The standards development of HTTP was coordinated by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), culminating in the publication of a series of Requests for Comments (RFCs), most notably RFC 2616 (June 1999), which defines HTTP/1.1, the version of HTTP in common use. WWW The World Wide Web (abbreviated as WWW or W3,[2] commonly known as the Web), is a system of interlinked hypertext documents accessed via the Internet. With a web browser, one can view web pages that may contain text, images, videos, and other multimedia, and navigate between them via hyperlinks. Using concepts from his earlier hypertext systems like ENQUIRE, British engineer, computer scientist and at that time employee of CERN, Sir Tim Berners-Lee, now Director of the World Wide Web Consortium (W3C), wrote a proposal in March 1989 for what would eventually become the World Wide Web. At CERN, a European research organisation near Geneva situated on Swiss and French soil, Berners-Lee and Belgian computer scientist Robert Cailliau proposed in 1990 to use hypertext "to link and access information of various kinds as a web of nodes in which the user can browse at will", and they publicly introduced the project in December of the same year.
5.5 E-Commerce Electronic commerce, commonly known as e-commerce, is a type of industry where buying and selling of product or service is conducted over electronic systems such as the Internet and other computer networks. Electronic commerce draws on technologies such as mobile commerce, electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems. Modern electronic commerce typically uses the World Wide Web at least at one point in the transaction's life-cycle, although it may encompass a wider range of technologies such as email, mobile devices social media, and telephones as well.
98
Electronic commerce is generally considered to be the sales aspect of ebusiness. It also consists of the exchange of data to facilitate the financing and payment aspects of business transactions. E-commerce can be divided into:
E-tailing or "virtual storefronts" on websites with online catalogs, sometimes gathered into a "virtual mall" The gathering and use of demographic data through Web contacts and social media Electronic Data Interchange (EDI), the business-to-business exchange of data E-mail and fax and their use as media for reaching prospective and established customers (for example, with newsletters) Business-to-business buying and selling The security of business transactions
99
5.6 Internet programming language. Web Development can be split into many areas and a typical and basic web development hierarchy might consist of: Client side coding Ajax Asynchronous JavaScript provides new methods of using JavaScript, and other languages to improve the user experience. Flash Adobe Flash Player is a ubiquitous browser plugin ready for RIAs. Flex 2 is also deployed to the Flash Player (version 9+). JavaScript JavaScript is a ubiquitous client side platform for creating and delivering rich web applications that can also run across a wide variety of devices. It is a dialect of the scripting language ECMAScript. jQuery Cross-browser JavaScript library designed to simplify and speed up the client-side scripting of HTML. Microsoft Silverlight Microsoft's browser plugin that enables animation, vector graphics and high-definition video playback, programmed using XAML and .NET programming languages. HTML5 and CSS3 Latest HTML proposed standard combined with the latest proposed standard for CSS natively supports much of the clientside functionality provided by other frameworks such as Flash and Silverlight Looking at these items from an "umbrella approach", client side coding such as XHTML is executed and stored on a local client (in a web browser) whereas server side code is not available to a client and is executed on a web server which generates the appropriate XHTML which is then sent to the client. The nature of client side coding allows you to alter the HTML on a local client and refresh the pages with updated content (locally), web designers must bear in mind the importance and relevance to security with their server side scripts. If a server side script accepts content from a locally modified client side script, the web development of that page is poorly sanitized with relation to security. Server side coding
ASP (Microsoft proprietary) ActiveVFP (open source) CSP, Server-Side ANSI C
100
ColdFusion (Adobe proprietary, formerly Macromedia, formerly Allaire) CGI Erlang, with Linux, Yaws, Mnesia, Erlang (LYME) solution stack Groovy (programming language) Grails (framework) Java, e.g. Java EE or WebObjects Lotus Domino Node.js Perl, e.g. Catalyst, Dancer or Mojolicious (all open source) PHP (open source) Python, e.g. Django (web framework) (open source) Real Studio Web Edition Ruby, e.g. Ruby on Rails (open source) Smalltalk e.g. Seaside, AIDA/Web SSJS Server-Side JavaScript, e.g. Aptana Jaxer, Mozilla Rhino WebDNA (WSC proprietary) Websphere (IBM proprietary) .NET and .NET MVC Frameworks (Microsoft proprietary)
The World Wide Web has become a major delivery platform for web development a variety of complex and sophisticated enterprise applications in several domains. In addition to their inherent multifaceted functionality, these web applications exhibit complex behavior and place some unique demands on their usability, performance, security and ability to grow and evolve. However, a vast majority of these applications continue to be developed in an ad-hoc way, contributing to problems of usability, maintainability, quality and reliability.(1)(2) While web development can benefit from established practices from other related disciplines, it has certain distinguishing characteristics that demand special considerations. In recent years of web development there have been some developments towards addressing these problems and requirements. As an emerging discipline, web engineering actively promotes systematic, disciplined and quantifiable approaches towards successful development of high-quality, ubiquitously usable web-based systems and applications.(3)(4) In particular, web engineering focuses on the methodologies, techniques and tools that are the foundation of web application development and which support their design, development, evolution, and evaluation. Web application development has certain characteristics that make it different from traditional software, information system, or computer application development.
101
Web engineering is multidisciplinary and encompasses contributions from diverse areas: systems analysis and design, software engineering, hypermedia/hypertext engineering, requirements engineering, humancomputer interaction, user interface, information engineering, information indexing and retrieval, testing, modelling and simulation, project management, and graphic design and presentation. Web engineering is neither a clone, nor a subset of software engineering, although both involve programming and software development. While web engineering uses software engineering principles, web development encompasses new approaches, methodologies, tools, techniques, and guidelines to meet the unique requirements for web-based applications. Client side + server side
Google Web Toolkit provides tools to create and maintain complex JavaScript front-end applications in Java. Dart provides tools to create and maintain complex JavaScript frontend applications as well as supporting server-side code in Dart (programming language). Opa is a high-level language in which both the client and the server parts are implemented. The compiler then decides which parts run on the client (and are translated automatically to JavaScript) and which parts run on the server. The developer can tune those decisions with simple directives. (open source) Pyjamas is a tool and framework for developing Ajax applications and Rich Internet Applications in python. Tersus is a platform for the development of rich web applications by visually defining user interface, client side behavior and server side processing. (open source)
However languages like Ruby and Python are often paired with database servers other than MySQL (the M in LAMP). Below are example of other databases currently in wide use on the web. For instance some developers prefer a PR(Linux/Apache/PostgreSQL/Ruby on Rails) setup for development. Database technology
FileMaker Apache Derby
102
DB2 (IBM proprietary) Firebird Microsoft SQL Server MySQL Oracle PostgreSQL SQLite Sybase WebDNA Redis MongoDB CouchDB
103
6.0 NETWORK OPERATING SYSTEM Objectives This chapter covers; Network Operating System Types of Operating Systems
6.1 Network Operating System Network Operating System also referred to as the Dialoguer,[1] is the software that runs on a server and enables the server to manage data, users, groups, security, applications, and other networking functions.[2] The network operating system is designed to allow shared file and printer access among multiple computers in a network, typically a local area network (LAN), a private network or to other networks. The most popular network operating systems are Microsoft Windows Server 2003, Microsoft Windows Server 2008, UNIX, Linux, Mac OS X, Novell NetWare, and BSD.
6.2 Types of Operating Systems Novell NetWare NetWare is a computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, with network protocols based on the archetypal Xerox Network Systems stack. The original NetWare product in 1983 supported clients running both CP/M and MS-DOS, ran over a proprietary star network topology and was based on a Novell-built file server using the Motorola 68000 processor. The company soon moved away from building its own hardware, and NetWare became hardware-independent, running on any suitable Intel-based IBM PC
104
compatible system, and a wide range of network cards. From the beginning NetWare implemented a number of features inspired by mainframe and minicomputer systems that were not available in its competitors. In the early 1990s, Novell introduced separate cheaper networking products, unrelated to classic NetWare. These were NetWare Lite 1.0 (NWL), and later Personal NetWare 1.0 (PNW) in 1993. In 1993 the main product line took a dramatic turn when Version 4 introduced NetWare Directory Services (NDS), a global directory service broadly similar to Microsoft's Active Directory released seven years later. This, along with a new e-mail system, GroupWise, application configuration suite, ZENworks and security product BorderManager were all targeted at the needs of large enterprises. By 2000 however, Microsoft was making increasing inroads into Novell's customer base and Novell increasingly looked to a future based on a Linux kernel. The successor product to NetWare, Open Enterprise Server, was released in March 2005. OES offers all the services previously hosted by NetWare v6.5, and added the choice of delivering those services using either a NetWare v6.5 or SUSE Linux Enterprise Server v9 kernel. NetWare evolved from a very simple concept: file sharing instead of disk sharing. In 1983 when the first versions of NetWare originated, all other competing products were based on the concept of providing shared direct disk access. Novell's alternative approach was validated by IBM in 1984, which helped promote the NetWare product. Novell NetWare shared disk-space in the form of NetWare volumes, comparable to DOS volumes. Clients running MS-DOS would run a special terminate and stay resident (TSR) program that allowed them to map a local drive letter to a NetWare volume. Clients had to log in to a server in order to be allowed to map volumes, and access could be restricted according to the login name. Similarly, they could connect to shared printers on the dedicated server, and print as if the printer was connected locally. At the end of the 1990s, with Internet connectivity booming, the Internet's TCP/IP protocol became dominant on LANs. Novell had introduced limited TCP/IP support in NetWare v3.x (circa 1992) and v4.x (circa 1995), consisting mainly of FTP services and UNIX-style LPR/LPD printing (available in NetWare v3.x), and a Novell-developed webserver (in NetWare v4.x). Native
105
TCP/IP support for the client file and print services normally associated with NetWare was introduced in NetWare v5.0 (released in 1998). During the early-to-mid 1980s Microsoft introduced their own LAN system in LAN Manager, based on the competing NBF protocol. Early attempts to muscle in on NetWare failed, but this changed with the inclusion of improved networking support in Windows for Workgroups, and then the hugely successful Windows NT and Windows 95. NT, in particular, offered services similar to those offered by NetWare, but on a system that could also be used on a desktop, and connected directly to other Windows desktops where NBF was now almost universal.
The rise of NetWare The popular use and growth of Novell NetWare began in 1985 with the simultaneous release of NetWare 286 2.0a and the Intel 80286 16-bit processor. The 80286 CPU featured a new 16-bit protected mode that provided access to up to 16 MB RAM as well as new mechanisms to aid multitasking. (Prior to the 80286, PC CPU servers used the Intel 8088/8086 8/16bit processors, which were limited to an address space of 1MB with not more than 640 KB of directly addressable RAM.) The combination of a higher 16 MB RAM limit, 80286 processor feature utilization, and 256 MB NetWare volume size limit (compared to the 32 MB that MS-DOS allowed at that time) allowed the building of reliable, costeffective server-based local area networks for the first time. The 16 MB RAM limit was especially important, since it made enough RAM available for disk caching to significantly improve performance. This became the key to Novell's performance while also allowing larger networks to be built.
In another significant innovation, NetWare 286 was hardware-independent, unlike competing server systems from 3Com. Novell servers could be assembled using any brand system with an Intel 80286 or higher CPU, any MFM, RLL, ESDI, or SCSI hard drive and any 8- or 16-bit network adapter for which NetWare drivers were available. Novell also designed a compact and simple DOS-client software program that allowed DOS stations to connect to a server and access the shared-server hard drive. While the NetWare server file system introduced a new,
106
proprietary file-system design, it looked like a standard DOS volume to the workstation, ensuring compatibility with all existing DOS programs.
Beginning of NetWare NetWare originated from consulting work by SuperSet Software, a group founded by the friends Drew Major, Dale Neibaur, Kyle Powell and later Mark Hurst. This work stemmed from their classwork at Brigham Young University in Provo, Utah, starting in October 1981. In 1981, Raymond Noorda engaged[clarification needed] the work by the SuperSet team. The team was originally assigned to create a CP/M disk sharing system to help network the CP/M Motorola 6800 hardware that Novell sold at the time. The first S-Net was CP/M 6800 based and shared a hard disk. In 1983, the team was privately convinced that CP/M was a doomed platform and instead came up with a successful file-sharing system for the newly introduced IBM-compatible PC. They also wrote an application called Snipes – a text-mode game – and used it to test the new network and demonstrate its capabilities. Snipes [aka 'NSnipes' for 'Network Snipes'] was the first network application ever written for a commercial personal computer, and it is recognized as one of the precursors of many popular multiplayer games such as Doom and Quake.[1] First called ShareNet or S-Net, this network operating system (NOS) was later called Novell NetWare. NetWare was based on the NetWare Core Protocol (NCP), which is a packet-based protocol that enables a client to send requests to and receive replies from a NetWare server. Initially NCP was directly tied to the IPX/SPX protocol, and NetWare communicated natively using only IPX/SPX. The first product to bear the NetWare name was released in 1983. There were two distinct versions of NetWare at that time. One version was designed to run on the Intel 8086 processor and another on the Motorola processor which was called NetWare 68K (aka S-Net); it ran on the Motorola 68000 processor on a proprietary Novell-built file server (Novell could not write a original network operating system from scratch so they licensed a Unix kernel and based Netware on that [2]) and used a star network topology. This was soon joined by NetWare 86 V4.x, which was written for the Intel 8086. This was replaced in 1985 with Advanced NetWare 86 version 1.0a which allowed more
107
than one server on the same network. In 1986, after the Intel 80286 processor became available, Novell released Advanced NetWare 286 V1.0a and subsequently V2.0B (that used IPX routing to allow up to 4 network cards in a server). In 1989, with the Intel 80386 available, Novell released NetWare 386. Later Novell consolidated the numbering of their NetWare releases, with NetWare 386 becoming NetWare 3.x.
NetWare 286 2.x NetWare version 2 had a reputation as notoriously difficult to configure, since the operating system was provided as a set of compiled object modules that required configuration and linking. Compounding this inconvenience was that the process was designed to run from multiple diskettes, which was slow and unreliable. Any change to the operating system required a re-linking of the kernel and a reboot of the system, requiring at least 20 diskette swaps. An additional complication in early versions was that the installation contained a proprietary low-level format program for MFM hard drives, which was run automatically before the software could be loaded, called COMPSURF. NetWare was administered using text-based utilities such as SYSCON. The file system used by NetWare 2 was NetWare File System 286, or NWFS 286, supporting volumes of up to 256 MB. NetWare 286 recognized 80286 protected mode, extending NetWare's support of RAM from 1 MB to the full 16 MB addressable by the 80286. A minimum of 2 MB was required to start up the operating system; any additional RAM was used for FAT, DET and file caching. Since 16-bit protected mode was implemented the i80286 and every subsequent Intel x86 processor, NetWare 286 version 2.x would run on any 80286 or later compatible processor. NetWare 2 implemented a number of features inspired by mainframe and minicomputer systems that were not available in other operating systems of the day. The System Fault Tolerance (SFT) features included standard readafter-write verification (SFT-I) with on-the-fly bad block re-mapping (at the time, disks did not have that feature built in) and software RAID1 (disk mirroring, SFT-II). The Transaction Tracking System (TTS) optionally protected files against incomplete updates. For single files, this required only
108
a file attribute to be set. Transactions over multiple files and controlled rollbacks were possible by programming to the TTS API. NetWare 286 2.x supported two modes of operation: dedicated and nondedicated. In dedicated mode, the server used DOS only as a boot loader to execute the operating system file net$os.exe. All memory was allocated to NetWare; no DOS ran on the server. For non-dedicated operation, DOS 3.3 or higher would remain in memory, and the processor would time-slice between the DOS and NetWare programs, allowing the server computer to be used simultaneously as a network file-server and as a user workstation. All extended memory (RAM above 1 MB) was allocated to NetWare, so DOS was limited to only 640kB; expanded memory managers that used the MMU of 80386 and higher processors, such as EMM386, would not work either, because NetWare 286 had control of protected mode and the upper RAM, both of which were required for DOS to use this approach to expanded memory; 8086-style expanded memory on dedicated plug-in cards was possible however. Time slicing was accomplished using the keyboard interrupt. This feature required strict compliance with the IBM PC design model, otherwise performance was affected. Non-dedicated NetWare was popular on small networks, although it was more susceptible to lockups due to DOS program problems. In some implementations, users would experience significant network slowdown when someone was using the console as a workstation. NetWare 386 3.x and later supported only dedicated operation. Server licensing on early versions of NetWare 286 was accomplished by using a key card. The key card was designed for an 8-bit ISA bus, and had a serial number encoded on a ROM chip. The serial number had to match the serial number of the NetWare software running on the server. To broaden the hardware base, particularly to machines using the IBM MCA bus, later versions of NetWare 2.x did not require the key card; serialised license floppy disks were used in place of the key cards.
NetWare 3.x Starting with NetWare 3.x, support for 32-bit protected mode was added, eliminating the 16 MB memory limit of NetWare 286. This allowed larger hard drives to be supported, since NetWare 3.x cached (copied) the entire file allocation table (FAT) and directory entry table (DET) into memory for improved performance.
109
By accident or design, the initial releases of the client TSR programs modified the high 16 bits of the 32-bit 80386 registers, making them unusable by any other program until this was fixed. Phil Katz noticed the problem and added a switch to his PKZIP suite of programs to enable 32-bit register use only when the NetWare TSRs were not present. NetWare version 3 eased development and administration by modularization. Each functionality was controlled by a software module called a NetWare Loadable Module (NLM) loaded either at startup or when it was needed. It was then possible to add functionality such as anti-virus software, backup software, database and web servers, long name support (standard filenames were limited to 8 characters plus a three letter extension, matching MS-DOS) or Macintosh style files. NetWare continued to be administered using console-based utilities. The file system introduced by NetWare 3.x and used by default until NetWare 5.x was NetWare File System 386, or NWFS 386, which significantly extended volume capacity (1 TB, 4 GB files) and could handle up to 16 volume segments spanning multiple physical disk drives. Volume segments could be added while the server was in use and the volume was mounted, allowing a server to be expanded without interruption. Initially, NetWare used Bindery services for authentication. This was a stand-alone database system where all user access and security data resided individually on each server. When an infrastructure contained more than one server, users had to log-in to each of them individually, and each server had to be configured with the list of all allowed users. The "NetWare Name Services" product allowed user data to be extended across multiple servers, and the Windows "Domain" concept is functionally equivalent to NetWare v3.x Bindery services with NetWare Name Services added on (e.g. a 2-dimensional database, with a flat namespace and a static schema). For a while, Novell also marketed an OEM version of NetWare 3, called Portable NetWare, together with OEMs such as Hewlett-Packard, DEC and Data General, who ported Novell source code to run on top of their Unix operating systems. Portable NetWare did not sell well. While NetWare 3.x was current, Novell introduced its first high-availability clustering system, named NetWare SFT-III, which allowed a logical server to be completely mirrored to a separate physical machine. Implemented as a shared-nothing cluster, under SFT-III the OS was logically split into an
110
interrupt-driven I/O engine and the event-driven OS core. The I/O engines serialized their interrupts (disk, network etc.) into a combined event stream that was fed to two identical copies of the system engine through a fast (typically 100 Mbit/s) inter-server link. Because of its non-preemptive nature, the OS core, stripped of non-deterministic I/O, behaves deterministically, like a large finite state machine. The outputs of the two system engines were compared to ensure proper operation, and two copies fed back to the I/O engines. Using the existing SFTII software RAID functionality present in the core, disks could be mirrored between the two machines without special hardware. The two machines could be separated as far as the server-to-server link would permit. In case of a server or disk failure, the surviving server could take over client sessions transparently after a short pause since it had full state information and did not, for example, have to re-mount the volumes – a process at which NetWare was notoriously slow. SFT-III was the first NetWare version able to make use of SMP hardware – the I/O engine could optionally be run on its own CPU. The modern incarnation of NetWare's clustering, Novell Cluster Services (introduced in NetWare v5.0), is very different from SFT-III. NetWare SFTIII, ahead of its time in several ways, was a mixed success. Novell designed NetWare 386 3.x to run all applications on the server at the same level of processor memory protection, known as "ring 0". While this provided the best possible performance, it sacrificed reliability. The result was that crashes (known as abends, short for abnormal ends) were possible and would result in stopping the system. Starting with NetWare 5.x, software modules (NetWare Loadable Modules or NLM's) could be assigned to run in different processor protection rings, ensuring that a software error would not crash the system.
NetWare 4.x Version 4 in 1993 also introduced NetWare Directory Services, later rebranded as Novell Directory Services (NDS), based on X.500, which replaced the Bindery with a global directory service, in which the infrastructure was described and managed in a single place. Additionally, NDS provided an extensible schema, allowing the introduction of new object types. This allowed a single user authentication to NDS to govern access to any server in the directory tree structure. Users could therefore access network resources no matter on which server they resided, although user license counts were still
111
tied to individual servers. (Large enterprises could opt for a license model giving them essentially unlimited per-server users if they let Novell audit their total user count) Version 4 also introduced a number of useful tools and features, such as transparent compression at file system level and RSA public/private encryption. Another new feature was the NetWare Asynchronous Services Interface (NASI). It allowed network sharing of multiple serial devices, such as modems. Client port redirection occurred via an MS-DOS or Microsoft Windows driver allowing companies to consolidate modems and analog phone lines.[3] The upgrade was not without its flaws- initially NetWare 4 could not coexist with earlier versions on the same network because of incompatibilities.[4]
NetWare for OS/2 Promised as early as 1988, when the Microsoft-IBM collaboration was still ongoing and Microsoft OS/2 was still a fairly limited 16-bit product,[5] the product didn´t become commercially available until IBM and Microsoft had parted ways and IBM had turned OS/2 into a 32-bit, pre-emptive multitasking and multithreading OS. By August, 1993[6] Novell released its first version of "Netware for OS/2". This first release supported OS/2 2.1 (1993) as the base OS, and required that users first buy and install IBM OS/2, then purchase NetWare 4.01, and then install the NetWare for OS/2 product. It retailed for $200.[7] By around 1995, and coincidental with IBM´s renewed marketing push for its 32-bit OS/2 Warp OS, both as a desktop client and as a LAN server (OS/2 Warp Server), NetWare for OS/2 began receiving some good press coverage. "NetWare 4.1 for OS/2" allowed to run Novell´s network stack and server modules on top of IBM´s 32-bit kernel and network stack. It was basically NetWare 4.x running as a service on top of OS/2. It was compatible with third party client and server utilities and NetWare Loadable Modules [1]. Since IBM´s 32-bit OS/2 included Netbios, IPX/SPX and TCP/IP support, this means that sysadmins could run all three most popular network stacks on a single box, and use the OS/2 box as a workstation too. NetWare for OS/2 shared memory on the system with OS/2 seamlessly. The book "Client Server survival Guide with OS/2" described it as "glue code that lets the unmodified
112
NetWare 4.x server program think it owns all resources on a OS/2 system". It also claimed that a NetWare server running on top of OS/2 only suffered a 5% to 10% overhead over NetWare running over the bare metal hardware, while gaining OS/2´s pre-emptive multitasking and object oriented GUI.[8] Novell continued releasing bugfixes and updates to NetWare for OS/2 up to 1998[9] Microsoft Windows Microsoft Windows is a series of graphical systems developed, marketed, and sold by Microsoft.
interface operating
Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces (GUIs).[2] Microsoft Windows came to dominate the world's personal computer market with over 90% market share, overtaking Mac OS, which had been introduced in 1984. The most recent client version of Windows is Windows 8; the most recent mobile client version is Windows Phone 8; the most recent server version is Windows Server 2012.
Early versions Windows 1.0, the first version, released in 1985. The history of Windows dates back to September 1981, when Chase Bishop, a computer scientist, designed the first model of an electronic device and project "Interface Manager" was started. It was announced in November 1983 (after the Apple Lisa, but before the Macintosh) under the name "Windows", but Windows 1.0 was not released until November 1985.[3] Windows 1.0 lacked a degree of functionality, achieved little popularity and was to compete with Apple's own operating system. Windows 1.0 is not a complete operating system; rather, it extends MS-DOS. The shell of Windows 1.0 was a program known as the MSDOS Executive. Other supplied programs were Calculator, Calendar, Cardfile, Clipboard viewer, Clock, Control Panel, Notepad, Paint, Reversi, Terminal, and Write. Windows 1.0 did not allow overlapping windows. Instead all windows were tiled. Only dialog boxes could appear over other windows.
113
Microsoft Windows version 2.0 was released in December 1987, featured several improvements to the user interface and memory management.[3] and was slightly more popular than its predecessor. Windows 2.03 changed the OS from tiled windows to overlapping windows. The result of this change led to Apple Computer filing a suit against Microsoft alleging infringement on Apple's copyrights.[4][5] Windows 2.0 also introduced more sophisticated keyboard shortcuts and could make use of expanded memory. Windows 2.1 was released in two different versions: Windows/386 employed the 386 virtual 8086 mode to multitask several DOS programs, and the paged memory model to emulate expanded memory using available extended memory. Windows/286 (which, despite its name, would run on the 8086) still ran in real mode, but could make use of the high memory area. In addition to full Windows-packages, there were runtime only versions that shipped with early Windows software from third parties and made it possible to run their Windows software under MS-DOS and without the full Windows feature set. The early versions of Windows were often thought of as simply graphical user interfaces, mostly because they ran on top of MS-DOS and used it for file system services.[6] However, even the earliest 16-bit Windows versions already assumed many typical operating system functions; notably, having their own executable file format and providing their own device drivers (timer, graphics, printer, mouse, keyboard and sound) for applications. Unlike MS-DOS, Windows allowed users to execute multiple graphical applications at the same time, through cooperative multitasking. Windows implemented an elaborate, segment-based, software virtual memory scheme, which allowed it to run applications larger than available memory: code segments and resources were swapped in and thrown away when memory became scarce, and data segments moved in memory when a given application had relinquished processor control. Windows 3.0 and 3.1 Windows 3.0, released in 1990. Windows 3.0, released in 1990, improved the design, mostly because of virtual memory and loadable virtual device drivers (VxDs) that allowed them to share arbitrary devices between multitasked DOS windows.[citation needed] Also, Windows applications could now run in protected mode (when Windows was running in Standard or 386 Enhanced
114
Mode), which gave them access to several megabytes of memory and removed the obligation to participate in the software virtual memory scheme. They still ran inside the same address space, where the segmented memory provided a degree of protection, and multi-tasked cooperatively. Windows 3.0 also featured improvements to the user interface. Microsoft also rewrote critical operations from C into assembly. Windows 3.0 was the first Microsoft Windows version to achieve broad commercial success, selling 2 million copies in the first six months.[7][8]
Windows received a facelift in Windows 3.1, made generally available on March 1, 1992. In August 1993, a special version with integrated peer-to-peer networking was released with version number 3.11. It was sold in parallel with the basic version as Windows for Workgroups. Windows 3.1 support ended on December 31, 2001.[9] Windows 9x Windows 95, released in August 1995. Windows 95 was released on August 24, 1995, featuring a new object oriented user interface, support for long file names of up to 255 characters, the ability to automatically detect and configure installed hardware (plug and play) and preemptive multitasking. Windows 95 was designed to replace not only Windows 3.1, but also Windows for Workgroups, and MS-DOS. It could natively run 32-bit applications, and featured several technological improvements that increased its stability over Windows 3.1. The changes Windows 95 brought to the desktop were revolutionary, as opposed to evolutionary, such as those in Windows 98 and Windows ME. There were several OEM Service Releases (OSR) of Windows 95, each of which was roughly equivalent to a service pack. Mainstream support for Windows 95 ended on December 31, 2000 and extended support for Windows 95 ended on December 31, 2001.[10] Next in the consumer line was Microsoft Windows 98 released on June 25, 1998. It was followed with the release of Windows 98 Second Edition (often shortened to Windows 98 SE) in May 1999. Mainstream support for Windows 98 ended on June 30, 2002 and extended support for Windows 98 ended on July 11, 2006.[11]
115
In February 2000, Windows 2000 (in the NT family) was released, followed by Windows ME in September 2000 (Me standing for Millennium Edition). The consumer version following Windows 98 was Windows ME (Windows Millennium Edition). Released in September 2000, Windows ME updated the core from Windows 98, but adopted some aspects of Windows 2000 and removed the "boot in DOS mode" option. Windows ME implemented a number of new technologies for Microsoft: most notably publicized was "Universal Plug and Play". It also added a new feature called System Restore, allowing the user to set the computer's settings back to an earlier date. Windows ME is often confused with Windows 2000 (because of its name.) Windows ME was heavily criticized due to slowness, freezes and hardware problems and has been said to be one of the worst operating systems Microsoft ever released.[12] Windows NT family The Windows logo used from 2001 to 2006, for the Windows XP operating system. The Windows logo used from 2006 to 2012, for the Windows Vista and Windows 7 operating systems. The Windows logo used as of October 2012, for the Windows 8 operating system. In July 1993, Microsoft released Windows NT based on a new kernel. The NT family of Windows systems was fashioned and marketed for higher reliability business use, considered to be the professional OS. The first release was Windows NT 3.1 (1993), numbered "3.1" to match the consumer Windows version, which was followed by Windows NT 3.5 (1994), Windows NT 3.51 (1995), Windows NT 4.0 (1996) and Windows 2000 (2000). Windows NT was the first Windows version to utilize preemptive multitasking.[citation needed] Windows NT 4.0 was the first in this line to implement the "Windows 95" user interface (and the first to include Windows 95's built-in 32-bit runtimes). Microsoft released Windows 2000 as part of the NT line in February 2000. During 2004 part of the source code for Windows 2000 was leaked onto the Internet. Windows 2000 is the last NT-based Windows release that does not include Microsoft Product Activation. After Windows 2000, the Windows NT family was split into two lines: A client line, including Windows XP and its
116
successors, consists of operating systems produced for installation on client computers, such as workstations, home computers, laptops, tablet computers and media centers. A Windows Server line, including Windows Server 2003 and it successors, consists of operating systems produced for server computers. Later, a third line for embedded systems was added with the introduction of Windows Embedded.
Windows XP, Vista and 7 Microsoft moved to combine their consumer and business operating systems with Windows XP that was released on October 25, 2001. Windows XP is built on the Windows NT kernel, retooled to also function as a home operating system. This new version was widely praised in computer magazines.[13] XP shipped in two distinct editions, "Home" and "Professional", the former lacking many of the superior security and networking features of the Professional edition. Additionally, the first "Media Center" edition was released in 2002,[14] with an emphasis on support for DVD and TV functionality including program recording and a remote control. A niche market versions for tablet PCs was also released. Mainstream support for Windows XP ended on April 14, 2009. Extended support will continue until April 8, 2014.[15] After Windows 2000, they diverged release schedules for server operating systems. In April 2003, Windows Server 2003 was introduced, replacing the Windows 2000 line of server products with a number of new features and a strong focus on security; this was followed in December 2005 by Windows Server 2003 R2. After a lengthy development process, Windows Vista was released on November 30, 2006 for volume licensing and January 30, 2007 for consumers. It contains a number of new features, from a redesigned shell and user interface to significant technical changes, with a particular focus on security features. It is available in a number of different editions, and has been subject to some criticism. Vista's server counterpart, Windows Server 2008 was released in early 2008.
117
On July 22, 2009, Windows 7 and Windows Server 2008 R2 were released as RTM (release to manufacturing) while the former was released to the public 3 months later on October 22, 2009. Unlike its predecessor, Windows Vista, which introduced a large number of new features, Windows 7 was intended to be a more focused, incremental upgrade to the Windows line, with the goal of being compatible with applications and hardware with which Windows Vista was already compatible.[16] Windows 7 has multi-touch support, a redesigned Windows shell with a new taskbar, referred to as the Superbar, a home networking system called HomeGroup,[17] and performance improvements. Multilingual support: IMEs and LIPs There are three main issues involved in making English-language Windows multilingual: (1) some languages require an Input Method Editor (IME) to enter text, (2) many users will want application menus (such as MS Office menus) to display in their own language, and they may also want to use a keyboard that matches the normal keyboard layout and marking for their own language, and (3) some users will want Windows menus and messages to display in their own language, i.e. they will want to switch from an English Windows environment to another language. For languages like Italian, Spanish, French and German, (2) alone may suffice. For languages like Chinese, Japanese, and Korean (CJK), an IME (1) is also required. This is bundled with the corresponding language version of Windows, but is also available as a separate download for English Windows, as described below; (1) and (2) can be essentially free (apart from the custom keyboard). For some languages, (3), multilingual support for Windows, is a free download for Windows XP and later—but it requires Windows 7 Ultimate or better for languages such as Chinese, Japanese and Korean. (1) After releasing Chinese, Japanese, and Korean bundles of Office 2010 and IME 2010, Microsoft made IME 2010 available as a free upgrade for users of the earlier IME versions of Windows. Microsoft later made these Chinese, Japanese, and Korean IME versions available free to users of Windows XP and later, including English Windows XP (but now says that users should own some version of MS Office).[18] Each IME package enables the entering of text in the corresponding language; necessary fonts may be bundled with it (or supplementary fonts offered with the corresponding version of Office).
118
(2) Microsoft now also offers Language Interface Packs (LIPs) for MS Office. Some LIPs are free;[19] some "Language Packs" (such as the CJK ones) are sold separately and may include spelling and grammar checking tools.[20] (Recent application software from some companies may support two or more popular languages). (3) Microsoft now also offers Language Interface Packs (LIPs) that allow users to view Windows menus, dialog boxes, and other user interface items in their preferred language. These are free; most are for English Windows (XP and later)—however, Chinese, Japanese, and Korean LIP downloads require Windows 7 Ultimate or Enterprise.[21] These LIPs include IMEs where applicable. Windows 8 Windows 8, the successor to Windows 7, was released to the market on 26 October 2012. Windows 8 has been designed to be used on both tablets and the conventional PC. The Microsoft Surface tablet was released alongside Windows 8, as a competitor to the Apple iPad and Android tablets. Microsoft Surface is available in two editions, Surface with Windows RT and Surface with Windows 8 Pro, aimed at designers and other work-based users. The Surface RT runs a limited version of Windows 8, Windows RT, and will not run many classic Windows desktop applications, as users can download new applications from the Windows App Store. However, the Surface Pro, released on February 9, 2013, has a full desktop operating system capable of running all classic desktop applications. See Microsoft Surface for more information. Windows 8 was released to manufacturing on 1 August 2012, with a build of 6.2.9200. It is available for purchase in two versions, Windows 8 and Windows 8 Pro. For the first time since Windows 95, the Start button is no longer available on the taskbar. It has been replaced with the Start screen and can be triggered by clicking the bottom-left corner of the screen and by clicking Start in the Charms or by pressing the Windows key on the keyboard. However, there are many third-party solutions such as Stardock Start8 and Classic Shell, that do bring back the Windows 7 style start menu. See List of Start Menu replacements for Windows 8 for more information.
119
In February 2013, it was reported that an update to Windows 8, codenamed Windows Blue, had completed the first milestone, indicating development is approximately halfway complete.[22]
Linux Open Source
Linux (i/ˈlɪnəks/ lin-əks or /ˈlɪnʊks/ lin-uuks) is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of Linux is the Linux kernel, an operating system kernel first released 5 October 1991 by Linus Torvalds. Linux was originally developed as a free operating system for Intel x86-based personal computers. It has since been ported to more computer hardware platforms than any other operating system. It is a leading operating system on servers and other big iron systems such as mainframe computers and supercomputers: more than 90% of today's 500 fastest supercomputers run some variant of Linux, including the 10 fastest. Linux also runs on embedded systems (devices where the operating system is typically built into the firmware and highly tailored to the system) such as mobile phones, tablet computers, network routers, televisions and video game consoles; the Android system in wide use on mobile devices is built on the Linux kernel. The development of Linux is one of the most prominent examples of free and open source software collaboration: the underlying source code may be used, modified, and distributed—commercially or non-commercially—by anyone under licenses such as the GNU General Public License. Typically Linux is packaged in a format known as a Linux distribution for desktop and server use. Some popular mainstream Linux distributions include Debian (and its derivatives such as Ubuntu and Linux Mint), Red Hat Enterprise Linux (and its derivatives such as Fedora and CentOS), Mandriva/Mageia, openSUSE (and its commercial derivative SUSE Linux Enterprise Server), and Arch Linux. Linux distributions include the Linux kernel, supporting utilities and libraries and usually a large amount of application software to fulfill the distribution's intended use. A distribution oriented toward desktop use will typically include the X Window System and an accompanying desktop environment such as GNOME
120
or KDE Plasma. Some such distributions may include a less resource intensive desktop such as LXDE or Xfce for use on older or less powerful computers. A distribution intended to run as a server may omit all graphical environments from the standard install and instead include other software such as the Apache HTTP Server and an SSH server such as OpenSSH. Because Linux is freely redistributable, anyone may create a distribution for any intended use. Applications commonly used with desktop Linux systems include the Mozilla Firefox web browser, the LibreOffice office application suite, and the GIMP image editor. Since the main supporting user space system tools and libraries originated in the GNU Project, initiated in 1983 by Richard Stallman, the Free Software Foundation prefers the name GNU/Linux.[21][22]
History of Linux Andrew S. Tanenbaum (left), author of the MINIX operating system, and Linus Torvalds (right), principal author of the Linux kernel
Unix The Unix operating system was conceived and implemented in 1969 at AT&T's Bell Laboratories in the United States by Ken Thompson, Dennis Ritchie, Douglas McIlroy, and Joe Ossanna. It was first released in 1971 and was initially entirely written in assembly language, a common practice at the time. Later, in a key pioneering approach in 1973, Unix was re-written in the programming language C by Dennis Ritchie (with exceptions to the kernel and I/O). The availability of an operating system written in a high-level language allowed easier portability to different computer platforms. With a legal glitch forcing AT&T to license the operating system's source code to anyone who asked,[23] Unix quickly grew and became widely adopted by academic institutions and businesses. In 1984, AT&T divested itself of Bell Labs. Free of the legal glitch requiring free licensing, Bell Labs began selling Unix as a proprietary product.
121
GNU Richard Stallman, founder of the GNU project The GNU Project, started in 1983 by Richard Stallman, had the goal of creating a "complete Unix-compatible software system" composed entirely of free software. Work began in 1984.[24] Later, in 1985, Stallman started the Free Software Foundation and wrote the GNU General Public License (GNU GPL) in 1989. By the early 1990s, many of the programs required in an operating system (such as libraries, compilers, text editors, a Unix shell, and a windowing system) were completed, although low-level elements such as device drivers, daemons, and the kernel were stalled and incomplete.[25] Linus Torvalds has said that if the GNU kernel had been available at the time (1991), he would not have decided to write his own.[26]
BSD Although not released until 1992 due to legal complications, development of 386BSD, from which NetBSD, OpenBSD and FreeBSD descended, predated that of Linux. Linus Torvalds has said that if 386BSD had been available at the time, he probably would not have created Linux.[27]
MINIX MINIX is an inexpensive minimal Unix-like operating system, designed for education in computer science, written by Andrew S. Tanenbaum. Starting with version 3 in 2005, MINIX became free and was redesigned for "serious" use.
Genesis In 1991 while attending the University of Helsinki, Torvalds became curious about operating systems[28] and frustrated by the licensing of MINIX, which limited it to educational use only. He began to work on his own operating system which eventually became the Linux kernel. Torvalds began the development of the Linux kernel on MINIX, and applications written for MINIX were also used on Linux. Later Linux matured and further Linux development took place on Linux systems.[29]
122
GNU applications also replaced all MINIX components, because it was advantageous to use the freely available code from the GNU project with the fledgling operating system. (Code licensed under the GNU GPL can be reused in other projects as long as they also are released under the same or a compatible license.) Torvalds initiated a switch from his original license, which prohibited commercial redistribution, to the GNU GPL.[30] Developers worked to integrate GNU components with Linux to make a fully functional and free operating system.[25]
123
7.0 ADVANCED TOPICS Objectives This chapter covers; Design and Installation Network Monitoring Network Network Management Protocol (SNMP) Network Security Future networking technologies; Eg ADSL, HDSL, H0, H11, H12, ISO Ethernet, 1Gbps, Ethernet, Fiber Channel, and Wireless Networks
7.1 Design and Installation Network This is an example of a Network Designs and Installation proposal for a public education system. It covers the following requirements/items;
Feasibility study Network needs analysis High-level network design Detailed design documentation Cost-benefit analysis
FEASIBILITY STUDY Situation in which the Project Exists: This proposal is for a data communication network to serve the Maryland public education system. The Maryland legislature recently approved funding sufficient to pay for the development of this proposal. Pending proposal acceptance by the Maryland State Public Education Office of Technology (a department within the state Office of Education), funding will be sought to implement the proposal. Network Scope: The proposed network is designed to serve the state Office of Education and two of its school district offices. The state office, located in Kenzington, contains five departments to be served by this network. Each district office contains four departments to be served. The North School 124
District is located in Ricksville, 25 miles from the state office. The South School District is located in Albanton, about 40 miles from the state office. Note that this network does not serve instructional needs of students; other resources have been allocated for that purpose. This network is for administrative purposes and is specifically designed to be independent of student computing facilities. Objectives of the Network. The network is designed to achieve several specific business/operational objectives: 1. Secure Service: The main objective of this network is to provide secure administrative computing service to the State Office and two districts. It is designed to be functionally and physically isolated from access by people not employed by the Maryland public education system so as to minimize the risk of unauthorized use. 2. Integration and Update: Presently there are many LANs in the Maryland public education system, but much of the equipment is out of date, many of the LANs are incompatible with each other, and not connected in a system-wide network. This proposal describes a WAN that integrates and updates these LANs to support productive collaboration across the system. 3. Versatile Information Processing: The network will enable users to retrieve, process, and store ASCII and non-ASCII text, still graphics, audio, and video from any connected computer. 4. Collaboration: The network will combine the power and capabilities of diverse equipment across the state to provide a collaborative medium that helps users combine their skills regardless of their physical location. A network for this educational community will enable people to share information and ideas easily so they can work more efficiently and productively. 5. Scalability: The design is scaleable so that more district offices can be added as funding becomes available without having to redo the installed network. Intended Users. The primary users of the network at the state level will be the three administrators, three secretaries, ten members of the Curriculum Department, eight members of the Human Resource Department, six members of the Finance/Accounting Department, and three members of the Computer Services Department. At the district level the primary users will
125
be four administrators, four secretaries, four members of the Computer Services Department, sixteen members of the Human Resource Department, and two members of the Finance/Accounting Department. Parents, preservice teachers, teachers, and the public are secondary users of the network in that they will receive information produced on the network, but they will not directly use the network. Design Assumptions. This design assumes the following: 1. The State Education Network has a firewall that protects all information coming and going from the network. 2. Internet service is provided by the State Education Network, which is subsidized by the state government.
126
NETWORK NEEDS ANALYSIS Data Types. The types of data served by the network will be reports, bulletins, accounting information, personnel profiles, and web pages. The majority of the data will be text (ASCII and non-ASCII), but there will be some still graphics and possibly a small amount of voice and video (primarily for PC-based teleconferencing). Data Sources. Data will be created and used at all end stations on the network. The data will be produced by software applications in Windows 2000, primarily Dream Weaver and Office 2000 Professional (Word, Excel, Access, PowerPoint, and Outlook). Other data sources to be supported on at least a limited basis will Windows 2000 Accessories (Paint, Notepad, etc.), NetMeeting, Media Player, and PhotoShop. Note that the network will be not be accessible from outside… Numbers of Users and Priority Levels. At the state level, the users will be administrators, secretaries, and members of four departments. At the district levels, the users will be administrators, secretaries, and members of three departments. The maximum estimated number of users on the network at any given time is 100: 33 regular users in the State Office, 30 regular users in the North District Office, 30 regular users in the South District Office, and seven otherwise unanticipated users. Three priority levels will be supported: management (top priority), user (medium priority), and background (low priority). Note that these designations do not correspond to administrative levels in the Maryland public education system; rather, they are network service levels. Network management processes will receive top-priority service; most network processes will receive medium-priority service; a few processes (e.g., e-mail transfers, backup, etc.) will be given low-priority service. It should be noted that network management will usually consume a small amount of the available bandwidth; this means that management and user processes will usually enjoy identical support. Background processes will also usually receive more than adequate service, but they will be delayed as needed to maintain support for management and user services. Transmission Speed Requirements. The network is to be transparent to the users. Thus, remotely executed applications, file transfers, and so forth
127
should ideally appear to operate as quickly as processes executed within an end-station. Interviews with users to ascertain their needs and expectations indicate that an average throughput of 20 mbps per user within each LAN and 10 mbps per user between LANs will more than support the needed performance in most cases (teleconferencing being the possible exception). Load Variation Estimates. Interviews with users and observation of LAN use at the three locations yielded data on hourly average and peak loads from January to March, 2001. The data are tabulated in the appendix. The data indicate that the highest average traffic volume will occur from 8:00 a.m. to 6:00 p.m., Monday through Friday. The peak network traffic volume is expected at two times during the day:8:00 a.m. to 12:00 noon and 3:00 p.m. to 5:00 p.m. At night and on weekends the network traffic is minimal except for the daily backups of the PCs to the LAN servers in the districts and several batch data transfers anticipated from the districts to the State Office. The data indicate the following network design parameters: The average required throughput on any LAN during work hours (7:00 a.m. to 6:00 p.m.) will be only about 0.2 mbps. The average required throughput on the WAN during work hours (7:00 a.m. to 6:00 p.m.) will be only 0.04 mbps. The peak expected traffic load on any LAN will be about 10.4 mbps. The peak expected traffic load on the WAN will be about 6.4 mbps. Of course, to avoid user complaints, the network is designed for the peak traffic loads, not the average throughput. Storage Requirements. Storage requirements need to be large enough to store all student, teacher, and state data (note: student data are data about students, not data generated by students). Interviews and observations of users’ present and anticipated storage requirements indicate that each user will need an average of 100 MB of server space (in addition to secondary storage on local PCs); the maximum estimated server-side storage requirement per user is about 1 GB. Additionally, the network operating system will occupy about 500 MB on each LAN server. Taking priceperformance issues into account, each PC will have a minimum storage capacity of 10 GB, each LAN server will have a minimum storage capacity of 20 GB. A main data server in the State Office will have a 36 GB capacity.
128
Reliability Requirements. In keeping with user expectations and industry standards, both the LANs and the WAN are expected to operate at 99.9% uptime and an undiscovered error rate of .001%. Security Requirements. A firewall will be used so unauthorized users will be restricted. Part of the security will be Users accounts and passwords that will give limited access. There will be different access capabilities for network managers and users. Existing Network. There is no existing network.
129
HIGH-LEVEL NETWORK DESIGN Top-Level Network Diagram
130
State Office Network Diagram (LAN cabling is 100BaseT CAT5)
State Office Network Sub-Diagram Administration LAN
131
State Office Network Sub-Diagram Finance/Accounting LAN
State Office Network Sub-Diagram Curriculum LAN
132
State Office Network Sub-Diagram Human Resources LAN
133
State Office Network SubDiagram Computer Services LAN
North District Network Diagram (LAN cabling is 100BaseT CAT5)
134
North District Network Diagram Administration LAN
Sub-
North District Network Sub-Diagram Finance/Accounting & Computer Services LAN
135
North District Network Sub-Diagram Human Resources LAN
South District Network Diagram (LAN cabling is 100BaseT CAT5)
136
South District Network Diagram Administration LAN
137
Sub-
South District Network Sub-Diagram Finance/Accounting & Computer Services LAN
South District Network Sub-Diagram Human Resources LAN
138
DETAILED DESIGN DOCUMENTATION Key for Lists = Product Cost Availability Performance Maintainability HP File/Print Server LH 3000 $4,089.00 Available/In Stock P3 866MHz, 128 MB/4GB RAM, 256KB L2, 32X CD 3 Year Warranty and Maintained by Computer Services as needed HP NetServer Hard Drive $379.95 Available/In Stock 9.1 GB SCSI3 7200 RPM LVD, LC2000/LH3 Compatibility Maintained by Computer Services as needed IntelliFax-4750 Commercial Laser Fax $499.95 Available/In Stock 250-sheet Universal Paper Cassette, 4 MB, Dual Access Memory (upgradeable to 12 MB or 20 MB), Up to 50 page Auto Document Feeder, Stores up to 270 pages, 14.4 Kbps fax modem Maintained by Computer Services as needed HP Laser Jet 8150N Series $2,469.95 Available/In Stock 1200 dpi, 32 MB memory expandable to 192 MB, Network ready 10/100 Base-TX, 2 open EIO Slots, 3/100 (Number of trays/capacity) Maintained by Computer Services as needed Windows 2000 Server $819.95 Available/In Stock
139
5 Licenses included, Full Version Maintained by Computer Services as needed
Compaq DeskPro EN P3/600 $999.00 Available/In Stock 10 GB, 128 MB, 40X CD ROM, NIC DT Win 00; with Windows 2000 OS 3 Year Parts and Labor Warranty and Maintained by Computer Services as needed CAT 5 Cable $145.99 Available/In Stock 4 pair solid PVC; 1000 feet Maintained by Computer Services as needed SmartPro 1400 $454.99 Available/In Stock 6 outlets +LAN Maintained by Computer Services as needed EtherFast 8-Port 10/100 Desktop Hub $79.99 Available/In Stock True 10/100 auto-sensing ports, Internal store-and-forward switching segment, built-in data collision and frame re-timing Manufacturer’s 5 year limited warranty and Maintained by Computer Services as needed EtherFast 12-Port 10/100 Desktop Hub $129.99 Available/In Stock True 10/100 auto-sensing ports, Internal store-and-forward switching segment, built-in data collision and frame re-timing Manufacturer’s 5 year limited warranty and Maintained by Computer Services as needed EtherFast 20-Port 10/100 Desktop Hub
140
$199.99 Available/In Stock True 10/100 auto-sensing ports, Internal store-and-forward switching segment, built-in data collision and frame re-timing Manufacturer’s 5 year limited warranty and Maintained by Computer Services as needed
EtherFast II 24-Port 10/100 Switch $449.99 Available/In Stock True 10/100 auto-sensing ports, Internal store-and-forward intelligent switching segment, built-in data collision and frame re-timing Manufacturer’s 5 year limited warranty and Maintained by Computer Services as needed CISCO 2621 Ethernet Router 2 10/100 $2,319.00 Available/In Stock Provides remote access and WAN integrations, supports extranet VPN access and multiple modules, two 10/100 RJ45 ports, two WAN slots, one network module slot, one AIM slot Maintained by Computer Services as needed Firewall I Internet Gateway V4.1 100 Nodes ONL $6,000.00 Available/In Stock Full Version Maintained by Computer Services as needed DS-2 Connection $650.00 Available 1 month, exclusive rights Maintained by Quest Communications
141
COST-BENEFIT ANALYSIS Cost Analysis Tangible Costs Product HP File/Print Server LH 3000 HP NetServer Hard Drive IntelliFax-4750 Commercial Laser Fax HP Laser Jet 8150N Series Windows 2000 Server Compaq DeskPro EN P3/600 CAT 5 Cable (1,000 feet) SmartPro 1400 EtherFast 8-Port 10/100 Desktop Hub EtherFast 12-Port 10/100 Desktop Hub EtherFast 20-Port 10/100 Desktop Hub EtherFast II 24-Port 10/100 Switch CISCO 2621 Ethernet Router 2 10/100 Ports 2 Slots RJ45 Plugs *Packs of 50 Ultimate Tool Kit Firewall I Internet Gateway V4.1 100 Nodes ONL Labor (Maintaining the System) per hour DS-2 Connection (1 month, exclusive rights)
Price $4,089.00 $379.95
Quantity 6 10
Total $24,534.00 3,799.50
$499.95
3
1,499.85
$2,469.95 $819.95 $999.00 $145.99 $454.99
4 6 65 4 6
9,879.80 4,919.70 64,935.00 583.96 2,729.94
$79.99
5
399.95
$129.99
4
519.96
$199.99
2
399.98
$449.99
3
1,349.97
$2,319.00
3
6,957.00
$49.99
8
399.92
$399.00
1
399.00
$6,000.00
1
6,000.00
$75.00
300
22,500.00
$650.00
36
23,400.00
Subtotal of Tangible Costs
$175,207.53
Intangible Costs
142
Product Network Down Time (Estimated at 9 hrs/yr)
Price $8,000.00
1
$8,000.00
Subtotal of Intangible Costs
$8,000.00
Total 3-year Cost Analysis Total Annualized Cost
$183,207.53 $61,069.18
Benefit Analysis Product Increased Productivity Decreased Anxiety (from increased reliability) Less Training Time Increased Connectivity between State and District Offices Ease of Record Keeping (i.e., fewer lost files and faster availability) Increased Security
Price $25,000.00 yr $4,000.00 yr $6,000.00 yr $10,000.00 yr
$25,000.00 yr $30,000.00 yr
Total Intangible Benefits Product Increased Community Support Increased Staff Morale Better Informed Public
$100,000.00/year
Price $30,000.00 yr $15,000.00 yr $20,000.00 yr
Total
$65,000.00/year
143
Total Benefit Analysis = $165,000.00/year
144
Cost-Benefit Ratio Total Cost $61,069.18/year
Total Benefit $165,000/year
Ratio 0.37
* Annual benefit exceeds annualized cost. * The project is expected to pay for itself in about 14 months. * The time to functional obsolescence of the equipment is estimated at about 36 months. * It is therefore recommended that the project be implemented.
145
APPENDIX Average Network Usage for January to March 2000 Average Average Total Average Total Coincident MB per WAN Coincident Average LAN WAN WAN Data LAN MB per Data Accesses Access Transfer Time Loc Accesses Access Transfer (Est) (Est) (Est) 0100 State 0.2 0.3 0.1 0.0 0.0 0.0 North 0.5 0.2 0.1 0.1 0.1 0.0 South 0.4 0.4 0.2 0.2 0.2 0.0 0200 State 1.1 7654.2 8419.6 0.2 3827.1 814.3 North 0.3 0.4 0.1 0.2 0.2 0.0 South 0.2 0.2 0.0 0.0 0.1 0.0 0300 State 0.2 0.2 0.0 0.1 0.1 0.0 North 1.0 4487.0 4487.0 0.5 2243.5 1126.6 South 0.1 0.3 0.0 0.1 0.2 0.0 0400 State 0.4 0.6 0.2 0.4 0.3 0.1 North 0.3 0.3 0.1 0.1 0.2 0.0 South 1.2 6529.7 7835.6 1.1 3264.9 3602.5 0500 State 0.3 0.1 0.0 0.2 0.1 0.0 North 0.3 0.1 0.0 0.2 0.1 0.0 South 0.4 0.2 0.1 0.0 0.1 0.0 0600 State 0.5 0.5 0.3 0.1 0.3 0.0 North 0.4 0.3 0.1 0.4 0.2 0.1 South 0.2 0.2 0.0 0.1 0.1 0.0 0700 State 0.5 0.5 0.3 0.2 0.3 0.0
146
Maximum Network Usage for January to March 2000 Maximum Maximum Max Maximum Max Max Coincident MB per WAN Coincident MB LAN WAN WAN Data LAN per Data Accesses Access Rate Time Loc Accesses Access Rate (Est) (Est) (Est) 0100 State 2 0.2 0.5 0.0 0.0 0.0 North 2 0.2 0.3 1.0 0.1 0.1 South 2 0.3 0.6 1.0 0.2 0.2 0200 State 3 5740.7 222.0 1.0 2870.3 272.2 North 2 0.3 0.6 2.0 0.2 0.3 South 2 0.2 0.3 0.0 0.1 0.0 0300 State 2 0.2 0.3 1.0 0.1 0.1 North 2 3365.3 730.5 2.0 1682.6 35.3 South 1 0.2 0.2 2.0 0.1 0.2 0400 State 2 0.5 0.9 2.0 0.2 0.5 North 3 0.2 0.7 2.0 0.1 0.2 South 3 4897.3 4691.8 2.0 2448.6 442.3 0500 State 2 0.1 0.2 1.0 0.0 0.0 North 2 0.1 0.2 2.0 0.0 0.1 South 3 0.2 0.5 0.0 0.1 0.0 0600 State 3 0.4 1.1 1.0 0.2 0.2 North 4 0.2 0.9 2.0 0.1 0.2 South 3 0.2 0.5 2.0 0.1 0.2 0700 State 1 0.4 0.4 2.0 0.2 0.4
Average Network Usage for January to March 2000 Average Average Total Average Total Coincident MB per WAN Coincident Average LAN WAN WAN Data LAN MB per Data Accesses Access Transfer Time Loc Accesses Access Transfer (Est) (Est) (Est) North 1.8 0.6 1.1 0.1 0.3 0.0 South 2.5 0.7 1.8 0.9 0.4 0.3 0800 State 27.6 3.1 85.6 23.5 1.6 36.4 North 25.5 5.1 130.1 2.5 2.6 6.3 South 26.8 3.9 104.5 14.9 2.0 29.0 0900 State 30.1 2.1 63.2 3.4 1.1 3.6 North 31.1 0.9 28.0 25.0 0.5 11.2 South 28.4 1.2 34.1 20.7 0.6 12.4 1000 State 29.4 12.1 355.7 29.4 6.1 177.8 North 26.2 1.1 28.8 16.7 0.6 9.2 South 26.5 3.2 84.8 20.4 1.6 32.6 1100 State 19.8 5.7 112.9 10.2 2.9 28.9 North 20.3 1.3 26.4 10.8 0.7 7.0 South 18.7 0.7 13.1 14.0 0.4 4.9 1200 State 10.4 1.8 18.7 9.1 0.9 8.2 North 14.6 0.8 11.7 13.1 0.4 5.2 South 12.2 0.6 7.3 7.9 0.3 2.4 1300 State 13.5 1.4 18.9 1.9 0.7 1.4 North 16.7 0.5 8.4 0.2 0.3 0.1 South 17.5 0.5 8.8 12.1 0.3 3.0 1400 State 17.6 1.2 21.1 2.9 0.6 1.7
147
Maximum Network Usage for January to March 2000 Maximum Maximum Max Maximum Max Max Coincident MB per WAN Coincident MB LAN WAN WAN Data LAN per Data Accesses Access Rate Time Loc Accesses Access Rate (Est) (Est) (Est) North 3 0.5 1.4 2.0 0.2 0.5 South 4 0.5 2.1 3.0 0.3 0.8 0800 State 33 2.3 76.7 12.0 1.2 14.0 North 30 3.8 114.8 4.0 1.9 7.7 South 30 2.9 87.8 16.0 1.5 23.4 0900 State 33 1.6 52.0 6.0 0.8 4.7 North 30 0.7 20.3 31.0 0.3 10.5 South 30 0.9 27.0 30.0 0.5 13.5 1000 State 33 9.1 299.5 31.0 4.5 140.7 North 30 0.8 24.8 20.0 0.4 8.3 South 30 2.4 72.0 25.0 1.2 30.0 1100 State 33 4.3 141.1 16.0 2.1 34.2 North 30 1.0 29.3 17.0 0.5 8.3 South 30 0.5 15.8 15.0 0.3 3.9 1200 State 29 1.4 39.2 13.0 0.7 8.8 North 29 0.6 17.4 16.0 0.3 4.8 South 28 0.5 12.6 15.0 0.2 3.4 1300 State 33 1.1 34.7 4.0 0.5 2.1 North 30 0.4 11.3 2.0 0.2 0.4 South 30 0.4 11.3 17.0 0.2 3.2 1400 State 33 0.9 29.7 5.0 0.5 2.3
Average Network Usage for January to March 2000 Average Average Total Average Total Coincident MB per WAN Coincident Average LAN WAN WAN Data LAN MB per Data Accesses Access Transfer Time Loc Accesses Access Transfer (Est) (Est) (Est) North 15.3 2.3 35.2 4.0 1.2 4.6 South 15.4 1.3 20.0 3.7 0.7 2.4 1500 State 16.0 41.0 656.0 5.7 20.5 116.3 North 12.7 11.3 143.5 4.6 5.7 26.2 South 14.6 9.4 137.2 5.4 4.7 25.3 1600 State 21.1 33.1 698.4 5.2 16.6 86.3 North 16.8 1.4 23.5 5.1 0.7 3.6 South 14.9 4.3 64.1 8.5 2.2 18.3 1700 State 7.1 6.2 44.0 5.7 3.1 17.6 North 8.6 5.2 44.7 4.0 2.6 10.4 South 5.6 4.0 22.4 2.0 2.0 4.0 1800 State 3.3 3.2 10.6 3.3 1.6 5.2 North 3.6 1.0 3.6 0.4 0.5 0.2 South 2.7 0.9 2.4 0.7 0.5 0.3 1900 State 5.6 0.5 2.8 4.8 0.3 1.2 North 5.1 0.5 2.6 4.0 0.3 1.0 South 3.3 0.3 1.0 3.1 0.2 0.5 2000 State 3.2 0.4 1.3 1.7 0.2 0.3 North 2.6 0.3 0.8 1.2 0.2 0.2 South 1.8 0.5 0.9 0.6 0.3 0.2 2100 State 2.1 0.2 0.4 1.0 0.1 0.1
148
Maximum Network Usage for January to March 2000 Maximum Maximum Max Maximum Max Max Coincident MB per WAN Coincident MB LAN WAN WAN Data LAN per Data Accesses Access Rate Time Loc Accesses Access Rate (Est) (Est) (Est) North 30 1.7 51.8 6.0 0.9 5.2 South 30 1.0 29.3 6.0 0.5 2.9 1500 State 33 30.8 1014.8 7.0 15.4 107.6 North 30 8.5 254.3 8.0 4.2 33.9 South 30 7.1 211.5 7.0 3.5 24.7 1600 State 33 24.8 819.2 7.0 12.4 86.9 North 30 1.1 31.5 6.0 0.5 3.2 South 30 3.2 96.8 12.0 1.6 19.4 1700 State 27 4.7 125.6 9.0 2.3 20.9 North 27 3.9 105.3 7.0 2.0 13.7 South 26 3.0 78.0 8.0 1.5 12.0 1800 State 25 2.4 60.0 6.0 1.2 7.2 North 27 0.8 20.3 5.0 0.4 1.9 South 28 0.7 18.9 3.0 0.3 1.0 1900 State 22 0.4 8.3 9.0 0.2 1.7 North 16 0.4 6.0 7.0 0.2 1.3 South 18 0.2 4.1 5.0 0.1 0.6 2000 State 28 0.3 8.4 4.0 0.2 0.6 North 21 0.2 4.7 3.0 0.1 0.3 South 23 0.4 8.6 2.0 0.2 0.4 2100 State 15 0.2 2.3 3.0 0.1 0.2
Average Network Usage for January to March 2000 Average Average Total Average Total Coincident MB per WAN Coincident Average LAN WAN WAN Data LAN MB per Data Accesses Access Transfer Time Loc Accesses Access Transfer (Est) (Est) (Est) North 0.9 0.2 0.2 0.8 0.1 0.1 South 0.7 0.3 0.2 0.4 0.2 0.1 2200 State 1.0 0.4 0.4 0.3 0.2 0.1 North 0.9 0.5 0.5 0.7 0.3 0.2 South 0.6 0.2 0.1 0.0 0.0 0.0 2300 State 0.7 0.3 0.2 0.7 0.2 0.1 North 0.5 0.6 0.3 0.4 0.3 0.1 South 0.2 0.4 0.1 0.0 0.0 0.0
149
Maximum Network Usage for January to March 2000 Maximum Maximum Max Maximum Max Max Coincident MB per WAN Coincident MB LAN WAN WAN Data LAN per Data Accesses Access Rate Time Loc Accesses Access Rate (Est) (Est) (Est) North 11 0.2 1.7 2.0 0.1 0.2 South 12 0.2 2.7 4.0 0.1 0.5 2200 State 9 0.3 2.7 5.0 0.2 0.8 North 3 0.4 1.1 5.0 0.2 0.9 South 6 0.2 0.9 0.0 0.0 0.0 2300 State 7 0.2 1.6 2.0 0.1 0.2 North 6 0.5 2.7 1.0 0.2 0.2 South 5 0.3 1.5 0.0 0.0 0.0
7.2 Monitoring Network The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages. It is a subset of the functions involved in network management. While an intrusion detection system monitors a network for threats from the outside, a network monitoring system monitors the network for problems caused by overloaded and/or crashed servers, network connections or other devices. For example, to determine the status of a webserver, monitoring software may periodically send an HTTP request to fetch a page. For email servers, a test message might be sent through SMTP and retrieved by IMAP or POP3. Commonly measured metrics are response time, availability and uptime, although both consistency and reliability metrics are starting to gain popularity. The widespread addition of WAN optimization devices is having an adverse effect on most network monitoring tools -- especially when it comes to measuring accurate end-to-end response time because they limit round trip visibility.[1] Status request failures - such as when a connection cannot be established, it times-out, or the document or message cannot be retrieved - usually produce an action from the monitoring system. These actions vary -- an alarm may be sent (via SMS, email, etc.) to the resident sysadmin, automatic failover systems may be activated to remove the troubled server from duty until it can be repaired, etc. Monitoring the performance of a network uplink is also known as network traffic measurement, and more software is listed there.
Network tomography Network tomography is an important area of network measurement, which deals with monitoring the health of various links in a network using end-toend probes sent by agents located at vantage points in the network/Internet.
Route analytics
150
Route analytics is another important area of network measurement. It includes the methods, systems, algorithms and tools to monitor the routing posture of networks. Incorrect routing or routing issues cause undesirable performance degradation or downtime. Various types of protocols Website monitoring service can check HTTP pages, HTTPS, SNMP, FTP, SMTP, POP3, IMAP, DNS, SSH, TELNET, SSL, TCP, ICMP, SIP, UDP, Media Streaming and a range of other ports with a variety of check intervals ranging from every four hours to every one minute. Typically, most network monitoring services test your server anywhere between once-per-hour to onceper-minute.
7.3 Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP networks". Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more.[1] It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects. SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.
Principle of SNMP Communication In typical SNMP uses, one or more administrative computers, called managers, have the task of monitoring or managing a group of hosts or devices on a computer network. Each managed system executes, at all times, a software component called an agent which reports information via SNMP to the manager.
151
Essentially, SNMP agents expose management data on the managed systems as variables. The protocol also permits active management tasks, such as modifying and applying a new configuration through remote modification of these variables. The variables accessible via SNMP are organized in hierarchies. These hierarchies, and other metadata (such as type and description of the variable), are described by Management Information Bases (MIBs).
An SNMP-managed network consists of three key components:
Managed device Agent — software which runs on managed devices Network management system (NMS) — software which runs on the manager
A managed device is a network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional access to node-specific information. Managed devices exchange node-specific information with the NMSs. Sometimes called network elements, the managed devices can be any type of device, including, but not limited to, routers, access servers, switches, bridges, hubs, IP telephones, IP video cameras, computer hosts, and printers. An agent is a network-management software module that resides on a managed device. An agent has local knowledge of management information and translates that information to or from an SNMP specific form. A network management system (NMS) executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network.
7.4 Network Security Network security[1] consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or
152
are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.
Network security concepts
Network security starts with authenticating, commonly with a username and a password. Since this requires just one detail authenticating the user name —i.e. the password— this is sometimes termed one-factor authentication. With two-factor authentication, something the user 'has' is also used (e.g. a security token or 'dongle', an ATM card, or a mobile phone); and with threefactor authentication, something the user 'is' is also used (e.g. a fingerprint or retinal scan). Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high-level analysis. Communication between two hosts using a network may be encrypted to maintain privacy. Honeypots, essentially decoy network-accessible resources, may be deployed in a network as surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate purposes. Techniques used by the attackers that attempt to compromise these decoy resources are
153
studied during and after an attack to keep an eye on new exploitation techniques. Such analysis may be used to further tighten security of the actual network being protected by the honeypot.
Security management Security management for networks is different for all kinds of situations. A home or small office may only require basic security while large businesses may require high-maintenance and advanced software and hardware to prevent malicious attacks from hacking and spamming.
Homes & Small Businesses
A basic firewall or a unified threat management system. For Windows users, basic Antivirus software. An anti-spyware program would also be a good idea. There are many other types of antivirus or anti-spyware programs available. When using a wireless connection, use a robust password. Also try to use the strongest security supported by your wireless devices, such as WPA2 with AES. TKIP may be more widely supported by your devices and should only be considered in cases where they are NOT compliant with AES. If using Wireless: Change the default SSID network name, also disable SSID Broadcast; as this function is unnecessary for home use. (Security experts consider this to be easily bypassed with modern technology and some knowledge of how wireless traffic is detected by software).[5] Enable MAC Address filtering to keep track of all home network MAC devices connecting to your router. (This is not a security feature per se; However it can be used to limit and strictly monitor your DHCP address pool for unwanted intruders if not just by exclusion, but by AP association.) Assign STATIC IP addresses to network devices. (This is not a security feature per se; However it may be used, in conjunction with other features, to make your AP less desirable to would-be intruders.) Disable ICMP ping on router. Review router or firewall logs to help identify abnormal network connections or traffic to the Use passwords for all accounts.
154
For Windows users, Have multiple accounts per family member and use non-administrative accounts for day-to-day activities. Raise awareness about information security to children.[6] Medium businesses
A fairly strong firewall or Unified Threat Management System Strong Antivirus software and Internet Security Software. For authentication, use strong passwords and change them on a biweekly/monthly basis. When using a wireless connection, use a robust password. Raise awareness about physical security to employees. Use an optional network analyzer or network monitor. An enlightened administrator or manager. Use a VPN, or Virtual Private Network, to communicate between a main office and satellite offices using the Internet as a connectivity medium. A VPN offers a solution to the expense of leasing a data line while providing a secure network for the offices to communicate. A VPN provides the business with a way to communicate between two in a way mimics a private leased line. Although the Internet is used, it is private because the link is encrypted and convenient to use. A medium sized business needing a secure way to connect several offices will find this a good choice.[7] Clear employee guidelines should be implemented for using the Internet, including access to non-work related websites, sending and receiving information. Individual accounts to log on and access company intranet and Internet with monitoring for accountability. Have a back-up policy to recover data in the event of a hardware failure or a security breach that changes, damages or deletes data. Disable Messenger. Assign several employees to monitor a group like CERT[8] which studies Internet security vulnerabilities and develops training to help improve security.
Large businesses
A strong firewall and proxy, or network Guard, to keep unwanted people out. A strong Antivirus software package and Internet Security Software package.
155
For authentication, use strong passwords and change it on a weekly/biweekly basis. When using a wireless connection, use a robust password. Exercise physical security precautions to employees. Prepare a network analyzer or network monitor and use it when needed. Implement physical security management like closed circuit television for entry areas and restricted zones. Security fencing to mark the company's perimeter. Fire extinguishers for fire-sensitive areas like server rooms and security rooms. Security guards can help to maximize physical security. School
An adjustable firewall and proxy to allow authorized users access from the outside and inside. Strong Antivirus software and Internet Security Software packages. Wireless connections that lead to firewalls. Children's Internet Protection Act compliance. (Only schools in the USA) Supervision of network to guarantee updates and changes based on popular site usage. Constant supervision by teachers, librarians, and administrators to guarantee protection against attacks by both internet and sneakernet sources. An enforceable and easy to understand acceptable use policy which differentiates between school owned and personally owned devices FERPA compliance for institutes of higher education network
Large government
A strong firewall and proxy to keep unwanted people out. Strong antivirus software and Internet Security Software suites. Strong encryption. Whitelist authorized wireless connection, block all else. All network hardware is in secure zones. All hosts should be on a private network that is invisible from the outside. Host web servers in a DMZ, or a firewall from the outside and from the inside. 156
Security fencing to mark perimeter and set wireless range to this. Inventory controls of government owned mobile .
Types of Attacks Networks are subject to attacks from malicious sources. Attacks can be from two categories: "Passive" when a network intruder intercepts data traveling through the network, and "Active" in which an intruder initiates commands to disrupt the network's normal operation.[9]
Types of attacks include:
Passive o Network o wiretapping o Port scanner o Idle scan
Active o Denial-of-service attack o Spoofing o Man in the middle o ARP poisoning o Smurf attack o Buffer overflow o Heap overflow o Format string attack o SQL injection o cyber attack
7.5 Future networking technologies ADSL Asymmetric digital subscriber line (ADSL) is a type of digital subscriber line (DSL) technology, a data communications technology that enables faster data transmission over copper telephone lines than a conventional voiceband modem can provide. It does this by utilizing frequencies that are not used by 157
a voice telephone call.[1] A splitter, or DSL filter, allows a single telephone connection to be used for both ADSL service and voice calls at the same time. ADSL can generally only be distributed over short distances from the telephone exchange (the last mile), typically less than 4 kilometres (2 mi),[2] but has been known to exceed 8 kilometres (5 mi) if the originally laid wire gauge allows for further distribution. At the telephone exchange the line generally terminates at a digital subscriber line access multiplexer (DSLAM) where another frequency splitter separates the voice band signal for the conventional phone network. Data carried by the ADSL are typically routed over the telephone company's data network and eventually reach a conventional Internet Protocol network. HDSL High-bit-rate digital subscriber line (HDSL) was the first DSL technology to use a higher frequency spectrum of copper, twisted pair cables. HDSL was developed in the US, as a better technology for high-speed, synchronous circuits typically used to interconnect local exchange carrier systems, and also to carry high-speed corporate data links and voice channels, using T1 lines. HDSL service types include HDSL1, HDSL2 and HDSL4 and are typically transmitted over twisted pair cables or over fiber optics.
158
H0, H11 and H12 H0, H11 and H12 is a radio channel – a narrowband channel that describes channel in which the bandwidth of the message does not significantly exceed the channel's coherence bandwidth. It is a common misconception that narrowband refers to a channel which occupies only a "small" amount of space on the radio spectrum. In the study of wireless channels, narrowband implies that the channel under consideration is sufficiently narrow that its frequency response can be considered flat. The message bandwidth will therefore be less than the coherence bandwidth of the channel. This is usually used as an idealizing assumption; no channel has perfectly flat fading, but the analysis of many aspects of wireless systems is greatly simplified if flat fading can be assumed. Narrowband can also be used with the audio spectrum to describe sounds which occupy a narrow range of frequencies. In telephony, narrowband is usually considered to cover frequencies 300–3400 Hz.
H.320 H.320 is an umbrella recommendation by the ITU-T for running Multimedia (Audio/Video/Data) over ISDN based networks. The main protocols in this suite are H.221, H.230, H.242, audio codecs such as G.711, and video codecs such as H.261 and H.263. It is formally named as Narrow-band visual telephone systems and terminal equipment. It specifies technical requirements for narrow-band visual telephone systems and terminal equipment, typically for videoconferencing and videophone services. It describes a generic system configuration consisting of a number of elements which are specified by respective ITU-T Recommendations, definition of communication modes and terminal types, call control arrangements, terminal aspects and interworking requirements. The service requirements for visual telephone services are presented in ITU-T Recs F.720 for videotelephony and F.702 for videoconference. Video and audio coding systems and other technical aspects common to audiovisual services are covered in other Recommendations in the H.200/F.700-series. Narrow-band for this specification is defined as bit rates ranging from 64 kbit/s to 1920 kbit/s. This channel capacity may be provided as a single B/H0/H11/H12-channel or multiple B/H0-channels in ISDN. Used video codecs: H.261, and optionally H.262, H.263, H.264 according to the video
159
hierarchy specified in specification, and in ITU-T Recs H.241 and H.242. H.261 is mandatory in any enhanced H.320 system with video capability. Baseline H.263 capability shall be required in systems that use enhanced video modes. Used audio codecs: G.711, and optionally G.722, G.728, G.723.1, G.729. (Example of usage: If a visual telephone interworks with a wideband speech terminal, G.722 audio may be used instead of G.711 audio.)
ISO - GBps Ethernet In computer networking, gigabit Ethernet (GbE or 1 GigE) is a term describing various technologies for transmitting Ethernet frames at a rate of a gigabit per second (1,000,000,000 bits per second), as defined by the IEEE 802.3-2008 standard. It came into use beginning in 1999, gradually supplanting Fast Ethernet in wired local networks, where it performed considerably faster. The cables and equipment are very similar to previous standards and were very common and economical by 2010. Half-duplex gigabit links connected through hubs are allowed by the specification,[1] but full-duplex usage with switches is much more common. Fiber Channel Fibre Channel, or FC, is a high-speed network technology (commonly running at 2-, 4-, 8- and 16-gigabit speeds) primarily used for storage networking. Fibre Channel is standardized in the T11 Technical Committee of the International Committee for Information Technology Standards (INCITS), an American National Standards Institute (ANSI)-accredited standards committee. Fibre Channel was primarily used in the supercomputer field, but has now become the standard connection type for storage area networks (SAN) in enterprise storage. Despite its name, Fibre Channel signaling can run on twisted pair copper wire in addition to fiber-optic cables. Fibre Channel Protocol (FCP) is a transport protocol (similar to TCP used in IP networks) that predominantly transports SCSI commands over Fibre Channel networks.
Wireless Networks
160
Wireless network refers to any type of computer network that is not connected by cables of any kind. It is a method by which homes, telecommunications networks and enterprise (business) installations avoid the costly process of introducing cables into a building, or as a connection between various equipment locations.[1] Wireless telecommunications networks are generally implemented and administered using radio communication. This implementation takes place at the physical level (layer) of the OSI model network structure. Types of wireless networks:
Wireless PAN Wireless LAN Wireless mesh network Wireless MAN Wireless WAN Cellular network
Wireless PAN Wireless personal area networks (WPANs) interconnect devices within a relatively small area, that is generally within a person's reach.[3] For example, both Bluetooth radio and invisible infrared light provides a WPAN for interconnecting a headset to a laptop. ZigBee also supports WPAN applications.[4] Wi-Fi PANs are becoming commonplace (2010) as equipment designers start to integrate Wi-Fi into a variety of consumer electronic devices. Intel "My WiFi" and Windows 7 "virtual Wi-Fi" capabilities have made Wi-Fi PANs simpler and easier to set up and configure.[5] Wireless LAN A wireless local area network (WLAN) links two or more devices over a short distance using a wireless distribution method, usually providing a connection through an access point for Internet access. The use of spread-spectrum or OFDM technologies may allow users to move around within a local coverage area, and still remain connected to the network.
161
Products using the IEEE 802.11 WLAN standards are marketed under the Wi-Fi brand name. Fixed wireless technology implements point-to-point links between computers or networks at two distant locations, often using dedicated microwave or modulated laser light beams over line of sight paths. It is often used in cities to connect networks in two or more buildings without installing a wired link. Wireless mesh network A wireless mesh network is a wireless network made up of radio nodes organized in a mesh topology. Each node forwards messages on behalf of the other nodes. Mesh networks can "self heal", automatically re-routing around a node that has lost power. Wireless MAN Wireless metropolitan area networks are a type of wireless network that connects several wireless LANs. WiMAX is a type of Wireless MAN and is described by the IEEE 802.16 standard.[6]
Wireless WAN Wireless wide area networks are wireless networks that typically cover large areas, such as between neighboring towns and cities, or city and suburb. These networks can be used to connect branch offices of business or as a public internet access system. The wireless connections between access points are usually point to point microwave links using parabolic dishes on the 2.4 GHz band, rather than omnidirectional antennas used with smaller networks. A typical system contains base station gateways, access points and wireless bridging relays. Other configurations are mesh systems where each access point acts as a relay also. When combined with renewable energy systems such as photo-voltaic solar panels or wind systems they can be stand alone systems. Cellular network A cellular network or mobile network is a radio network distributed over land areas called cells, each served by at least one fixed-location transceiver,
162
known as a cell site or base station. In a cellular network, each cell characteristically uses a different set of radio frequencies from all their immediate neighbouring cells to avoid any interference. When joined together these cells provide radio coverage over a wide geographic area. This enables a large number of portable transceivers (e.g., mobile phones, pagers, etc.) to communicate with each other and with fixed transceivers and telephones anywhere in the network, via base stations, even if some of the transceivers are moving through more than one cell during transmission. Although originally intended for cell phones, with the development of smartphones, cellular telephone networks routinely carry data in addition to telephone conversations: Global System for Mobile Communications (GSM): The GSM network is divided into three major systems: the switching system, the base station system, and the operation and support system. The cell phone connects to the base system station which then connects to the operation and support station; it then connects to the switching station where the call is transferred to where it needs to go. GSM is the most common standard and is used for a majority of cell phones. Personal Communications Service (PCS): PCS is a radio band that can be used by mobile phones in North America and South Asia. Sprint happened to be the first service to set up a PCS. D-AMPS: Digital Advanced Mobile Phone Service, an upgraded version of AMPS, is being phased out due to advancement in technology. The newer GSM networks are replacing the older system.
163
References/ Text Book
a. Stallings, W. 2005. Business Data Communications, 5th Edition, New York: Prentice Hall. b. McGraw-Hill. c. Stallings, W. 2004. Data and Computer Communication, 7th Edition, New York: MacMillan. d. Comer, D. D. R. 2004. Computer Networks and Internets with Internet Applications, New Jersey: Prentice Hall. e. Tanenbaum, A.S. 2003, Computer Networks, 4th Edition, New Jersey: Prentice Hall.
164
What this module covers This module explains the basics of computer networks starting from data communication until the recent high-tech computers networks. The topics discussed in it are the local area network until wide area network. This module also describes communication protocol and the OSI reference model as well as TCP / IP. Hopefully students will gain useful knowledge from this module and become learned computer networks in the future. Centre for diploma Study UTHM© 2014
165
