Copyright©2015byMcGraw-HillEducation.Allrightsreserved.Exceptaspermitted undertheUnitedStatesCopyrightActof1976,nopartofthispublicationmaybe reproducedordistributedinanyformorbyanymeans,orstoredinadatabaseorretrieval system,withoutthepriorwrittenpermissionofthepublisher. ISBN:978-0-07-182765-2 MHID:0-07-182765-X ThematerialinthiseBookalsoappearsintheprintversionofthistitle:ISBN:978-0-07182764-5,MHID:0-07-182764-1. eBookconversionbycodeMantra Version1.0 Alltrademarksaretrademarksoftheirrespectiveowners.Ratherthanputatrademark symbolaftereveryoccurrenceofatrademarkedname,weusenamesinaneditorial fashiononly,andtothebenefitofthetrademarkowner,withnointentionofinfringement ofthetrademark.Wheresuchdesignationsappearinthisbook,theyhavebeenprinted withinitialcaps. McGraw-HillEducationeBooksareavailableatspecialquantitydiscountstouseas premiumsandsalespromotionsorforuseincorporatetrainingprograms.Tocontacta representative,pleasevisittheContactUspageatwww.mhprofessional.com. InformationhasbeenobtainedbyMcGraw-HillEducationfromsourcesbelievedtobe reliable.However,becauseofthepossibilityofhumanormechanicalerrorbyoursources, McGraw-HillEducation,orothers,McGraw-HillEducationdoesnotguaranteethe accuracy,adequacy,orcompletenessofanyinformationandisnotresponsibleforany errorsoromissionsortheresultsobtainedfromtheuseofsuchinformation. TERMSOFUSE ThisisacopyrightedworkandMcGraw-HillEducationanditslicensorsreserveallrights inandtothework.Useofthisworkissubjecttotheseterms.Exceptaspermittedunder theCopyrightActof1976andtherighttostoreandretrieveonecopyofthework,you maynotdecompile,disassemble,reverseengineer,reproduce,modify,createderivative worksbasedupon,transmit,distribute,disseminate,sell,publishorsublicensetheworkor anypartofitwithoutMcGraw-HillEducation’spriorconsent.Youmayusetheworkfor yourownnoncommercialandpersonaluse;anyotheruseoftheworkisstrictly prohibited.Yourrighttousetheworkmaybeterminatedifyoufailtocomplywiththese terms. THEWORKISPROVIDED“ASIS.”McGRAW-HILLEDUCATIONANDITS LICENSORSMAKENOGUARANTEESORWARRANTIESASTOTHE ACCURACY,ADEQUACYORCOMPLETENESSOFORRESULTSTOBE OBTAINEDFROMUSINGTHEWORK,INCLUDINGANYINFORMATIONTHAT CANBEACCESSEDTHROUGHTHEWORKVIAHYPERLINKOROTHERWISE, ANDEXPRESSLYDISCLAIMANYWARRANTY,EXPRESSORIMPLIED, INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOF MERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE.McGraw-Hill Educationanditslicensorsdonotwarrantorguaranteethatthefunctionscontainedinthe workwillmeetyourrequirementsorthatitsoperationwillbeuninterruptedorerrorfree. NeitherMcGraw-HillEducationnoritslicensorsshallbeliabletoyouoranyoneelsefor anyinaccuracy,errororomission,regardlessofcause,intheworkorforanydamages resultingtherefrom.McGraw-HillEducationhasnoresponsibilityforthecontentofany informationaccessedthroughthework.UndernocircumstancesshallMcGraw-Hill Educationand/oritslicensorsbeliableforanyindirect,incidental,special,punitive, consequentialorsimilardamagesthatresultfromtheuseoforinabilitytousethework, evenifanyofthemhasbeenadvisedofthepossibilityofsuchdamages.Thislimitationof liabilityshallapplytoanyclaimorcausewhatsoeverwhethersuchclaimorcausearises incontract,tortorotherwise. Greatthanksandhumbleappreciationto allofthosewhohelpedwiththisbook. Andtomykidsandtheirkids,andever andalwaystoSandy. AbouttheAuthor BobbiSandbergisasmallbusinessconsultantandretiredCPAwhohasbeenatrainer, instructor,andteacherofallthingscomputerinthePacificNorthwestformorethan40 years.Shehas“played”withcomputerssincetheyoccupiedentireroomsandrequired perforatedpapertapeandpunchcards.Today,sheteacheshardwareandsoftwareclasses, solveshardwareandsoftwareissuesforanumberofclients,andkeepsnetworks functionalonaregularbasis.Bobbiistheauthororcoauthorofseveralcomputerbooks, includingQuickBooks2015:TheSmallBusinessGuide,Quicken2015:TheOfficial Guide,Quicken2014:TheOfficialGuide,MicrosoftOffice2013QuickSteps,and ComputingforSeniorsQuickSteps. AbouttheTechnicalEditors RandalNollanhasbeenworkingwithtechnologysincethelate1970swhenhewrotehis firstprogramonpinkpunchcards.RandaljoinedtheU.S.Navyin1980asanAviation Ordnancemanandretiredin2001.Duringthattime,hemaintainedthedBaseIII vaccinationdatabaseforthesquadroncorpsmanandwasalwaysinthethickof maintainingthetokenringnetwork,computers,andterminalstheyhadatthetime.He graduatedfromSkagitValleyCollegeCIS(networking)andMIT(programming)in2003. HeworkedinInternettechsupportfrom2003to2005andhassincebeenworkingin computerrepairforalocaltelephonecompanyonWhidbeyIsland,Washington.Inhis sparetime,heenjoystheoutdoorsbyfishing,crabbing,bicycling,camping,andhunting. Indoorfunincludesplayingwithanythingtechrelated,remodelinghishome,andmaking winefromanyfruitthatlandsonhisdoorstep;sometimehemayevenstopworkingand drinkit. DwightSpiveyistheauthorofmorethan20booksoncomputersandtechnologyandhas happilylenthisexpertiseasatechnicaleditortoseveralmoretitles.Dwightishappily marriedtoCindy,andtheyresideontheGulfCoastofAlabamaalongwiththeirfour children.Hestudiestheology,drawscomicstrips,androotsfortheAuburnTigersinhis ever-decreasingsparetime. VanAguirreisaninformationtechnologyspecialistwhohasbroadexperienceinthe field.Sincethelate1990s,hehasdevelopedandtaughtcoursesinnetworkingand multimediatechnology,computingsecurity,computercrimeforensics,ITrisk management,ITbusinesscontinuity,anddisasterrecoveryplanning.Workingwithother ITprofessionals,hehasplannedandmanagedtheimplementationofevolving technologies,includingvirtualization,mobile,andcloudcomputingtosupport institutionalbusinessandstrategicinitiatives.Asaprojectmanagerineducational technology,VanhasestablishedandpromotedsuccessfulapprenticeshipprogramsinIT deskservicemanagementforcollegestudents,integratingLEANprinciplesandITIL processestosupplementtechnicalskills. Contents Acknowledgments Introduction PartINetworkBasics Chapter1WhatIsaNetwork? LocalAreaNetwork Basebandvs.Broadband PacketSwitchingvs.CircuitSwitching CablesandTopologies MediaAccessControl Addressing Repeaters,Bridges,Switches,andRouters WideAreaNetworks ProtocolsandStandards ClientsandServers OperatingSystemsandApplications Chapter2TheOSIReferenceModel CommunicationsBetweentheLayers DataEncapsulation HorizontalCommunications VerticalCommunications EncapsulationTerminology ThePhysicalLayer PhysicalLayerSpecifications PhysicalLayerSignaling TheDataLinkLayer Addressing MediaAccessControl ProtocolIndicator ErrorDetection TheNetworkLayer Routing Fragmenting Connection-OrientedandConnectionlessProtocols TheTransportLayer ProtocolServiceCombinations TransportLayerProtocolFunctions SegmentationandReassembly FlowControl ErrorDetectionandRecovery TheSessionLayer DialogControl DialogSeparation ThePresentationLayer TheApplicationLayer PartIINetworkHardware Chapter3NetworkInterfaceAdapters NICFunctions NICFeatures FullDuplex BusMastering ParallelTasking Wake-on-LANorWake-on-Wireless-LAN SelectingaNIC Protocol TransmissionSpeed NetworkInterface BusInterface Bottlenecks ISAorPCI? IntegratedAdapters Fiber-OpticNICs PortableSystems HardwareResourceRequirements PowerRequirements Servervs.WorkstationNICs Chapter4NetworkInterfaceAdaptersandConnectionDevices Repeaters Hubs PassiveHubs Repeating,Active,andIntelligentHubs TokenRingMAUs HubConfigurations TheUplinkPort StackableHubs ModularHubs Bridges TransparentBridging BridgeLoops SourceRouteBridging BridgingEthernetandTokenRingNetworks Routers RouterApplications RouterFunctions RoutingTables WindowsRoutingTables RoutingTableParsing StaticandDynamicRouting SelectingtheMostEfficientRoute DiscardingPackets PacketFragmentation RoutingandICMP RoutingProtocols Switches SwitchTypes Routingvs.Switching VirtualLANs Layer3Switching Multiple-LayerSwitching Chapter5CablingaNetwork CableProperties CablingStandards DataLinkLayerProtocolStandards CoaxialCable ThickEthernet ThinEthernet CableTelevision Twisted-PairCable UnshieldedTwisted-Pair Category5e Cat6and6a Cat7 ConnectorPinouts ShieldedTwisted-Pair Fiber-OpticCable Fiber-OpticCableConstruction Fiber-OpticConnectors Chapter6WirelessLANs WirelessNetworks AdvantagesandDisadvantagesofWirelessNetworks TypesofWirelessNetworks WirelessApplications TheIEEE802.11Standards ThePhysicalLayer PhysicalLayerFrames TheDataLinkLayer DataLinkLayerFrames MediaAccessControl Chapter7WideAreaNetworks IntroductiontoTelecommunications WANUtilization SelectingaWANTechnology PSTN(POTS)Connections LeasedLines Leased-LineTypes Leased-LineHardware Leased-LineApplications ISDN ISDNServices ISDNCommunications ISDNHardware DSL SwitchingServices Packet-SwitchingServices Circuit-SwitchingServices FrameRelay Frame-RelayHardware VirtualCircuits Frame-RelayMessaging ATM ThePhysicalLayer TheATMLayer TheATMAdaptationLayer ATMSupport SONET Chapter8ServerTechnologies PurchasingaServer UsingMultipleProcessors ParallelProcessing ServerClustering UsingHierarchicalStorageManagement FibreChannelNetworking NetworkStorageSubsystems Chapter9DesigningaNetwork ReasoningtheNeed SeekingApproval DesigningaHomeorSmall-OfficeNetwork SelectingComputers SelectingaNetworkingProtocol ChoosingaNetworkMedium ChoosingaNetworkSpeed DesigninganInternetwork SegmentsandBackbones DistributedandCollapsedBackbones BackboneFaultTolerance SelectingaBackboneLANProtocol ConnectingtoRemoteNetworks SelectingaWANTopology PlanningInternetAccess LocatingEquipment WiringClosets DataCenters FinalizingtheDesign PartIIINetworkProtocols Chapter10EthernetBasics EthernetDefined EthernetStandards EthernetII IEEE802.3 DIXEthernetandIEEE802.3Differences IEEEShorthandIdentifiers CSMA/CD Collisions LateCollisions PhysicalLayerGuidelines 10Base-5(ThickEthernet) 10Base-2(ThinEthernet) 10Base-Tor100Base-T(Twisted-PairEthernet) Fiber-OpticEthernet CablingGuidelines ExceedingEthernetCablingSpecifications TheEthernetFrame TheIEEE802.3Frame TheEthernetIIFrame TheLogicalLinkControlSublayer TheSNAPHeader Full-DuplexEthernet Full-DuplexRequirements Full-DuplexFlowControl Full-DuplexApplications Chapter11100BaseEthernetandGigabitEthernet 100BaseEthernet PhysicalLayerOptions CableLengthRestrictions Autonegotiation GigabitEthernet GigabitEthernetArchitecture MediaAccessControl TheGigabitMedia-IndependentInterface ThePhysicalLayer EthernetTroubleshooting EthernetErrors IsolatingtheProblem 100VG-AnyLAN TheLogicalLinkControlSublayer TheMACandRMACSublayers ThePhysicalMedium–IndependentSublayer TheMedium-IndependentInterfaceSublayer ThePhysicalMedium–DependentSublayer TheMedium-DependentInterface Workingwith100VG-AnyLAN Chapter12NetworkingProtocols TokenRing TheTokenRingPhysicalLayer TokenPassing TokenRingFrames TokenRingErrors FDDI FDDITopology PartIVNetworkSystems Chapter13TCP/IP TCP/IPAttributes TCP/IPArchitecture TheTCP/IPProtocolStack IPVersions IPv4Addressing SubnetMasking IPAddressRegistration SpecialIPAddresses Subnetting PortsandSockets TCP/IPNaming TCP/IPProtocols SLIPandPPP ARP IP Chapter14OtherTCP/IPProtocols IPv6 IPv6Addresses IPv6AddressStructure OtherProtocols ICMP UDP TCP Chapter15TheDomainNameSystem HostTables HostTableProblems DNSObjectives DomainNaming Top-LevelDomains Second-LevelDomains Subdomains DNSFunctions ResourceRecords DNSNameResolution ReverseNameResolution DNSNameRegistration ZoneTransfers DNSMessaging TheDNSHeaderSection TheDNSQuestionSection DNSResourceRecordSections DNSMessageNotation NameResolutionMessages RootNameServerDiscovery ZoneTransferMessages Chapter16InternetServices WebServers SelectingaWebServer HTML HTTP FTPServers FTPCommands FTPReplyCodes FTPMessaging E-mail E-mailAddressing E-mailClientsandServers SimpleMailTransferProtocol PostOfficeProtocol InternetMessageAccessProtocol PartVNetworkOperatingServices Chapter17Windows TheRoleofWindows Versions ServicePacks MicrosoftTechnicalSupport OperatingSystemOverview KernelModeComponents UserModeComponents Services TheWindowsNetworkingArchitecture TheNDISInterface TheTransportDriverInterface TheWorkstationService TheServerService APIs FileSystems FAT16 FAT32 NTFS ResilientFileSystem TheWindowsRegistry OptionalWindowsNetworkingServices ActiveDirectory MicrosoftDHCPServer MicrosoftDNSServer WindowsInternetNamingService Chapter18ActiveDirectory ActiveDirectoryArchitecture ObjectTypes ObjectNaming Domains,Trees,andForests DNSandActiveDirectory GlobalCatalogServer DeployingActiveDirectory CreatingDomainControllers DirectoryReplication Sites MicrosoftManagementConsole DesigninganActiveDirectory PlanningDomains,Trees,andForests Chapter19Linux UnderstandingLinux LinuxDistributions AdvantagesandDisadvantagesofLinux FileSystems LinuxInstallationQuestions DirectoryStructure QuickCommandsinLinux WorkingwithLinuxFiles Journaling Editing LackofFragmentation Chapter20Unix UnixPrinciples UnixArchitecture UnixVersions UnixSystemV BSDUnix UnixNetworking UsingRemoteCommands BerkeleyRemoteCommands DARPACommands NetworkFileSystem Client-ServerNetworking Chapter21OtherNetworkOperatingSystemsandNetworkingintheCloud HistoricalSystems FreeBSD NetBSD OpenBSD OracleSolaris OperatingintheCloud HistoryoftheCloud BenefitsoftheCloud DisadvantagesintheCloud HowtheCloudWorks CloudTypes CloudServiceModels InfrastructureasaService PlatformasaService SoftwareasaService NetworkasaService PartVINetworkServices Chapter22NetworkClients WindowsNetworkClients WindowsNetworkingArchitecture NetWareClients MacintoshClients ConnectingMacintoshSystemstoWindowsNetworks UnixClients Applications UnixAccess Windows7Interface Windows8Interface Chapter23NetworkSecurityBasics SecuringtheFileSystem TheWindowsSecurityModel WindowsFileSystemPermissions UnixFileSystemPermissions VerifyingIdentities FTPUserAuthentication Kerberos PublicKeyInfrastructure DigitalCertificates Token-BasedandBiometricAuthentication SecuringNetworkCommunications IPsec SSL Firewalls PacketFilters NetworkAddressTranslation ProxyServers Circuit-LevelGateways CombiningFirewallTechnologies Chapter24WirelessSecurity WirelessFunctionality WirelessNetworkComponents WirelessRouterTypes WirelessTransmission WirelessAccessPoints CreatingaSecureWirelessNetwork SecuringaWirelessHomeNetwork SecuringaBusinessNetwork SecuringaWirelessRouter SecuringMobileDevices WhatAretheRisks? UnsecuredHomeNetworks WirelessInvasionTools UnderstandingEncryption Chapter25OverviewofNetworkAdministration LocatingApplicationsandDatainWindowsSystems Server-BasedOperatingSystems Server-BasedApplications StoringDataFiles ControllingtheWorkstationEnvironment DriveMappingsinWindows UserProfiles ControllingtheWorkstationRegistry UsingSystemPolicies Chapter26NetworkManagementandTroubleshootingTools OperatingSystemUtilities WindowsUtilities TCP/IPUtilities NetworkAnalyzers FilteringData TrafficAnalysis ProtocolAnalysis CableTesters Chapter27BackingUp BackupHardware BackupCapacityPlanning HardDiskDrives RAIDSystems UsingRAID Network-AttachedStorage MagneticTapeDrives TapeDriveInterfaces MagneticTapeCapacities BackupSoftware SelectingBackupTargets BackingUpOpenFiles RecoveringfromaDisaster JobScheduling RotatingMedia BackupAdministration EventLogging PerformingRestores Index Acknowledgments Thisbook,likemostothers,istheendproductofalotofhardworkbymanypeople.All ofthepeopleinvolveddeservegreatthanks.Aspecialthank-youtothefollowing: •RogerStewart,acquisitionseditoratMcGraw-HillEducation,forhis support,understanding,andalwaysavailableear.Heandhisteamareunbeatable. •Twoothermembersoftheteam,PattyMonandAmandaRussell.Pattyis thefinesteditorialsupervisoraround.Sheisbeyondhelpful,alwaysconsiderate andthoughtful,andjust“there”foranyquestions.Sheisagem.Thegenerous, organized,andalwayson“top”ofanyconcernorissue,editorialcoordinator AmandaRussell.Amandaeitherhastheanswerathandorfindsoutquicklyand reliably.Thesefewdescriptivewordsareonlythetipoftheicebergwhen discussingtheirtalent,professionalism,andalwaysgenerousspirits. •Thetechnicaleditors,RandyNollanandDwightSpivey,forthesupport, suggestions,andideas.Theseskilledandproficientgentlemenmadetheprocess fun.Andaspecialthank-youtoVanAguirreforhishardworkatthebeginningof theproject. •AsheeshRatraandhisteamatMPSLimited,whodeservegreatthanksand appreciationfortheirhardworkandexpertise.Itwasapleasureandhonor workingwiththem! Introduction Thisbookisdesignedasathorough,practicalplanningguideandunderpinningof knowledgeforITnetworkingprofessionalsaroundtheworld,includingstudentsofIT networkingcourses,beginningnetworkadministrators,andthoseseekingworkintheIT networkingfield. BenefittoYou,theReader Afterreadingthisbook,youwillbeabletosetupaneffectivenetwork.Thebookteaches everything,includingmethodology,analysis,caseexamples,tips,andallthetechnical supportingdetailsneededtosuitanITaudience’srequirements,soitwillbenefiteveryone frombeginnerstothosewhoareintermediate-levelpractitioners. WhatThisBookCovers Thisbookcoversthedetailsaswellasthebigpicturefornetworking,includingboth physicalandvirtualnetworks.Itdiscusseshowtoevaluatethevariousnetworkingoptions andexplainshowtomanagenetworksecurityandtroubleshooting. Organization Thisbookislogicallyorganizedintosixparts.Withineachpart,thechaptersstartwith basicconceptsandprocedures,mostofwhichinvolvespecificnetworkingtasks,andthen worktheirwayuptomoreadvancedtopics. Itisnotnecessarytoreadthisbookfrombeginningtoend.Skiparoundasdesired. Thefollowingsectionssummarizethebook’sorganizationandcontents. PartI:NetworkBasics ThispartofthebookintroducesnetworkingconceptsandexplainsboththeOSIand TCP/IPmodels. •Chapter1:WhatIsaNetwork? •Chapter2:TheOSIReferenceModel PartII:NetworkHardware Thispartofthebookdiscussesthevarioushardwareitemsusedinacomputernetwork.It alsoexplainssomebasicswhendesigninganetwork. •Chapter3:NetworkInterfaceAdapters •Chapter4:NetworkInterfaceAdaptersandConnectionDevices •Chapter5:CablingaNetwork •Chapter6:WirelessLANs •Chapter7:WideAreaNetworks •Chapter8:ServerTechnologies •Chapter9:DesigningaNetwork PartIII:NetworkProtocols Thispartofthebookexplainsthevariousrulesandprotocolsfornetworks. •Chapter10:EthernetBasics •Chapter11:100BaseEthernetandGigabitEthernet •Chapter12:NetworkingProtocols PartIV:NetworkSystems Thispartofthebookdiscussesthevariousnetworkoperatingsystems. •Chapter13:TCP/IP •Chapter14:OtherTCP/IPProtocols •Chapter15:TheDomainNameSystem •Chapter16:InternetServices PartV:NetworkOperatingServices Inthispartofthebook,youwilllearnabitmoreaboutthebasicsofsomeoftheother servicesavailable,includingcloudnetworking.InChapter23,youwilllearnsomeofthe basicsneededtosecureyournetwork. •Chapter17:Windows •Chapter18:ActiveDirectory •Chapter19:Linux •Chapter20:Unix •Chapter21:OtherNetworkOperatingSystemsandNetworkinginthe Cloud PartVI:NetworkServices Fromclientstosecuritytotheall-importantbackup,thissectioncoverssomeofthedayto-dayoperationsinnetworking. •Chapter22:NetworkClients •Chapter23:NetworkSecurityBasics •Chapter24:WirelessSecurity •Chapter25:OverviewofNetworkAdministration •Chapter26:NetworkManagementandTroubleshootingTools •Chapter27:BackingUp Conventions Allhow-tobooks—especiallycomputerbooks—havecertainconventionsfor communicatinginformation.Here’sabriefsummaryoftheconventionsusedthroughout thisbook. MenuCommands Windowsandmostotheroperatingsystemsmakecommandsaccessibleonthemenubar atthetopoftheapplicationwindow.Throughoutthisbook,youaretoldwhichmenu commandstochoosetoopenawindowordialogortocompleteatask.Thefollowing formatisusedtoindicatemenucommands:Menu|Submenu(ifapplicable)|Command. Keystrokes Keystrokesarethekeysyoumustpresstocompleteatask.Therearetwokindsof keystrokes: •KeyboardshortcutsCombinationsofkeysyoupresstocompleteatask morequickly.Forexample,theshortcutfor“clicking”aCancelbuttonmaybeto presstheEsckey.Whenyouaretopressakey,youwillseethenameofthekeyin smallcaps,likethis:ESC.Ifyoumustpresstwoormorekeyssimultaneously,they areseparatedwithahyphen,likethis:CTRL-P. •LiteraltextTextyoumusttypeinexactlyasitappearsinthebook. Althoughthisbookdoesn’tcontainmanyinstancesofliteraltext,thereareafew. Literaltexttobetypedisinboldfacetype,likethis:Typehelpattheprompt. •MonospacefontTextthatyouseeatthecommandline.Itlookslikethis: Nslookup–nameserver PART I NetworkBasics CHAPTER1 WhatIsaNetwork? CHAPTER2 TheOSIReferenceModel CHAPTER 1 WhatIsaNetwork? Atitscore,anetworkissimplytwo(ormore)connectedcomputers.Computerscanbe connectedwithcablesortelephonelines,ortheycanconnectwirelesslywithradiowaves, fiber-opticlines,oreveninfraredsignals.Whencomputersareabletocommunicate,they canworktogetherinavarietyofways:bysharingtheirresourceswitheachother,by distributingtheworkloadofaparticulartask,orbyexchangingmessages.Today,themost widelyusednetworkistheInternet.Thisbookexaminesindetailhowcomputersona networkcommunicate;whatfunctionstheyperform;andhowtogoaboutbuilding, operating,andmaintainingthem. Theoriginalmodelforcollaborativecomputingwastohaveasinglelargecomputer connectedtoaseriesofterminals,eachofwhichwouldserviceadifferentuser.Thiswas calledtimesharingbecausethecomputerdivideditsprocessorclockcyclesamongthe terminals.Usingthisarrangement,theterminalsweresimplycommunicationsdevices; theyacceptedinputfromusersthroughakeyboardandsentittothecomputer.Whenthe computerreturnedaresult,theterminaldisplayeditonascreenorprinteditonpaper. Theseterminalsweresometimescalleddumbterminalsbecausetheydidn’tperformany calculationsontheirown.Theterminalscommunicatedwiththemaincomputer,never witheachother. Astimepassedandtechnologyprogressed,engineersbegantoconnectcomputersso thattheycouldcommunicate.Atthesametime,computerswerebecomingsmallerand lessexpensive,givingrisetomini-andmicrocomputers.Thefirstcomputernetworksused individuallinks,suchastelephoneconnections,toconnecttwosystems.Therearea numberofcomputernetworkingtypesandseveralmethodsofcreatingthesetypes,which willbecoveredinthischapter. LocalAreaNetwork SoonafterthefirstIBMPCshitthemarketinthe1980sandrapidlybecameacceptedasa businesstool,theadvantagesofconnectingthesesmallcomputersbecameobvious.Rather thansupplyingeverycomputerwithitsownprinter,anetworkofcomputerscouldsharea singleprinter.Whenoneuserneededtogiveafiletoanotheruser,anetworkeliminated theneedtoswapfloppydisks.Theproblem,however,wasthatconnectingadozen computersinanofficewithindividualpoint-to-pointlinksbetweenallofthemwasnot practical.Theeventualsolutiontothisproblemwasthelocalareanetwork(LAN). ALANisagroupofcomputersconnectedbyasharedmedium,usuallyacable.By sharingasinglecable,eachcomputerrequiresonlyoneconnectionandcanconceivably communicatewithanyothercomputeronthenetwork.ALANislimitedtoalocalareaby theelectricalpropertiesofthecablesusedtoconstructthemandbytherelativelysmall numberofcomputersthatcanshareasinglenetworkmedium.LANsaregenerally restrictedtooperationwithinasinglebuildingor,atmost,acampusofadjacentbuildings. Sometechnologies,suchasfiberoptics,haveextendedtherangeofLANstoseveral kilometers,butitisn’tpossibletouseaLANtoconnectcomputersindistantcities,for example.Thatistheprovinceofthewideareanetwork(WAN),asdiscussedlaterinthis chapter. Inmostcases,aLANisabaseband,packet-switchingnetwork.Anunderstandingof thetermsbasebandandpacketswitching,whichareexaminedinthefollowingsections,is necessarytounderstandhowdatanetworksoperatebecausethesetermsdefinehow computerstransmitdataoverthenetworkmedium. Basebandvs.Broadband Abasebandnetworkisoneinwhichthecableorothernetworkmediumcancarryonlya singlesignalatanyonetime.Abroadbandnetwork,ontheotherhand,cancarrymultiple signalssimultaneously,usingadiscretepartofthecable’sbandwidthforeachsignal.As anexampleofabroadbandnetwork,considerthecabletelevisionserviceyouprobably haveinyourhome.AlthoughonlyonecablerunstoyourTV,itsuppliesyouwithdozens ofchannelsofprogrammingatthesametime.Ifyouhavemorethanonetelevision connectedtothecableservice,theinstallerprobablyusedasplitter(acoaxialfittingwith oneconnectorfortheincomingsignalsandtwoconnectorsforoutgoingsignals)torunthe singlecableenteringyourhousetotwodifferentrooms.ThefactthattheTVscanbe tunedtodifferentprogramsatthesametimewhileconnectedtothesamecableprovesthat thecableisprovidingaseparatesignalforeachchannelatalltimes.Abasebandnetwork usespulsesapplieddirectlytothenetworkmediumtocreateasinglesignalthatcarries binarydatainencodedform.Comparedtobroadbandtechnologies,basebandnetworks spanrelativelyshortdistancesbecausetheyaresubjecttodegradationcausedbyelectrical interferenceandotherfactors.Theeffectivemaximumlengthofabasebandnetworkcable segmentdiminishesasitstransmissionrateincreases.Thisiswhylocalareanetworking protocolssuchasEthernethavestrictguidelinesforcableinstallations. NOTEAcablesegmentisanunbrokennetworkcablethatconnectstwo nodes. PacketSwitchingvs.CircuitSwitching LANsarecalledpacket-switchingnetworksbecausetheircomputersdividetheirdatainto small,discreteunitscalledpacketsbeforetransmittingit.Thereisalsoasimilartechnique calledcellswitching,whichdiffersfrompacketswitchingonlyinthatcellsarealwaysa consistent,uniformsize,whereasthesizeofpacketsisvariable.MostLANtechnologies, suchasEthernet,TokenRing,andFiberDistributedDataInterface(FDDI),usepacket switching.AsynchronousTransferMode(ATM)isthecell-switchingLANprotocolthatis mostcommonlyused. UnderstandingPackets E-mailmaybetheeasiestwaytounderstandpackets.Eachmessageisdividedbythe sendingserviceintoaspecificnumberofbytes,oftenbetween1,000and1,500.Then eachpacketissentusingthemostefficientroute.Forexample,ifyouaresendingan e-mailtoyourcompany’shomeofficefromyourvacationcabin,eachpacketwill probablytravelalongadifferentroute.Thisismoreefficient,andifanyonepieceof equipmentisnotworkingproperlyinthenetworkwhileamessageisbeing transferred,thepacketthatwouldusethatpieceofequipmentcanberoutedaround theproblemareaandsentonanotherroute.Whenthemessagereachesits destination,thepacketsarereassembledfordeliveryoftheentiremessage. SegmentingthedatainthiswayisnecessarybecausethecomputersonaLANsharea singlecable,andacomputertransmittingasingleunbrokenstreamofdatawould monopolizethenetworkfortoolong.Ifyouweretoexaminethedatabeingtransmitted overapacket-switchingnetwork,youwouldseethepacketsgeneratedbyseveraldifferent systemsintermixedonthecable.Thereceivingsystem,therefore,musthaveamechanism forreassemblingthepacketsintothecorrectorderandrecognizingtheabsenceofpackets thatmayhavebeenlostordamagedintransit. Theoppositeofpacketswitchingiscircuitswitching,inwhichonesystemestablishes adedicatedcommunicationchanneltoanothersystembeforeanydataistransmitted.In thedatanetworkingindustry,circuitswitchingisusedforcertaintypesofwidearea networkingtechnologies,suchasIntegratedServicesDigitalNetwork(ISDN)andframe relay.Theclassicexampleofacircuit-switchingnetworkisthepublictelephonesystem. Whenyouplaceacalltoanotherperson,aphysicalcircuitisestablishedbetweenyour telephoneandtheirs.Thiscircuitremainsactivefortheentiredurationofthecall,andno oneelsecanuseit,evenwhenitisnotcarryinganydata(thatis,whennooneistalking). Intheearlydaysofthetelephonesystem,everyphonewasconnectedtoacentral officewithadedicatedcable,andoperatorsusingswitchboardsmanuallyconnecteda circuitbetweenthetwophonesforeverycall.Whiletodaytheprocessisautomatedand thetelephonesystemtransmitsmanysignalsoverasinglecable,theunderlyingprinciple isthesame. LANswereoriginallydesignedtoconnectasmallnumberofcomputersintowhat latercametobecalledaworkgroup.Ratherthaninvestingahugeamountofmoneyintoa large,mainframecomputerandthesupportsystemneededtorunit,businessownerscame torealizethattheycouldpurchaseafewcomputers,cablethemtogether,andperform mostofthecomputingtaskstheyneeded.Asthecapabilitiesofpersonalcomputersand applicationsgrew,sodidthenetworks,andthetechnologyusedtobuildthemprogressed aswell. CablesandTopologies MostLANsarebuiltaroundcoppercablesthatusestandardelectricalcurrentstorelay theirsignals.Originally,mostLANsconsistedofcomputersconnectedwithcoaxial cables,buteventually,thetwisted-paircablingusedfortelephonesystemsbecamemore popular.Anotheralternativeisfiber-opticcable,whichdoesn’tuseelectricalsignalsatall butinsteadusespulsesoflighttoencodebinarydata.Othertypesofnetwork infrastructureseliminatecablesentirelyandtransmitsignalsusingwhatisknownas unboundedmedia,suchasradiowaves,infrared,andmicrowaves. NOTEFormoreinformationaboutthevarioustypesofcablesusedindata networking,seeChapter5. LANsconnectcomputersusingvarioustypesofcablingpatternscalledtopologies (seeFigure1-1),whichdependonthetypeofcableusedandtheprotocolsrunningonthe computers.Themostcommontopologiesareasfollows: •BusAbustopologytakestheformofacablethatrunsfromonecomputerto thenextoneinadaisy-chainfashion,muchlikeastringofChristmastreelights. Allofthesignalstransmittedbythecomputersonthenetworktravelalongthe businbothdirectionstoalloftheothercomputers.Thetwoendsofthebusmust beterminatedwithelectricalresistorsthatnullifythevoltagesreachingthemso thatthesignalsdonotreflectintheotherdirection.Theprimarydrawbackofthe bustopologyisthat,likethestringofChristmaslightsitresembles,afaultinthe cableanywherealongitslengthsplitsthenetworkintwoandpreventssystemson oppositesidesofthebreakfromcommunicating.Inaddition,thelackof terminationateitherhalfcanpreventcomputersthatarestillconnectedfrom communicatingproperly.AswithChristmaslights,findingasinglefaulty connectioninalargebusnetworkcanbetroublesomeandtimeconsuming.Most coaxialcablenetworks,suchastheoriginalEthernetLANs,useabustopology. •Star(hubandspoke)Astartopologyusesaseparatecableforeach computerthatrunstoacentralcablingnexuscalledahuborconcentrator.The hubpropagatesthesignalsenteringthroughanyoneofitsportsoutthroughallof theotherportssothatthesignalstransmittedbyeachcomputerreachalltheother computers.Hubsalsoamplifythesignalsastheyprocessthem,enablingthemto travellongerdistanceswithoutdegrading.Astarnetworkismorefaulttolerant thanabusbecauseabreakinacableaffectsonlythedevicetowhichthatcableis connected,nottheentirenetwork.Mostofthenetworkingprotocolsthatcallfor twisted-paircable,suchas10Base-Tand100Base-TEthernet,usethestar topology. •StarbusAstarbustopologyisonemethodforexpandingthesizeofaLAN beyondasinglestar.Inthistopology,anumberofstarnetworksarejoined togetherusingaseparatebuscablesegmenttoconnecttheirhubs.Eachcomputer canstillcommunicatewithanyothercomputeronthenetworkbecauseeachof thehubstransmitsitsincomingtrafficoutthroughthebusportaswellastheother starports.Designedtoexpand10Base-TEthernetnetworks,thestarbusisrarely seentodaybecauseofthespeedlimitationsofcoaxialbusnetworks,whichcan functionasabottleneckthatdegradestheperformanceoffasterstarnetwork technologiessuchasFastEthernet. •RingThistopologyissimilartoabustopology,exceptthesetopologies transmitinonedirectiononlyfromstationtostation.Aringtopologyoftenuses separatephysicalportsandwirestosendandreceivedata.Aringtopologyis functionallyequivalenttoabustopologywiththetwoendsconnectedsothat signalstravelfromonecomputertothenextinanendlesscircularfashion. However,thecommunicationsringisonlyalogicalconstruct,notaphysicalone. Thephysicalnetworkisactuallycabledusingastartopology,andaspecialhub calledamultistationaccessunit(MSAU)implementsthelogicalringbytaking eachincomingsignalandtransmittingitoutthroughthenextdownstreamport only(insteadofthroughalloftheotherports,likeastarhub).Eachcomputer, uponreceivinganincomingsignal,processesit(ifnecessary)andsendsitright backtothehubfortransmissiontothenextstationonthering.Becauseofthis arrangement,systemsthattransmitsignalsontothenetworkmustalsoremovethe signalsaftertheyhavetraversedtheentirering.Networksconfiguredinaring topologycanuseseveraldifferenttypesofcable.TokenRingnetworks,for example,usetwisted-paircables,whileFDDInetworksusetheringtopologywith fiber-opticcable. •DaisychainsThesetopologiesarethesimplestformasonedeviceis connectedtoanotherthroughserialports.Thinkofacomputerhookedtoaprinter andtheprinter,inturn,beinghookedtoalaptop. •HierarchicalstarThehierarchicalstartopologyisthemostcommon methodforexpandingastarnetworkbeyondthecapacityofitsoriginalhub. Whenahub’sportsareallfilledandyouhavemorecomputerstoconnecttothe network,youcanconnecttheoriginalhubtoasecondhubusingacableplugged intoaspecialportdesignatedforthispurpose.Trafficarrivingateitherhubisthen propagatedtotheotherhubaswellastotheconnectedcomputers.Thenumberof hubsthatasingleLANcansupportisdependentontheprotocolituses. Figure1-1Commoncabletopographies Thetopologiesdiscussedherearephysicaltopologies,whichdifferfromlogical topologiesthatarediscussedinlaterchapters.Physicaltopologiesrefertotheplacement ofcablesandothercomponentsofthenetwork.Logicaltopologiesrefertotheflowof dataonthenetwork. MediaAccessControl Whenmultiplecomputersareconnectedtothesamebasebandnetworkmedium,there mustbeamediaaccesscontrol(MAC)mechanismthatarbitratesaccesstothenetworkto preventsystemsfromtransmittingdataatthesametime.AMACmechanismisa fundamentalpartofalllocalareanetworkingprotocolsthatuseasharednetworkmedium. ThetwomostcommonMACmechanismsareCarrierSenseMultipleAccesswith CollisionDetection(CSMA/CD),whichisusedbyEthernetnetworks,andtokenpassing, whichisusedbyTokenRing,FDDI,andotherprotocols.Thesetwomechanismsare fundamentallydifferent,buttheyaccomplishthesametaskbyprovidingeachsystemon thenetworkwithanequalopportunitytotransmititsdata.(Formoreinformationabout theseMACmechanisms,seeChapter10forCSMA/CDandChapter12fortoken passing.) Addressing Forsystemsonasharednetworkmediumtocommunicateeffectively,theymusthave somemeansofidentifyingeachother,usuallysomeformofnumericaladdress.Inmost cases,thenetworkinterfacecard(NIC)installedintoeachcomputerhasanaddresshardcodedintoitatthefactory,calleditsMACaddressorhardwareaddress,whichuniquely identifiesthatcardamongallothers.Everypacketthateachcomputertransmitsoverthe networkcontainstheaddressofthesendingcomputerandtheaddressofthesystemfor whichthepacketisintended. InadditiontotheMACaddress,systemsmayhaveotheraddressesoperatingatother layers.Forexample,TransmissionControlProtocol/InternetProtocol(TCP/IP)requires thateachsystembeassignedauniqueIPaddressinadditiontotheMACaddressitalready possesses.Systemsusethevariousaddressesfordifferenttypesofcommunications.(See Chapter3formoreinformationonMACaddressingandChapter13formoreinformation onIPaddressing.) Repeaters,Bridges,Switches,andRouters LANswereoriginallydesignedtosupportonlyarelativelysmallnumberofcomputers— 30forthinEthernetnetworksand100forthickEthernet—buttheneedsofbusinesses quicklyoutgrewtheselimitations.Tosupportlargerinstallations,engineersdeveloped productsthatenabledadministratorstoconnecttwoormoreLANsintowhatisknownas aninternetwork,whichisessentiallyanetworkofnetworksthatenablesthecomputerson onenetworktocommunicatewiththoseonanother.Don’tconfusethegenericterm internetworkwiththeInternet.TheInternetisanexampleofanextremelylarge internetwork,butanyinstallationthatconsistsoftwoormoreLANsconnectedisalsoan internetwork.Thisterminologyisconfusingbecauseitissooftenmisused.Sometimes whatusersmeanwhentheyrefertoanetworkisactuallyaninternetwork,andatother times,whatmayseemtobeaninternetworkisactuallyasingleLAN.Strictlyspeaking,a LANoranetworksegmentisagroupofcomputersthatshareanetworkcablesothata broadcastmessagetransmittedbyonesystemreachesalloftheothersystems,evenifthat segmentisactuallycomposedofmanypiecesofcable.Forexample,onatypical10BaseTEthernetLAN,allofthecomputersareconnectedtoahubusingindividuallengthsof cable.Regardlessofthatfact,thisarrangementisstillanexampleofanetworksegmentor LAN.IndividualLANscanbeconnectedusingseveraldifferenttypesofdevices,someof whichsimplyextendtheLANwhileanothercreatesaninternetwork.Thesedevicesareas follows: •RepeatersArepeaterisapurelyelectricaldevicethatextendsthemaximum distanceaLANcablecanspanbyamplifyingthesignalspassingthroughit.The hubsusedonstarnetworksaresometimescalledmultiportrepeatersbecausethey havesignalamplificationcapabilitiesintegratedintotheunit.Stand-alone repeatersarealsoavailableforuseoncoaxialnetworkstoextendthemover longerdistances.Usingarepeatertoexpandanetworksegmentdoesnotdivideit intotwoLANsorcreateaninternetwork. •BridgesAbridgeprovidestheamplificationfunctionofarepeater,along withtheabilitytoselectivelyfilterpacketsbasedontheiraddresses.Packetsthat originateononesideofthebridgearepropagatedtotheothersideonlyiftheyare addressedtoasystemthatexiststhere.Becausebridgesdonotpreventbroadcast messagesfrombeingpropagatedacrosstheconnectedcablesegments,they,too, donotcreatemultipleLANsortransformanetworkintoaninternetwork. •SwitchesSwitchesarerevolutionarydevicesthatinmanycaseseliminate thesharednetworkmediumentirely.Aswitchisessentiallyamultiportrepeater, likeahub,exceptthatinsteadofoperatingatapurelyelectricallevel,theswitch readsthedestinationaddressineachincomingpacketandtransmitsitoutonly throughtheporttowhichthedestinationsystemisconnected. •RoutersArouterisadevicethatconnectstwoLANstoforman internetwork.Likeabridge,arouterforwardsonlythetrafficthatisdestinedfor theconnectedsegment,butunlikerepeatersandbridges,routersdonotforward broadcastmessages.Routerscanalsoconnectdifferenttypesofnetworks(suchas EthernetandTokenRing),whereasbridgesandrepeaterscanconnectonly segmentsofthesametype. WideAreaNetworks Internetworkingenablesanorganizationtobuildanetworkinfrastructureofalmost unlimitedsize.InadditiontoconnectingmultipleLANsinthesamebuildingorcampus, aninternetworkcanconnectLANsatdistantlocationsthroughtheuseofwidearea networklinks.AWANisacollectionofLANs,someorallofwhichareconnectedusing point-to-pointlinksthatspanrelativelylongdistances.AtypicalWANconnectionconsists oftworouters,oneateachLANsite,connectedusingalong-distancelinksuchasaleased telephoneline.AnycomputerononeoftheLANscancommunicatewiththeotherLAN bydirectingitstraffictothelocalrouter,whichrelaysitovertheWANlinktotheother site. WANlinksdifferfromLANsinthattheydonotuseasharednetworkmediumand theycanspanmuchlongerdistances.Becausethelinkconnectsonlytwosystems,thereis noneedformediaaccesscontrolorasharednetworkmedium.Anorganizationwith officeslocatedthroughouttheworldcanbuildaninternetworkthatprovidesuserswith instantaneousaccesstonetworkresourcesatanylocation.TheWANlinksthemselvescan usetechnologiesrangingfromtelephonelinestopublicdatanetworkstosatellitesystems. UnlikeaLAN,whichisnearlyalwaysprivatelyownedandoperated,anoutsideservice provider(suchasatelephonecompany)isnearlyalwaysinvolvedinaWANconnection becauseprivateorganizationsdon’tusuallyownthetechnologiesneededtocarrysignals oversuchlongdistances.Generallyspeaking,WANconnectionscanbeslowerandmore expensivethanLANs,andsometimesmuchmoreso.Asaresult,oneofthegoalsofthe networkadministratoristomaximizetheefficiencyofWANtrafficbyeliminating unnecessarycommunicationsandchoosingthebesttypeoflinkfortheapplication.See Chapter7formoreinformationonWANtechnologies. TherearealsowirelessLAN/WANnetworksandmetropolitanareanetworks(MANs). AMANhasthreefeaturesthatdifferentiateitfrombothaLANandaWAN: •AMAN’ssizeisusuallybetweenthatofaLANandaWAN.Typically,it coversbetween3and30miles(5to50km).AMANcanencompassseveral buildings,acompanycampus,orasmalltown. •AswithWANs,MANsarenormallyownedbyagrouporanetwork provider. •MANsareoftenusedasawaytoprovidesharedaccesstooneormore WANs. ProtocolsandStandards Communicationsbetweencomputersonanetworkaredefinedbyprotocols,standardized methodsthatthesoftwareprogramsonthecomputershaveincommon.Theseprotocols defineeverypartofthecommunicationsprocess,fromthesignalstransmittedover networkcablestothequerylanguagesthatenableapplicationsondifferentmachinesto exchangemessages.Networkedcomputersrunaseriesofprotocols,calledaprotocol stack,thatspansfromtheapplicationuserinterfaceatthetoptothephysicalnetwork interfaceatthebottom.Thestackistraditionallysplitintosevenlayers.TheOpen SystemsInterconnection(OSI)referencemodeldefinesthefunctionsofeachlayerand howthelayersworktogethertoprovidenetworkcommunications.Chapter2coversthe OSIreferencemodelindetail. Earlynetworkingproductstendedtobeproprietarysolutionscreatedbyasingle manufacturer,butastimepassed,interoperabilitybecameagreaterpriority,and organizationswereformedtodevelopandratifynetworkingprotocolstandards.Mostof thesebodiesareresponsibleforlargenumbersoftechnicalandmanufacturingstandardsin manydifferentdisciplines.Today,mostoftheprotocolsincommonusearestandardized bythesebodies,someofwhichareasfollows: •InstituteofElectricalandElectronicEngineers(IEEE)AU.S.-based societyresponsibleforthepublicationoftheIEEE802workinggroup,which includesthestandardsthatdefinetheprotocolscommonlyknownasEthernetand TokenRing,aswellasmanyothers. •InternationalOrganizationforStandardization(ISO)Aworldwide federationofstandardsbodiesfrommorethan100countries,responsibleforthe publicationoftheOSIreferencemodeldocument. •InternetEngineeringTaskForce(IETF)Anadhocgroupofcontributors andconsultantswhocollaboratetodevelopandpublishstandardsforInternet technologies,includingtheTCP/IPprotocols. ClientsandServers Localareanetworkingisbasedontheclient-serverprinciple,inwhichtheprocesses neededtoaccomplishaparticulartaskaredividedbetweencomputersfunctioningas clientsandservers.Thisisindirectcontrasttothemainframemodel,inwhichthecentral computerdidalloftheprocessingandsimplytransmittedtheresultstoauserataremote terminal.Aserverisacomputerrunningaprocessthatprovidesaservicetoother computerswhentheyrequestit.Aclientisthecomputerrunningaprogramthatrequests theservicefromaserver. Forexample,aLAN-baseddatabaseapplicationstoresitsdataonaserver,which standsby,waitingforclientstorequestinformationfromit.Usersatworkstation computersrunadatabaseclientprograminwhichtheygeneratequeriesthatrequest specificinformationinthedatabaseandtransmitthosequeriestotheserver.Theserver respondstothequerieswiththerequestedinformationandtransmitsittotheworkstations, whichformatitfordisplaytotheusers.Inthiscase,theworkstationsareresponsiblefor providingauserinterfaceandtranslatingtheuserinputintoaquerylanguageunderstood bytheserver.Theyarealsoresponsiblefortakingtherawdatafromtheserverand displayingitinacomprehensibleformtotheuser.Theservermayhavetoservicedozens orhundredsofclients,soitisstillapowerfulcomputer.Byoffloadingsomeofthe application’sfunctionstotheworkstations,however,itsprocessingburdenisnowhere nearwhatitwouldbeonamainframesystem. OperatingSystemsandApplications Clientsandserversareactuallysoftwarecomponents,althoughsomepeopleassociate themwithspecifichardwareelements.Thisconfusionisbecausesomenetworkoperating systemsrequirethatacomputerbededicatedtotheroleofserverandthatothercomputers functionsolelyasclients.Thisisaclient-serveroperatingsystem,asopposedtoapeer-topeeroperatingsystem,inwhicheverycomputercanfunctionasbothaclientandaserver. Themostbasicclient-serverfunctionalityprovidedbyanetworkoperatingsystem(NOS) istheabilitytosharefilesystemdrivesandprinters,andthisiswhatusuallydefinesthe clientandserverroles.Atitscore,aNOSmakesservicesavailabletoitsnetworkclients. Thesystemcanprovidethefollowing: •Printerservices,includingmanagingdevices,printjobs,whoisusingwhat asset,andwhatassetsarenotavailabletothenetwork •Managinguseraccesstofilesandotherresources,suchastheInternet •Systemmonitoring,includingprovidingnetworksecurity •Makingnetworkadministrationutilitiesavailabletonetworkadministrators Apartfromtheinternalfunctionsofnetworkoperatingsystems,manyLAN applicationsandnetworkservicesalsooperateusingtheclient-serverparadigm.Internet applications,suchastheWorldWideWeb,consistofserversandclients,asdo administrativeservicessuchastheDomainNameSystem(DNS). Mostoftoday’sdesktopoperatingsystemsarecapableofprovidingsomeofthe servicestraditionallyascribedtoNOSssincemanysmall-office/home-office(SOHO) LANimplementationstakeadvantageofthefact.Understandingthismayhelpclarifythe distinctionbetweenLANsthataretrulyclient-server,relyingonnetworkoperating systems,andthosenetworkconfigurationsthatleveragepowerfulcomputerswithtoday’s operatingsystems.Theseoperatingsystemsarenotlimitedtocomputers,butcaninclude cellphones,tablets,andotherproductsthatarenotconsideredtobe“computers.” CHAPTER 2 TheOSIReferenceModel Networkcommunicationstakeplaceonmanylevelsandcanbedifficulttounderstand, evenfortheknowledgeablenetworkadministrator.TheOpenSystemsInterconnection (OSI)referencemodelisatheoreticalconstructionthatseparatesnetworkcommunications intosevendistinctlayers,asshowninFigure2-1.Eachcomputeronthenetworkusesa seriesofprotocolstoperformthefunctionsassignedtoeachlayer.Thelayerscollectively formwhatisknownastheprotocolstackornetworkingstack.Atthetopofthestackis theapplicationthatmakesarequestforaresourcelocatedelsewhereonthenetwork,and atthebottomisthephysicalmediumthatactuallyconnectsthecomputersandformsthe network,suchasacable. Figure2-1TheOSIreferencemodelwithitssevenlayers TheOSIreferencemodelwasdevelopedintwoseparateprojectsbytheInternational OrganizationforStandardization(ISO)andtheComitéConsultatifInternational TéléphoniqueetTélégraphique(ConsultativeCommitteeforInternationalTelephoneand Telegraphy,orCCITT),whichisnowknownastheTelecommunicationsStandardization SectoroftheInternationalTelecommunicationsUnion(ITU-T).Eachofthesetwobodies developeditsownseven-layermodel,butthetwoprojectswerecombinedin1983, resultinginadocumentcalled“TheBasicReferenceModelforOpenSystems Interconnection”thatwaspublishedbytheISOasISO7498andbytheITU-TasX.200. TheOSIstackwasoriginallyconceivedasthemodelforthecreationofaprotocol suitethatwouldconformexactlytothesevenlayers.Thissuitenevermaterializedina commercialform,however,andthemodelhassincebeenusedasateaching,reference, andcommunicationstool.Networkingprofessionals,educators,andauthorsfrequently refertoprotocols,devices,orapplicationsasoperatingataparticularlayeroftheOSI modelbecauseusingthismodelbreaksacomplexprocessintomanageableunitsthat provideacommonframeofreference.Manyofthechaptersinthisbookusethelayersof themodeltohelpdefinenetworkingconcepts.However,itisimportanttounderstandthat noneoftheprotocolstacksincommonusetodayconformsexactlytothelayersoftheOSI model.Inmanycases,protocolshavefunctionsthatoverlaptwoormorelayers,suchas Ethernet,whichisconsideredadatalinklayerprotocolbutwhichalsodefineselementsof thephysicallayer. TheprimaryreasonwhyrealprotocolstacksdifferfromtheOSImodelisthatmany oftheprotocolsusedtoday(includingEthernet)wereconceivedbeforetheOSImodel documentswerepublished.Infact,theTCP/IPprotocolshavetheirownlayeredmodel, whichissimilartotheOSImodelinseveralwaysbutusesonlyfourlayers(seeFigure22).Inaddition,developersareusuallymoreconcernedwithpracticalfunctionalitythan withconformingtoapreexistingmodel.Theseven-layermodelwasdesignedtoseparate thefunctionsoftheprotocolstackinsuchawayastomakeitpossibleforseparate developmentteamstoworkontheindividuallayers,thusstreamliningthedevelopment process.However,ifasingleprotocolcaneasilyprovidethefunctionsthataredefinedas belonginginseparatelayersofthemodel,whydivideitintotwoseparateprotocolsjust forthesakeofconformity? Figure2-2TheOSIreferencemodelandtheTCP/IPprotocolstack CommunicationsBetweentheLayers Networkingistheprocessofsendingmessagesfromoneplacetoanother,andthe protocolstackillustratedintheOSImodeldefinesthebasiccomponentsneededto transmitmessagestotheirdestinations.Thecommunicationprocessiscomplexbecause theapplicationsthatgeneratethemessageshavevaryingrequirements.Somemessage exchangesconsistofbriefrequestsandrepliesthathavetobeexchangedasquicklyas possibleandwithaminimumamountofoverhead.Othernetworktransactions,suchas programfiletransfers,involvethetransmissionoflargeramountsofdatathatmustreach thedestinationinperfectcondition,withoutalterationofasinglebit.Stillother transmissions,suchasstreamingaudioorvideo,consistofhugeamountsofdatathatcan survivethelossofanoccasionalbit,byte,orpacket,butthatmustreachthedestinationin atimelymanner. Thenetworkingprocessalsoincludesanumberofconversionsthatultimatelytakethe applicationprogramminginterface(API)callsgeneratedbyapplicationsandtransform themintoelectricalcharges,pulsesoflight,orothertypesofsignalsthatcanbe transmittedacrossthenetworkmedium.Finally,thenetworkingprotocolsmustseetoit thatthetransmissionsreachtheappropriatedestinationsinatimelymanner.Justasyou packagealetterbyplacingitinanenvelopeandwritinganaddressonit,thenetworking protocolspackagethedatageneratedbyanapplicationandaddressittoanothercomputer onthenetwork. DataEncapsulation Tosatisfyalloftherequirementsjustdescribed,theprotocolsoperatingatthevarious layersworktogethertosupplyaunifiedqualityofservice.Eachlayerprovidesaservice tothelayersdirectlyaboveandbelowit.Outgoingtraffictravelsdownthroughthestack tothenetworkphysicalmedium,acquiringthecontrolinformationneededtomakethetrip tothedestinationsystemasitgoes.Thiscontrolinformationtakestheformofheaders (andinonecaseafooter)thatsurroundthedatareceivedfromthelayerabove,ina processcalleddataencapsulation.Theheadersandfooterarecomposedofindividual fieldsthatcontaincontrolinformation(necessary/requiredbythesystemtodeliver)used togetthepackettoitsdestination.Inasense,theheadersandfooterformtheenvelope thatcarriesthemessagereceivedfromthelayerabove. Inatypicaltransaction,showninFigure2-3,anapplicationlayerprotocol(whichalso includespresentationandsessionlayerfunctions)generatesamessagethatispasseddown toatransportlayerprotocol.Theprotocolatthetransportlayerhasitsownpacket structure,calledaprotocoldataunit(PDU),whichincludesspecializedheaderfieldsanda datafieldthatcarriesthepayload.Inthiscase,thepayloadisthedatareceivedfromthe applicationlayerprotocol.BypackagingthedatainitsownPDU,thetransportlayer encapsulatestheapplicationlayerdataandthenpassesitdowntothenextlayer. Figure2-3Theapplicationlayerdataisencapsulatedfortransmissionbytheprotocolsatthelowerlayersinthestack. ThenetworklayerprotocolthenreceivesthePDUfromthetransportlayerand encapsulatesitwithinitsownPDUbyaddingaheaderandusingtheentiretransportlayer PDU(includingtheapplicationlayerdata)asitspayload.Thesameprocessoccursagain whenthenetworklayerpassesitsPDUtothedatalinklayerprotocol,whichaddsaheader andfooter.Toadatalinklayerprotocol,thedatawithintheframeistreatedaspayload only,justaspostalemployeeshavenoideawhatisinsidetheenvelopestheyprocess.The onlysystemthatreadstheinformationinthepayloadisthecomputerpossessingthe destinationaddress.Thatcomputertheneitherpassesthenetworklayerprotocoldata containedinthepayloadupthroughitsprotocolstackorusesthatdatatodeterminewhat thenextdestinationofthepacketshouldbe.Inthesameway,theprotocolsoperatingat theotherlayersareconsciousoftheirownheaderinformationbutareunawareofwhat dataisbeingcarriedinthepayload. Onceitisencapsulatedbythedatalinklayerprotocol,thecompletedpacket(now calledaframe)isthenreadytobeconvertedtotheappropriatetypeofsignalusedbythe networkmedium.Thus,thefinalpacket,astransmittedoverthenetwork,consistsofthe originalapplicationlayerdataplusseveralheadersappliedbytheprotocolsatthe succeedinglayers,asshowninFigure2-4. Figure2-4Anencapsulatedframe,readyfortransmission NOTEEachlayermusttranslatedataintoitsspecificformatbeforesendingit on.Therefore,eachlayercreatesitsownPDUtotransmittothenext layer.Aseachlayerreceivesdata,thePDUofthepreviouslayerisread, andanewPDUiscreatedusingthatlayer’sprotocol.Remember,aPDU isacompletemessage(orpacket)thatincludestheprotocolofthe sendinglayer.Atthephysicallayer,youendupwithamessagethat consistsofallthedatathathasbeenencapsulatedwiththeheadersand/or footersfromeachofthepreviouslayers. HorizontalCommunications Fortwocomputerstocommunicateoveranetwork,theprotocolsusedateachlayerofthe OSImodelinthetransmittingsystemmustbeduplicatedatthereceivingsystem.When thepacketarrivesatitsdestination,theprocessbywhichtheheadersareappliedatthe sourceisrepeatedinreverse.Thepackettravelsupthroughtheprotocolstack,andeach successiveheaderisstrippedoffbytheappropriateprotocolandprocessed.Inessence,the protocolsoperatingatthevariouslayerscommunicatehorizontallywiththeircounterparts intheothersystem,asshowninFigure2-5. Figure2-5Eachlayerhaslogicalconnectionswithitscounterpartinothersystems. Thehorizontalconnectionsbetweenthevariouslayersarelogical;thereisnodirect communicationbetweenthem.Theinformationincludedineachprotocolheaderbythe transmittingsystemisamessagethatiscarriedtothesameprotocolinthedestination system. VerticalCommunications Theheadersappliedbythevariousprotocolsimplementthespecificfunctionscarriedout bythoseprotocols.Inadditiontocommunicatinghorizontallywiththesameprotocolin theothersystem,theheaderinformationenableseachlayertocommunicatewiththe layersaboveandbelowit,asshowninFigure2-6.Forexample,whenasystemreceivesa packetandpassesitupthroughtheprotocolstack,thedatalinklayerprotocolheader includesafieldthatidentifieswhichnetworklayerprotocolthesystemshoulduseto processthepacket.Thenetworklayerprotocolheaderinturnspecifiesoneofthetransport layerprotocols,andthetransportlayerprotocolidentifiestheapplicationforwhichthe dataisultimatelydestined.Thisverticalcommunicationmakesitpossibleforacomputer tosupportmultipleprotocolsateachofthelayerssimultaneously.Aslongasapackethas thecorrectinformationinitsheaders,itcanberoutedontheappropriatepaththroughthe stacktotheintendeddestination. Figure2-6EachlayerintheOSImodelcommunicateswiththelayeraboveandbelowit. EncapsulationTerminology Oneofthemostconfusingaspectsofthedataencapsulationprocessistheterminology usedtodescribethePDUsgeneratedbyeachlayer.Thetermpacketspecificallyrefersto thecompleteunittransmittedoverthenetworkmedium,althoughitalsohasbecomea generictermforthedataunitatanystageintheprocess.Mostdatalinklayerprotocolsare saidtoworkwithframesbecausetheyincludebothaheaderandafooterthatsurroundthe datafromthenetworklayerprotocol.ThetermframereferstoaPDUofvariablesize, dependingontheamountofdataenclosed.AdatalinklayerprotocolthatusesPDUsofa uniformsize,suchasAsynchronousTransferMode(ATM),issaidtodealincells. Whentransportlayerdataisencapsulatedbyanetworklayerprotocol,suchasthe InternetProtocol(IP)orInternetworkPacketExchange(IPX),theresultingPDUiscalled adatagram.Duringthecourseofitstransmission,adatagrammightbesplitinto fragments,eachofwhichissometimesincorrectlycalledadatagram.Theterminologyat thetransportlayerismoreprotocol-specificthanatthelowerlayers.TCP/IP,forexample, hastwotransportlayerprotocols.Thefirst,calledtheUserDatagramProtocol(UDP), alsoreferstothePDUsitcreatesasdatagrams,althoughthesearenotsynonymouswith thedatagramsproducedatthenetworklayer. WhentheUDPprotocolatthetransportlayerisencapsulatedbytheIPprotocolatthe networklayer,theresultisadatagrampackagedwithinanotherdatagram.Thedifference betweenUDPandtheTransmissionControlProtocol(TCP),whichalsooperatesatthe transportlayer,isthatUDPdatagramsareself-containedunitsthatweredesignedto containtheentiretyofthedatageneratedbytheapplicationlayerprotocol.Therefore, UDPistraditionallyusedtotransmitsmallamountsofdata,whileTCP,ontheotherhand, isusedtotransmitlargeramountsofapplicationlayerdatathatusuallydonotfitintoa singlepacket.Asaresult,eachofthePDUsproducedbytheTCPprotocoliscalleda segment,andthecollectionofsegmentsthatcarrytheentiretyoftheapplicationlayer protocoldataiscalledasequence.ThePDUproducedbyanapplicationlayerprotocolis typicallycalledamessage.Thesessionandpresentationlayersareusuallynotassociated withindividualprotocols.Theirfunctionsareincorporatedintootherelementsofthe protocolstack,andtheydonothavetheirownheadersorPDUs.Allofthesetermsare frequentlyconfused,anditisnotsurprisingtoseeevenauthoritativedocumentsusethem incorrectly. NOTEWhileTCPisoftenusedtotransmitdatapacketstoday,thereare instanceswhereUDPissuitable.Forexample,UDPisusedwhennewer datawillreplacepreviousdata,suchasinvideostreamingorgaming.As anotherexampleoftheneedfornewerdata,considerweatherinformation thatmustbeupdatedquicklyduringinclementweather.Also,sinceTCP isaconnection-oriented,streamingprotocol,UDPisthepreferredwayto multicast(senddataacrossanetworktoseveralusersatthesametime). ThefollowingsectionsexamineeachofthesevenlayersoftheOSIreferencemodel inturn,thefunctionsthatareassociatedwitheach,andtheprotocolsthataremost commonlyusedatthoselayers.Asyouproceedthroughthisbook,youwilllearnmore abouteachoftheindividualprotocolsandtheirrelationshipstotheotherelementsofthe protocolstack. ThePhysicalLayer ThephysicallayeroftheOSImodeldefinestheactualmediumthatcarriesdatafromone computertoanother.Thetwomostcommontypesofphysicallayerusedindata networkingarecopper-basedelectricalcableandfiber-opticcable.Anumberofwireless physicallayerimplementationsuseradiowaves,infraredorlaserlight,microwaves,and othertechnologies.Thephysicallayerincludesthetypeoftechnologyusedtocarrythe data,thetypeofequipmentusedtoimplementthattechnology,thespecificationsofhow theequipmentshouldbeinstalled,andthenatureofthesignalsusedtoencodethedatafor transmission. Forexample,formanyyears,themostpopularphysicallayerstandardsusedforlocal areanetworkingwas10Base-TEthernet.Ethernetisprimarilythoughtofasadatalink layerprotocol.However,aswithmostprotocolsfunctioningatthedatalinklayer,Ethernet includesspecificphysicallayerimplementations,andthestandardsfortheprotocoldefine theelementsofthephysicallayeraswell.10Base-Treferredtothetypeofcableusedto formaparticulartypeofEthernetnetwork.TheEthernetstandarddefined10Base-Tasan unshieldedtwisted-paircable(UTP)containingfourpairsofcopperwiresenclosedina singlesheath.Today,Ethernetisfoundatmuchfasterspeedssuchas100Base-Trunning at100megabitspersecond,or1000Base-T,whichrunsat1gigabitpersecond. NOTEThephysicallayerusesthebinarydatasuppliedbythedatalinklayer protocoltoencodethedataintopulsesoflight,electricalvoltages,or otherimpulsessuitablefortransmissionoverthenetworkmedium. However,theconstructionofthecableitselfisnottheonlyphysicallayerelement involved.ThestandardsusedtobuildanEthernetnetworkalsodefinehowtoinstallthe cable,includingmaximumsegmentlengthsanddistancesfrompowersources.The standardsspecifywhatkindofconnectorsyouusetojointhecable,thetypeofnetwork interfacecard(NIC)toinstallinthecomputer,andthetypeofhubyouusetojointhe computersintoanetworktopology.Finally,thestandardspecifieshowtheNICshould encodethedatageneratedbythecomputerintoelectricalimpulsesthatcanbetransmitted overthecable. Thus,youcanseethatthephysicallayerencompassesmuchmorethanatypeof cable.However,yougenerallydon’thavetoknowthedetailsabouteveryelementofthe physicallayerstandard.WhenyoubuyEthernetNICs,cables,andhubs,theyarealready constructedtotheEthernetspecificationsanddesignedtousethepropersignalingscheme. Installingtheequipment,however,canbemorecomplicated. PhysicalLayerSpecifications WhileitisrelativelyeasytolearnenoughaboutaLANtechnologytopurchasethe appropriateequipment,installingthecable(orothermedium)ismuchmoredifficult becauseyoumustbeawareofallthespecificationsthataffecttheprocess.Forexample, theEthernetstandardspublishedbytheIEEE802.3workinggroupspecifythebasic wiringconfigurationguidelinesthatpertaintotheprotocol’smediaaccesscontrol(MAC) andcollisiondetectionmechanisms.Theserulesspecifyelementssuchasthemaximum lengthofacablesegment,thedistancebetweenworkstations,andthenumberofrepeaters permittedonanetwork.TheseguidelinesarecommonknowledgetoEthernetnetwork administrators,buttheserulesalonearenotsufficienttoperformalargecableinstallation. Inaddition,therearelocalbuildingcodestoconsider,whichmighthaveagreateffectona cableinstallation.Forthesereasons,largephysicallayerinstallationsshould,inmost cases,beperformedbyprofessionalswhoarefamiliarwithallofthestandardsthatapply totheparticulartechnologyinvolved.SeeChapter4formoreinformationonnetwork cablingandcableinstallation. NOTEThelatestrevisiontotheIEEE802.3“StandardforEthernet”was publishedinSeptember2012.Itwasamendedto“addressnewmarkets, bandwidthspeeds,andmediatypes”accordingtotheIEEEwebsiteat http://standards.ieee.org. NOTECollisiondetectioniswhenonedevice(ornode)onanetwork determinesthatdatahas“collided.”Thisissimilartotwopeoplecoming througharevolvingdooratthesametime,butinthatcase,oneperson canseetheotherpersonandstops.Ifonenodehearsadistortedversion ofitsowntransmission,thatnodeunderstandsthatacollisionhas occurredand,justlikethepersonwhostopstoallowtheothertogo throughtherevolvingdoor,thatnodewillstopthetransmissionandwait forsilenceonthenetworktosenditsdata. PhysicalLayerSignaling Theprimaryoperativecomponentofaphysicallayerinstallationisthetransceiverfound inNICs,repeatinghubs,andotherdevices.Thetransceiver,asthenameimplies,is responsiblefortransmittingandreceivingsignalsoverthenetworkmedium.Onnetworks usingcoppercable,thetransceiverisanelectricaldevicethattakesthebinarydatait receivesfromthedatalinklayerprotocolandconvertsitintosignalsofvariousvoltages. Unlikealloftheotherlayersintheprotocolstack,thephysicallayerisnotconcernedin anywaywiththemeaningofthedatabeingtransmitted.Thetransceiversimplyconverts zerosandonesintovoltages,pulsesoflight,radiowaves,orsomeothertypeofsignal,but itiscompletelyoblivioustopackets,frames,addresses,andeventhesystemreceivingthe signal. Thesignalsgeneratedbyatransceivercanbeeitheranalogordigital.Mostdata networksusedigitalsignals,butsomeofthewirelesstechnologiesuseanalogradio transmissionstocarrydata.Analogsignalstransitionbetweentwovaluesgradually, formingthesinewavepatternshowninFigure2-7,whiledigitalvaluetransitionsare immediateandabsolute.Thevaluesofananalogsignalcanbedeterminedbyvariationsin amplitude,frequency,phase,oracombinationoftheseelements,asinamplitude modulated(AM)orfrequencymodulated(FM)radiosignalsorinanalogphaselooplock (PLL)circuits. Figure2-7Analogsignalsformwavepatterns. Theuseofdigitalsignalsismuchmorecommonindatanetworking,however.Allof thestandardcopperandfiber-opticmediausevariousformsofdigitalsignaling.The signalingschemeisdeterminedbythedatalinklayerprotocolbeingused.AllEthernet networks,forexample,usetheManchesterencodingscheme,whethertheyarerunning overtwisted-pair,coaxial,orfiber-opticcable.Digitalsignalstransitionbetweenvalues almostinstantaneously,producingthesquarewaveshowninFigure2-8.Dependingonthe networkmedium,thevaluescanrepresentelectricalvoltages,thepresenceorabsenceofa beamoflight,oranyotherappropriateattributeofthemedium.Inmostcases,thesignalis producedwithtransitionsbetweenapositivevoltageandanegativevoltage,although someuseazerovalueaswell.Givenastablevoltagewithincircuitspecifications,the transitionscreatethesignal. Figure2-8Polarencoding NOTEDigitalsignalsaresusceptibletovoltagedegradation;adigitalcircuit designedfora5-voltapplicationwillmostlikelybehaveerroneouslyif voltageattenuationresultsinsignalsof3volts,meaningthecircuitwill nownotbeabletodistinguishwhethertherewasatransitioneventsince thesignalisbelowthedesignthreshold. Figure2-8illustratesasimplesignalingschemecalledpolarsignaling.Inthisscheme, thesignalisbrokenupintounitsoftimecalledcells,andthevoltageofeachcelldenotes itsbinaryvalue.Apositivevoltageisazero,andanegativevoltageisaone.This signalingcodewouldseemtobeasimpleandlogicalmethodfortransmittingbinary information,butithasonecrucialflaw,andthatistiming.Whenthebinarycodeconsists oftwoormoreconsecutivezerosorones,thereisnovoltagetransitionforthedurationof twoormorecells.Unlessthetwocommunicatingsystemshaveclocksthatareprecisely synchronized,itisimpossibletotellforcertainwhetheravoltagethatremainscontinuous foraperiodoftimerepresentstwo,three,ormorecellswiththesamevalue.Remember thatthesecommunicationsoccuratincrediblyhighratesofspeed,sothetimingintervals involvedareextremelysmall. Somesystemscanusethistypeofsignalbecausetheyhaveanexternaltimingsignal thatkeepsthecommunicatingsystemssynchronized.However,manydatanetworksrun overabasebandmediumthatpermitsthetransmissionofonlyonesignalatatime.Asa result,thesenetworksuseadifferenttypeofsignalingscheme,onethatisself-timing.In otherwords,thedatasignalitselfcontainsatimingsignalthatenablesthereceiving systemtocorrectlyinterpretthevaluesandconvertthemintobinarydata. TheManchesterencodingschemeusedonEthernetnetworksisaself-timingsignalby virtueofthefactthateverycellhasavaluetransitionatitsmidpoint.Thisdelineatesthe boundariesofthecellstothereceivingsystem.Thebinaryvaluesarespecifiedbythe directionofthevaluetransition;apositive-to-negativetransitionindicatesavalueofzero, andanegative-to-positivetransitionindicatesavalueofone(seeFigure2-9).Thevalue transitionsatthebeginningsofthecellshavenofunctionotherthantosetthevoltageto theappropriatevalueforthemidcelltransition. Figure2-9TheManchesterencodingscheme TokenRingnetworksuseadifferentencodingschemecalledDifferentialManchester, whichalsohasavaluetransitionatthemidpointofeachcell.However,inthisscheme,the directionofthetransitionisirrelevant;itexistsonlytoprovideatimingsignal.Thevalue ofeachcellisdeterminedbythepresenceorabsenceofatransitionatthebeginningofthe cell.Ifthetransitionexists,thevalueofthecelliszero;ifthereisnotransition,thevalue ofthecellisone(seeFigure2-10).Aswiththemidpointtransition,thedirectionofthe transitionisirrelevant. Figure2-10TheDifferentialManchesterencodingscheme TheDataLinkLayer Thedatalinklayerprotocolprovidestheinterfacebetweenthephysicalnetworkandthe protocolstackonthecomputer.Adatalinklayerprotocoltypicallyconsistsofthree elements: •Theformatfortheframethatencapsulatesthenetworklayerprotocoldata •Themechanismthatregulatesaccesstothesharednetworkmedium •Theguidelinesusedtoconstructthenetwork’sphysicallayer Theheaderandfooterappliedtothenetworklayerprotocoldatabythedatalinklayer protocolaretheoutermostonthepacketasitistransmittedacrossthenetwork.Thisframe is,inessence,theenvelopethatcarriesthepackettoitsnextdestinationand,therefore, providesthebasicaddressinginformationneededtogetitthere.Inaddition,datalink layerprotocolsusuallyincludeanerror-detectionfacilityandanindicatorthatspecifies thenetworklayerprotocolthatthereceivingsystemshouldusetoprocessthedata includedinthepacket. OnmostLANs,multiplesystemsaccessasinglesharedbasebandnetworkmedium. Thismeansthatonlyonecomputercantransmitdataatanyonetime.Iftwoormore systemstransmitsimultaneously,acollisionoccurs,andthedataislost.Thedatalink layerprotocolisresponsibleforcontrollingaccesstothesharedmediumandpreventing anexcessofcollisions. Whenspeakingofthedatalinklayer,thetermsprotocolandtopologyareoften confused,buttheyarenotsynonymous.Ethernetissometimescalledatopologywhenthe topologyactuallyreferstothewayinwhichthecomputersonthenetworkarecabled together.SomeformsofEthernetuseabustopology,inwhicheachofthecomputersis cabledtothenextoneinadaisy-chainfashion,whilethestartopology,inwhicheach computeriscabledtoacentralhub,ismoreprevalenttoday.Aringtopologyisabuswith theendsjoinedtogether,andameshtopologyisoneinwhicheachcomputerhasacable connectiontoeveryothercomputeronthenetwork.Theselasttwotypesaremainly theoretical;LANstodaydonotusethem.TokenRingnetworksusealogicalring,butthe computersareactuallycabledusingastartopology.Thisconfusionisunderstandable sincemostdatalinklayerprotocolsincludeelementsofthephysicallayerintheir specifications.Itisnecessaryforthedatalinklayerprotocoltobeintimatelyrelatedtothe physicallayerbecausemediaaccesscontrolmechanismsarehighlydependentonthesize oftheframesbeingtransmittedandthelengthsofthecablesegments. Addressing Thedatalinklayerprotocolheadercontainstheaddressofthecomputersendingthe packetandthecomputerthatistoreceiveit.Theaddressesusedatthislayerarethe hardware(orMAC)addressesthatinmostcasesarehard-codedintothenetworkinterface ofeachcomputerandrouterbythemanufacturer.OnEthernetandTokenRingnetworks, theaddressesare6byteslong,thefirst3bytesofwhichareassignedtothemanufacturer bytheInstituteofElectricalandElectronicEngineers(IEEE),andthesecond3bytesof whichareassignedbythemanufacturer.Someolderprotocolsusedaddressesassignedby thenetworkadministrator,butthefactory-assignedaddressesaremoreefficient,insofaras theyensurethatnoduplicationcanoccur. Thedatalinklayerprotocoldoesthefollowing: •Providespacketaddressingservices •Packagesthenetworklayerdatafortransmission •Arbitratesnetworkaccess •Checkstransmittedpacketsforerrors Datalinklayerprotocolsarenotconcernedwiththedeliveryofthepackettoits ultimatedestination,unlessthatdestinationisonthesameLANasthesource.Whena packetpassesthroughseveralnetworksonthewaytoitsdestination,thedatalinklayer protocolisresponsibleonlyforgettingthepackettotherouteronthelocalnetworkthat providesaccesstothenextnetworkonitsjourney.Thus,thedestinationaddressinadata linklayerprotocolheaderalwaysreferencesadeviceonthelocalnetwork,evenifthe ultimatedestinationofthemessageisacomputeronanetworkmilesaway. ThedatalinklayerprotocolsusedonLANsrelyonasharednetworkmedium.Every packetistransmittedtoallofthecomputersonthenetworksegment,andonlythesystem withtheaddressspecifiedasthedestinationreadsthepacketintoitsmemorybuffersand processesit.Theothersystemssimplydiscardthepacketwithouttakinganyfurther action. MediaAccessControl Mediaaccesscontrolistheprocessbywhichthedatalinklayerprotocolarbitratesaccess tothenetworkmedium.Inorderforthenetworktofunctionefficiently,eachofthe workstationssharingthecableorothermediummusthaveanopportunitytotransmitits dataonaregularbasis.Thisiswhythedatatobetransmittedissplitintopacketsinthe firstplace.Ifcomputerstransmittedalloftheirdatainacontinuousstream,theycould conceivablymonopolizethenetworkforextendedperiodsoftime. Twobasicformsofmediaaccesscontrolareusedonmostoftoday’sLANs.Thetoken passingmethod,usedbyTokenRingandFDDIsystems,usesaspecialframecalleda tokenthatispassedfromoneworkstationtoanother.Onlythesysteminpossessionofthe tokenisallowedtotransmititsdata.Aworkstation,onreceivingthetoken,transmitsits dataandthenreleasesthetokentothenextworkstation.Sincethereisonlyonetokenon thenetworkatanytime(assumingthatthenetworkisfunctioningproperly),itisn’t possiblefortwosystemstotransmitatthesametime. Theothermethod,usedonEthernetnetworks,iscalledCarrierSenseMultipleAccess withCollisionDetection(CSMA/CD).Inthismethod,whenaworkstationhasdatato send,itlistenstothenetworkcableandtransmitsifthenetworkisnotinuse.On CSMA/CDnetworks,itispossible(andevenexpected)forworkstationstotransmitatthe sametime,resultinginpacketcollisions.Tocompensateforthis,eachsystemhasa mechanismthatenablesittodetectcollisionswhentheyoccurandretransmitthedatathat waslost. BothoftheseMACmechanismsrelyonthephysicallayerspecificationsforthe networktofunctionproperly.Forexample,anEthernetsystemcandetectcollisionsonlyif theyoccurwhiletheworkstationisstilltransmittingapacket.Ifanetworksegmentistoo long,acollisionmayoccurafterthelastbitofdatahasleftthetransmittingsystemand thusmaygoundetected.Thedatainthatpacketisthenlost,anditsabsencecanbe detectedonlybytheupperlayerprotocolsinthesystemthataretheultimatedestinations ofthemessage.Thisprocesstakesarelativelylongtimeandsignificantlyreducesthe efficiencyofthenetwork.Thus,whiletheOSIreferencemodelmightcreateaneat divisionbetweenthephysicalanddatalinklayers,intherealworld,thefunctionalityof thetwoismorecloselyintertwined. ProtocolIndicator Mostdatalinklayerprotocolimplementationsaredesignedtosupporttheuseofmultiple networklayerprotocolsatthesametime.Thismeansthereareseveralpossiblepaths throughtheprotocolstackoneachcomputer.Tousemultipleprotocolsatthenetwork layer,thedatalinklayerprotocolheadermustincludeacodethatspecifiesthenetwork layerprotocolthatwasusedtogeneratethepayloadinthepacket.Thisrequirementisso thatthereceivingsystemcanpassthedataenclosedintheframeuptotheappropriate networklayerprocess. ErrorDetection Mostdatalinklayerprotocolsareunlikealloftheupperlayerprotocolsinthatthey includeafooterthatfollowsthepayloadfieldinadditiontotheheaderthatprecedesit. Thisfootercontainsaframechecksequence(FCS)fieldthatthereceivingsystemusesto detectanyerrorsthathaveoccurredduringthetransmission.Todothis,thesystem transmittingthepacketcomputesacyclicalredundancycheck(CRC)valueontheentire frameandincludesitintheFCSfield.Whenthepacketreachesitsnextdestination,the receivingsystemperformsthesamecomputationandcomparesitsresultswiththevalue intheFCSfield.Ifthevaluesdonotmatch,thepacketisassumedtohavebeendamaged intransitandissilentlydiscarded. Thereceivingsystemtakesnoactiontohavediscardedpacketsretransmitted;thisis leftuptotheprotocolsoperatingattheupperlayersoftheOSImodel.Thiserror-detection processoccursateachhopinthepacket’sjourneytoitsdestination.Someupper-layer protocolshavetheirownmechanismsforend-to-enderrordetection. TheNetworkLayer Thenetworklayerprotocolistheprimaryend-to-endcarrierformessagesgeneratedby theapplicationlayer.Thismeansthat,unlikethedatalinklayerprotocol,whichis concernedonlywithgettingthepackettoitsnextdestinationonthelocalnetwork,the networklayerprotocolisresponsibleforthepacket’sentirejourneyfromthesource systemtoitsultimatedestination.Anetworklayerprotocolacceptsdatafromthetransport layerandpackagesitintoadatagrambyaddingitsownheader.Likeadatalinklayer protocolheader,theheaderatthenetworklayercontainstheaddressofthedestination system,butthisaddressidentifiesthepacket’sfinaldestination.Thus,thedestination addressesinthedatalinklayerandnetworklayerprotocolheadersmayactuallyreferto twodifferentcomputers.Thenetworklayerprotocoldatagramisessentiallyanenvelope withinthedatalinklayerenvelope,andwhilethedatalinklayerenvelopeisopenedby everysystemthatprocessesthepacket,thenetworklayerenveloperemainssealeduntil thepacketreachesitsfinaldestination. Thenetworklayerprotocolprovides •End-to-endaddressing •Internetroutingservices •Packetfragmentationandreassembly •Errorchecking Routing Networklayerprotocolsusedifferenttypesofaddressingsystemstoidentifytheultimate destinationofapacket.Themostpopularnetworklayerprotocol,theInternetProtocol (IP),providesitsown32-bitaddressspacethatidentifiesboththenetworkonwhichthe destinationsystemresidesandthesystemitself. Anaddressbywhichindividualnetworkscanbeuniquelyidentifiedisvitaltothe performanceofthenetworklayerprotocol’sprimaryfunction,whichisrouting.Whena packettravelsthroughalargecorporateinternetworkortheInternet,itispassedfrom routertorouteruntilitreachesthenetworkonwhichthedestinationsystemislocated. Properlydesignednetworkshavemorethanonepossibleroutetoaparticulardestination, forfault-tolerancereasons,andtheInternethasmillionsofpossibleroutes.Eachrouteris responsiblefordeterminingthenextrouterthatthepacketshouldusetotakethemost efficientpathtoitsdestination.Becausedatalinklayerprotocolsarecompletelyignorant ofconditionsoutsideofthelocalnetwork,itisleftuptothenetworklayerprotocolto chooseanappropriateroutewithaneyeontheend-to-endjourneyofthepacket,notjust thenextinterimhop. Thenetworklayerdefinestwotypesofcomputersthatcanbeinvolvedinapacket transmission:endsystemsandintermediatesystems.Anendsystemiseitherthecomputer generatingandtransmittingthepacketorthecomputerthatistheultimaterecipientofthe packet.Anintermediatesystemisarouterorswitchthatconnectstwoormorenetworks andforwardspacketsonthewaytotheirdestinations.Onendsystems,allsevenlayersof theprotocolstackareinvolvedineitherthecreationorthereceptionofthepacket.On intermediatesystems,packetsarriveandtravelupthroughthestackonlyashighasthe networklayer.Thenetworklayerprotocolchoosesarouteforthepacketandsendsitback downtoadatalinklayerprotocolforpackagingandtransmissionatthephysicallayer. NOTEOnintermediatesystems,packetstravelnohigherthanthenetwork layer. Whenanintermediatesystemreceivesapacket,thedatalinklayerprotocolchecksit forerrorsandforthecorrecthardwareaddressandthenstripsoffthedatalinkheaderand footerandpassesituptothenetworklayerprotocolidentifiedbytheEthernet-typefield oritsequivalent.Atthispoint,thepacketconsistsofadatagram—thatis,anetworklayer protocolheaderandapayloadthatwasgeneratedbythetransportlayerprotocolonthe sourcesystem.Thenetworklayerprotocolthenreadsthedestinationaddressintheheader anddetermineswhatthepacket’snextdestinationshouldbe.Ifthedestinationisa workstationonalocalnetwork,theintermediatesystemtransmitsthepacketdirectlyto thatworkstation.Ifthedestinationisonadistantnetwork,theintermediatesystem consultsitsroutingtabletoselecttherouterthatprovidesthemostefficientpathtothat destination. Thecompilationandstorageofroutinginformationinareferencetableisaseparate networklayerprocessthatisperformedeithermanuallybyanadministratoror automaticallybyspecializednetworklayerprotocolsthatroutersusetoexchange informationaboutthenetworkstowhichtheyareconnected.Onceithasdeterminedthe nextdestinationforthepacket,thenetworklayerprotocolpassestheinformationdownto thedatalinklayerprotocolwiththedatagramsothatitcanbepackagedinanewframe andtransmitted.WhentheIPprotocolisrunningatthenetworklayer,anadditional processisrequiredinwhichtheIPaddressofthenextdestinationisconvertedintoa hardwareaddressthatthedatalinklayerprotocolcanuse. Fragmenting Becauserouterscanconnectnetworksthatusedifferentdatalinklayerprotocols,itis sometimesnecessaryforintermediatesystemstosplitdatagramsintofragmentsto transmitthem.If,forexample,aworkstationonaTokenRingnetworkgeneratesapacket containing4,500bytesofdata,anintermediatesystemthatjoinstheTokenRingnetwork toanEthernetnetworkmustsplitthedataintofragmentsbetween64and1,518bytes because1,518bytesisthelargestamountofdatathatanEthernetframecancarry. Dependingonthedatalinklayerprotocolsusedbythevariousintermediatenetworks, thefragmentsofadatagrammaybefragmentedthemselves.Datagramsorfragmentsthat arefragmentedbyintermediatesystemsarenotreassembleduntiltheyreachtheirfinal destinations. Connection-OrientedandConnectionlessProtocols Therearetwotypesofend-to-endprotocolsthatoperateatthenetworkandtransport layers:connection-orientedandconnectionless.Thetypeofprotocolusedhelpsto determinewhatotherfunctionsareperformedateachlayer.Aconnection-oriented protocolisoneinwhichalogicalconnectionbetweenthesourceandthedestination systemisestablishedbeforeanyupper-layerdataistransmitted.Oncetheconnectionis established,thesourcesystemtransmitsthedata,andthedestinationsystemacknowledges itsreceipt.Afailuretoreceivetheappropriateacknowledgmentsservesasasignaltothe senderthatpacketshavetoberetransmitted.Whenthedatatransmissioniscompleted successfully,thesystemsterminatetheconnection.Byusingthistypeofprotocol,the sendingsystemiscertainthatthedatahasarrivedatthedestinationsuccessfully.Thecost ofthisguaranteedserviceistheadditionalnetworktrafficgeneratedbytheconnection establishment,acknowledgment,andterminationmessages,aswellasasubstantially largerprotocolheaderoneachdatapacket. Aconnectionlessprotocolsimplypackagesdataandtransmitsittothedestination addresswithoutcheckingtoseewhetherthedestinationsystemisavailableandwithout expectingpacketacknowledgments.Inmostcases,connectionlessprotocolsareused whenaprotocolhigherupinthenetworkingstackprovidesconnection-orientedservices, suchasguaranteeddelivery.Theseadditionalservicescanalsoincludeflowcontrol(a mechanismforregulatingthespeedatwhichdataistransmittedoverthenetwork),error detection,anderrorcorrection. MostoftheLANprotocolsoperatingatthenetworklayer,suchasIPandIPX,are connectionless.Inbothcases,variousprotocolsareavailableatthetransportlayerto providebothconnectionlessandconnection-orientedservices.Ifyouarerunninga connection-orientedprotocolatonelayer,thereisusuallynoreasontouseoneatanother layer.Theobjectoftheprotocolstackistoprovideonlytheservicesthatanapplication needs,andnomore. TheTransportLayer Onceyoureachthetransportlayer,theprocessofgettingpacketsfromtheirsourcetotheir destinationisnolongeraconcern.Thetransportlayerprotocolsandallthelayersabove themrelycompletelyonthenetworkanddatalinklayersforaddressingandtransmission services.Asdiscussedearlier,packetsbeingprocessedbyintermediatesystemstravelonly ashighasthenetworklayer,sothetransport-layerprotocolsoperateononlythetwoend systems.ThetransportlayerPDUconsistsofaheaderandthedataithasreceivedfrom theapplicationlayerabove,whichisencapsulatedintoadatagrambythenetworklayer below. Thetransportlayerprovidesdifferentlevelsofservicedependingontheneedsofthe application: •Packetacknowledgment •Guaranteeddelivery •Flowcontrol •End-to-enderrorchecking Oneofthemainfunctionsofthetransportlayerprotocolistoidentifytheupper-layer processesthatgeneratedthemessageatthesourcesystemandthatwillreceivethe messageatthedestinationsystem.ThetransportlayerprotocolsintheTCP/IPsuite,for example,useportnumbersintheirheaderstoidentifyupper-layerservices. ProtocolServiceCombinations Datalinkandnetworklayerprotocolsoperatetogetherinterchangeably;youcanuse almostanydatalinklayerprotocolwithanynetworklayerprotocol.However,transport layerprotocolsarecloselyrelatedtoaparticularnetworklayerprotocolandcannotbe interchanged.Thecombinationofanetworklayerprotocolandatransportlayerprotocol providesacomplementarysetofservicessuitableforaspecificapplication.Asatthe networklayer,transportlayerprotocolscanbeconnectionoriented(CO)orconnectionless (CL).TheOSImodeldocumentdefinesfourpossiblecombinationsofCOandCL protocolsatthesetwolayers,dependingontheservicesrequired,asshowninFigure2-11. Theprocessofselectingacombinationofprotocolsforaparticulartaskiscalledmapping atransportlayerserviceontoanetworklayerservice. Figure2-11Anyconfigurationofconnection-orientedandconnectionlessprotocolscanbeused. Theselectionofaprotocolatthetransportlayerisbasedontheneedsofthe applicationgeneratingthemessageandtheservicesalreadyprovidedbytheprotocolsat thelowerlayers.TheOSIdocumentdefinesfivetheoreticalclassesoftransportlayer protocol,asshownhere: •TP0Thisclassdoesnotprovideanyadditionalfunctionalitybeyond fragmentingandreassemblyfunctions.Thisclassdeterminesthesizeofthe smallestPDUrequiredbyanyoftheunderlyingnetworksandsegmentsas needed. •TP1ThisclassperformsthefunctionsofTP0plusprovidingthecapability tocorrecterrorsthathavebeendetectedbytheprotocolsoperatingatthelower layers. •TP2Thisclassprovidesfragmentationandreassemblyfunctions, multiplexing,anddemultiplexingandincludescodesthatidentifytheprocessthat generatedthepacketandthatwillprocessitatthedestination,thusenablingthe trafficfrommultipleapplicationstobecarriedoverasinglenetworkmedium. •TP3Thisclassofferserrorrecovery,segmentation,reassembly, multiplexing,anddemultiplexing.ItcombinestheservicesprovidedbyTP1and TP2. •TP4Thisclassprovidescompleteconnection-orientedservice,including errordetectionandcorrection,flowcontrol,andotherservices.Itassumestheuse ofaconnectionlessprotocolatthelowerlayersthatprovidesnoneofthese services. Thisclassificationoftransportlayerservicesisanotherplacewherethetheoretical constructsoftheOSImodeldiffersubstantiallyfromreality.Noprotocolsuiteincommon usehasfivedifferenttransportlayerprotocolsconformingtotheseclasses.Mostofthe suites,likeTCP/IP,havetwoprotocolsthatbasicallyconformtotheTP0andTP4classes, providingconnectionlessandconnection-orientedservices,respectively. TransportLayerProtocolFunctions TheUDPprotocolisaconnectionlessservicethat,togetherwithIPatthenetworklayer, providesminimalservicesforbrieftransactionsthatdonotneedtheservicesofa connection-orientedprotocol.DomainNameSystem(DNS)transactions,forexample, generallyconsistofshortmessagesthatcanfitintoasinglepacket,sonoflowcontrolis needed.Atypicaltransactionconsistsofarequestandareply,withthereplyfunctioning asanacknowledgment,sonootherguaranteeddeliverymechanismisneeded.UDPdoes haveanoptionalerror-detectionmechanismintheformofachecksumcomputation performedonboththesourceanddestinationsystems.BecausetheUDPprotocolprovides aminimumofadditionalservices,itsheaderisonly8byteslong,providinglittle additionalcontroloverheadtothepacket. TCP,ontheotherhand,isaconnection-orientedprotocolthatprovidesafullrangeof servicesbutatthecostofmuchhigheroverhead.TheTCPheaderis20byteslong,andthe protocolalsogeneratesalargenumberofadditionalpacketssolelyforcontrolprocedures, suchasconnectionestablishment,termination,andpacketacknowledgment. SegmentationandReassembly Connection-orientedtransportlayerprotocolsaredesignedtocarrylargeamountsofdata, butthedatamustbesplitintosegmentstofitintoindividualpackets.Thesegmentationof thedataandthenumberingofthesegmentsarecriticalelementsinthetransmission processandalsomakefunctionssuchaserrorrecoverypossible.Theroutingprocess performedatthenetworklayerisdynamic;inthecourseofatransmission,itispossible forthesegmentstotakedifferentroutestothedestinationandarriveinadifferentorder fromthatinwhichtheyweresent.Itisthenumberingofthesegmentsthatmakesit possibleforthereceivingsystemtoreassemblethemintotheiroriginalorder.This numberingalsomakesitpossibleforthereceivingsystemtonotifythesenderthatspecific packetshavebeenlostorcorrupted.Asaresult,thesendercanretransmitonlythemissing segmentsandnothavetorepeattheentiretransmission. FlowControl Oneofthefunctionscommonlyprovidedbyconnection-orientedtransportlayerprotocols isflowcontrol,whichisamechanismbywhichthesystemreceivingthedatacannotify thesenderthatitmustdecreaseitstransmissionrateorriskoverwhelmingthereceiverand losingdata.TheTCPheader,forexample,includesaWindowfieldinwhichthereceiver specifiesthenumberofbytesitcanreceivefromthesender.Ifthisvaluedecreasesin succeedingpackets,thesenderknowsthatithastoslowdownitstransmissionrate.When thevaluebeginstoriseagain,thesendercanincreaseitsspeed. ErrorDetectionandRecovery TheOSImodeldocumentdefinestwoformsoferrorrecoverythatcanbeperformedby connection-orientedtransportlayerprotocols.Oneisaresponsetosignalederrors detectedbyotherprotocolsinthestack.Inthismechanism,thetransportlayerprotocol doesnothavetodetectthetransmissionerrorsthemselves.Instead,itreceivesnotification fromaprotocolatthenetworkordatalinklayerthatanerrorhasoccurredandthat specificpacketshavebeenlostorcorrupted.Thetransportlayerprotocolonlyhastosend amessagebacktothesourcesystemlistingthepacketsandrequestingtheir retransmission. Themorecommonlyimplementedformoferrorrecoveryatthetransportlayerisa completeprocessoferrordetectionandcorrectionthatisusedtocopewithunsignaled errors,whichareerrorsthathavenotyetbeendetectedbyothermeans.Eventhoughmost datalinklayerprotocolshavetheirownerror-detectionandcorrectionmechanisms,they functiononlyovertheindividualhopsbetweentwosystems.Atransportlayererrordetectionmechanismprovideserrorcheckingbetweenthetwoendsystemsandincludes thecapabilitytorecoverfromtheerrorsbyinformingthesenderwhichpacketshavetobe resent.Todothis,thechecksumincludedinthetransportlayerprotocolheaderis computedonlyonthefieldsthatarenotmodifiedduringthejourneytothedestination. Fieldsthatroutinelychangeareomittedfromthecalculation. TheSessionLayer Whenyoureachthesessionlayer,theboundariesbetweenthelayersandtheirfunctions starttobecomemoreobscure.Therearenodiscreteprotocolsthatoperateexclusivelyat thesessionlayer.Rather,thesessionlayerfunctionalityisincorporatedintoother protocols,withfunctionsthatfallintotheprovincesofthepresentationandapplication layersaswell.NetworkBasicInput/OutputSystem(NetBIOS)andNetBIOSExtended UserInterface(NetBEUI)aretwoofthebestexamplesoftheseprotocols.Thesession layerprovidesmechanismsbywhichthemessagedialogbetweencomputersis established,maintained,andterminated.Forspecificexamplesthatmayfurtherclarify, seetheISO8327standardthatdefinessessionlayerprotocolsandisassumedtobeused byvariousIOS8823standardprotocolsinthepresentationlayer. Theboundarytothesessionlayerisalsothepointatwhichallconcernforthe transmissionofdatabetweentwosystemsistranscended.Questionsofpacket acknowledgment,errordetection,andflowcontrolareallleftbehindatthispointbecause everythingthatcanbedonehasbeendonebytheprotocolsatthetransportlayerand below. Thesessionlayerisalsonotinherentlyconcernedwithsecurityandthenetworklogon process,asthenameseemstoimply.Rather,theprimaryfunctionsofthislayerconcern theexchangeofmessagesbetweenthetwoconnectedendsystems,calledadialog.There arealsonumerousotherfunctionsprovidedatthislayer,whichreallyservesasa multipurpose“toolkit”forapplicationdevelopers. Theservicesprovidedbythesessionlayerarewidelymisunderstood,andevenatthe timeoftheOSImodel’sdevelopment,therewassomequestionconcerningwhetherthey shouldbeallottedalayeroftheirown.Infact,22differentservicesareprovidedbythe sessionlayer,groupedintosubsetssuchastheKernelFunctionUnit,theBasicActivity Subset,andtheBasicSynchronizationSubset.Mostoftheseservicesareofinterestonly toapplicationdevelopers,andsomeareevenduplicatedasaresultofacompromisethat occurredwhenthetwocommitteescreatingOSImodelstandardswerecombined. CommunicationsbetweenthelayersoftheOSIreferencemodelarefacilitatedthrough theuseofservicerequestprimitives,whicharethetoolsinthetoolkit.Eachlayerprovides servicestothelayerimmediatelyaboveit.Aprocessatagivenlayertakesadvantageofa serviceprovidedbythelayerbelowbyissuingacommandusingtheappropriateservice requestprimitive,plusanyadditionalparametersthatmayberequired.Thus,an applicationlayerprocessissuesarequestforanetworkresourceusingaprimitive providedbythepresentationlayer.Therequestisthenpasseddownthroughthelayers, witheachlayerusingtheproperprimitiveprovidedbythelayerbelow,untilthemessage isreadyfortransmissionoverthenetwork.Oncethepacketarrivesatitsdestination,itis decodedintoindicationprimitivesthatarepassedupwardthroughthelayersofthestack tothereceivingapplicationprocess. Thetwomostimportantservicesattributedtothesessionlayeraredialogcontroland dialogseparation.Dialogcontrolisthemeansbywhichtwosystemsinitiateadialog, exchangemessages,andfinallyendthedialogwhileensuringthateachsystemhas receivedthemessagesintendedforit.Whilethismayseemtobeasimpletask,consider thefactthatonesystemmighttransmitamessagetotheotherandthenreceiveamessage withoutknowingforcertainwhentheresponsewasgenerated.Istheothersystem respondingtothemessagejustsentorwasitsresponsetransmittedbeforethatmessage wasreceived?Thissortofcollisioncasecancauseseriousproblems,especiallywhenone ofthesystemsisattemptingtoterminatethedialogorcreateacheckpoint.Dialog separationistheprocessofinsertingareferencemarkercalledacheckpointintothedata streampassingbetweenthetwosystemssothatthestatusofthetwomachinescanbe assessedatthesamepointintime. DialogControl Whentwoendsystemsinitiateasessionlayerdialog,theychooseoneoftwomodesthat controlsthewaytheywillexchangemessagesforthedurationofthesession:eithertwo- wayalternate(TWA)ortwo-waysimultaneous(TWS)mode.Eachsessionconnectionis uniquelyidentifiedbya196-bytevalueconsistingofthefollowingfourelements: •InitiatorSS-USERreference •ResponderSS-USERreference •Commonreference •Additionalreference Oncemade,thechoiceofmodeisirrevocable;theconnectionmustbeseveredand reestablishedinordertoswitchtotheothermode. InTWAmode,onlyoneofthesystemscantransmitmessagesatanyonetime. Permissiontotransmitisarbitratedbythepossessionofadatatoken.Eachsystem,atthe conclusionofatransmission,sendsthetokentotheothersystemusingtheS-TOKENGIVEprimitive.Onreceiptofthetoken,theothersystemcantransmititsmessage. TheuseofTWSmodecomplicatesthecommunicationprocessenormously.Asthe nameimplies,inaTWSmodeconnection,thereisnotoken,andbothsystemscan transmitmessagesatthesametime. NOTERememberthatthereferencestotokensandconnectionsatthesession layerhavenothingtodowiththesimilarlynamedelementsinlower-layer protocols.Asessionlayertokenisnottheequivalentofthetokenframe usedbytheTokenRingprotocol,norisasessionlayerconnectionthe equivalentofatransportlayerconnectionsuchasthatusedbyTCP.Itis possibleforendsystemstoterminatethesessionlayerconnectionwhile leavingthetransportlayerconnectionopenforfurthercommunication. Theuseofthetokenpreventsproblemsresultingfromcrossedmessagesandprovides amechanismfortheorderlyterminationoftheconnectionbetweenthesystems.An orderlyterminationbeginswithonesystemsignalingitsdesiretoterminatetheconnection andtransmittingthetoken.Theothersystem,onreceivingthetoken,transmitsanydata remaininginitsbuffersandusestheS-RELEASEprimitivetoacknowledgethe terminationrequest.OnreceivingtheS-RELEASEprimitive,theoriginalsystemknows thatithasreceivedallofthedatapendingfromtheothersystemandcanthenusetheSDISCONNECTprimitivetoterminatetheconnection. Thereisalsoanegotiatedreleasefeaturethatenablesonesystemtorefusetherelease requestofanother,whichcanbeusedincasesinwhichacollisionoccursbecauseboth systemshaveissuedareleaserequestatthesametime,andareleasetokenthatprevents theoccurrenceofthesecollisionsinthefirstplacebyenablingonlyonesystematatime torequestarelease. Allofthesemechanismsare“tools”inthekitthatthesessionlayerprovidesto applicationdevelopers;theyarenotautomaticprocessesworkingbehindthescenes.When designinganapplication,thedevelopermustmakeanexplicitdecisiontousetheSTOKEN-GIVEprimitiveinsteadofS-TOKEN-PLEASE,forexample,ortousea negotiatedreleaseinsteadofanorderlytermination. DialogSeparation Applicationscreatecheckpointsinordertosavetheircurrentstatustodiskincaseofa systemfailure.ThiswasamuchmorecommonoccurrenceatthetimethattheOSImodel wasdevelopedthanitisnow.Aswiththedialogcontrolprocessesdiscussedearlier, checkpointingisaprocedurethatmustbeexplicitlyimplementedbyanapplication developerasneeded. Whentheapplicationinvolvescommunicationbetweentwosystemsconnectedbya network,thecheckpointmustsavethestatusofbothsystemsatthesamepointinthedata stream.Performinganyactivityatpreciselythesamemomentontwodifferentcomputers isnearlyimpossible.Thesystemsmightbeperformingthousandsofactivitiespersecond, andtheirtimingisnowherenearaspreciseaswouldbeneededtoexecuteaspecifictask simultaneously.Inaddition,theproblemagainarisesofmessagesthatmaybeintransitat thetimethecheckpointiscreated.Asaresult,dialogseparationisperformedbysavinga checkpointataparticularpointinthedatastreampassingbetweenthetwosystems,rather thanataparticularmomentintime. WhentheconnectionusesTWAmode,thecheckpointingprocessisrelativelysimple. OnesystemcreatesacheckpointandissuesaprimitivecalledS-SYNC-MINOR.The othersystem,onreceivingthisprimitive,createsitsowncheckpoint,secureinthe knowledgethatnodataisleftintransitatthetimeofsynchronization.Thisiscalleda minorsynchronizationbecauseitworkswithdataflowinginonlyonedirectionatatime andrequiresonlyasingleexchangeofcontrolmessages. ItisstillpossibletoperformaminorsynchronizationinTWSmodeusingaspecial tokenthatpreventsbothsystemsfromissuingtheS-SYNC-MINORprimitiveatthesame time.IfitwaspossibletoswitchfromTWStoTWAmodeinmidconnection,theuseofan additionaltokenwouldnotbenecessary,butmodeswitchingisnotpossible.Thisis somethingthatmanypeoplethinkisamajorshortcominginthesessionlayer specification. Inmostcases,systemsusingTWSmodecommunicationsmustperformamajor synchronization,whichaccountsnotonlyfortrafficthatcanberunninginbothdirections butalsoforexpeditedtraffic.AprimitivecalledS-EXPEDITEDenablesonesystemto transmittotheotherusingwhatamountstoahigh-speedpipelinethatisseparatefromthe normalcommunicationschannel.Toperformamajorsynchronization,thesystemin possessionofyetanothertokencalledthemajor/activitytokenissuesaprimitivecalledSSYNC-MAJORandthenstopstransmittinguntilitreceivesaresponse.However,the systemissuingthisprimitivecannotcreateitscheckpointyet,asinaminor synchronization,becausetheremaybetrafficfromtheothersystemcurrentlyintransit. Onreceivingtheprimitive,theothersystemisabletocreateitsowncheckpoint becauseallofthedataintransithasbeenreceived,includingexpediteddata,whichhasto havearrivedbeforetheprimitive.Thereceivingsystemthentransmitsaconfirmation responseoverthenormalchannelandtransmitsaspecialPREPAREmessageoverthe expeditedchannel.Thesystemthatinitiatedthesynchronizationprocedurereceivesthe PREPAREmessagefirstandthentheconfirmation,atwhichtimeitcancreateitsown checkpoint. ThePresentationLayer Unlikethesessionlayer,whichprovidesmanydifferentfunctions,thepresentationlayer hasonlyone.Infact,mostofthetime,thepresentationlayerfunctionsprimarilyasapassthroughservice,meaningthatitreceivesprimitivesfromtheapplicationlayerandissues duplicateprimitivestothesessionlayerbelowusingthePresentationServiceAccessPoint (PSAP)andtheSessionServiceAccessPoint(SSAP).Allofthediscussioninthe previoussectionsaboutapplicationsutilizingsessionlayerservicesactuallyinvolvesthe useofthepass-throughserviceatthepresentationlayerbecauseitisimpossiblefora processatanylayeroftheOSImodeltocommunicatedirectlywithanylayerotherthan theoneimmediatelyaboveorbeneathit.Thepresentationlayernegotiatestheuseofa transfersyntaxthatissupportedbybothoftheconnecteddevicessotheendsystemsof differenttypescancommunicate. Whilethebasicfunctionsoftheprimitivesarenotchangedastheyarepasseddown throughthepresentationlayer,theycanundergoacrucialtranslationprocessthatisthe primaryfunctionofthelayer.Applicationsgeneraterequestsfornetworkresourcesusing theirownnativesyntax,butthesyntaxoftheapplicationatthedestinationsystem receivingtherequestmaybedifferentinseveralways.Thesystemsmightalsoimplement encryptionand/orcompressiononthedatatobetransmittedoverthenetwork. Thistranslationprocessoccursintwophases,oneofwhichrunsatthepresentation layeroneachsystem.Eachcomputermaintainsanabstractsyntax,whichisthenative syntaxfortheapplicationrunningonthatsystem,andatransfersyntax,whichisa commonsyntaxusedtotransmitthedataoverthenetwork.Thepresentationlayeronthe systemsendingamessageconvertsthedatafromtheabstractsyntaxtothetransfersyntax andthenpassesitdowntothesessionlayer.Whenthemessagearrivesatthedestination system,thepresentationlayerconvertsthedatafromthetransfersyntaxtotheabstract syntaxoftheapplicationreceivingthemessage.Thetransfersyntaxchosenforeach abstractsyntaxisbasedonanegotiationthatoccurswhenapresentationlayerconnection isestablishedbetweentwosystems.Dependingontheapplication’srequirementsandthe natureoftheconnectionbetweenthesystems,thetransfercontextmayprovidedata encryption,datacompression,orasimpletranslation. NOTEThepresentationlayerconnectionisnotsynonymouswiththe connectionsthatoccuratthelowerlayers,noristheredirect communicationbetweenthepresentationlayersofthetwosystems. Messagestraveldownthroughtheprotocolstacktothephysicalmedium andupthroughthestackonthereceivertothepresentationlayerthere. ThesyntaxnegotiationprocessbeginswhenonesystemusestheP-CONNECT primitivetotransmitasetofpresentationcontexts,whicharepairsofassociatedabstract contextsandtransfercontextssupportedbythatsystem.Eachpresentationcontextis numberedusingauniqueodd-numberedintegercalledapresentationcontextidentifier. Withthismessage,onesystemisessentiallyinformingtheotherofitspresentationlayer capabilities.Themessagemaycontainmultipletransfercontextsforeachabstractcontext togivethereceivingsystemachoice. OncetheothersystemreceivestheP-CONNECTmessage,itpassesthepresentation contextsuptotheapplication-layerprocesses,whichdecidewhichofthetransfercontexts supportedbyeachabstractcontexttheywanttouse.Thereceiverthenreturnsalistof contextstothesenderwitheitherasingletransfercontextoranerrormessagespecified foreachabstractcontext.Onreceiptbytheoriginalsender,thislistbecomesthedefined contextset.Errormessagesindicatethatthereceivingsystemdoesnotsupportanyofthe transfercontextsspecifiedforaspecificabstractcontext.Oncethenegotiationprocessis completed,thesystemscanproposenewpresentationcontextsforadditiontothedefined contextsetorremovecontextsfromthesetusingaprimitivecalledP-ALTER-CONTEXT. TheApplicationLayer Asthetoplayerintheprotocolstack,theapplicationlayeristheultimatesourceand destinationforallmessagestransmittedoverthenetwork.Alloftheprocessesdiscussed intheprevioussectionsaretriggeredbyanapplicationthatrequestsaccesstoaresource locatedonanetworksystem.Application-layerprocessesarenotnecessarilysynonymous withtheapplicationsthemselves,however.Forexample,ifyouuseawordprocessorto openadocumentstoredonanetworkserver,youareredirectingalocalfunctiontothe network.Thewordprocessoritselfdoesnotprovidetheapplicationlayerprocessneeded toaccessthefile.Inmostcases,itisanelementoftheoperatingsystemthatdistinguishes betweenrequestsforfilesonthelocaldriveandthoseonthenetwork.Otherapplications, however,aredesignedspecificallyforaccessingnetworkresources.Whenyouruna dedicatedFTPclient,forexample,theapplicationitselfisinseparablefromtheapplication layerprotocolitusestocommunicatewiththenetwork.Theapplicationlayerprotocolis theinterfacebetweentheapplicationrunningonthecomputerthatisrequestingthe servicesofthenetworkandtheprotocolstackthatconvertsthatrequestintothe transmittedsignals. Someoftheotherprotocolsthatarecloselytiedtotheapplicationsthatusethemare asfollows: •DHCPDynamicHostConfigurationProtocol •TFTPTrivialFileTransferProtocol •DNSDomainNameSystem •NFSNetworkFileSystem •RIPRoutingInformationProtocol •BGPBorderGatewayProtocol NOTETheseprotocolsaresomewhatdifferentfromapplicationsthatare designedfortheusers,suchaswordprocessorsorspreadsheets.These protocolsareprimarilydesignedtobeusedbythesystems. Inbetweenthesetwoextremesarenumerousapplicationtypesthataccessnetwork resourcesindifferentwaysandfordifferentreasons.Thetoolsthatmakethataccess possiblearelocatedintheapplicationlayer.Someapplicationsuseprotocolsthatare dedicatedtospecifictypesofnetworkrequests,suchastheSimpleMailTransport Protocol(SMTP)andPostOfficeProtocol(POP3)bothusedfore-mail,theSimple NetworkManagementProtocol(SNMP)usedforremotenetworkadministration,andthe HypertextTransferProtocol(HTTP)usedforWorldWideWebcommunications. Asyouhaveseeninthischapter,thebottomfourlayersoftheOSIreferencemodel performfunctionsthatareeasilydifferentiated,whilethefunctionsofthesession, presentation,andapplicationlayerstendtobleedtogether.Manyoftheapplicationlayer protocolslistedherecontainfunctionsthatrightlybelongatthepresentationorsession layers,butitisimportantnottolettheOSImodelassertitselftooforciblyintoyour perceptionofdatanetworking.Themodelisatoolforunderstandinghownetworks function,notaguideforthecreationofnetworkingtechnologies. PART II NetworkHardware CHAPTER3 NetworkInterfaceAdapters CHAPTER4 NetworkInterfaceAdaptersandConnectionDevices CHAPTER5 CablingaNetwork CHAPTER6 WirelessLANs CHAPTER7 WideAreaNetworks CHAPTER8 ServerTechnologies CHAPTER9 DesigningaNetwork CHAPTER 3 NetworkInterfaceAdapters Everycomputerthatparticipatesonanetworkmusthaveaninterfacetothatnetwork, usingeitheracableorsomeformofwirelesssignalthatenablesittotransmitdatatothe otherdevicesonthenetwork.Themostcommonformofwirednetworkinterfaceispart ofthemainboardandconnectstoanetworkcable,typicallyreferredtoasanetwork interfacecard(orcontroller),orNICforshort(seeFigure3-1).Alsocalledanetwork interfaceadapter,thisisnormallyanEthernetconnectionandisusedbysmalland medium-sizedbusinessesaswellashomenetworkconfigurations. Figure3-1AtypicalEthernetnetworkcard(photoprovidedbyDsimicatEnglishWikipediaundertheGNUFree DocumentationLicense) NICFunctions Thenetworkinterfaceadapter,incombinationwiththenetworkadapterdriver, implementsthedatalinklayerprotocolusedonthecomputer,usuallyEthernet,aswellas partofthephysicallayer.TheNICalsoprovidesthelinkbetweenthenetworklayer protocol,whichisimplementedcompletelyintheoperatingsystem,andthenetwork medium,whichisusuallyacableconnectedtotheNIC.IfyouuseanEthernetNIC,your connectionismadewithanEthernetcablewithanRJ-45connection.TheRJ-45connector lookslikeatelephoneconnection(RJ-11)butislarger. TheNICanditsdriverperformthebasicfunctionsneededforthecomputertoaccess thenetwork.Theprocessoftransmittingdataconsistsofthefollowingsteps(which, naturally,arereversedduringpacketreception): 1.DatatransferThedatastoredinthecomputer’smemoryistransferredtothe NICacrossthesystembususingoneofthefollowingtechnologies:directmemory access(DMA),sharedmemory,orprogrammedI/O. 2.DatabufferingTherateatwhichthePCprocessesdataisdifferentfromthe transmissionrateofthenetwork.TheNICincludesmemorybuffersthatitusesto storedatasoitcanprocessanentireframeatonce. NOTEBandwidthisthetermusedtoindicatespeedcapabilitiesofthe physicaldevicesusedwheninteractingwithanetwork.BasicEthernet, forexample,hasabandwidthof10Mbps,sousinganInternetconnection fasterthanthatwouldbelargelywastedspeed.FastEthernetreaches100 Mbps,usuallyadequateforhomecomputerconnections.GigabitEthernet canreach1Gbps,and10GigabitEthernetis10Gbps.Evenwireless connectionsarelimitedbybandwidth.Wireless802.11bis11Mbps,and Wireless-G802.11ghasatopspeedof54Mbps.Wireless-N802.11can reach300Mbps. 3.FrameconstructionTheNICreceivesdatathathasbeenpackagedbythe networklayerprotocolandencapsulatesitinaframethatconsistsofitsowndata linklayerprotocolheaderandfooter.Dependingonthesizeofthepacketandthe datalinklayerprotocolused,theNICmayalsohavetosplitthedatainto segmentsoftheappropriatesizefortransmissionoverthenetwork.Forincoming traffic,theNICreadstheinformationinthedatalinklayerframe,verifiesthatthe packethasbeentransmittedwithouterror,anddetermineswhetherthepacket shouldbepasseduptothenextlayerinthenetworkingstack.lfso,theNICstrips offthedata1inklayerframeandpassestheencloseddatatothenetworklayer protocol. 4.MediaaccesscontrolTheNICisresponsibleforarbitratingthesystem’s accesstothesharednetworkmedium,usinganappropriatemediaaccesscontrol (MAC)mechanism.Thisisnecessarytopreventmultiplesystemsonthenetwork fromtransmittingatthesametimeandlosingdatabecauseofapacketcollision. TheMACmechanismisthesinglemostdefiningelementofadatalinklayer protocol.(TheMACmechanismisnotneededforincomingtraffic.) 5.Parallel/serialconversionThesystembusconnectingtheNICtothe computer’smainmemoryarraytransmitsdata16or32bitsatatimeinparallel fashion,whiletheNICtransmitsandreceivesdatafromthenetworkserially—that is,onebitatatime.TheNICisresponsiblefortakingtheparalleldata transmissionthatitreceivesoverthesystembusintoitsbuffersandconvertingit toaserialbitstreamfortransmissionoutoverthenetworkmedium.Forincoming datafromthenetwork,theprocessisreversed. 6.Dataencoding/decodingThedatageneratedbythecomputerinbinaryform mustbeencodedinamattersuitableforthenetworkmediumbeforeitcanbe transmitted,andinthesameway,incomingsignalsmustbedecodedonreceipt. Thisandthefollowingsteparethephysicallayerprocessesimplementedbythe NIC.Foracoppercable,thedataisencodedintoelectricalimpulses;forfiberopticcable,thedataisencodedintopulsesoflight.Othermediamayuseradio waves,infraredlight,orothertechnologies.Theencodingschemeisdetermined bythedatalinklayerprotocolbeingused. 7.Datatransmission/receptionTheNICtakesthedataithasencoded, amplifiesthesignaltotheappropriateamplitude,andtransmitsitoverthenetwork medium.Thisprocessisentirelyphysicalanddependswhollyonthenatureofthe signalusedonthenetworkmedium. TheNICalsoprovidesthedatalinklayerhardware(orMAC)addressthatisusedto identifythesystemonthelocalnetwork.Mostdatalinklayerprotocolsrelyonaddresses thatarehard-codedintotheNICbythemanufacturer.Inactuality,theMACaddress identifiesaparticularnetworkinterface,notnecessarilythewholesystem.Inthecaseofa computerwithtwoNICsinstalledandconnectedtotwodifferentnetworks,eachNIChas itsownMACaddressthatidentifiesitonthenetworktowhichitisattached. Someolderprotocols,suchasARCnet,requiredthenetworkadministratortosetthe hardwareaddressmanuallyoneachNIC.Ifsystemswithduplicateaddresseswereonthe network,communicationsproblemsresulted.Today,MACaddressesareassignedintwo parts,muchlikeIPaddressesanddomainnames.TheInstituteofElectricalandElectronic Engineers(IEEE)maintainsaregistryofNICmanufacturersandassigns3-byteaddress codescalledorganizationallyuniqueidentifiers(OUIs)tothemasneeded. NICFeatures Inadditiontothebasicfunctionalitydescribedthusfar,NICscanhaveavarietyofother features,dependingonthemanufacturer,protocol,pricepoint,andthetypeofcomputerin whichthedeviceistobeused.Someofthesefeaturesarediscussedinthefollowing sections. FullDuplex Mostofthedatalinklayerprotocolsthatusetwisted-paircableseparatethetransmitted andreceivedsignalsontodifferentwirepairs.Evenwhenthisisthecase,however,the NICtypicallyoperatesinhalf-duplexmode,meaningthatatanygiventime,itcanbe transmittingorreceivingdata,butnotbothsimultaneously.NICsthatoperateinfullduplexmodecantransmitandreceiveatthesametime,effectivelydoublingthe throughputofthenetwork(seeFigure3-2). Figure3-2Full-duplexsystemscantransferdatainbothdirectionsatthesametime,whilehalf-duplexsystemstransfer informationinonedirectionatatime. WhenaNICisoperatinginfull-duplexmode,itcantransmitandreceivedataatany time,eliminatingtheneedforamediaaccesscontrolmechanism.Thisalsoeliminates collisions,whichincreasestheoverallefficiencyofthenetwork.Runningafull-duplex networkrequiresmorethanjustNICsthatsupportthisfeature,however.Thehub,switch, router,orotherdevicetowhicheachcomputerconnectsmustalsosupportfull-duplex operation. BusMastering Normally,whendataistransmittedbetweenthecomputer’smemoryandanexpansion cardoverthesystembus,theprocessorfunctionsasthemiddleman,readingdatafromthe sourceandtransmittingittothedestination.Thisutilizesprocessorclockcyclesthatcould otherwiseberunningapplicationsorperformingotherimportanttasks.Anexpansioncard capableofbusmasteringhasachipsetthatarbitratesthecard’saccesstothebus, eliminatingtheneedforthesystemprocessor’sinvolvementinthetransferofdatatoand frommemory.BusmasteringNICsenablethecomputertooperatemoreefficiently becausetheyconservetheprocessorclockcyclesthatwouldotherwisebeexpendedin datatransfers. ParallelTasking ParallelTaskingisafeaturethatwasdevelopedby3ComCorporationandsubsequently implementedbyotherNICmanufacturers,usingdifferentnames.Thetermdescribesa processbywhichtheNICcanbegintotransmitapacketoverthenetworkwhilethedata isstillbeingtransferredtotheNICoverthesystembus.ANICwithoutthiscapability mustwaituntilanentirepacketisstoredinitsbuffersbeforeitcantransmit.Today,many NICsfeatureParallelTaskingII,whichimprovesbusmasteringcommunicationsoverthe PeripheralComponentInterconnect(PCI)bus.Previously,aPCINICcouldtransferonly 64bytesatatimeduringasinglebusmasteroperation,whichrequireddozensof operationstotransfereachpacket.ParallelTaskingIIenablestheNICtostreamuptoan entireEthernetpacket’sworthofdata(1,518bytes)duringasinglebusmasteroperation. Wake-on-LANorWake-on-Wireless-LAN Today’sindustrystandard,Wake-on-LAN(WoL)isafeaturethatenablesacomputerto “wake”fromaverylowpowerstate.WoLisanenhancementbuiltintonetworkinterface adaptersandcomputermotherboardsthatenablesanadministratortoturnacomputeron fromaremotelocation.Onceturnedon,theadministratorcanperformanynecessary maintenancetasks.Forthisfeaturetofunction,boththecomputer’smotherboardandthe NICmusthaveathree-pinremotewake-upconnector,whichisconnectedwithacable. Whenthecomputeristurnedoff,itactuallyswitchestoalow-powersleepstateinsteadof beingcompletelypoweredoff.Whileinthisstate,theNICcontinuouslymonitorsthe networkforaspecialwake-uppacketthatcanbedeliveredtoitbyadesktopmanagement applicationrunningonanadministrator’scomputer. WhentheNICreceivesthepacket,itsignalsthemotherboard,whichinturnswitches thepowersupplybackintoitsfullpowerstate,effectivelyturningonthecomputer.Once thecomputerisupandrunning,theadministratorcantakecontrolofthesystemusing whatevertoolsareavailable. SelectingaNIC WhenyourmainboarddoesnothaveanacceptableNICoryousimplywanttoupgradethe built-incard,youneedtoconsiderseveralfactors: •Thedatalinklayerprotocolusedbythenetwork •Thetransmissionspeedofthenetwork •ThetypeofinterfacethatconnectstheNICtothenetwork •ThetypeofsystembusintowhichyouwillinstalltheNIC •ThehardwareresourcestheNICrequires •TheelectricpowertheNICrequires •TheroleofthecomputerusingtheNIC(serverversusworkstationandhome versusoffice) •Appropriatedriveravailability NOTEThemostcommonnetworkinterfacecardsareaPCI,ISA,or PCMCIAcard.Thekindyouchooselargelydependsonthecomputeryou willbeinstallingthecardinandwhattypeofinterfacethatcomputer offers.APCIcardgoesintoaPCIslotofyourcomputerandoperatesata fastspeed.Thisisthemostcommonchoiceformostusers.AnISAcard thatconnectstoacomputer’smotherboardcanbelessexpensivethana PCIcardbutmayalsobelessreliable.PCMCIAcardsareplacedinan appropriateslotinlaptops. Thefollowingsectionsexaminethesecriteriaandhowtheycanaffecttheperformance oftheNICandyournetwork. Protocol Thedatalinklayerprotocolisthesinglemostdefiningcharacteristicofanetwork interfaceadapter.ThemostpopularprotocolusedatthedatalinklayerisEthernet,but NICsarealsoavailablethatsupportTokenRing,FDDI,ATM,andothers,aswellas variationsontheseprotocols. Allofthecomputersonthenetworkmust,ofcourse,beusingthesamedatalinklayer protocol,andtheselectionofthatprotocolshouldbeadecisionmadelongbeforeyou’re readytopurchaseNICs.Thisisbecausealloftheothernetworkhardware,suchascables, hubs,andotherdevices,arealsoprotocolspecific.TheNICyouselectmustalsosupport thetypeofcableorothermediumthenetworkuses,aswellasthetransmissionspeedof thenetwork.YoucanalsoselectEthernetNICsthatsupporttheuseofunshieldedtwistedpair(UTP),twotypesofcoaxial,orfiber-opticcable,aswellasvarioustypesofwireless transmissions.Theseareallaspectsofthenetworkconfigurationthatyoumustconsider beforemakingNICpurchases. TransmissionSpeed Somedatalinklayerprotocolscanrunatdifferentspeeds,andthecapabilityofaNICto supportthesespeedscanbeanimportantpartofselectingthecorrectproductforyour network.Insomeprotocols,anincreaseinspeedhasbeenfullyassimilatedintothe technology,whileinothers,thefasterversionisstillanoptionalfeature.FastEthernet (runningat100Mbps)has,forallpracticalpurposes,replacedtraditional10Mbps Ethernet.SomeoftheFastEthernetNICsmanufacturedtodayarecombinationdevices thatsupportboth10and100Mbpsoperation,makingitpossibletograduallyupgradean olderEthernetnetwork.WhentheconnectionisestablishedbetweentheNICandthehub, thedevicesnegotiatethehighestpossiblespeedtheyhaveincommon. NetworkInterface Thetypeofcable(orothermedium)thatformsthefabricofthenetworkdeterminesthe networkinterfaceusedontheNIC.Thenetworkcabletypeistypicallyselectedatthe sametimeasthedatalinklayerprotocol,andtheNICsyoupurchasemustsupportthat medium.Somedatalinklayerprotocolssupportdifferenttypesofcables,andNICsare availableforeachone,whileotherprotocolsaredesignedtouseonlyonetypeofcable. Today,youcanchoosetoinstallaNICthatusestheEthernetcablewithanRJ-45 connector.ThePCIorPCIExpresscardsrequirethatyouopenthecomputertoinstallthe cards.YoucanalsopurchaseUniversalSerialBus(USB)devicesthatsimplyconnectto yourcomputerataUSBport. Ethernetalsosupportstheuseoffiber-opticcableinthatitcarriesdatacodedinto lightpulsesratherthanintoelectricvoltages.Thecomponentsonafiber-opticNICare thereforesubstantiallydifferentinform(ifnotfunction)fromthoseonacopper-based EthernetNIC,includingthenetworkinterface,whichisusuallyastraight-tip(ST) connector.FastEthernetcanusefiber-opticcabletorunat100Mbpsoverfarlonger distancesthananycoppermedium.Becauseofthesetechnologicaldifferences,fiber-optic FastEthernetNICsarenotusuallycombinedwithothertechnologies.Fiber-opticnetwork hardwareisoftenmoreexpensivethancomparablecopper-basedproducts. BusInterface Thenetworkinterfaceadapterenablesanetworksystemtotransmitdatafromitsmain memoryarraytoanoutsidedestination,justlikeaparallelorserialportdoes.Thedata travelsfromthememorytothenetworkadapteracrossthesystembus,inthesamemanner aswithanyotherexpansioncard,likeagraphicsoraudioadapter.ThetypeofbustheNIC usestocommunicatewiththecomputercanaffecttheperformanceofthenetwork connection,buttheselectionofabustypefortheNICisuniquetoeachcomputer.PCIis thebustypeusedinvirtuallyallofthedesktopcomputerssoldtoday.Laptopsandother portablesusethePCCardbus(formerlyknownasthePersonalComputerMemoryCard InternationalAssociation,orPCMCIAbus).Oldersystemsusedvariousothertypesof expansionbuses,suchasVESALocalBus(VLB),MicroChannelArchitecture(MCA),or ExtendedIndustryStandardArchitecture(EISA).USBadaptersrequirenointernal installation.Yousimplyplugtheadapterintoacomputer’sUSBport,plugthenetwork cableintotheadapter,andinstalltheappropriatedriverforthenewdevice.Noexternal powerconnectionisneeded;theadapterderivespowerfromthebus.Thismakesforan extremelysimpleinstallation,buttheperformanceofaUSBnetworkadaptercanbe inferiortootherNICs. Table3-lliststhecharacteristicsofthesebusesandtheirrespectivebusspeed. Table3-1PCBusTypes,Widths,Speed,andBandwidth Bottlenecks Thebustypeselectioncanaffectnetworkperformanceiftheselectedbusisslowenough tocauseabottleneckinthenetwork.Innetworking,abottleneckoccurswhenoneelement ofanetworkconnectionrunsatasignificantlyslowerspeedthanalloftheothers.This cancausetheentirenetworktoslowdowntothespeedofitsweakestcomponent, resultinginwastedbandwidthandneedlessexpense.Asanexaggeratedexample,consider anetworkthatconsistsofmodernPCswiththefastprocessors,connectedbyaFast Ethernetnetworkrunningat100Mbps.AlloftheworkstationsonthenetworkhaveNICs thatusethePCIbusexceptforthemaindatabaseserver,whichhasanoldISANIC.The resultofthisisthattheISANICwillprobablybetheslowestcomponentinallofthe workstation/serverconnectionsandwillbeabottleneckthatpreventstherestofthe equipmentfromachievingitsfullpotential. Theprocessofidentifyingactualbottlenecksisrarelythisclean-cut.Justbecausea networkprotocolrunsat100Mbpsdoesn’tmeanthatdataiscontinuouslytravelingover thecableatthatspeed,andtherawspeedofaparticularbustypeisnotindicativeofthat actualthroughputrateforthedatageneratedbythesystem.However,itisagoodideato usecommonsensewhenpurchasingNICsandtotrytomaximizetheperformanceofyour network. ISAorPCI? Ifyouhavetodealwiththeolderbustypes,youmayencounterIndustryStandard Architecture(ISA)cards.Thechoiceformostdesktopsystemsmanufacturedafterabout 1995wasbetweenISAandPCI.ForatraditionalEthernetnetworkrunningat10Mbpsor aTokenRingnetworkrunningat4or16Mbps,anISANICwasmorethansufficient.In fact,ISANICscanbeperfectlyserviceableon100Mbpsnetworksaswell,atleastfor workstations,becausetheaveragenetworkuserdoesnotrequireanythingapproaching 100Mbpsofbandwidthonacontinuousbasis.ThemainreasonfortheISANICbeingthe bottleneckinthescenariodescribedearlieristhatitisinstalledintheserver.AserverPC thatishandlingdatarequestsgeneratedbydozensorhundredsofworkstations simultaneouslynaturallyrequiresmorebandwidththananysingleworkstation.Inaserver, therefore,theuseofthefastestbusavailableisalwaysrecommended. However,thereisanotherelementtothebustypedecisionthatyoumustconsider,and thatistheavailabilityofexpansionbusslotsinyourcomputers.Obviously,toinstalla networkinterfacecardintoaPC,itmusthaveafreebusslot.LegacyPCshavevarying numbersofPCIandISAslots,andthehardwareconfigurationofthemachinedetermines howmanyofthoseslots(ifany)arefree.Manyolder“full-featuredcomputers”have peripheraldevicesinstalledthatoccupymanyofthebusslots.Becauseitispossiblefora cardtooccupyaslotwithoutprotrudingthroughthebackofthecomputer,simplylooking attheoutsideofasystemisnotsufficienttodeterminehowmanyfreeslotsthereare.You mustopenthemachinetocheckforfreeslotsandtodeterminewhichtypesofslotsare available.Ifnoslotsareavailable,anexternalnetworkadapterusingtheUSBportmaybe youronlyrecourse. Administratorsoflargenetworksoftenpurchaseworkstationsthatdonothaveallthe state-of-the-artfeaturesfoundinmanyhomesystems,whichmayleavemoreslotsfreefor additionalcomponentssuchasaNIC.Inaddition,PCstargetedatthecorporatemarketare morelikelytohaveperipheraldevicessuchasaudioandvideoadaptersintegratedintothe motherboard,whichalsocanleavemorefreeslots.However,anofficecomputermayalso useaslimlineorlow-profilecasedesignthatreducesthenumberofslotstominimizethe computer’sfootprint. Eveninlegacysystems,theselectionofthebustypefortheNICshouldbebasedon thenetworkbandwidthrequirementsoftheuserandnotonthetypeofbusslotthe computerhasfree.However,youmayhavenootherchoicethantoputanISANICina computerthatcouldbenefitfromaPCIcardbuthasonlyanISAslotfree. IntegratedAdapters Asmentionedearlier,manyPCshaveperipheraldevicesintegratedintothemotherboard. Oneofthesedevicesmaybethenetworkinterfaceadapter.Becauseanintegratednetwork adapterisnotaseparatecard,itcannotrightfullybecalledaNIC,butitdoesperformthe samefunctionasanetworkadapterthatisinstalledintothesystem’sexpansionbus. Althoughtheyreducethedistancethesignalshavetotraveltoreachtheadapterandavoid theelectricalinterferencethatoccursduringabustransfer,theproblemwithintegrated networkadaptersisthattheyarenotupgradable.Asystemthathasanintegratednetwork adapterisundernoobligationtouseit.Youcannearlyalwaysdisabletheadapterby goingthroughthesystemBIOS,bymanipulatingaswitchorjumperonthemotherboard, orsimplybyinstallingaNICintoabusslot.Youmightfindadealonworkstationswith thewrongtypeofintegratednetworkadapterthatisgoodenoughtobeworthbuyingNICs forthecomputersaswell. Fiber-OpticNICs Thefirstconsiderationsforchoosingafiber-opticnetworkcardarenetworktypeand transmissionrate.Considerthebandwidthneedsoftheserverorworkstation,alongwith thephysicalmediumusedfortransmissiontodeterminethetransmissionrateofthecard youpurchase.SinceEthernetoffersspeedsthatvarybetween10Mbps,10/100Mbps, 1000Mbps,andeven10Gbps,itisusuallybesttochooseacardthatworkswiththe lowestcomponentinthenetwork.Forexample,ifyournetworkusesa100Mbpscable, usinga1000Mbpscardwillstillonlyresultin100Mbps. Also,payattentiontothebustype.Serversandworkstationstypicallyusesomeform ofthePCIbus,suchasthePeripheralComponentInterconnectExpress(PCIe)card. Today,mostPCsnolongersupporttheISAconnector,sowhenyoupurchasenetwork cardsforyourPC,donotbuytheoutdatedISAnetworkcard.Instead,chooseacurrent PCIcard. Remember,youmustalsoconsidertheconnectortypeusedbytheNIC.Thenetwork cardneedstobeconnectedwiththenetwork,soitmusthaveafiber-opticconnectorto linkwithothercomputernetworkequipment. PortableSystems NetworkinterfaceadaptersforlaptopsandotherportablesystemstaketheformofPC CardBusNICsorUSB-connectedadapters.Assuch,considerthespeedofthenetwork withwhichyouwillbeconnecting,aswellasthepriceandreliabilityofthedeviceyou choose. HardwareResourceRequirements InadditiontoabusslotoranavailableUSBport,acomputermusthavetheappropriate hardwareresourcesfreetosupportaNIC.Anetworkinterfaceadapterrequiresafree interruptrequestline(IRQ)andusuallyeitheranI/Oportaddress,amemoryaddress,or both.WhenevaluatingNICs,youmusttakeintoaccountboththeresourcerequirements oftheNICandtheresourcesavailableonthecomputer.OnaPCwithalotofperipheral devicesalreadyinstalled,mostoftheIRQsmayalreadybeinuse,andaddingaNICmay bedifficult.ThisisbecauseaNICmaybeabletouseonlyaselectfewofthesystem’s IRQs,andifallofthoseIRQsareoccupied,thecardcannotfunction.Twodevices configuredtousethesameresourcewillsometimesconflict,causingbothtomalfunction. Insomecases,however,it’spossiblefortwodevicestoshareanIRQ.Tofreeuponeof theIRQsusablebytheNIC,youmayhavetoconfigureanotherdevicetouseadifferent IRQ.Thus,youhavetoconsidernotonlythenumberofavailableIRQsonthecomputer butalsowhichonesareavailable.Thesameistruefortheotherresourcesrequiredbythe card. ManyolderNICssupportedonlytwoorthreeIRQsandotherresources,and configuringthedevicesinthecomputerwasamanualtrial-and-errorprocess.System administratorscouldspendhourstryingdifferentcombinationsofhardwaresettingsfor thecomponentsinasinglecomputerbeforefindingonethatenabledallofthedevicesto functionsimultaneously.Today,however,NICsaregenerallymoreflexibleandsupporta widerrangeofresourcesettings.Inaddition,theBIOSandtheoperatingsystemofa modernPChavefeaturesthatsimplifytheprocessofconfiguringperipheraldevicesto worktogether. Plug-and-play,whenitfunctionsproperly,eliminatestheneedtoworryabout hardwareresourceconfigurationforperipheraldevices.WhenasystemhasaBIOS,an operatingsystem,andhardwarethatallsupporttheplug-and-playstandard,thecomputer assignshardwareresourcestoeachdevicedynamicallywhenthesystemstarts.When plug-and-playisnotsupportedforaparticulardevicesuchasaNIC,operatingsystems (suchasMicrosoftWindows)providetoolsthatcanidentifythefreeresourcesinthe machineandindicatewhethertheNIC’scurrentconfigurationconflictswithanyother devicesinthesystem. Thus,whenselectingNICs,youshouldbeconsciousofthehardwareresourcesinuse onthecomputersthatwillusethem.WhenusingNICsandcomputersofrecent manufacture,thisisrarelyaproblem.However,acomputerwithalotofinstalled peripheralsmaybeunabletosupportanadditionalcardwithoutremovingoneofthe existingcomponents.Inothercases,youmayhavetoreconfigureotherdevicestosupport theadditionofaNIC.MostNICmanufacturerspublishspecificationsheets(often availableontheirwebsites)thatlistthehardwareresourcestheirNICscanuse.By comparingthisinformationtothecurrentconfigurationofaPC,youcandetermine whetherthecomputerhastheresourcestosupporttheNIC. PowerRequirements Thepowersuppliesintoday’scomputersusuallyprovidemorethanenoughvoltageto supportafullloadofexpansioncardsandotherinternalperipherals.However,ifyou’re runningasystemwithalargenumberofinternaldevices,youmaywanttocomparethe powerloadincurredbythesedeviceswiththevoltagefurnishedbythecomputer’spower supplybeforeyouinstallaNIC.Becausethepowerdrainofmechanicaldrivesvaries dependingonhowoftenandhowheavilythey’reused,asystemputtingoutinsufficient powertosupportitshardwareloadmayexperienceintermittentproblemsthataredifficult todiagnose.Whatmayseemtobeafaultydrivemay,infact,betheeffectofan insufficientpowersupplyforthehardware. Servervs.WorkstationNICs TheNICsinserversandworkstationsperformthesamebasicfunctions,andyetthereare cardsonthemarketthataretargetedspecificallyforuseinservers.SomeoftheseNICs useprotocols,suchasGigabitEthernet,thatareintendedprimarilyforserversbecause theircostandcapabilitiesmakethemimpracticalforuseindesktopworkstations.Others, however,areNICsthatusestandardprotocolsbutthatcontainadditionalfeaturestomake themmoreusefulinservers.Naturally,theseextrafeaturesdrivethepriceoftheNICup considerably,anditisuptoyoutodecidewhethertheyareworththeextraexpense. Today,serverNICsaremoresophisticatedandperformmanyfunctions.Advances suchasflexibleLANsonmotherboard(LOMs)andsmartNICscanusetheirown onboardprocessorstoprovidefunctionalitiessuchasencryption/decryption,firewall, TCP/IPoffloadengine(TOE),iSCSI,andremotedirectmemoryaddress.Understanding thesecontemporaryNICtechnologiesiscriticalintheadventofvirtualizationandcloud computing. CHAPTER 4 NetworkInterfaceAdaptersand ConnectionDevices Originally,LANsconsistedofnothingmorethancomputersandcables,butasthe technologyevolved,moreequipmentwasrequired.Astheearlycoaxialcablenetworks grewtospanlongerdistances,devicescalledrepeaterswereaddedtoboostthesignals. Later,whenthedominantmediumforEthernetnetworksshiftedfromcoaxialto unshieldedtwisted-pair(UTP)cable,hubsbecameanessentialnetworkcomponent.As networksgrewfromtoolsforlocalizedworkgroupstocompanywideresources, componentssuchasbridges,switches,androutersweredevelopedinordertocreatelarger networks.Usingthesedevicesmakesitpossibletobuildnetworksthatspanlonger distances,supportmorecomputers,andprovideincreasedbandwidthforeachsystemon thenetwork.Thischapterexaminesthefunctionsofthesedevicesandhowyoucan integratethemintoyournetworkinfrastructure. Today,awidevarietyofdevicesareusedinnetworking.Manyofthefollowingitems areconsideredlegacydevices,inthattheyarenolongerusedinnetworksbuilttoday. However,youmaystillencountertheminoldersystems. Repeaters Asasignaltravelsoveracable,thenaturalresistanceofthemediumcausesittogradually weakenuntilitisnolongerviable.Thelongerthecable,theweakerthesignalgets.This weakeningiscalledattenuation,anditisaproblemthataffectsalltypesofcabletosome degree.Theeffectofattenuationisdependentonthetypeofcable.Coppercable,for example,ismuchmorepronetoattenuationthanfiber-opticcable.Thisisonereasonwhy fiber-opticcablesegmentscanbemuchlongerthancopperones. WhenbuildingaLAN,thestandardforthedatalinklayerprotocolyouintendtouse containsspecificationsforthetypesofcableyoucanuseandtheguidelinesforinstalling them.Theseguidelinesinclude,amongotherthings,theminimumandmaximumlengths forthecablesconnectingthecomputers.Thecable’sattenuationrateisoneofthemost importantfactorsaffectingthemaximumcablelength.Whenyouhavetorunacable acrossalongerdistancethanisspecifiedinthestandard,youcanusearepeatertoamplify thesignal,enablingittotravelgreaterdistanceswithoutattenuatingtothepointofbeing unreadablebythedestinationsystem.Initssimplestform,arepeaterisanelectrical deviceusedonacopper-basednetworkthatreceivesasignalthroughonecable connection,amplifiesit,andtransmitsitoutthroughanotherconnection. Repeaterswerefirstusedindatanetworkingtoexpandthelengthofcoaxialcable segmentsonEthernetnetworks.Onacoaxialnetwork,suchasathinorthickEthernet LAN,astand-alonerepeaterenablesyoutoextendthemaximumbuslengthpast185 meters(forthinEthernet)or500meters(forthickEthernet).Thistypeofrepeateris simplyasmallboxwithtwoBNCconnectorsonitandapowercable.UsingTconnectors andterminators,youconnecttwocablesegmentstotherepeaterandtherepeatertoa powersource.Signalsenteringeitheroneofthetwoconnectorsareimmediatelyamplified andtransmittedoutthroughtheotherconnector.Onmostnetworkstoday,itisraretoseea stand-alonerepeaterbecausethisfunctionisbuiltintoanotherdevice,suchasahubora switch. Becauseitsfunctionispurelyelectrical,thistypeofrepeaterfunctionedatthe network’sphysicallayeronly.Therepeatercannotreadthecontentsofthepackets travelingoverthenetworkorevenknowthattheyarepackets.Thedevicesimply amplifiedtheincomingelectricalsignalsandpassedthemon.Repeatersarealsoincapable ofperforminganysortoffiltrationonthedatatravelingoverthenetwork.Asaresult,two cablesegmentsjoinedbyarepeaterformasinglecollisiondomainandthereforeasingle network. Hubs Ahubisadevicethatfunctionsasthecablingnexusforanetworkthatusesthestar topology.Eachcomputerhasitsowncablethatconnectstothecentralhub.The responsibilityofthehubistoseetoitthattrafficarrivingoveranyofitsportsis propagatedoutthroughtheotherports.Dependingonthenetworkmedium,ahubmight useelectricalcircuitry,opticalcomponents,orothertechnologiestodisseminatethe incomingsignaloutamongtheoutgoingports.Afiber-optichub,forexample,actually usesmirrorstosplitthelightimpulses. Thehubitselfisabox,eitherfreestandingorrack-mounted,withanumberofportsto whichthecablesconnect.TheportscanbethestandardRJ-45connectorsusedbytwistedpairnetworks,STconnectorsforfiber-opticcable,oranyothertypeofconnectorusedon astarnetwork.Inmanycases,hubsalsohaveoneormoreLEDsforeachportthatlightup toindicatewhenadeviceisconnectedtoit,whentrafficispassingthroughtheport,or whenacollisionoccurs. ThetermhuborconcentratorisusedprimarilyinreferencetoEthernetnetworks;the equivalentdeviceonaTokenRingnetworkiscalledamultistationaccessunit(MAU). Otherprotocolstypicallyuseoneortheotheroftheseterms,dependingonthemedia accesscontrol(MAC)mechanismtheprotocoluses.Theinternalfunctionsofhubsand MAUsareverydifferent,buttheyservethesamebasicpurpose:toconnectacollectionof computersandotherdevicesintoasinglecollisiondomain. PassiveHubs Unlikestand-alonerepeaters,whichwereallessentiallythesame,manydifferenttypesof hubsexistwithdifferentcapabilities.Atitssimplest,ahubsuppliescableconnectionsby passingallthesignalsenteringthedevicethroughanyportoutthroughalltheotherports. Thisisknownasapassivehubbecauseitoperatesonlyatthephysicallayer,hasno intelligence,anddoesnotamplifyormodifythesignalinanyway.Thistypeofhubwasat onetimeusedonARCnetnetworks,butitisalmostneverusedonnetworkstoday. Repeating,Active,andIntelligentHubs ThehubsusedonEthernetnetworkspropagatedreceivedsignalsthroughanyoftheir portsoutthroughalloftheotherportsinthedevicesimultaneously.Thiscreatesashared networkmediumandjoinsthenetworkedcomputersintoasinglecollisionandbroadcast domain,justasiftheywereconnectedtothesamecable,asonacoaxialEthernetnetwork. Ethernethubsalsosupplyrepeatingfunctionalitybyamplifyingtheincomingsignalsas theypropagatethemtotheotherports.Infact,Ethernethubsweresometimesreferredto asmultipointrepeaters.Unlikeapassivehub,arepeating(oractive)hubrequiresapower sourcetoboostthesignal.Thedevicestilloperatesatthephysicallayer,however,because itdealsonlywiththerawsignalstravelingoverthecables. Somehubsgobeyondrepeatingandcanrepairandretimethesignalstosynchronize thetransmissionsthroughtheoutgoingports.Thesehubsuseatechniquecalledstoreand forward,whichinvolvesreadingthecontentsofthepacketstoretransmitthemover individualportsasneeded.Ahubwiththesecapabilitiescanlowerthenetwork performanceforthesystemsconnectedtoitbecauseofprocessingdelays.Atthesame time,packetlossisdiminished,andthenumberofcollisionsisreduced. AnEthernethubconnectsallofyourcomputersintoasinglecollisiondomain,which isnotaproblemonasmallnetwork.Largernetworksconsistofmultiplenetwork segmentsconnectedbyothertypesofdevices,suchasbridges,switches,orrouters. BecauseanEthernethubalsofunctionsasarepeater,eachofthecablesconnectingthe hubtoacomputercanbethemaximumlengthallowedbytheprotocolstandard.For EthernetrunningonUTPcable,themaximumlengthis100meters. UsingmultiplehubsonasingleLANispossiblebyconnectingthemtogethertoform ahierarchicalstarnetwork,asshowninFigure4-1.Whenyoudothisusingstandard repeatinghubs,allthecomputersremaininthesamecollisiondomain,andyoumust observetheconfigurationguidelinesforthedatalinklayerprotocolusedonthenetwork. Justaswiththestand-alonerepeatersdiscussedearlierinthischapter,thepathbetween anytwomachinesona10MbpsEthernetnetworkcannotincludemorethanfourrepeaters (hubs).FastEthernetnetworkstypicallysupportonlytwohubs. Figure4-1Thisstarnetworkusesmultiplehubstoexpandthecollisiondomain. Intelligenthubsareunitsthathavesomeformofintegratedmanagementcapability.A basicrepeatinghubisessentiallyanelectricaldevicethatpropagatesincomingpacketsto allavailableportswithoutdiscrimination.Intelligenthubsdothesamething,buttheyalso monitortheoperationofeachport.Themanagementcapabilitiesvarywidelybetween products,butmanyintelligenthubsusetheSimpleNetworkManagementProtocol (SNMP)tosendinformationtoacentralizednetworkmanagementconsole.Otherdevices mightuseaterminaldirectlyconnectedtothehuboranHTMLinterfaceeasilyaccessed fromtheInternetfromanywhereonthenetwork. Theobjectofthemanagementcapabilityistoprovidethenetworkadministratorwith acentralizedsourceofinformationaboutthehubsandthesystemsconnectedtothem. Thiseliminatestheneedforthestaffsupportingalargenetworktogorunningtoeach wiringclosetlookingforthehuborsystemcausingaproblem.Themanagementconsole typicallydisplaysagraphicalmodelofthenetworkandalertstheadministratorwhena problemorfailureoccursonanysystemconnectedtothehub. Onsmallernetworks,thiscapabilityisn’tneeded,butwhenyou’remanagingan enterprisenetworkwithhundredsorthousandsofnodes,atechnologythatcantellyou exactlywhichoneofthehubportsismalfunctioningcanbehelpful.Thedegreeof intelligencebuiltintoahubvariesgreatlywiththeproduct.Mostdeviceshavesufficient intelligencetogobeyondthedefinitionofahubandprovidebridging,switching,or routingfunctions. CollisionDomainsandBroadcastDomains Acollisiondomainisagroupofcomputersconnectedbyanetworksothatifany twocomputerstransmitatthesametime,acollisionbetweenthetransmittedpackets occurs,causingthedatainthepacketstobedamaged.Thisisincontrasttoa broadcastdomain,whichisagroupofcomputersnetworkedtogetherinsuchaway thatifonecomputergeneratesabroadcasttransmission,alloftheothercomputersin thegroupreceiveit.Thesetwoconceptsarethetestsusedtodefinethefunctionality ofnetworkconnectiondevices(suchasrepeaters,hubs,bridges,switches,and routers)andareusedrepeatedlyinthischapter.Otherfactorsbesidesattenuation limitthemaximumdistanceanetworksignalcantravel.OnanEthernetnetwork,for example,thefirstbitofapacketbeingtransmittedbyonecomputermustreachall theothercomputersonthelocalnetworkbeforethelastbitistransmitted.Therefore, youcannotextendanetworksegmentwithoutlimitbyaddingmultiplerepeaters.A 10MbpsEthernetnetworkcanhaveuptofivecablesegmentsconnectedbyfour repeaters.FastEthernetnetworksaremorelimited,allowingamaximumofonlytwo repeaters. TokenRingMAUs TokenRingnetworksusehubsaswell,althoughtheycallthemmultistationaccessunits. WhiletheMAU,toallexternalappearances,performsthesamefunctionasanEthernet hub,itsinternalworkingsarequitedifferent.Insteadofpassingincomingtraffictoallthe otherportsatonetime,likeinanEthernethub,theMAUtransmitsanincomingpacket outthrougheachportinturn,oneatatime.Aftertransmittingapackettoaworkstation, theMAUwaitsuntilthatpacketreturnsthroughthesameportbeforeittransmitsitoutthe nextport.Thisimplementsthelogicalringtopologyfromwhichtheprotocolgetsits name. MAUscontainswitchesthatenablespecificportstobeexcludedfromtheringinthe eventofafailureofsomekind.Thispreventsamalfunctioningworkstationfrom disturbingthefunctionalityoftheentirering.MAUsalsohavering-inandring-outports thatyoucanusetoenlargetheringnetworkbyconnectingseveralMAUs. NOTESeeChapter12formoreinformationonnetworkprotocols. HubConfigurations Hubsareavailableinawidevarietyofsizesandwithmanydifferentfeatures,ranging fromsmall,simpledevicesdesignedtoserviceahandfulofcomputerstohugerackmountedaffairsforlarge,enterprisenetworks.Hubdesignsfallintothreecategories,as follows: •Stand-alonehubs •Stackablehubs •Modularhubs Astand-alonehubisausuallyasmallboxaboutthesizeofapaperbackbookthathas anywherefrom4to16portsinit.Asthenameimplies,thedeviceisfreestanding,hasits ownpowersource,andcaneasilyfitonorunderadesk.Four-orfive-porthubscanwork forhomenetworksorforprovidingquick,adhocexpansionstoalargernetwork.Larger unitscansupportmoreconnectionsandoftenhaveLEDsthatindicatethepresenceofa linkpulsesignalontheconnectedcableand,possibly,theoccurrenceofacollisiononthe network. Despitethename,astand-alonehubusuallyhassomemechanismforconnectingwith otherhubstoexpandthenetworkwithinthesamecollisiondomain.Thefollowing sectionsexaminehowthemostcommonmechanismsareusedforthispurpose. TheUplinkPort Thecablesusedonatwisted-pairnetworkarewiredstraightthrough,meaningthateach oftheeightpinsontheRJ-45connectorononeendofthecableiswiredtothe correspondingpinontheotherend.UTPnetworksuseseparatewirepairswithinthecable fortransmittingandreceivingdata.ForaUTPconnectionbetweentwocomputersto function,however,thetransmitcontactsoneachsystemmustbeconnectedtothereceive contactsontheother.Therefore,acrossovermustexistsomewhereintheconnection,and traditionallythisoccursinthehub,asshowninFigure4-2.Thepinsineachofahub’s portsareconnectedtothoseofeveryotherportusingcrossovercircuitsthattransposethe transportdata(TD)andreceivedata(RD)signals.Withoutthiscrossovercircuit,the transmitcontactsonthetwosystemsareconnected,asarethereceivecontacts,preventing anycommunicationfromtakingplace. Figure4-2Hubsthatcontaincrossovercircuitsallowcablestobewiredstraightthrough. NOTESeemoreinformationoncablinginChapter5. Manyhubshaveaportthatbypassesthecrossovercircuit,whichyoucanuseto connecttoanotherhub.Thisportistypicallylabeleduplinkandmayormaynothavea switchthatenablesyoutospecifywhethertheportshouldbecrossedoverorwired straightthrough.lfyouhavemorethanonehubonyoursystem,youconnectthemusing theuplinkportononehubonlyandastandardportontheother.lfyouconnecttwohubs usingtheuplinkportsonbothdevices,thetwocrossoverswouldcanceleachotherout, andtheconnectionbetweenacomputerattachedtoonehubandacomputerattachedto theotherwouldbetheequivalentofastraight-throughconnection.Ifahubdoesnothave anuplinkport,youcanstillconnectittoanotherhubusingastandardportandacrossover cable,whichisacablethathasthetransmitpinsoneachendwireddirectlytothereceive pinsontheotherend.Youtypicallyusetheuplinkporttoconnecthubswhenthey’re locatedsomedistanceawayfromeachotherandyouwanttousethesamecablemedium throughoutthenetwork.Whenyouareevaluatinghubs,beingawareofjusthowmany hubportsareavailableforworkstationconnectionsisimportant.Adeviceadvertisedasan eight-porthubmayhavesevenstandardportsandoneuplinkport,leavingonlyseven connectionsforcomputers.Nomatterwhatthesizeofthenetwork,purchasinghubswith afewportsmorethanyouneedrightnow,forexpansionpurposes,isalwaysagoodidea. Whenyouhaveseveral10Base-TEthernethubsconnectedinahierarchicalstar topologyusingtheiruplinkports,eachlengthofcableisaseparatesegment.Becausethe Ethernetguidelinesallowthepathfromonesystemtoanothertotravelacrossonlyfive segments,connectedbyfourrepeaters,youarelimitedtofourhubsonanyparticular LAN. Asyouexpandthistypeofnetworkfurther,youmayrunintoanotherEthernet limitationnotyetmentioned.Thebusconnectingthehubsiscalledamixingsegment becauseithasmorethantwodevicesconnectedtoit.Asegmentthatconnectsonlytwo devices,suchastheUTPcableconnectinghubsthroughtheuplinkport,iscalledalink segment.Ofthefivesegmentspermittedona10BaseTLAN,onlythreeofthesecanbe mixingsegments.Thisguideline,statingthatyoucanconnectuptofivesegmentsusing fourrepeatersandthatnomorethanthreeofthesegmentscanbemixingsegments,is knownastheEthernet5-4-3rule. StackableHubs Asyoumoveupthescaleofhubsizeandcomplexity,youfindunitscalledstackablehubs thatprovidegreaterexpandability.Asthenameimplies,thesehubshavecasesdesignedto stackoneontopoftheother,butthisisnottheonlydifference.Unlikestand-alonehubs, whichcanbelocatedindifferentroomsorfloorsandstillconnectedtogether,stackable hubsaretypicallylocatedinadatacenterorwiringclosetandareconnectedtogetherwith shortcables. Whenyouconnectstackablehubs,theyformwhatisfunctionallyasinglelargerhub. Thecablesconnectingtheunitsdonotformseparatesegments,soyoucanhavemorethan fourhubsinterconnected.Inaddition,thesedevicescansharetheircapabilities.Asingle intelligenthubunitcanmanageitsownports,aswellasthoseofalltheotherunitsinthe array. Stackablehubshavetheirownpowersuppliesandcanfunctionindependently,thus providingamuchmoreexpandableenvironmentthanstand-alonehubs.Youcanstartwith asingleunit,withoutincurringthemajorexpenseofachassis(likethatusedbymodular hubs),andconnectadditionalunitsasthenetworkgrows. ModularHubs Modularhubsaredesignedtosupportthelargernetworksandprovidethegreatestamount ofexpandabilityandflexibility.Amodularhubconsistsofachassisthatisnearlyalways mountedinastandard19-inchequipmentrackandcontainsseveralslotsintowhichyou plugindividualcommunicationsmodules.Thechassisprovidesacommonpowersource forallthemodules,aswellasaback-planethatenablesthemtocommunicatewitheach other.Themodulescontaintheportstowhichyouconnectthecomputercables.Whenyou plugmultiplemodulesintothechassis,theybecome,ineffect,asinglelargehub. Bridges AbridgeisanotherdeviceusedtoconnectLANcablesegments,butunlikehubs,bridges operateatthedatalinklayeroftheOSImodelandareselectiveaboutthepacketsthatpass throughthem.Repeatersandhubsaredesignedtopropagateallthenetworktrafficthey receivetoalloftheconnectedcablesegments.Abridgehastwoormorenetwork interfaces(completewiththeirownMACaddresses)withtheirportsconnectedto differentcablesegmentsandoperatinginpromiscuousmode. NOTEIfacomputerisinpromiscuousmode,itcouldmeanthenetworkor thatcomputerhasbeenaccessedillegally. Promiscuousmodemeansthattheinterfacesreceiveallofthepacketstransmittedon theconnectedsegments.Aseachpacketentersthebridge,thedevicereadsitsdestination addressinthedatalinklayerprotocolheaderand,ifthepacketisdestinedforasystemon anothersegment,forwardsthepackettothatsegment.lfthepacketisdestinedfora systemonthesegmentfromwhichitarrived,thebridgediscardsthepacketbecauseithas alreadyreacheditsdestination.Thisprocessiscalledpacketfiltering.Packetfilteringis oneofthefundamentalprinciplesusedbynetworkconnectiondevicestoregulatenetwork traffic.Inthiscase,thepacketfilteringisoccurringatthedatalinklayer,butitcanalso occuratthenetworkandtransportlayers. Justtheabilitytoreadthecontentsofapacketheaderelevatesabridgeabovethelevel ofahuborrepeater,bothofwhichdealonlywithindividualsignals.However,aswitha huborrepeater,thebridgemakesnochangesinthepacketwhatsoeverandiscompletely unawareofthecontentswithinthedatalinklayerframe.InChapter2,theprotocol operatingattheOpenSystemsInterconnection(OSI)model’sdatalinklayerwas comparedtoapostalsystem,inwhicheachpacketisapieceofmailandthedatalink layerframefunctionsastheenvelopecontainingthedatageneratedbytheupperlayers. Toextendthatanalogy,thebridgeisabletoreadtheaddressesonthepacketenvelopes, butitcannotreadthelettersinside.Asaresult,youdon’thavetoconsidertheprotocols runningatthenetworklayerandaboveatallwhenevaluatingorinstallingbridges. Byusingpacketfiltering,thebridgereducestheamountofexcesstrafficonthe networkbynotpropagatingpacketsneedlessly.Broadcastmessagesareforwardedtoall oftheconnectedsegments,however,makingitpossibletouseprotocolsthatrelyon broadcastswithoutmanualsystemconfiguration.Unlikearepeaterorhub,however,a bridgedoesnotrelaydatatotheconnectedsegmentsuntilithasreceivedtheentirepacket. (Remember,hubsandrepeatersworkwithsignals,whilebridgesworkwithpackets.) Becauseofthis,twosystemsonbridgedsegmentscantransmitsimultaneouslywithout incurringacollision.Thus,abridgeconnectsnetworksegmentsinsuchawayastokeep theminthesamebroadcastdomainbutindifferentcollisiondomains.Thesegmentsare stillconsideredtobepartofthesameLAN,however. If,forexample,youhaveaLANthatisexperiencingdiminishedperformancebecause ofhighlevelsoftraffic,youcansplititintotwosegmentsbyinsertingabridgeatthe midpoint.Thiswillkeepthelocaltrafficgeneratedoneachsegmentlocalandstillpermit broadcastsandothertrafficintendedfortheothersegmenttopassthrough.OnanEthernet network,reducingtrafficinthiswayalsoreducesthenumberofcollisions,whichfurther increasesthenetwork’sefficiency.Bridgesalsoprovidethesamerepeatingfunctionsasa hub,enablingyoutoextendthecablelengthaccordingly. Bridgeshavemainlybeenreplacedbyroutersandswitches,whicharecoveredlaterin thischapter.Today,bridgesareusedprimarilyinwirelessconfigurations.SeeChapter6 forinformationaboutwirelessLANs. TheSpanningTreeProtocol Toaddresstheproblemofendlessloopsandbroadcaststormsonnetworkswith redundantbridging,theDigitalEquipmentCorporationdevisedthespanningtree algorithm(STA),whichpreservesthefaulttoleranceprovidedbytheadditional bridges,whilepreventingtheendlessloops.STAwaslaterrevisedbytheInstituteof ElectricalandElectronicEngineers(IEEE)andstandardizedasthe802.1d specification. Thealgorithmworksbyselectingonebridgeforeachnetworksegmentthathas multiplebridgesavailable.Thisdesignatedbridgetakescareofallthepacket filteringandforwardingtasksforthesegment.Theothersremainidlebutstandready totakeovershouldthedesignatedbridgefail. Duringthisselectionprocess,eachbridgeisassignedauniqueidentifier(using oneofthebridge’sMACaddresses,plusapriorityvalue),asiseachindividualport oneachbridge(usingtheport’sMACaddress).Eachportisalsoassociatedwitha pathcost,whichspecifiesthecostoftransmittingapacketontotheLANusingthat port.Pathcoststypicallycanbespecifiedbyanadministratorwhenareasonexiststo preferoneportoveranother,ortheycanbelefttodefaultvalues. Onceallthecomponentshavebeenidentified,thebridgewiththelowest identifierbecomestherootbridgefortheentirenetwork.Eachoftheotherbridges thendetermineswhichofitsportscanreachtherootbridgewiththelowestcost (calledtherootpathcost)anddesignatesitastherootportforthatbridge. Finally,foreachnetworksegment,adesignatedbridgeisselected,aswellasa designatedportonthatbridge.Onlythedesignatedportonthedesignatedbridgeis permittedtofilterandforwardthepacketsforthatnetworksegment.Theother (redundant)bridgesonthatsegmentremainoperative—incasethedesignatedbridge shouldfail—butareinactiveuntiltheyareneeded.Nowthatonlyonebridgeis operatingoneachsegment,packetscanbeforwardedwithoutloopsforming. Toperformthesecalculations,bridgesmustexchangemessagesamong themselves,usingamessageformatdefinedinthe802.1dstandard(seeFigure4-3). Thesemessagesarecalledbridgeprotocoldataunits(BPDUs). Figure4-3Theformatofthedatamessageusedwhencomputingthespanningtreeprotocolalgorithm Foreachcriterion,alowervalueisbetterthanahigherone.Ifabridgereceivesa BPDUmessagewithbettervaluesthanthoseinitsownmessages,itstops transmittingBPDUsovertheportthroughwhichitarrived—ineffectrelinquishing itsdutiestothebridgebettersuitedforthejob.Thebridgealsousesthevaluesinthat incomingBPDUtorecalculatethefieldsofthemessagesitwillsendthroughthe otherports. NOTEThespanningtreealgorithmmustcompletebeforethebridges beginforwardinganynetworktraffic. Oncethespanningtreealgorithmhasdesignatedabridgeforeachnetwork segment,itmustalsocontinuetomonitorthenetworksothattheprocesscanbegin againwhenabridgefailsorgoesoffline.Allofthebridgesonthenetworkstorethe BPDUsthey’vereceivedfromtheotherbridgesandtracktheirages.Onceamessage exceedsthemaximumallowableage,itisdiscardedandthespanningtreemessage exchangesbeginagain. Today,avariationofSTPcalledRapidSpanningTreeProtocol(RSTP)is recommendedandhasbeenaddedasIEEE802.1w,whichhasbecomethestandard. TheconvergencetimeforlegacySTP(IEEE802.1d),whichisthegapwhennetwork bridgesandswitchesarenotforwardinganytraffic,isabout30to50seconds.In modernnetworks,thisconvergencetimegapissueisunacceptable.RSTP(IEEE 802.1w)addressestheproblem.Thisnewstandardenablesrootportsanddesignated portstoforwardtrafficinafewseconds. TransparentBridging Tofilterthepacketsreachingiteffectively,abridgehastoknowwhichsystemsare locatedonwhichnetworksegmentssoitcandeterminewhichpacketstoforwardand whichtodiscard.Thebridgestoresthisinformationinanaddresstablethatisinternalto theunit.Originally,networkadministratorshadtocreatetheaddresstableforabridge manually,buttoday’sbridgescompiletheaddresstableautomatically,aprocesscalled transparentbridging. Assoonasatransparentbridge(alsoknownasalearningbridge)isconnectedtothe networksegments,itbeginstocompileitsaddresstable.Byreadingthesourceaddresses inthearrivingpacketsandnotingtheinterfaceoverwhichtheyarrived,thebridgecan buildatableofnodeaddressesforeachsegmentconnectedtoit. Toillustrate,pictureanetworkcomposedofthreesegments(A,B,andC),all connectedtoalocalbridge,asshowninFigure4-4.Whenthebridgeisfirstactivated,it receivesapacketfromNode1overtheinterfacetoNetworkAthatisdestinedforNode2 onNetworkB.BecausethebridgenowknowsNode1islocatedonNetworkA,itcreates anentryinitstableforNetworkAthatcontainsNode1’sMACaddress. Figure4-4Atransparentbridgeforwardspacketsbasedonaddresstablesitcompilesfrompreviouslytransmitted packets. Atthistime,thebridgehasnoinformationaboutNode2andthesegmentonwhich it’slocated,soittransmitsitspacketouttoNetworksBandC—thatis,allofthe connectedsegmentsexcepttheonefromwhichthepacketarrived.Thisisthedefault behaviorofabridgewheneveritreceivesapacketdestinedforasystemnotinitstables.It transmitsthepacketoveralloftheothersegmentstoensurethatitreachesitsdestination. OnceNode2receivesthepacket,ittransmitsareplytoNode1.BecauseNode2is locatedonNetworkB,itsreplypacketarrivesatthebridgeoveradifferentinterface.Now thebridgecanaddanentrytoitstableforNetworkBcontainingNode2’saddress.On examiningthepacket,thebridgelooksforthedestinationaddressinitstablesand discoversthattheaddressbelongstoNodel,onNetworkA.Thebridgethentransmitsthe packetovertheinterfacetoNodeAonly. Fromthispointon,whenanyothersystemonNetworkAtransmitsapackettoNodel, thebridgeknowstodiscarditbecausethereisnoneedtopassitalongtotheother segments.However,thebridgestillusesthosepacketstoaddthetransmittingstationsto itsaddresstableforNetworkA. Eventually,thebridgewillhaveaddresstableentriesforallthenodesonthenetwork, anditcandirectalloftheincomingpacketstotheappropriateoutgoingports. BridgeLoops Whenthesegmentsofanetworkareconnectedusingbridges,thefailureormalfunctionof abridgecanbecatastrophic.Forthisreason,administratorsoftenconnectnetwork segmentswithredundantbridgestoensurethateverynodecanaccesstheentirenetwork, evenifabridgeshouldfail. InFigure4-5,threesegmentsareconnectedbytwobridges.Ifoneofthebridgesfails, oneofthesegmentsiscutofffromtherestofthenetwork.Toremedythisproblemandto providefaulttolerance,youcanaddathirdbridgeconnectingthetwoendsegments,as showninFigure4-6.Thisway,eachsystemalwayshastwopossiblepathstotheother segments. Figure4-5Wheneachsegmentisconnectedtotheothersusingonebridge,asinglepointoffailureiscreated. Figure4-6Connectingeachsegmenttotwobridgesprovidesfaulttolerance. Installingredundantbridgescanbeagoodidea,butitalsoproduceswhatcanbea seriousproblem.Whenacomputer(Node1)islocatedonasegmentconnectedtotwo bridges,asshowninFigure4-7,bothofthebridgeswillreceivethefirstpacketthesystem transmitsandaddthemachine’saddresstotheirtablesforthatsegment,NetworkA.Both bridgeswillthentransmitthesamepacketontotheothersegment,NetworkB.Asaresult, eachbridgewillthenreceivethepacketforwardedbytheotherbridge.Thepacketheaders willstillshowtheaddressofNode1asthesource,butbothbridgeswillhavereceivedthe packetovertheNetworkBinterface.Asaresult,thebridgesmay(ormaynot)modify theiraddresstablestoshowNode1asbeingonNetworkB,notA.Ifthisoccurs,any subsequenttransmissionsfromNode2onNetworkBthataredirectedtoNode1willbe droppedbecausethebridgesthinkNode1isonNetworkB,whenitis,infact,onA. Figure4-7Redundantbridgesprovidefaulttolerance,buttheycanalsocreatebridgingloopsandbroadcaststorms. Theresultofthisoccurrenceislostdata(becausethebridgesareimproperlydropping frames)anddegradednetworkperformance.Eventually,theincorrectentriesinthe bridges’addresstableswillexpireorbemodified,butintheinterim,Node1iscutoff fromthesystemsontheothernetworksegments. Ifthisproblemisn’tbadenough,whathappenswhenNode1transmitsabroadcast messageisworse.BothofthebridgesforwardthepackettoNetworkB,whereitis receivedbytheotherbridge,whichforwardsitagain.Becausebridgesalwaysforward broadcastpacketswithoutfilteringthem,multiplecopiesofthesamemessagecirculate endlesslybetweenthetwosegments,constantlybeingforwardedbybothbridges.Thisis calledabroadcaststorm,anditcaneffectivelypreventallothertrafficonthenetwork fromreachingitsdestination. SourceRouteBridging SourceroutebridgingisanalternativetotransparentbridgingthatwasdevelopedbyIBM foruseonmultisegmentTokenRingnetworksandisstandardizedinIEEE802.5.Ona networkthatusestransparentbridging,thepathapackettakestoadestinationonanother segmentisdeterminedbythedesignatedbridgesselectedbythespanningtreealgorithm. Insourceroutebridging,thepathtothedestinationsystemisdeterminedbythe workstationandcontainedineachindividualpacket. Todiscoverthepossibleroutesthroughthenetworktoagivendestination,aToken RingsystemtransmitsanAllRingsBroadcast(ARB)framethatallthebridgesforwardto allconnectedrings.Aseachbridgeprocessestheframe,itaddsitsroutedesignator(RD), identifyingthebridgeandport,tothepacket.ByreadingthelistofRDs,bridgesprevent loopsbynotsendingthepackettothesamebridgetwice. Ifmorethanonerouteexiststothedestinationsystem,multipleARBswillarrive there,containinginformationaboutthevariousroutestheytook.Thedestinationsystem thentransmitsareplytoeachoftheARBsitreceives,usingthelistofRDstoroutethe packetbacktothesender. WhentheoriginalsenderoftheARBsreceivestheresponses,itselectsoneofthe routestothedestinationasthebestone,basedononeormoreofthefollowingcriteria: •Theamountoftimerequiredfortheexplorerframetoreturntothesender •Thenumberofhopsbetweenthesourceandthedestination •Thesizeoftheframethesystemcanuse Afterselectingoneoftheroutes,thesystemgeneratesitsdatapacketsandincludesthe routinginformationintheTokenRingframeheader. TheformatfortheARBpacketandforadatapacketcontainingroutinginformationis thesameasastandardIEEE802.5frame,exceptthatthefirstbitofthesourceaddress field,calledtheroutinginformationindicator(RII)bit,issettoavalueof1,indicating thatthepacketcontainsroutinginformation.Theroutinginformationitself,whichis nothingmorethanalistofthebridgesthepacketwillusewhentravelingthroughthe network,iscarriedthroughtheroutinginformationfield(RIF)thatappearsaspartofthe informationfield,justaftertheframe’ssourceaddressfield. TheRIFconsistsofa2-byteroutingcontrolsectionandanumberof2-byteroute designatorsections. Broadcastindicators(3bits)specifythetypeofroutingtobeusedbytheframe, accordingtothefollowingvalues: •NonbroadcastIndicatesthatthepacketcontainsaspecificroutetothe destinationintheroutedesignatorsectionsoftheRIFfield. •100:AllroutesbroadcastIndicatesthatthepacketshouldberouted throughallthebridgesonthenetwork(withouttraversingthesamebridgetwice) andthateachbridgeshouldaddaroutedesignatorsectiontotheRIFfield identifyingthebridgeandtheportontowhichitisbeingforwarded. •110:SingleroutebroadcastIndicatesthatthepacketshouldberoutedonly throughthebridgesdesignatedbythespanningtreealgorithmandthateach bridgeshouldaddaroutedesignatorsectiontotheRIFfieldidentifyingthebridge andtheportontowhichitisbeingforwarded. •Length(5bits)IndicatesthetotallengthoftheRIFfield,from2to30 bytes. •Directionbit(1bit)Specifiesthedirectioninwhichthepacketistraveling. Thevalueofthisbitindicateswhetherthetransmittingnodeshouldreadtheroute designatorsectionsintheRIFfieldfromlefttoright(0)orfromrighttoleft(1). •Largestframe(3bits)Indicatesthelargestframesizethatcanbe accommodatedbytheroute,calledthemaximumtransferunit(MTU).Initiallyset bythetransmittingsystem,abridgelowersthisvalueifitforwardsthepacket ontoasegmentthatsupportsonlysmallerframes.Thepermittedvaluesareas follows: •000indicatesaMACMTUof552bytes •001indicatesaMACMTUofl,064bytes •010indicatesaMACMTUof2,088bytes •011indicatesaMACMTUof4,136bytes •100indicatesaMACMTUof8,232bytes •Unused(4bits) TheIBMstandardforsourceroutebridgingoriginallyspecifiedamaximumof8route designatorsectionsinasinglepacket,buttheIEEE802.5standardallowsupto14.Each workstationmustmaintainitsownroutinginformationtoeachofthesystemswithwhich itcommunicates.ThiscanresultinalargenumberofARBframesbeingprocessedbya destinationsystembeforeitevenseesthefirstbyteofapplicationdata. BridgingEthernetandTokenRingNetworks Generallyspeaking,Ethernetnetworksusetransparentbridging,andTokenRingnetworks usesourceroutebridging.So,whathappenswhenyouwanttoconnectanEthernet segmenttoaTokenRingusingabridge?Theansweriscomplicatedbecausethetask presentsanumberofsignificantobstacles. Someofthefundamentalincompatibilitiesofthetwodatalinklayerprotocolsareas follows: •BitorderingEthernetsystemsconsiderthefirstbitofaMACaddresstobe thelow-orderbit,whileTokenRingsystemstreatthefirstbitasthehigh-orderbit. •MTUsizesEthernetframeshaveamaximumtransferunitsizeof1,500 bytes,whileTokenRingframescanbemuchlarger.Bridgesarenotcapableof fragmentingpacketsfortransferoverasegmentwithalowerMTUandthen reassemblingthematthedestination,likeroutersare.Atoo-largepacketarriving atabridgetoasegmentwithasmallerMTUcanonlybediscarded. •ExclusiveTokenRingfeaturesTokenRingnetworksuseframestatusbits, priorityindicators,andotherfeaturesthathavenoequivalentinEthernet. Inaddition,thetwobridgingmethodshavetheirownincompatibilities.Transparent bridgesneitherunderstandthespecialfunctionoftheARBmessagesusedinsourceroute bridgingnorcantheymakeuseoftheRIFfieldinTokenRingpackets.Conversely,source routebridgesdonotunderstandthespanningtreealgorithmmessagesgeneratedby transparentbridges,andtheydonotknowwhattodowhentheyreceiveframeswithno routinginformation. Twoprimarymethodsexistforovercomingtheseincompatibilities,neitherofwhichis anidealsolution: •Translationalbridging •Sourceroutetransparentbridging TranslationalBridging Intranslationalbridging,aspecialbridgetranslatesthedatalinklayerframesbetweenthe EthernetandTokenRingformats.Nostandardatallexistsforthisprocess,sothemethods usedbyindividualproductmanufacturerscanvarywidely.Somecompromiseisneededin thetranslationprocessbecausenowayexiststoimplementallthefeaturesfullyineachof theprotocolsandtobridgethosefeaturestoitscounterpart.Someofthetechniquesused invarioustranslationalbridgestoovercometheincompatibilitiesaredescribedinthe followingparagraphs. OneofthebasicfunctionsofthebridgeistomapthefieldsoftheEthernetframeonto theTokenRingframeandviceversa.Thebridgereversesthebitorderofthesourceand destinationaddressesforthepacketspassingbetweenthesegmentsandmayormaynot takeactionbasedonthevaluesofaTokenRingpacket’sframestatus,priority, reservation,andmonitorbits.Bridgesmaysimplydiscardthesebitswhentranslatingfrom TokenRingtoEthernetandsetredeterminedvaluesforthemwhentranslatingfrom EthernettoTokenRing. TodealwiththedifferentMTUsizesofthenetworksegments,atranslationbridgecan setthelargestframevalueintheTokenRingpacket’sRIFfieldtotheMTUforthe Ethernetnetwork(1,500bytes).AslongastheTokenRingimplementationsonthe workstationsreadthisfieldandadjusttheirframesizesaccordingly,noproblemshould occur,butanyframeslargerthantheMTUontheEthernetsegmentswillbedroppedby thebridgeconnectingthetwonetworks. Thebiggestdifferencebetweenthetwotypesofbridgingisthat,onEthernet networks,theroutinginformationisstoredinthebridges,whileonTokenRingnetworks, it’sstoredattheworkstations.Forthetranslationalbridgetosupportbothnetworktypes,it mustappearasatransparentbridgetotheEthernetsideandasourceroutebridgetothe TokenRingside. TotheTokenRingnetwork,thetranslationalbridgehasaringnumberandbridge number,justlikeastandardsourceroutebridge.Theringnumber,however,representsthe entireEthernetdomain,notjustthesegmentconnectedtothebridge.Aspacketsfromthe TokenRingnetworkpassthroughthebridge,theinformationfromtheirRIFfieldsis removedandcachedinthebridge.Fromthatpointon,standardtransparentbridginggets thepacketstotheirdestinationsontheEthernetnetwork. WhenapacketgeneratedbyanEthernetworkstationisdestinedforasystemonthe TokenRingnetwork,thetranslationalbridgelooksupthesysteminitscacheofRIF informationandaddsanRIFfieldtothepacketcontainingaroutetothenetwork,if possible.lfnorouteisavailableinthecacheorifthepacketisabroadcastormulticast, thebridgetransmitsitasasingle-routebroadcast. SourceRouteTransparentBridging IBMhasalsocomeupwithaproposedstandardthatcombinesthetwoprimarybridging technologies,calledsourceroutetransparent(SRT)bridging.Thistechnologyis standardizedinAppendixCoftheIEEE802.1ddocument.SRTbridgescanforward packetsoriginatingoneithersourceroutebridgingortransparentbridgingnetworks,using aspanningtreealgorithmcommontoboth.Thestandardspanningtreealgorithmusedby TokenRingnetworksforsingle-routebroadcastmessagesisincompatiblewiththe algorithmusedbyEthernet,asdefinedinthe802.1dspecification.Thisappendix reconcilesthetwo. SRTbridgesusethevalueoftheRIFbittodeterminewhetherapacketcontainsRlF informationand,consequently,whetheritshouldusesourcerouteortransparentbridging. Themixingofthetwotechnologiesisnotperfect,however,andnetworkadministrators mayfinditeasiertoconnectEthernetandTokenRingsegmentswithaswitchorarouter ratherthaneitheratranslationalorSRTbridge. Routers Intheprevioussections,youlearnedhowrepeaters,hubs,andbridgescanconnect networksegmentsatthephysicalanddatalinklayersoftheOSImodel,creatingalarger LANwithasinglecollisiondomain.Thenextstepupinthenetworkexpansionprocessis toconnecttwocompletelyseparateLANsatthenetworklayer.Thisisthejobofarouter. Routersaremoreselectivethanbridgesinthetraffictheypassbetweenthenetworks,and theyarecapableofintelligentlyselectingthemostefficientpathtoaspecificdestination. Becausetheyfunctionatthenetworklayer,routerscanalsoconnectdissimilarnetworks. Youcan,forexample,connectanEthernetnetworktoaTokenRingnetworkbecause packetsenteringarouterarestrippedoftheirdatalinklayerprotocolheadersastheypass uptheprotocolstacktothenetworklayer.Thisleavesaprotocoldataunit(PDU) encapsulatedusingwhatevernetworklayerprotocolisrunningonthecomputer.After processing,therouterthenencapsulatesthePDUinanewdatalinklayerheaderusing whateverprotocolisrunningontheothernetworktowhichtherouterisconnected. Routersareusedforbothhomesandbusinessnetworks.If,forexample,youuseyour homecomputertodialintoyoursystematworkandaccessresourcesontheoffice network,yourworkcomputerisfunctioningasarouter.Inthesameway,ifyousharean InternetconnectionwithsystemsonaLAN,themachineconnectedtotheInternetisa router.Arouter,therefore,canbeeitherahardwareorasoftwareentity,anditcanrange fromthesimpletotheextraordinarilycomplex. Routersareprotocolspecific;theymustsupportthenetworklayerprotocolusedby eachpacket.Byfar,themostcommonnetworklayerprotocolinusetodayistheInternet Protocol(IP),whichisthebasisfortheInternetandformostprivatenetworks. Acomputerthatisconnectedtotwoormorenetworksissaidtobeamultihomed system.MostWindowssystemstodayfunctionasroutersaswell.Whetherwiredor wireless,networkroutersworkatthenetworklayeroftheOSImodel. Mostoftheroutersusedonlargenetworks,though,arestand-alonedevicesthatare essentiallycomputersdedicatedtoroutingfunctions.Routerscomeinvarioussizes,from smallunitsthatconnectaworkgroupnetworktoabackbonetolarge,modular,rackmounteddevices.However,whileroutersvaryintheircapabilities,suchasthenumberof networkstowhichtheyconnect,theprotocolstheysupport,andtheamountoftrafficthey canhandle,theirbasicfunctionsareessentiallythesame. RouterApplications Althoughtheprimaryfunctionofarouteristoconnectnetworksandpasstrafficbetween them,routerscanfulfillseveraldifferentrolesinnetworkdesigns.Thetypeofrouterused foraspecificfunctiondeterminesitssize,cost,andcapabilities.Thesimplesttypeof routingarchitectureiswhenaLANmustbeconnectedtoanotherLANsomedistance away,usingawideareanetwork(WAN)connection.Abranchofficeforalarge corporation,forexample,mighthaveaWANconnectiontothecorporateheadquartersin anothercity(seeFigure4-8). Figure4-8WiredandwirelessroutersenabletheuseofwideareaconnectionstojointwoLANs. Tomakecommunicationsbetweenthenetworksinthetwoofficespossible,eachmust connectitsLANtoarouter,andthetworoutersarelinkedbytheWANconnection. TheWANconnectionmaytaketheformofaleasedtelephoneline,anIntegrated ServicesforDigitalNetwork(ISDN)connection,oradigitalsubscriberline(DSL) connection.Thetechnologyusedtoconnectthetwonetworksisirrelevant,aslongasthe routersinbothofficesareconnected.Routersarerequiredinthisexamplebecausethe LANandWANtechnologiesarefundamentallyincompatible.Youcan’trunanEthernet connectionbetweentwocities,norcanyouuseleasedtelephonelinestoconnecteach workstationtothefileserverinthenextroom. Inaslightlymorecomplicatedarrangement,asitewithalargernetworkmayhave severalLANs,eachofwhichisconnectedtoabackbonenetworkusingarouter.Here, routersareneededbecauseonesingleLANmaybeunabletosupportthenumberof workstationsrequired.Inaddition,theindividualLANsmaybelocatedinotherpartsofa buildingorinseparatebuildingsonthesamecampusandmayrequireadifferenttypeof networktoconnectthem.Connectionsbetweencampusbuildings,forexample,requirea networkmediumthatissuitableforoutdooruse,suchasfiber-opticcable,whiletheLANs ineachbuildingcanusemoreinexpensivecoppercabling.Routersareavailablethatcan connectthesedifferentnetworktypes,nomatterwhatprotocolstheyuse. Thesetwoexamplesofrouteruseareoftencombined.Alargecorporatenetwork usingabackbonetoconnectmultipleLANswillalmostcertainlywanttobeconnectedto theInternet.ThismeansthatanotherrouterisneededtosupportsometypeofWAN connectiontoanInternetserviceprovider(ISP).Usersanywhereonthecorporatenetwork canthenaccessInternetservices. Bothofthesescenariosuserouterstoconnectarelativelysmallnumberofnetworks, andtheyaredwarfedbytheInternet,whichisaroutednetworkcomposedofthousandsof networksallovertheworld.Tomakeitpossibleforpacketstotravelacrossthismazeof routerswithreasonableefficiency,ahierarchyofroutersleadsfromsmaller,localISPsto regionalproviders,whichinturngettheirservicefromlargenationalservices(seeFigure 4-9).TrafficoriginatingfromasystemusingasmallISPtravelsupthroughthisvirtual treetooneofthemainbackbones,acrosstheupperlevelsofthenetwork,andbackdown againtothedestination. Figure4-9AhierarchyofroutershelpsyouforwardtraffictoanylocationusingtheInternet. YoucanseetheroutethatpacketstakefromyourcomputerthroughtheInternettoa specificdestinationbyusingtheTracerouteutility.TheWindowscommandistracert.This command-lineutilitytakestheIPaddressorDNSnameyouspecifyandusesInternet ControlMessageProtocol(ICMP)messagestodisplaythenamesandaddressesofallthe intermediateroutersonthepathtothedestination.AtypicalTraceroutedisplaygenerated byaWindows8systemappearsinFigure4-10. Figure4-10AtypicalTracerouteinWindows8. RouterFunctions Thebasicfunctionofarouteristoevaluateeachpacketarrivingononeofthenetworksto whichitisconnectedandsenditontoitsdestinationthroughanothernetwork.Thegoalis fortheroutertoselectthenetworkthatprovidesthebestpathtothedestinationforeach packet.Apacketcanpassthroughseveraldifferentroutersonthewaytoitsdestination. Eachrouteronapacket’spathisreferredtoasahop,andtheobjectistogetthepacket whereit’sgoingwiththesmallestnumberofhops.Onaprivatenetwork,apacketmay needthreeorfour(ormore)hopstogettoitsdestination.OntheInternet,apacketcan easilypassthrough20ormoreroutersalongitspath. Arouter,bydefinition,isconnectedtotwoormorenetworks.Therouterhasdirect knowledgeaboutthosenetworksfortheprotocolsthatitsupports.If,forexample,a workstationonNetwork1(seeFigure4-11)transmitsapackettoasystemonNetwork2, therouterconnectingNetworks1,2,and3candirectlydeterminewhichofthetwo networks(2or3)containsthedestinationsystemandforwardthepacketappropriately. Figure4-11Routershavedirectknowledgeaboutthenetworkstowhichtheyareconnected. RoutingTables Therouterforwardspacketsbymaintainingalistofnetworksandhosts,calledarouting table.Forcomputerstocommunicateoveranetwork,eachmachinemusthaveitsown address.Inadditiontoidentifyingthespecificcomputer,however,itsaddressmust identifythenetworkonwhichit’slocated.OnTCP/IPnetworks,forexample,thestandard 32-bitIPaddressconsistsofanetworkidentifierandahostidentifier.Aroutingtable consistsofentriesthatcontainthenetworkidentifierforeachconnectednetwork(orin somecasesthenetworkandhostidentifiersforspecificcomputers).Whentherouter receivesapacketaddressedtoaworkstationonNetwork3,itlooksatthenetwork identifierinthepacket’sdestinationaddress,comparesittotheroutingtable,andforwards ittothenetworkwiththesameidentifier. Thisisarathersimpletask,aslongastherouterisconnectedtoalloftheLANson thenetwork.Whenanetworkislargerandusesmultiplerouters,however,nosinglerouter hasdirectknowledgeofalltheLANs.InFigure4-12,RouterAisconnectedtoNetworks 1,2,and3asbeforeandhastheidentifiersforthosenetworksinitsroutingtable,butit hasnodirectknowledgeofNetwork4,whichisconnectedusinganotherrouter. Figure4-12RouterAhasnodirectknowledgeofNetwork4becauseitisconnectedtoadifferentrouter. HowthendoesRouterAknowwheretosendpacketsthatareaddressedtoa workstationonadistantnetwork?Theansweristhatroutersmaintaininformationintheir routingtablesaboutothernetworksbesidesthosetowhichtheyaredirectlyattached.A routingtablemaycontaininformationaboutmanydifferentnetworksalloverthe enterprise.Onaprivatenetwork,itisnotuncommonforeveryroutertohaveentriesfor alloftheconnectednetworks.OntheInternet,however,therearesomanynetworksand somanyroutersthatnosingleroutingtablecancontainallofthemandfunction efficiently.Thus,arouterconnectedtotheInternetsendspacketstoanotherrouterthatit thinkshasbetterinformationaboutthenetworktowhichthepacketisultimatelydestined. WindowsRoutingTables EverycomputeronaTCP/IPnetworkhasaroutingtable,evenifitisconnectedtoonly onenetwork.Attheveryleast,theroutingtableidentifiesthesystem’sdefaultgateway andinstructsithowtohandletrafficsenttothelocalnetworkandtheloopbacknetwork address(127.0.0.0).AtypicalroutingtableforaWindowssystemappearsinFigure4-13. Figure4-13AtypicalroutingtableinaWindowssystem TodisplaytheroutingtableinaWindowsoraLinuxsystem,typerouteatacommand prompt.Youcanalsousenetstat–rninWindows,Linux,Unix,orMacOS. Theentriesinthetablerunhorizontally.Thefunctionoftheinformationineach columnisasfollows: •NetworkaddressSpecifiesthenetworkaddressforwhichrouting informationistobeprovided.Whilemostentrieshavenetworkaddressesinthis field,it’salsopossibletosupplyroutinginformationforaspecifichostaddress. Thisiscalledahostroute. •NetmaskSpecifiesthesubnetmaskusedtodeterminewhichbitsofthe networkaddressfunctionasthenetworkidentifier. •GatewaySpecifiestheIPaddressofthegateway(router)thesystemshould usetosendpacketstothenetworkaddress.Whentheentryisforanetworkto whichthesystemisdirectlyattached,thisfieldcontainstheaddressofthe system’snetworkinterface. •InterfaceSpecifiestheIPaddressofthenetworkinterfacethesystemshould usetosendtraffictothegatewayaddress. •MetricSpecifiesthedistancebetweenthesystemandthedestination network,usuallyintermsofthenumberofhopsneededfortraffictoreachthe networkaddress. NOTETCP/IPandInternetterminologyoftenusethetermgateway synonymouslywithrouter.Ingeneralnetworkingparlance,agatewayis anapplicationlayerinterfacebetweennetworksthatinvolvessomeform ofhigh-levelprotocoltranslation,suchasane-mailgatewayoragateway betweenaLANandamainframe.WhenaWindowssystemreferstoits “defaultgateway,”however,itisreferringtoastandardrouter,operating atthenetworklayer. RoutingTableParsing Whetherasystemisfunctioningasarouterornot,theresponsibilityofanetworklayer protocollikeIPistodeterminewhereeachpacketshouldbetransmittednext.TheIP headerineachpacketcontainstheaddressofthesystemthatistobeitsultimate destination,butbeforepassingeachpacketdowntothedatalinklayerprotocol,IPuses theroutingtabletodeterminewhatthedatalinklayerdestinationaddressshouldbeforthe packet’snexthop.ThisisbecauseadatalinklayerprotocollikeEthernetcanaddressa packetonlytoasystemonthelocalnetwork,whichmayormaynotbeitsfinal destination.Tomakethisdetermination,IPreadsthedestinationaddressforeachpacketit processesfromtheIPheaderandsearchesforamatchingentryintheroutingtable,using thefollowingprocedure: 1.IPfirstscanstheroutingtable,lookingforahostroutethatexactlymatches thedestinationIPaddressinthepacket.lfoneexists,thepacketistransmittedto thegatewayspecifiedintheroutingtableentry. 2.Ifnomatchinghostrouteexists,IPusesthesubnetmasktodeterminethe networkaddressforthepacketandscanstheroutingtableforanentrythat matchesthataddress.IfIPfindsamatch,thepacketistransmittedeithertothe specifiedgateway(ifthesystemisnotdirectlyconnectedtothedestination network)oroutthespecifiednetworkinterface(ifthedestinationisonthelocal network). 3.Ifnomatchingnetworkaddressisintheroutingtable,IPscansforadefault (or0.0.0.0)routeandtransmitsthepackettothespecifiedgateway. 4.Ifnodefaultrouteisinthetable,IPreturnsadestinationunreachable messagetothesourceofthepacket(eithertheapplicationthatgenerateditorthe systemthattransmittedit). StaticandDynamicRouting Thenextlogicalquestionconcerningtheroutingprocessis,howdotheentriesgetintothe routingtable?Asystemcangenerateentriesforthedefaultgateway,thelocalnetwork, andthebroadcastandmulticastaddressesbecauseitpossessesalloftheinformation neededtocreatethem.Fornetworkstowhichtherouterisnotdirectlyconnected, however,routingtableentriesmustbecreatedbyanoutsideprocess.Thetwobasic methodsforcreatingentriesintheroutingtablearecalledstaticrouting,whichisthe manualcreationofentries,anddynamicrouting,whichusesanexternalprotocoltogather informationaboutthenetwork. Onarelativelysmall,stablenetwork,staticroutingisapracticalalternativebecause youhavetocreatetheentriesinyourrouters’tablesonlyonce.Manuallyconfiguringthe routingtableonworkstationsisn’tnecessarybecausetheytypicallyhaveonlyonenetwork interfaceandcanaccesstheentirenetworkthroughonedefaultgateway.Routers, however,havemultiplenetworkinterfacesandusuallyhaveaccesstomultiplegateways. Theymust,therefore,knowwhichroutetousewhentryingtotransmittoaspecific network. Tocreatestaticentriesinacomputer’sroutingtable,youuseaprogramsuppliedwith theoperatingsystem.ThestandardtoolforthisonUnixandWindowssystemsisa character-basedutilitycalledroute(inUnix)orroute.exe(inWindows).Tocreateanew entryintheroutingtableonaWindowscomputer,forexample,youuseacommandlike thefollowing: ROUTEADD192.168.5.0MASK255.255.255.0192.168.2.1METRIC2 Thiscommandinformsthesystemthattoreachanetworkwiththeaddress 192.168.5.0,thesystemmustsendpacketstoagateway(router)withtheaddress 192.168.2.1,andthatthedestinationnetworkistwohopsaway. Insomecases,graphicalutilitiesareavailablethatcanperformthesametask.For example,theWindows2012ServersystemwithitsRoutingandRemoteAccessServer servicerunningenablesyoutocreatestaticroutes. Staticroutescreatedthiswayremainintheroutingtableuntilyoumanuallychangeor removethem,andthiscanbeaproblem.Ifagatewayspecifiedinastaticrouteshould fail,thesystemcontinuestosendpacketstoit,tonoavail.Youmusteitherrepairthe gatewayormodifythestaticroutesthatreferenceitthroughoutthenetworkbeforethe systemscanfunctionnormallyagain. Onlargernetworks,staticroutingbecomesincreasinglyimpractical,notonlybecause ofthesheernumberofroutingtableentriesinvolved,butalsobecausenetworkconditions canchangetoooftenandtooquicklyforadministratorstokeeptheroutingtablesonevery systemcurrent.Instead,thesenetworksusedynamicrouting,inwhichspecializedrouting protocolsshareinformationabouttheotherroutersinthenetworkandmodifytherouting tablesaccordingly.Onceconfigured,dynamicroutingneedslittleornomaintenancefrom networkadministratorsbecausetheprotocolscancreate,modify,orremoveroutingtable entriesasneededtoaccommodatechangingnetworkconditions.TheInternetistotally dependentondynamicroutingbecauseitisconstantlymutating,andnomanualprocess couldpossiblykeepupwiththechanges. SelectingtheMostEfficientRoute Manynetworks,evenrelativelysmallones,aredesignedwithmultipleroutersthat provideredundantpathstoagivendestination.Thus,whilecreatinganetworkthat consistsofseveralLANsjoinedinaseriesbyrouterswouldbepossible,mostuse somethingapproachingameshtopologyinstead,asshowninFigure4-14.Thisway,if anyoneroutershouldfail,allofthesystemscanstillsendtraffictoanyothersystemon anynetwork. Figure4-14Byinterconnectingrouters,packetsfromonecomputercantraveltoadestinationcomputeronanother networkonadifferentroute. Whenanetworkisdesignedinthisway,anotherimportantpartoftheroutingprocess isselectingthebestpathtoagivendestination.Theuseofdynamicroutingonthe networktypicallyresultsinallpossibleroutestoagivennetworkbeingenteredinthe routingtables,eachofwhichincludesametricthatspecifieshowmanyhopsarerequired toreachthatnetwork.Mostofthetime,theefficiencyofaparticularrouteismeasuredby themetricvaluebecauseeachhopinvolvesprocessingbyanotherrouter,whichintroduces aslightdelay.Whenarouterhastoforwardapackettoanetworkrepresentedbymultiple entriesintheroutingtable,itchoosestheonewiththelowermetric. DiscardingPackets Thegoalofarouteristotransmitpacketstotheirdestinationsusingthepaththatincurs thesmallestnumberofhops.Routersalsotrackthenumberofhopsthatpacketstakeon thewaytotheirdestinationsforanotherreason.Whenamalfunctionormisconfiguration occursinoneormorerouters,itispossibleforpacketstogetcaughtinarouterloopand bepassedendlesslyfromoneroutertoanother. Topreventthis,theIPheadercontainsaTimetoLive(TTL)fieldthatthesource systemgivesacertainnumericalvaluewhenapacketiscreated.Thisvalueis128on manysystemsandcannotstarthigherthan255.Asapackettravelsthroughthenetwork, eachrouterthatprocessesitdecrementsthevalueofthisfieldby1.If,foranyreason,the packetpassesthroughroutersenoughtimestobringthevalueofthisfielddownto0,the lastrouterremovesitfromthenetworkanddiscardsit.TherouterthenreturnsanICMP TimetoLiveExceededinTransitmessagetothesourcesystemtoinformitofthe problem. PacketFragmentation Routerscanconnectnetworksofvastlydifferenttypes,andtheprocessoftransferring datagramsfromonedatalinklayerprotocoltoanothercanrequiremorethansimply strippingoffoneheaderandapplyinganewone.Thebiggestproblemthatcanoccur duringthistranslationprocessiswhenoneprotocolsupportsframesthatarelargerthan theotherprotocol. If,forexample,arouterconnectsaTokenRingnetworktoanEthernetone,itmay havetoaccept4,500-bytedatagramsfromonenetworkandthentransmitthemovera networkthatcancarryonlyl,500-bytedatagrams.Routersdeterminethemaximum transferunitofaparticularnetworkbyqueryingtheinterfacetothatnetwork.Tomake thispossible,therouterhastobreakupthedatagramintofragmentsoftheappropriatesize andthenencapsulateeachfragmentinthecorrectdatalinklayerprotocolframe.This fragmentationprocessmayoccurseveraltimesduringapacket’sjourneyfromthesource toitsdestination,dependingonthenumberandtypesofnetworksinvolved. Forexample,apacketoriginatingonaTokenRingnetworkmaybedividedinto 1,500-bytefragmentstoaccommodatearoutethroughanEthernetnetwork,andtheneach ofthosefragmentsmaythemselvesbedividedinto576-bytefragmentsfortransmission overtheInternet.Note,however,thatwhileroutersfragmentpackets,theynever defragmentthem.Evenifthe576-bytedatagramsarepassedtoanEthernetnetworkas theyapproachtheirdestination,therouterdoesnotreassembletheminto1,500-byte datagrams.Allreassemblyisperformedatthenetworklayerofthefinaldestination system. RoutingandICMP TheInternetControlMessageProtocolprovidesseveralimportantfunctionstoroutersand thesystemsthatusethem.ChiefamongtheseisthecapabilityofrouterstouseICMP messagestoprovideroutinginformationtootherrouters.RouterssendICMPredirect messagestosourcesystemswhentheyknowofabetterroutethanthesystemiscurrently using.Forexample,aworkstationonNetworkAsendsapackettoRouterAthatis destinedforacomputeronNetworkB,andRouterAdeterminesthatthenexthopshould betoRouterB,whichisonthesamenetworkasthetransmittingworkstation,RouterA willuseanICMPmessagetoinformtheworkstationthatitshoulduseRouterBtoaccess NetworkBinstead(seeFigure4-15).Theworkstationthenmodifiestheentryinits routingtableaccordingly. Figure4-15ICMPredirectmessagesprovidesimpleroutinginformationtotransmittingsystems. RoutersalsogenerateICMPDestinationUnreachablemessagesofvarioustypeswhen theyareunabletoforwardpackets.Ifarouterreceivesapacketthatisdestinedfora workstationonalocallyattachednetworkanditcan’tdeliverthepacketbecausethe workstationisoffline,theroutergeneratesaHostUnreachablemessageandtransmitsitto thesystemthatoriginatedthepacket.Iftherouterisunabletoforwardthepacketto anotherrouterthatprovidesaccesstothedestination,itgeneratesaNetworkUnreachable messageinstead.Networklayerprotocolsprovideend-to-endcommunications,meaningit isusuallytheendsystemsthatareinvolvedinadialog.ICMPisthereforeamechanism thatenablesintermediatesystems(routers)tocommunicatewithasourceendsystem(the transmitter)intheeventthatthepacketscan’treachthedestinationendsystem. OtherICMPpackets,calledRouterSolicitationandAdvertisementmessages,can enableworkstationstodiscovertheroutersonthelocalnetwork.Ahostsystemgenerates aRouterSolicitationmessageandtransmitsitaseitherabroadcastoramulticasttothe AllRoutersonThisSubnetaddress(2240.02).Routersreceivingthemessagerespond withRouterAdvertisementmessagesthatthehostsystemusestoupdateitsroutingtable. Theroutersthengenerateperiodicupdatestoinformthehostoftheircontinued operationalstatus.Mostsystemscanupdatetheirroutingtableswithinformationfrom ICMPRouterAdvertisementmessages.Supportforthesemessagesinhardwarerouter implementationsvariesfromproducttoproduct. TheICIVIPRedirectandRouterSolicitation/Advertisementmessagesdonot constitutearoutingprotocolpersebecausetheydonotprovidesystemswithinformation aboutthecomparativeefficiencyofvariousroutes.Routingtableentriescreatedor modifiedasaresultofthesemessagesarestillconsideredtobestaticroutes. RoutingProtocols Routersthatsupportdynamicroutingusespecializedprotocolstoexchangeinformation aboutthemselveswithotherroutersonthenetwork.Dynamicroutingdoesn’talterthe actualroutingprocess;it’sjustadifferentmethodofcreatingentriesintheroutingtable. Therearetwotypesofroutingprotocols:interiorgatewayprotocolsandexteriorgateway protocols.Privatenetworkstypicallyuseonlyinteriorgatewayprotocolsbecausethey havearelativelysmallnumberofroutersanditispracticalforallofthemtoexchange messageswitheachother. OntheInternet,thesituationisdifferent.HavingeveryoneoftheInternet’sthousands ofroutersexchangemessageswitheveryotherrouterwouldbeimpossible.Theamountof trafficinvolvedwouldbeenormous,andtherouterswouldhavelittletimetodoanything else.Instead,asisusualwiththeInternet,atwo-levelsystemwasdevisedthatsplitsthe giganticnetworkintodiscreteunitscalledautonomoussystemsoradministrativedomains orjustdomains. Anautonomoussystem(AS)isusuallyaprivatenetworkadministeredbyasingle authority,suchasthoserunbycorporations,educationalinstitutions,andgovernment agencies.TherouterswithinanASuseaninteriorgatewayprotocol,suchastheRouting InformationProtocol(RIP)ortheOpenShortestPathFirst(OSPF)protocol,toexchange routinginformationamongthemselves.AttheedgesofanASareroutersthat communicatewiththeotherautonomoussystemsontheInternet,usinganexterior gatewayprotocol,themostcommonofwhichontheInternetaretheBorderGateway Protocol(BC-P)andtheExteriorGatewayProtocol(EGP). Bysplittingtheroutingchoresintoatwo-levelhierarchy,packetstravelingacrossthe Internetpassthroughroutersthatcontainonlytheinformationneededtogetthemtothe rightAS.OncethepacketsarriveattheedgeoftheASinwhichthedestinationsystemis located,therouterstherecontainmorespecificinformationaboutthenetworkswithinthe AS.TheconceptismuchlikethewaythatIPaddressesanddomainnamesareassignedon theInternet.Outsideentitiestrackonlythevariousnetworkaddressesordomains.The individualadministratorsofeachnetworkareresponsibleformaintainingthehost addressesandhostnameswithinthenetworkordomain. SeeChapter12formoreinformationonroutingprotocols. Switches ThetraditionalnetworkconfigurationusesmultipleLANsconnectedbyrouterstoforma networkthatislargerthanwouldbepossiblewithasingleLAN.Thisisnecessarybecause eachLANisbasedonanetworkmediumthatissharedbymultiplecomputers,andthere isalimittothenumberofsystemsthatcansharethemediumbeforethenetworkis overwhelmedbytraffic.RouterssegregatethetrafficontheindividualLANs,forwarding onlythosepacketsaddressedtosystemsonotherLANs. Routershavebeenaroundfordecades,buttodayswitcheshaverevolutionized networkdesignandmadeitpossibletocreateLANsofalmostunlimitedsize.Aswitchis essentiallyamultiportbridgingdeviceinwhicheachportisaseparatenetworksegment. Similarinappearancetoahub,aswitchreceivesincomingtrafficthroughitsports.Unlike ahub,whichforwardsthetrafficoutthroughallofitsotherports,aswitchforwardsthe trafficonlytothesingleportneededtoreachthedestination(seeFigure4-16).If,for example,youhaveasmallnetworkwitheachcomputerconnectedtoaportinthesame switchinghub,eachsystemhaswhatamountstoadedicated,full-bandwidthconnectionto everyothersystem.Nosharednetworkmediumexists,andconsequently,thereareno collisionsortrafficcongestion.Asanaddedbonus,youalsogetincreasedsecurity because,withoutasharedmedium,anunauthorizedworkstationcannotmonitorand capturethetrafficnotintendedforit. Figure4-16Switchesrepeatincomingtraffic,butonlytothespecificportforwhichthepacketisintended. Switchesoperateatlayer2oftheOSIreferencemodel,thedatalinklayer,so consequently,theyareusedtocreateasinglelargenetworkinsteadofaseriesofsmaller networksconnectedbyrouters.Thisalsomeansthatswitchescansupportanynetwork layerprotocol.Liketransparentbridges,switchescanlearnthetopologyofanetworkand performfunctionssuchasforwardingandpacketfiltering.Manyswitchesarealsocapable offull-duplexcommunicationsandautomaticspeedadjustment.Inthetraditional arrangementforalargernetwork,multipleLANsareconnectedtoabackbonenetwork withrouters.Thebackbonenetworkisashared-mediumLANlikealloftheothers, however,andmustthereforecarryallofthenetworktrafficgeneratedbythehorizontal networks.Thisiswhythebackbonenetworktraditionallyusesafasterprotocol.Ona switchednetwork,workstationsareconnectedtoindividualworkgroupswitches,whichin turnareconnectedtoasingle,high-performanceswitch,thusenablinganysystemonthe networktoopenadedicatedconnectiontoanyothersystem(seeFigure4-17).This arrangementcanbeexpandedfurthertoincludeanintermediatelayerofdepartmental switches.Serversaccessedbyalluserscanthenbeconnecteddirectlytoadepartmental switchortothetop-levelswitchforbetterperformance. Figure4-17Today,hierarchiesofswitchesreplacebothhubsandrouters. Replacinghubswithswitchesisanexcellentwaytoimprovetheperformanceofa networkwithoutchangingprotocolsormodifyingindividualworkstations.Evenalegacy Ethernetnetworkexhibitsadramaticimprovementwheneachworkstationisgivenafull tenMbpsofbandwidth.Today,switchesareavailablefornearlyallnetworks,bothwired andwireless. SwitchTypes Therearetwobasictypesofswitching:cut-throughswitchingandstore-and-forward switching.Acut-throughswitchreadsonlytheMACaddressofanincomingpacket,looks uptheaddressinitsforwardingtable,andimmediatelybeginstotransmititoutthrough theportprovidingaccesstothedestination.Theswitchforwardsthepacketwithoutany additionalprocessing,suchaserrorchecking,andbeforeithasevenreceivedtheentire packet.Thistypeofswitchisrelativelyinexpensiveandmorecommonlyusedatthe workgroupordepartmentlevel,wherethelackoferrorcheckingwillnotaffectthe performanceoftheentirenetwork.Theimmediateforwardingofincomingpackets reducesthelatency(thatis,thedelay)thatresultsfromerrorcheckingandother processing.Ifthedestinationportisinuse,however,theswitchbuffersincomingdatain memory,incurringalatencydelayanyway,withouttheaddedbenefitoferrorchecking. Astore-and-forwardswitch,asthenameimplies,storesanentireincomingpacketin buffermemorybeforeforwardingitoutthedestinationport.Whileinmemory,theswitch checksthepacketforerrorsandotherconditions.Theswitchimmediatelydiscardsany packetswitherrors;thosewithouterrorsareforwardedoutthroughthecorrectport.These switchingmethodsarenotnecessarilyexclusiveofeachother.Someswitchescanworkin cut-throughmodeuntilapreseterrorthresholdisreached,andthenswitchtostore-and- forwardoperation.Oncetheerrorsdropbelowthethreshold,theswitchrevertstocutthroughmode. Switchesimplementthesefunctionsusingoneofthreehardwareconfigurations. Matrixswitching,alsocalledcrossbarswitching,usesagridofinputandoutput connections,suchasthatshowninFigure4-18.Dataenteringthroughanyport’sinputcan beforwardedtoanyportforoutput.Becausethissolutionishardwarebased,thereisno CPUorsoftwareinvolvementintheswitchingprocess.Incaseswheredatacan’tbe forwardedimmediately,theswitchbuffersituntiltheoutputportisunblocked. Figure4-18Matrixswitchingusesagridofinputandoutputcircuits. Inasharedmemoryswitch,allincomingdataisstoredinamemorybufferthatis sharedbyalloftheswitch’sportsandthenforwardedtoanoutputport(seeFigure4-19). Amorecommonlyusedtechnology(showninFigure4-20),calledbus-architecture switching,forwardsalltrafficacrossacommonbus,usingtime-divisionmultiplexingto ensurethateachporthasequalaccesstothebus.Inthismodel,eachporthasitsown individualbufferandiscontrolledbyanapplication-specificintegratedcircuit(ASIC). Today,switchesareavailableforanysizenetwork,frominexpensiveworkgroupswitches designedforsmallofficenetworkstostackableandmodularunitsusedinthelargest networks. Figure4-19Sharedmemoryswitching Figure4-20Bus-architectureswitching Routingvs.Switching Thequestionofwhethertorouteorswitchonanetworkisadifficultone.Switchingis fasterandcheaperthanrouting,butitraisessomeproblemsinmostnetwork configurations.Byusingswitches,youeliminatesubnetsandcreateasingleflatnetwork segmentthathostsallofyourcomputers.Anytwosystemscancommunicateusinga dedicatedlinkthatisessentiallyatemporarytwo-nodenetwork.Theproblemsarisewhen workstationsgeneratebroadcastmessages.Becauseaswitchednetworkformsasingle broadcastdomain,broadcastmessagesarepropagatedthroughoutthewholenetwork,and everysystemmustprocessthem,whichcanwasteenormousamountsofbandwidth. OneoftheadvantagesofcreatingmultipleLANsandconnectingthemwithroutersis thatbroadcastsarelimitedtotheindividualnetworks.Routersalsoprovidesecurityby limitingtransmissionstoasinglesubnet.Toavoidthewastedbandwidthcausedby broadcasts,ithasbecomenecessarytoimplementcertainroutingconceptsonswitched networks.Thishasledtoanumberofnewtechnologiesthatintegrateroutingand switchingtovaryingdegrees.Someofthesetechnologiesareexaminedinthefollowing sections. VirtualLANs AvirtualLAN(VLAN)isagroupofsystemsonaswitchednetworkthatfunctionsasa subnetandcommunicateswithotherVLANsthroughrouters.Thephysicalnetworkisstill switched,however;theVLANsexistasanoverlaytotheswitchingfabric,asshownin Figure4-21.NetworkadministratorscreateVLANsbyspecifyingtheMACportorIP addressesofthesystemsthataretobepartofeachsubnet.Messagesthatarebroadcaston aVLANarelimitedtothesubnet,justasinaroutednetwork.BecauseVLANsare independentofthephysicalnetwork,thesystemsinaparticularsubnetcanbelocated anywhere,andasinglesystemcanevenbeamemberofmorethanoneVLAN. Figure4-21VLANsarepseudo-subnetsofswitchedworkstations,connectedbyrouters. Despitethefactthatallthecomputersareconnectedbyswitches,routersarestill necessaryforsystemsindifferentVLANstocommunicate.VLANsthatarebasedsolely onlayer2technology,suchasthosethatuseportconfigurationorMACaddressesto definethemembersystems,musthaveaportdedicatedtoarouterconnection.Inthistype ofVLAN,thenetworkadministratoreitherselectscertainswitchportstodesignatethe membersofaVLANorcreatesalistoftheworkstations’MACaddresses. Becauseoftheadditionalprocessinginvolved,routingisslowerthanswitching.This particulararrangementissometimesreferredtoas“switchwhereyoucan,routewhere youmust”becauseroutingisusedforcommunicationonlybetweenVLANs;all communicationwithinaVLANisswitched.Thisisanefficientarrangementaslongasthe majorityofthenetworktraffic(70to80percent)isbetweensystemsinthesameV/LAN. CommunicationspeedwithinaVLANismaximizedattheexpenseoftheinter-VLAN communication.Whentoomuchtrafficoccursbetweensystemsindifferentsubnets,the routingslowsdowntheprocesstoomuch,andthespeedoftheswitchesislargelywasted. Layer3Switching Layer3switchesaresimilartoroutersandoftensupportthesameroutingprotocols.Layer 3switchesalsouseVLANsbutmixroutingandswitchingfunctionstomake communicationbetweenVLANsmoreefficient.Thistechnologyisknownbyseveral differentnames,dependingonthevendoroftheequipment.Theessenceoftheconceptis describedas“routeonce,switchafterward.”Arouterisstillrequiredtoestablish connectionsbetweensystemsindifferentVLANs,butoncetheconnectionhasbeen established,subsequenttraffictravelsoverthelayer2switchingfabric,whichismuch faster. Mostofthehardwaredevicescalledlayer3switchescombinethefunctionsofa switchandarouterintooneunit.Thedeviceiscapableofperformingallofarouter’s standardfunctionsbutisalsoabletotransmitdatausinghigh-speedswitches,allata substantiallylowercostthanastandardrouter.Layer3switchesareoptimizedforuseon LANandmetropolitanareanetwork(MAN)connections,notWANs.Byreplacingthe routersthatconnectworkgroupordepartmentnetworkstothebackbonewithlayer3 switches,youretainalloftherouterfunctionality,whileincreasingtheoverallspeedat whichdataisforwarded. Multiple-LayerSwitching AsGigabitEthernetbecomesthenorm,newerswitchescanprioritizenetworktrafficby usinginformationfromotherOSIlayersineitherhardwareorsoftwareconfigurations.For example,layer4switchingisawaytoallowbetterqualityofservice(QoS)withbetter managementacrossseveralservers.RoutershaveusedOSIlayer4informationfor prioritizingnetworktrafficformanyyears.Sincetodayglobalapplicationsneedrapid disseminationofsessioninformation,layer4switchescanmakeintelligentdecisionsfor forwardingframes,basedonTCP/UDPportinformationandtheIPdestination/source addresses.Thistypeofswitchingcandothefollowing: •Examinethedirectionofclientrequestsatthelayer4switch •Processmultiplerequestsacrossanyavailableserver •Measurebothavailabilityandresponsivenessofeachserver •Establishpolicycontrolsfortrafficmanagement Formoreinformationaboutmodernservertechnologies,seeChapter8. CHAPTER 5 CablingaNetwork Althoughtherearenetworksthatuseradiotransmissionsandotherwirelesstechnologies totransmitdata,thevastmajorityoftoday’snetworksusesomeformofcableasthe networkmedium.Mostofthecablesusedfordatanetworkinguseacopperconductorto carryelectricalsignals,butfiber-optic,aspunglasscablethatcarriespulsesoflight,isan increasinglypopularalternative. Cablingissueshave,inrecentyears,becomeseparatedfromthetypicalnetwork administrator’strainingandexperience.Manyveteranadministratorshaveneverinstalled (orpulled)cablethemselvesandarelessthanfamiliarwiththetechnologythatformsthe basisforthenetwork.Inmanycases,theuseoftwisted-paircablehasresultedin telephonesystemcontractorsbeingresponsibleforthenetworkcabling.Network consultantstypicallyoutsourceallbutthesmallestcablingjobstooutsidecompanies. Networkcablingis,inmanycases,structurallyintegratedinthebuildingorother structureswithinthewholenetworksite.Therefore,cableinstallation,replacement,or upgradeoftentimesentailsplanningbeyondtheinformationtechnologydepartment’s operationalcontrol.Evenwhatmayseeminglyappeartobeasimplecablesegment replacementprojectcanturnouttobelogisticallycomplicated. However,althoughthecablingrepresentsonlyasmallpartofanetwork’stotalcost (aslittleas6percent),ithasbeenestimatedtoberesponsibleforasmuchas75percentof networkdowntime.Thecablingisalsousuallythelongest-livedelementofanetwork. Youmayreplaceserversandothercomponentsmorethanoncebeforeyoureplacethe cable.Forthesereasons,spendingabitextraongood-qualitycable,properlyinstalled,isa worthwhileinvestment.Thischapterexaminesthetypesofcablesusedfornetworks,their composition,andtheconnectorstheyuse. CableProperties Datalinklayerprotocolsareassociatedwithspecificcabletypesandincludeguidelines fortheinstallationofthecable,suchasmaximumsegmentlengths.Inmostcases,you haveachoiceastowhatkindofcableyouwanttousewiththeprotocol,whileinothers youdonot.Partoftheprocessofevaluatingandselectingaprotocolinvolvesexamining thecabletypesandtheirsuitabilityforyournetworksite.Forexample,aconnection betweentwoadjacentbuildingsisbetterservedbyfiber-opticthancopper,sowiththat requirementinmind,youshouldproceedtoevaluatethedatalinklayerprotocolsthat supporttheuseoffiber-opticcable. Yourcableinstallationmayalsobegoverned,inpart,bythelayoutofthesiteandthe localbuildingcodes.Cablesgenerallyareavailableinbothnonplenumandplenumtypes. Aplenumisanairspacewithinabuilding,createdbythecomponentsofthebuilding themselves,thatisdesignedtoprovideventilation,suchasaspacebetweenfloorsor walls.Buildingsthatuseplenumstomoveairusuallydonothaveaductedventilation system.Inmostcommunities,toruncablethroughaplenum,youmustuseaplenum-rated cablethatdoesnotgiveofftoxicgaseswhenitburnsbecausetheairintheplenumis distributedthroughoutthebuilding.Theoutercoveringofaplenumcableisusuallysome sortofTeflonproduct,whilenonplenumcableshaveapolyvinylchloride(PVC)sheath, whichdoesproducetoxicgaseswhenitburns.Notsurprisingly,plenumcablecostsmore thannonplenum,anditisalsolessflexible,makingitmoredifficulttoinstall.However,it isimportanttousethecorrecttypeofcableinanyinstallation.Ifyouviolatethebuilding codes,thelocalauthoritiescanforceyoutoreplacetheoffendingcableandpossiblymake youpayfinesaswell.Becauseofalwaysincreasinginsurancecosts,somecompanieswill usespecificplenumcablestolowertheirliabilityincaseoffirebecausetheuseofplenum cablecanresultinlessphysicaldamageshouldtherebeafire. Costiscertainlyanelementthatshouldaffectyourcableselectionprocess,notonlyof thecableitselfbutalsooftheancillarycomponentssuchasconnectorsandmounting hardware,thenetworkinterfacecards(NICs)forthecomputers,andthelaborrequiredfor thecableinstallation.Thequalitiesoffiber-opticcablemightmakeitseemanidealchoice foryournetwork,butwhenyouseethecostsofpurchasing,installing,andmaintainingit, youropinionmaychange. Finally,thequalityofthecableisanimportantpartoftheevaluationandselection process.Whenyouwalkintoyourlocalcomputercentertobuyaprefabricatedcable,you won’thavemuchofaselection,exceptforcablelengthandpossiblycolor.Vendorsthat provideafullcableselection,however(manyofwhomsellonlineorbymailorder),have avarietyofcabletypesthatdifferintheirconstruction,theircapabilities,and,ofcourse, theirprices. Dependingonthecabletype,agoodvendormayhavebothbulkcableand prefabricatedcables.Bulkcable(thatis,unfinishedcablewithoutconnectors)shouldbe availableinvariousgrades,inbothplenumandnonplenumtypes.Thegradeofthecable candependonseveralfeatures,includingthefollowing: •ConductorgaugeThegaugeisthediameteroftheactualconductorwithina cable,whichinthecaseofcoppercablesismeasuredusingtheAmericanWire Gauge(AWG)scale.ThelowertheAWGrating,thethickertheconductor.A24 AWGcable,therefore,isthinnerthana22AWGcable.Athickerconductor providesbetterconductivityandmoreresistanceagainstattenuation. •CategoryratingSometypesofcablesareassignedratingsbyastandards body,liketheElectronicIndustriesAlliance/TelecommunicationsIndustry Association(EIA/TIA).Twisted-paircable,forexample,isgivenacategoryrating thatdefinesitscapabilities.Mostofthetwisted-paircablefoundtodayisCategory 5eorCategory6,knownasCat5eorCat6.NewerinstallationsmayuseCat6a, whichhasimprovedperformanceatfrequenciesupto500MHz. •ShieldedorunshieldedSomecablesareavailablewithcasingsthatprovide differentlevelsofshieldingagainstelectromagneticinterference.Theshielding usuallytakestheformoffoilorcopperbraid,thelatterofwhichprovidesbetter protection.Twisted-paircabling,forexample,isavailableinshieldedand unshieldedvarieties.Foratypicalnetworkenvironment,unshieldedtwisted-pair providessufficientprotectionagainstinterferencebecausethetwistingofthewire pairsitselfisapreventativemeasure. •SolidorstrandedconductorAcablewithasolidmetalconductorprovides betterprotectionagainstattenuation,whichmeansitcanspanlongerdistances. However,thesolidconductorhamperstheflexibilityofthecable.Ifflexedorbent repeatedly,theconductorinsidethecablecanbreak.Solidconductorcables, therefore,areintendedforpermanentcablerunsthatwillnotbemoved,suchas thoseinsidewallsorceilings.(Notethatthecablecanbeflexedaroundcorners andotherobstaclesduringtheinstallation;itisrepeatedflexingthatcandamage it.)Cableswithconductorscomposedofmultiplecopperstrandscanbeflexed repeatedlywithoutbreakingbutaresubjecttogreateramountsofattenuation. Strandedcables,therefore,shouldbeusedforshorterrunsthatarelikelytobe moved,suchasforpatchcablesrunningfromwallplatestocomputers. NOTEAttenuationreferstothetendencyofsignalstoweakenastheytravel alongacablebecauseoftheresistanceinherentinthemedium.The longeracable,themorethesignalsattenuatebeforereachingtheother end.Attenuationisoneoftheprimaryfactorsthatlimitsthesizeofadata network.Differenttypesofcablehavedifferentattenuationrates,with coppercablebeingfarmoresusceptibletotheeffectthanfiber-optic cable. Thesefeaturesnaturallyaffectthepriceofthecable.Alowergaugeismoreexpensive thanahigherone,ahighercategoryismoreexpensivethanalower,shieldedismore expensivethanunshielded,andsolidismoreexpensivethanstranded.Thisisnottosay, however,thatthemoreexpensiveproductispreferableineverysituation.Inadditionto thecable,agoodvendorshouldhavealloftheequipmentyouneedtoattachthe appropriateconnectors,includingtheconnectorcomponentsandthetoolsforattaching them. Prefabricatedcableshavetheconnectorsalreadyattachedandshouldbeavailablein variouslengthsandcolors,usingcablewiththefeaturesalreadylisted,andwithvarious gradesofconnectors.Thehighest-qualityprefabricatedcables,forexample,usuallyhave arubberbootaroundtheconnectorthatsealsittothecableend,preventsitfromloosening orpullingout,protectstheconnectorpinsfrombending,andreducessignalinterference betweenthewires(calledcrosstalk).Onlower-costcables,theconnectorissimply attachedtotheend,withoutanyextraprotection. CablingStandards Priorto1991,thecablingusedfornetworkswasspecifiedbythemanufacturersof individualnetworkingproducts.Thisresultedintheincompatibilitiesthatarecommonin proprietarysystems,andtheneedwasrecognizedforastandardtodefineacablingsystem thatcouldsupportamultitudeofdifferentnetworkingtechnologies.Toaddressthisneed, theAmericanNationalStandardsInstitute(ANSI),theElectronicIndustryAssociation, andtheTelecommunicationsIndustryAssociation,alongwithaconsortiumof telecommunicationscompanies,developedtheANSI/EIA/TIA-568-1991Commercial BuildingTelecommunicationsCablingStandard.Thisdocumentwasrevisedin1995and wasknownasANSI/TIA/EIA-T568-A.Anadditionalwiringstandard,theT568-B,was adoptedin2001.Theprimarydifferencebetweenthetwoisthattwoofthewiringpairs areswapped.Eachstandarddefinesthepinout(ororderofconnection)fortheeight-pin connectorplugs.See“ConnectorPinouts”laterinthischapterformoreinformation. BothofthesestandardsweresupersededbythecurrentTIA/EIA-568-Cstandard. TIA/EIA-568 The568standarddefinesastructuredcablingsystemforvoiceanddatacommunications inofficeenvironmentsthathasausablelifespanofatleasttenyears,supportsproductsof multipletechnologyvendors,andusesanyofthefollowingcabletypesforvarious applications.Thecurrentstandard(TIA/EIA-568-C)definesthegeneralrequirementswith subsectionsthatfocusoncablingsystems.Additionalstandards,suchasTIA-569-Aand TIA-570-A,addresscommercialandresidentialcabling. Thedocumentsalsoincludespecificationsforinstallingthecablewithinthebuilding space.Towardthisend,thebuildingisdividedintothefollowingsubsystems: •BuildingentranceThelocationatwhichthebuilding’sinternalcabling interfaceswithoutsidecabling.Thisisalsoreferredtoasthedemarcationpoint, wheretheexternalprovidernetworkendsandconnectswiththecustomer’sonpremisewiring. •EquipmentroomThelocationofequipmentthatcanprovidethesame functionsasthatinatelecommunicationsclosetbutthatmaybemorecomplex. •TelecommunicationsclosetThelocationoflocalizedtelecommunications equipment,suchastheinterfacebetweenthehorizontalcablingandthebackbone. •BackbonecablingThecablingthatconnectsthebuilding’svarious equipmentrooms,telecommunicationsclosets,andthebuildingentrance,aswell asconnectionsbetweenbuildingsinacampusnetworkenvironment. •HorizontalcablingThecablingandotherhardwareusedtoconnectthe telecommunicationsclosettotheworkarea. Thewiringsareusuallyrunthroughwireways,conduits,orceilingspacesof eachfloorandcaneitherbeplenumcablingorinternalwiring(IW). •WorkareaThecomponentsusedtoconnectthetelecommunicationsoutlet totheworkstation. Thus,thecableinstallationforamodernbuildingmightlooksomethinglikethe diagramshowninFigure5-1.Theconnectionstoexternaltelephoneandotherservices arriveatthebuildingentranceandleadtotheequipmentroom,whichcontainsthe networkserversandotherequipment.Abackbonenetworkconnectstheequipmentroom tovarioustelecommunicationsclosetsthroughoutthebuilding,whichcontainnetwork interfaceequipment,suchasswitches,bridges,routers,orhubs.Fromthe telecommunicationsclosets,thehorizontalcablingbranchesoutintotheworkareas, terminatingatwallplates.Theworkareathenconsistsofthepatchcablesthatconnectthe computersandotherequipmenttothewallplates. Figure5-1AgenericbuildingcablingsystemasdefinedbyTIA/EIAT-568 Thisis,ofcourse,asimplifiedandgeneralizedplan.TheT568standard,in coordinationwithotherTIA/EIAstandards,providesguidelinesforthetypesofcabling withinandbetweenthesesubsystemsthatyoucanusetocreateawiringplancustomized toyoursiteandyourequipment. Contractorsyouhiretoperformanofficecableinstallationshouldbefamiliarwith thesestandardsandshouldbewillingtocertifyinwritingthattheirworkconformstothe guidelinestheycontain. DataLinkLayerProtocolStandards TheprotocolstraditionallyassociatedwiththedatalinklayeroftheOSIreferencemodel, suchasEthernetandTokenRing,alsooverlapintothephysicallayerinthattheycontain specificationsforthenetworkcabling.Thus,EthernetandTokenRingstandards,like thoseproducedbytheIEEE802workinggroup,canalsobesaidtobecablingstandards. However,thesedocumentsdonotgoasdeeplyintothedetailsofthecablepropertiesand enterprisecablesystemdesignasT568. CoaxialCable Thefirstcommerciallyviablenetworktechnologiesintroducedinthe1970susedcoaxial cableasthenetworkmedium.Coaxialcableisnamedforthetwoconductorsthatshare thesameaxisrunningthroughthecable’scenter.Manytypesofcoppercablehavetwo separateconductors,suchasastandardelectricalcord.Inmostofthese,thetwo conductorsrunsidebysidewithinaninsulatingsheaththatprotectsandseparatesthem.A coaxialcable,ontheotherhand,isround,withacoppercoreatitscenterthatformsthe firstconductor.Itisthiscorethatcarriestheactualsignals.Alayerofdielectricfoam insulationsurroundsthecore,separatingitfromthesecondconductor,whichismadeof braidedwiremeshandfunctionsasaground.Aswithanyelectricalcable,thesignal conductorandthegroundmustalwaysbeseparatedorashortwilloccur,producingnoise onthecable.Thisentireassemblyisthenenclosedwithinaninsulatingsheath(seeFigure 5-2). Figure5-2Across-sectionofacoaxialcable NOTECoaxialcablescanhaveeitherasolidorastrandedcoppercare,and theirdesignationsreflectthedifference.Thesuffix/Uindicatesasolid core,whileA/Uindicatesastrandedcore.ThinEthernetusedeitheran RC-58-UoranRG-58A/Ucable. Severaltypesofcoaxialcableswereusedfornetworking,andtheyhaddifferent properties,eveniftheyweresimilarinappearance.Datalinklayerprotocolscalledfor specifictypesofcable,thepropertiesofwhichdeterminedtheguidelinesandlimitations forthecableinstallation. Today,coaxcableisprimarilyusedforconnectingtelevisionstocableboxesor satellitereceivers.Italsomaybeusedtoconnectacomputer’scablemodemtoanInternet serviceprovider(ISP).Intheearlydaysofcomputernetworks,thecablewasconnected withaspecialconnectorcalledaBNC.Theactualmeaningofthebayonet-style connecter’snameisshroudedinmystery,withmosttechniciansdividedbetweenBritish NavalConnectorandBayonetNeill-Concelman. ThickEthernet RG-8/UcablewasusuallyreferredtoasthickEthernettrunkcablebecausethatwasits primaryuse.TheRG-8/UcableusedforthickEthernetnetworkshadtheleastamountof attenuationofthecoaxialcables,dueinnosmallparttoitbeingmuchthickerthanthe othertypes.ThisiswhyathickEthernetnetworkcouldhavecablesegmentsupto500 meterslong,whilethinEthernetwaslimitedto185meters. At.405inchesindiameter,RG-8/Uwassimilarinsizetoagardenhosebutmuch heavierandlessflexible,whichmadeitdifficulttobendaroundcorners.Forthese reasons,thecablewastypicallyinstalledalongthefloorofthesite.Bycontrast,theRC58A/UcableusedbythinEthernetwasthinner,lighter,andflexibleenoughtorundirectly totheNIC. ThickEthernetcablewasusuallyyellowandwasmarkedevery2.5metersforthetaps towhichtheworkstationsconnect.Toconnectaworkstationtothecable,youapplied whatwasknownasavampiretap.Avampiretapisaclampthatyouconnectedtothe cableafterdrillingaholeinthesheath.Theclamphadmetal“fangs”thatpenetratedinto thecoretosendandreceivesignals.Thevampiretapalsoincludedthetransceiver (externaltothecomputeronathickEthernetnetwork),whichconnectedtotheNICwitha cablewithconnectorsatbothends. Asaresultoftheinconveniencecausedbyitsexpenseandrigidity,anddespiteits betterperformancethanitssuccessor,thinEthernet,thickEthernetisrarelyseentoday, evenonlegacynetworks. ThinEthernet ThemainadvantageoftheRG-58cableusedforthinEthernetnetworksoverRG-8wasits relativeflexibility,whichsimplifiestheinstallationprocessandmakesitpossibletorun thecabledirectlytothecomputer,ratherthanusingaseparateAUIcable.Comparedto twisted-pair,however,thinEthernetisstillungainlyanddifficulttoconcealbecauseevery workstationmusthavetwocablesconnectedtoitsNICusingaTfitting.Insteadofneat wallplateswithmodularjacksforpatchcables,aninternalthinEthernetinstallationhad twothick,semirigidcablesprotrudingfromthewallforeverycomputer. Asaresultofthisinstallationmethod,thebuswasactuallybrokenintoseparate lengthsofcablethatconnecteachcomputertothenext,unlikeathickEthernetbus,which ideallywasonelongcablesegmentpiercedwithtapsalongitslength.Thismadeabig differenceinthefunctionalityofthenetworkbecauseifoneofthetwoconnectionsto eachcomputerwasbrokenforanyreason,thebuswassevered.Whenthishappened, networkcommunicationsfailedbetweensystemsondifferentsidesofthebreak,andthe lossofterminationononeendofeachfragmentjeopardizedallofthenetwork’straffic. RG-58cableusedBNCconnectorstoconnecttotheTandtoconnecttheTtotheNIC inthecomputer.Evenattheheightofitspopularity,thinEthernetcablewastypically purchasedinbulk,andtheconnectorswereattachedbytheinstalleroradministrator; prefabricatedcableswererelativelyrare.TheprocessofattachingaBNCconnector involvedstrippingtheinsulationoffthecableendtoexposeboththecoppercoreandthe ground.Theconnectoristhenappliedasseparatecomponents(asocketthatthecable threadsthroughandapostthatslipsoverthecore).Finally,thesocketiscompressedsoit gripsthecableandholdsthepostinplace,usingapliersliketoolcalledacrimper. CableTelevision Justbecausecoaxialcableisnolongerusedfornetworksdoesnotmeanthatithastotally outliveditsusefulness.Antennas,radios,andparticularlythecabletelevisionindustrystill useitextensively.ThecabledeliveringTVservicetoyourhomeisRG-5975-ohm coaxial,usedinthiscaseforbroadbandratherthanbasebandtransmission(meaningthat thesinglecablecarriesmultiple,discretesignalssimultaneously).Thiscableisalso similarinappearancetothinEthernet,butithasdifferentpropertiesandusesdifferent connectors.TheEconnectorusedforcableTVconnectionsscrewsintothejack,while BNCconnectorsuseabayonetlockcoupling. ManycableTVprovidersusethissamecoaxialcabletosupplyInternetaccessto subscribers,aswellastelevisionsignals.Intheseinstallations,thecoaxialcableconnects toadevicetypicallyreferredtoasacablemodem,whichthenisconnectedtoacomputer usinga10Base-TEthernetcable. Twisted-PairCable Twisted-paircableisthecurrentstandardfornetworks.Whencomparedtocoaxial,itis easiertoinstall,issuitableformanydifferentapplications,andprovidesfarbetter performance.Perhapsthebiggestadvantageoftwisted-paircable,however,isthatitis alreadyusedincountlesstelephonesysteminstallationsthroughouttheworld. Thismeansthatmanycontractorsarefamiliarwiththeinstallationproceduresandthat inanewlyconstructedofficeitispossibletoinstallthecablesatthesametimeasthe telephonecables.Infact,manyprivatehomesnowbeingbuiltincludetwisted-pair networkcablingaspartofthebasicserviceinfrastructure. Unlikecoaxialcable,whichhasonlyonesignal-carryingconductorandoneground, thetwisted-paircableusedinmostdatanetworkshasfourpairsofinsulatedcopperwires withinasinglesheath.Eachwirepairistwistedwithadifferentnumberoftwistsperinch toavoidelectromagneticinterferencefromtheotherpairsandfromoutsidesources(see Figure5-3). Figure5-3Across-sectionofatwisted-paircable Eachpairofwiresinatwisted-paircableiscolorcoded,usingcolorsdefinedinthe TIA/EIA-T568-AorBstandard,asshowninTable5-1.Ineachpair,thesolid-colored wirecarriesthesignals,whilethestripedwireactsasaground. Table5-1ColorCodesforTIA/EIAT-568 UnshieldedTwisted-Pair Theoutersheathingofatwisted-paircablecanbeeitherrelativelythin,asinunshielded twisted-pair(UTP)cable,orthick,asinshieldedtwisted-pair(STP).UTPcableisthe morecommonlyusedofthetwo;mostEthernetnetworksaremorethanadequatelyserved byUTPcable.TheUTPcableuses22or24AWGcopperconductorsandhasan impedanceof100ohms.Theinsulationcanbeplenumratedornonplenum. Beyondthesespecifications,theTIA/EIA-T568standarddefineslevelsof performanceforUTPcablethatarereferredtoascategories.Ahighercategoryrating meansthatacableismoreefficientandabletotransmitdataatgreaterspeeds.Themajor differencebetweenthedifferentcablecategoriesisthetightnessofeachwirepair’s twisting,commonlyreferredtoastwistperinch.Table5-2listssomeofthecategories definedbytheT568standard,thespeedratings,themaximumrunlength,thenetwork applications,andthemaximumfrequencyforeachcategory. Table5-2CableCategorySpecifications Category3cablewastraditionallyusedfortelephonesysteminstallationsandwas alsosuitablefor10Base-TEthernetnetworks,whichrunat10Mbps.Category3wasnot suitableforthe100MbpsspeedusedbyFastEthernet,exceptinthecaseof100Base-T4, whichwasspecificallydesignedtorunonCategory3cable.100BaseT4wasableto functiononlyonthiscablebecauseitusedallfourofthewirepairstocarrydata,whilethe standardtechnologiesofthetimeusedonlytwopairs. Category4cableprovidedamarginalincreaseinperformanceoverCategory3and was,foratime,usedinTokenRingnetworks.Sinceitsratificationin1995,however,most oftheUTPcableinstalledforcomputernetworks(andtelephonenetworksaswell)was Category5.Category5UTPcable(oftenknownsimplyasCat5)providedasubstantial performanceincrease,supportingtransmissionsatupto100MHz. Category5e WhileCategory5cablewassufficientforuseon100MbpsnetworkssuchasFast Ethernet,technologycontinuedtoadvance,andwithGigabitEthernetproductsbecoming available,runningat1Gbps(1,000Mbps),itwasnecessarytoaccommodatethehigher speeds. UTPcableratingshavecontinuedtoadvanceaswell.However,theprocessbywhich theTIA/EIAstandardsaredefinedandratifiedismuchslowerthanthepaceof technology,andmanyhigh-performancecableproductsarrivedonthemarketthat exceededtheCategory5specificationstovaryingdegrees.In1999,afterasurprisingly accelerateddevelopmentperiodoflessthantwoyears,theTIA/ETAratifiedtheCategory 5e(orEnhancedCategory5)standard. TheCategory5estandardwasrevisedmorethan14timesduringitsdevelopment becausetherewasagreatdealofconflictamongtheconcernedpartiesastohowfarthe standardshouldgo.Category5ewasintendedprimarilytosupporttheIEEE802.3ab GigabitEthernetstandard,alsoknownas1000Base-T,whichisaversionofthe1,000 Mbpsnetworkingtechnologydesignedtorunonthestandard100-metercoppercable segmentsalsousedbyFastEthernet.AsyoucanseeinTable5-2,theCategory5e standardcallsforamaximumfrequencyratingofonly100MHz,thesameasthatof Category5cable.However,GigabitEthernetusesfrequenciesupto125MHz,and AsynchronousTransferMode(ATM)networks,whichwerealsoexpectedtousethis cable,couldrunatfrequenciesofupto155MHz.Asaresult,therewasagooddealof criticismleveledatthe5estandard,sayingthatitdidn’tgofarenoughtoensureadequate performanceofGigabitEthernetnetworks. It’simportanttounderstandthattheTlA/EIAUTPcablestandardsconsistofmany differentperformancerequirements,butthefrequencyratingistheonethatismost commonlyusedtojudgethetransmissionqualityofthecable.Infact,theCategory5e standardisbasicallytheCategory5standardwithslightlyelevatedrequirementsforsome ofitstestingparameters,suchasnearendcrosstalk(NEXT),theattenuation-to-crosstalk ratio(ACR),returnloss,anddifferentialimpedance. Cat6and6a Cat6wasestablishedin2001.ThisstandardforGigabitEthernetisbackwardcompatible withtheCat3,5,and5estandards.Thiscablefeatureshigherspecificationsfor suppressionofbothsystemnoiseandcrosstalkissues.Itwasspecificallydesignedtobe interoperable,meaningcablemeetingthisstandardmustworkwithproductsmanufactured bymostvendors. BecauseCat6cablescontainlargercopperconductors,thesizeisabitlargerthanthe earlierCategory5and5ecables.ThediameterofCat6rangesfrom.021inchto.25inch (5.3mmto5.8mm).SinceCat5and5ecablesfallintherangefrom0.19inchto0.22inch (4.8mmto5.5mm),thephysicalsizecanmakeadifferenceinaninstallation. CrosstalkisreducedinCat6bymakingeachpairatwistof.5inchorless,whilethe largerconductorsizeprovideslesssignalloss(attenuation)overthelengthofthecable. AugmentedCategory6(Cat6a)cableimprovesthebandwidthofCat6.However, becauseitisavailableinSTPformat,itmusthavespecializedconnectorstogroundthe cableandisthereforemoreexpensivethanCat6. Cat7 Cat7(originallyknownasClassF)isbackwardcompatiblewithbothCat5andCat6.It isatwisted-paircablethatwasdesignedasastandardforGigabitEthernet.Ithas additionalshieldingthathelpstoreducebothcrosstalkandsystemnoise.Becauseofthis additionalshielding,Cat7cableisbulkierandmoredifficulttobend.AswithCat6a, eachlayermustbegroundedoritsthrough-putperformancedeclinestonearlythatofCat 6. NOTERemember,whenupgradingcabling,allofthenetworkcomponents mustberatedatthesamecategory.ThismeansyouwillnothaveaCat6 networkifsomeoftheconnectorsorothercomponentsareratedatCat5. Currently,astechnologyadvances,sodonewstandards.Cat7aiscurrentlyavailable forsomeapplications,primarilymultipleapplicationsacrossasinglecable.Cat8and beyondareintheworks. ConnectorPinouts Twisted-paircablesuseRJ-45modularconnectorsatbothends(seeFigure5-4).AnRJ-45 (RJistheacronymforregisteredjack)isaneight-pinversionofthefour-pin(or sometimessix-pin)RJ-11connectorusedonstandardsatintelephonecables.Thepinouts fortheconnector,whicharealsodefinedintheTIA/ElA-T568-AandBstandards,are showninFigure5-5. Figure5-4AnRJ-45connector Figure5-5The568Aand568Bpinouts TheUSOCstandard(asshowninFigure5-6)wasthetraditionalpinoutoriginatedfor voicecommunicationsintheUnitedStates,butthisconfigurationisnotsuitablefordata. Thisisbecausewhilepins3and6doconnecttoasingle-wirepair,pins1and2are connectedtoseparatepairs.AT&Tdiscoveredthisshortcomingwhenitbegandoing researchintocomputernetworksthatwouldrunovertheexistingtelecommunications infrastructure.In1985,AT&Tpublisheditsownstandard,called258A,whichdefineda newpinoutinwhichtheproperpinsusedthesamewirepairs. Figure5-6The568BandUSOCpinouts TheTIA/EIA,whichwasestablishedin1985afterthebreakupofAT&T,then publishedthe258AstandardasanadjuncttoTIA/EIA-T568-Ain1995,givingitthename T568-B(asshownontheleftinFigure5-6).Thus,whilethepinoutnowknownas568B wouldseemtobenewerthan568A,itisactuallyolder.Pinout568Bbegantobeused widelyintheUnitedStatesbeforetheTIA/EIA-T568-Astandardwasevenpublished. AsyoucanseeinFigure5-6,theUSOCstandardusesadifferentlayoutforthewire pairs,whilethe568Aand568Bpinoutsareidenticalexceptthatthegreenandorangewire pairsaretransposed.Thus,thetwoTIA/EIAstandardsarefunctionallyidentical;neither oneoffersaperformanceadvantageovertheother,aslongasbothendsofthecableuse thesamepinout.Prefabricatedcablesareavailablethatconformtoeitheroneofthese standards. Inmostcases,twisted-paircableiswiredstraightthrough,meaningthateachofthe pinsononeconnectoriswiredtoitscorrespondingpinontheotherconnector,asshown inFigure5-7.Onatypicalnetwork,however,computersuseseparatewirepairsfor transmittingandreceivingdata.Fortwomachinestocommunicate,thetransmittedsignal generatedateachcomputermustbedeliveredtothereceivepinsontheother,meaning thatasignalcrossovermustoccurbetweenthetransmitandreceivewirepairs.Thecables arewiredstraightthrough(thatis,withoutthecrossover)onanormalEthernetLAN becausethehubisresponsibleforperformingthecrossover.Ifyouwanttoconnectone computertoanotherwithoutahubtoformasimpletwo-nodeEthernetnetwork,youmust useacrossovercable,inwhichthetransmitpinsoneachendofthecableareconnectedto thereceivepinsontheotherend,asshowninFigure5-8. Figure5-7UTPstraight-throughwiring Figure5-8UTPcrossoverwiring Becauseeachpinonastraight-throughcableisconnectedtothecorrespondingpinat theotherend,itdoesn’tmatterwhatcolorsthewiresare,aslongasthepairsareproperly oriented.So,whenpurchasingprefabricatedcables,eitherthe568Aor568Bpinoutswill functionproperly.Thetimewhenyoumustmakeaconsciousdecisiontouseonestandard ortheotheriswhenyouinstallbulkcable(orhaveitinstalled).Youmustconnectthe samecolorsoneachendofthecabletothesamepinssoyougetastraight-through connection.Selectingonestandardandstickingtoitisthebestwaytoavoidconfusion thatcanresultinnonfunctioningconnections. Attachingtheconnectorstoacablerequiresacrimpertool,muchliketheoneusedfor coaxialcable,exceptthattheprocessiscomplicatedbyhavingeightconductorstodeal withinsteadofonlytwo.Anetworkadministratorwhoisnothandywithacrimpercan easilypurchasetwisted-paircableswithconnectorsattachedinawidevarietyofgrades, lengths,andcolors. ShieldedTwisted-Pair Shieldedtwisted-pairis150-ohmcablecontainingadditionalshieldingthatprotects signalsagainsttheelectromagneticinterference(EMI)producedbyelectricmotors,power lines,andothersources.OriginallyusedinTokenRingnetworks,STPisalsointendedfor installationswhereUTPcablewouldprovideinsufficientprotectionagainstinterference. TheshieldinginSTPcableisnotjustanadditionallayerofinertinsulation,asmany peoplebelieve.Rather,thewireswithinthecableareencasedinametallicsheaththatisas conductiveasthecopperinthewires.Thissheath,whenproperlygrounded,converts ambientnoiseintoacurrent,justlikeanantenna.Thiscurrentiscarriedtothewires within,whereitcreatesanequalandoppositecurrentflowinginthetwistedpairs.The oppositecurrentscanceleachotherout,eliminatingnoisethatinjectsdisturbancetothe signalspassingoverthewires. Thisbalancebetweentheoppositecurrentsisdelicate.Iftheyarenotexactlyequal, thecurrentcanbeinterpretedasnoiseandcandisturbthesignalsbeingtransmittedover thecable.Tokeeptheshieldcurrentsbalanced,theentireend-to-endconnectionmustbe shieldedandproperlygrounded.Thismeansthatallofthecomponentsinvolvedinthe connection,suchasconnectorsandwallplates,mustalsobeshielded.Itisalsovitalto installthecablecorrectlysothatitisgroundedproperlyandtheshieldingisnotrippedor otherwisedisturbedatanypoint. TheshieldinginanSTPcablecanbeeitherfoilorbraidedmetal.Themetalbraidisa moreeffectiveshield,butitaddsweight,size,andexpensetothecable.Foil-shielded cable,sometimesreferredtoasscreenedtwisted-pair(ScTP)orfoiltwisted-pair(FTP),is thinner,lighter,andcheaperbutisalsolesseffectiveandmoreeasilydamaged.Inboth cases,theinstallationisdifficultwhencomparedtoUTPbecausetheinstallersmustbe carefulnottoflexandbendthecabletoomuch,ortheycouldriskdamagingtheshielding. Thecablemayalsosufferfromincreasedattenuationandotherproblemsbecausethe effectivenessoftheshieldingishighlydependentonamultitudeoffactors,includingthe compositionandthicknessoftheshielding,thetypeandlocationoftheEMIinthearea, andthenatureofthegroundingstructure. ThepropertiesoftheSTPcableitselfweredefinedbyIBMduringthedevelopmentof theTokenRingprotocol: •Type1ATwopairsof22AWCwires,eachpairwrappedinfoil,witha shieldlayer(foilorbraid)aroundbothpairs,andanoutersheathofeitherPVCor plenum-ratedmaterial •Type2ATwopairsof22AWGwires,eachpairwrappedinfoil,witha shieldlayer(foilorbraid)aroundbothpairs,plusfouradditionalpairsof22AWG wiresforvoicecommunications,withinanoutersheathofeitherPVCorplenumratedmaterial •Type6ATwopairsof22AWGwires,withashieldlayer(foilorbraid) aroundbothpairs,andanoutersheathofeitherPVCorplenum-ratedmaterial •Type9ATwopairsof26AWGwires,withashieldlayer(foilorbraid) aroundbothpairs,andanoutersheathofeitherPVCorplenum-ratedmaterial Fiber-OpticCable Fiber-opticcableiscompletelydifferentfromalloftheothercablescoveredthusfarin thischapterbecauseitisnotbasedonelectricalsignalstransmittedthroughcopper conductors.Instead,fiber-opticcableusespulsesoflight(photons)totransmitthebinary signalsgeneratedbycomputers.Becausefiber-opticcableuseslightinsteadofelectricity, nearlyalloftheproblemsinherentincoppercable,suchaselectromagneticinterference, crosstalk,andtheneedforgrounding,arecompletelyeliminated.Inaddition,attenuation isreducedenormously,enablingfiber-opticlinkstospanmuchgreaterdistancesthan copper—upto120kilometersinsomecases. Fiber-opticcableisidealforuseinnetworkbackbones,especiallyforconnections betweenbuildings,becauseitisimmunetomoistureandotheroutdoorconditions.Fiber cableisalsoinherentlymoresecurethancopperbecauseitdoesnotradiatedetectable electromagneticenergylikecopper,anditisextremelydifficulttotap. Thedrawbacksoffiberopticmainlycenterarounditsinstallationandmaintenance costs,whichareusuallythoughtofasbeingmuchhigherthanthoseforcoppermedia. Whatusedtobeagreatdifference,however,hascomeclosertoeveningoutinrecent years.Thefiber-opticmediumisatthispointonlyslightlymoreexpensivethanUTP. Evenso,theuseoffiberdoespresentsomeproblems,suchasintheinstallationprocess. Pullingthecableisbasicallythesameaswithcopper,butattachingtheconnectors requirescompletelydifferenttoolsandtechniques—youcanessentiallythroweverything youmayhavelearnedaboutelectricwiringoutthewindow. Fiberopticshasbeenaroundforalongtime;eventheearly10MbpsEthernet standardssupporteditsuse,callingitFOIRL,andlater10BaseF.Fiberopticscameintoits own,however,asahigh-speednetworktechnology,andtodayvirtuallyallofthedatalink layerprotocolscurrentlyinusesupportitinsomeform. Fiber-OpticCableConstruction Afiber-opticcableconsistsofacoremadeofglassorplasticandacladdingthat surroundsthecore;thenithasaplasticspacerlayer,alayerofKevlarfiberforprotection, andanoutersheathofTeflonorPVC,asshowninFigure5-9.Therelationshipbetween thecoreandthecladdingenablesfiber-opticcabletocarrysignalslongdistances.The transparentqualitiesofthecoreareslightlygreaterthanthoseofthecladding,which makestheinsidesurfaceofthecladdingreflective.Asthelightpulsestravelthroughthe core,theyreflectbackandforthoffthecladding.Thisreflectionenablesyoutobendthe cablearoundcornersandstillhavethesignalspassthroughitwithoutobstruction. Figure5-9Cross-sectionofafiber-opticcable Therearetwomaintypesoffiber-opticcable,calledsinglemodeandmultimode,that differinseveralways.Themostimportantdifferenceisinthethicknessofthecoreand thecladding.Singlemodefiberistypicallyratedat8.3/125micronsandmultimodefiberat 62.5/125microns.Thesemeasurementsrefertothethicknessofthecoreandthethickness ofthecladdingandthecoretogether.Lighttravelsdowntherelativelythincoreof singlemodecablewithoutreflectingoffthecladdingasmuchasinmultimodefiber’s thickercore.Thesignalcarriedbyasinglemodecableisgeneratedbyalaserandconsists ofonlyasinglewavelength,whilemultimodesignalsaregeneratedbyalight-emitting diode(LED)andcarrymultiplewavelengths.Together,thesequalitiesenablesinglemode cabletooperateathigherbandwidthsthanmultimodeandtraversedistancesupto50 timeslonger. However,singlemodecableisoftenmoreexpensiveandhasarelativelyhighbend radiuscomparedtomultimode,whichmakesitmoredifficulttoworkwith.MostfiberopticLANsusemultimodecable,which,althoughinferiorinperformancetosinglemode, isstillvastlysuperiortocopper. Multimodecablesareoftenusedforlocalnetworkinstallationswhenextremedistance isnotanissue.Sincesinglemodecablestransmitlaserlight,ittravelsinonlyonedirection sothatthewavelengthitusesiscompatiblewiththelaserlightdetectoratthereceiving end.Thistypeoffiber-opticcableisusedprimarilywheredataspeedanddistanceare paramount. Fiber-opticcablesareavailableinavarietyofconfigurationsbecausethecablecanbe usedformanydifferentapplications.Simplexcablescontainasinglefiberstrand,while duplexcablescontaintwostrandsrunningsidebysideinasinglesheath.Breakoutcables cancontainasmanyas24fiberstrandsinasinglesheath,whichyoucandividetoserve varioususesateachend.Becausefiber-opticcableisimmunetocoppercableproblems suchasEMIandcrosstalk,it’spossibletobundlelargenumbersofstrandstogether withouttwistingthemorworryingaboutsignaldegradation,aswithUTPcable. Fiber-OpticConnectors Theoriginalconnectorusedonfiber-opticcableswascalledastraighttip(ST)connector. Itwasabarrel-shapedconnectorwithabayonetlockingsystem,asshowninFigure5-10. ItwasreplacedbytheSCtype(whichstandsforsubscriberconnector,standard connector,orSiemonconnector),whichmanyconsidernowtobethetraditional connector.TheSChasasquarebodyandlocksbysimplypushingitintothesocket. Figure5-10showstheSTandSCconnectors. Figure5-10Fiber-opticconnectorsSC(left)andST(right) Today,connectorswithsmallerformfactorsarereplacingthetraditionalfiber-optic connectors.Thesesmallerconnectorsreducethefootprintofthenetworkbyallowing moreconnectorstobeinstalledineachfaceplate.Oneofthemostcommonofthesesmall connectorsistheLC(whichstandsforlocalconnectororLucentconnector).TheLCisa duplexconnectorthatisdesignedfortwofiber-opticcables. Usingfiber-opticcableimpartsafreedomtothenetworkdesignerthatcouldneverbe realizedwithcoppermedia.Becausefiberopticpermitssegmentlengthsmuchgreater thanUTP,havingtelecommunicationsclosetscontainingswitchesorhubsscatteredabout alargeinstallationisnolongernecessary.Instead,horizontalcablerunscanextendallthe wayfromwallplatesdowntoacentralequipmentroomthatcontainsallofthenetwork’s patchpanels,hubs,switches,routers,andothersuchdevices.Thisisknownasacollapsed backbone.Ratherthantravelingconstantlytoremoteareasoftheinstallation,themajority oftheinfrastructuremaintenancecanbeperformedatthisonelocation.Formore informationaboutnetworkdesign,seeChapter9. CHAPTER 6 WirelessLANs Untilrecently,computernetworkswerethoughtofasusingcablesfortheir communicationsmedium,buttherehavealsobeenwirelessnetworkingsolutionsavailable formanyyears.Wirelessnetworkingproductstypicallyusesomeformofradioorlight waves;thesearecalledunboundedmedia(asopposedtoboundedmedia,whichrefersto cablednetworks).Thesemediaenableuserswithproperlyequippedcomputerstointeract withothernetworkedcomputers,justasiftheywereconnectedtothemwithcables. Wirelessnetworkingproductslonghadareputationforpoorperformanceand unreliability.Itisonlyinthelasttenortwelveyearsthatthesetechnologieshave developedtothepointatwhichtheyareserioustoolsforbusinessusers. Inmanycases,usershavecometoexpectconnectivityinnearlyeverysetting,whether itbeinthegrocerystore,onacommutertrain,orinarestaurantline.Whetheritbewitha cellphone,atablet,oralaptop,weexpecttobeabletodownloade-mailandaccessboth theInternetandourcompany’snetworkinaninstant.Mosttelephoneserviceproviders nowenableuserstoaccessalloftheseservicesinanylocation.Oneoftheadvantagesof cellular-baseddatanetworkingisitsrange.UserscanaccesstheInternetandother networksfromanyplacesupportedbythecellularnetwork. WirelessNetworks Wirelessnetworks,orwirelesslocalareanetworks(WLANs),connectdeviceswithradio wavesratherthancables.Theabilitytoconnectservers,printers,scanningdevices,and workstationswithoutdraggingcablingthroughwallsisthebiggestadvantageofwireless networking. NOTEWideareanetworksarealsowirelessandareintroducedinChapter7. Themaindifferencebetweenatraditional,cablednetworkandawirelessnetworkis thewaythedataistransmitted.Wirelessnetworksuseatransmittercalledawireless accesspoint(WAP)thathasbeenwiredintoanInternetconnectiontocreateahotspotfor theconnection.Accesstothewirelessnetworkthendependsonseveralthings: •DistancefromaWAPThecloseroneistoanaccesspoint,thebetterthe signal. •TransmissionstrengthofthewirelesscardWirelessfidelity(WiFi)cards havevaryingdegreesoftransmittingcapabilities.Normally,lower-costcardshave lesspowerthanmoreexpensivecardsandthereforemustbeclosertotheaccess point. •ExistinginterferenceMicrowavedevices,cordlessphones,computers,and evenBluetoothdevicescaninterferewithaWiFinetwork. •Currenttrafficonthenetwork,includingthenumberofcurrentusers DependingontheIEEE802.11standardofaWAPandwhatthecurrentusersare doing,morethan20usersaccessingaspecificWAPcancausetheconnectionto degrade.Thisisespeciallytrueifusersareusingfile-sharingsoftwareorpeer-topeerapplicationssuchasSkype. •LocalenvironmentcharacteristicsBesuretonotehowphysical obstructionsorbarrierssuchaswalls,placementofdevices,andothersuchissues willaffectyournetwork.Inasmall-officeenvironment,therearemanycasesof poorlydesignedwirelessinstallationsduetolackofunderstandingoftheeffects ofphysicalobstructionsandthechoicebetweenlowerandhigherfrequenciesto mitigatetheselimitations. NOTESee“TheIEEE802.11Standards”sectionlaterinthischapterformore information. AdvantagesandDisadvantagesofWirelessNetworks Whilewirelessnetworksarecertainlyusefulandhavetheiradvantages,theyhavesome definitedisadvantageswhencomparedwithwired(cabled)networks.Table6-1discusses someoftheadvantagesanddisadvantages. Table6-1AdvantagesandDisadvantagesofWirelessNetworksvs.WiredNetworks TypesofWirelessNetworks Therearemanytypesofwireless,suchasWiFi,Bluetooth,satelliteservices,andothers, inusetoday.Bluetooth,namedforatenth-centuryDanishking,providesshort-range wirelesscommunicationsbetweendevicessuchascellularphones,keyboards,orprinters ataverylowcost.Bluetoothusesradiofrequencysignals,whicharenotlimitedtoline-ofsighttransmissions.Often,keyboardsormiceareavailablewithBluetoothtechnologyto usewithacellphone,laptop,ortablet. ThemostwidelyusedtechnologytodayisWiFi.Thistechnologyhasbetter connectionspeedsand,ifconfiguredproperly,ismoresecurethanaBluetoothconnection. Table6-2showssomeofthedifferencesbetweenthetwo. Table6-2Bluetoothvs.WiFi WirelessApplications Themostimmediateapplicationforwirelesslocalareanetworkingisthesituationwhereit isimpracticalorimpossibletoinstallacablednetwork.Insomecases,theconstructionof abuildingmaypreventtheinstallationofnetworkcables,whileinothers,cosmetic concernsmaybetheproblem.Forexample,akioskcontainingacomputerthatprovides informationtoguestsmightbeaworthwhileadditiontoaluxuryhotel,butnotatthe expenseofrunningunsightlycablesacrossthefloororwallsofameticulouslydecorated lobby.Thesamemightbethecaseforasmalltwo-orthree-nodenetworkinaprivate home,whereinstallingcablesinsidewallswouldbedifficultandusingexternalcables wouldbeunacceptableinappearance. AnotherapplicationforwirelessLANsistosupportmobileclientcomputers.These mobileclientscanrangefromlaptop-equippedtechnicalsupportpersonnelforacorporate internetworktorovingcustomerservicerepresentativeswithspecializedhandheld devices,suchasrentalcarandbaggagecheckworkersinairports.Withtoday’shandheld computersandawirelessLANprotocolthatisreliableandreasonablyfast,the possibilitiesforitsuseareendless.Herearesomeexamples: •Hospitalscanstorepatientrecordsinadatabaseandpermitdoctorsand nursestocontinuallyupdatethembyenteringnewinformationintoamobile computer. •Workersinretailstorescandynamicallyupdateinventoryfiguresby scanningtheitemsontheshelves. •Atravelingsalespersoncanwalkintothehomeofficewithalaptopinhand, andassoonasthecomputeriswithinrangeofthewirelessnetwork,itconnectsto theLAN,downloadsnewe-mail,andsynchronizestheuser’sfileswithcopies storedonanetworkserver. TheIEEE802.11Standards In1997,theIEEEpublishedthefirstversionofastandardthatdefinedthephysicaland datalinklayerspecificationsforawirelessnetworkingprotocolthatwouldmeetthe followingrequirements: •Theprotocolwouldsupportstationsthatarefixed,portable,ormobile, withinalocalarea.Thedifferencebetweenportableandmobileisthataportable stationcanaccessthenetworkfromvariousfixedlocations,whileamobilestation canaccessthenetworkwhileitisactuallyinmotion. •Theprotocolwouldprovidewirelessconnectivitytoautomaticmachinery, equipment,orstationsthatrequirerapiddeployment—thatis,rapidestablishment ofcommunications. •Theprotocolwouldbedeployableonaglobalbasis. Thisdocument(asofthewritingofthischapter)isnowknownasIEEE802.11,2012 edition,“WirelessLANMediumAccessControl(MAC)andPhysicalLayer(PHY) Specifications.”Because802.11wasdevelopedbythesameIEEE802committee responsibleforthe802.3(Ethernet)and802.5(TokenRing)protocols,itfitsintothesame physicalanddatalinklayerstackarrangement.Thedatalinklayerisdividedintothe logicallinkcontrol(LLC)andmediaaccesscontrol(MAC)sublayers.The802.11 documentsdefinethephysicallayerandMACsublayerspecificationsforthewireless LANprotocol,andthesystemsusethestandardLLCsublayerdefinedinIEEE802.2. Fromthenetworklayerup,thesystemscanuseanystandardsetofprotocols,suchas TCP/IPorIPX. NOTEFormoreinformationonLLC,seeChapter10. Despitetheinclusionof802.11inthesamecompanyasEthernetandTokenRing,the useofwirelessmediacallsforcertainfundamentalchangesinthewayyouthinkabouta localareanetworkanditsuse.Someofthesechangesareasfollows: •UnboundedmediaAwirelessnetworkdoesnothavereadilyobservable connectionstothenetworkorboundariesbeyondwhichnetworkcommunication ceases. •DynamictopologyUnlikecablednetworks,inwhichtheLANtopologyis meticulouslyplannedoutbeforetheinstallationandremainsstaticuntildeliberate changesaremade,thetopologyofawirelessLANchangesfrequently,ifnot continuously. •UnprotectedmediaThestationsonawirelessnetworkarenotprotected fromoutsidesignalsascablednetworksare.Onacablednetwork,outside interferencecanaffectsignalquality,butthereisnowayforthesignalsfromtwo separatebutadjacentnetworkstobeconfused.Onawirelessnetwork,roving stationscanconceivablywanderintoadifferentnetwork’soperationalperimeter, compromisingsecurity. •UnreliablemediaUnlikeacablednetwork,aprotocolcannotworkunder theassumptionthateverystationonthenetworkreceiveseverypacketandcan communicatewitheveryotherstation. •AsymmetricmediaThepropagationofdatatoallofthestationsona wirelessnetworkdoesnotnecessarilyoccuratthesamerate.Therecanbe differencesinthetransmissionratesofindividualstationsthatchangeasthe devicemovesortheenvironmentinwhichitisoperatingchanges. Asaresultofthesechanges,thetraditionalelementsofadatalinklayerLANprotocol (theMACmechanism,theframeformat,andthephysicallayerspecifications)havetobe designedwithdifferentoperationalcriteriainmind. ThePhysicalLayer The802.11physicallayerdefinestwopossibletopologiesandthreetypesofwireless media,operatingatfourpossiblespeeds. PhysicalLayerTopologies AsyoulearnedinChapter1,thetermtopologyusuallyreferstothewayinwhichthe computersonanetworkareconnected.Abustopology,forexample,meansthateach computerisconnectedtothenextone,indaisy-chainfashion,whileinastartopology, eachcomputerisconnectedtoacentralhub.Theseexamplesapplytocablednetworks, however.Wirelessnetworksdon’thaveaconcretetopologylikecabledonesdo. Unboundedmediadevices,bydefinition,enablewirelessnetworkdevicestotransmit signalstoalloftheotherdevicesonthenetworksimultaneously.However,thisdoesnot equatetoameshtopology,asdescribedinChapter1.Althougheachdevicetheoretically cantransmitsignalstoalloftheotherwirelessdevicesonthenetworkatanytime,this doesnotnecessarilymeanthatitwill.Mobilityisanintegralpartofthewirelessnetwork design,andawirelessLANprotocolmustbeabletocompensateforsystemsthatenter andleavetheareainwhichthemediumcanoperate.Theresultisthatthetopologiesused bywirelessnetworksarebasicrulesthattheyusetocommunicate,andnotstatic arrangementsofdevicesatspecificlocations.IEEE802.11supportstwotypesofwireless networktopologies:theadhoctopologyandtheinfrastructuretopology. Thefundamentalbuildingblockofan802.11wirelessLANisthebasicserviceset (BSS).ABSSisageographicalareainwhichproperlyequippedwirelessstationscan communicate.TheconfigurationandareaoftheBSSaredependentonthetypeof wirelessmediumbeingusedandthenatureoftheenvironmentinwhichit’sbeingused, amongotherthings.Anetworkusingaradiofrequency–basedmediummighthaveaBSS thatisroughlyspherical,forexample,whileaninfrarednetworkwoulddealmorein straightlines.TheboundariesoftheBSScanbeaffectedbyenvironmentalconditions, architecturalelementsofthesite,andmanyotherfactors,butwhenastationmoveswithin thebasicserviceset’ssphereofinfluence,itcancommunicatewithotherstationsinthe sameBSS.WhenitmovesoutsideoftheBSS,communicationceases. ThesimplesttypeofBSSconsistsoftwoormorewirelesscomputersorotherdevices thathavecomewithintransmissionrangeofeachother,asshowninFigure6-1.The processbywhichthedevicesenterintoaBSSiscalledassociation.Eachwirelessdevice hasanoperationalrangedictatedbyitsequipment,andasthetwodevicesapproacheach other,theareaofoverlapbetweentheirrangesbecomestheBSS.Thisarrangement,in whichallofthenetworkdevicesintheBSSaremobileorportable,iscalledanadhoc topologyoranindependentBSS(IBSS).Thetermadhoctopologyreferstothefactthata networkofthistypemayoftencometogetherwithoutpriorplanningandexistonlyas longasthedevicesneedtocommunicate.Thistypeoftopologyoperatesasapeer-to-peer networkbecauseeverydeviceintheBSScancommunicatewitheveryotherdevice.An examplemightbetransmittingafiletoyourprinterordiagramtoacolleague’stablet. Multipleadhocnetworkscanbecreatedtotransferdatabetweenseveraldevices.Bytheir nature,adhocnetworksaretemporary.WhileFigure6-1depictstheBSSasroughly ovularandtheconvergenceofthecommunicatingdevicesasbeingcausedbytheir physicallyapproachingeachother,theactualshapeoftheBSSislikelytobefarless regularandmoreephemeral.Therangesofthedevicescanchangeinstantaneously becauseofmanydifferentfactors,andtheBSScangrow,shrink,orevendisappear entirelyatamoment’snotice. Figure6-1Abasicservicesetcanbeassimpleastwowirelessstationswithincommunicationrangeofeachother. Whileanadhocnetworkusesbasicservicesetsthataretransientandconstantly mutable,it’salsopossibletobuildawirelessnetworkwithbasicservicesetsthataremore permanent.Thisisthebasisofanetworkthatusesaninfrastructuretopology.An infrastructurenetworkconsistsofatleastonewirelessaccesspoint(AP),whichiseithera stand-alonedeviceorawireless-equippedcomputerthatisalsoconnectedtoastandard boundednetworkusingacable.Theaccesspointhasanoperationalrangethatisrelatively fixed(whencomparedtoanIBSS)andfunctionsasthebasestationforaBSS.Any mobilestationthatmoveswithintheAP’ssphereofinfluenceisassociatedintotheBSS andbecomesabletocommunicatewiththecablednetwork(seeFigure6-2).Notethatthis ismoreofaclient-serverarrangementthanapeer-to-peerone.TheAPenablesmultiple wirelessstationstocommunicatewiththesystemsonthecablednetworkbutnotwith eachother.However,theuseofanAPdoesnotpreventmobilestationsfrom communicatingwitheachotherindependentlyoftheAP. Figure6-2Anaccesspointenableswirelessstationstoaccessresourcesonacablednetwork. ItisbecausetheAPispermanentlyconnectedtothecablednetworkandnotmobile thatthistypeofnetworkissaidtouseaninfrastructuretopology.Thisarrangementis typicallyusedforcorporateinstallationsthathaveapermanentcablednetworkthatalso mustsupportwirelessdevicesthataccessresourcesonthecablednetwork.An infrastructurenetworkcanhaveanynumberofaccesspointsandthereforeanynumberof basicservicesets.Thearchitecturalelementthatconnectsbasicservicesetstogetheris calledadistributionsystem(DS).Together,thebasicservicesetsandtheDSthatconnects themarecalledtheextendedservicesset(ESS).Inpractice,theDSistypicallyacabled networkusingIEEE802.3(Ethernet)oranotherstandarddatalinklayerprotocol,butthe networkcanconceivablyuseawirelessdistributionsystem(WDS).Technically,theAPin anetworkofthistypeisalsocalledaportalbecauseitprovidesaccesstoanetworkusing anotherdatalinklayerprotocol.It’spossiblefortheDStofunctionsolelyasameansof connectingAPsandnotprovideaccesstoresourcesonacablednetwork.Whetherthe mediausedtoformtheBSSandtheDSarethesameordifferent(thestandardtakesno stanceeitherway),802.11logicallyseparatesthewirelessmediumfromthedistribution systemmedium. Thebasicservicesetsconnectedbyadistributionsystemcanbephysicallyconfigured inalmostanyway.Thebasicservicesetscanbewidelydistantfromeachothertoprovide wirelessnetworkconnectivityinspecificremoteareas,ortheycanoverlaptoprovidea largeareaofcontiguouswirelessconnectivity.It’salsopossibleforaninfrastructureBSS tobeconcurrentwithanIBSS.The802.11standardmakesnodistinctionbetweenthetwo topologiesbecausebothmustpresentthesameappearancetotheLLCsublayeroperating attheupperhalfofthedatalinklayer. PhysicalLayerMedia TheoriginalIEEE802.11standarddefinedthreephysicallayermedia,twothatusedradio frequency(RF)signalsandonethatusedinfraredlightsignals.AwirelessLANcoulduse anyoneofthethreemedia,allofwhichinterfacewiththesameMAClayer.Thesethree mediawereasfollows: •Frequency-hoppingspreadspectrum(FHSS) •Direct-sequencespreadspectrum(DSSS) •Infrared ThetwoRFmediabothusedspreadspectrumcommunication,whichisacommon formofradiotransmissionusedinmanywirelessapplications.Inventedduringthe1940s, spreadspectrumtechnologytakesanexistingnarrowbandradiosignalanddividesit amongarangeoffrequenciesinanyoneofseveralways.Theresultisasignalthat utilizesmorebandwidthbutislouderandeasierforareceivertodetect.Atthesametime, thesignalisdifficulttointerceptbecauseattemptstolocateitbyscanningthroughthe frequencybandsturnuponlyisolatedfragments.Itisalsodifficulttojambecauseyou wouldhavetoblockawiderrangeoffrequenciesforthejammingtobeeffective. The802.11RFmediaoperateinthe2.4GHzfrequencyband,occupyingthe83MHz ofbandwidthbetween2.400and2.483GHz.Thesefrequenciesareunlicensedinmost countries,althoughtherearevaryinglimitationsonthesignalstrengthimposedby differentgovernments. Thedifferencebetweenthevarioustypesofspreadspectrumcommunicationsliesin themethodbywhichthesignalsaredistributedamongthefrequencies.Frequencyhoppingspreadspectrum,forexample,usedapredeterminedcodeoralgorithmtodictate frequencyshiftsthatoccurcontinually,indiscreteincrements,overawidebandof frequencies.The802.11FHSSimplementationcalledforseventynine1MHzchannels, althoughsomecountriesimposedsmallerlimits.Obviously,thereceivingdevicemustbe equippedwiththesamealgorithminordertoreadthesignalproperly.Therateatwhich thefrequencychanges(thatis,theamountoftimethatthesignalremainsateach frequencybeforehoppingtothenextone)isindependentofthebitrateofthedata transmission.Ifthefrequency-hoppingrateisfasterthanthesignal’sbitrate,the technologyiscalledafasthopsystem.lfthefrequency-hoppingrateisslowerthanthebit rate,youhaveaslowhopsystem.The802.11FHSSimplementationranat1Mbps,with anoptional2Mbpsrate. Indirect-sequencespreadspectrumcommunications,thesignaltobetransmittedis modulatedbyadigitalcodecalledachiporclappingcode,whichhasabitratelargerthan thatofthedatasignal.Thechippingcodeisaredundantbitpatternthatessentiallyturns eachbitinthedatasignalintoseveralbitsthatareactuallytransmitted.Thelongerthe chippingcode,themoretheoriginaldatasignalisenlarged.Thisenlargementofthesignal makesiteasierforthereceivertorecoverthetransmitteddataifsomebitsaredamaged. Themorethesignalisenlarged,thelesssignificanceattributedtoeachbit.Likewith FHSS,areceiverthatdoesn’tpossessthechippingcodeusedbythetransmittercan’t interprettheDSSSsignal,seeingitasjustnoise.TheDSSSimplementationintheoriginal 802.11documentsupported1and2Mbpstransmissionrates.IEEE802.11bexpandedthis capabilitybyaddingtransmissionratesof5.5and11Mbps.OnlyDSSSsupportedthese fasterrates,whichistheprimaryreasonwhyitwasthemostcommonlyused802.11 physicallayerspecification. Lateramendmentshaveimprovedonthetransmissionrates,asshowninTable6-3. Table6-3802.11StandardsandCurrentAmendments Infraredcommunicationsusefrequenciesinthe850to950nanometerrange,just belowthevisiblelightspectrum.ThismediumisrarelyimplementedonwirelessLANs becauseofitslimitedrange.Unlikemostinfraredmedia,theIEEE802.11infrared implementationdoesnotrequiredirectline-of-sightcommunications;aninfrarednetwork canfunctionusingdiffuseorreflectedsignals.However,therangeofcommunicationsis limitedwhencomparedtoFHSSandDSSS,about10to20meters,andcanfunction properlyonlyinanindoorenvironmentwithsurfacesthatprovideadequatesignal diffusionorreflection.Thismakesinfraredunsuitableformobiledevicesandplacesmore constraintsonthephysicallocationofthewirelessdevicethaneitherFHSSorDHSS. LikeFHSS,the802.11infraredmediumsupporteda1Mbpstransmissionrateandan optionalrateof2Mbps. OrthogonalFrequencyDivisionMultiplexingwasapprovedin1999.Thisprotocol increasesthroughputto54Mbps,andin2003thisprocesswasapprovedforthe2.4GHz band.ThismethodisoftenusedforwidebandtransmissionpopularforDSLInternet access,4Gmobilecommunication,anddigitaltelevision.Itsmainadvantageistheuseof multiple,narrowbandcarriersratherthanonewidebandcarriertotransportdata.Itis efficientandworkswellevenwhenreceivinginterferencefromanarrowband.However, OFDMissensitivetofrequencyoffset,anintentionalshiftofbroadcastfrequenciesdone toeliminateorlesseninterferencefromotherradiotransmitters. Since1999therehavebeenseveralamendmentstotheIEEE802.11standard,as showninTable6-3. NOTETable6-3showsinformationasofthewritingofthischapter. PhysicalLayerFrames InsteadofarelativelysimplesignalingschemesuchastheManchesterandDifferential ManchestertechniquesusedbyEthernetandTokenRing,respectively,themedia operatingatthe802.11physicallayerhavetheirownframeformatsthatencapsulatethe framesgeneratedatthedatalinklayer.Thisisnecessarytosupportthecomplexnatureof themedia. TheFrequency-HoppingSpreadSpectrumFrame TheFHSSframeconsistsofthefollowingfields: •Preamble(10bytes)Contains80bitsofalternatingzerosandonesthatthe receivingsystemusestodetectthesignalandsynchronizetiming. •StartofFrameDelimiter(2bytes)Indicatesthebeginningoftheframe. •Length(12bits)Specifiesthesizeofthedatafield. •Signaling(4bits)Containsonebitthatspecifieswhetherthesystemisusing the1or2Mbpstransmissionrate.Theotherthreebitsarereservedforfutureuse. Nomatterwhichtransmissionratethesystemisusing,thepreambleandheader fieldsarealwaystransmittedat1Mbps.Onlythedatafieldistransmittedat2 Mbps. •CRC(2bytes)Containsacyclicredundancycheckvalue,usedbythe receivingsystemtotestfortransmissionerrors. •Data(0to4,095bytes)Containsthedatalinklayerframetobetransmitted tothereceivingsystem. TheDirect-SequenceSpreadSpectrumFrame TheDSSSframeisillustratedinFigure6-3andconsistsofthefollowingfields: •Preamble(16bytes)Contains128bitsthatthereceivingsystemusesto adjustitselftotheincomingsignal •StartofFrameDelimiter(SFD)(2bytes)Indicatesthebeginningofthe frame •Signal(1byte)Specifiesthetransmissionrateusedbythesystem •Service(1byte)ContainsthehexadecimalvalueO0,indicatingthatthe systemcomplieswiththeIEEE802.11standard •Length(2bytes)Specifiesthesizeofthedatafield •CRC(2bytes)Containsacyclicredundancycheckvalue,usedbythe receivingsystemtotestfortransmissionerrors •Data(variable)Containsthedatalinklayerframetobetransmittedtothe receivingsystem Figure6-3TheDSSSframeformat TheInfraredFrame Theframeusedforinfraredtransmissionsconsistsofthefollowingfields: •Synchronization(SYNC)(57to73slots)Usedbythereceivingsystemto synchronizetimingand,optionally,toestimatethesignal-to-noiseratioand performotherpreparatoryfunctions •StartofFrameDelimiter(SFD)(4slots)Indicatesthebeginningofthe frame •DataRate(3slots)Specifiesthetransmissionrateusedbythesystem •DCLevelAdjustment(DCLA)(32slots)Usedbythereceivertostabilize theDClevelafterthetransmissionoftheprecedingfields •Length(2bytes)Specifiesthesizeofthedatafield •CRC(2bytes)Containsacyclicredundancycheckvalue,usedbythe receivingsystemtotestfortransmissionerrors •Data(0to2,500bytes)Containsthedatalinklayerframetobetransmitted tothereceivingsystem TheOrthogonalFrequencyDivisionMultiplexingFrame TheOFDMframehasfourregions: •ShortPreambleThissectionconsistsof10shortsymbolsthathavebeen assignedtosubcarriers(-24through24). •LongPreambleThisincludestwolongsymbolsthathavebeenassignedto allsubcarriers. •SignalFieldThiscontainsoneOFDMsymbolthatisassignedtoall subcarriers.Thesignalfieldisnotscrambled. •Data/ServiceFieldThisregionisscrambledandtheencodinganddatarates vary,alongwiththemodulation. TheDataLinkLayer LikewithIEEE802.3(Ethernet)and802.5(TokenRing),the802.11documentdefines onlyhalfofthefunctionalityfoundatthedatalinklayer.LiketheotherIEEE802 protocols,theLLCsublayerformstheupperhalfofthedatalinklayerandisdefinedin theIEEE802.2standard.The802.11documentdefinestheMACsublayerfunctionality, whichconsistsofaconnectionlesstransportservicethatcarriesLLCdatatoadestination onthenetworkintheformofMACservicedataunits(MSDUs).Likeotherdatalinklayer protocols,thisserviceisdefinedbyaframeformat(actuallyseveralframeformats,inthis case)andamediaaccesscontrolmechanism.TheMACsublayeralsoprovidessecurity services,suchasauthenticationandencryption,andreorderingofMSDUs. DataLinkLayerFrames The802.11standarddefinesthreebasictypesofframesattheMAClayer,whichareas follows: •DataframesUsedtotransmitupperlayerdatabetweenstations •ControlframesUsedtoregulateaccesstothenetworkmediumandto acknowledgetransmitteddataframes •ManagementframesUsedtoexchangenetworkmanagementinformation toperformnetworkfunctionssuchasassociationandauthentication Figure6-4showsthegeneralMACframeformat.Thefunctionsoftheframefieldsare asfollows: •FrameControl(2bytes)Contains11subfieldsthatenablevariousprotocol functions.Thesubfieldsareasfollows: •ProtocolVersion(2bits)Thisspecifiestheversionofthe802.11 standardbeingused. •Type(2bits)Thisspecifieswhetherthepacketcontainsamanagement frame(00),acontrolframe(01),oradataframe(10). •Subtype(4bits)Thisidentifiesthespecificfunctionoftheframe. •ToDS(1bit)Avalueof1inthisfieldindicatesthattheframeisbeing transmittedtothedistributionsystem(DS)viaanaccesspoint(AP). •FromDS(1bit)Avalueof1inthisfieldindicatesthattheframeis beingreceivedfromtheDS. •MoreFrag(1bit)Avalueof1indicatesthatthepacketcontainsa fragmentofaframeandthattherearemorefragmentsstilltobetransmitted. WhenfragmentingframesattheMAClayer,an802.11systemmustreceivean acknowledgmentforeachfragmentbeforetransmittingthenextone. •Retry(1bit)Avalueof1indicatesthatthepacketcontainsafragment ofaframethatisbeingretransmittedafterafailuretoreceivean acknowledgment.Thereceivingsystemusesthisfieldtorecognizeduplicate packets. •PwrMgt(1bit)Avalueof0indicatesthatthestationisoperatingin activemode;avalueof1indicatesthatthestationisoperatinginpower-save mode.APsbufferpacketsforstationsoperatinginpower-savemodeuntilthey changetoactivemodeorexplicitlyrequestthatthebufferedpacketsbe transmitted. •MoreData(1bit)Avalueof1indicatesthatanAPhasmorepacketsfor thestationthatarebufferedandawaitingtransmission. •WEP(1bit)Avalueof1indicatesthattheFrameBodyfieldhasbeen encryptedusingtheWiredEquivalentPrivacy(WEP)algorithm,whichisthe securityelementofthe802.11standard.WEPcanbeusedonlyinmanagement framesusedtoperformauthentications. •Order(1bit)Avalueof1indicatesthatthepacketcontainsadataframe (orfragment)thatisbeingtransmittedusingtheStrictlyOrderedserviceclass, whichisdesignedtosupportprotocolsthatcannotprocessreorderedframes. •Duration/ID(2bytes)Incontrolframesusedforpower-savepolling,this fieldcontainstheassociationidentity(AID)ofthestationtransmittingtheframe. Inallotherframetypes,thefieldindicatestheamountoftime(inmicroseconds) neededtotransmitaframeanditsshortinterframespace(SIFS)interval. •Address1(6bytes)Thiscontainsanaddressthatidentifiestherecipientof theframe,usingoneofthefiveaddressesdefinedin802.11MACsublayer communications,dependingonthevaluesoftheToDSandFromDSfields. •Address2(6bytes)Thiscontainsoneofthefiveaddressesusedin802.11 MACsublayercommunications,dependingonthevaluesoftheToDSandFrom DSfields. •Address3(6bytes)Thiscontainsoneofthefiveaddressesusedin802.11 MACsublayercommunications,dependingonthevaluesoftheToDSandFrom DSfields. •SequenceControl(2bytes)Thiscontainstwofieldsusedtoassociatethe fragmentsofaparticularsequenceandassemblethemintotherightorderatthe destinationsystem: •FragmentNumber(4bits)Containsavaluethatidentifiesaparticular fragmentinasequence. •SequenceNumber(12bits)Containsavaluethatuniquelyidentifiesthe sequenceoffragmentsthatmakeupadataset. •Address4(6bytes)Thiscontainsoneofthefiveaddressesusedin802.11 MACsublayercommunications,dependingonthevaluesoftheToDSandFrom DSfields.Itisnotpresentincontrolandmanagementframesandsomedata frames. •FrameBody(0to2,312bytes)Thiscontainstheactualinformationbeing transmittedtothereceivingstation. •FrameCheckSequence(4bytes)Thiscontainsacyclicredundancycheck (CRC)valueusedbythereceivingsystemtoverifythattheframewastransmitted withouterrors. Figure6-4TheIEEE802.11MACsublayerframeformat ThefouraddressfieldsintheMACframeidentifydifferenttypesofsystems dependingonthetypeofframebeingtransmittedanditsdestinationinrelationtotheDS. Thefivedifferenttypesofaddressesareasfollows: •Sourceaddress(SA)AnIEEEMACindividualaddressthatidentifiesthe systemthatgeneratedtheinformationcarriedintheFrameBodyfield. •Destinationaddress(DA)AnIEEEMACindividualorgroupaddressthat identifiesthefinalrecipientofanMSDU. •Transmitteraddress(TA)AnIEEEMACindividualaddressthatidentifies thesystemthattransmittedtheinformationintheFrameBodyfieldonthecurrent wirelessmedium(typicallyanAP). •Receiveraddress(RA)AnIEEEMACindividualorgroupaddressthat identifiestheimmediaterecipientoftheinformationintheFrameBodyfieldon thecurrentwirelessmedium(typicallyanAP). •BasicservicesetID(BSSID)AnIEEEMACaddressthatidentifiesa particularBSS.Onaninfrastructurenetwork,theBSSIDistheMACaddressof thestationfunctioningastheAPoftheBSS.Onanadhocnetwork(IBSS),the BSSIDisarandomlygeneratedvaluegeneratedduringthecreationoftheIBSS. MediaAccessControl Aswithalldatalinklayerprotocolsthatuseasharednetworkmedium,themediaaccess controlmechanismisoneoftheprotocol’sprimarydefiningelements.IEEE802.11 definestheuseofaMACmechanismcalledCarrierSenseMultipleAccesswithCollision Avoidance(CSMA/CA),whichisavariationoftheCarrierSenseMultipleAccesswith CollisionDetection(CSMA/CD)mechanismusedbyEthernet. Thebasicfunctionalcharacteristicsofwirelessnetworkshaveaprofoundeffectonthe MACmechanismstheycanuse.Forexample,theEthernetCSMA/CDmechanismandthe token-passingmethodusedbyTokenRingandFDDInetworksbothrequireeverydevice onthenetworktoreceiveeverytransmittedpacket.AnEthernetsystemthatdoesn’t receiveeverypacketcan’tdetectcollisionsreliably.Inaddition,theEthernetcollision detectionmechanismrequiresfull-duplexcommunications(becausetheindicationthata collisionhasoccurredissimultaneoustransmitandreceivesignals),whichisimpractical inawirelessenvironment.Ifatoken-passingsystemfailstoreceiveapacket,theproblem isevenmoreseverebecausethepacketcannotthenbepassedontotherestofthe network,andnetworkcommunicationstopsentirely.Oneofthecharacteristicsofthe wirelessnetworksdefinedin802.11,however,isthatstationscanrepeatedlyenterand leavetheBSSbecauseoftheirmobilityandthevagariesofthewirelessmedium. Therefore,theMACmechanismonawirelessnetworkmustbeabletoaccommodatethis behavior. TheCSMApartoftheCSMA/CDmechanismisthesameasthatofanEthernet network.Acomputerwithdatatotransmitlistenstothenetworkmediumand,ifitisfree, beginstransmittingitsdata.lfthenetworkisbusy,thecomputerbacksoffforarandomly selectedintervalandbeginsthelisteningprocessagain.AlsolikeEthernet,theCSMApart oftheprocesscanresultincollisions.ThedifferenceinCSMA/CAisthatsystemsattempt toavoidcollisionsinthefirstplacebyreservingbandwidthinadvance.Thisisdoneby specifyingavalueintheDuration/IDfieldorusingspecializedcontrolmessagescalled request-to-send(RTS)andclear-to-send(CTS). Thecarriersensepartofthetransmissionprocessoccursontwolevels,thephysical andthevirtual.Thephysicalcarriersensemechanismisspecifictothephysicallayer mediumthenetworkisusingandisequivalenttothecarriersenseperformedbyEthernet systems.Thevirtualcarriersensemechanism,calledanetworkallocationvector(NAV), involvesthetransmissionofanRTSframebythesystemwithdatatotransmitanda responsefromtheintendedrecipientintheformofaCTSframe.Bothoftheseframes haveavalueintheDuration/IDfieldthatspecifiestheamountoftimeneededforthe sendertotransmittheforthcomingdataframeandreceiveanacknowledgment(ACK) frameinreturn.Thismessageexchangeessentiallyreservesthenetworkmediumforthe lifeofthisparticulartransaction,whichiswherethecollisionavoidancepartofthe mechanismcomesin.SinceboththeRTSandCTSmessagescontaintheDuration/ID value,anyothersystemonthenetworkreceivingeitheroneofthetwoobservesthe reservationandrefrainsfromtryingtotransmititsowndataduringthattimeinterval.This way,astationthatiscapableofreceivingtransmissionsfromonecomputerbutnotthe othercanstillobservetheCSMA/CAprocess. Inaddition,theRTS/CTSexchangeenablesastationtomoreeasilydeterminewhether communicationwiththeintendedrecipientispossible.IfthesenderofanRTSframefails toreceiveaCTSframefromtherecipientinreturn,itretransmitstheRTSframe repeatedlyuntilapreestablishedtimeoutisreached.RetransmittingthebriefRTSmessage ismuchquickerthanretransmittinglargedataframes,whichshortenstheentireprocess. Todetectcollisions,IEEE802.11usesapositiveacknowledgmentsystemattheMAC sublayer.EachdataframethatastationtransmitsmustbefollowedbyanACKframe fromtherecipient,whichisgeneratedafteraCRCcheckoftheincomingdata.Ifthe frame’sCRCcheckfails,therecipientconsidersthepackettohavebeencorruptedbya collision(orotherphenomenon)andsilentlydiscardsit.Thestationthattransmittedthe originaldataframethenretransmitsitasmanytimesasneededtoreceiveanACK,uptoa predeterminedlimit.NotethatthefailureofthesendertoreceiveanACKframecouldbe becauseofthecorruptionornondeliveryoftheoriginaldataframeorthenondeliveryof anACKframethattherecipientdidsendinreturn.The802.11protocoldoesnot distinguishbetweenthetwo. NOTEForadditionalinformationaboutcurrent802.11standards,see Chapters12and24. CHAPTER 7 WideAreaNetworks Thephysicalanddatalinklayerprotocolsusedtobuildlocalareanetworks(LANs)are quiteefficientoverrelativelyshortdistances.Evenforcampusconnectionsbetween buildings,fiber-opticsolutionsenableyoutouseaLANprotocolsuchasEthernet throughoutyourwholeinternetwork.However,whenyouwanttomakeaconnectionover alongdistance,youmoveintoanentirelydifferentworldofdatacommunicationscalled wideareanetworking.Awideareanetwork(WAN)isacommunicationslinkthatspansa longdistanceandconnectstwoormoreLANs. WANconnectionsmakeitpossibletoconnectnetworksindifferentcitiesorcountries, enablinguserstoaccessresourcesatremotelocations.ManycompaniesuseWANlinks betweenofficelocationstoexchangee-mail,groupware,anddatabaseinformation,or evenjusttoaccessfilesandprintersonremoteservers.Banksandairlines,forexample, useWANsbecausetheymustbeincontinualcommunicationwithalloftheirbranch officestokeeptheirdatabasesupdated,butWANconnectionscanalsofunctiononamuch smallerscale,suchasasystemthatperiodicallydialsintoaremotenetworktosendand retrievethelateste-mailmessages. Today,withtheincreaseduseofcloudtechnology,WANvisualizationand optimizationarebecomingmorecommon.SeeChapter26formoreinformationabout thesetwoareas. AWANconnectionrequiresarouterorabridgeateachendtoprovidetheinterfaceto theindividualLANs,asshowninFigure7-1.Thisreducestheamountoftrafficthat passesacrossthelink.RemotelinkbridgesconnectLANsrunningthesamedatalinklayer protocolatdifferentlocationsusingananalogordigitalWANlink.Thebridgesprevent unnecessarytrafficfromtraversingthelinkbyfilteringpacketsaccordingtotheirdatalink layerMACaddresses.However,bridgesdopassbroadcasttrafficacrosstheWANlink. Dependingonthespeedoftheintendedlinkandapplications,thismaybeahugewasteof bandwidth.It’spossibletomakeagoodcasethatusingremotelinkbridgestoconnect networksattwositesistechnicallynotaWANbecauseyouareactuallyjoiningthetwo sitesintoasinglenetwork,insteadcreatinganinternetwork.However,whetherthefinal resultisanetworkoraninternetwork,thetechnologiesusedtojointhetwositesarethe sameandarecommonlycalledWANlinks. Figure7-1RoutersorbridgesconnectWANlinkstoLANs. IftheWANlinkisintendedonlyforhighlyspecificuses,suchase-mailaccess,data linklayerbridgescanbewastefulbecausetheyprovidelesscontroloverthetrafficthatis permittedtopassoverthelink.Routers,ontheotherhand,keepthetwoLANscompletely separate.Infact,theWANlinkisanetworkinitselfthatconnectsonlytwosystems, namely,theroutersateachendoftheconnection.Routerspassnobroadcastsoverthe WANlink(exceptinexceptionalcases,suchaswhenyouuseDHCPorBOOTPrelay agents).Therefore,administratorscanexercisegreatercontroloverthetrafficpassing betweentheLANs.Routersalsoenableyoutousedifferentdatalinklayerprotocolson eachoftheLANsbecausetheyoperateatthenetworklayeroftheOpenSystems Interconnection(OSI)model. Whilebridgesarealwaysseparateunits,theroutersusedtoconnecttwonetworks withaWANlinkcantaketheformofeitheracomputeroradedicatedhardwaredevice. WhenaremoteuserconnectstoahostPCwithaconnectionandaccessesothersystems onthenetwork,thehostPCisfunctioningasarouter.Mostsitesusededicatedrouters. TherouterorbridgelocatedateachterminusoftheWANlinkisconnectedtothelocal LANandtowhateverhardwareisusedtomakethephysicallayerconnectiontotheWAN. IntroductiontoTelecommunications Whenyouentertheworldofwideareanetworking,youexperienceamajorparadigmshift fromthelocalareanetworkingworld.Whenyoudesign,build,andmaintainaLAN,you areworkingwithequipmentthatyou(oryourorganization)ownsandcontrolscompletely. Onceyoupayfortheequipmentitself,thenetworkanditsbandwidthareyourstodowith asyouplease.WhenyouconnectnetworksusingWANlinks,however,youalmostnever ownallofthetechnologyusedtomaketheconnections.Unlessyourorganizationhasthe meanstorunitsownlong-distancefiber-opticcablesorlaunchitsownsatellite(andwe’re talkingmillions,ifnotbillions,ofdollarsneededtodothisinmostcases),youhaveto dealwithathird-partytelecommunicationsserviceproviderthatmakesitpossibleforyou tosendyourdatasignalsoverlongdistances. TheneedtorelyonanoutsideserviceproviderforWANcommunicationscan enormouslycomplicatetheprocessofdesigning,installing,andmaintainingthenetwork. LANtechniciansareoftentinkerersbytrade.Whenproblemswiththenetworkoccur, theyhavetheirownproceduresforinvestigating,diagnosing,andresolvingthem, knowingthatthecauseissomewherenearbyiftheycanonlyfindit.ProblemswithWAN connectionscanconceivablybecausedbytheequipmentlocatedatoneoftheconnected sites,butit’smorelikelyforthetroubletobesomewhereintheserviceprovider’snetwork infrastructure.AheavyequipmentoperatorathousandmilesawayinAkron,Ohio,can severatrunkcablewhilediggingatrench,causingyourWANlinktogodown.Solar flaresonthesurfaceofthesun93millionmilesawaycandisturbsatellite communications,causingyourWANlinktogodown.Ineithercase,thereisnothingyou candoaboutitexceptcallyourserviceproviderandcomplain.Becauseofthisrelianceon outsideparties,manynetworkadministratorsmaintainbackupWANlinksthatusea differenttechnologyorserviceproviderforcriticalconnections. Telecommunicationsisaseparatenetworkingdisciplineuntoitselfthatisatleastas complicatedasdatanetworking,ifnotmoreso.(lfyouthinkthatlocalareanetworking hasalotofcrypticacronyms,waituntilyoustartstudyingtelecommunications.)Alarge organizationreliesatleastasmuchontelecommunicationstechnologyasonitsdata networkingtechnology.lfthecomputernetworkgoesdown,peoplecomplainloudly;if thephonesystemgoesdown,peoplequicklybegintopanic.Inmanylargeorganizations, thepeoplewhomanagethetelecommunicationsinfrastructurearedifferentfromthose whoadministerthedatanetwork.However,itisintheareaofWANcommunicationsthat thesetwodisciplinescometogether.Itisn’tcommontofindtechnicalpeoplewhoare equallyadeptatdatanetworkingandtelecommunications;mosttechnicianstendto specializeinoneortheother.However,aLANadministratorhastoknowsomething abouttelecommunicationsiftheorganizationhasofficesatmultiplelocationsthatareto beconnectedusingWANs. Alldatanetworkingisaboutbandwidth,ortheabilitytotransmitsignalsbetween systemsatagivenrateofspeed.OnaLAN,whenyouwanttoincreasethebandwidth availabletousers,youcanupgradetoafasterprotocoloraddnetworkconnection componentssuchasbridges,switches,androuters.Aftertheinitialoutlayforthenew equipmentanditsinstallation,thenetworkhasmorebandwidth,forever.Intheworldof telecommunications,bandwidthcostsmoney,oftenlotsofit.Ifyouwanttoincreasethe speedofaWANlinkbetweentwonetworks,notonlydoyouhavetopurchasenew equipment,butyouprobablyalsohavetopayadditionalfeestoyourserviceprovider. Dependingonthetechnologyyou’vechosenandyourserviceprovider,youmayhaveto payafeetohavetheequipmentinstalled,afeetosetupthenewservice,andpermanent monthlysubscriberfeesbasedontheamountofbandwidthyouwant.Combined,these feescanbesubstantial,andthey’reongoing;youcontinuetopayaslongasyouusethe service. TheresultofthisexpenseisthatWANbandwidthisfarmoreexpensivethanLAN bandwidth.Innearlyeverycase,yourLANswillrunatspeedsfarexceedingthoseofyour WANconnections,asshowninTable7-1. Table7-1LANsvs.WANs WANUtilization WANtechnologiesvaryinthewaythey’restructured,thewayyoupayforthem,andthe wayyouusethem.Thecostsofspecifictechnologiesdependonyourlocation. SelectingaWANTechnology TheselectionofaWANconnectionforaspecificpurposeisgenerallyatrade-offbetween speedandexpense.BecauseyourWANlinkswillalmostcertainlyrunmoreslowlythan thenetworksthattheyconnect,andcostmoreaswell,it’simportanttodeterminejusthow muchbandwidthyouneedandwhenyouneeditasyoudesignyournetwork. ItusuallyisnotpracticaltouseaWANlinkinthesamewayyouwoulduseaLAN connection.Youmighthavetolimittheamountoftrafficthatpassesoverthelinkinways otherthanjustusingroutersateachend.Onewayistoschedulecertaintasksthatrequire WANcommunicationstorunatoff-peakhours.Forexample,databasereplicationtasks caneasilymonopolizeaWANlinkforextendedperiodsoftime,delayingnormaluser activities.Manyapplicationsthatrequireperiodicdatareplication,includingdirectory servicessuchasActiveDirectory,enableyoutospecifywhentheseactivitiesshouldtake place.ActiveDirectory,forexample,enablesyoutosplityourinternetworkintounits calledsitesandregulatethetimeandfrequencyofthereplicationthatoccursbetween domaincontrollersatdifferentsites. BeforeyouselectaWANtechnology,youshouldconsidertheapplicationsforwhich itwillbeused.Differentfunctionsrequiredifferentamountsofbandwidthanddifferent typesaswell.E-mail,forexample,notonlyrequiresrelativelylittlebandwidthbutalsois intermittentinitstraffic.High-endapplications,suchasfull-motionvideo,notonly requireenormousamountsofbandwidthbutalsorequirethatthebandwidthbe continuouslyavailabletoavoiddropoutsinservice.Theneedsofmostorganizationsfall somewherebetweenthesetwoextremes,butitisimportanttorememberthatthe continuityofthebandwidthcansometimesbeasimportantasthetransmissionrate. NOTEWhilethetransmissionratesshowninTable7-2indicatethemaximum ratedthroughput,theseratesarenotusuallyreflectedinrealitybecauseof avarietyofreasons. Table7-2WANTechnologiesandTheirTransmissionRates Table7-2listssomeofthetechnologiesusedforWANconnectionsandtheir transmissionspeeds.Thesectionsfollowingthetableexaminesomeofthetechnologies thataremostcommonlyusedforWANconnectivity.Thesetechnologies,foravarietyof reasons,usuallydonotnecessarilyreflecttheactualthroughputrealizedbyapplications usingthem.Intherealworld,thethroughputisgenerallylower. PSTN(POTS)Connections AWANconnectiondoesnotnecessarilyrequireamajorinvestmentinhardwareand installationfees.Manynetworkconnectionsareformedusingapublicswitchedtelephone network(PSTN)orplainoldtelephoneservice(POTS).Astandardasynchronousmodem thatconnectstelephonelinestoconnectyourcomputertoanetwork(suchasthatofan ISP)istechnicallyawidearealink,andforsomepurposes,thisisallthatisneeded.For example,anemployeeworkingathomeorontheroadcandialintoaserverattheoffice andconnecttotheLANtoaccesse-mailandothernetworkresources.Inthesameway,a smallLANconnectionmaybesufficientforasmallbranchofficetoconnecttothe corporateheadquartersforthesamepurposes. Themaximumpossibleconnectionspeedis56Kbps(fordigital-to-analogtrafficonly; analog-to-digitaltrafficislimitedto31.2Kbps).Analogmodemcommunicationsarealso dependentonthequalityofthelinesinvolved.Manytelephonecompaniesstillcertify theirlinesforvoicecommunicationsonly,anddonotperformrepairstoimprovethe qualityofdataconnections. Usingthesepubliccarrierlinesusuallycostsmuchlessthantryingtoestablisha privateline.Whenusingpubliclines,manysharethecosts,andthelinesare,bytheir nature,morereliablethantryingtocreateaprivateinfrastructure.Theissuesinvolvedin anyWANarethesame:delaytime,qualityofthelink,andavailablebandwidth.The largerthegeographicarea,themoretheseissuescomeintoplay. Inmostcases,aLANtoWANconnectionusesacomputerasarouter,althoughmany usestand-alonedevicesthatperformthesamefunction.Themostbasicarrangementuses acomputer,tablet,orsmartphoneforremotenetworkaccess.Theremotecomputercanbe runningane-mailclient,awebbrowser,oranotherapplicationdesignedtoaccessnetwork resources,orsimplyaccessthefilesystemonthenetwork’sservers.Thissimple arrangementisbestsuitedtouserswhowanttoconnecttotheirofficecomputerswhileat homeortraveling. Acomputercanalsohostmultipleconnections.WhenauserononeLANperformsan operationthatrequiresaccesstotheotherLAN,theserverautomaticallydialsintoa serverontheothernetwork,establishestheconnection,andbeginsroutingtraffic.When thelinkremainsidleforapresettime,theconnectionterminates.Therearealsostandaloneroutersthatperforminthesameway,enablinguserstoconnecttoaremoteLANor theInternetasneeded.ThisarrangementprovidesWANaccesstouserswithoutthem havingtoestablishtheconnectionmanually. Today,theworld’slargestWAN,theInternet,actuallyusesPSTNlinesformuchofits infrastructure,sothistechnologywillnotsoonbeobsolete.Obviously,thechiefdrawback tousingthePSTNforotherWANconnectionsisthelimitedbandwidth,butthelowcost ofthehardwareandservicesrequiredmaketheseconnectionscompelling,andmany networkadministratorsmakeuseofthemininterestingandcreativeways.Inearlierdialupconnections,somenetworksusedinversemultiplexingtocombinetwosmall bandwidthchannelsintoalargerchannel.Inversemultiplexingistheprocessof combiningbandwidthofmultipleconnectionsintoasingleconduit.Seethesections “FrameRelay”and“ATM”formoreinformationabouthowinversemultiplexingisused today. LeasedLines Aleasedlineisadedicated,permanentconnectionbetweentwositesthatrunsthroughthe telephonenetwork.Thelineissaidtobededicatedbecausetheconnectionisactive24 hoursadayanddoesnotcompeteforbandwidthwithanyotherprocesses.Thelineis permanentbecausetherearenotelephonenumbersordialinginvolvedintheconnection, norisitpossibletoconnecttoadifferentlocationwithoutmodifyingthehardware installation.WhilethisbookisnaturallymoreinterestedinleasedlinesasWAN technologies,it’simportanttounderstandthattheyarealsoavitalelementofthevoice telecommunicationsnetworkinfrastructure.Whenalargeorganizationinstallsitsown privatebranchexchange(PBX)tohandleitstelephonetraffic,theswitchboardistypically connectedtooneormoreT-llines,whicharesplitintoindividualchannelswithenough bandwidthtohandleasinglevoice-gradeconnection(56to64Kbps).Eachofthese channelsbecomesastandardvoice“telephoneline,”whichisallocatedbythePBXto users’telephonesasneeded. Youinstallaleasedlinebycontactingatelephoneserviceprovider,eitherlocalor longdistance,andagreeingtoacontractthatspecifiesalinegrantingacertainamountof bandwidthbetweentwolocations,foraspecifiedcost.Thepricetypicallyinvolvesan installationfee,hardwarecosts,andamonthlysubscriptionfee,anditdependsonboththe bandwidthofthelineandthedistancebetweenthetwositesbeingconnected.The advantagesofaleasedlinearethattheconnectiondeliversthespecifiedbandwidthatall timesandthatthelineisasinherentlysecureasanytelephonelinebecauseitisprivate. Whiletheservicefunctionsasadedicatedlinebetweenthetwoconnectedsites,thereis notreallyadedicatedphysicalconnection,suchasaseparatewirerunningtheentire distance.Theserviceproviderinstallsadedicatedlinebetweeneachofthetwositesand theprovider’snearestpointofpresence(POP),butfromthere,theconnectionusesthe provider’sstandardswitchingfacilitiestomaketheconnection.Theproviderguarantees thatitsfacilitiescanprovideaspecificbandwidthandqualityofservice. FromtheLANside,thelineusuallyconnectstoarouterandontheWANside,ahub. Thistypeofconnectioncanbecomeveryexpensiveovertime.Theperformanceofthe serviceisbasedonthepercentageoferror-freesecondsperday,anditsavailabilityis computedintermsofthetimethattheserviceisfunctioningatfullcapacityduringa specificperiod,alsoexpressedasapercentage.Iftheproviderfailstomeettheguarantees specifiedinthecontract,thecustomerreceivesafinancialremunerationintheformof servicecredits.Aleased-linecontracttypicallyquantifiesthequalityofserviceusingtwo criteria:serviceperformanceandavailability. Leased-LineTypes Leasedlinescanbeanalogordigital,butdigitallinesaremorecommon.Ananaloglineis simplyanormaltelephonelinethatiscontinuouslyopen.WhenusedforaWAN connection,modemsarerequiredatbothendstoconvertthedigitalsignalsofthedata networktoanalogformfortransmissionandbacktodigitalattheotherend.Insome cases,thelinemayhaveagreaterservicequalitythanastandardPSTNline. Digitalleasedlinesaremorecommonbecausenoanalog-to-digitalconversionis requiredfordatanetworkconnections,andthesignalqualityofadigitallineisusually superiortothatofananalogline,whetherleasedordial-up.Digitalleasedlinesarebased onahierarchyofdigitalsignal(D5)speedsusedtoclassifythespeedsofcarrierlinks. Theselevelstakedifferentformsindifferentpartsoftheworld.InNorthAmerica,theD5 levelsareusedtocreatetheT-carrier(for“trunk-carrier”)service.Europeandmostofthe restoftheworldusestheE-carrierservice,whichisstandardizedbythe TelecommunicationssectoroftheInternationalTelecommunicationsUnion(ITU-T), exceptforJapan,whichhasitsownJ-carrierservice.Eachoftheseservicesnamesthe variouslevelsbyreplacingtheDSprefixwiththatoftheparticularcarrier.Forexample, theDS-llevelisknownasaT-1inNorthAmerica,anE-1inEurope,andaJ-1inJapan. TheonlyexceptiontothisistheDS-0level,whichrepresentsastandard64Kbps voice-gradechannelandisknownbythisnamethroughouttheworld.Asyougobeyond theDS-lservice,bandwidthlevelsrisesteeply,asdothecosts.InNorthAmerica,many networksusemultipleT-1linesforbothvoiceanddata.T-3sareusedmainlybyISPsand otherserviceproviderswithhigh-bandwidthneeds.SeeTable7-3foranexplanationof thevarious“T”linesinNorthAmerica. Table7-3“T”LineTypesinNorthAmerica Whileit’spossibletoinstallaleasedlineusinganyoftheservicelevelslistedforyour geographicallocation,youarenotlimitedtotheamountsofbandwidthprovidedbythese services.Becausethebandwidthofeachserviceisbasedonmultiplesof64Kbps,youcan splitadigitallinkintoindividual64Kbpschannelsanduseeachoneforvoiceordata traffic.Serviceprovidersfrequentlytakeadvantageofthiscapabilitytoofferleasedlines thatconsistofanynumberofthese64Kbpschannelsthatthesubscriberneeds,combined intoasingledatapipe.ThisiscalledfractionalT-1service. Leased-LineHardware AT-llinerequirestwotwistedpairsofwires,andoriginallythelinewasconditioned, meaningthatarepeaterwasinstalled3,000feetfromeachendpointandevery6,000feet inbetween.Later,asignalingschemecalledhigh-bit-ratedigitalsubscriberline(HDSL) madeitpossibletotransmitdigitalsignalsatT-lspeedsoverlongerdistanceswithoutthe needforrepeatinghardware. Thehardwarethatwasrequiredateachendofadigitalleasedlinewascalleda channelserviceunit/dataserviceunit(CSU/DSU),whichwasactuallytwodevicesthat areusuallycombinedintoasingleunit.TheCSUprovidedtheterminusforthedigitallink andkepttheconnectionactiveevenwhentheconnectedbridge,router,privatebranch exchange(PBX),orotherdevicewasn’tactuallyusingit.TheCSUalsoprovidedtesting anddiagnosticfunctionsfortheline.TheDSUwasthedevicethatconvertsthesignalsit receivedfromthebridge,router,orPBXtothebipolardigitalsignalscarriedbytheline. Inappearance,aCSU/DSUlookedsomethinglikeamodem,andasaresult,theywere sometimesincorrectlycalleddigitalmodems.(Sinceamodem,bydefinition,isadevice thatconvertsbetweenanaloganddigitalsignals,thetermdigitalmodemwasactually somethingofanoxymoron.However,justaboutanydeviceusedtoconnectacomputeror networktoatelephoneorInternetservicehasbeenincorrectlycalledamodem,including ISDNandcablenetworkequipment.) TheCSU/DSUwasconnectedtotheleasedlineononesideusinganRJconnectorand toadevice(ordevices)ontheothersidethatprovidedtheinterfacetothelocalnetwork (seeFigure7-2),usingaV.35orRS-232connector.Thisinterfacecanbeabridgeora routerfordatanetworkingoraPBXforvoiceservices.Thelinecanbeeither unchanneled,meaningthatitisusedasasingledatapipe,orchanneled,meaningthata multiplexorislocatedinbetweentheCSU/DSUandtheinterfacetobreakupthelineinto separatechannelsformultipleuses. Figure7-2TheCSU/DSUprovidestheinterfacebetweenaLANandaleasedline. Digitalleasedlinesusetimedivisionmultiplexing(TDM)tocreatetheindividual channelsinwhichtheentiredatastreamisdividedintotimesegmentsthatareallocatedto eachchannelinturn.Eachtimedivisionisdedicatedtoaparticularchannel,whetheritis usedornot.Thus,whenoneofthe64KbpsvoicelinesthatarepartofaT-1wasidle,that bandwidthwaswasted,nomatterhowbusytheotherchannelswere. Leased-LineApplications T-1sandotherleasedlinesareusedformanydifferentpurposes.T-1sarecommonlyused toprovidetelephoneservicestolargeorganizations.OntheWANfront,organizations withofficesinseverallocationscanuseleasedlinestobuildaprivatenetworkforboth voiceanddatatraffic.Withsuchanetworkinplace,userscanaccessnetworkresourcesin anyofthesitesatwill,andtelephonecallscanbetransferredtousersinthedifferent offices.Theproblemwithbuildinganetworkinthismanneristhatitrequiresatruemesh topologyofleasedlines—thatis,aseparateleasedlineconnectingeachofficetoevery otheroffice—tobereliable.Anorganizationwithfoursites,forexample,wouldneedsix leasedlines,asshowninFigure7-3,andeightsiteswouldrequiretwenty-eightleased lines!Itwouldbepossibleforthesitestobeconnectedinseries,usingsevenlinksto connecteightsites,butthenthefailureofanyonelinkorrouterwouldsplitthenetworkin two. Figure7-3AprivateWANthatusesleasedlinesrequiresaseparateconnectionbetweeneverytwosites. Today,mostorganizationsusealessexpensivetechnologytocreateWANlinks betweentheirvariousoffices.Onealternativetoaprivatenetworkwouldbetouseleased linesateachsitetoconnecttoapubliccarriernetworkusingatechnologysuchasframe relayorATMtoprovidetherequiredbandwidth.Eachsitewouldrequireonlyasingle, relativelyshort-distanceleasedlinetoalocalserviceprovider,insteadofaseparatelineto eachsite.Formoreinformationonthisalternative,see“Packet-SwitchingServices”later inthischapter.ThemostcommonapplicationforT-1linesinWANstoday,however,isto usethemtoconnectaprivatenetworktoanISPinordertoprovideInternetaccesstoits usersandtohostInternetservices,suchaswebande-mailservers. T-1sarewell-suitedforprovidingInternetaccesstocorporatenetworksbecause servicessuchase-mailhavetobeconnectedaroundtheclock.ISPsalsousuallyhavea localpointofpresence,sotheleasedlinedoesnothavetospanatremendouslylong distanceandisnottooterriblyexpensive.AsingleT-1connectiontotheInternetcanserve theneedsofhundredsofaverageuserssimultaneously. ISDN Integratedservicedigitalnetwork(ISDN)anddigitalsubscriberline(DSL)areboth servicesthatutilizetheexistingcopperPOTScableataninstallationtocarrydataatmuch highertransmissionrates.Inbothcases,thesitemustberelativelyclosetothetelephone company’snearestpointofpresence(POP),alocationcontainingtelephoneswitching equipment.BasicrateISDN,forexample,requiresalocationnofartherthan18,000feet (3.4miles)fromthePOP;DSLdistancesvarywiththedatarate.ISDNandDSLare sometimescalledlast-miletechnologiesbecausetheyaredesignedtogetdatafromthe usersitetothePOPathighspeed. ThecoppercablerunningfromthePOPtotheindividualusersiteistraditionallythe weakestlinkinthephonesystem.OnceasignalreachesthePOP,itmovesthroughthe telephonecompany’sswitchesathighspeed.Byeliminatingthebottlenecksatbothends ofthelink,trafficcanmaintainthatspeedfromendtoend.Whilethesetechnologieshave beenmarketedintheUnitedStatesprimarilyasInternetconnectivitysolutionsforhome users,theybothareusableforoffice-to-officeWANconnections. ISDNwasadigitalpoint-to-pointtelephonesystemthathadbeenaroundformany yearsbutthatwasnotadoptedaswidelyintheUnitedStatesasitsproponentshadhoped. Originally,ISDNwasdesignedtocompletelyreplacethecurrentphonesystemwithalldigitalservice,butitthenbecamepositionedasanalternativetechnologyforhomeusers whorequiredhigh-bandwidthnetworkconnectionsandforlinksbetweenbusiness networks.Inthiscountry,ISDNtechnologygarneredareputationforbeingoverly complicated,difficulttoinstall,andnotparticularlyreliable,andtosomeextent,this reputationwasjustified.Atonetime,inquiriestomostlocalphonecompaniesaboutISDN servicewouldbemetonlywithpuzzlement,andhorrorstoriesfromconsumersabout installationdifficultieswerecommon. ISDNwasadigitalservicethatprovidedagooddealmorebandwidththanstandard telephoneservice,butunlikealeasedline,itwasnotpermanent.ISDNdevicesdialeda numbertoestablishaconnection,likeastandardtelephone,meaningthatusersconnected todifferentsitesasneeded.Forthisreason,ISDNwasknownasacircuit-switching servicebecauseitcreatedatemporarypoint-to-pointcircuitbetweentwosites.Forthe homeorbusinessuserconnectingtotheInternet,thismeanttheycouldchangeISPs withoutanymodificationstotheISDNservicebythetelephonecompany.For organizationsusingISDNforWANconnectionsbetweenoffices,thismeanttheycould connecttodifferentofficenetworkswhentheyneededaccesstotheirresources. ISDNServices TherearetwomaintypesofISDNservice,whicharebasedonunitsofbandwidthcalledB channels,runningat64Kbps,andDchannels,runningat16or64Kbps.Bchannelscarry voiceanddatatraffic,andDchannelscarrycontroltrafficonly.Theservicetypesareas follows: •BasicRateInterface(BRI)Alsocalled2B+D,becauseitconsistsoftwo64 KbpsBchannelsandone16KbpsDchannel.BRIwastargetedprimarilyathome usersforconnectionstobusinessnetworksortheInternet. •PrimaryRateInterface(PRI)Consistsofupto23Bchannelsandone64 KbpsDchannel,foratotalbandwidthequivalenttoaT-1leasedline.PR1was aimedmoreatthebusinesscommunity,asanalternativetoleasedlinesthat providedthesamebandwidthandsignalqualitywithgreaterflexibility. OneoftheprimaryadvantagesofISDNwastheabilitytocombinethebandwidthof multiplechannelsasneeded,usinginversemultiplexing.EachBchannelhasitsown separateten-digitnumber.Forthehomeuser,oneoftheBchannelsoftheBRIservice carriedvoicetrafficwhiletheotherBchannelwasusedfordata,orbothBchannelscould becombinedtoformasingle128KbpsconnectiontotheInternetortoaprivatenetwork. ThePR1servicecombinesanynumberoftheBchannelsinanycombinationtoform connectionsofvariousbandwidths.Inaddition,theISDNservicesupportsbandwidth-ondemand,whichcansupplementaconnectionwithadditionalBchannelstosupporta temporaryincreaseinbandwidthrequirements.Dependingontheequipmentused,it’s possibletoaddbandwidthaccordingtoapredeterminedscheduleofusageneedsorto dynamicallyaugmentaconnectionwhenthetrafficrisesaboveaparticularlevel.For bandwidthneedsthatfluctuated,anISDNconnectionwasoftenfarmoreeconomicalthan aleasedlinebecauseyoupayonlyforthechannelsthatarecurrentlyinuse.Withaleased line,youmustpaywhetherit’sbeingusedornot. ISDNCommunications TheISDNBchannelscarryusertrafficonly,whetherintheformofvoiceordata.TheD channelisresponsibleforcarryingallofthecontroltrafficneededtoestablishand terminateconnectionsbetweensites.Thetrafficonthesechannelsconsistsofprotocols thatspanthebottomthreelayersoftheDSTreferencemodel.Thephysicallayer establishesacircuit-switchedconnectionbetweentheuserequipmentandthetelephone company’sswitchingofficethatoperatesat64Kbpsandalsoprovidesdiagnostic functionssuchasloopbacktestingandsignalmonitoring.Thislayerisalsoresponsiblefor themultiplexingthatenablesdevicestosharethesamechannel. Atthedatalinklayer,bridgesandPBXsusinganISDNconnectionemploytheLink AccessProcedureforDChannel(LAPD)protocol,asdefinedbytheInternational TelecommunicationsUnion(ITU-T)documentsQ.920throughQ.923,toprovideframerelayandframe-switchingservices.Thisprotocol(whichissimilartotheLAP-Bprotocol usedbyX.25)usestheaddressinformationprovidedbytheISDNequipmenttocreate virtualpathsthroughtheswitchingfabricofthetelephonecompany’snetworktothe intendeddestination.Theendresultisaprivatenetworkconnectionmuchlikethatofa leasedline. Thenetworklayerisresponsiblefortheestablishment,maintenance,andtermination ofconnectionsbetweenISDNdevices.Unlikeleasedlinesandsimilartechnologies,which maintainapermanentlyopenconnection,ISDNmustuseahandshakeprocedureto establishaconnectionbetweentwopoints.TheprocessofestablishinganISDN connectioninvolvesmessagesexchangedbetweenthreeentities:thecaller,theswitch(at thePOP),andthereceiver.Asusual,networklayermessagesareencapsulatedwithindata linklayerprotocolframes.Theconnectionprocedureisasfollows: 1.ThecallertransmitsaSETUPmessagetotheswitch. 2.lftheSETUPmessageisacceptable,theswitchreturnsaCALLPROC(call proceeding)messagetothecallerandforwardstheSETUPmessagetothe receiver. 3.IfthereceiveracceptstheSETUPmessage,itringsthephone(eitherliterally orfiguratively)andsendsanALERTINGmessagebacktotheswitch,which forwardsittothecaller. 4.Whenthereceiveranswersthecall(again,eitherliterallyorfiguratively),it sendsaCONNECTmessagetotheswitch,whichforwardsittothecaller. 5.ThecallerthensendsaCONNECTACK(connectionacknowledgment) messagetotheswitch,whichforwardsittothereceiver.Theconnectionisnow established. ISDNHardware ISDNdoesnotrequireanymodificationstothestandardcopperPOTSwiring.Aslongas yoursiteiswithin18,000feetofaPOP,youcanconvertanexistingtelephonelineto ISDNjustbyaddingtheappropriatehardwareateachend.Thetelephonecompanyuses specialdata-encodingschemes(called2BIQinNorthAmericaand4B3TinEurope)to providehigherdatatransmissionratesoverthestandardcable.AllISDNinstallations neededadevicecalledaNetworkTermination1(NT1)connectedtothetelephonelineat eachend.TheservicefromthetelephonecompanyprovideswhatisknownasaU interfaceoperatingoveronetwistedpairofwires.TheNT1connectstotheUinterface andconvertsthesignalstothefour-wireS/TinterfaceusedbyISDNterminalequipment (thatis,thedevicesthatusetheconnection). DevicesthatconnectdirectlytotheS/Tinterface,suchasISDNtelephonesandISDN faxmachines,werereferredtoasterminalequipment1(TE1).Devicesthatwerenot ISDNcapable,suchasstandardanalogphonesandfaxmachines,aswellascomputers, werecalledterminalequipment2(TE2).ToconnectaTE2devicetotheS/Tinterface, youneededaninterveningterminaladapter(TA).Youcouldconnectuptosevendevices toanNT1,bothTE1andTE2. InNorthAmerica,itwasuptotheconsumertoprovidetheNT1,whichwasavailable inseveralformsasacommercialproduct.InEuropeandJapan,whereISDNwasmuch moreprevalent,theNT1wasownedandprovidedbythetelephonecompany;usersonly neededtoprovidetheterminalequipment.FortheBRIservice,aseparateNT1isrequired ifyouaregoingtousemorethanonetypeofterminalequipment,suchasaterminal adapterforacomputerandanISDNtelephone.Iftheservicewasgoingtobeusedonly fordatanetworking,aswasoftenthecaseintheUnitedStates,thereweresingledevices availablethatcombinedtheNT1withaterminaladapter.Thesecombinationdevicesoften tooktheformofanexpansioncardforaPC,oraseparatedevice.Onceagain,theunits thatareoftencalledISDNmodemsweretechnicallynotmodemsatallbecausetheydid notconvertsignalsbetweenanaloganddigitalformats. DSL Adigitalsubscriberline(DSL)isacollectivetermforagroupofrelatedtechnologiesthat provideaWANservicethatissomewhatsimilartoISDNbutatmuchhigherspeeds.Like ISDN,DSLusesstandardPOTSwiringtotransmitdatafromausersitetoatelephone companyPOPusingaprivatepoint-to-pointconnection.Fromthere,signalstravel throughthetelephonecompany’sstandardswitchingequipmenttoanotherDSL connectionatthedestination.AlsolikeISDN,thedistancebetweenthesiteandthePOPis limited;thefasterthetransmissionrate,theshortertheoperabledistance. ThetransmissionratesforDSLservicesvarygreatly,andmanyoftheservices functionasymmetrically,meaningtheyhavedifferentuploadanddownloadspeeds.This speedvarianceoccursbecausethebundleofwiresatthePOPismoresusceptibletoatype ofinterferencecallednear-endcrosstalkwhendataisarrivingfromtheusersitethan whenitisbeingtransmittedouttotheusersite.Theincreasedsignallossrateresulting fromthecrosstalkrequiresthatthetransmissionratebelowerwhentravelinginthat direction. Standardtelephonecommunicationsuseonlyasmallamountofthebandwidth providedbythePOTScable.DSLworksbyutilizingfrequenciesabovethestandard telephonebandwidth(300to3,200Hz)andbyusingadvancedsignalencodingmethodsto transmitdataathigherratesofspeed.SomeoftheDSLservicesuseonlyfrequenciesthat areoutoftherangeofstandardvoicecommunications,whichmakesitpossibleforthe linetobeusedfornormalvoicetrafficwhileitiscarryingdigitaldata. DSLisstillthemostcommonInternetaccesssolution.However,thehigher-speed serviceslikehigh-bit-ratedigitalsubscriberline(HDSL)havebeendeployedheavilyby localtelephonecarriers.Asymmetricaloperationisnotmuchofaproblemforservices suchasasymmetricaldigitalsubscriberline(ADSL),whichwereusedforInternetaccess, becausetheaverageInternetusersdownloadfarmoredatathantheyupload.ForWAN connections,however,symmetricalserviceslikeHDSLarestandardforsometime.DSL differsfromISDNinthatitusespermanentconnections;ithasdial-upservice,no numbersassignedtotheconnections,andnosession-establishmentprocedures.The connectioniscontinuouslyactiveandprivate,muchlikethatofaleasedline. AsanInternetaccesssolution,DSLgrewquicklybecauseofitsrelativelylowprices andhightransmissionratesandhasallbuteclipsedISDNinthismarket.DSLandcable connectionsarenowthetwobiggestcompetingtechnologiesintheend-user,high-speed Internetconnectionmarket. ThevariousDSLserviceshaveabbreviationswithdifferentfirstletters,whichiswhy thetechnologyissometimescalledXDSL,withtheXactingasaplaceholder.Table7-4 showstheseservicesandtheirproperties. Table7-4DSLTypesandProperties ThehardwarerequiredforaDSLconnectionisastandardPOTSlineandaDSL “modem”atbothendsofthelink.Forservicesthatprovidesimultaneousvoiceanddata traffic,aPOTSsplitterisneededtoseparatethelowerfrequenciesusedbyvoicetraffic fromthehigherfrequenciesusedbytheDSLservice.Inaddition,thetelephoneline cannotuseloadingcoils,inductorsthatextendtherangeofthePOTSlineattheexpense ofthehigherfrequenciesthatDSLusestotransmitdata.AsshowninTable7-4,mostDSL connectionsareasymmetrical,althoughtherearesomesymmetricalvariationsthatdeliver thesamespeedbothuploadinganddownloading. AstelephonecompanieshaveupgradedtheirT1andT3linestofiber-opticlines,so haveDSLspeedsincreased.However,dataratestilldependsonthedistancetothecentral telephoneoffice.And,inmanycases,linenoiseisafactorthatreduceslinespeed. NOTEAscabletelevisionhasgrown,sohaveitsservices.Manycable companiesnowofferhigh-speedInternetaccessinadditiontotelevision andVoiceoverInternetProtocol(VoIP)services.SeeChapter23for moreinformationaboutVoIPandcableconnections. SwitchingServices EachWANinvolvesmovinginformationthroughuptothousandsofindividualnetworks. Thishappensbywayofseveralswitching(routing)technologies.Switchingentails movingdata,includinge-mails,largedocuments,andallofthemyriadtypesof informationbeingtransmittedthroughouttheworld.Eachitemissentinintermediate steps,ratherthaninformationfollowingadirectlinefromtheoriginationpointtothe destination. Packet-SwitchingServices Eachmessageisbrokendownintosmallpacketstobesentthroughthenetwork.Apacketswitchingservicetransmitsdatabetweentwopointsbyroutingpacketsthroughthe switchingnetworkownedbyacarriersuchasAT&T,Sprint,oranothertelephone company.Theendresultisahigh-bandwidthconnectionsimilarinperformancetoa leasedline,buttheadvantageofthistypeofserviceisthatasingleWANconnectionata networksitecanprovideaccesstomultipleremotesitessimplybyusingdifferentroutes throughthenetwork.Today,packet-switchingnetworkstransmiteverythingfromavoice telephonecalltodigitaltelevisionreception. Thepacket-switchingserviceconsistsofanetworkofhigh-speedconnectionsthatis sometimesreferredtoasthecloud.Oncedataarrivesatthecloud,theservicecanrouteit toaspecificdestinationathighspeeds.Itisuptotheconsumerstogettheirdatatothe nearestPOPconnectedtothecloud,afterwhichallswitchingisperformedbythecarrier. Therefore,anorganizationsettingupWANconnectionsbetweenremotesitesinstallsa linktoanedgeswitchatalocalPOPusingwhatevertechnologyprovidessuitable performance.Thislocallinkcantaketheformofaleasedline,ISDN,orDSL. Oncethedataarrivesattheedgeswitch,itistransmittedthroughthecloudtoanedge switchatanotherPOP,whereitisroutedtoaprivatelinkconnectingthecloudtothe destinationsite(seeFigure7-4). Figure7-4Packet-switchingnetworksuseanetworkcloudtoroutedatabetweenremotesites. Forexample,anorganizationwitheightofficesscatteredaroundthecountrywould need28leasedlinestointerconnectallofthesites,someofwhichmayhavetospanlong distances.Inthisarrangement,theorganizationdoesallofitsownswitching.Usinga packet-switchingserviceinsteadrequiresoneleasedlineconnectingeachsitetothe service’slocalPOP.Eightleasedlinesarefarcheaperthan28,especiallywhentheyspan relativelyshortdistances.Togetthedatawhereit’sgoing,thecarrierprogramsvirtual circuits(VCs)fromthePOPusedbyeachsitetoeachofthesevenotherPOPs.Thus, therearestill28routesconnectingeachlocationtoeveryotherlocation,buttheservice maintainsthem,andtheclientpaysonlyforthebandwidthused. Unlikealeasedline,however,apacket-switchingservicesharesitsnetworkamong manyusers.Thelinkbetweentwositesisnotpermanentlyassignedaspecificbandwidth. Insomeinstances,thiscanbeadrawback,becauseyourlinksarecompetingwiththoseof otherclientsforthesamebandwidth.However,youcannowcontractforaspecific bandwidthoveraframe-relaynetwork,andATMisbuiltaroundaqualityofservice(QoS) featurethatallocatesbandwidthforcertaintypesoftraffic.Inaddition,thesetechnologies enableyoutoalterthebandwidthallottedtoyourlinks.Unlikealeasedlinewitha specificbandwidththatyoucan’texceedandthatyoupayforwhetheryou’reusingitor not,youcontractwithapacket-switchingservicetoprovideacertainamountof bandwidth,whichyoucanexceedduringperiodsofheavytraffic(possiblywithan additionalcharge)andwhichyoucanincreaseasyournetworkgrows. Asthepacket-switchingnetworkbecomesmorecrowded,theentirenetworkslows down.Thinkaboutahighwaysystem.Themorecarsusingthehighway,themoretraffic slows.Sincethismediumoftransportationisshared,thereisnoguaranteeforthetimeof arrivalatthepacket’sdestination.Eachpacketmayuseadifferentcircuit,andthemessage isnotconnecteduntilitarrivesatitsdestination. Circuit-SwitchingServices Thisserviceisatemporaryconnection,suchasISDNoradial-upconnection.Becausethe connectionisdedicated,informationcanbetransmittedrapidly.However,unlessthe bandwidthisbeingused,thatbandwidthiswasted.Today,narrowbandISDNand switchedT1connectionsstillusecircuit-switchedtechnologies. FrameRelay Frame-relaynetworksprovidethehigh-speedtransmissionofleasedlineswithgreater flexibilityandlowercosts.Frame-relayserviceoperatesatthedatalinklayeroftheOSI referencemodelandrunsatbandwidthsfrom56Kbpsto44.736Mbps(T-3speed).You negotiateacommittedinformationrate(CIR)withacarrierthatguaranteesyouaspecific amountofbandwidth,eventhoughyouaresharingthenetworkmediumwithotherusers. ItispossibletoexceedtheCIR,however,duringperiodsofheavyuse,calledbursts.A burstcanbeamomentaryincreaseintrafficoratemporaryincreaseoflongerduration. Usually,burstsuptoacertainbandwidthordurationcarrynoextracharge,buteventually, additionalchargeswillaccrue. Thecontractwiththeserviceprovideralsoincludesacommittedburstinformation rate(CBIR),whichspecifiesthemaximumbandwidththatisguaranteedtobeavailable duringbursts.IfyouexceedtheCBIR,thereisachancethatdatawillbelost.The additionalbandwidthprovidedduringaburstmaybe“borrowed”fromyourothervirtual circuitsthataren’toperatingatfullcapacityorevenfromotherclients’circuits.Oneofthe primaryadvantagesofframerelayisthatthecarriercandynamicallyallocatebandwidth toitsclientconnectionsasneeded.Inmanycases,itistheleasedlinetothecarrier’s nearestPOPthatisthefactorlimitingbandwidth. Frame-RelayHardware Eachsiteconnectedtoaframe-relaycloudmusthaveaframe-relayaccessdevice (FRAD),whichfunctionsastheinterfacebetweenthelocalnetworkandtheleasedline (orotherconnection)tothecloud(seeFigure7-5).TheFRADissomethinglikearouter, inthatitoperatesatthenetworklayer.TheFRADacceptspacketsfromtheLANthatare destinedforothernetworks,stripsoffthedatalinklayerprotocolheader,andpackagesthe datagramsinframesfortransmissionthroughthecloud.Inthesameway,theFRAD processesframesarrivingthroughthecloudandpackagesthemfortransmissionoverthe LAN.ThedifferencebetweenaFRADandastandardrouter,however,isthattheFRAD takesnopartintheroutingofpacketsthroughthecloud;itsimplyforwardsallthepackets fromtheLANtotheedgeswitchatthecarrier’sPOP. Figure7-5Frame-relayconnectionsuseaFRADtoconnectaLANtothecloud. Theonlyotherhardwareelementinvolvedinaframe-relayinstallationisthe connectiontothenearestPOP.Inframerelay,theleasedlineisthemostcommonlyused typeofconnection.Whenselectingacarrier,itisimportanttoconsiderthelocationsof theirPOPsinrelationtothesitesyouwanttoconnectbecausethecostoftheleasedlines (whichisnotusuallyincludedintheframe-relaycontract)dependsontheirlength.The largelong-distancecarriersusuallyhavethemostPOPS,scatteredoverthewidestareas, butitisalsopossibletousedifferentcarriersforyoursitesandcreateframe-relaylinks betweenthem. Wheninstallingleasedlines,itisimportanttotakeintoaccountthenumberofvirtual circuitsthatwillrunfromtheFRADtoyourvarioussites.Unliketheprivatenetwork composedofseparateleasedlinestoeverysite,thesingleleased-lineconnectionbetween theFRADandthecarrier’sedgeserverwillcarryalloftheWANdatatoandfromthe localnetwork.MultipleVCswillberunningfromtheedgeserverthroughthecloudtothe othersites,andtheleasedlinefromtheFRADwillessentiallymultiplexthetrafficfrom allofthoseVCstotheLAN,asshowninFigure7-6.Thus,ifyouareconnectingeight remotesitestogetherwithframe-relayWANlinks,theleasedlineateachlocationshould becapableofhandlingthecombinedbandwidthofallsevenVCstotheotherlocations. Figure7-6TheconnectionfromtheFRADtothecloudcarriesdataforallofthevirtualcircuits. Inmostcases,theactualtrafficmovingacrossaWANlinkdoesnotutilizeallofthe bandwidthallottedtoitatalltimes.Therefore,itmaybepossibletocreateaserviceable WANbycontractingforVCsthathaveT-lspeedsbetweenalleightofficesandusingT-l leasedlinestoconnectallofthesitestothecloud.Beaware,however,thattheleasedlines aretheonlyelementsoftheWANthatarenotflexibleintheirbandwidth.lfyoufindthat yourWANtrafficexceedsthecapacityoftheleasedline,theonlyrecourseistoaugment itsbandwidthbyinstallinganotherconnection.Thisdoesnotnecessarilymeaninstalling anotherT-1,however.YoucanaugmentthebandwidthconnectingtheFRADtotheedge serverbyaddingafractionalT-1orevenadial-upconnectionthatactivatesduringperiods ofhightraffic. VirtualCircuits Thevirtualcircuitsthatarethebasisforframe-relaycommunicationscomeintwotypes: permanentvirtualcircuits(PVCs)andswitchedvirtualcircuits(SVCs).PVCsareroutes throughthecarrier’scloudthatareusedfortheWANconnectionsbetweenclientsites. Unlikestandardinternetworkrouting,PVCsarenotdynamic.Theframe-relaycarrier createsaroutethroughitscloudforaconnectionbetweensites,assignsitaunique10-bit numbercalledadatalinkconnectionidentifier(DLCI),andprogramsitintoitsswitches. ProgrammingaFRADconsistsofprovidingitwiththeDLCIsforallofthePVCSleading tootherFRADS.DLCIsarelocallysignificantonly;eachFRADhasitsownDLCIfora particularvirtualcircuit.Framespassingbetweentwositesalwaystakethesameroute throughthecloudandusetheDLCIasadatalinklayeraddress.Thisisoneofthereasons whyframerelayissofast;thereisnoneedtodynamicallyroutethepacketsthroughthe cloudorestablishanewconnectionbeforetransmittingdata. EachPVCcanhaveitsownCIRandCBIR,anddespitethedescriptionoftheVCas permanent,thecarriercanmodifytheroutewithinamatterofhoursifoneofthesites moves.ItisalsopossibletohavethecarriercreateaPVCfortemporaryuse,suchasfora meetinginwhichaspecialvideoconferencingsessionisrequired.Althoughitwas originallycreatedfordatatransfers,youcanalsouseframerelaytocarryothertypesof traffic,suchasvoiceorvideo.Tosetupavoicecalloravideoconferencebetweentwo sites,therehastobeavirtualcircuitbetweenthem.Thisiseasyifthecommunicationsare betweentwoofanorganization’sownsites,whicharealreadyconnectedbyaPVC;but conferencingwithaclientorotheroutsideuserrequiresacalltothecarriertosetupanew PVC. Frame-RelayMessaging Framerelayusestwoprotocolsatthedatalinklayer:LAPDforcontroltrafficandLink AccessProcedureforFrame-modeBearerServices(LAPF)forthetransferofuserdata. TheLAPDprotocol,thesameoneusedbyISDN(ITL-TQ921),isusedtoestablishVCs andprepareforthetransmissionofdata.LAPFisusedtocarrydataandforother processes,suchasmultiplexinganddemultiplexing,errordetection,andflowcontrol. Figure7-7showstheformatoftheframeusedtocarrydataacrossaframe-relay cloud.Thefunctionsofthefieldsareasfollows: •Flag,1byteContainsthebinaryvalue01111110(or7Einhexadecimal form)thatservesasadelimiterfortheframe. •LinkInfo,2bytesContainstheframe’saddressandcontrolfields,as follows: •UpperDLCI,6bitsContainsthefirst6bitsofthe10-bitDLCI identifyingthevirtualcircuitthattheframewillusetoreachitsdestination. •Command/Response(C/R),1bitUndefined. •ExtendedAddress(EA),1bitIndicateswhetherthecurrentbyte containsthelastbitoftheDLCI.TheeighthbitofeverybyteintheLinkInfo fieldisanEAbit.Whentheframesusestandard10-bitDLCIs,thevalueof thisbitwillalwaysbe0. •LowerDLCI,4bitsContainsthelast4bitsofthe10-bitDLCI identifyingthevirtualcircuitthattheframewillusetoreachitsdestination. •ForwardExplicitCongestionNotification(FECN),1bitIndicatesthat networkcongestionwasencounteredinthedirectionfromsourceto destination. •BackwardExplicitCongestionNotification(BECN),1bitIndicates thatnetworkcongestionwasencounteredinthedirectionfromdestinationto source. •DiscardEligibility(DE),1bitIndicatesthataframeisoflesser importancethantheotherframesbeingtransmittedandthatitcanbediscarded intheeventofnetworkcongestion. •ExtendedAddress(EA),1bitIndicateswhetherthecurrentbyte containsthelastbitoftheDLCI.Whentheframesusestandard10-bitDLCIs, thevalueofthisbitwillalwaysbel.TheEAfieldisintendedtosupportthe futureexpansionofframe-relaycloudsinwhichDLCIslongerthan10bitsare needed. •Information,variableContainsaprotocoldataunit(PDU)generatedbya networklayerprotocol,suchasanIPdatagram.Theframe-relayprotocolsdonot modifythecontentsofthisfieldinanyway. •FrameCheckSequence(FCS),2bytesContainsavaluecomputedbythe sourceFRADthatischeckedateachswitchduringtheframe’sjourneythrough thecloud.Framesinwhichthisvaluedoesnotmatchthenewlycomputedvalue aresilentlydiscarded.Detectionofthemissingframeandretransmissionareleft totheupper-layerprotocolsattheendsystems. •Flag,1byteContainsthebinaryvalue01111110(or7Einhexadecimal form)thatservesasadelimiterfortheframe. Figure7-7Theframe-relayframeformat ATM AsynchronousTransferMode(ATM)haslongbeentheholygrailofthenetworking industry.Onceknownastheultimatenetworkingtechnology,ATMisdesignedtocarry voice,data,andvideoovervariousnetworkmedia,usingahigh-speed,cell-switched, connection-oriented,full-duplex,point-to-pointprotocol. Insteadofusingvariable-lengthframeslikeEthernet,framerelay,andotherprotocols, allATMtrafficisbrokendowninto53-bytecells.Thismakesiteasiertoregulateand meterthebandwidthpassingoveraconnectionbecausebyusingdatastructuresofa predeterminedsize,networktrafficbecomesmorereadilyquantifiable,predictable,and manageable.WithATM,it’spossibletoguaranteethatacertainquantityofdatawillbe deliveredwithinagiventime.Thismakesthetechnologymoresuitableforaunified voice/data/videonetworkthananondeterministicprotocollikeEthernet,nomatterhow fastitruns.Inaddition,ATMhasqualityofservice(Q0S)featuresbuiltintotheprotocol thatenableadministratorstoreserveacertainamountofbandwidthforaspecific application. ATMisbothaLANandWANprotocolandisaradicaldeparturefromtheother lower-layerprotocolsexaminedinthisbook.AllATMcommunicationispoint-to-point. Therearenobroadcasts,whichmeansthatswitching,andnotrouting,isanintegralpartof thistechnology.ATMcanalsobedeployedonpublicnetworks,aswellasprivateones. PubliccarrierscanprovideATMservicesthatenableclientstoconnectLANsatremote locations.Onprivatenetworks,ATMimplementationsatvariousspeedscanrun throughoutthenetwork,fromthebackbonetothedesktop.Thus,thesamecellsgenerated byaworkstationcantraveltoaswitchthatconnectstheLANtoanATMcarrierservice, throughthecarrier’sATMcloud,andthentoaworkstationonthedestinationnetwork.At nopointdothecellshavetoreachhigherthanthedatalinklayerofanintermediate system,andtransmissionspeedsthroughthecloudcanreachashighas2.46Gbps. Whilenotyettotallyrealized,alargepartofthispotentialhascometopass.ATMis beingusedasahigh-speedbackboneprotocolandforWANconnections,butthe25.6 MbpsATMLANsolutionintendedfordesktopusehasbeeneclipsedbyFastEthernet, whichrunsat100Mbpsandisfarmorefamiliartothemajorityofnetworkadministrators. ManyenterprisebackbonesrunoverATM,largelybecauseadministratorsfindthatits Q05capabilitiesandsupportforvoice,data,andvideomakeitabetterperformerthan traditionalLANprotocols. YoucanuseanATMpacket-switchingserviceforyourWANlinksinroughlythe samewayasyouwoulduseframerelay,byinstallingarouteratyoursitesandconnecting themtothecarrier’sPOPsusingleasedlines.ThisprocesstransmitstheLANdatatothe POPfirstandthenrepackagesitintocells.It’salsopossible,however,toinstallanATM switchateachremotesite,eitheraspartofanATMbackboneorasaseparatedevice providinganinterfacetothecarrier’snetwork.Thisway,theLANdataisconvertedto ATMcellsateachsitebeforeitistransmittedovertheWAN.Likeframerelay,ATM supportsbothPVCsandSVCs,butATMwasdesignedfromthebeginningtosupport voiceandvideousingSVCs,whileinframerelay,PVCsandSVCswerealateraddition. ATMhasanadvantageoverframerelaybecauseofitsgreaterspeedandmanageability. Manyofthefamiliarconceptsofotherprotocols,suchasmediaaccesscontroland variable-lengthframes,arenotapplicabletoATM.BecauseATMdoesnotshare bandwidthamongsystems,thereisnoneedforaMACmechanismsuchasCSMA/CDor tokenpassing.SwitchesprovideadedicatedconnectiontoeverydeviceontheATM network.BecauseallATMtransmissionsarecomposedoffixed-lengthcells,theswitching processissimplerandpredictable.AllATMswitchingishardwarebasedbecausethereis noneedforsoftware-managedflowcontrolandothersuchtechnologies.Referencesto ATMsystemsanddevicesrefertoswitchesandrouters,aswellasactualcomputers.The bandwidthdeliveredbyanATMnetworkisalsoreadilyquantifiable,makingiteasierto designatetheappropriateamountofbandwidthforaspecificapplication.OnanEthernet network,forexample,itmaybenecessarytoprovidemuchmorebandwidththanis actuallyneededtoensuregoodperformancefromavideoconferencingapplication.Thisis becauseyoumustaccountforthebandwidthrequiredforvideoconferencingontopofthe maximumbandwidthusedbyallotherapplicationscombined.Thenetwork,therefore,is designedtoaccommodatethepeaktrafficconditionthatoccursonlyasmallfractionofthe time.OnanATMnetwork,bandwidthcanbemorepreciselycalculated. LikeEthernetandTokenRing,ATMencompassesthephysicalanddatalinklayersof theOSIreferencemodelbutisitselfdividedintothreelayers(seeFigure7-8),whichare asfollows: •Physicallayer •ATMlayer •ATMadaptationlayer Figure7-8ATMarchitecture Thefollowingsectionsexaminethefunctionsperformedateachoftheselayers. ThePhysicalLayer TheATMstandardsdonotspecifyprecisephysicallayertechnologiesasmostotherdata linklayerprotocolsdo.Thismediaindependenceisoneoftheguidingdesignprinciples behindthetechnology.ATMcanrunatvariousspeedsoverSynchronousOpticalNetwork (SONET)andD5-3connectionsandlocallyovermultimodefiber-opticandshielded twisted-pair(STP)cable,amongothers.Speedsrangefrom25.6Mbpsfordesktop connectionsto2.46Gbps,althoughthemostcommonimplementationsrunat155or625 Mbps. ThehigherspeedsarecommonlyusedforbackbonesandWANconnections. NOTESONETisafiber-opticstandardthatdefinesaseriesofopticalcarrier (OC)servicesrangingfromOC-1,operatingat51.84Mbps,toOC-192 operatingat9,952Mbps. TheATMphysicallayerisdividedintotwosublayers,calledthephysicalmedium dependent(PMD)sublayerandthetransmissionconvergence(TC)sublayer.ThePMD sublayerdefinestheactualmediumusedbythenetwork,includingthetypeofcableand otherhardware,suchasconnectors,andthesignalingschemeused.Thissublayerisalso responsibleformaintainingthesynchronizationofalltheclocksinthenetworksystems, whichitdoesbycontinuouslytransmittingandreceivingclockbitsfromtheother systems. TheTCsublayerisresponsibleforthefollowingfourfunctions: •CelldelineationMaintainstheboundariesbetweencells,enablingsystems toisolatecellswithinabitstream •Headererrorcontrol(HEC)sequencegenerationandverification Ensuresthevalidityofthedatainthecellsbycheckingtheerror-controlcodein thecellheaders •CellratedecouplingInsertsorremovesidlecellstosynchronizethe transmissionratetothecapacityofthereceivingsystem •TransmissionframeadaptationPackagescellsintotheappropriateframe fortransmissionoveraparticularnetworkmedium TheATMLayer TheATMlayerspecifiestheformatofthecell,constructstheheader,implementsthe error-controlmechanism,andcreatesanddestroysvirtualcircuits.Therearetwoversions ofthecellheader,onefortheUserNetworkInterface(UNI),whichisusedfor communicationsbetweenusersystemsorbetweenusersystemsandswitches,andthe Network-to-NetworkInterface(NNI),whichisusedforcommunicationsbetween switches. Ineachcase,the53bytesofthecellaredividedintoa5-byteheaderanda48-byte payload.ComparedtoanEthernetheader,whichis18bytes,theATMheaderseemsquite small,butrememberthatanEthernetframecancarryupto1,500bytesofdata.Thus,fora full-sizedEthernetframe,theheaderislessthan2percentofthepacket,whileanATM headerisalmost10percentofthecell.ThismakesATMconsiderablylessefficientthan Ethernet,asfarastheamountofcontroldatatransmittedacrossthewireisconcerned. Figure7-9showstheformatoftheATMcell.Thefunctionsofthefieldsareas follows: •Genericflowcontrol(GFC),4bitsProvideslocalfunctionsintheUNIcell thatarenotcurrentlyusedandarenotincludedintheNXIcell. •Virtualpathidentifier(VPI),8bitsSpecifiesthenextdestinationofthe cellonitspaththroughtheATMnetworktoitsdestination. •Virtualchannelidentifier(VCI),16bitsSpecifiesthechannelwithinthe virtualpaththatthecellwilluseonitspaththroughtheATMnetworktoits destination. •Payloadtypeindicator(PTI),3bitsSpecifiesthenatureofthedatacarried inthecell’spayload,usingthefollowingbitvalues: •Bit1Specifieswhetherthecellcontainsuserdataorcontroldata. •Bit2Whenthecellcontainsuserdata,specifieswhethercongestionis presentonthenetwork. •Bit3Whenthecellcontainsuserdata,specifieswhetherthepayload containsthelastsegmentofanAAL-5PDU. •Celllosspriority(CLP),1bitSpecifiesapriorityforthecell,whichisused whenanetworkisforcedtodiscardcellsbecauseofcongestion.Avalueof0 indicatesahighpriorityforthecell,whileavalueof1indicatesthatthecellmay bediscarded. •Headererrorcontrol(EC),8bitsContainsacodecomputedonthe precedingfourbitsoftheheader,whichisusedtodetectmultiple-bitheadererrors andcorrectsingle-biterrors.ThisfeaturedetectserrorsintheATMheaderonly; thereisnoerrorcontrolofthepayloadatthislayer. •Payload,48bytesContainstheuser,network,ormanagementdatatobe transportedinthecell. Figure7-9TheATMcellformat VirtualCircuits AconnectionbetweentwoATMsystemstakestheformofavirtualcircuit.Likeframe relay,ATMusestwotypesofvirtualcircuits:permanentvirtualcircuits(PVCs),which networkadministratorsmanuallycreateandwhicharealwaysavailable,andswitched virtualcircuits(SVCs),whichsystemsdynamicallycreateasneededandthenterminate afteruse. Establishingavirtualcircuitthroughthenetworktoadestinationenablesthe transmissionofcellsthroughthatcircuitwithoutextensiveprocessingbyintermediate systemsalongtheway.Avirtualcircuitiscomposedofavirtualpath(VP)andavirtual channel(VC).Avirtualpathisalogicalconnectionbetweentwosystemsthatis composedofmultiplevirtualcircuits,muchasacablebetweentwopointscancontain multiplewires,eachcarryingaseparatesignal.OnceaVPisestablishedbetweentwo points,creatinganadditionalVCforanewconnectionwithinthatVPisarelatively simplematter. Inaddition,managingtheVPisaneasywayofmodifyingthepropertiesofallofthe VCsitcontains.Whenaswitchfails,forexample,theVPcanbereroutedtouseanother path,andallofitsVCsarereroutedwithit.EveryATMcellheadercontainsavirtualpath identifierandavirtualchannelidentifier,whichspecifytheVPthatthecellisusingand theVCwithinthatVP. ATMAddressing ATMnetworkshavetheirownaddressesforeachdevice,inadditiontoanyupper-layer addressestheymightpossess.Theaddressesare20byteslongandhierarchical,muchlike telephonenumbers,enablingthemtosupportextremelylargenetworks.Unlikeprotocols thatsharenetworkbandwidth,itisn’tnecessarytoincludesourceanddestination addressesineachcellbecauseATMtransmissionsusededicatedpoint-to-pointlinks. Instead,theaddressesareusedbytheATMswitchestoestablishtheVPIsandVCIsfora connection. TheATMAdaptationLayer TheprimaryfunctionoftheATMadaptationlayer(AAL)istopreparethedatareceived fromthenetworklayerprotocolfortransmissionandsegmentitinto48-byteunitsthatthe ATMlayerwillpackageascellsbyapplyingtheheader.TheAALconsistsoftwo sublayers,calledtheconvergencesublayer(CS)andthesegmentationandreassembly sublayer(SAR).TheCSpreparesthenetwork-layerdataforsegmentationbyapplying variousfieldsthatarespecifictothetypeofservicethatwilltransmitthedata,creating convergencesublayerprotocoldataunits(CS-PDUs).TheSARthensplitstheCS-PDUs intosegmentsoftheappropriatesizeforpackagingincells. SeveralAALprotocolsareavailableatthissublayer,whichprovidedifferenttypesof servicetosupportvariousapplications.TheAALprotocolsareasfollows: •AAL-1Aconnection-orientedserviceintendedforapplicationsthatrequire circuitemulation,suchasvoiceandvideoconferencing.Thisservicerequires clocksynchronization,soanetworkmediumthatsupportsclocking,suchas SONET,isrequired.Forthisservice,theCSsublayeraddsSequenceNumber (SN)andSequenceNumberProtection(SNP)fieldstothedatathatenablethe receivingsystemtoassemblethecellsintheproperorder. •AAL-3/4Supportsbothconnection-orientedandconnectionlessdata transferswithcell-by-cellerrorcheckingandmultiplexing.TheCScreatesaPDU byaddingabeginning/endingtagtothedataasaheaderandalengthfieldasa footer.AftertheSARlayersplitstheCS-PDUintocell-sizedsegments,itaddsa CRCvaluetoeachsegmentforerror-detectionpurposes. •AAL-5AlsocalledSimpleandEfficientAdaptationLayer(SEAL),AAL-5 providesbothconnection-orientedandconnectionlessservicesandismost commonlyusedforLANtraffic.TheCStakesablockofnetworklayerdataupto 64KBinsizeandaddsavariable-lengthpadandan8-bytetrailertoit.Thepad ensuresthatthedatablockfallsonacellboundary,andthetrailerincludesablock lengthfieldandaCRCvaluefortheentirePDU.TheSARsplitsthePDUinto48bytesegmentsforpackagingintocells.ThethirdbitofthePTIfieldintheATM headeristhensettoavalueof0forallofthesegmentsofthedatablockexcept thelastone,inwhichitissetto1. ATMSupport OneproblemisthecostandcomplexityofinstallingandsupportinganATMnetwork. WhileacompetentEthernetLANadministratorshouldbeabletoinstallthecomponents ofaGigabitEthernetbackbonewithlittletrouble,anATMbackboneisacompletely differentstory.ATMnetworksareahybridoftelecommunicationsanddatanetworking technologies.Thesearetwoseparatetypesofnetworks,butinthecaseofATM,bothcan usethesamecablesandswitches.AnATMbackbone,therefore,maybeconnectednot onlytodatanetworkingcomponentssuchasrouters,switches,andservers,butalsoto PBXsandothertelecommunicationsdevices. SONET SynchronousOpticalNetwork(SONET)carriesdataoverfiber-opticcablesusedtodayby manylong-distancecarriers.Itwasoriginallydesignedtotransmitmanyinformation types,includingvoice,video,anddata.Thissystem,alongwithSynchronousDigital Hierarchy(SDH),isusedthroughouttheworldtotransmitinformation. SONETworksatthephysicallayer,anditsprotocolsspecifyaconsistentmethodof multiplexingmanysmallsignalsintoonelarger(andfaster)transmission.Several characteristicsmakethistechnologyattractive: •Built-insupportformaintenanceandmanagement •Theabilitytocarrynearlyallhigher-levelprotocols •Definitionofclearstandardsbetweenvariousproducts Thistechnologyprovidesstandardsforlineratesupto9.953Gbps.Becausesome haveexperiencedlineratesapproaching20Gbps,SONEThasbeencalledthefoundation forthephysicallayerofbroadbandISDN.ATMcanrunasalayerontopofbothSONET andothertechnologies. CHAPTER 8 ServerTechnologies Allofthecomputersonalocalareanetworkcontainroughlythesamecomponents,such asamicroprocessor,memorymodules,massstoragedevices,keyboards,videoadapters, andotherinput/outputmechanisms.However,youcanstilldividethecomputersintotwo basiccategories:serversandclientworkstations.Atonetime,itwaseasytodifferentiate betweenserversandclientsbecauseserversfunctionedonlyasserversandclientsonlyas clients.Serversinearlierdayswereessentiallycomputerswithmoreofeverything:faster processors,morememory,andlargerharddrives,forexample.Nowthatmanycomputers canfunctionasbothserversandclientssimultaneously,theboundarybetweentheserver andclientfunctionshasbeenobscuredsomewhat.Recentyearshaveseengreat developmentsinthefeaturesandtechnologiesthatmakeaserverdifferentfroma workstation.Fromapplicationserverstowebservers,eachmachineoffersdifferent servicesandhasdifferentfeatures.Thischapterexaminessomeofthesefeaturesand technologiesandexplainshowtheycanenhancetheperformanceofyournetwork. PurchasingaServer Whenbuildingalocalareanetwork(LAN),youcanpurchasevirtuallyanycomputerand useitasaserver.Theprimaryattributesthatmakeacomputeraserveraredeterminedby thenetworkoperatingsystem’shardwarerequirements.Forexample,theWindows2012 Serverrequirementscallfor256MBofmemory,butyoucanactuallyruntheoperating systemonastandardworkstationcomputerwithaslittleas128MB.Itwon’trunaswell, butitwillrun.Whenshoppingforcomputers,you’llseethatsomeproductsare specificallydesignedtobeserversandnotjustbecauseoftheoperatingsysteminstalled onthemortheamountofmemoryordiskspacetheycontain.Forasmallnetwork consistingofonlyahandfulofnodes,itmaynotbepracticalforyoutospendtheextra moneyonacomputerdesignedtobeaserver.Instead,youcanpurchaseahigh-end workstationwithsufficientresourcestoruntheserveroperatingsystemandusethat. Whenyoudoneedthefeaturesofarealserver,it’simportanttounderstandhowaserver candifferfromaworkstationandwhichfeaturesyouneedforyournetwork. Whenyoulookatthedescriptionofaservercomputerinacatalogoronawebsite,it mayseematfirstasthoughyou’repayingmoremoneyforless.Serversoftendonotcome withmonitors,andtheygenerallydonotincludethehigh-performancevideoadaptersand audiosystemsyoufindinnearlyeveryhomeorofficecomputerpackage. Thevideoadapterinaserverisinmanycasesintegratedintothecomputer’s motherboardandincludessufficientmemorytopoweradisplayatavarietyofresolutions. However,thevideosubsysteminaserverusuallydoesnotincludethe3-Dacceleratorand othercomponentsfoundonaseparateadaptercardusedinaworkstationformorevideointensivetasks,suchasgame-playingandmultimediaapplications.Avideoadapterina serveralsotendsnottousetheAcceleratedGraphicsPort(AGP)foritsinterfacetothe computerbecauseAGPusessystemmemoryforsomeofitsfunctions,andinaserver,you wantasmuchsystemmemoryaspossibletobedevotedtoyourserverapplications. Asforaudio,mostserversincludenoaudioadapteratallor,atmost,arudimentary onethatisalsointegratedintothemotherboard.Speakersareusuallynotincluded.The onlypurposeforhavinganyaudiocapabilitiesinaserveristoprovideaudiblefeedback alertingtheadministratorofparticularsystemconditions.However,sinceserversareoften keptinalockedclosetordatacenter,eventhisbasicaudiocapabilityusuallyisn’t necessary. NOTEAlthoughserversgenerallydonotcomeequippedwithhigh-endvideo andaudioadapters,thereisusuallynoreasonwhyyoucan’taddthem laterandusethecomputerfortasksmoretraditionallyassociatedwith clientworkstations. Thequestionthenremains,whatdoyougetwhenyoupurchaseaserverformore moneythanyouwouldspendonaworkstationwiththesameprocessorandacomparable amountofmemoryanddiskspace?Thefollowinglistexaminesthewaysinwhichthe basiccomponentsinaserverdifferfromtheircounterpartsinaworkstation: •CaseAservercasecanbelargerthanthatofaworkstationinorderto provideroomforgreaterexpansion.Servercasesareusuallyeitherfreestanding towersorspeciallydesignedtobemountedinastandard19-inchequipmentrack. Expandabilityisanimportantqualityinaserver,andthecasestypicallyhavea largenumberandvarietyofbaystosupporttheinstallationofadditionaldrives. Sinceaserverdoesn’tusuallytakeupspaceonauser’sdesk,maintaininga smallfootprintisnotaconcern,andservercasestendnottohavetheir componentsshoehornedintothemintheinterestofsavingspace.Theresultisthat thereismoreroomtoworkinsidethecaseandeasieraccesstothecomponents.A servercasemightalsohavegreaterphysicalsecuritythanastandardcomputer case,suchasakey-lockablecoverthatpreventsanyaccesstotheservercontrols anddrives. •PowersupplyTosupportthegreaternumberofdrivesandotherdevices frequentlyfoundinaserver,thepowersupplyistypicallymorerobust.Thepower supplyusuallyalsohasmoreinternalpowerconnectorsavailabletoattachto installeddevices.Insomecases,aserver’spowersupplymighthaveitsown internalsurgeprotectioncircuitry.Someserversalsohaveredundantpower supplies,providingfaulttoleranceintheeventofapowersupplyfailure. •FansThepossibilityofhavingmanymoredrivesandmultipleprocessorsin aservermeansthatthecomputercanpotentiallygeneratealotmoreheatthana workstation.Servercasestypicallyhavemultiplefansinthem,asidefromtheone inthepowersupply.Awell-designedcasewillalsohaveacarefullyplanned ventilationpaththatblowsthecoolerairfromtheoutsidedirectlyacrossthe componentsthatmostneedtobekeptcool.Insomecases,serversuseasealed casedesigninwhichalloftheairenteringthecaserunsthroughafilter,enabling theservertofunctioninanindustrialenvironmentwithoutcontaminatingthe internalcomponentswithdustandotherparticles.Somehigh-endservers designedformission-criticalapplicationsalsohavehot-swappablemodularfan assemblies,meaningthatshouldafanfail,it’spossibletoreplacetheunitwithout shuttingdowntheserver. •ProcessorServersusethesamemodelprocessorsasworkstations,andgiven thecomputerindustry’sdedicationtoaggressivelymarketingthenewestand fastestprocessorstohomeusers,youmayfindthataserver’sprocessorisnotany fasterthanaworkstation’s.Infact,becauseserversaredesignedwithanemphasis onexpandabilityandbecausetheycostmore,theytendtohavelongerlivesthan workstations,meaningthattheymighthaveaprocessorthatisslowerthanthe “latestandgreatest.”Whereserversdodifferfromworkstationinthisareaisthat theyoftenhavemorethanoneprocessor.Formoreinformation,see“Using MultipleProcessors”laterinthischapter. •MemoryServersaretypicallycapableofsupportingmorememorythan workstations,sometimesalotmore.Examiningtheinsideoftheserveranda workstation,youmaynotseeanydifferencebecauseaservermayhavethesame numberofmemoryslotsasaworkstationandusethesamebasictypeofmemory modules.Theserverwillsupportmodulescontainingmorememory,however,ina greatervarietyofconfigurations. Inadditiontothesedifferencesinaserver’sbasiccomponents,thereareothermore advancedtechnologiesthatcanhaveanevengreaterimpactonthecomputer’s performance,asdiscussedinthefollowingsections. UsingMultipleProcessors Eventhoughtheprocessordesignsusedincomputerstodayarecontinuallybeing enhancedandupgradedtorunateverfasterspeeds,serversoftenrequiremoreprocessing powerthananysingleprocessorcanprovide.Thisisbecauseaserverapplicationsuchas adatabaseenginemayhavetoservicerequestsfromdozensorevenhundredsofusersat thesametime.Toincreasetheprocessingpoweravailabletotheapplication,youcanadd moreprocessors.Youcanmultiplytheprocessingpowerofaserverintwoways:by installingmultipleprocessorsintothecomputerorbyconnectingmultiplecomputers usingahardwareorsoftwareproductthatjoinsthemintoaclusterorasystemarea network(SAN). ParallelProcessing Theuseofmultipleprocessorsinasinglecomputerisnotanewidea,althoughithas becomecommoninthePCindustryonlyinthelastfewyears.Thetwobiggestadvantages ofusingmultipleprocessorsareeconomyandexpandability.Whenaprocessor manufacturerreleasesanewproduct,itspricecomparedtothepreviousmodelsisalways disproportionatelyhighfortheperformanceincreaseitprovides.Aseachnewprocessoris supersededbythenextmodel,thepricedropsquickly.Bypurchasingaserverwith multipleprocessorsinit,youcanrealizenearlythesameprocessingpowerasthelatest chiponthemarketformuchlessmoney.Multipleprocessorsupportcanalsoextendthe lifeofaserverbyenablingtheownertoupgradeitasneeded.Youcanbuyasingleprocessorservercontainingamotherboardthatsupportsuptofourprocessorsforonly slightlymorethanacomputerwithastandardsingleprocessormotherboard.Later,asthe burdenontheserverisincreasedbytheadditionofmoreusersorapplications,youcan buyadditionalprocessorsandinstallthemintotheemptymotherboardsockets. Themethodbywhichacomputermakesuseofmultipleprocessorsisknownas parallelprocessing.Thisconsistsofdistributingcomputingtasksamongtheavailable processorssothattheyareallcontinuouslyactive.Therearevariousmethodsinwhich computerswithmultipleprocessorscanimplementparallelprocessing.Supercomputer systems,forexample,cancombinethecapabilitiesofhundredsofprocessorstoperform complextasksthatrequireenormousnumbersofcomputations,suchasweather forecasting.Inmostcases,thesesupercomputersuseatechniquecalledmassivelyparallel processing(MPP),inwhichtheprocessorsaregroupedintonodesandconnectedbya high-speedswitch.Inthisarrangement,eachnodehasitsownmemoryarrayanditsown busconnectingtheprocessorstothememory.Thereisnosharingofresourcesbetween nodes,andcommunicationbetweenthemisrestrictedtoadedicatedmessagingsystem. SymmetricMultiprocessing TheserverswithmultipleprocessorsusedonLANstodayemployadifferentmethod, calledsymmetricalmultiprocessing(SMP).InanSMPsystem,theprocessorssharea singlememoryarray,input/output(I/O)system,andinterrupts,asshowninFigure8-1. Processingtasksaredistributedevenlybetweenalloftheprocessors,soitisn’tpossible foroneprocessortobeoverloadedwhileanothersitsidle.Thisisincontrasttoanother system,calledasymmetricalmultiprocessing,inwhichtasksareassignedtoeach processorindividuallyandtheworkloadmaynotbebalanced. Figure8-1SMPcomputershaveasinglememoryarrayandI/Obus,whicharesharedbyalloftheprocessors. Sharingasinglememoryarrayeliminatestheneedforthemessagingsystemfoundin MPP.TheprocessorsinanSMPcomputercancommunicateandsynchronizetheir activitiesmorequicklythanmostotherparallelprocessingtechnologies. Itisimportanttonotethathavingmultipleprocessorsinacomputerisnotconsidered tobeafault-tolerancemechanism.Ifoneoftheprocessorsshouldfailwhilethesystemis running,thecoherencyofthecachedoperatingsystemandapplicationinformationare likelytobeaffected,eventuallycausingacrash.Failureorremovalofaprocessorwhile thecomputerisshutdown,however,willnothaveadeleteriouseffectsincetheoperating systemdetectsthenumberofavailableprocessorsduringthestartupsequenceand configuresitselfaccordingly. HardwareandSoftwareRequirements TousemultipleprocessorsinaLANserver,SMPmustbesupportedbytheprocessors themselves,thecomputer’smotherboard,theoperatingsystem,andtheapplications runningontheserver.Ifyouinstallanoperatingsystemoranapplicationthatdoesn’t supportSMPonaserverwithmultipleprocessors,thesoftwarefunctionsinthenormal mannerusingonlyoneoftheprocessors. MostoftheoperatingsystemsintendedforuseonserverssupportSMP.Mostofthe UnixoperatingsystemssupportSMP,includingLinuxversionsaswellasMac.Insome cases,suchasFreeBSD,youhavetosubstituteamultiprocessorkernelforthestandard onesuppliedwiththeoperatingsystem.Interestingly,althoughitisnotconsideredaserver application,AdobePhotoshopalsosupportsSMP,makingitpossibleforgraphicdesigners workingwithlargeimagefilesandcomplexfunctionstotakeadvantageofacomputer withmultipleprocessors. ServerClustering Aclusterisagroupofserversthatareconnectedbycablesandthatfunctionasasingle entity.Toaclientonthenetwork,theclusterappearstobeasingleserver,eventhoughit consistsoftwoormorecomputers.Clusteringcanprovidethesameadvantageashaving multipleprocessorsinasingleserversinceitispossibletodividetheserver’sworkload betweentheprocessorsinthevariouscomputersthatmakeupthecluster.However, clusteringcanalsoprovidefaulttoleranceinwaysthatSMPcannot. Thecomputersthatmakeupaclusterareconnectedprogrammaticallyaswellas physically.Insomecases,operatingsystemsprovidedirectsupportforclustering,whilein others,aseparateapplicationisrequired. Clusteringcanprovidetwobasicadvantagesoverasingleserver:loadbalancingand faulttolerance.Loadbalancingistheprocessbywhichthetasksassignedtotheserverare distributedevenlyamongthecomputersinthecluster.Thisconceptcanworkindifferent ways,dependingontheapplicationinvolved.Forexample,aclusterofwebserverscan balanceitsloadbysendingeachoftheincomingrequestsfromwebbrowserclientstoa differentserver.WhenyouconnecttoahugelypopularInternetwebsite,youcanbesure thatallofitsthousandsofconcurrentusersarenotbeingservedbyasinglecomputer. Instead,thesiteusesaserverfarmthatconsistsofmanyidenticallyconfiguredcomputers. Eachtimeyouconnecttothesitewithyourwebbrowser,youareprobablyaccessinga differentserver.Aclusteredterminalserverworksinthesameway;eachnewclient connectingtotheserverisdirectedtothecomputerthatiscurrentlycarryingthelightest load.Otherapplicationsthatsplittheprocessingintothreadscandistributethosethreads equallyamongthecomputersinthecluster. Thisloadbalancingcapabilitygreatlyenhancestheexpandabilityoftheserver.Ifyou reachapointwheretheserverisoverburdenedbytheapplicationtrafficitmusthandle, youcansimplyaddanothercomputertothecluster,andtheworkloadwillautomatically bebalancedamongtheavailablesystems,thusreducingtheloadoneachone.Youcan alsoupgradetheserverbyinstallingadditionalprocessorstoSMPcomputersinthecluster orbyreplacingacomputerwithonethatisfasterandmorecapable. Loadbalancingalsoprovidesfaulttolerance.Ifoneofthecomputersinthecluster shouldfail,theotherscontinuetofunctionwiththeloadredistributedbetweenthem. However,it’salsopossibletoconstructaclusterwithmoreextensivefailovercapabilities. Afailoverclusterisoneonwhichconnectedcomputersareconfiguredsothatwhenone fails,theothertakesoverallofitsfunctions.Thistypeofclusterisbettersuitedto databaseande-mailserversthatmustbecontinuouslyavailable.E-commerceisoneofthe fewtechnologiesthatcanrequirebothloadbalancingandfailovertechnologiesinone cluster. Intoday’sclusteringproducts,agroupofcomputerscanbeclusteredinafailover configurationwithoutleavingsomeofthemachinesidle.Ifoneofthecomputersfails,its applicationsaremigratedtoanothercomputerinthecluster,whichtakesoverits functions,asshowninFigure8-2.(Forthistooccur,allofthecomputersinthecluster musthaveaccesstotheapplicationsanddatausedbytheothercomputers.) Figure8-2Inaservercluster,alloftheserversareactive,withfunctionsreadytofailovertootherservers. SystemAreaNetworks Asystemareanetwork(orSAN,nottobeconfusedwithastorageareanetwork,also abbreviatedSAN)isessentiallyadedicated,switchednetworkthatconnectsagroupof computersthatareinthesameadministrativedomainandlocatedrelativelyclosetoeach other.Thenetworkachievesgreatertransmissionspeedsbyimplementingareliable transportservice(muchliketheTransmissionControlProtocol[TCP])inhardware insteadofsoftware.TheSANhardwareconsistsofnetworkinterfaceadaptercardsthat useFibreChannelconnectionstoacentralswitch.ASANnetworkinterfaceadapter makesindividualtransportendpoints(muchliketheportsusedinaTCPsoftware implementation)availabletotheconnectedcomputers.TheseendpointsarememorybasedregistersthataresharedbytheSANnetworkadapterandthecomputer’sprocessor. Theprocessorcanthereforepasstheincomingtrafficdirectedataparticularendpoint immediatelytotheappropriateapplicationrunningonthecomputer.Inasense,aSAN operatesmuchlikeadistributedmemoryarray,ratherthanastandardnetworking technology. ClusterNetworkingHardware Therearetwoareasinwhichtheuseofserverclusteringcanaffectthehardwareusedto constructanetwork:thenetworkconnectionsthemselvesandtheserver’smassstorage hardware.Thecomputersinaclusterusestandardnetworkconnectionstocommunicate witheachother.Infact,itispossibletobuildaserverclusterwithnoadditional networkinghardwareotherthaneachcomputer’snormalconnectiontotheenterprise network.Inafailoverconfiguration,theserversintheclustercommunicatebyexchanging signalsatregularintervalscalledheartbeats.Theseheartbeatsserveasanindicationto eachcomputerthattheothercomputersintheclusterareupandrunningproperly.Ifa computerfailstotransmitapredeterminednumberofconsecutiveheartbeats,theother computersintheclusterassumethatithasfailedandtakeactiontoassumeitsfunctions. Thissameheartbeatmethodalsofunctionsattheapplicationlevel.Ifasingleapplication failsononeofthecomputersinthecluster,theclusterserviceattemptstorestartitonthe samecomputer.Ifthisshouldfail,theservicethenmigratestheapplicationtoanother computerinthecluster. Theheartbeatscanbeexchangedoverthenormalnetworkconnection,butifthe clusterisonasharednetworkwithothersystems,theadditionaltrafficgeneratedbythe heartbeatscanbeaproblem.Inaddition,thenetworkconnectionprovidesasinglepointof failure.Ifacablebreakorafailureinahuborothernetworkcomponentshouldoccur,the heartbeatscanfailtoreachallofthecomputersinthecluster,resultinginaconditionin whichbothcomputersattempttotakeonthefunctionsoftheother. Toaddresstheseproblems,it’sagoodideatobuildaseparate,privatenetworkthatis dedicatedtothecomputersinthecluster.Ethernetistypicallytheprotocolofchoicefor thisarrangement,withGigabitEthernetanoptionforinstallationsthatcanbenefitfrom greaterspeeds.Notonlydoesthisprivatenetworkensurethattheheartbeatsgeneratedby eachcomputerreachtheothersinatimelyfashion,italsoprovidesabackupforthe intraclustercommunications.Laterinthischapter,youwillseehowthisseparatenetwork canalsobeusedwithahigher-speedprotocolsuchasFibreChanneltoconnecttheservers toexternaldrivearraysandotherstoragedevices.Thisiscalledastorageareanetwork. ClusterStorageHardware Oneoftheelementsthatcomplicatetheimplementationofaclusteringsolutionina failoverconfigurationisthateachofthecomputersintheclusterrequiresaccesstothe applicationsanddatarunningontheothercomputers.Therearethreewaystoaccomplish this,whichhavecometodefinethethreebasichardwareconfigurationsyoucanuseina computerthatispartofacluster.Thesethreehardwareconfigurationsareasfollows: •ShareddiskInashareddiskconfiguration,thecomputersintheclusterare allconnectedtothesamediskarrayusingacommonI/Obussothatallofthe computerscanaccessthesameapplicationsanddatasimultaneously.Thedisk arraytypicallyusessomeformofSCSI,FibreChannel,orserialstorage architecture(SSA)toconnecttothecomputers.Becausethisarrangementmakes itpossiblefortwocomputerstoupdatefilesontheshareddrivesatthesametime, anadditionalsoftwarecomponentcalledadistributedlockmanagerisneededto preventfilesfrombeingcorruptedandnewdatafrombeingoverwritten. •SharednothingAsharednothingconfigurationisoneinwhichthereisno simultaneousaccessofthesamedatastoresbydifferentcomputersinthecluster. Theredundantconnectionissothatifonecomputershouldfailandits applicationsfailovertoanothercomputer,thesubstitutecanimmediatelyaccess thesamedatastoresastheoriginalsystemandcontinuewhereitleftoff. •MirroreddiskInamirroreddiskconfiguration,eachcomputermaintainsits ownstoragedrives,anddataisreplicatedbetweenthecomputersonaregular basis. UsingHierarchicalStorageManagement Hierarchicalstoragemanagement(HSM)isatechniqueforstoringdataonavarietyof devicetypesinordertominimizestoragecostswhileprovidingeasyaccessibility.Asa generalrule,thecheaperthemedium,thesloweritsaccesstime.Byinstallingvarious typesofdrivesinaserver,youcanminimizeyourstoragecostsbyputtingthemost frequentlyusedfilesonharddrives,occasionallyusedfilesonopticaldiscs,andseldom usedfilesonmagnetictape. Theproblemwiththisarrangementiskeepingtrackofwhichfilesarestoredonwhich device,andthisiswhereHSMprovidesasolution.HSMisasoftwareproductthat automaticallymigratesfilesbetweenthevariousmedia,dependingonhowoftenthey’re accessed.AtypicalHSMinstallationconsistsofaserverwithoneormoreharddrivesand anopticaldiscjukeboxormagnetictape,orboth.Thesedevicesenableyoutomaintain largeamountsofstorageandstillaccessitwithouthumanintervention.Thisisknownas nearlinestorage. Whenafileonaharddrivegoesacertainnumberofdayswithoutbeingaccessed,the HSMsoftwaremigratesittothesecondarymedium,suchasanopticaldisc.Aftercopying thefiletotheopticaldisc,thesoftwarecreatesatinykeyfileinitsplaceontheharddrive. Thekeyfilespecifiesthelocationoftheactualfileandprovidesaplaceholderfornetwork users.Ifthefilegoesevenlongerwithoutbeingaccessed,HSMmigratesittoatertiary medium(suchastape)andupdatesthekeyfile.Toauseronthenetwork,thefilesthat havebeenmigratedtoothermediaappeartostillbeontheharddrive.Whentheuser attemptstoaccessthefile,HSMreadsthecontentsofthekeyfile,loadstheappropriate diskortapeintothedrive,readsthefile,andsuppliesittotheuser.Theonlysigntothe userthatthefileisnotstoredontheharddriveistheadditionaltimeittakesforHSMto supplythefile.Everythingelseiscompletelyinvisible.Iftheusermodifiesthefile,HSM migratesitbacktotheharddrive,whereitremainsuntilitreachesthemigrationinterval onceagain. HSMsoftwareproductsareusuallyhighlyconfigurable,enablingyoutousevarious combinationsofmediaandspecifywhatevermigrationintervalsyouwant.AnHSM installationisnotcheap,butforanetworkthatmuststorevastamountsofdatawhile keepingitallavailableatafewminutes’notice,HSMisaviablesolution. FibreChannelNetworking Thedevelopmentofnewnetworkstoragetechnologies,suchasnetworkattachedstorage (NAS)andstorageareanetworks(SANs),thatcallforstoragehardwareexternaltothe serverhasresultedintheneedforameanstotransmitlargeamountsofdatabetween relativelydistantdevicesathighspeeds. FibreChannelwasconceivedin1988asahigh-speednetworkingtechnologythatits advocateshopedwouldbethesuccessortoFastEthernetandFiberDistributedData Interface(FDDI)onbackbonenetworksthatrequiredlargeamountsofbandwidth. RatifiedinaseriesofAmericanNationalStandardsInstitute(ANSI)standardsin1994, FibreChannelneverfoundacceptanceasagenerallocalareanetworkingprotocol, althoughGigabitEthernet,anextensionoftheEthernetstandardusingtheFibreChannel physicallayeroptions,did.Instead,FibreChannelhasbecometheprotocolofchoicefor high-endnetworkstoragetechnologiesandhasparticularlybecomeassociatedwithSANs. AFibreChannelconnectioncantransferdataattherateof32Gbps. NOTETheunusualspellingoffibreisdeliberateandintendedtodistinguish thetermFibreChannelfromfiberoptic. Unlikedevicesthatconnectstoragedevicesandserversusingabus,FibreChannelis essentiallyaseparatenetworkthatcanconnectvarioustypesofstoragedeviceswiththe serversonanetwork.FibreChannelusesstandardnetworkinghardwarecomponents,such ascables,hubs,andports,toformthenetworkmedium,andtheconnectednodestransmit andreceivedatausinganyoneofseveralservices,providingvariouslevelsof performance.FibreChanneldiffersfromstandardnetworkingprotocolssuchasthe InternetProtocol(IP)inthatmuchofits“intelligence”isimplementedinhardware,rather thaninsoftwarerunningonahostcomputer. TheFibreChannelprotocolstackconsistsoffivelayersthatperformthefunctions attributedtothephysicalanddatalinklayersoftheOpenSystemsInterconnection(OSI) referencemodel.Theselayersareasfollows: •FC-0ThislayerdefinesthephysicalcomponentsthatmakeuptheFibre Channelnetwork,includingthecables,connectors,transmitters,andreceivers,as wellastheirproperties. •FC-1Thislayerdefinestheencodingschemeusedtotransmitthedataover thenetwork,aswellasthetimingsignalsanderrordetectionmechanism.Fibre Channelusesanencodingschemecalled8B/10B,inwhich10bitsareusedto represent8bitsofdata,thusyieldinga25percentoverhead. •FC-2Thislayerdefinesthestructureoftheframeinwhichthedatatobe transmittedisencapsulatedandthesequenceofthedatatransfer. •FC-3Thislayerdefinesadditionalservicessuchasthestripingofdata acrossmultiplesignallinestoincreasebandwidthandtheuseofmultipleports withasinglealiasaddress. •FC-4ThislayermapstheFibreChannelnetworktotheupper-layer protocolsrunningoverit.Whileit’spossibletomapFibreChanneltostandard networkingprotocols,suchasIP,theFibreChannelProtocol(FCP)istheprotocol usedtoadaptthestandardparallelSCSIcommandstotheserialSCSI-3 communicationsusedbystoragedevicesonaFibreChannelnetwork. TheFibreChannelPhysicalLayer FibreChannelsupportsbothfiber-opticandcoppercables,withfiberopticproviding greatersegmentlengths. Thethreephysicallayercableoptionsareasfollows: •SinglemodefiberopticNine-micronsinglemodefiber-opticcable,using standardSCconnectors,withamaximumcablelengthof10,000meters •MultimodefiberopticFifty-or62.5-micronmultimodefiber-opticcable withSCconnectors,withamaximumcablelengthof500meters •Shieldedtwisted-pair(STP)Type1STPcablewithDB-9connectors,with amaximumcablelengthof30meters Usinganyofthesecabletypes,youcanbuildaFibreChannelnetworkwithanyone ofthethreefollowingtopologies: •Point-to-pointThepoint-to-pointtopologylinksaFibreChannelhostbus adapterinstalledintoacomputertoasingleexternalstoragedeviceorsubsystem. •LoopThelooptopology,alsocalledacontinuousarbitratedloop,can containanunlimitednumberofnodes,althoughonly127canbeactiveatanyone time.Youcanconnectthenodestoeachotherusingaphysicalloop,oryoucan implementthelooplogicallyusingahubandaphysicalstartopology,asina TokenRingnetwork.Traffictravelsonlyonedirectionontheloop,unlikeSSA andFDDI,whichhaveredundantloopsthatpermitbidirectionalcommunications. Therefore,inthecaseofaphysicalloop,acablebreakornodefailurecantake downthewholeloop,whilethehubinalogicalloopcanremovethe malfunctioningnodeandcontinueoperating.EachofthenodesinaFibreChannel loopactsasarepeater,whichpreventssignaldegradationduetoattenuation,buta loopisstillasharednetworkwithmultipledevicesutilizingthesamebandwidth, whichcanlimittheperformanceofeachdevice. •FabricThefabrictopologyconsistsofnodesconnectedtoswitcheswith point-to-pointconnections.JustasonanEthernetnetwork,switchingenableseach devicetousethefullbandwidthofthenetworktechnologyinitstransmissions. FibreChannelusesnonblockingswitches,whichenablemultipledevicestosend trafficthroughtheswitchsimultaneously.AswitchedFibreChannelnetworkhas thebenefitofalmostunlimitedexpandabilitywhilemaintainingexcellent performance. FibreChannelCommunications CommunicationsoveraFibreChannelnetworkarebrokendownintothreehierarchical structures.Thehighest-levelstructureiscalledanexchange,whichisabidirectional, application-orientedcommunicationbetweentwonodesonthenetwork.Inthecontextof astorageoperation,anexchangewouldbetheprocessofreadingfromorwritingtoafile. Asingledevicecanmaintainmultipleexchangessimultaneously,withcommunications runninginbothdirections,ifneeded. Anexchangeconsistsofunidirectionaltransmissionsbetweenportscalledsequences, whichinthecontextofareadorwriteoperationaretheindividualblockstransmittedover thenetwork.Eachsequencemustbecompletedbeforethenextonecanbegin.Sequences arecomposedofframes,andtheframeisthesmallestprotocoldataunittransmittedovera FibreChannelnetwork.FibreChannelframesareconstructedmuchliketheframesused inothernetworkingprotocols,suchasEthernetandIP.Theframeconsistsofdiscrete fieldsthatcontainaddressinganderrordetectioninformation,aswellastheactualdatato betransmitted.Inthestoragecontext,aframeistheequivalentofaSCSIcommand. FibreChannelprovidesthreeclassesofservice,withdifferentresourcerequirements andlevelsofperformanceprovidedbyeach.Theseserviceclassesareasfollows: •Class1Class1isareliable,connection-oriented,circuit-switchedservicein whichtwoportsonthenetworkreserveapaththroughthenetworkswitchesto establishaconnectionforaslongastheyneedit.Theresultisthefunctional equivalentofapoint-to-pointconnectionthatcanremainopenforanylengthof time,evenpermanently.Becauseavirtualcircuitexistsbetweenthetwonodes, framesarealwaystransmittedandreceivedinthesameorder,eliminatingthe additionalprocessingrequiredtoreorderthepackets,asonanIPnetwork.The Class1servicetendstowastebandwidthwhentheconnectionisnotinuseallof thetime,butforapplicationsthatrequireaconnectionwiththeultimatein reliabilityandperformance,theexpenditurecanbeworthwhile. •Class2Class2isaconnectionlessservicethatprovidesthesamereliability asClass1throughtheuseofmessagedeliveryandnondeliverynotifications. SinceClass2isnotacircuit-switchedservice,framesmayarriveatthe destinationportinthewrongorder.However,itistheportinthereceivingnode thatreorderstheframes,nottheprocessorinsidetheserverorstoragesubsystem containingtheport.Byplacingtheresponsibilityforordereddeliveryofframes ontheportratherthanontheswitch,asintheClass1service,theswitchesare betterabletoprovidethemaximumamountofbandwidthtoallofthenodeson thenetwork.TheClass2servicecanthereforeprovideperformanceandreliability thatisnearlythatoftheClass1service,withgreateroverallefficiency.Most storagenetworkimplementationsuseClass2ratherthanClass1forthisreason. •Class3Class3isanunreliableconnectionlessservicethatdoesnotprovide notificationofdeliveryandnondeliverylikeClass2.Removingtheprocessing overheadrequiredtoimplementthenotificationsreducesportlatencyand thereforegreatlyincreasestheefficiencyofthenetwork.Thisisparticularlytrue inthecaseofaloopnetwork,whichusesasharedmedium.Inthecaseofa storagenetwork,theFCPprotocolprovidesframeacknowledgmentand reorderingservices,makingitunnecessarytoimplementtheminthenetwork hardware. NOTEThereisalsoanextensiontotheClass1servicecalledIntermix,which enablesotherprocessestoutilizetheunusedbandwidthofaClass1 connectionforthetransmissionofClass2andClass3traffic.Inthis arrangement,however,theClass1trafficmaintainsabsolutepriorityover theconnection,whichcancausethenodestobufferordiscardClass2 and3frames,ifnecessary. NetworkStorageSubsystems Intheoriginalclient-servernetworkdesign,theserverwasacomputerconstructedvery muchlikeaclient,exceptwithmorestoragecapacity,morememory,afasterprocessor, andsoon.Astheyearshavepassedanddatastoragerequirementshaveincreasedatan exponentiallevel,ithasbecomeunwieldyforapersonalcomputertocontainenough spaceandpowerforthemanydrivesusedinmodernstoragearrays.Movingthestorage managementtasksawayfromtheserverandintoadedicateddevicealsoreducesthe processingburdenontheserver.Today,withserverclustersandotheradvancedserver technologiesbecomingmorepopular,thereisadrivetowardstoragearrayswithgreater capabilities. OneofthesolutionsistointegratethestandardstorageI/Oarchitecturewiththe networkingarchitectureusedforothercommunicationsbetweensystems.CombiningI/O andnetworkingmakesitpossibletolocatetheserversandthestoragearraysvirtually anywhere,buildamoreflexibleandexpandablestoragesolution,andenableanyserveron thenetworktoworkwithanystoragedevice.Therearetwotechnologiesthatareleading thewayinthisnewareaofdevelopment:networkattachedstorageandstoragearea networks.Thesetechnologiesarenotmutuallyexclusive;infact,thefuturenetworkis likelytoencompassbothtosomedegree. NetworkAttachedStorage Networkattachedstorageisatermthatisgenerallyappliedtoastand-alonestorage subsystemthatconnectstoanetworkandcontainseverythingneededforclientsand serverstoaccessthedatastoredthere.AnNASdevice,sometimescalledanetwork storageappliance,isnotjustaboxwithapowersupplyandanI/Obuswithharddrives installedinit.Theunitalsohasaself-containedfilesystemandastripped-down, proprietaryoperatingsystemthatisoptimizedforthetaskofservingfiles.TheNAS applianceisessentiallyastand-alonefileserverthatcanbeaccessedbyanycomputeron thenetwork.Foranetworkthathasserversdedicatedprimarilytofile-servingtasks,NAS appliancescanreducecostsandsimplifythedeploymentandongoingmanagement processes.Becausetheapplianceisacompleteturnkeysolution,thereisnoneedto integrateseparatehardwareandoperatingsystemproductsorbeconcernedabout compatibilityissues. NASappliancescanconnecttonetworksindifferentways,anditisherethatthe definitionofthetechnologybecomesconfusing.AnNASserverisadevicethatcan respondtofileaccessrequestsgeneratedbyanyothercomputeronthenetwork,including clientsandservers.Thedevicetypicallyusesastandardfilesystemprotocollikethe NetworkFileSystem(NFS)ortheCommonInternetFileSystem(CIFS)forits applicationlayercommunications.TherearetwodistinctmethodsfordeployinganNAS server,however.YoucanconnecttheappliancedirectlytotheLAN,usingastandard Ethernetconnection,enablingclientsandserversaliketoaccessitsfilesystemdirectly,or youcanbuildadedicatedstoragenetwork,usingEthernetorFibreChannel,enablingyour serverstoaccesstheNASandsharefileswithnetworkclients. Thelattersolutionplacesanadditionalburdenontheservers,butitalsomovestheI/O trafficfromtheLANtoadedicatedstoragenetwork,thusreducingnetworktraffic congestion.Whichoptionyouchooselargelydependsonthetypeofdatatobestoredon theNASserver.IfyouusetheNAStostoreusers’ownworkfiles,forexample,itcanbe advantageoustoconnectthedevicetotheLANandletusersaccesstheirfilesdirectly. However,iftheNASservercontainsdatabasesore-mailstores,aseparateapplication serverisrequiredtoprocessthedataandsupplyittoclients.Inthiscase,youmaybenefit morebycreatingadedicatedstoragenetworkthatenablestheapplicationservertoaccess theNASserverwithoutfloodingtheclientnetworkwithI/Otraffic. StorageAreaNetworks Astorageareanetworkissimplyaseparatenetworkwithanenterprisethatisusedto connectstoragedevicesandthecomputersthatusethem.Inpractice,SANsareusually associatedwithFibreChannelnetworks,butactuallyyoucanuseanytypeofnetworkfor thispurpose,includingSSAorEthernet(usuallyGigabitEthernet).Thereasonsfor buildinganSANhavebeenrepeatedthroughoutthischapter.Servertechnologiessuchas clusteringandremotediskarraysrequirehigh-bandwidthconnections,andusingthesame datanetworkastheclientcomputersforthispurposecouldeasilyresultinmassive amountsoftraffic.Inaddition,thebandwidthrequirementsofastorageI/Onetworkfar exceedthoseofatypicaldatanetwork.ConstructingaseparateSANusingFibreChannel orGigabitEthernetisfarcheaperthanequippingallofthecomputersonyournetwork withultra-high-speednetworkinterfaceadapters. InatypicalenterprisenetworkcontaininganSAN,theservershaveinterfacestoboth thedatanetwork(theLAN)andthestoragenetwork(theSAN).TheLAN,therefore,is completelyordinary,containingclientandservercomputers,andthestoragedevicesare connectedonlytotheSAN.Wheretheserversstoretheirdataisofnoconsequencetothe clients,whichdonotevenhavetoknowoftheSAN’sexistence. AtypicalSANusingFibreChanneltoconnectserverstothestoragedevicescantake manyforms.ThesimplestpossibleSANconsistsofasingleserverconnectedtoadrive arrayusingapoint-to-pointFibreChannelconnection.Theserveraccessesthedatastored onthearray,whichwouldtypicallyuseRAIDtoprovideaddedperformanceandfault tolerance.OneoftheprimarydifferencesbetweenanSANandanNASdeviceisthat SANsprovideblock-levelaccesstodata,whileNASappliancesprovidefile-levelaccess. AmorecomplicatedSANwouldconsistofseveralserversandseveralstoragearrays, allconnectedtothesamenetwork,asshowninFigure8-3.IftheSANusesFibreChannel foritscommunications,thenetwork’stopologycantaketheformofalooporafabric, dependingonwhetherthedevicesareallconnectedtoahuboraswitch.Thisenablesthe serverstocommunicatewitheachotherandwithallofthestoragedevicesontheSAN. ThestoragedevicescanbedrivearraysusingRAID,NASservers,oranyother technologythatmayevolve,aslongasitsupportsFibreChannelorwhatevernetworking protocoltheSANuses. Figure8-3AcomplexSANusingaFibreChannellooporfabricnetwork CHAPTER 9 DesigningaNetwork Planningisanessentialpartofanynetworkdeployment,andthedesignofthenetworkis acrucialelementoftheplanningprocess.Dependingonitssizeandlocation,theprocess ofdesigningyournetworkcanbesimpleorextremelycomplex.Thischapterexamines someoftheconceptsinvolvedindesigningnetworksthatrangefromsmallhome networkstolargeenterpriseinternetworks. Anetworkdesigncanencompassdecisionsmadeatmanylevels.Ataminimum,the designshouldincludewhathardwareyouintendtopurchase,howmuchitcosts,where you’regoingtolocateitatyoursite,andhowyou’regoingtoconnectitall.Forahomeor small-businessnetwork,thiscanbeaseasyastakingafewcomputers,choosinganetwork interfacecard(NIC)foreachone,andbuyingsomecablesandahuband/orawireless router.Youcanmakealloftheotherdecisionsinvolvedinsettingupandconfiguringthe networkasyouproceed.Foralargeenterpriseinternetwork,thedesignprocessis considerablymorecomplicated.Asyou’velearned,aninternetworkisacollectionof LANsthathavebeenconnectedsothateachcomputercancommunicatewithanyother computeronanyoftheLANs.YoucandesigneachLANseparately,usingstandard hardwarealreadymentioned,butthenyoumustconsiderhowyouaregoingtoconnectthe LANsintoaninternetworkandregulatethecommunicationsbetweenthem.Youalsohave toconsideralloftheservicesthatyoumustprovidetoyourusersandhowyouintendto providethem.Thismeansthenetworkdesignmightincludesoftwareproductsand configurations,outsideservicesprovidedbythirdparties,andoperatingprocedures,as wellasahardwarelistandanetworkdiagram. Inadditiontopurelytechnicalissues,designingalargeinternetworkinvolvesa numberofimportantbusinessdecisions.Generally,theearlyphasesoftheinternetwork designprocesstendtoproceedasfollows: 1.Identifythebusinessneedsthatthenetworkisintendedtosatisfy. 2.Createanidealnetworkdesignthatsatisfiesallofthepreviouslydefined needs. 3.Estimatethecostofbuildingthenetworkasdesigned. 4.Determinewhetherthebenefitsofbuildingthenetworkrationalizethe expense. 5.Revisethenetworkdesigntobringtheexpenseinlinewiththebenefits. Thisisahigh-leveloverviewofthenetworkdesignprocessasabusinessdecision, andwhileeconomicissuesmaynotbetheprimaryconcernofthepeopleinvolvedinthe technicalsideoftheprocess,thecostoftheprojectwillcertainlyhaveaprofoundeffect onthedesign.Thischapterismoreinvolvedwiththetechnicalsideofthedesignprocess thanwiththebusinessside,buthavingsomeideaofthebudgetallottedforthenetwork andthecostofimplementingthetechnologiesyouselectcanstreamlinethewholedesign andapprovalprocessconsiderably. ReasoningtheNeed Thefirststepindesigninganetworkisalwaystolistthereasonsforbuildingitinthefirst place.Forahomeorsmall-businessnetwork,thelistisoftenshortandsimple,containing itemssuchasthedesiretoshareoneprinteramongseveralcomputersandtoaccessthe Internetusingasingleconnection.Inmostcases,theeconomicdecisionisequallysimple. Weighthepriceofafewcablesandahuborawirelessrouteragainstthecostofsupplying eachcomputerwithitsownprinterorInternetconnection,andtheconclusionisobvious. Foralargeinternetworkinstallation,thelistofrequirementsisusuallymuchlonger, andthedecision-makingprocessisfarmorecomplex.Someofthequestionsthatyou shouldaskyourselfasyou’refirstconceivingthenetworkareasfollows: •Whatbusinessneedswillthenetworksatisfy? •Whatservicesdoyouexpectthenetworktoprovidenowandinthefuture? •Whatapplicationsmustthenetworkrunnowandinthefuture? •Whatarethedifferenttypesofusersyouexpectthenetworktosupportnow? •Whattypesofusers(andhowmanyofthem)doyouexpectthenetworkto supportinthefuture? •Whatlevelofservicedoyouexpectthenetworktoprovideintermsof speed,availability,andsecurity? •Whatenvironmentalfactorsatthesitecanpossiblyaffectthenetwork? •Whatisthegeographiclayoutofthebusiness?Arethereremoteofficesto connect? •Whatnetworkmaintenanceskillsandresourcesareavailabletothe organization? Byansweringquestionslikethese,youshouldbeabletocomeupwithabasic,highlevelconceptofthetypeofnetworkyouneed.Thisconceptshouldincludeasketchofthe networkindicatingthenumberoflevelsinthehierarchy.Forexample,anetworkata singlesitemightconsistofanumberofLANsconnectedbyabackbone,whileanetwork encompassingmultiplesitesmightconsistofseveralLANs,connectedbyabackboneat eachlocation,allofwhicharethenconnectedbyWANlinks.Thisplanmayalsoinclude decisionsregardingthenetworkmediaandprotocolstouse,aroutingstrategy,andother technicalelements. NOTEDependingontheenvironmentinwhichabackboneexists,itcanhave twomeanings.Thefirstisthephysicalconnectionsuchasfiberor GigabitEthernet,andthesecondisatransmissionmethodsuchasframe relaythroughthecloud. SeekingApproval Thenextstepistostartmakinggenerictechnologyandequipmentselectionsinorderto developanestimateofthecostsofbuildingandmaintainingthenetwork.Forexample, youmightatthispointdecidethatyouaregoingtobuildaninternetworkconsistingoften LANs,connectedbyafiber-opticbackboneandusingaT-1lineforaccesstotheInternet. Withthisinformation,youcanstarttofigureoutthegeneralcostsofpurchasingand installingthenecessaryequipment. Witharoughcostestimateinhand,it’sgenerallytimetodecidewhetherbuildingthe networkasconceivediseconomicallyfeasible.Inmanycases,thisrequiresanevaluation bynontechnicalpeople,soalayperson’ssummaryoftheprojectanditscostisusuallyin order.Atthispoint,someofthefollowingquestionsmaybeconsidered: •Doesthenetworkdesignsatisfyallofthebusinessneedslistedearlier? •Dothebusinessneedsthatthenetworkwillsatisfyjustifythecost expenditures? •Canthecostsofthenetworkbereducedwhilestillprovidingaminimum standardofperformance? •Howwillreducingthequalityofthenetwork(inregardtoelementssuchas speed,reliability,and/orsecurity)affectthebusinessneedsitisabletosatisfy? •Canthenetworkbereconceivedtolowertheinitialcostswhilestill providingsufficientcapabilityforexpansioninthefuture? Thisreviewprocessmayinvolveindividualsatseveralmanagementlayers,eachwith theirownconcerns.Inmanycases,businessandeconomicfactorsforcearedesignofthe networkplanatthispoint,eithertobetteraddressbusinessneedsnotconsideredearlieror toreducecosts.Usually,it’sbetterforthesemodificationstooccurnow,whilethenetwork designplanisstillinitspreliminarystages.Oncetheelementsoftheplanaredevelopedin greaterdetail,itwillbecomemoredifficultandinefficienttodrasticallychangethem. Whentheeconomicandbusinessfactorsofthenetworkdesignhavebeenreconciled withthetechnicalfactors,youcanbegintofleshouttheplanindetail.Thefollowing sectionsexaminesomeofthespecificelementsthatshouldbeincludedinyournetwork designplan. DesigningaHomeorSmall-OfficeNetwork AnetworkforahomeorsmallofficetypicallyconsistsofasingleLANconnecting anywherefrom2to16computers.TheLANmightalsohaveadditionalnetworkdevices attachedtoit,suchasanetworkprinterorarouterprovidingaconnectiontotheInternet oranotheroffice.Forthiskindofnetwork,thedesignprocessconsistsmostlyofselecting productsthataresuitableforyourusers’needsandforthephysicallayoutofthesite. SelectingComputers Virtuallyallthecomputersonthemarkettodaycanbeconnectedtoanetwork,so compatibilityinthisareaisnotusuallyaconcern.However,forthesakeofconvenience, it’seasiertodesign,build,andmaintainasmallnetworkinwhichallofthecomputersuse thesameplatform.IfmostofyourusersareaccustomedtousingWindowsPCs,then makethenetworkallWindowsPCs.IfmostarecomfortablewithMacintosh,Linux,or Unixsystems,thenusethose.It’snotimpossibletoconnectcomputersrunningdifferent platformstothesamenetworkbyanymeans,butifyou’replanningasmallnetworkand youwanttohaveaseasyatimeofitaspossible,sticktooneplatform. Standardizingonasingleplatformmaybedifficultinsomesituations,however.Fora homenetwork,forexample,youmayhavekidswhouseMacsinschoolandadultswho usePCsatwork.Inasmall-businessenvironment,youaremorelikelytobeableto imposeoneplatformonyouremployees,unlesstheyhavespecialrequirementssuchas differenttypesofmachines.Ifyoudofeelcompelledtomixplatforms,youmustbe carefultoselectproductsthatarecompatiblewitheverytypeofcomputeryouplantouse. Generally,itisnottoodifficulttoconfiguredifferenttypesofcomputerstoaccessshared networkresourcessuchasprintersandInternetconnections.However,filesharingcanbe aproblembecausethecomputersmayusedifferentfileformats.Theotherimportant considerationwhenselectingthecomputerstobeconnectedtoanetworkiswhetherthey havetheresourcesneededfornetworking.Forthemostpart,thisjustmeansyoumust determinewhattypeofnetworkinterfaceadapterthecomputeruses.Ifanyofthe machinestobeincludedinthenetworkdonothaveappropriateadapters,youcan purchaseanetworkinterfacecardandeitherinstalltheadapterinafreePCIslotor purchaseaUniversalSerialBus(USB)networkinterfaceadapter. SelectingaNetworkingProtocol TheprotocolyournetworkusesatthedatalinklayeroftheOSIreferencemodelisthe singlemostdefiningelementofthenetworkdesign.Thedatalinklayerprotocol determines,amongotherthings,whatnetworkmediumyouwilluse,whatnetworking hardwareyouwillbuy,howyouwillconnectthecomputers,andhowfastthenetworkcan transferdata.ThemostcommonchoicesindatalinklayerprotocolsareEthernetfor LANsorpoint-to-point(PPP)forlargernetworks. ChoosingaNetworkMedium TheEthernetprotocolsupportsavarietyofnetworkmedia,butwheninstallinganew networktoday,thechoiceforabounded(cabled)networkcomesdowntounshielded twisted-pair(UTP)orfiber-opticcable.Theotheralternativeisawireless(unbounded) medium.UTPcableisperfectlysuitableformosthomeandsmall-businessnetworks.To useUTP,youhavetopurchaseanEthernethub(unlessyouarenetworkingonlytwo computers),andeachofyournetworkdevicesmustbeconnectedtothehubusingacable nomorethan100meterslong.Category5UTPissufficientfornetworksrunningat speedsupto100Mbps.Forspeedsupto1,000Mbps(1Gbps),useeitherCategory5eor Category6UTPcables.Cat5etransmitsat100MHzandCat6transmitsat250MHz. Bothhaveamaximumlengthof100meterswhenbeingusedfor1Gbpsnetworking.The differenceisiftheCat6isusedina10Gbpsnetwork,andthenitgetscutdownto between37and55meters,dependingonthecrosstalkenvironment. Ifyouareinasituationwherethelocationsofyourcomputerscallforlonger segments,however,orthenetworkmustoperateinanenvironmentwithextremeamounts ofelectromagneticinterference(EMI)present,youcanopttousefiber-opticcable.Fiber- opticcableisimmunetoEMIandsupportslongersegments,butitisalsomoreexpensive thanUTPandmoredifficulttoinstall. Forasmallnetwork,theeaseofinstallationisoftenamajorfactorintheselectionofa networkmedium.AnEthernetnetworkusingUTPisthesimplesttypeofcablednetwork toinstall.UTPEthernetNICs,hubs,andprefabricatedcablesareavailableinalmostany computerstore;allyouhavetodoisusethecablestoconnectthecomputerstothehub. (IfyourcomputersdonothaveaNIC,youwillhavetoinstalltheadaptersbeforemaking theconnection.) Thesameisnottrueforfiber-opticcables,whicharegenerallypurchasedas components(bulkcable,connectors,andsoon)fromprofessionalsuppliers.Unlessyou arewillingtospendagooddealofmoney,time,andeffortonlearningaboutfiber-optic cabling,youarenotgoingtoinstallityourself. It’spossibletoinstallUTPcablefromcomponentsalso,andthisisusuallyhow professional,internalinstallationsareperformed.Aninternalcableinstallationisonein whichthecablesareinstalledinsidewallcavitiesanddropceilings.Theonlyelementsof theinstallationthatarevisibletothenetworkuserarethewallplatestowhichtheir computersareattached.Thistypeofinstallationisneaterthananexternalonethatuses prefabricatedcablesthatareusuallyleftexposed,butitrequiresmoreexpertisetoperform correctly,aswellasadditionaltoolsandaccesstointernalwallcavities.Forasmallbusinessnetworkinatraditionallydesignedofficespace,asmall-scaleinternalinstallation isfeasible,buthomeownersarelesslikelytowanttodrillholesintheirwalls,floors,and ceilingsfortheinstallationofcables,despiteagreaterconcernfortheinstallation’s cosmeticappearance. Fornetworkinstallationswherecablesareimpracticalorundesirable,youcanalso electtoinstallawirelessLAN.Therearemanyproductsnowonthemarketatcompetitive prices,andforhomeuserswantingtonetworktheircomputerswithoutleavingcables exposedorperformingamajorcableinstallation,thissolutioncanbeideal. ChoosingaNetworkSpeed AnotherconsiderationwhendesigninganEthernetLANisthespeedatwhichthenetwork willrun.EastEthernetrunsat100Mbps,andGigabitEthernetrunsat1,000Mbps.You canfindmanyEthernetNICsthatsupporteitherspeed.TheNICautodetectsthespeedof thehubtowhichit’sattachedandconfiguresitselfaccordingly. DesigninganInternetwork Thedesignelementsdiscussedthusfarapplytolargeinternetworksaswellastosmall, single-segmentLANs.EventhelargestinternetworkconsistsofindividualLANsthat requirethesamecomponentsasastand-aloneLAN,suchascomputers,NICs,cables, hubs,andswitches.Foralargeinternetworkwithmorevariedrequirements,youcan designeachLANseparately,selectingprotocolsandhardwarethatbestsuitthephysical environmentandtherequirementsoftheusers,oryoucancreateauniformdesignsuitable foralloftheLANs.OnceyougetbeyondtheindividualLANs,however,youfacethe problemofconnectingthemtoformtheinternetwork.Thefollowingsectionsexaminethe technologiesyoucanusetodothis. SegmentsandBackbones ThetraditionalconfigurationforaprivateinternetworkistohaveaseriesofLANs(called networksegmentsorsometimeshorizontalnetworks)connectedusinganother,separate networkcalledabackbone.Abackboneisnothingmorethananetworkthatconnects othernetworks,forminganinternetwork.Theindividualsegmentscanbenetworksthat serviceworkgroups,departments,floorsofabuilding,orevenwholebuildings.Eachof thesegmentsisthenconnectedtoabackbonenetwork,usingarouteroraswitch,as showninFigure9-l.Thisenablesaworkstationonanyofthenetworkstocommunicate withanyotherworkstation.ThetermbackbonecanrefertoaLANthatconnectsother LANs(usuallyinthesamebuildingorcampus)ortoanetworkofwidearealinksthat connectnetworksorinternetworksatremotelocations. Figure9-1AnexampleofmultipleLANs,connectedbyabackbone Oneofthemostcommonconfigurationsforalargeinternetworkthatencompassesan entirebuildingwithmultiplefloorsistohaveaseparateLANconnectingallofthe networkdevicesoneachfloor(whichistheoriginofthetermhorizontalnetwork)anda backbonenetworkrunningverticallybetweenthefloors,connectingalloftheLANs.Of course,theconfigurationyouusemustdependonthebuildinginwhichtheinternetwork isinstalled.Ifyourentireorganizationishousedinanenormousbuildingwithonlytwo floors,youwillprobablyhavetocreateseveralLANsoneachfloorandconnectthem withabackbonethatrunsthroughoutthebuilding. WhentwocomputersonthesameLANcommunicatewitheachother,thetrafficstays onthatlocalnetwork.However,whenthecommunicatingcomputersareondifferent LANs,thetrafficgoesthroughtherouterconnectingthesourcecomputertothebackbone andthentotheLANonwhichthedestinationcomputerislocated.Itisalsocommon practicetoconnectnetworkresourcesrequiredbyalloftheinternetwork’susersdirectly tothebackbone,insteadoftooneofthehorizontalnetworks.Forexample,ifyouhavea singlee-mailserverforyourentireorganization,connectingittooneofthehorizontal networksforcesallofthee-mailclienttrafficfromtheentireinternetworktotraveltothat segment,possiblyoverburdeningit.Connectingtheservertothebackbonenetwork enablesthetrafficfromallofthehorizontalsegmentstoreachitequitably.Becausethe backboneissharedbythehorizontalnetworks,itcarriesalloftheinternetworktraffic generatedbyeachofthecomputersoneveryLAN.Thiscanbeagreatdealoftraffic,and forthisreason,thebackbonetypicallyrunsatahigherspeedthanthehorizontalnetworks. Backbonesmayalsohavetotraversegreaterdistancesthanhorizontalnetworks,soitis commonforthemtousefiber-opticcable,whichcanspanmuchlongerdistancesthan copper. Whentheconceptofthebackbonenetworkoriginated,thetypicaldepartmentalLAN wasrelativelyslow,running10MbpsEthernet.ThefirstbackboneswerethickEthernet trunks,selectedbecausetheRG-8coaxialcablecouldbeinstalledinsegmentsupto500 meterslong.Thesebackbonesranatthesamespeedasthehorizontalnetworks,however. Tosupportalloftheinternetworktraffic,adistributedbackbonerunningatahigherspeed wasneeded.ThisledtotheuseofdatalinklayerprotocolslikeFiberDistributedData Interface(FDDI).FDDIranat100Mbps,whichwasfasterthananythingelseatthetime, anditusedfiber-opticcable,whichcanspanmuchgreaterdistancesthanthickEthernet. OnceFastEthernetproductsarrivedonthemarket,thesituationchangedbyanorder ofmagnitude;100Mbpshorizontalnetworksbecamecommon,andanevenfaster backbonetechnologywasneededtokeepupwiththetrafficloadtheygenerate.Thisledto thedevelopmentofprotocolslikeAsynchronousTransferMode(ATM),runningatspeeds upto655Mbps,andGigabitEthernet,at1,000Mbps. DistributedandCollapsedBackbones TherearetwobasictypesofbackboneLANsingeneraluse:thedistributedbackboneand thecollapsedbackbone.Inadistributedbackbone,thebackbonetakestheformofa separatecablesegmentthatrunsthroughouttheenterpriseandisconnectedtoeachofthe horizontalnetworksusingarouterorswitch.Inacollapsedbackbone,thehuboneachof thehorizontalnetworksisconnectedtoacentrallylocatedmodularrouterorswitch(see Figure9-2).Thisrouterorswitchfunctionsasthebackbonefortheentireinternetworkby passingtrafficbetweenthehorizontalnetworks.Thistypeofbackboneusesnoadditional cablesegmentbecausethecentralrouter/switchhasindividualmodulesforeachnetwork, connectedbyabackplane.Thebackplaneisaninternalcommunicationsbusthattakesthe placeofthebackbonecablesegmentinadistributedbackbonenetwork. Figure9-2AsinglerouterorswitchconnectsalloftheLANsinacollapsedbackbone. Theadvantageofacollapsedbackboneisthatinternetworktraffichastopassthrough onlyonerouteronthewaytoitsdestination,unlikeadistributedbackbone,whichhas separateroutersconnectingeachnetworktothebackbone.Thedisadvantageofa collapsedbackboneisthatthehuboneachnetworkmustconnecttothecentralrouterwith onecablesegment.Dependingonthelayoutofthesiteandthelocationoftherouter,this distancemaybetoolongforcoppercable. Becauseacollapsedbackbonedoesnotuseaseparatecablesegmenttoconnectthe horizontalnetworks,itdoesnotneeditsownprotocol.Today’stechnologyhasmadethe collapsedbackboneapracticalsolution. Whilethismaybeanidealsolutionforanewnetworkbeingconstructedtoday,there arethousandsofexistingnetworksthatstilluse10MbpsEthernetorotherrelativelyslow protocolsontheirhorizontalnetworksandcan’teasilyadapttothecollapsedbackbone concept.Someorallofthehorizontalnetworksmightbeusingoldermedia,suchas Category3UTPoreventhinEthernet,andcan’tsupportthelongcablerunstoacentral router.Thehorizontalnetworksmightevenbeinseparatebuildingsonacampus,inwhich caseacollapsedbackbonewouldrequireeachbuildingtohaveacableruntothelocation oftherouter.Incaseslikethese,adistributedbackboneisnecessary. BackboneFaultTolerance Becauseitprovidesallinternetworkcommunications,thebackbonenetworkisavitally importantpartoftheoveralldesign.Ahorizontalnetworkthatcan’taccessthebackbone isisolated.ComputersonthatLANcancommunicatewitheachotherbutnotwiththe computersonotherLANs,whichcancutthemofffromvitalnetworkservices.Toensure continuousaccesstothebackbone,someinternetworksdesignredundantelementsintothe planforfault-tolerancepurposes.Youcan,forexample,usetworoutersoneachLAN, bothofwhichconnecttothebackbonenetworkhubsothatifonerouterfails,theother providescontinuedaccesstotherestofthenetwork.Somedesignsgosofarastoinclude twoseparatedistributedbackbonenetworks. Thisplanalsocallsfortworoutersoneachhorizontalnetwork,butinthiscase,the routersareconnectedtotwodifferentbackbonenetworks,asshowninFigure9-3.This way,theinternetworkcancontinuetofunctiondespitethefailureofarouter,abackbone hub,oranybackbonecablesegment.Anotherbenefitofthisdesignistheabilityto balancetheinternetworktrafficloadamongthetwobackbones.Byconfiguringhalfofthe computerstouseonebackboneandhalftheother(byvaryingtheirdefaultgateway addresses),yousplittheinternetworktrafficbetweenthetwo.Thiscanmaketheuseof Ethernetonboththehorizontalandbackbonenetworksapracticalproposition,evenona highlytraffickednetwork.WithasinglebackboneconnectingEthernetLANs,youmay findthatyouneedtouseGigabitEthernetoranotherhigh-speedprotocoltosupportthe internetworktraffic. Figure9-3Redundantbackbonescanprovidebothloadbalancingandfaulttolerance. SelectingaBackboneLANProtocol Theprotocolthatyouuseonthebackboneconnectingyourhorizontalnetworksshould dependontheamountoftrafficithastocarryandthedistanceithastospan.Insome organizations,mostofthenetworkcommunicationsarelimitedtotheindividual horizontalLANs.If,forexample,yourcompanyconsistsofseveraldepartmentsthatare largelyautonomous,eachwiththeirownserversonaseparatehorizontalLAN,allofthe intradepartmentaltrafficremainsonthehorizontalnetworkandneverreachesthe backbone.Inacaselikethis,youcanprobablyusethesametechnologyonthebackbone asthehorizontalLANs,suchasEthernetthroughout.If,ontheotherhand,yourcompany consistsofdepartmentsthatallrelyonthesameresourcestodotheirwork,suchasa centraldatabase,itmakessensetoconnectthedatabaseserversdirectlytothebackbone. Whenyoudothis,however,thebackbonemustbeabletosupportthetrafficgeneratedby allofthehorizontalnetworkscombined.IfthehorizontalnetworksarerunningFast Ethernet,thebackboneshouldusuallyuseafastertechnology,suchasGigabitEthernet,in ordertokeepup. ThedistancethatthebackboneLANmustspanandtheenvironmentinwhichit’sused canalsoaffecttheprotocolselection.Ifyoursiteislargeenoughthatthebackbonecable runsarelikelytoexceedthe100-meterlimitforunshieldedtwisted-paircable,youshould considerusingfiber-opticcable.Fiberopticisalsothepreferredsolutionifyouhaveto connecthorizontalLANsthatarelocatedindifferentbuildingsonthesamecampus.Fiber opticismoreexpensivetopurchaseandinstallthanUTP,butitisinteroperablewith coppercableinmostcases.Forexample,youcanpurchaseFastEthernethubsandrouters thatsupportbothcabletypessothatyoucanuseUTPonyourhorizontalnetworksand fiberopticonthebackbone. ConnectingtoRemoteNetworks InadditiontoconnectingLANsatthesamesite,manyinternetworksuseabackboneto connecttoremotenetworks.Insomecases,theorganizationconsistsofmultipleofficesin differentcitiesorcountriesthatmustcommunicatewitheachother.Ifeachofficehasits owninternetwork,connectingtheofficeswithWANlinksformsanotherbackbonethat addsathirdleveltothenetworkhierarchyandcreatesasingle,enterpriseinternetwork. However,evenanorganizationwithoneinternetworkatasinglelocationislikelytoneed aWANconnectiontoanInternetserviceprovidersothatuserscanaccesse-mailandother Internetservices. ThetechnologyyouselectforyourWANconnectionsdependsonfactorssuchasthe amountofbandwidthyournetworkneeds,whenitneedsit,and,asalways,yourbudget. Youcanuseanythingfromdial-on-demandtelephoneconnectionstohigh-speedleased linestoflexiblebandwidthsolutions,suchasframerelay. SelectingaWANTopology AnotherfactorinselectingaWANtechnologyisthetopologyyouwillusetoconnect yourvarioussites.WANtopologiesaremoreflexiblethanthoseonLANs,whichare dictatedbythedatalinkandphysicallayerprotocolsyouelecttouse.YoucanuseWAN linkstobuildaninternetworkinmanydifferentways.Forexample,thefullmesh topology,whenusedonaWAN,consistsofaseparate,dedicatedlink(suchasaleased line)betweeneachtwositesinyourorganization.Ifyouhavefiveofficesindifferent cities,eachofficehasfourseparateWANlinksconnectingittotheotheroffices,foratotal oftenlinks(seeFigure9-4).Ifyouhaveeightoffices,atotalof28separateWANlinks arerequired.Thisarrangementprovidesthegreatestamountoffaulttolerancesincea singlelinkfailureaffectsonlythetwositesinvolved,aswellasthemostefficient network,sinceeachsitecancommunicatedirectlywitheachoftheothersites.However, thissolutioncanalsobeexpensiveaswellaswasteful,unlessyournetworkgenerates sufficientWANtrafficbetweeneachpairofsitestofillalloftheselinksmostofthetime. Figure9-4ThefullmeshWANtopology Afullmeshtopology,consistingofindividuallinksbetweenthesites,assumestheuse ofdedicated,point-to-pointWANconnectionssuchasleasedlines.However,thereare alternativestothistypeoflinkthatcanprovidewhatamountstoafullmeshtopologyat muchlessexpense.Framerelayusesasingleleasedlineateachsitetoconnecttoa serviceprovider’snetwork,calledthecloud.Withallofthesitesconnectedtothesame cloud(usingaccesspointslocaltoeachlocation),eachsitecanestablishavirtualcircuitto everyothersiteasneeded. Attheotherendofthespectrumfromthefullmeshtopologyisthestartopology, whichdesignatesonesiteasthemainoffice(orhub)andconsistsofaseparate,dedicated connectionbetweenthehubandeachoftheotherbranchsites.Thistopologyusesthe fewestnumberofWANlinkstoconnectallofthesites,providingthegreatesteconomy, andenablesthemainofficetocommunicatedirectlywitheachofthebranchsites. However,whentwoofthebranchsiteshavetocommunicate,theymustdosobygoing throughthehub.Whetherthestartopologyissuitableforyournetworkdependson whetherthebranchsitesfrequentlyneedtocommunicatewitheachother. Aringtopologyhaseachsiteconnectedtotwoothersites,asshowninFigure9-5. Thistopologyusesonlyonelinkmorethanastar,butitprovidesagreaterdegreeoffault tolerance.Ifanyonelinkfails,itisstillpossibleforanytwositestocommunicateby sendingtrafficaroundtheringintheotherdirection.Bycontrast,alinkfailureinastar internetworkdisconnectsoneofthesitesfromtheotherscompletely.Thedisadvantageof theringisthedelayintroducedbytheneedfortraffictopassthroughmultiplesitesin ordertoreachitsdestination,inmostcases.Asiteonastarinternetworkisnevermore thantwohopsfromanyothersite,whileringsitesmayhavetopassthroughseveralhops. Figure9-5TheringWANtopology Eachofthesetopologiesrepresentsanextremeexampleofanetworkcommunication technique,butnoneofthemhastobefollowedabsolutelyineverycase.Youcan,for example,createapartialmeshtopologybyeliminatingsomeofthelinksfromthefull meshdesign.Notallofyoursitesmayrequireadedicatedlinktoeveryothersite,soyou caneliminatetheextraneouslinks,thusreducingthecostofthenetwork.Whenasitehas tocommunicatewithanothersitetowhichitdoesnothaveadirectconnection,itcango throughoneofitsconnectedsitesinstead.Inthesameway,youcanbuildmorefault toleranceintoastarnetworkbyhavingtwohubsitesinsteadofoneandconnectingeach oftheothersitestobothhubs.Thisrequirestwiceasmanylinksasastandardstar topologybutstillfewerthanafullmesh. PlanningInternetAccess ConnectinganetworktotheInternetisusuallyfarlesscomplicatedthanconnecting multiplesiteswithWANlinks.Evenifyourinternetworkconsistsofseveralsites,itis morecommontoequipeachonewithitsownInternetconnection,ratherthanconnectone siteandhavetheothersitesaccesstheInternetthroughtheintersiteWAN.TheWAN technologyyouusetoconnecteachsitetotheInternetshouldonceagaindependonthe bandwidthyourequireandyourbudget. LocatingEquipment DesigningtheindividualLANsthatmakeuptheinternetworkissimilartodesigninga single,stand-aloneLAN,exceptyoumustworkthebackboneconnectionsintothedesign. Largeinternetworksaremorelikelytouseinternalbulkcableinstallationsforthenetwork segments,ratherthantheprefabricated,externalcablescommonlyusedforhomeand small-businessnetworks.Inaninternalinstallation,cablesruninsidewallsandceilings andterminateatwallplatesandpatchpanels.Thistypeofinstallationismuchmore complicatedthananexternalonewherethecablesareleftexposed.Therefore,this installationisfrequentlyoutsourcedtoacontractorwhospecializesinon-premiseswiring. Forthesereasons,adetailednetworkplanshowingtherouteofeachcableandthe locationofeachwallplateandpatchpanelisessential.Youdon’twanttohavetocallthe contractorinaftertheinstallationisfinishedtopulladditionalcables. Designingsuchanetworkandcreatingtheplanaretasksthatrequireanintimate knowledgeofthebuildinginwhichthenetworkistobelocated.AswithahomeorsmallbusinessLAN,youmustdecidewhereallofthecomputersandothernetworkdevicesare goingtobelocatedandthenworkouthowyouaregoingtorunthecablesthatconnect themtothehub.Foraninternetworkdesign,youalsohavetodecidewhereyou’regoing toputtherouterthatconnectseachLANtothebackbone(inthecaseofadistributed backbonenetwork)orhowyou’regoingtoconnecteachLANtothemainrouter/switch (inthecaseofacollapsedbackbonenetwork). WiringClosets Intheclassicexampleofamultiflooredofficebuildingwithahorizontalnetworkoneach floorandadistributedbackboneconnectingthemvertically,itiscommonpracticetohave atelecommunicationsroom,oftencalledawiringcloset,oneachfloor.Thisclosetcan serveasthelocationforthepatchpanelwhereallofthecablerunsforthefloorterminate, aswellasthehubthatconnectsallofthedevicesonthefloorintoaLANandtherouter thatconnectstheLANtothebackbonenetwork.It’salsopossibletoinstallworkgroupor evenenterpriseserversintheseclosets.Tofacilitatethebackbonecabling,thebest arrangementisforthewiringclosetsoneachfloortobeontopofeachother,withachase orwiringconduitrunningverticallythroughthemandconnectingalloftheclosetsinthe building. Tosomepeople,thetermwiringclosetmightinvokevisionsofhubsandrouters shovedintoadarklittlespacealongwithmopsandbuckets,butthisshoulddefinitelynot bethecase.Wiringclosetsmayalreadyexist,eveninabuildingnotalreadycabledfora datanetwork,tosupporttelephoneequipmentandotherbuildingservices.Theclosetmay indeedbeasmallspace,butitshouldbewelllitandhaveroomenoughtoworkin,if necessary.Theroomiscalledaclosetbecausethereistypicallynoroom(orneed)for desksandworkstationsinside.Mostoftherouters,servers,andothernetworking equipmentavailabletodaycanbeequippedwithremoteadministrationcapabilities,which minimizestheneedtoactuallyopentheclosettophysicallyaccesstheequipment.Unlike anequipmentstoragecloset,awiringorserverclosetmustalsomaintainanappropriate environmentfortheequipmentinside.Aspacethatisnotheatedinthewinternorair conditionedinthesummercangreatlyshortenthelifeofdelicateelectronics.Wiring closetsmustalsobekeptlocked,ofcourse,toprotectthevaluableequipmentfromtheft and“experimentation”byunauthorizedpersonnel. DataCenters Wiringclosetsareeminentlysuitablefordistributedbackbonenetworksbecausethistype ofnetworkrequiresthatarelativelylargeamountofexpensiveequipmentbescattered throughoutthebuilding.Anotherorganizationaloption,bettersuitedforacollapsed backbonenetwork,istohaveasingledatacentercontainingallofthenetworking equipmentfortheentireenterprise.Inthiscontext,adatacenterisreallyjustalarger, moreelaboratewiringcloset.Typically,adatacenterisasecuredroomorsuitethathas beenoutfittedtosupportlargeamountsofelectronicequipment.Thisusuallyincludes specialairconditioning,extrapowerlines,powerconditioningandbackup,additional fixturessuchasamodularfloorwithawiringspacebeneathit,andextrasecurityto preventunauthorizedaccess. Thecentertypicallycontainsthenetwork’senterpriseserversandtheroutersthatjoin theLANstogetherandprovideInternetandWANaccess.Ifthebuildinghousingthe networkisnottoolarge,youcanplaceallofthehubsfortheindividualLANsinthedata centeraswell.Thismeansthateverywallplateinthebuildingtowhichacomputeris connectedhasacableconnectingittoahubinthedatacenter.Thisarrangementis feasibleonlyifthelengthofthecablerunsarelessthan100meters,assumingthatthe horizontalnetworksareusingUTPcable.Ifthedistancebetweenanyofyourwallplate locationsandthedatacenterexceeds100meters,youmusteitherusefiber-opticcable (whichsupportslongersegments)orplacethehubsatthelocationofeachLAN.Ifyou choosetodothelatter,youonlyhavetofindarelativelysecureplaceforeachhub. Whenthehubsaredistributedaroundthebuilding,youneedonlyonecablerunfrom eachhubtothedatacenter.Ifyouusecentralizedhubs,eachofyourcablerunsextendsall thewayfromthecomputertothedatacenter.Notonlycanthisusemuchmorecable,but thesheerbulkofthecablesmightexceedthesizeofthewiringspacesavailableinthe building.However,theadvantageofhavingcentralizedhubsisthatnetworksupport personnelcaneasilyservicethemandmonitortheirstatus,andconnectingthemtothehub orswitchthatjoinstheLANsintoaninternetworkissimplyamatterofrunningacable acrosstheroom. Typically,theequipmentinadatacenterismountedinracks,whichcanextendfrom floortoceiling.Virtuallyallmanufacturersofservers,hubs,routers,andothernetwork devicesintendedforlargeenterprisenetworkstohaveproductsdesignedtoboltintothese standard-sizedracks,whichmakesiteasiertoorganizeandaccesstheequipmentinthe datacenter. FinalizingtheDesign Asyoufleshoutthenetworkdesignindetail,youcanbegintoselectspecificvendors, products,andcontractors.Thisprocesscanincludeshoppingforthebesthardwareprices incatalogsandonwebsites,evaluatingsoftwareproducts,interviewingandobtaining estimatesfromcableinstallationcontractors,andinvestigatingserviceprovidersforWAN technologies.Thisisthemostcriticalpartofthedesignprocess,forseveralreasons.First, thisisthepointatwhichyou’llbeabletodeterminetheactualcostofbuildingthe network,notjustanestimate.Second,itisatthisphasethatyoumustmakesureallthe componentsyouselectareactuallycapableofperformingasyourpreliminaryplan expectsthemto.If,forexample,youdiscoverthattheroutermodelwithallofthefeatures youneedisnolongeravailable,youmayhavetomodifytheplantouseadifferenttypeof routerortoimplementthefeatureyouneedinanotherway.Third,theconcrete informationyoudevelopatthisstageenablesyoutocreateadeploymentschedule.A networkdesignplancanneverhavetoomuchdetail.Documentingyournetworkas completelyaspossible,bothbefore,during,andafterconstruction,canonlyhelpyouto maintainandrepairitlater.Theplanningprocessforalargenetworkcanbelongand complicated,butitisrareforanyofthetimespenttobewasted. PART III NetworkProtocols CHAPTER10 EthernetBasics CHAPTER11 100BaseEthernetandGigabitEthernet CHAPTER12 NetworkingProtocols CHAPTER 10 EthernetBasics Ethernetisthedatalinklayerprotocolusedbythevastmajorityofthelocalareanetworks operatingtoday.Sincethe1990s,theEthernetstandardshavebeenrevisedandupdatedto supportmanydifferenttypesofnetworkmediaandtoprovidedramaticspeedincreases overtheoriginalprotocol.BecausealloftheEthernetvariantsoperateusingthesame basicprinciplesandbecausethehigh-speedEthernettechnologiesweredesignedwith backwardcompatibilityinmind,upgradingastandardnetworkisusuallyrelativelyeasy. Thisisinmarkedcontrasttootherhigh-speedtechnologiessuchasFiberDistributedData Interface(FDDI)andAsynchronousTransferMode(ATM),forwhichupgradescan requireextensiveinfrastructuremodifications,suchasnewcabling,aswellastrainingand acclimationforthepersonnelsupportingthenewtechnology. ThischapterexaminesthefundamentalEthernetmechanismsandhowtheyprovidea unifiedinterfacebetweenthephysicallayeroftheOpenSystemsInterconnection(OSI) referencemodelandmultipleprotocolsoperatingatthenetworklayer.Thenyou’lllearn hownewertechnologiessuchasFastEthernetandGigabitEthernetimproveontheolder standardsandprovidesufficientbandwidthfortheneedsofvirtuallyanynetwork application.Finally,therewillbeadiscussionofupgradestrategiesandreal-world troubleshootingtechniquestohelpyouimprovetheperformanceofyourownnetwork. EthernetDefined TheEthernetprotocolprovidesaunifiedinterfacetothenetworkmediumthatenablesan operatingsystemtotransmitandreceivemultiplenetworklayerprotocolssimultaneously. LikemostofthedatalinklayerprotocolsusedonLANs,Ethernetis,intechnicalterms, connectionlessandunreliable.Ethernetmakesitsbestefforttotransmitdatatothe appointeddestination,butnomechanismexiststoguaranteeasuccessfuldelivery.Instead, servicessuchasguaranteeddeliveryareleftuptotheprotocolsoperatingatthehigher layersoftheOSImodel,dependingonwhetherthedatawarrantsit. NOTEInthiscontext,thetermunreliablemeansonlythattheprotocollacksa meansofacknowledgingthatpacketshavebeensuccessfullyreceived. AsdefinedbytheEthernetstandards,theprotocolconsistsofthreeessential components: •Aseriesofphysicallayerguidelinesthatspecifythecabletypes,wiring restrictions,andsignalingmethodsforEthernetnetworks •Aframeformatthatdefinestheorderandfunctionsofthebitstransmittedin anEthernetpacket •Amediaaccesscontrol(MAC)mechanismcalledCarrierSenseMultiple AccesswithCollisionDetection(CSMA/CD)thatenablesallofthecomputerson theLANequalaccesstothenetworkmedium. Fromaproductperspective,theEthernetprotocolconsistsofthenetworkinterface adaptersinstalledinthenetwork’scomputersusuallyintheformofnetworkinterface cards(NICs),thenetworkadapterdriverstheoperatingsystemusestocommunicatewith thenetworkadapters,andthehubsandcablesyouusetoconnectthecomputers.When youpurchasenetworkadaptersandhubs,youmustbesuretheyallsupportthesame Ethernetstandardsforthemtobeabletoworktogetheroptimally. EthernetStandards WhenEthernetwasfirstdesignedinthe1970s,itcarrieddataoverabasebandconnection usingcoaxialcablerunningat10MbpsandasignalingsystemcalledManchester encoding.ThiseventuallycametobeknownasthickEthernetbecausethecableitselfwas approximately1centimeterwide,aboutthethicknessofagardenhose(indeed,itscolor andrigidityledtoitsbeingreferredtoasthe“frozenyellowgardenhose”bywhimsical networkadministrators).ThefirstEthernetstandard,whichwastitled“TheEthernet,a LocalAreaNetwork:DataLinkLayerandPhysicalLayerSpecifications,”waspublished in1980byaconsortiumofcompaniesthatincludedDEC,Intel,andXerox,givingriseto theacronymDIX,thus,thedocumentbecameknownastheDIXEthernetstandard. EthernetII TheDIX2.0standard,commonlyknownasDIXEthernetII,waspublishedin1982and expandedthephysicallayeroptionstoincludeathinnertypeofcoaxialcable,whichcame tobecalledthinEthernet,ThinNet,orcheapernetbecauseitwaslessexpensivethanthe originalthickcoaxialcable. IEEE802.3 Duringthistime,adesirearosetobuildaninternationalstandardaroundtheEthernet protocol.In1980,aworkinggroupwasformedbyastandards-makingbodycalledthe InstituteofElectricalandElectronicsEngineers(IEEE),underthesupervisionoftheir LocalandMetropolitanAreaNetworks(LAN/MAN)StandardsCommittee,forthe purposeofdevelopingan“Ethernet-like”standard.Thiscommitteeisknownbythe number802,andtheworkinggroupwasgiventhedesignationIEEE802.3.Theresulting standard,publishedin1985,wascalledthe“IEEE802.3CarrierSenseMultipleAccess withCollisionDetection(CSMA/CD)AccessMethodandPhysicalLayerSpecifications.” ThetermEthernetwas(andstillis)scrupulouslyavoidedbytheIEEE802.3group becausetheywantedtoavoidcreatinganyimpressionthatthestandardwasbasedona commercialproductthathadbeenregisteredasatrademarkbyXerox.However,witha fewminordifferences,thisdocumentessentiallydefinesanEthernetnetworkunder anothername,andtothisday,theproductsconformingtotheIEEE802.3standardare calledbythenameEthernet. NOTETheIEEEStandardsareavailablefordownloadingat http://standards.ieee.org/about/get/802/802.3.html. DIXEthernetandIEEE802.3Differences WhiletheDIXEthernetIIstandardtreatedthedatalinklayerasasingleentity,theIEEE standardsdividethelayerintotwosublayers,calledlogicallinkcontrol(LLC)andmedia accesscontrol(MAC).TheLLCsublayerisolatesthefunctionsthatoccurbeneathitfrom thoseaboveitandisdefinedbyaseparatestandard:IEEE802.2.TheIEEEcommittee usesthesameabstractionlayerwiththenetworktypesdefinedbyother802standards, suchasthe802.5TokenRingnetwork.TheuseoftheLLCsublayerwiththe802.3 protocolalsoledtoasmallbutimportantchangeintheprotocol’sframeformat,as describedinthe“TheEthernetFrame”sectionlaterinthischapter.TheMACsublayer definesthemechanismbywhichEthernetsystemsarbitrateaccesstothenetworkmedium, asdiscussedintheforthcomingsection“CSMA/CD.” By1990,theIEEE802.3standardhadbeendevelopedfurtherandnowincludedother physicallayeroptionsthatmadecoaxialcableallbutobsolete,suchasthetwisted-pair cablecommonlyusedintelephoneinstallationsandfiber-opticcable.Becauseitiseasyto workwith,inexpensive,andreliable,twisted-pair(or10Base-T)Ethernetquicklybecame themostpopularmediumforthisprotocol.MostoftheEthernetnetworksinstalledtoday usetwisted-paircable,whichcontinuestobesupportedbythenew,higher-speed standards.Fiber-optictechnologyenablesnetworkconnectionstospanmuchlonger distancesthancopperandisimmunefromelectromagneticinterference. Table10-1liststheprimarydifferencesbetweentheIEEE802.3standardandtheDIX EthernetIIstandard. Table10-1DifferencesBetweentheIEEE802.3StandardsandtheOldDIXEthernetIIStandards IEEEShorthandIdentifiers TheIEEEisalsoresponsiblefortheshorthandidentifiersthatareoftenusedwhen referringtospecificphysicallayerEthernetimplementations,suchas100Base-TforaFast Ethernetnetwork.Inthisidentifier,the100referstothespeedofthenetwork,whichis 100Mbps.AlloftheEthernetidentifiersbeginwith10,100,or1000. TheBasereferstothefactthatthenetworkusesbasebandtransmissions.Asexplained inChapter1,abasebandnetworkisoneinwhichthenetworkmediumcarriesonlyone signalatatime,asopposedtoabroadbandnetwork,whichcancarrymanysignals simultaneously.AlloftheEthernetvariantsarebaseband,exceptforonebroadband version,whichisrarely,ifever,used. TheTin100Base-Tspecifiesthetypeofmediumthenetworkuses.Forexample,the Tin100Base-Tstandsfortwisted-paircable.Table10-2explainssomeoftheEthernet identifiers.Foracompletelist,gotohttp://standards.ieee.org/about/get/802/802.3.html andenterthespecificstandard. Table10-2IEEEShorthandIdentifiersforEthernetNetworks NOTEBeginningwiththe10Base-Tspecification,theIEEEbeganincluding ahyphenaftertheBasedesignatortopreventpeoplefrompronouncing 10Base-Tas“tenbassett.” CSMA/CD Today,manyoftheissueswithcollisionsonanEthernetnetworkhavebeeneliminated withshared,full-duplex,point-to-pointchannelsbetweenthenodeoriginating transmissionandthereceiver.However,sinceCSMA/CDissupportedforbackward compatibility,IEEE802.3stilldefinesthespecification. LikeanyMACmethod,CSMA/CDenabledthecomputersonthenetworktosharea singlebasebandmediumwithoutdataloss.TherearenoprioritiesonanEthernetnetwork asfarasmediaaccessisconcerned;theprotocolwasdesignedsothateverynodehas equalaccessrightstothenetworkmedium.Figure10-1illustratestheprocessbywhich CSMA/CDarbitratesaccesstothenetworkmediumonanEthernetnetwork.While obsoleteintoday’sEthernetnetworks,itissupportedforcompatibilitywithearlier networks,soyouneedtounderstandtheprocess. Figure10-1IfNodeBbeginstotransmitdatabeforethetransmissionfromNodeAreachesit,acollisionwilloccur. WhenanodeonanEthernetnetworkwantstotransmitdata,itfirstmonitorsthe networkmediumtoseewhetheritiscurrentlyinuse.Thisisthecarriersensephaseofthe process.Ifthenodedetectstrafficonthenetwork,itpausesforashortintervalandthen listenstothenetworkagain.Oncethenetworkisclear,anyofthenodesonthenetwork mayuseittotransmittheirdata.Thisisthemultipleaccessphase.Thismechanismin itselfarbitratesaccesstothemedium,butitisnotwithoutfault. Itisentirelypossiblefortwo(ormore)systemstodetectaclearnetworkandthen transmittheirdataatnearlythesamemoment.Thisresultsinwhatthe802.3standardcalls asignalqualityerror(SQE)or,astheconditionismorecommonlyknown,apacket collision.Collisionsoccurwhenonesystembeginstransmittingitsdataandanother systemperformsitscarriersenseduringthebriefintervalbeforethefirstbitinthe transmittedpacketreachesit.Thisintervalisknownasthecontentiontime(orslottime) becauseeachofthesystemsinvolvedbelievesithasbeguntotransmitfirst.Everynodeon thenetworkis,therefore,alwaysinoneofthreepossiblestates:transmission,contention, oridle. Whenpacketsfromtwodifferentnodescollide,anabnormalconditioniscreatedon thecablethattravelsontowardbothsystems.Onacoaxialnetwork,thevoltagelevel spikestothepointatwhichitisthesameorgreaterthanthecombinedlevelsofthetwo transmitters(+/−0.85V).Onatwisted-pairorfiber-opticnetwork,theanomalytakesthe formofsignalactivityonboththetransmitandreceivecircuitsatthesametime. Wheneachtransmittingsystemdetectstheabnormality,itrecognizesthatacollision hastakenplace,immediatelystopssendingdata,andbeginstakingactiontocorrectthe problem.Thisisthecollisiondetectionphaseoftheprocess.Becausethepacketsthat collidedareconsideredtobecorrupted,boththesystemsinvolvedtransmitajampattern thatfillstheentirenetworkcablewithvoltage,informingtheothersystemsonthenetwork ofthecollisionandpreventingthemfrominitiatingtheirowntransmissions. Thejampatternisasequenceof32bitsthatcanhaveanyvalue,aslongasitdoesnot equalthevalueofthecyclicredundancycheck(CRC)calculationinthedamagedpacket’s framechecksequence(FCS)field.AsystemreceivinganEthernetpacketusestheFCS fieldtodeterminewhetherthedatainthepackethasbeenreceivedwithouterror.Aslong asthejampatterndiffersfromthecorrectCRCvalue,allreceivingnodeswilldiscardthe packet.Inmostcases,networkadapterssimplytransmit32bitswiththevalue1.Theodds ofthisalsobeingthevalueoftheCRCforthepacketare1in232(inotherwords,not likely). Aftertransmittingthejampattern,thenodesinvolvedinthecollisionbothreschedule theirtransmissionsusingarandomizeddelayintervaltheycalculatewithanalgorithmthat usestheirMACaddressesasauniquefactor.Thisprocessiscalledbackingoff.Because bothnodesperformtheirownindependentbackoffcalculations,thechancesofthemboth retransmittingatthesametimearesubstantiallydiminished.Thisisapossibility,however, andifanothercollisionoccursbetweenthesametwonodes,theybothincreasethe possiblelengthoftheirdelayintervalsandbackoffagain.Asthenumberofpossible valuesforthebackoffintervalincreases,theprobabilityofthesystemsagainselectingthe sameintervaldiminishes.TheEthernetspecificationscallthisprocesstruncatedbinary exponentialbackoff(ortruncatedBEB).AnEthernetsystemwillattempttotransmita packetasmanyas16times(reportedasan“excessivecollisionerror”),andifacollision resultseachtime,thepacketisdiscarded. Collisions EverysystemonanEthernetnetworkusestheCSMA/CDMACmechanismforevery packetittransmits,sotheentireprocessobviouslyoccursquickly.Mostofthecollisions thatoccuronatypicalEthernetnetworkareresolvedinmicroseconds(millionthsofa second).ThemostimportantthingtounderstandwhenitcomestoEthernetmedia arbitrationisthatpacketcollisionsarenaturalandexpectedoccurrencesonthistypeof network,andtheydonotnecessarilysignifyaproblem.Ifyouuseaprotocolanalyzeror othernetworkmonitoringtooltoanalyzethetrafficonanEthernetnetwork,youwillsee thatacertainnumberofcollisionsalwaysoccur. NOTEThetypeofpacketcollisiondescribedhereisnormalandexpected,but thereisadifferenttype,calledalatecollision,thatsignifiesaserious networkproblem.Thedifferencebetweenthetwotypesofcollisionsis thatnormalcollisionsaredetectableandlatecollisionsarenot.Seethe nextsection,“LateCollisions,”formoreinformation. Normalpacketcollisionsbecomeaproblemonlywhentherearetoomanyofthem andsignificantnetworkdelaysbegintoaccumulate.Thecombinationofthebackoff intervalsandtheretransmissionofthepacketsthemselves(sometimesmorethanonce) incursdelaysthataremultipliedbythenumberofpacketstransmittedbyeachcomputer andbythenumberofcomputersonthenetwork. ThefundamentalfaultoftheCSMA/CDmechanismwasthatthemoretrafficthere wasonthenetwork,themorecollisionstherewerelikelytobe.Theutilizationofa networkisbasedonthenumberofsystemsconnectedtoitandtheamountofdatathey sendandreceiveoverthenetwork.Whenexpressedasapercentage,thenetwork utilizationrepresentstheproportionofthetimethenetworkisactuallyinuse—thatis,the amountoftimethatdataisactuallyintransit.OnanaverageEthernetnetwork,the utilizationwaslikelytobesomewhereinthe30to40percentrange.Whentheutilization increasestoapproximately80percent,thenumberofcollisionsincreasestothepointat whichtheperformanceofthenetworknoticeablydegrades.Inthemostextremecase, knownasacollapse,thenetworkissoheavilytrafficked,itisalmostperpetuallyinastate ofcontention,waitingforcollisionstoberesolved.Thisconditioncanconceivablybe causedbythecoincidentaloccurrenceofrepeatedcollisions,butitismorelikelytoresult fromamalfunctioningnetworkinterfacethatiscontinuouslytransmittingbadframes withoutpausingforcarriersenseorcollisiondetection.Anadapterinthisstateissaidto bejabbering. NOTEDatalinklayerprotocolsthatuseatoken-passingmediaaccesscontrol mechanism,suchasTokenRingandFDDI,arenotsubjectto performancedegradationcausedbyhigh-networktrafficlevels.Thisis becausetheseprotocolsuseamechanismthatmakesitimpossiblefor morethanonesystemonthenetworktotransmitatanyonetime.On networkslikethese,collisionsarenotnormaloccurrencesandsignifya seriousproblem.Formoreinformationontokenpassing,seeChapter12. LateCollisions ThephysicallayerspecificationsfortheEthernetprotocolaredesignedsothatthefirst64 bytesofeverypackettransmissioncompletelyfilltheentireaggregatelengthofcablein thecollisiondomain.Thus,bythetimeanodehastransmittedthefirst64bytesofa packet,everyothernodeonthenetworkhasreceivedatleastthefirstbitofthatpacket.At thispoint,theothernodeswillnottransmittheirowndatabecausetheircarriersense mechanismhasdetectedtrafficonthenetwork. Itisessentialforthefirstbitofeachtransmittedpackettoarriveateverynodeonthe networkbeforethelastbitleavesthesender.Thisisbecausethetransmittingsystemcan detectacollisiononlywhileitisstilltransmittingdata.(Remember,onatwisted-pairor fiber-opticnetwork,itisthepresenceofsignalsonthetransmitandreceivewiresatthe sametimethatindicatesacollision.)Oncethelastbithasleftthesendingnode,thesender considersthetransmissiontohavecompletedsuccessfullyanderasesthepacketfromthe networkadapter’smemorybuffer.Itisbecauseofthiscollisiondetectionmechanismthat everypackettransmittedonanEthernetnetworkmustbeatleast64bytesinlength,even ifthesendingsystemhastopaditwithuseless(0)bitstoreachthatlength. Ifacollisionshouldoccurafterthelastbithasleftthesendingnode,itiscalledalate collision,orsometimesanout-of-windowcollision.(Todistinguishbetweenthetwotypes ofcollisions,thenormallyoccurringtypewassometimescalledanearlycollision.) Becausethesendingsystemhasnowayofdetectingalatecollision,itconsidersthe packettohavebeentransmittedsuccessfully,eventhoughthedatahasactuallybeen destroyed.Anydatalostasaresultofalatetransmissioncannotberetransmittedbyadata linklayerprocess.ItisuptotheprotocolsoperatingathigherlayersoftheOSImodelto detectthedatalossandtousetheirownmechanismstoforcearetransmission.This processcantakeupto100timeslongerthananEthernetretransmission,whichisone reasonwhythistypeofcollisionisaproblem. Latecollisionsresultfromseveraldifferentcauses.Ifanetworkinterfaceadapter shouldmalfunctionandtransmitapacketlessthan64byteslong(calledarunt),thelast bitcouldleavethesenderbeforethepackethasfullypropagatedaroundtheInternet.In othercases,theadapter’scarriersensemechanismmightfail,causingittotransmitatthe wrongtime.Inbothinstances,youshouldreplacethemalfunctioningadapter.Another possiblecauseoflatecollisionsisanetworkthatdoesnotfallwithintheEthernetcabling guidelines. PhysicalLayerGuidelines TheEthernetspecificationsdefinenotonlythetypesofcableyoucanusewiththe protocol,butalsotheinstallationguidelinesforthecable,suchasthemaximumlengthof cablesegmentsandthenumberofhubsorrepeaterspermitted.Asexplainedearlier,the configurationofthephysicallayermediumisacrucialelementoftheCSMA/CDmedia accesscontrolmechanism.Iftheoveralldistancebetweentwosystemsonthenetworkis toolongortherearetoomanyrepeaters,diminishedperformancecanresult,whichis quitedifficulttodiagnoseandtroubleshoot. Tables10-3and10-4displaythecablingguidelines,whichvaryforeachofthemedia tocompensatefortheperformancecharacteristicsofthedifferentcabletypes. Table10-3PhysicalLayerOptionsfor10MbpsEthernet Table10-4PhysicalLayerOptionsforToday’sEthernetTypes 10Base-5(ThickEthernet) ThickEthernet,orThickNet,usedRG-8coaxialcableinabustopologytoconnectupto 100nodestoasinglesegmentnomorethan500meterslong.Becauseitcanspanlong distancesandiswellshielded,thickEthernetwascommonlyusedforbackbonenetworks intheearlydaysofEthernet.However,RG-8cable,likeallofthecoaxialcablesusedin Ethernetnetworks,cannotsupporttransmissionratesfasterthan10Mbps,whichlimitsits utilityasabackbonemedium.Assoonasafasteralternativewasavailable(suchas FDDI),mostnetworkadministratorsabandonedthickEthernet.However,althoughitis hardlyeverusedanymore,thecomponentsofathickEthernetnetworkareagood illustrationofthevariouscomponentsinvolvedinthephysicallayerofanEthernet network. ThecoaxialcablesegmentonathickEthernetnetworkshould,wheneverpossible,be asingleunbrokenlengthofcable,oratleastbepiecedtogetherfromthesamespoolor cablelotusingNconnectorsoneachcableendandanNbarrelconnectorbetweenthem. Thereshouldbeasfewbreaksaspossibleinthecable,andifyoumustusecablefrom differentlots,theindividualpiecesshouldbe23.4,70.2,or117meterslongtominimize thesignalreflectionsthatmayoccur.Bothendsofthebusmustbeterminatedwitha50ohmresistorbuiltintoanNterminator,andthecableshouldbegroundedatone(andonly one)endusingagroundingconnectorattachedtotheNterminator. NOTEFormoreinformationonRG-8andallofthecablesusedtobuild Ethernetnetworks,seeChapter4. UnlikealloftheotherEthernetphysicallayeroptions,thethickEthernetcabledidnot rundirectlytothenetworkinterfacecardinthePC.Thisisbecausethecoaxialcableitself waslarge,heavy,andcomparativelyinflexible.Instead,theNICisconnectedtotheRG-8 trunkcablewithanothercable,calledtheattachmentunitinterface(AUI)cable.TheAUI cablehas15-pinD-shellconnectorsatbothends,oneofwhichplugsdirectlyintotheNIC, andtheotherintoamediumattachmentunit(MAU),alsoknownasatransceiver.The MAUconnectstothecoaxialcableusingadevicecalledthemediumdependentinterface (MDI),whichclampstothecableandmakesanelectricalconnectionthroughholescut intotheinsulatingsheath.Becauseofthefanglikeappearanceoftheconnector,thisdevice iscommonlyreferredtoasavampiretap. NOTEDonotconfusetheMAUsusedonthickEthernetnetworkswiththe multistationaccessunits(MAUs)usedashubsonTokenRingnetworks. Themaximumof100nodesonathickEthernetcablesegment(and30 nodesonaThinNetsegment)isbasedonthenumberofMAUspresent onthenetwork.BecauserepeatersincludetheirownMAUs,theycount towardthemaximum. NOTEIffornootherreason,theDIXEthernetstandardshouldbefondly rememberedforusingmoresensiblenamesformanyofEthernet’s technicalconcepts,suchascollisionratherthansignalqualityerror.The DIXEthernetnameforthemediumattachmentunitisthetransceiver (becauseitbothtransmitsandreceives),anditsnamefortheattachment unitinterfacecableistransceivercable. EachstandardAUIcableonathickEthernetnetworkcouldbeupto50meterslong, whichprovidedforanaddeddegreeofflexibilityintheinstallation.StandardAUIcables werethesamethicknessasthethickEthernetcoaxialandsimilarlyhardtoworkwith. Therewerealsothinnerandmoreflexible“office-grade”AUIcables,butthesewere limitedtoamaximumlengthof12.5meters. The500-metermaximumlengthforthethickEthernetcablemadeitpossibleto connectsystemsatcomparativelylongdistancesandprovidedexcellentprotectionagainst interferenceandattenuation.Unfortunately,thecablewasdifficulttoworkwithandeven hardertohide.Today,sitesthatrequirelongcablesegmentsorbetterinsulationareaptto usefiberoptic. 10Base-2(ThinEthernet) ThinEthernet,orThinNet,wassimilarinfunctionalitytoThickEthernet,exceptthatthe cablewasRG-58coaxial,about5millimetersindiameter,andmuchmoreflexible.For thinEthernet(andallotherEthernetphysicallayeroptionsexceptthickEthernet),the MAU(transceiver)wasintegratedintothenetworkinterfacecardandnoAUIcablewas needed. ThinEthernetusedBayonetNeill-Concelman(BNC)connectorsandafittingcalleda T-connectorthatattachestothenetworkcardinthePC.Thisconnectorissometimes erroneouslycalledaBritishNavalConnectororBayonetNutConnector.Youcreatedthe networkbusbyrunningacabletooneendoftheT-connector’scrossbarandthenusing anothercableontheotherendofthecrossbartoconnecttothenextsystem,asshownin Figure10-2.LikethickEthernet,athinEthernetnetworkmustbeterminatedand grounded.Thetwosystemsattheendsofthebusmusthaveaterminatorcontaininga50ohmresistorononeendoftheirTstoterminatethebus,andoneend(only)shouldbe connectedtoaground. Figure10-2ThinEthernetnetworksusedT-connectorstoformasinglecablesegmentconnectingupto30computersin abustopology. NOTETheT-connectorsonanEthernetnetworkhadtobedirectlyconnected tothenetworkinterfacecardsinthecomputers.Usingalengthofcableto jointheT-connectortothecomputerwasnotpermitted. Becausethecablewasthinner,thinEthernetwasmorepronetointerferenceand attenuationandwaslimitedtoasegmentlengthof185metersandamaximumof30 nodes.Eachpieceofcableformingthesegmenthadtobeatleast0.5meterslong. ConnectorfaultswereacommonoccurrenceonthinEthernetnetworksbecause prefabricatedcableswererelativelyrare(comparedtotwistedpair),andtheBNC connectorswereusuallycrimpedontotheRG-58cablesbynetworkadministrators,which canbeatrickyprocess.Also,somecheapconnectorswerepronetoaconditioninwhich anoxidelayerbuildsupbetweentheconductorsresultinginaseriousdegradationinthe networkconnectivity.Theseconnectorswerenotoriouslysensitivetoimpropertreatment. Anaccidentaltugorapersontrippingoveroneofthetwocablesconnectedtoeach machineeasilyweakenedtheconnectionandcausedintermittenttransmissionproblems thataredifficulttoisolateanddiagnose. 10Base-Tor100Base-T(Twisted-PairEthernet) MostoftheEthernetnetworkstodayuseunshieldedtwisted-pair(UTP)cable,originally knownintheEthernetworldas10Base-T,whichsolvedseveraloftheproblemsthat plaguecoaxialcables.Today,thedifferencesareinthespeedoftransmission. Amongotherthings,UTPEthernetnetworksare •EasilyhiddenUTPcablescanbeinstalledinsidewalls,floors,andceilings withstandardwallplatesprovidingaccesstothenetwork.Onlyasingle,thin cablehastoruntothecomputer.PullingtoohardonaUTPcableinstalledinthis mannerdamagesonlyaneasilyreplaceablepatchcableconnectingthecomputer tothewallplate. •FaulttolerantUTPnetworksuseastartopologyinwhicheachcomputer hasitsowndedicatedcablerunningtothehub.Abreakinacableoraloose connectionaffectsonlythesinglemachinetowhichitisconnected. •UpgradeableUTPcableinstallationrunning10MbpsEthernetor100Mbps Ethernetcanbeupgradedatalatertime. Unshieldedtwisted-paircableconsistsoffourpairsofwiresinasinglesheath,with eachpairtwistedtogetheratregularintervalstoprotectagainstcrosstalkand8-pinRJ-45 connectorsatbothends.Sincethisisn’tabusnetwork,noterminationorgroundingis necessary.Both10Base-Tand100Base-TEthernetuseonlytwoofthefourwirepairsin thecable,however:onepairfortransmittingdatasignals(TD)andoneforreceivingthem (RD),withonewireineachpairhavingapositivepolarityandoneanegative. Unlikecoaxialnetworks,10Base-Tcallsfortheuseofahub.Thisisadevicethat functionsbothasawiringnexusandasasignalrepeater,towhicheachofthenodeson thenetworkhasanindividualconnection(seeFigure10-3).Themaximumlengthforeach cablesegmentis100meters,butbecausethereisnearlyalwaysaninterveninghubthat repeatsthesignals,thetotaldistancebetweentwonodescanbeasmuchas200meters. Figure10-310Base-Tnetworksusedahubtoconnectallthenetworknodesinastartopology. UTPcablesaretypicallywiredstraightthrough,meaningthewireforeachpinis connectedtothecorrespondingpinattheotherendofthecable.Fortwonodesto communicate,however,theTDsignalsgeneratedbyeachmachinemustbedeliveredto theRDconnectionsintheothermachine.Inmostcases,thisisaccomplishedbya crossovercircuitwithinthehub.Youcanconnecttwocomputersdirectlytogetherwithout ahubbyusingacrossovercable,though,whichconnectstheTDsignalsateachendto theRDsignalsattheotherend. NOTEFormoreinformationonnetworkcablesandtheirinstallation,see Chapter4.Formoreinformationonhubsandrepeaters,seeChapter6. Fiber-OpticEthernet Fiber-opticcableisaradicaldeparturefromthecopper-based,physicallayeroptions discussedsofar.Becauseitusespulsesoflightinsteadofelectriccurrent,fiberopticis immunetoelectromagneticinterferenceandismuchmoreresistanttoattenuationthan copper.Asaresult,fiber-opticcablecanspanmuchlongerdistances,andbecauseofthe electricisolationitprovides,itissuitablefornetworklinksbetweenbuildings.Fiber-optic cableisanexcellentmediumfordatacommunications,butinstallingandmaintainingitis somewhatmoreexpensivethancopper,anditrequirescompletelydifferenttoolsand skills. Themediumitselfonafiber-opticEthernetnetworkistwostrandsof62.5/125 multimodefibercable,withonestrandusedtotransmitsignalsandonetoreceivethem. Thereweretwomainfiber-opticstandardsfor10MbpsEthernet:theoriginalFOIRL standardand10Base-F,whichdefinesthreedifferentfiber-opticconfigurationscalled 10Base-FL,10Base-FB,and10Base-FP.Ofallthesestandards,10Base-FLwasalwaysthe mostpopular,butrunningfiber-opticcableat10Mbpsisanunderuseofthemedium’s potentialthatbordersonthecriminal.Nowthat100Mbpsdatalinklayerprotocols,such asFastEthernetandFDDI,runonthesamefiber-opticcable,thereisnoreasontouseany oftheseslowersolutionsinanewinstallation. FOIRL Theoriginalfiber-opticstandardforEthernetfromtheearly1980swascalledtheFiberOpticInter-RepeaterLink(FOIRL).Itwasdesignedtofunctionasalinkbetweentwo repeatersupto1,000metersaway.Intendedforuseincampusnetworks,FOIRLcould jointwodistantnetworks,particularlythoseinadjacentbuildings,usingafiber-optic cable. 10Base-FL The10Base-FsupplementwasdevelopedbytheIEEE802.3committeetoprovidea greatervarietyoffiber-opticalternativesforEthernetnetworks.Designedwithbackward compatibilityinmind,10Base-FLwastheIEEEcounterparttoFOIRL.Itincreasedthe maximumlengthofafiber-opticlinkto2,000metersandpermittedconnectionsbetween tworepeaters,twocomputers,oracomputerandarepeater. Asinallofthe10Base-Fspecifications,acomputerconnectedtothenetworkusesan externalfiber-opticMAU(orFOMAU)andanAUIcableupto25meterslong.Theother endofthecableconnectstoafiber-opticrepeatinghubthatprovidesthesamebasic functionsasahubforcoppersegments. CablingGuidelines Inadditiontotheminimumandmaximumsegmentlengthsforthevarioustypesof 10BaseEthernetmedia,thestandardsimposedlimitsonthenumberofrepeatersyou coulduseinasinglecollisiondomain.Thiswasnecessarytoensurethateverypacket transmittedbyanEthernetnodebegantoreachitsdestinationbeforethelastbitleftthe sender.Ifthedistancetraveledbyapacketwastoolong,thesenderwasunabletodetect collisionsreliably,anddatalossescouldoccur. LinkSegmentsandMixingSegments Whendefiningthelimitsonthenumberofrepeatersallowedonthenetwork,the802.3 standarddistinguishesbetweentwotypesofcablesegments,calledlinksegmentsand mixingsegments.Alinksegmentisalengthofcablethatjoinsonlytwonodes,whilea mixingsegmentjoinsmorethantwo. The5-4-3Rule TheEthernetstandardsstatethat,inasingleEthernetcollisiondomain,theroutetaken betweenanytwonodesonthenetworkcanconsistofnomorethanfivecablesegments, joinedbyfourrepeaters,andonlythreeofthesegmentscanbemixingsegments.Thisis knownastheEthernet5-4-3rule.Thisruleismanifestedindifferentways,dependingon thetypeofcableusedforthenetworkmedium. NOTEAcollisiondomainisdefinedasanetworkconfigurationonwhichtwo nodestransmittingdataatthesametimewillcauseacollision.Theuseof bridges,switches,orintelligenthubs,insteadofstandardrepeaters,does notextendthecollisiondomainanddoesnotfallundertheEthernet5-4-3 rule.Ifyouhaveanetworkthathasreacheditsmaximumsizebecauseof thisrule,youshouldconsiderusingoneofthesedevicestocreate separatecollisiondomains.SeeChapter6formoreinformation. Onacoaxialnetwork,whetheritwasthickorthinEthernet,youcouldhavefivecable segmentsjoinedbyfourrepeaters.Onacoaxialnetwork,arepeaterhadonlytwoports anddidnothingbutamplifythesignalasittraveledoverthecable.Asegmentisthe lengthofcablebetweentworepeaters,eventhoughinthecaseofthinEthernetthe segmentcouldconsistofmanyseparatelengthsofcable.Thisrulemeantthattheoverall lengthofathickEthernetbus(calledthemaximumcollisiondomaindiameter)couldbe 2,500meters(500×5),whileathinEthernetbuscouldbeupto925meters(185×5) long. Oneitherofthesenetworks,however,onlythreeofthecablesegmentsactuallyhad nodesconnectedtothem(seeFigure10-4).Youcanusethetwolinksegmentstojoin mixingsegmentslocatedatsomedistancefromeachother,butyoucannotpopulatethem withcomputersorotherdevices. Figure10-4Coaxialnetworksconsistedofuptofivecablesegments,withonlythreeofthefiveconnectedtocomputers orotherdevices. UTPCabling Ona10Base-TUTPnetwork,thesituationwasdifferent.Becausetherepeatersonthis typeofnetworkwereactuallymultiporthubsorswitches,everycablesegmentconnecting anodetothehubisalinksegment.Youcanhavefourhubsinacollisiondomainthatare connectedtoeachotherandeachofwhichcanbeconnectedtoasmanynodesasthehub cansupport(seeFigure10-5).Becausedatatravelingfromonenodetoanyothernode passesthroughamaximumofonlyfourhubsandbecauseallthesegmentsarelink segments,thenetworkisincompliancewiththeEthernetstandards. Figure10-5Twisted-pairnetworksuselinksegmentstoconnecttothecomputers,makingitpossibletohavefour populatedhubs. NOTEOnepotentiallycomplicatingfactortothisarrangementwaswhenyou connected10Base-ThubsusingthinEthernetcoaxialcable.Some 10Base-ThubsincludedBNCconnectorsthatenabledyoutouseabusto chainmultiplehubstogether.Whenyoudidthiswithmorethantwohubs connectedbyasinglecoaxialsegment,youwereactuallycreatinga mixingsegment,andyouhadtocountthistowardthemaximumofthree mixingsegmentspermittedonthenetwork. The10Base-Fspecificationsincludedsomemodificationstothe5-4-3rule.Whenfive cablesegmentswerepresentona10Base-Fnetworkconnectedbyfourrepeaters,FOIRL, 10Base-FL,and10Base-FBsegmentscouldbenomorethan500meterslong.10Base-FP segmentscanbenomorethan300meterslong. EthernetTimingCalculations The5-4-3ruleisageneralguidelinethatisusuallyaccurateenoughtoensureyour networkwillperformproperly.However,itisalsopossibletoassessthecomplianceofa networkwiththeEthernetcablingspecificationsmorepreciselybycalculatingtwo measurements:theround-tripsignaldelaytimeandtheinterframegapshrinkageforthe worst-casepaththroughyournetwork. Theround-tripsignaldelaytimeistheamountoftimeittakesabittotravelbetween thetwomostdistantnodesonthenetworkandbackagain.Theinterframegapshrinkage istheamountthenormal96-bitdelaybetweenpacketsisreducedbynetworkconditions, suchasthetimerequiredforrepeaterstoreconstructasignalbeforesendingitonitsway. Inmostcases,thesecalculationsareunnecessary;aslongasyoucomplywiththe5-43rule,yournetworkshouldfunctionproperly.Ifyouareplanningtoexpandacomplex networktothepointatwhichitpushesthelimitsoftheEthernetguidelines,however,it mightbeagoodideatogetaprecisemeasurementtoensurethateverythingfunctionsasit should.Ifyouendupwithaseverelatecollisionproblemthatrequiresanexpensive networkupgradetoremedy,yourbossisn’tlikelytowanttohearabouthowreliablethe54-3ruleusuallyis. NOTECalculatingtheround-tripsignaldelaytimeandtheinterframegap shrinkageforyournetworkisnotpartofaremedyforexcessivenumbers ofearlycollisions. FindingtheWorst-CasePath Theworst-casepathistheroutedatatakeswhentravelingbetweenthetwomostdistant nodesonthenetwork,bothintermsofsegmentlengthandnumberofrepeaters.Ona relativelysimplenetwork,youcanfindtheworstcasepathbychoosingthetwonodeson thetwooutermostnetworksegmentseitherthathavethelongestlinksegmentsconnecting themtotherepeaterorthatareatthefarendsofthecablebus,asshowninFigure10-6. Figure10-6Onasimplenetworkwithall10Base-Tsegments,theworst-casepathranbetweenthenodeswiththe longestcablesonbothendsegments. Onmorecomplexnetworksusingvarioustypesofcablesegments,youhavetoselect severalpathstotestyournetwork.Inaddition,youmayhavetoaccountforthevariations causedbyhavingdifferentcablesegmenttypesattheleftandrightendsofthepath. Ifyournetworkiswelldocumented,youshouldhaveaschematiccontainingthe precisedistancesofallyourcableruns.Youneedthesefigurestomakeyourcalculations. Ifyoudon’thaveaschematic,determiningtheexactdistancesmaybethemostdifficult partofthewholeprocess.Themostaccuratemethodfordeterminingthelengthofacable runistouseamultifunctioncabletester,whichutilizesatechniquecalledtimedomain reflectometry(TDR).TDRissimilartoradar,inthattheunittransmitsatestsignal, preciselymeasuresthetimeittakesthesignaltotraveltotheotherendofthecableand backagain,andthenusesthisinformationtocomputethecable’slength.Ifyoudon’thave acabletesterwithTDRcapabilities,youcanmeasurethecablelengthsmanuallyby estimatingthedistancesbetweentheconnectors.Thiscanbeparticularlydifficultwhen cablesareinstalledinsidewallsandceilingsbecausetheremaybeunseenobstaclesthat extendthelengthofthecable.Ifyouusethismethod,youshoulderronthesideof cautionandincludeanadditionaldistancefactortoaccountforpossibleerrors. Alternatively,youcansimplyusethemaximumallowablecabledistancesforthevarious cablesegments,aslongasyouaresurethecablerunsdonotexceedtheEthernet standard’smaximumsegmentlengthspecifications. Onceyouhavedeterminedtheworst-casepath(orpaths)youwilluseforyour calculations,it’sagoodideatocreateasimplediagramofeachpathwiththecable distancesinvolved.Eachpathwillhaveleftandrightendsegmentsandmayhaveoneor moremiddlesegments.Youwillthenperformyourcalculationsontheindividual segmentsandcombinetheresultstotesttheentirepath. ExceedingEthernetCablingSpecifications TheEthernetspecificationshaveacertainamountofleewaybuiltintothemthatmakesit possibletoexceedthecablinglimitations,withinreason.Ifanetworkhasanextrarepeater oracablethat’salittletoolong,itwillprobablycontinuetofunctionwithoutcausingthe latecollisionsthatoccurwhenthespecificationsaregrosslyexceeded.Youcanseehow thisissobycalculatingtheactualamountofcoppercablefilledbyanEthernetsignal. Electricalsignalspassingthroughacoppercabletravelatapproximately200,000,000 meters/second(2/3ofthespeedoflight).Ethernettransmitsat10Mbps,or10,000,000 bits/second.Bydividing200,000,000by10,000,000,youarriveatafigureof20metersof cableforeverytransmittedbit.Thus,thesmallestpossibleEthernetframe,whichis512 bits(64bytes)long,occupies10,240metersofcoppercable. IfyoutakethelongestpossiblelengthofcoppercablepermittedbytheEthernet standards,a500-meterthickEthernetsegment,youcanseethattheentire500meters wouldbefilledbyonly25bitsofdata(at20meters/bit).Twonodesatthefarendsofthe segmentwouldhavearound-tripdistanceof1,000meters. Whenoneofthetwonodestransmits,acollisioncanoccuronlyiftheothernodealso beginstransmittingbeforethesignalreachesit.Ifyougrantthatthesecondnodebegins transmittingatthelastpossiblemomentbeforethefirsttransmissionreachesit,thenthe firstnodecansendnomorethan50bits(occupying1,000metersofcable,500downand 500back)beforeitdetectsthecollisionandceasestransmitting.Obviously,this50bitsis wellbelowthe512-bitbarrierthatseparatesearlyfromlatecollisions. Ofcourse,thisexampleinvolvesonlyonesegment.Butevenifyouextendathick Ethernetnetworktoitsmaximumcollisiondomaindiameter—fivesegmentsof500 meterseach,or2,500meters—anodewouldstilltransmitonly250bits(occupying5,000 metersofcable,2,500downand2,500back)beforedetectingacollision. Thus,youcanseethattheEthernetspecificationsfortheround-tripsignaldelaytime arefullytwiceasstrictastheyneedtobeinthecaseofathickEthernetnetwork.Forthe othercoppermedia,thinEthernetand10Base-T,thespecificationsareevenmorelax becausethemaximumsegmentlengthsaresmaller,whilethesignalingspeedremainsthe same.Forafull-lengthfive-segment10Base-Tnetworkonly500meterslong,the specificationistentimesstricterthanitneedstobe. Thisisnottosaythatyoucansafelydoublethemaximumcablelengthsonyour networkacrosstheboardorinstalladozenrepeaters(althoughitispossibletosafely lengthenthesegmentsona10Base-Tnetworkupto150metersifyouuseCategory5 UTPcableinsteadofCategory3).Otherfactorscanaffecttheconditionsonyournetwork tobringitclosertothelimitsdefinedbythespecifications.Infact,thesignaltimingisnot asmuchofarestrictingfactoron10MbpsEthernetinstallationsasisthesignalstrength. Theweakeningofthesignalduetoattenuationisfarmorelikelytocauseperformance problemsonanoverextendednetworkthanareexcesssignaldelaytimes.Thepointhereis todemonstratethatthedesignersoftheEthernetprotocolbuiltasafetyfactorintothe networkfromthebeginning,perhapspartiallyexplainingwhyitcontinuestoworksowell morethan20yearslater. TheEthernetFrame TheEthernetframeisthesequenceofbitsthatbeginsandendseveryEthernetpacket transmittedoveranetwork.Theframeconsistsofaheaderandfooterthatsurroundand encapsulatethedatageneratedbytheprotocolsoperatingathigherlayersoftheOSI model.Theinformationintheheaderandfooterspecifiestheaddressesofthesystem sendingthepacketandthesystemthatistoreceiveitandalsoperformsseveralother functionsthatareimportanttothedeliveryofthepacket. TheIEEE802.3Frame ThebasicEthernetframeformat,asdefinedbytheIEEE802.3standard,isshownin Figure10-7.Thefunctionsoftheindividualfieldsarediscussedinthefollowingsections. Figure10-7TheEthernetframeenclosesthedatapasseddowntheprotocolstackfromthenetworklayerandpreparesit fortransmission. PreambleandStartofFrameDelimiter Thepreambleconsistsof7bytesofalternatingzerosandones,whichthesystemsonthe networkusetosynchronizetheirclocksandthendiscard.TheManchesterencoding schemeEthernetusesrequirestheclocksoncommunicatingsystemstobeinsyncsothat theybothagreeonhowlongabittimeis.Systemsinidlemode(thatis,notcurrently transmittingandnotintheprocessofrectifyingacollision)areincapableofreceivingany datauntiltheyusethesignalsgeneratedbythealternatingbitvaluesofthepreambleto preparefortheforthcomingdatatransmission. NOTEFormoreinformationonManchesterencodingandthesignalingthat occursatthephysicallayer,seeChapter2. Bythetimethe7bytesofthepreamblehavebeentransmitted,thereceivingsystem hassynchronizeditsclockwiththatofthesender,butthereceiverisalsounawareofhow manyofthe7byteshaveelapsedbeforeitfellintosync.Tosignalthecommencementof theactualpackettransmission,thesendertransmitsa1-bytestartofframedelimiter, whichcontinuesthealternatingzerosandones,exceptforthelasttwobits,whichareboth ones.Thisisthesignaltothereceiverthatanydatafollowingispartofadatapacketand shouldbereadintothenetworkadapter’smemorybufferforprocessing. DestinationAddressandSourceAddress AddressingisthemostbasicfunctionoftheEthernetframe.Becausetheframecanbesaid toformanenvelopeforthenetworklayerdatacarriedinsideit,itisonlyfittingthatthe envelopehaveanaddress.TheaddressestheEthernetprotocolusestoidentifythesystems onthenetworkare6byteslongandhard-codedintothenetworkinterfaceadaptersineach machine.TheseaddressesarereferredtoashardwareaddressesorMACaddresses.The hardwareaddressoneveryEthernetadaptermadeisunique.TheIEEEassigns3-byte prefixestoNICmanufacturersthatitcallsorganizationallyuniqueidentifiers(OUIs),and themanufacturerssupplytheremaining3bytes.Whentransmittingapacket,itisthe networkadapterdriveronthesystemthatgeneratesthevaluesforthedestinationaddress andsourceaddressfields. Thedestinationaddressfieldidentifiesthesystemtowhichthepacketisbeingsent. Theaddressmayidentifytheultimatedestinationofthepacketifit’sonthelocalnetwork, ortheaddressmaybelongtoadevicethatprovidesaccesstoanothernetwork,suchasa router.Addressesatthedatalinklayeralwaysidentifythepacket’snextstoponthelocal network.Itisuptothenetworklayertocontrolend-to-endtransmissionandtoprovidethe addressofthepacket’sultimatedestination. EverynodeonasharedEthernetnetworkreadsthedestinationaddressfromthe headerofeverypackettransmittedbyeverysystemonthenetworktodeterminewhether theheadercontainsitsownaddress.Asystemreadingtheframeheaderandrecognizing itsownaddressthenreadstheentirepacketintoitsmemorybuffersandprocessesit accordingly.Adestinationaddressofallonessignifiesthatthepacketisabroadcast, meaningitisintendedforallofthesystemsonthenetwork.Certainaddressescanalsobe designatedasmulticastaddressesbythenetworkingsoftwareonthesystem.Amulticast addressidentifiesagroupofsystemsonthenetwork,allofwhicharetoreceivecertain messages. Thesourceaddressfieldcontainsthe6-byteMACaddressofthesystemsendingthe packet.(Thespecificationsallowfor2-byteaddressesaswell.) Length Thelengthfieldinan802.3frameis2byteslongandspecifieshowmuchdataisbeing carriedasthepacket’spayloadinbytes.Thisfigureincludesonlytheactualupper-layer datainthepacket.Itdoesnotincludetheframefieldsfromtheheaderorfooterorany paddingthatmighthavebeenaddedtothedatafieldtoreachtheminimumsizeforan Ethernetpacket(64bytes).ThemaximumsizeforanEthernetpacket,includingthe frame,is1,518bytes.Becausetheframeconsistsof18bytes,themaximumvalueforthe lengthfieldis1,500. DataandPad Thedatafieldcontainsthepayloadofthepacket—thatis,the“contents”oftheenvelope. Aspasseddownfromthenetworklayerprotocol,thedatawillincludeanoriginalmessage generatedbyanupper-layerapplicationorprocess,plusanyheaderinformationaddedby theprotocolsintheinterveninglayers.Inaddition,an802.3packetwillcontainthe3-byte logicallinkcontrolheaderinthedatafield. Forexample,thepayloadofapacketcontaininganInternethostnametoberesolved intoanIPaddressbyaDNSserverconsistsoftheoriginalDNSmessagegeneratedatthe applicationlayer,aheaderappliedbytheUDPprotocolatthetransportlayer,aheader appliedbytheIPprotocolatthenetworklayer,andtheLLCheader.Althoughthesethree additionalheadersarenotpartoftheoriginalmessage,totheEthernetprotocoltheyare justpayloadthatiscarriedinthedatafieldlikeanyotherinformation.Justaspostal workersarenotconcernedwiththecontentsoftheenvelopestheycarry,theEthernet protocolhasnoknowledgeofthedatawithintheframe. TheentireEthernetpacket(excludingthepreambleandthestartofframedelimiter) mustbeaminimumof64bytesinlengthfortheprotocol’scollisiondetectionmechanism tofunction. Therefore,subtracting18bytesfortheframe,thedatafieldmustbeatleast46byteslong. Ifthepayloadpasseddownfromthenetworklayerprotocolistooshort,theEthernet adapteraddsastringofmeaninglessbitstopadthedatafieldouttotherequisitelength. ThemaximumallowablelengthforanEthernetpacketis1,518bytes,meaningthe datafieldcanbenolargerthan1,500bytes(includingtheLLCheader). FrameCheckSequence Thelast4bytesoftheframe,followingthedatafield(andthepad,ifany),carrya checksumvaluethereceivingnodeusestodeterminewhetherthepackethasarrived intact.Justbeforetransmission,thenetworkadapteratthesendingnodecomputesacyclic redundancycheck(CRC)onallofthepacket’sotherfields(exceptforthepreambleand thestartofframedelimiter)usinganalgorithmcalledtheAUTODINIIpolynomial.The valueoftheCRCisuniquelybasedonthedatausedtocomputeit. Whenthepacketarrivesatitsdestination,thenetworkadapterinthereceivingsystem readsthecontentsoftheframeandperformsthesamecomputation.Bycomparingthe newlycomputedvaluewiththeoneintheFCSfield,thesystemcanverifythatnoneof thepacket’sbitvalueshaschanged.Ifthevaluesmatch,thesystemacceptsthepacketand writesittothememorybuffersforprocessing.Ifthevaluesdon’tmatch,thesystem declaresanalignmenterroranddiscardstheframe.Thesystemwillalsodiscardtheframe ifthenumberofbitsinthepacketisnotamultipleof8.Onceaframeisdiscarded,itisup tothehigher-layerprotocolstorecognizeitsabsenceandarrangeforretransmission. TheEthernetIIFrame Thefunctionofthe2-bytefieldfollowingthesourceaddresswasdifferentintheframe formatsofthetwopredominantEthernetstandards.Whilethe802.3frameusesthisfield tospecifythelengthofthedatainthepacket,theEthernetIIstandardusedittospecify theframetype,alsocalledtheEthertype.TheEthertypespecifiesthememorybufferin whichtheframeshouldbestored.Thelocationofthememorybufferspecifiedinthisfield identifiesthenetworklayerprotocolforwhichthedatacarriedintheframeisintended. Thisisacrucialelementofeveryprotocoloperatinginthedatalink,network,and transportlayersofasystem’snetworkingstack.Thedatainthepacketmustbedelivered notonlytothepropersystemonthenetwork,butalsototheproperapplicationorprocess onthatsystem.Becausethedestinationcomputercanberunningmultipleprotocolsatthe networklayeratthesametime,suchasIP,NetBEUI,andIPX,theEthertypefieldinforms theEthernetadapterdriverwhichoftheseprotocolsshouldreceivethedata. WhenasystemreadstheheaderofanEthernetpacket,theonlywaytotellanEthernet IIframefroman802.3framewasbythevalueofthelength/Ethertypefield.Becausethe valueofthe802.3lengthfieldcanbenohigherthan1,500(0x05DC,inhexadecimal notation),theEthertypevaluesassignedtothedevelopersofthevariousnetworklayer protocolsareallhigherthan1,500. TheLogicalLinkControlSublayer TheIEEEsplitsthefunctionalityofthedatalinklayerintotwosublayers:mediaaccess controlandlogicallinkcontrol.OnanEthernetnetwork,theMACsublayerincludes elementsofthe802.3standard:thephysicallayerspecifications,theCSMA/CD mechanism,andthe802.3frame.ThefunctionsoftheLLCsublayeraredefinedinthe 802.2standard,whichisalsousedwiththeother802MACstandards. TheLLCsublayeriscapableofprovidingavarietyofcommunicationsservicesto networklayerprotocols,includingthefollowing: •UnacknowledgedconnectionlessserviceMultisourceagreements(MSA) simpleservicethatprovidesnoflowcontrolorerrorcontrolanddoesnot guaranteeaccuratedeliveryofdata •Connection-orientedserviceMSAfullyreliableservicethatguarantees accuratedatadeliverybyestablishingaconnectionwiththedestinationbefore transmittingdataandbyusingerrorandflowcontrolmechanisms •AcknowledgedconnectionlessserviceMSAmidrangeservicethatuses acknowledgmentmessagestoprovidereliabledeliverybutthatdoesnotestablish aconnectionbeforetransmittingdata Onatransmittingsystem,thedatapasseddownfromthenetworklayerprotocolis encapsulatedfirstbytheLLCsublayerintowhatthestandardcallsaprotocoldataunit (PDU).ThenthePDUispasseddowntotheMACsublayer,whereitisencapsulated againinaheaderandfooter,atwhichpointitcantechnicallybecalledaframe.Inan Ethernetpacket,thismeansthedatafieldofthe802.3framecontainsa3-or4-byteLLC header,inadditiontothenetworklayerdata,thusreducingthemaximumamountofdata ineachpacketfrom1,500to1,496bytes. TheLLCheaderconsistsofthreefields,thefunctionsofwhicharedescribedinthe followingsections. DSAPandSSAP Thedestinationserviceaccesspoint(DSAP)fieldidentifiesalocationinthememory buffersonthedestinationsystemwherethedatainthepacketshouldbestored.Thesource serviceaccesspoint(SSAP)fielddoesthesameforthesourceofthepacketdataonthe transmittingsystem.Bothofthese1-bytefieldsusevaluesassignedbytheIEEE,which functionsastheregistrarfortheprotocol. InanEthernetSNAPpacket,thevalueforboththeDSAPandSSAPfieldsis170(or 0xAA,inhexadecimalform).ThisvalueindicatesthatthecontentsoftheLLCPDUbegin withaSubnetworkAccessProtocol(SNAP)header.TheSNAPheaderprovidesthesame functionalityastheEthertypefieldtothe802.3frame. Control ThecontrolfieldoftheLLCheaderspecifiesthetypeofserviceneededforthedatainthe PDUandthefunctionofthepacket.Dependingonwhichoftheservicesisrequired,the controlfieldcanbeeither1or2byteslong.InanEthernetSNAPframe,forexample,the LLCusestheunacknowledged,connectionlessservice,whichhasa1-bytecontrolfield valueusingwhatthestandardcallstheunnumberedformat.Thevalueforthecontrolfield is3,whichisdefinedasanunnumberedinformationframe—thatis,aframecontaining data.Unnumberedinformationframesarequitesimpleandsignifyeitherthatthepacket containsanoncriticalmessageorthatahigher-layerprotocolissomehowguaranteeing deliveryandprovidingotherhigh-levelservices. Theothertwotypesofcontrolfields(whichare2byteseach)aretheinformation formatandthesupervisoryformat.Thethreecontrolfieldformatsaredistinguishedby theirfirstbits,asfollows: •Theinformationformatbeginswitha0bit. •Thesupervisoryformatbeginswitha1bitanda0bit. •Theunnumberedformatbeginswithtwo1bits. TheremainderofthebitsspecifytheprecisefunctionofthePDU.Inamorecomplex exchangeinvolvingtheconnection-orientedservice,unnumberedframescontain commands,suchasthoseusedtoestablishaconnectionwiththeothersystemand terminateitattheendofthetransmission.Thecommandstransmittedinunnumbered framesareasfollows: •Unnumberedinformation(UI)Usedtosenddataframesbythe unacknowledged,connectionlessservice •Exchangeidentification(XID)Usedasbothacommandandaresponsein theconnection-orientedandconnectionlessservices •TESTUsedasbothacommandandaresponsewhenperforminganLLC loopbacktest •Framereject(FRMR)Usedasaresponsewhenaprotocolviolationoccurs •SetAsynchronousBalancedModeExtended(SABME)Usedtorequest thataconnectionbeestablished •Unnumberedacknowledgment(UA)Usedasthepositiveresponsetothe SABMEmessage •Disconnectmode(DM)UsedasanegativeresponsetotheSABME message •Disconnect(DISC)Usedtorequestthataconnectionbeclosed;aresponse ofeitherUAorDMisexpected Informationframescontaintheactualdatatransmittedduringconnection-orientedand acknowledgedconnectionlesssessions,aswellastheacknowledgmentmessagesreturned bythereceivingsystem.Onlytwotypesofmessagesaresentininformationframes:N(S) andN(R)forthesendandreceivepackets,respectively.Bothsystemstrackthesequence numbersoftheframestheyreceive.AnN(S)messageletsthereceiverknowhowmany packetsinthesequencehavebeensent,andanN(R)messageletsthesenderknowwhat packetinthesequenceitexpectstoreceive. Supervisoryframesareusedonlybytheconnection-orientedserviceandprovide connectionmaintenanceintheformofflowcontrolanderror-correctionservices.The typesofsupervisorymessagesareasfollows: •Receiverready(RR)Usedtoinformthesenderthatthereceiverisreadyfor thenextframeandtokeepaconnectionalive •Receivernotready(RNR)Usedtoinstructthesendernottosendanymore packetsuntilthereceivertransmitsanRRmessage •Framereject(REJ)Usedtoinformthesenderofanerrorandrequest retransmissionofallframessentafteracertainpoint LLCApplications Insomecases,theLLCframeplaysonlyaminorroleinthenetworkcommunications process.OnanetworkrunningTCP/IPalongwithotherprotocols,forexample,theonly functionofLLCmaybetoenable802.3framestocontainaSNAPheader,whichspecifies thenetworklayerprotocoltheframeshouldgoto,justliketheEthertypeinanEthernetII frame.Inthisscenario,theLLCPDUsallusetheunnumberedinformationformat.Other high-levelprotocols,however,requiremoreextensiveservicesfromLLC. TheSNAPHeader BecausetheIEEE802.3frameheaderdoesnothaveanEthertypefield,itwouldnormally beimpossibleforareceivingsystemtodeterminewhichnetworklayerprotocolshould receivetheincomingdata.Thiswouldnotbeaproblemifyouranonlyonenetworklayer protocol,butwithmultipleprotocolsinstalled,itbecomesaseriousproblem.802.3 packetsaddressthisproblembyusingyetanotherprotocolwithintheLLCPDU,called theSubnetworkAccessProtocol. TheSNAPheaderis5byteslongandfounddirectlyaftertheLLCheaderinthedata fieldofan802.3frame.Thefunctionsofthefieldsareasfollows: •OrganizationcodeTheorganizationcode,orvendorcode,isa3-bytefield thattakesthesamevalueasthefirst3bytesofthesourceaddressinthe802.3 header. •LocalcodeThelocalcodeisa2-bytefieldthatisthefunctionalequivalent oftheEthertypefieldintheEthernetIIheader. NOTEMany,ifnotall,oftheregisteredvaluesfortheNIChardwareaddress prefixes,theEthertypefield,andtheDSAP/SSAPfieldsarelistedinthe “AssignedNumbers”documentpublishedasarequestforcomments (RFC)bytheInternetEngineeringTaskForce(IETF).Findthecurrent versionnumberforthisdocumentatwww.ietf.org/rfc.html. Full-DuplexEthernet TheCSMA/CDmediaaccesscontrolmechanismisthedefiningelementoftheEthernet protocol,butitisalsothesourceofmanyofitslimitations.Thefundamentalshortcoming oftheEthernetprotocolisthatdatacantravelinonlyonedirectionatatime.Thisis knownashalf-duplexoperation.Withspecialhardware,itisalsopossibletorunEthernet connectionsinfull-duplexmode,meaningthatthedevicecantransmitandreceivedata simultaneously.Thiseffectivelydoublesthebandwidthofthenetwork.Full-duplex capabilityforEthernetnetworkswasstandardizedinthe802.3xsupplementtothe802.3 standardin1997. Whenoperatinginfull-duplexmode,theCSMA/CDMACmechanismisignored. Systemsdonotlistentothenetworkbeforetransmitting;theysimplysendtheirdata whenevertheywant.Becausebothofthesystemsinafull-duplexlinkcantransmitand receivedataatthesametime,thereisnopossibilityofcollisionsoccurring.Becauseno collisionsoccur,thecablingrestrictionsintendedtosupportthecollisiondetection mechanismarenotneeded.Thismeansyoucanhavelongercablesegmentsonafullduplexnetwork.Theonlylimitationisthesignaltransmittingcapability(thatis,the resistancetoattenuation)ofthenetworkmediumitself. ThisisaparticularlyimportantpointonaFastEthernetnetworkusingfiber-optic cablebecausethecollisiondetectionmechanismisresponsibleforitsrelativelyshort maximumsegmentlengths.Whileahalf-duplex100Base-FXlinkbetweentwodevices canbeamaximumofonly412meterslong,thesamelinkoperatinginfull-duplexmode canbeupto2,000meters(2km)longbecauseitisrestrictedonlybythestrengthofthe signal.A100Base-FXlinkusingsingle-modefiber-opticcablecanspandistancesof20 kmormore.Thesignalattenuationontwisted-pairnetworks,however,makes10Base-T, 100Base-TX,and1000Base-Tnetworksstillsubjecttothe100-metersegmentlength restriction. Full-DuplexRequirements Therearethreerequirementsforfull-duplexEthernetoperation: •Anetworkmediumwithseparatetransmitandreceivechannels •Adedicatedlinkbetweentwosystems •Networkinterfaceadaptersandswitchesthatsupportfull-duplexoperation Full-duplexEthernetispossibleonlyonlinksegmentsthathaveseparatechannelsfor thecommunicationsineachdirection.Thismeansthattwisted-pairandfiber-optic networkscansupportfull-duplexcommunicationsusingregular,Fast,andGigabit Ethernet,butcoaxialcablecannot.OftheEthernetvariantsusingtwisted-pairandfiberopticcables,10Base-FBand10Base-FPdidnotsupportfull-duplex(whichisnotagreat loss,sincenooneusedthem),nordoes100Base-T4(whichisalsorarelyused).Allofthe othernetworktypessupportfull-duplexcommunications. Full-duplexEthernetalsorequiresthateverytwocomputershaveadedicatedlink betweenthem.Thismeansyoucan’tuserepeatinghubsonafull-duplexnetworkbecause thesedevicesoperateinhalf-duplexmodebydefinitionandcreateasharednetwork medium.Instead,youmustuseswitches,alsoknownasswitchinghubs,whicheffectively isolateeachpairofcommunicatingcomputersonitsownnetworksegmentandprovide thepacket-bufferingcapabilitiesneededtosupportbidirectionalcommunications. Finally,eachofthedevicesonafull-duplexEthernetnetworkmustsupportfullduplexcommunicationsandbeconfiguredtouseit.Switchesthatsupportfull-duplexare readilyavailable,asareFastEthernetNICs.Full-duplexoperationisanessential componentof1000Base-TGigabitEthernet,andmany1000Base-XGigabitEthernet adapterssupportfull-duplexaswell.Ensuringthatyourfull-duplexequipmentisactually operatinginfull-duplexmodecansometimesbetricky.Autonegotiationisdefinitelythe easiestwayofdoingthis;dual-speedFastEthernetequipmentautomaticallygivesfullduplexoperationpriorityoverhalf-duplexatthesamespeed.However,adaptersand switchesthatdonotsupportmultiplespeedsmaynotincludeautonegotiation.For example,virtuallyall100Base-TXNICsaredualspeed,supportingboth10and100Mbps transmissions.AutonegotiationisalwayssupportedbytheseNICs,whichmeansthat simplyconnectingtheNICtoafull-duplexswitchwillenablefull-duplex communications.FastEthernetNICsthatusefiber-opticcables,however,areusually single-speeddevicesandmayormaynotincludeautonegotiationcapability.Youmay havetomanuallyconfiguretheNICbeforeitwillusefull-duplexcommunications. Full-DuplexFlowControl Theswitchinghubsonfull-duplexEthernetnetworkshavetobeabletobufferpacketsas theyreadthedestinationaddressineachoneandperformtheinternalswitchingneededto senditonitsway.Theamountofbuffermemoryinaswitchis,ofcourse,finite,andasa result,it’spossibleforaswitchtobeoverwhelmedbytheconstantinputofdatafrom freelytransmittingfull-duplexsystems.Therefore,the802.3xsupplementdefinesan optionalflowcontrolmechanismthatfull-duplexsystemscanusetomakethesystemat theotherendofalinkpauseitstransmissionstemporarily,enablingtheotherdeviceto catchup. Thefull-duplexflowcontrolmechanismiscalledtheMACControlprotocol,which takestheformofaspecializedframethatcontainsaPAUSEcommandandaparameter specifyingthelengthofthepause.TheMACControlframeisastandardEthernetframe ofminimumlength(64bytes)withthehexadecimalvalue8808intheEthertypeorSNAP LocalCodefield.Theframeistransmittedtoaspecialmulticastaddress(01-80-C2-00-0001)designatedforusebyPAUSEframes.ThedatafieldoftheMACControlframe containsa2-byteoperationalcode(opcode)withahexadecimalvalueof0001,indicating thatitisaPAUSEframe.Atthistime,thisistheonlyvalidMACControlopcodevalue.A 2-bytepause-timeparameterfollowstheopcode,whichisanintegerspecifyingthe amountoftimethereceivingsystemsshouldpausetheirtransmissions,measuredinunits calledquanta,eachofwhichisequalto512bittimes.Therangeofpossiblevaluesforthe pause-timeparameteris0to65,535. Full-DuplexApplications Full-duplexEthernetcapabilitiesaremostoftenprovidedinFastEthernetandGigabit Ethernetadaptersandswitches.Whilefull-duplexoperationtheoreticallydoublesthe bandwidthofanetwork,theactualperformanceimprovementthatyourealizedependson thenatureofthecommunicationsinvolved.Upgradingadesktopworkstationtofull duplexwillprobablynotprovideadramaticimprovementinperformance.Thisisbecause desktopcommunicationstypicallyconsistofrequest/responsetransactionsthatare themselveshalf-duplexinnature,andprovidingafull-duplexmediumwon’tchangethat. Full-duplexoperationisbettersuitedtothecommunicationsbetweenswitchesona backbone,whicharecontinuallycarryinglargeamountsoftrafficgeneratedbycomputers alloverthenetwork. CHAPTER 11 100BaseEthernetandGigabit Ethernet 100BaseEthernetandGigabitEthernetaretoday’s100and1,000Mbpsvariantsofthe Ethernetprotocol,respectively.Althoughsimilarto10BaseEthernetinmanyways,the 100Baseprotocolshavesomeconfigurationissuesthatyoumustbeawareofinorderto design,install,andadministerthenetworksthatusethem. 100BaseEthernet TheIEEE802.3uspecification,ratifiedin1995,definedwhatiscommonlyknownas 100BaseEthernet,adatalinklayerprotocolrunningat100Mbps,whichistentimesthe speedoftheoriginalEthernetprotocol.Thisisnowtheindustrystandardformanynew installations,largelybecauseitimprovesnetworkperformancesomuchwhilechangingso little. 100BaseEthernetlefttwoofthethreedefiningelementsofanEthernetnetwork unchanged.TheprotocolusesthesameframeformatasIEEE802.3andthesame CSMA/CDmediaaccesscontrolmechanism.Thechangesthatenabletheincreasein speedareinseveralelementsofthephysicallayerconfiguration,includingthetypesof cableused,thelengthofcablesegments,andthenumberofhubspermitted. PhysicalLayerOptions Thefirstdifferencebetween10Baseand100BaseEthernetwasthatcoaxialcablewasno longersupported.100BaseEthernetrunsonlyonUTPorfiber-opticcable,although shieldedtwisted-pair(STP)isanoptionaswell.GonealsowastheManchestersignaling scheme,tobereplacedbythe4B/5BsystemdevelopedfortheFiberDistributedData Interface(FDDI)protocol.Thephysicallayeroptionsdefinedin802.3uwereintendedto providethemostflexibleinstallationparameterspossible.Virtuallyeveryaspectofthe 100BaseEthernetprotocol’sphysicallayerspecificationswasdesignedtofacilitate upgradesfromearliertechnologiesand,particularly,from10Base-T.Inmanycases, existingUTPnetworksupgradedto100BaseEthernetwithoutpullingnewcable.Theonly exceptiontothiswasincasesofnetworksthatspannedlongerdistancesthan100Base Ethernetcouldsupportwithcoppercabling. 100BaseEthernetdefinedthreephysicallayerspecifications,asshowninTable11-1. Table11-1IEEE802.3uPhysicalLayerSpecifications Inadditiontotheconnectorsshownforeachofthecabletypes,the802.3ustandard describedamedium-independentinterface(MII)thatuseda40-pinD-shellconnector. TakingfromthedesignoftheoriginalthickEthernetstandard,theMIIconnectedtoan externaltransceivercalledaphysicallayerdevice(PHY),which,inturn,connectedtothe networkmedium.TheMIImadeitpossibletobuilddevicessuchashubsandcomputers thatintegrated100BaseEthernetadaptersbutwerenotcommittedtoaparticularmedia type.BysupplyingdifferentPHYunits,youcouldconnectthedevicetoa100Base Ethernetnetworkusinganysupportedcabletype.SomePHYdevicesconnecteddirectly totheMII,whileothersusedacablenotunliketheAUIcablearrangementinthick Ethernet.Whenthiswasthecase,theMIIcablecouldbenomorethan0.5meterslong. Mostofthe100BaseEthernethardwareonthemarkettodayusesinternaltransceivers anddoesnotneedanMIIconnectororcable,butafewproductsdotakeadvantageofthis interface. 100Base-TX UsingstandardsforphysicalmediadevelopedbytheAmericanNationalStandards Institute(ANSI),100Base-TXanditsfiber-opticcounterpart,100Base-FX,wereknown collectivelyas100Base-X.Theyprovidedthecorephysicallayerguidelinesfornewcable installations.Like10Base-T,100Base-TXcalledfortheuseofunshieldedtwisted-pair cablesegmentsupto100metersinlength.Theonlydifferencefroma10Base-Tsegment wasinthequalityandcapabilitiesofthecableitself. 100Base-TXwasbasedontheANSITP-PMDspecificationandcallsfortheuseof Category5UTPcableforallnetworksegments.Asyoucanseeinthetable,theCategory 5cablespecificationprovidedthepotentialformuchgreaterbandwidththantheCategory 3cablespecifiedfor10Base-Tnetworks.Asanalternative,usingType1shieldedtwistedpaircablewasalsopossibleforinstallationswheretheoperatingenvironmentpresenteda greaterdangerofelectromagneticinterference. Forthesakeofcompatibility,100Base-TX(aswellas100Base-T4)usedthesame typeofRJ-45connectorsas10Base-T,andthepinassignmentswerethesameaswell.The pinassignmentsweretheoneareainwhichthecablespecificationsdifferedfromANSI TP-PMDtomaintainbackwardcompatibilitywith10Base-Tnetworks. 100Base-T4 100Base-T4wasintendedforuseonnetworksthatalreadyhadUTPcableinstalled,but thecablewasnotratedasCategory5.The10Base-Tspecificationallowedfortheuseof standardvoice-grade(Category3)cable,andthereweremanynetworksthatwerealready wiredfor10Base-TEthernet(orevenfortelephonesystems).100Base-T4ranat100 MbpsonCategory3cablebyusingallfourpairsofwiresinthecable,insteadofjusttwo, as10Base-Tand100Base-TXdo. Thetransmitandreceivedatapairsina100Base-T4circuitarethesameasthatof 100Base-TX(and10Base-T).Theremainingfourwiresfunctionasbidirectionalpairs.As ona10Base-Tnetwork,thetransmitandreceivepairsmustbecrossedoverfortrafficto flow.Thecrossovercircuitsina100BaseEthernethubconnectthetransmitpairtothe receivepair,asalways.Ina100Base-T4hub,thetwobidirectionalpairsarecrossedas wellsothatpair3connectstopair4,andviceversa. 100Base-FX The100Base-FXspecificationcalledforthesamehardwareasthe10Base-FL specificationexceptthatthemaximumlengthofacablesegmentwasnomorethan412 meters.Aswiththeother100BaseEthernetphysicallayeroptions,themediumwas capableoftransmittingasignaloverlongerdistances,butthelimitationwasimposedto ensuretheproperoperationofthecollision-detectionmechanism.Asmentionedearlier, whenyoueliminatetheCSMA/CDMACmechanism,likeonafull-duplexEthernet network,100Base-FXsegmentscanbemuchlonger. CableLengthRestrictions Becausethenetworkoperatesattentimesthespeedof10BaseEthernet,100BaseEthernet cableinstallationsweremorerestricted.Ineffect,the100BaseEthernetstandardusesupa gooddealofthelatitudebuiltintotheoriginalEthernetstandardstoachievegreater performancelevels.In10MbpsEthernet,thesignaltimingspecificationswereatleast twiceasstrictastheyhadtobeforsystemstodetectearlycollisionsproperlyonthe network.Thelengthsofthenetworksegmentsweredictatedmorebytheneedtomaintain thesignalstrengththanthesignaltiming. On100Base-Tnetworks,however,signalstrengthisnotasmuchofanissueassignal timing.TheCSMA/CDmechanismona100BaseEthernetnetworkfunctionsexactlylike thatofa10MbpsEthernetnetwork,andthepacketsarethesamesize,buttheytravelover themediumattentimesthespeed.Becausethecollisiondetectionmechanismisthesame, asystemstillmustbeabletodetectthepresenceofacollisionbeforetheslottimeexpires (thatis,beforeittransmits64bytesofdata).Becausethetrafficismoving100Mbps, though,thedurationofthatslottimeisreduced,andthemaximumlengthofthenetwork mustbereducedaswelltosensecollisionsaccurately.Forthisreason,themaximum overalllengthofa100Base-TXnetworkisapproximately205meters.Thisisafigureyou shouldobservemuchmorestringentlythanthe500-metermaximumfora10Base-T network. NOTEWhenyouplanyournetwork,besuretoremainconsciousthatthe 100-metermaximumcablesegmentlengthspecificationinthe100Base Ethernetstandardincludestheentirelengthofcableconnectinga computertothehub.Ifyouhaveaninternalcableinstallationthat terminatesatwallplatesatthecomputersiteandapatchpanelatthehub site,youmustincludethelengthsofthepatchcablesconnectingthewall platetothecomputerandthepatchpaneltothehubinyourtotal measurement.Thespecificationrecommendsthatthemaximumlength foraninternalcablesegmentbe90meters,leaving10metersforthe patchcables. HubConfigurations Becausethemaximumlengthfora100Base-TXsegmentis100meters,thesameasthat for10Base-T,therestrictionsontheoveralllengthofthenetworkarefoundinthe configurationoftherepeatinghubsusedtoconnectthesegments.The802.3usupplement describedtwotypesofhubsforall100Base-Tnetworks:ClassIandClassII.Every 100BaseEthernethubmusthaveacircledRomannumeralIorIIidentifyingitsclass. ClassIhubsareintendedtosupportcablesegmentswithdifferenttypesofsignaling. 100Base-TXand100Base-FXusethesamesignalingtype,while100Base-T4isdifferent (becauseofthepresenceofthetwobidirectionalpairs).AClassIhubcontainscircuitry thattranslatesincoming100Base-TX,100Base-FX,and100Base-T4signalstoacommon digitalformatandthentranslatesthemagaintotheappropriatesignalforeachoutgoing hubport.Thesetranslationactivitiescausecomparativelylongtimingdelaysinthehub,so youcanhaveonlyoneClassIhubonthepathbetweenanytwonodesonthenetwork. ClassIIhubscanonlysupportcablesegmentsofthesamesignalingtype.Becauseno translationisinvolved,thehubpassestheincomingdatarapidlytotheoutgoingports. Becausethetimingdelaysareshorter,youcanhaveuptotwoClassIIhubsonthepath betweentwonetworknodes,butallthesegmentsmustusethesamesignalingtype.This meansaClassIIhubcansupporteither100Base-TXand100Base-FXtogetheror 100Base-T4alone. Additionalsegmentlengthrestrictionsarealsobasedonthecombinationofsegments andhubsusedonthenetwork.Themorecomplexthenetworkconfigurationgets,the shorteritsmaximumcollisiondomaindiametercanbe.Table11-2summarizesthese restrictions. Table11-2100BaseEthernetMultisegmentConfigurationGuidelines NotethatanetworkconfigurationthatusestwoClassIIhubsactuallyusedthree lengthsofcabletoestablishthelongestconnectionbetweentwonodes:twocablesto connectthenodestotheirrespectivehubsandonecabletoconnectthetwohubs.For example,theassumptionofthestandardisthattheadditional5metersaddedtothelength limitforanall-coppernetworkwillaccountforthecableconnectingthetwohubs,as showninFigure11-1.Butinpractice,thethreecablescanbeofanylengthaslongastheir totallengthdoesnotexceed205meters. Figure11-1Thecablesegmentsinanetworkwithtwohubscanbeofanylength,aslongasyouobservethemaximum collisiondomaindiameter. Whattheserestrictionsmeanto100Base-FXnetworksisthattheonlyfibersegment thatcanbe412meterslongisonethatdirectlyconnectstwocomputers.Onceyouadda hubtothenetwork,thetotaldistancebetweencomputersdropsdrastically.Thislargely negatesoneofthemajorbenefitsofusingfiber-opticcable.Yousawearlierinthischapter thattheoriginalEthernetstandardsallowforfiber-opticsegmentsupto2kilometers (2,000meters)long.Theclosertolerancesofthecollision-detectionmechanismona 100BaseEthernetnetworkmakeitimpossibletoduplicatethecollisiondomaindiameter ofstandardslike10Base-FL.Consideringthatotherhigh-speedprotocolssuchasFDDI usethesametypeofcableandcansupportdistancesupto200kilometers,100Base Ethernetmightnotbetheoptimalfiber-opticsolution,unlessyouusethefull-duplex optiontoincreasethesegmentlength. 100BaseEthernetTimingCalculations AswiththeoriginalEthernetstandards,thecablingguidelinesintheprevioussectionsare nomorethanrulesofthumbthatprovidegeneralsizelimitationsfora100BaseEthernet network.Makingmoreprecisecalculationstodetermineifyournetworkisfullycompliant withthespecificationsisalsopossible.For100BaseEthernet,thesecalculationsconsist onlyofdeterminingtheround-tripdelaytimeforthenetwork.Nointerframegap shrinkagecalculationexistsfor100BaseEthernetbecausethelimitednumberofrepeaters permittedonthenetworkallbuteliminatesthisasapossibleproblem. CalculatingtheRound-TripDelayTimeTheprocessofcalculatingtheround-trip delaytimebeginswithdeterminingtheworst-casepaththroughyournetwork,justasin thecalculationsfor10BaseEthernetnetworks.Asbefore,ifyouhavedifferenttypesof cablesegmentsonyournetwork,youmayhavemorethanonepathtocalculate.Thereis noneedtoperformseparatecalculationsforeachdirectionofacomplexpath,however, becausetheformulamakesnodistinctionbetweentheorderofthesegments. Theround-tripdelaytimeconsistsofadelaypermetermeasurementforthespecific typeofcableyournetworkuses,plusanadditionaldelayconstantforeachnodeand repeateronthepath.Table11-3liststhedelayfactorsforthevariousnetworkcomponents. Table11-3DelayTimesfor100BaseEthernetNetworkComponents Tocalculatetheround-tripdelaytimefortheworst-casepaththroughyournetwork, youmultiplythelengthsofyourvariouscablesegmentsbythedelayfactorslistedinthe tableandaddthemtogether,alongwiththeappropriatefactorsforthenodesandhubsand asafetybufferof4bittimes.Ifthetotalislessthan512,thepathiscompliantwiththe 100BaseEthernetspecification.Thus,thecalculationsforthenetworkshowninFigure 11-2wouldbeasfollows: (150meters×1.112bittimes/meter)+100bittimes+(2×92bittimes)+4bittimes=454.8bittimes Figure11-2Thisworst-casepathiscompliantwiththeround-tripdelaytimelimitationsdefinedintheEthernet standard. So,150metersofCategory5cablemultipliedbyadelayfactorof1.112bittimesper meteryieldsadelayof166.8bittimes,plus100bittimesfortwo100Base-TXnodes,two hubsat92bittimeseach,andanextra4forsafetyyieldsatotalround-tripdelaytimeof 454.8bittimes,whichiswellwithinthe512limit. NOTEAswiththecalculationsfor10BaseEthernetnetworks,youmaybe abletoavoidhavingtomeasureyourcablesegmentsbyusingthe maximumpermittedsegmentlengthinyourcalculations.Onlyifthe resultofthiscalculationexceedsthespecificationdoyouhaveto considertheactuallengthsofyourcables. Autonegotiation Mostoftoday’sEthernetadapterssupportmultiplespeedsanduseanautonegotiation systemthatenablesamultispeeddevicetosensethecapabilitiesofthenetworktowhichit isconnectedandtoadjustitsspeedaccordingly.Theautonegotiationmechanismin 100BaseEthernetisbasedon100Baselinkpulse(FLP)signals,whicharethemselvesa variationonthenormallinkpulse(NLP)signalsusedbytheold10Base-Tand10Base-FL networks. StandardEthernetnetworksuseNLPsignalstoverifytheintegrityofalinkbetween twodevices.MostEthernethubsandnetworkinterfaceadaptershavealink-pulseLED thatlightswhenthedeviceisconnectedtoanotheractivedevice.Forexample,whenyou takeaUTPcablethatisconnectedtoahubandplugitintoacomputer’sNICandturnthe computeron,theLEDsonboththeNICandthehubporttowhichit’sconnectedshould light.ThisistheresultofthetwodevicestransmittingNLPsignalstoeachother.When eachdevicereceivestheNLPsignalsfromtheotherdevice,itlightsthelink-pulseLED.If thenetworkiswiredincorrectly,becauseofacablefaultorimproperuseofacrossover cableorhubuplinkport,theLEDswillnotlight.Thesesignalsdonotinterferewithdata communicationsbecausethedevicestransmitthemonlywhenthenetworkisidle. NOTEThelink-pulseLEDindicatesonlythatthenetworkiswiredcorrectly, notthatit’scapableofcarryingdata.Ifyouusethewrongcableforthe protocol,youwillstillexperiencenetworkcommunicationproblems, eventhoughthedevicespassedthelinkintegritytest. 100BaseEthernetdevicescapableoftransmittingatmultiplespeedselaborateonthis techniquebytransmittingFLPsignalsinsteadofNLPsignals.FLPsignalsincludea16-bit datapacketwithinaburstoflinkpulses,producingwhatiscalledanFLPburst.Thedata packetcontainsalinkcodeword(LCW)withtwofields:theselectorfieldandthe technologyabilityfield.Together,thesefieldsidentifythecapabilitiesofthetransmitting device,suchasitsmaximumspeedandwhetheritiscapableoffull-duplex communications. BecausetheFLPbursthasthesameduration(2nanoseconds)andinterval(16.8 nanoseconds)asanNLPburst,astandardEthernetsystemcansimplyignoretheLCWand treatthetransmissionasanormallinkintegritytest.Whenitrespondstothesender,the multiple-speedsystemsetsitselftooperateat10Base-Tspeed,usingatechniquecalled paralleldetection.Thissamemethodappliesalsoto100BaseEthernetdevicesincapable ofmultiplespeeds. Whentwo100BaseEthernetdevicescapableofoperatingatmultiplespeeds autonegotiate,theydeterminethebestperformanceleveltheyhaveincommonand configurethemselvesaccordingly.Thesystemsusethefollowinglistofprioritieswhen comparingtheircapabilities,withfull-duplex1000Base-Tprovidingthebestperformance andhalf-duplex10Base-Tprovidingtheworst: •1000Base-T(full-duplex) •1000Base-T •100Base-TX(full-duplex) •100Base-T4 •100Base-TX •10Base-T(full-duplex) •10Base-T NOTEFLPsignalsaccountonlyforthecapabilitiesofthedevicesgenerating them,nottheconnectingcable.Ifyouconnectadual-speed100Base-TX computerwitha100Base-TXhubusingaCategory3cablenetwork, autonegotiationwillstillconfigurethedevicestooperateat100Mbps, eventhoughthecablecan’tsupporttransmissionsatthisspeed. Thebenefitofautonegotiationisthatitpermitsadministratorstoupgradeanetwork graduallyto100BaseEthernetwithaminimumofreconfiguration.If,forexample,you have10/100dual-speedNICsinallyourworkstations,youcanrunthenetworkat10 Mbpsusing10Base-Thubs.Later,youcansimplyreplacethehubswithmodels supporting100BaseEthernet,andtheNICswillautomaticallyreconfigurethemselvesto operateatthehigherspeedduringthenextsystemreboot.Nomanualconfigurationatthe workstationisnecessary. GigabitEthernet When100MbpsnetworkingtechnologieslikeFDDIwerefirstintroduced,most horizontalnetworksused10MbpsEthernet.Thesenewprotocolswereusedprimarilyon backbones.Nowthat100Baseand1000BaseEthernethavetakenoverthehorizontal networkmarket,a100Mbpsbackboneis,inmanycases,insufficienttosupportthe connectionsbetweenswitchesthathavetoaccommodatemultiple100BaseEthernet networks.GigabitEthernetwasdevelopedtobethenextgenerationofEthernetnetwork, runningat1Gbps(1,000Mbps),tentimesthespeedof100BaseEthernet. GigabitEthernetusesthesameframeformat,framesize,andmediaaccesscontrol methodaswasstandardin10MbpsEthernet.100BaseEthernetovertookFDDIasthe dominant100Mbpssolutionbecauseitpreventednetworkadministratorsfromhavingto useadifferentprotocolonthebackbone.Inthesameway,GigabitEthernetprevents administratorsfromhavingtouseadifferentprotocolfortheirbackbones. ConnectinganATMorFDDInetworktoanEthernetnetworkrequiresthatthedatabe convertedatthenetworklayerfromoneframeformattoanother.ConnectingtwoEthernet networks,evenwhenthey’rerunningatdifferentspeeds,isadatalinklayeroperation becausetheframesremainunchanged.Inaddition,usingEthernetthroughoutyour networkeliminatestheneedtotrainadministratorstoworkwithanewprotocoland purchasenewtestinganddiagnosticequipment.Thebottomlineisthatinmostcasesitis possibletoupgradea100BaseEthernetbackbonetoGigabitEthernetwithoutcompletely replacinghubs,switches,andcables.Thisisnottosay,however,thatsomehardware upgradeswillnotbenecessary.Hubsandswitcheswillneedmodulessupportingthe protocol,andnetworkingmonitoringandtestingproductsmayalsohavetobeupgradedto supportthefasterspeed. GigabitEthernetArchitecture GigabitEthernetwasfirstdefinedinthe802.3zsupplementtothe802.3standard,which waspublishedinJune1998.The802.3zdefinedanetworkrunningat1,000Mbpsin eitherhalf-duplexorfull-duplexmode,overavarietyofnetworkmedia.Theframeused toencapsulatethepacketsisidenticaltothatof802.3Ethernet,andtheprotocol(inhalfduplexmode)usesthesameCarrierSenseMultipleAccesswithCollisionDetection (CSMA/CD)MACmechanismastheotherEthernetincarnations. Aswith10Baseand100BaseEthernet,theGigabitEthernetstandardcontainsboth physicalanddatalinklayerelements,asshowninFigure11-3.Thedatalinklayer consistsofthelogicallinkcontrol(LLC)andmediaaccesscontrol(MAC)sublayersthat arecommontoalloftheIEEE802protocols.TheLLCsublayerisidenticaltothatused bytheotherEthernetstandards,asdefinedintheIEEE802.2document.Theunderlying conceptoftheMACsublayer,theCSMA/CDmechanism,isfundamentallythesameas onastandardEthernetor100BaseEthernetnetworkbutwithafewchangesintheway thatit’simplemented. Figure11-3TheGigabitEthernetprotocolarchitecture MediaAccessControl GigabitEthernetisdesignedtosupportfull-duplexoperationasitsprimarysignaling mode.Asmentionedearlier,whensystemscantransmitandreceivedatasimultaneously, thereisnoneedforamediaaccesscontrolmechanismlikeCSMA/CD.However,some modificationsarerequiredforsystemsona1000Base-Xnetworktooperateinhalf-duplex mode.Ethernet’scollision-detectionmechanismworksproperlyonlywhencollisionsare detectedwhileapacketisstillbeingtransmitted.Oncethesourcesystemfinishes transmittingapacket,thedataispurgedfromitsbuffers,anditisnolongerpossibleto retransmitthatpacketintheeventofacollision. Whenthespeedatwhichsystemstransmitdataincreases,theround-tripsignaldelay timeduringwhichacollisioncanbedetecteddecreases.When100BaseEthernet increasedthespeedofanEthernetnetworkbytentimes,thestandardcompensatedby reducingthemaximumdiameterofthenetwork.Thisenabledtheprotocoltousethesame 64-byteminimumpacketsizeastheoriginalEthernetstandardandstillbeabletodetect collisionseffectively. GigabitEthernetincreasesthetransmissionspeedanothertentimes,butreducingthe maximumdiameterofthenetworkagainwasimpracticalbecauseitwouldresultin networksnolongerthan20metersorso.Asaresult,the802.3zsupplementincreasesthe sizeoftheCSMA/CDcarriersignalfrom64bytesto512bytes.Thismeansthatwhilethe 64-byteminimumpacketsizeisretained,theMACsublayerofaGigabitEthernetsystem appendsacarrierextensionsignaltosmallpacketsthatpadsthemoutto512bytes.This ensuresthattheminimumtimerequiredtotransmiteachpacketissufficientforthe collision-detectionmechanismtooperateproperly,evenonanetworkwiththesame diameteras100BaseEthernet. ThecarrierextensionbitsareaddedtotheEthernetframeaftertheframecheck sequence(FCS),sothatwhiletheyareavalidpartoftheframeforcollision-detection purposes,thecarrierextensionbitsarestrippedawayatthedestinationsystembeforethe FCSiscomputed,andtheresultsarecomparedwiththevalueinthepacket.Thispadding, however,cangreatlyreducetheefficiencyofthenetwork.Asmallpacketmayconsistof upto448bytesofpadding(512minus64),theresultofwhichisathroughputonly slightlygreaterthan100BaseEthernet.Toaddressthisproblem,802.3zintroducesa packet-burstingcapabilityalongwiththecarrierextension.Packetburstingworksby transmittingseveralpacketsbacktobackuntila1,500-bytebursttimerisreached.This compensatesforthelossincurredbythecarrierextensionbitsandbringsthenetworkback uptospeed. WhenGigabitEthernetisusedforbackbonenetworks,full-duplexconnections betweenswitchesandserversarethemorepracticalchoice.Theadditionalexpenditurein equipmentisminimal,andasidefromeliminatingthiscollision-detectionproblem,it increasesthetheoreticalthroughputofthenetworkto2Gbps. TheGigabitMedia-IndependentInterface Theinterfacebetweenthedatalinkandphysicallayers,calledthegigabitmediumindependentinterface(GMII),enablesanyofthephysicallayerstandardstousetheMAC andLLCsublayers.TheGMIIisanextensionofthemedium-independentinterfacein 100BaseEthernet,whichsupportstransmissionspeedsof10,100,and1,000Mbpsand hasseparate8-bittransmitandreceivedatapaths,forfull-duplexcommunication.The GMIIalsoincludestwosignalsthatarereadablebytheMACsublayer,calledcarrier senseandcollisiondetect.Oneofthesignalsspecifiesthatacarrierispresent,andthe otherspecifiesthatacollisioniscurrentlyoccurring.Thesesignalsarecarriedtothedata linklayerbywayofthereconciliationsublayerlocatedbetweentheGMIIandtheMAC sublayer. TheGMIIisbrokenintothreesublayersofitsown,whichareasfollows: •Physicalcodingsublayer(PCS) •Physicalmediumattachment(PMA) •Physicalmedium-dependent(PMD) Thefollowingsectionsdiscussthefunctionsofthesesublayers. ThePhysicalCodingSublayer Thephysicalcodingsublayerisresponsibleforencodinganddecodingthesignalsonthe waytoandfromthePMA.Thephysicallayeroptionsdefinedinthe802.3zdocumentall usethe8B/10Bcodingsystem,whichwasadoptedfromtheANSIFibreChannel standards.Inthissystem,each8-bitdatasymbolisrepresentedbya10-bitcode.Thereare alsocodesthatrepresentcontrolsymbols,suchasthoseusedintheMACcarrierextension mechanism.Eachcodeisformedbybreakingdownthe8databitsintotwogroups consistingofthe3mostsignificantbits(y)andthe5remainingbits(x).Thecodeisthen namedusingthefollowingnotation:/Dx,y/,wherexandyequalthedecimalvaluesofthe twogroups.Thecontrolcodesarenamedthesameway,exceptthattheletterDisreplaced byaK:/Kx,y/. Theideabehindthistypeofcodingistominimizetheoccurrenceofconsecutivezeros andones,whichmakeitdifficultforsystemstosynchronizetheirclocks.Tohelpdothis, eachofthecodegroupsmustbecomposedofoneofthefollowing: •Fivezerosandfiveones •Sixzerosandfourones •Fourzerosandsixones NOTEThe1000Base-Tphysicallayeroptiondoesnotusethe8B/10Bcoding system.See“1000Base-T”laterinthischapterformoreinformation. ThePCSisalsoresponsibleforgeneratingthecarriersenseandcollision-detect signalsandformanagingtheautonegotiationprocessusedtodeterminewhatspeedthe networkinterfacecardshoulduse(10,100,or1,000Mbps)andwhetheritshouldrunin half-duplexorfull-duplexmode. ThePhysicalMediumAttachmentSublayer Thephysicalmediumattachmentsublayerisresponsibleforconvertingthecodegroups generatedbythePCSintoaserializedformthatcanbetransmittedoverthenetwork mediumandforconvertingtheserialbitstreamarrivingoverthenetworkintocode groupsforusebytheupperlayers. ThePhysicalMedium-DependentSublayer Thephysicalmedium-dependentsublayerprovidestheinterfacebetweenthecoded signalsgeneratedbythePCSandtheactualphysicalnetworkmedium.Thisiswherethe actualopticalorelectricsignalsthataretransmittedoverthecablearegeneratedand passedontothecablethroughthemedium-dependentinterface(MDI). ThePhysicalLayer Collectivelycalled1000Base-X,therewerethreephysicallayeroptionsforGigabit Ethernetdefinedintheoriginal802.3zdocument,twoforfiber-opticcableandonefor copper.Thesethreephysicallayeroptionsin802.3zwereadoptedfromtheANSIX3T11 FibreChannelspecifications.Theuseofanexistingstandardforthiscrucialelementof thetechnologyhasgreatlyacceleratedthedevelopmentprocess,bothoftheGigabit Ethernetstandardsandofthehardwareproducts.Ingeneral,1000Base-Xcallsfortheuse ofthesametypesoffiber-opticcablesasFDDIand100Base-FXbutatshorterdistances. ThelongestpossibleGigabitEthernetsegment,usingsingle-modefibercable,is5 kilometers. Intheensuingyears,additionshavebeenmadetotheoriginaldescription,including IEEE802.bj,whichdefinesafour-lane100Gbpsstandardthatoperatesatlengthsuptoat least5metersonlinksconsistentwithcoppertwin-axialcables.TheIEEEisalsoworking onGigabitEthernettooperateoverasingletwisted-paircableforindustrial(and automotive)use(IEEE802.3bp),aswellas40GBase-T(IEEE802.3bq)forfour-pair balancedtwisted-paircableswithtwoconnectionsover30-meterdistances.Thelatter standardisscheduledforimplementationinearly2016. NOTEForitsmultimodecableoptions,the802.3zstandardpioneeredtheuse oflaserlightsourcesathighspeeds.Mostfiber-opticapplicationsuse lasersonlywithsingle-modecable,whilethesignalsonmultimode cablesareproducedbylight-emittingdiodes(LEDs).Thejittereffect, whichwasaproblemwithpreviouseffortstouselaserswithmultimode cable,wasresolvedbyredefiningthepropertiesofthelasertransmitters usedtogeneratethesignals. Unlikestandardand100BaseEthernet,thefiber-opticphysicallayerstandardsfor 1000Base-Xwerenotbasedonthepropertiesofspecificcabletypes,butratheronthe propertiesoftheopticaltransceiversthatgeneratethesignalonthecable.Eachofthe fiber-opticstandardssupportsseveralgradesofcable,usingshort-orlong-wavelength lasertransmitters.Thephysicallayeroptionsfor1000Base-Xaredescribedinthe followingsections. 1000Base-LX 1000Base-LXwasintendedforuseinbackbonesspanningrelativelylongdistances,using longwavelengthlasertransmissionsinthe1,270-to1,355-nanometerrangewitheither multimodefibercablewithinabuildingorsingle-modefiberforlongerlinks,suchas thosebetweenbuildingsonacampusnetwork.Multimodefibercablewithacorediameter of50or62.5micronssupportslinksofupto550meters,while9-micronsingle-mode fibersupportslinksofupto5,000meters(5km).BothfibertypesusestandardSC connectors. 1000Base-SX 1000Base-SXusedshort-wavelengthlasertransmissionsrangingfrom770to860 nanometersandisintendedforuseonshorterbackbonesandhorizontalwiring.This optionismoreeconomicalthan1000Base-LXbecauseitusesonlytherelatively inexpensivemultimodefibercable,inseveralgrades,andthelasersthatproducetheshort wavelengthtransmissionsarethesameasthosecommonlyusedinCDandCD-ROM players.Asofthiswriting,mostofthefiber-opticGigabitEthernetproductsonthemarket supportthe1000Base-SXstandard. 1000Base-T Althoughitwasnotincludedinthe802.3zstandard,oneoftheoriginalgoalsofthe GigabitEthernetdevelopmentteamwasforittorunonstandardCategory5UTPcable andsupportconnectionsupto100meterslong.Thisenablesexisting100BaseEthernet networkstobeupgradedtoGigabitEthernetwithoutpullingnewcableorchangingthe networktopology.1000Base-Twasdefinedinaseparatedocumentcalled802.3ab. Toachievethesehighspeedsovercopper,1000Base-Tmodifiedthewaythatthe protocolusestheUTPcable.Whiledesignedtousethesamecableinstallationsas 100Base-TX,1000Base-Tusesallfourofthewirepairsinthecable,while100Base-TX usesonlytwopairs.Inaddition,allfourpairscancarrysignalsineitherdirection.This effectivelydoublesthethroughputof100Base-TX,butitstilldoesn’tapproachspeedsof 1,000Mbps.However,1000Base-Talsousesadifferentsignalingschemetotransmitdata overthecablethantheother1000Base-Xstandards.Thismakesitpossibleforeachofthe fourwirepairstocarry250Mbps,foratotalof1,000Mbpsor1Gbps.Thissignaling schemeiscalledPulseAmplitudeModulation5(PAM-5). WhiledesignedtorunoverstandardCategory5cable,asdefinedintheTIA/EIA standards,thestandardrecommendsthat1000Base-TnetworksuseatleastCategory5e (orenhancedCategory5)cable.Category5ecableistestedforitsresistancetoreturnloss andequal-levelfar-endcrosstalk(ELFEXT).Aswith100BaseEthernet,1000Base-T NICsandotherequipmentareavailablethatcanrunatmultiplespeeds,either100/1000or 10/100/1000Mbps,tofacilitategradualupgradestoGigabitEthernet.Autonegotiation, optionalin100BaseEthernet,ismandatoryinGigabitEthernet. WhilenetworksthatrunGigabitEthernettothedesktoparenotlikelytobe commonplaceforsometime,itwilleventuallyhappen,ifhistoryisanyindicator. EthernetTroubleshooting TroubleshootinganEthernetnetworkoftenmeansdealingwithaprobleminthephysical layer,suchasafaultycableorconnectionorpossiblyamalfunctioningNICorhub.When anetworkconnectioncompletelyfails,youshouldimmediatelystartexaminingthe cablingandotherhardwareforfaults.Ifyoufindthattheperformanceofthenetworkis degrading,however,orifaproblemisaffectingspecificworkstations,youcansometimes getanideaofwhatisgoingwrongbyexaminingtheEtherneterrorsoccurringonthe network. EthernetErrors ThefollowingaresomeoftheerrorsthatcanoccuronanEthernetnetwork.Someare relativelycommon,whileothersarerare.Detectingtheseerrorsusuallyrequiresspecial toolsdesignedtoanalyzenetworktraffic.Mostsoftwareapplicationscandetectsomeof theseconditions,suchasthenumberofearlycollisionsandFCSerrors.Others,suchas latecollisions,aremuchmoredifficulttodetectandmayrequirehigh-endsoftwareor hardwaretoolstodiagnose. •EarlycollisionsStrictlyspeaking,anearlycollisionisnotanerrorbecause collisionsoccurnormallyonanEthernetnetwork.Buttoomanycollisions(more thanapproximately5percentofthetotalpackets)isasignthatnetworktrafficis approachingcriticallevels.Itisagoodideatokeeparecordofthenumberof collisionsoccurringonthenetworkatregularintervals(suchasweekly).Ifyou noticeamarkedincreaseinthenumberofcollisions,youmightconsidertryingto decreasetheamountoftraffic,eitherbysplittingthenetworkintotwocollision domainsorbymovingsomeofthenodestoanothernetwork. •LatecollisionsLatecollisionsarealwaysacauseforconcernandare difficulttodetect.Theyusuallyindicatethatdataistakingtoolongtotraversethe network,eitherbecausethecablesegmentsaretoolongorbecausetherearetoo manyrepeaters.ANICwithamalfunctioningcarriersensemechanismcouldalso beatfault.Networkanalyzerproductsthatcantracklatecollisionscanbe extremelyexpensive,butarewellworththeinvestmentforalargeenterprise network.Becauselatecollisionsforcelostpacketstoberetransmittedbyhigherlayerprotocols,youcansometimesdetectatrendofnetworklayer retransmissions(bytheIPprotocol,forexample)causedbylatecollisions,usinga basicprotocolanalyzersuchasNetworkMonitor. •RuntsAruntisapacketlessthan64byteslong,causedeitherbya malfunctioningNICorhubportorbyanodethatceasestransmittinginthe middleofapacketbecauseofadetectedcollision.Acertainnumberofrunt packetsoccurnaturallyasaresultofnormalcollisions,butaconditionwhere moreruntsoccurthancollisionsindicatesafaultyhardwaredevice. •GiantsAgiantisapacketthatislargerthantheEthernetmaximumof1,518 bytes.TheproblemisusuallycausedbyaNICthatisjabbering,ortransmitting improperlyorcontinuously,or(lesslikely)bythecorruptionoftheheader’s lengthindicatorduringtransmission.Giantsneveroccurnormally.Theyarean indicationofamalfunctioninghardwaredeviceoracablefault. •AlignmenterrorsApacketthatcontainsapartialbyte(thatis,apacket withasizeinbitsthatisnotamultipleof8)issaidtobemisaligned.Thiscanbe theresultofanerrorintheformationofthepacket(intheoriginatingNIC)or evidenceofcorruptionoccurringduringthepacket’stransmission.Most misalignedpacketsalsohaveCRCerrors. •CRCerrorsApacketinwhichtheframechecksequencegeneratedatthe transmittingnodedoesnotequalthevaluecomputedatthedestinationissaidto haveexperiencedaCRCerror.Theproblemcanbecausedbydatacorruption occurringduringtransmission(becauseofafaultycableorotherconnecting device)orconceivablybyamalfunctionintheFCScomputationmechanismin eitherthesendingorreceivingnode. •BroadcaststormsWhenamalformedbroadcasttransmissioncausesthe othernodesonthenetworktogeneratetheirownbroadcastsforatotaltrafficrate of126packetspersecondormore,theresultisaself-sustainingconditionknown asabroadcaststorm.Becausebroadcasttransmissionsareprocessedbeforeother frames,thestormeffectivelypreventsanyotherdatafrombeingsuccessfully transmitted. IsolatingtheProblem WheneveryouexceedanyoftheEthernetspecifications(orthespecificationsforany protocol,forthatmatter),theplacewhereyou’repushingtheenvelopeshouldbethefirst placeyoucheckwhenaproblemarises.Ifyouhaveexceededthemaximumlengthfora segment,forexample,trytoeliminatesomeoftheexcesslengthtoseewhetherthe problemcontinues.OnathinEthernetnetwork,thisusuallymeanscross-cablingto eliminatesomeoftheworkstationsfromthesegment.OnaUTPnetwork,connectthe samecomputertothesamehubportusingashortercablerun.Ifyouhavetoomany workstationsrunningonacoaxialbus(thickorthinEthernet),youcandeterminewhether overpopulationistheproblemsimplybyshuttingdownsomeofthemachines. EncounteringexcessiverepeatersonaUTPnetworkisaconditionthatyoucantestfor bycheckingtoseewhetherproblemsoccurmoreoftenonpathswithalargernumberof hubs.Youcanalsotrytocross-cablethehubstoeliminatesomeofthemfromaparticular path.Thisisrelativelyeasytodoinanenvironmentinwhichallthehubsarelocatedin thesamewiringclosetordatacenter,butifthehubsarescatteredalloverthesite,you mayhavetodisconnectsomeofthehubstemporarilytoreducethesizeofthecollision domaintoperformyourtests.Thesameistrueofacoaxialnetworkonwhichtheprimary functionoftherepeatersistoextendthecollisiondomaindiameter.Youmayhaveto disconnectthecablefromeachoftherepeatersinturn(rememberingtoterminatethebus properlyeachtime)toisolatetheproblem. Reducingthesizeofthecollisiondomainisalsoagoodwaytonarrowdownthe locationofacablefault.InaUTPnetwork,thestartopologymeansthatacablebreakwill affectonlyonesystem.Onacoaxialnetworkusingabustopology,however,asingle cablefaultcanbringdowntheentirenetwork.Onamultisegmentnetwork,terminating thebusateachrepeaterinturncantellyouwhichsegmenthasthefault. Abetter,albeitmoreexpensive,methodforlocatingcableproblemsistousea multifunctioncabletester.Thesedevicescanpinpointtheexactlocationofmanydifferent typesofcablefaults. NOTEOnceyoulocateamalfunctioningcable,it’sagoodideatodisposeof itimmediately.Leavingabadcablelyingaroundcanresultinsomeone elsetryingtouseitandthustheneedforanothertroubleshootingsession. 100VG-AnyLAN 100VG-AnyLANisa100Mbpsdesktopnetworkingprotocolthatisusuallygroupedwith 100BaseEthernetbecausethetwowerecreatedatthesametimeandbrieflycompetedfor thesamemarket.However,thisprotocolcannotstrictlybecalledanEthernetvariant becauseitdoesnotusetheCSMA/CDmediaaccesscontrolmechanism. 100VG-AnyLANisdefinedintheIEEE802.12specification,whilealloftheEthernet variantsaredocumentedbythe802.3workinggroup.OriginallytoutedbyHewlettPackardandAT&Tasa100MbpsUTPnetworkingsolutionthatissuperiorto100Base Ethernet,themarkethasnotupheldthatbelief.Whileafew100VGproductsarestill available,100BaseEthernethasclearlybecomethedominant100Mbpsnetworking technology. Aswith100BaseEthernet,theintentionbehindthe100VGstandardistouseexisting 10Base-Tcableinstallationsandtoprovideaclear,gradualupgradepathtothe100Base technology.Originallyintendedtosupportallthesamephysicallayeroptionsas100Base Ethernet,onlythefirst100VGcablingoptionhasactuallymaterialized,usingallfourwire pairsinaUTPcableratedCategory3orbetter.Themaximumcablesegmentlengthis100 metersforCategory3and4cablesandis200metersforCategory5.Upto1,024nodes arepermittedonasingle-collisiondomain.100VG-AnyLANusesatechniquecalled quartetsignalingtousethefourwirepairsinthecable. 100VGusesthesameframeformataseither802.3Ethernetor802.5TokenRing, makingitpossibleforthetraffictocoexistonanetworkwiththeseotherprotocols.Thisis anessentialpointthatprovidesaclearupgradepathfromtheolder,slowertechnologies. Aswith100BaseEthernet,dual-speedNICsareavailabletomakeitpossibletoperform upgradesgradually,onecomponentatatime. A10Base-T/100VG-AnyLANNIC,however,wasasubstantiallymorecomplex devicethana10/100100BaseEthernetcard.Whilethesimilaritybetweenstandardand 100BaseEthernetenablestheadaptertousemanyofthesamecomponentsforboth protocols,100VGissufficientlydifferentfrom10Base-Ttoforcethedevicetobe essentiallytwonetworkinterfaceadaptersonasinglecard,whichsharelittleelsebutthe cableandbusconnectors.This,andtherelativelackofacceptancefor100VG-AnyLAN, hasledthepricesofthehardwaretobesubstantiallyhigherthanthosefor100Base Ethernet. Theoneareainwhich100VG-AnyLANdiffersmostsubstantiallyfromEthernetisin itsmediaaccesscontrolmechanism.100VGnetworksuseatechniquecalleddemand priority,whicheliminatesthenormallyoccurringcollisionsfromthenetworkandalso providesameanstodifferentiatebetweennormalandhigh-prioritytraffic.The introductionofprioritylevelsisintendedtosupportapplicationsthatrequireconsistent streamsofhighbandwidth,suchasreal-timeaudioandvideo. The100VG-AnyLANspecificationsubdividesitsfunctionalityintoseveralsublayers. LiketheotherIEEE802standards,theLLCsublayerisatthetopofanode’sdatalink layer’sfunctionality,followedbytheMACsublayer.Onarepeater(hub),therepeater mediaaccesscontrol(RMAC)sublayerisdirectlybelowtheLLC.BeneaththeMACor RMACsublayer,thespecificationcallsforaphysicalmedium–independent(PMI) sublayer,amedium-independentinterface,andaphysicalmedium–dependentsublayer. Finally,themedium-dependentinterfaceprovidestheactualconnectiontothenetwork medium.Thefollowingsectionsexaminetheactivitiesateachoftheselayers. TheLogicalLinkControlSublayer TheLLCsublayerfunctionalityisdefinedbytheIEEE802.2standardandisthesameas thatusedwith802.3(Ethernet)and802.5(TokenRing)networks. TheMACandRMACSublayers 100VG’sdemand-prioritymechanismreplacestheCSMA/CDmechanisminEthernetand 100BaseEthernetnetworks.UnlikemostotherMACmechanisms,accesstothemedium onademand-prioritynetworkiscontrolledbythehub.Eachnodeonthenetwork,inits defaultstate,transmitsanIdle_Upsignaltoitshub,indicatingthatitisavailabletoreceive data.Whenanodehasdatatotransmit,itsendseitheraRequest_Normalsignalora Request_Highsignaltothehub.Thesignalthenodeusesforeachpacketisdeterminedby theupper-layerprotocols,whichassignprioritiesbasedontheapplicationgeneratingthe data. Thehubcontinuouslyscansallofitsportsinaround-robinfashion,waitingtoreceive requestsignalsfromthenodes.Aftereachscan,thehubselectsthenodewiththelowest portnumberthathasahigh-priorityrequestpendingandsendsittheGrantsignal,which isthepermissionforthenodetotransmit.AftersendingtheGrantsignaltotheselected node,thehubsendstheIncomingsignaltoalloftheotherports,whichinformsthenodes ofapossibletransmission.Aseachnodereceivestheincomingsignal,itstopstransmitting requestsandawaitstheincomingtransmission. Whenthehubreceivesthepacketfromthesendingnode,itreadsthedestination addressfromtheframeheaderandsendsthepacketouttheappropriateport.Alltheother portsreceivetheIdle_Downsignal.Afterreceivingeitherthedatapacketorthe Idle_Downsignal,thenodesreturntotheiroriginalstateandbegintransmittingeithera requestoranIdle_Upsignal.Thehubthenprocessesthenexthigh-priorityrequest.When allthehigh-priorityrequestshavebeensatisfied,thehubthenpermitsthenodesto transmitnormal-prioritytraffic,inportnumberorder. NOTEBydefault,a100VGhubtransmitsincomingpacketsoutonlytothe port(orports)identifiedinthepacket’sdestinationaddress.Thisis knownasoperatinginprivatemode.Configuringspecificnodesto operateinpromiscuousmodeispossible,however,inwhichcasethey receiveeverypackettransmittedoverthenetwork. Theprocessingofhigh-priorityrequestsfirstenablesapplicationsthatrequiretimely accesstothenetworktoreceiveit,butamechanismalsoexiststoprotectnormal-priority trafficfromexcessivedelays.Ifthetimeneededtoprocessanormal-priorityrequest exceedsaspecifiedinterval,therequestisupgradedtohighpriority. Onanetworkwithmultiplehubs,oneroothubalwaysexists,towhichalltheothers areultimatelyconnected.Whentheroothubreceivesarequestthroughaporttowhich anotherhubisconnected,itenablesthesubordinatehubtoperformitsownportscanand processonerequestfromeachofitsownports.Inthisway,permissiontoaccessthe mediaispropagateddownthenetworktree,andallnodeshaveanequalopportunityto transmit. MACFramePreparation Inadditiontocontrollingaccesstothenetworkmedium,theMACsublayerassemblesthe packetframefortransmissionacrossthenetwork.Fourpossibletypesofframesexistona 100VG-AnyLANnetwork: •802.3 •802.5 •Void •Linktraining 802.3and802.5Frames100VG-AnyLANiscapableofusingeither802.3(Ethernet)or 802.5(TokenRing)framessothatthe100VGprotocolcancoexistwiththeothernetwork typesduringagradualdeploymentprocess.Usingbothframetypesatonceisimpossible, however.Youmustconfigureallthehubsonthenetworktouseoneortheotherframe type. All100VGframesareencapsulatedwithinaStartofStreamfieldandanEndof Streamfieldbythephysicalmedium–independentsublayer,whichinformsthePMI sublayeronthereceivingstationwhenapacketisbeingsentandwhenthetransmissionis completed.Insidethesefields,the802.3and802.5framesusethesameformatsdefinedin theirrespectivespecifications. TheMACsublayersuppliesthesystem’sownhardwareaddressforeachpacket’s sourceaddressfieldandalsoperformstheCRCcalculationsforthepacket,storingthem intheFCSfield. Onincomingpackets,theMACsublayerperformstheCRCcalculationsand comparestheresultswiththecontentsoftheFCSfield.Ifthepacketpassestheframe check,theMACsublayerstripsoffthetwoaddressesandtheFCSfieldsandpassesthe remainingdatatothenextlayer. VoidFramesVoidframesaregeneratedbyrepeatersonlywhenanodefailstotransmita packetwithinagiventimeperiodaftertherepeaterhasacknowledgedit. LinkTrainingFramesEverytimeanodeisrestartedorreconnectedtothenetwork,it initiatesalinktrainingprocedurewithitshubbytransmittingaseriesofspecializedlink trainingpackets.Thisprocedureservesseveralpurposes,asfollows: •ConnectiontestingForanodetoconnecttothenetwork,itmustexchange 24consecutivetrainingpacketswiththehubwithoutcorruptionorloss.This ensuresthatthephysicalconnectionisviableandthattheNICandhubportare functioningproperly. •PortconfigurationThedatainthetrainingpacketsspecifieswhetherthe nodewilluse802.3or802.5frames,whetheritwilloperateinprivateor promiscuousmode,andwhetheritisanendnode(computer)orarepeater(hub). •AddressregistrationThehubreadsthenode’shardwareaddressfromthe trainingpacketsandaddsittothetableitmaintainsofalltheconnectednodes’ addresses. Trainingpacketscontain2-byterequestedconfigurationandallowedconfiguration fieldsthatenablenodesandrepeaterstonegotiatetheportconfigurationsettingsforthe connection.Thetrainingpacketsthenodegeneratescontainitssettingsintherequested configurationfieldandnothingintheallowedconfigurationfield.Therepeater,on receivingthepackets,addsthesettingsitcanprovidetotheallowedconfigurationfield andtransmitsthepacketstothenode. Thepacketsalsocontainbetween594and675bytesofpaddinginthedatafieldto ensurethattheconnectionbetweenthenodeandtherepeaterisfunctioningproperlyand cantransmitdatawithouterror. ThePhysicalMedium–IndependentSublayer Asthenameimplies,thephysicalmedium–independentsublayerperformsthesame functionsforall100VGpackets,regardlessofthenetworkmedium.WhenthePMI sublayerreceivesaframefromtheMACsublayer,itpreparesthedatafortransmission usingatechniquecalledquartetsignaling.Thequartetreferstothefourpairsofwiresina UTPcable,allofwhichtheprotocolusestotransmiteachpacket.Quartetsignaling includesfourseparateprocesses,asfollows: 1.Eachpacketisdividedintoasequenceof5-bitsegments(calledquintets)and assignedsequentiallytofourchannelsthatrepresentthefourwirepairs.Thus,the first,fifth,andninthquintetswillbetransmittedoverthefirstpair;thesecond, sixth,andtenthoverthesecondpair;andsoon. 2.Thequintetsarescrambledusingadifferentalgorithmforeachchannelto randomizethebitpatternsforeachpairandeliminatestringsofbitswithequal values.Scramblingthedatainthiswayminimizestheamountofinterferenceand crosstalkonthecable. 3.Thescrambledquintetsareconvertedtosextets(6-bitunits)usingaprocess called5B6Bencoding,whichreliesonapredefinedtableofequivalent5-bitand 6-bitvalues.Becausethesextetscontainanequalnumberofzerosandones,the voltageonthecableremainsevenanderrors(whichtaketheformofmorethan threeconsecutivezerosorones)aremoreeasilydetected.Theregularvoltage transitionsalsoenablethecommunicatingstationstosynchronizetheirclocks moreaccurately. 4.Finally,thepreamble,StartofFramefield,andEndofFramefieldareadded totheencodedsextets,and,ifnecessary,paddingisaddedtothedatafieldtobring ituptotheminimumlength. TheMedium-IndependentInterfaceSublayer Themedium-independentinterfacesublayerisalogicalconnectionbetweenthePMIand PMDlayers.Aswith100BaseEthernet,theMIIcanalsotaketheformofaphysical hardwareelementthatfunctionsasaunifiedinterfacetoanyofthemediasupportedby 100VG-AnyLAN. ThePhysicalMedium–DependentSublayer Thephysicalmedium–dependentsublayerisresponsibleforgeneratingtheactual electricalsignalstransmittedoverthenetworkcable.Thisincludesthefollowing functions: •LinkstatuscontrolsignalgenerationNodesandrepeatersexchangelink statusinformationusingcontroltonestransmittedoverallfourwirepairsinfullduplexmode(twopairstransmittingandtwopairsreceiving).Normaldata transmissionsaretransmittedinhalf-duplexmode. •DatastreamsignalconditioningThePMDsublayerusesasystemcalled nonreturntozero(NRZ)encodingtogeneratethesignalstransmittedoverthe cable.NRZminimizestheeffectsofcrosstalkandexternalnoisethatcandamage packetsduringtransmission. •ClockrecoveryNRZencodingtransmits1bitofdataforeveryclockcycle, at30MHzperwirepair,foratotalof120MHz.Becausethe5B6Bencoding schemeuses6bitstocarry5bitsofdata,thenettransmissionrateis100MHz. TheMedium-DependentInterface Themedium-dependentinterfaceistheactualhardwarethatprovidesaccesstothe networkmedium,asrealizedinanetworkinterfacecardorahub. Workingwith100VG-AnyLAN Whencomparedtothesuccessof100BaseEthernetproductsinthemarketplace,100VGAnyLANobviouslyhasnotbeenacceptedasanindustrystandard,butafewnetworksstill useit.Theproblemisnotsomuchoneofperformance,because100VGcertainlyrivals 100BaseEthernetinthatrespect,but,instead,ofmarketingandsupport. Despiteusingthesamephysicallayerspecificationsandframeformats,100VGAnyLANissufficientlydifferentfromEthernettocausehesitationonthepartofnetwork administratorswhohaveinvestedlargeamountsoftimeandmoneyinlearningtosupport CSMA/CDnetworks.Deployinganew100VG-AnyLANwouldnotbeawisebusiness decisionatthispoint,andeventryingtopreserveanexistinginvestmentinthistechnology isadoubtfulcourseofaction. Mixing100VG-AnyLANand100BaseEthernetnodesonthesamecollisiondomainis impossible,butyoucancontinuetouseyourexisting100VGsegmentsandtoaddnew 100BaseEthernetsystemsaslongasyouuseaswitchtocreateaseparatecollision domain.Themostpracticalmethodfordoingthisistoinstallamodularswitchintowhich youcanplugtransceiverssupportingdifferentdatalinklayerprotocols. CHAPTER 12 NetworkingProtocols Althoughthevastmajorityoflocalareanetworks(LANs)useoneoftheEthernetvariants, otherdatalinklayerprotocolsprovidedtheirownuniqueadvantages.Chiefamongthese advantageswastheuseofmediaaccesscontrolmechanisms(MACs)otherthanCarrier SenseMultipleAccesswithCollisionDetection(CSMA/CD).TokenRingandFiber DistributedDataInterface(FDDI)werebothviableLANprotocolsthatapproachedthe problemofsharinganetworkcableinawhollydifferentway. TokenRing TokenRingwasthetraditionalalternativetotheEthernetprotocolatthedatalinklayer. ThesupportersofTokenRingwereand,inmanycasesare,stalwart,andwhileitdidnot everovertakeEthernetinpopularity,itwasfarfrombeingoutoftherace.TokenRingwas originallydevelopedbyIBMandlaterstandardizedintheIEEE802.5document,so,like Ethernet,therewereslightlydivergentprotocolstandards. ThebiggestdifferencebetweenTokenRingandEthernetwasthemediaaccesscontrol mechanism.Totransmititsdata,aworkstationmustbetheholderofthetoken,aspecial packetcirculatedtoeachnodeonthenetworkinturn.Onlythesysteminpossessionofthe tokencantransmit,afterwhichitpassesthetokentothenextsystem.Thiseliminatesall possibilityofcollisionsinaproperlyfunctioningnetwork,aswellastheneedfora collision-detectionmechanism. TheTokenRingPhysicalLayer Asthenameimplies,thenodesonaTokenRingnetworkconnectinaringtopology.This is,inessence,abuswiththetwoendsconnectedtoeachothersothatsystemscanpass datatothenextnodeonthenetworkuntilitarrivesbackatitssource.Thisisexactlyhow theprotocolfunctions:Thesystemthattransmitsapacketisalsoresponsibleforremoving itfromthenetworkafterithastraversedthering. Thisring,however,islogical,notphysical.Thatis,thenetworktoallappearances takestheformofastartopology,withtheworkstationsconnectedtoacentralhubcalleda multistationaccessunit(MAU,orsometimesMSAU).Thelogicalring(sometimescalled acollapsedring)isactuallyafunctionoftheMAU,whichacceptspacketstransmittedby onesystemanddirectsthemouteachsuccessiveportinturn,waitingforthemtoreturn overthesamecablebeforeproceedingtothenextport(seeFigure12-1).Inthis arrangement,therefore,thetransmitandreceivecircuitsineachworkstationareactually separateportsthatjusthappentousethesamecablebecausethesystemalwaystransmits datatothenextdownstreamsystemandreceivesdatafromthenextupstreamsystem. Figure12-1TokenRingnetworksappeartouseastartopology,butdatatravelsintheformofaring. NOTETheMAUisalsoknownasaconcentrator. CableTypes TheoriginalIBMTokenRingimplementationsusedaproprietarycablesystemdesigned byIBM,whichtheyreferredtoasType1,ortheIBMCablingSystem(ICS).Type1wasa 150-ohmshieldedtwisted-pair(STP)cablecontainingtwowirepairs.TheportsofaType 1MAUuseproprietaryconnectorscalledIBMdataconnectors(IDCs)oruniversaldata connectors(UDCs),andthenetworkinterfacecardsusedstandardDB9connectors.A cablewithIDCsateachend,usedtoconnectMAUs,wascalledapatchcable.Acable withoneIDCandoneDB9,usedtoconnectaworkstationtotheMAU,wascalledalobe cable. TheothercablingsystemusedonTokenRingnetworks,calledType3byIBM,used standardunshieldedtwisted-pair(UTP)cable,withCategory5recommended.Like Ethernet,TokenRingusedonlytwoofthewirepairsinthecable,onepairtotransmitdata andonetoreceiveit.Type3cablesystemsalsousedstandardRJ-45connectorsforboth thepatchcablesandthelobecables.ThesignalingsystemusedbyTokenRingnetworks atthephysicallayerisdifferentfromthatofEthernet,however.TokenRinguses DifferentialManchestersignaling,whileEthernetusesManchester. Type3UTPcablinglargelysupplantedType1intheTokenRingworld,mainly becauseitwasmucheasiertoinstall.Type1cablewasthickandrelativelyinflexible whencomparedtoType3,andtheIDCconnectorswerelarge,makinginternalcable installationsdifficult. NOTEThephysicallayerstandardsforTokenRingnetworkswerenotas preciselyspecifiedasthoseforEthernet.Infact,theIEEE802.5standard isquiteabriefdocumentthatcontainsnophysicallayerspecificationsat all.ThecabletypesandwiringstandardsforTokenRingderivedfromthe practicesusedinproductsmanufacturedbyIBM,theoriginaldeveloper andsupporteroftheTokenRingprotocol.Asaresult,productsmadeby othermanufacturersdifferedintheirrecommendationsforphysicallayer elementssuchascablelengthsandthemaximumnumberofworkstations allowedonanetwork. TokenRingNICs ThenetworkinterfacecardsforTokenRingsystemsweresimilartoEthernetNICsin appearance.MostofthecardsusedRJ-45connectorsforUTPcable,althoughDB9 connectorswerealsoavailable,andtheinternalconnectorssupportedallofthemajor systembuses,includingPCIandISA.EveryTokenRingadapterhadaverylarge-scale integration(VLSI)chipsetthatconsistedoffiveseparateCPUs,eachofwhichhaditsown separateexecutablecode,datastoragearea,andmemoryspace.EachCPUcorresponded toaparticularstateorfunctionoftheadapter.Thiscomplexityisoneofthemainreasons whyTokenRingNICsweresubstantiallymoreexpensivethanEthernetNICs. TokenRingMAUs Tomaintaintheringtopology,alloftheMAUsonaTokenRingnetworkneededtobe interconnectedusingtheRingInandRingOutportsintendedforthispurpose.Figure12-2 illustrateshowtheMAUsthemselveswerecabledinaringthatwasextendedbythelobe cablesconnectingeachoftheworkstations.ItwasalsopossibletobuildaTokenRing networkusingacontrolaccessunit(CAU),whichwasessentiallyanintelligentMAUthat supportedanumberoflobeattachmentmodules(LAMs).Toincreasethenumberof workstationsconnectedtoaTokenRingnetworkwithoutaddinganewMAU,youcould uselobeaccessunits(LAUs)thatenabledyoutoconnectseveralworkstationstoasingle lobe. Figure12-2TheMAUsinaTokenRingnetworkformedthebasicring.Thisringwasextendedwitheachworkstation addedtothenetwork. NOTELAMscansupportupto20nodeseach. TokenRingMAUs(nottobeconfusedwithanEthernethub,whichwasoccasionally calledaMAU,ormediumaccessunit)werequitedifferentfromEthernethubsinseveral ways.First,thetypicalMAUwasapassivedevice,meaningitdidnotfunctionasa repeater.ThecablingguidelinesforTokenRingnetworkswerebasedontheuseofpassive MAUs.TherewererepeatingMAUsonthemarket,however,thatenabledyoutoextend thenetworkcablelengthsbeyondthepublishedstandards. Second,theportsonallMAUsremainedinaloopbackstateuntiltheywereinitialized bytheworkstationconnectedtothem.Intheloopbackstate,theMAUpassedsignalsit receivedfromthepreviousportdirectlytothenextportwithoutsendingthemoutoverthe lobecable.Whentheworkstationbooted,ittransmittedwhatwasknownasaphantom voltagetotheMAU.Phantomvoltagedidnotcarrydata;itjustinformedtheMAUofthe presenceoftheworkstation,causingtheMAUtoaddittothering.OnolderType1Token Ringnetworks,anadministratorhadtomanuallyinitializeeachportintheMAUwitha special“key”plugbeforeattachingalobecabletoit.Thisinitializationwasessentialin TokenRingbecauseofthenetwork’srelianceoneachworkstationtosendeachpacketit receivedfromtheMAUrightback.TheMAUcouldnotsendthepackettothenext workstationuntilitreceiveditfromthepreviousone.IfaMAUweretotransmitapacket outthroughaporttoaworkstationthatwasturnedoffornonexistent,thepacketwould neverreturn,theringwouldbebroken,andthenetworkwouldceasefunctioning.Because oftheneedforthisinitializationprocess,itwasimpossibletoconnecttwoTokenRing networkswithoutaMAU,likeyoucanwithEthernetandacrossovercable. Finally,MAUsalwayshadtwoportsforconnectingtotheotherMAUsinthe network.Ethernetsystemsusingastartopologyconnectedtheirhubsinahierarchicalstar configuration(alsocalledabranchingtree),inwhichonehubcouldbeconnectedto severalothers,eachofwhich,inturn,wasconnectedtootherhubs,asshowninFigure123.TokenRingMAUswerealwaysconnectedinaring,withtheRingInportconnectedto thenextupstreamMAUandtheRingOutportconnectedtothenextdownstreamMAU. EvenifyournetworkhadonlytwoMAUs,youhadtoconnecttheRingInportoneach onetotheRingOutportontheotherusingtwopatchcables. Figure12-3Ethernethubs(atleft)wereconnectedusingabranchingtreearrangement,whileTokenRingMAUs(at right)wereconnectedinaring. TheconnectionsbetweenTokenRingMAUswereredundant.Thatis,ifacableor connectorfailurecausedabreakbetweentwooftheMAUs,theadjacentMAUs transmittedanydatareachingthembackintheotherdirection,sothepacketsalways reachedalloftheworkstationsconnectedtothenetwork.TheTokenRingstandardsused aspecificationcalledtheadjustedringlength(ARL)todeterminethetotallengthofthe datapathintheeventofthistypeoffailure. CalculatingtheARL TocalculatetheARLforanetwork,youtookthesumofallthepatchcablelengths betweenwiringclosetsminusthelengthoftheshortestpatchcableconnectingtwowiring closetsandmadethefollowingadjustments: •Added3metersforeverypunchdownconnectioninvolvedinthepath betweentwoMAUs •Added30metersforeverysurgeprotectorusedonthenetwork •Added16metersforeveryeight-portMAU BecauseMAUswereoftenstoredinwiringclosets,thestandardreferstothenumber ofwiringclosetsusedonthenetworkusingMAUsmorethan3metersapart.Whetherthe MAUswerephysicallylocatedindifferentclosetsisnotrelevant;anytwoMAUs connectedbyacablemorethan3meterslongweresaidtobeindifferentwiringclosets. Patchcablesshorterthan3meterswerenottobeincludedintheARLcalculations. NOTEAlloftheringlengthsdiscussedinreferencetoTokenRingnetworks refertopassiveMAUnetworks.UnlikeanEthernethub,aTokenRing MAUdidnotusuallyfunctionasarepeater.WhenyouusedactiveMAUs thatincludedsignal-repeatingcapabilities,thecablescouldbemuch longer,dependingonthecapabilitiesoftheindividualMAU. TokenPassing AccesstothenetworkmediumonaTokenRingnetworkwasarbitratedthroughtheuseof a3-bytepacketknownasthetoken.Whenthenetworkwasidle,theworkstationswere saidtobeinbitrepeatmode,awaitinganincomingtransmission.Thetokencirculated continuouslyaroundthering,fromnodetonode,untilitreachedaworkstationthathad datatotransmit.Totransmititsdata,theworkstationmodifiesasinglemonitorsettingbit inthetokentoreflectthatthenetworkisbusyandsendsittothenextworkstation, followedimmediatelybyitsdatapacket. Thepacketalsocirculatesaroundthering.Eachnodereadthedestinationaddressin thepacket’sframeheaderandeitherwrotethepackettoitsmemorybuffersforprocessing beforetransmittingittothenextnodeorjusttransmitteditwithoutprocessing.(Compare thiswithEthernetsystemsthatsimplydiscardpacketsthatarenotaddressedtothem.)In thisway,thepacketreacheseverynodeonthenetworkuntilitarrivesattheworkstation thatoriginallysentit. Onreceiptofthepacketafterithadtraversedthering,thesendingnodecomparedthe incomingdatawiththedataitoriginallytransmittedtoseewhetheranyerrorshad occurredduringtransmission.Iferrorshadoccurred,thecomputerretransmittedthe packet.Ifnoerrorsoccurred,thecomputerremovedthepacketfromthenetworkand discardeditandthenchangedthemonitorsettingbitbacktoitsfreestateandtransmitted it.Theprocesswasthenrepeated,witheachsystemhavinganequalchancetotransmit. Althoughitwasnotpartoftheoriginalstandard,most16MbpsTokenRingsystems todayincludedafeaturecalledearlytokenrelease(ETR),whichenabledthetransmitting systemtosendthe“free”tokenimmediatelyafterthedatapacket(insteadofthe“busy” tokenbeforethedatapacket),withoutwaitingforthedatatotraversethenetwork.That way,thenextnodeonthenetworkreceivedthedatapacket,capturedthefreetoken,and transmitteditsowndatapacket,followedbyanotherfreetoken.Thisenabledmultiple datapacketstoexistonthenetworksimultaneously,buttherewasstillonlyonetoken. Earlytokenreleaseeliminatessomeofthelatencydelaysonthenetworkthatoccurred whilesystemswaitedforthefreetokentoarrive. NOTEEarlytokenreleasewaspossibleonlyon16MbpsTokenRing networks.SystemsthatuseETRcouldcoexistonthesamenetworkwith systemsthatdidnot. Becauseonlythecomputerholdingthetokencantransmitdata,TokenRingnetworks didnotexperiencecollisionsunlessaseriousmalfunctionoccurred.Thismeantthatthe networkcouldoperateuptoitsfullcapacitywithnodegradationofperformance,ascan happeninanEthernetnetwork.Thetoken-passingsystemwasalsodeterministic,which meantthatitcouldcalculatethemaximumamountoftimethatwouldelapsebeforea particularnodecouldtransmit. TokenRingisnottheonlydatalinklayerprotocolthatusedtokenpassingforits mediaaccesscontrolmethod.FDDIusestokenpassing. SystemInsertion Beforeitcouldjointhering,aworkstationhadtocompleteafive-stepinsertionprocedure thatverifiedthesystem’scapabilitytofunctiononthenetwork.Thefivestepswereas follows: 1.MedialobecheckThemedialobechecktestedthenetworkadapter’s capabilitytotransmitandreceivedataandthecable’scapabilitytocarrythedata totheMAU.WiththeMAUloopingtheincomingsignalforthesystembackout throughthesamecable,theworkstationtransmittedaseriesofMACLobeMedia Testframestothebroadcastaddress,withthesystem’sownaddressasthesource. ThenthesystemtransmittedaMACDuplicationAddressTestframewithitsown addressasboththesourceandthedestination.Toproceedtothenextstep,the systemhadtosuccessfullytransmit2,047MACLobeMediaTestframesandone MACDuplicationAddressTestframe.Thetestingsequencecouldberepeated onlytwotimesbeforetheadapterwasconsideredtohavefailed. 2.PhysicalinsertionDuringthephysicalinsertionprocess,theworkstation sentaphantomvoltage(alow-voltageDCsignalinvisibletoanydatasignalson thecable)upthelobecabletotheMAUtotriggertherelaythatcausedtheMAU toaddthesystemintothering.Afterdoingthis,theworkstationwaitedforasign thatanactivemonitorispresentonthenetwork,intheformofeitheranActive MonitorPresent(AMP),StandbyMonitorPresent(SMP),orRingPurgeframe.If thesystemdidnotreceiveoneoftheseframeswithin18seconds,itinitiateda monitorcontentionprocess.Ifthecontentionprocessdidnotcompletewithinone secondoriftheworkstationbecametheactivemonitor(see“TokenRing Monitors”laterinthischapter)andinitiatedaringpurgethatdidnotcomplete withinonesecond,oriftheworkstationreceivedaMACBeaconorRemove Stationframe,theconnectiontotheMAUfailedtoopen,andtheinsertionwas unsuccessful. 3.AddressverificationTheaddressverificationprocedurecheckedtosee whetheranotherworkstationontheringhadthesameaddress.BecauseToken Ringsupportedlocallyadministeredaddresses(LAAs),itwaspossibleforthisto occur.ThesystemgeneratedaseriesofMACDuplicationAddressTestframes likethoseinstep1,exceptthatthesewerepropagatedovertheentirenetwork.If noothersystemwasusingthesameaddress,thetestframesshouldcomeback withtheirAddressRecognized(ARI)andFrameCopied(FCI)bitssetto0,at whichtimethesystemproceededtothenextstep.Ifthesystemreceivedtwotest frameswiththeARIandFCIbitssetto1orifthetestframesdidnotreturnwithin 18seconds,theinsertionfailed,andtheworkstationwasremovedfromthering. 4.RingpollparticipationThesystemmustsuccessfullyparticipateinaring pollbyreceivinganAMPorSMPframewiththeARIandFCIbitssetto0, changingthosebitsto1,andtransmittingitsownSMPframe.Iftheworkstation didnotreceiveanAMPorSMPframewithin18seconds,theinsertionfailed,and theworkstationwasremovedfromthering. 5.RequestinitializationTheworkstationtransmittedfourMACRequest Initializationframestothefunctionaladdressofthenetwork’sringparameter server.IfthesystemreceivedtheframeswiththeARIandFCIbitssetto0, indicatingthattherewasnofunctioningringparameterserver,thesystem’s networkadapteruseditsdefaultvalues,andtheinitialization(aswellastheentire systeminsertion)wasdeemedsuccessful.Ifthesystemreceivedoneofitsframes withtheARIandFCIbitssetto1(indicatingthataringparameterserverhad receivedtheframe),itwaitedtwosecondsforaresponse.Iftherewasno response,thesystemretrieduptofourtimes,afterwhichtheinitializationfailed, andtheworkstationwasremovedfromthering. SystemStates Duringitsnormalfunctions,aTokenRingsystementersthreedifferentoperationalstates, whichareasfollows: 1.RepeatWhileintherepeatstate,theworkstationtransmittedallthedata arrivingattheworkstationthroughthereceiveporttothenextdownstreamnode. Whentheworkstationhadapacketofitsownqueuedfortransmission,itmodified thetokenbitintheframe’saccesscontrolbytetoavalueof1andenteredthe transmitstate.Atthesametime,thetokenholdingtimer(THT)thatallowsthe system8.9msoftransmissiontimewasresettozero. 2.TransmitOnceinthetransmitstate,theworkstationtransmittedasingle frameontothenetworkandreleasedthetoken.Aftersuccessfullytransmittingthe frame,theworkstationtransmittedidlefill(asequenceofones)untilitreturnedto therepeatstate.IfthesystemreceivedaBeacon,RingPurge,orClaimToken MACframewhileitwastransmitting,itinterruptedthetransmissionandsentan AbortDelimiterframetoclearthering. 3.StrippingAtthesametimethataworkstation’stransmitportwasinthe transmitstate,itsreceiveportwasinthestrippingstate.Asthetransmitteddata returnedtotheworkstationaftertraversingthering,thesystemstrippeditfromthe networksothatitwouldnotcirculateendlessly.Oncethesystemdetectedtheend delimiterfieldonthereceiveport,itknewthattheframehadbeencompletely strippedandreturnedtotherepeatstate.Ifthe8.9msTHTexpiredbeforetheend delimiterarrived,thesystemrecordedalostframeerrorforlatertransmissionina SoftErrorReportframebeforereturningtotherepeatstate. TokenRingMonitors EveryTokenRingnetworkhadasystemthatfunctionedastheactivemonitorthatwas responsibleforensuringtheproperperformanceofthenetwork.Theactivemonitordid nothaveanyspecialprogrammingorhardware;itwassimplyelectedtotherolebya processcalledmonitorcontention.Alloftheothersystemsonthenetworkthenfunctioned asstandbymonitors,shouldthecomputerfunctioningastheactivemonitorfail.The functionsoftheactivemonitorwereasfollows: •TransmitActiveMonitorPresentframesEverysevenseconds,theactive monitor(AM)transmittedanActiveMonitorPresentMACframethatinitiated theringpollingprocess. •MonitorringpollingTheAMhadtoreceiveeitheranActiveMonitor PresentorStandbyMonitorPresentframefromthenodeimmediatelyupstreamof itwithinsevensecondsofinitiatingaringpollingprocedure.Iftherequiredframe didnotarrive,theAMrecordedaringpollingerror. •ProvidemasterclockingTheAMgeneratedamasterclocksignalthatthe otherworkstationsonthenetworkusedtosynchronizetheirclocks.Thisensured thatallthesystemsonthenetworkknewwheneachtransmittedbitbeginsand ends.Thisalsoreducednetworkjitter,thesmallamountofphaseshiftthattended tooccuronthenetworkasthenodesrepeatedthetransmitteddata. •ProvidealatencybufferInthecaseofasmallring,itwaspossiblefora workstationtobegintransmittingatokenandtoreceivethefirstbitsonitsreceive portbeforeithadfinishedtransmitting.TheAMpreventedthisbyintroducinga propagationdelayofatleast24bits(calledalatencybuffer),whichensuredthat thetokencirculatesaroundthenetworkproperly. NOTEAlatencybufferisalsoknownasfixedlatency. •Monitorthetoken-passingprocessTheactivemonitorhadtoreceivea goodtokenevery10milliseconds,whichensuredthatthetoken-passing mechanismwasfunctioningproperly.Ifaworkstationraisedthetokenpriority andfailedtoloweritorfailedtocompletelystripitspacketfromthering,theAM detectedtheproblemandremedieditbypurgingtheringandgeneratinganew token.Everynode,onreceivingaRingPurgeMACframefromtheAM,stopped whatitwasdoing,resetitstimers,andenteredbitrepeatmodeinpreparationfor receiptofanewpacket. RingPollingRingpollingwastheprocessbywhicheachnodeonaTokenRingnetwork identifieditsnearestactiveupstreamneighbor(NAUN).Theworkstationsusedthis informationduringthebeaconingprocesstoisolatethelocationofanetworkfault. Thering-pollingprocesswasinitiatedbytheactivemonitorwhenittransmittedan ActiveMonitorPresent(AMP)MACframe.ThisframecontainedanAddressRecognized bitandaFrameCopiedbit,bothofwhichhaveavalueof0.Thefirstsystemdownstream oftheAMreceivedtheframeandchangedtheARIandFCIbitsto1.Thereceiving systemalsorecordedtheaddressofthesendingsystemasitsNAUN.Thisisbecausethe firststationthatreceivedanAMPframealwayschangedthevaluesofthosetwobits. Therefore,thesystemreceivingaframewithzero-valuedARIandFCIbitsknewthe senderwasitsnearestactiveupstreamneighbor. BeaconingWhenastationonaTokenRingnetworkfailedtodetectasignalonits receiveport,itassumedthattherewasafaultinthenetworkandinitiatedaprocesscalled beaconing.ThesystembroadcastMACbeaconframestotheentirenetworkevery20 milliseconds(withoutcapturingatoken)untilthereceivesignalcommencedagain.Each stationtransmittingbeaconframeswassaying,inessence,thataproblemexistedwithits nearestactiveupstreamneighborbecauseitwasnotreceivingasignal.IftheNAUN beganbeaconingalso,thisindicatedthattheproblemwasfartherupstream.Bynoting whichstationsonthenetworkwerebeaconing,itwaspossibletoisolatethe malfunctioningsystemorcablesegment.TherewerefourtypesofMACbeaconframes, asfollows: •SetRecoveryMode(priority1)TheSetRecoveryModeframewasrarely seenbecauseitwasnottransmittedbyaworkstation’sTokenRingadapter.This framewasusedonlyduringarecoveryprocessinitiatedbyanattachednetwork managementproduct. •SignalLoss(priority2)TheSignalLossframewasgeneratedwhena monitorcontentionprocessfailedbecauseofatimeoutandthesystementeredthe contentiontransmitmodebecauseofafailuretoreceiveanysignalfromthe activemonitor.Thepresenceofthisframeonthenetworkusuallyindicatedthata cablebreakorahardwarefailurehadoccurred. •StreamingSignal,NotClaimToken(priority3)TheStreamingSignal, NotClaimTokenframewasgeneratedwhenamonitorcontentionprocessfailed becauseofatimeoutandthesystemhadreceivednoMACClaimTokenframes duringthecontentionperiod.Thesystemhadreceivedaclocksignalfromthe activemonitor,however,ortheSignalLossframewouldhavebeengenerated instead. •StreamingSignal,ClaimToken(priority4)TheStreamingSignal,Claim Tokenframewasgeneratedwhenamonitorcontentionprocessfailedbecauseofa timeoutandthesystemhadreceivedMACClaimTokenframesduringthe contentionperiod.Thisframewasusuallyanindicationofatransientproblem causedbyacablethatwastoolongorbysignalinterferencecausedby environmentalnoise. Whenasystemsuspectedthatitmaybethecauseofthenetworkproblemresultingin beaconing,itremoveditselffromtheringtoseewhethertheproblemdisappeared.Ifthe systemtransmittedbeaconframesformorethan26seconds,itperformedabeacon transmitauto-removaltest. IfthesystemreceivedeightconsecutivebeaconframesthatnameitastheNAUNofa beaconingsystemdownstream,itperformedabeaconreceiveauto-removaltest. TokenRingFrames FourdifferenttypesofframeswereusedonTokenRingnetworks,unlikeEthernet networks,whichhadonesingle-frameformat.Thedataframetypewastheonlyonethat actuallycarriedthedatageneratedbyupper-layerprotocols,whilethecommandframe typeperformedringmaintenanceandcontrolprocedures.Thetokenframetypewasa separateconstructionusedonlytoarbitratemediaaccess,andtheabortdelimiterframe typewasusedonlywhencertaintypesoferrorsoccurred. TheDataFrame TokenRingdataframescarriedtheinformationgeneratedbyupper-layerprotocolsina standardlogicallinkcontrol(LLC)protocoldataunit(PDU),asdefinedintheIEEE802.2 document.Table12-1describesthefieldsthatmadeuptheframeandtheirfunctions. Table12-1TokenRingDataFramesandTheirFunctions TheCommandFrameCommandframes,alsocalledMACframes,differedfromdata framesonlyintheinformationfieldandsometimestheframecontrolfield.MACframes didnotuseanLLCheader;instead,theycontainedaPDUconsistingof2bytesthat indicatedthelengthofthecontrolinformationtofollow,a2-bytemajorvectorIDthat specifiedthecontrolfunctionoftheframe,andavariablenumberofbytescontainingthe controlinformationitself. MACframesperformedringmaintenanceandcontrolfunctionsonly.Theynever carriedupper-layerdata,andtheywereneverpropagatedtoothercollisiondomainsby bridges,switches,orrouters. TheTokenFrameThetokenframewasextremelysimple,consistingofonlythree1bytefields:thestartdelimiter,accesscontrol,andenddelimiterfields.Thetokenbitinthe accesscontrolfieldwasalwayssettoavalueof1,andthedelimiterfieldstookthesame formasinthedataandcommandframes. TheAbortDelimiterFrameTheabortdelimiterframeconsistedonlyofthestart delimiterandtheenddelimiterfields,usingthesameformatastheequivalentfieldsinthe dataandcommandframes.Thisframetypewasusedprimarilywhenanunusualevent occurred,suchaswhenthetransmissionofapacketwasinterruptedandended prematurely.Whenthishappened,theactivemonitortransmittedanabortdelimiterframe thatflushedoutthering,removingalltheimproperlytransmitteddataandpreparingitfor thenexttransmission. TokenRingErrors TheIEEE802.5standarddefinedanumberofsofterrortypesthatsystemsonthenetwork couldreporttotheworkstationfunctioningastheringerrormonitorusingMACframes. WhenaTokenRingadapterdetectedasofterror,itbeganatwo-secondcountdown, duringwhichitwaitedtoseewhetherothererrorsoccurred.Afterthetwoseconds,the systemsentasofterrorreportmessagetotheaddressoftheringerrormonitor.Therewere severaltypesofsofterrorsdetectablebyTokenRingsystems,asshownnext: •BursterrorAbursterroroccurredwhenasystemdetectedfivehalf-bit times(thatis,threetransmittedbits)thatlackedtheclocktransitioninthemiddle ofthebitcalledforbytheDifferentialManchesterencodingsystem.Thistypeof errorwastypicallycausedbynoiseonthecableresultingfromfaultyhardwareor someotherenvironmentalinfluence. •LineerrorAlineerroroccurredwhenaworkstationreceivedaframethat hadanerrordetectionbitintheenddelimiterfieldwithavalueof1,either becauseofaCRCerrorintheframechecksequenceorbecauseabitviolatingthe DifferentialManchesterencodingsystemwasdetectedinanyfieldsotherthanthe startdelimiterandenddelimiter.Anetworkwithnoiseproblemswouldtypically haveonelineerrorforeverytenbursterrors. •LostframeerrorAlostframeerroroccurredwhenasystemtransmitteda frameandfailedtoreceiveitbackwithinthefourmillisecondsallottedbythe returntorepeattimer(RRT).Thiserrorcouldbecausedbyexcessivenoiseonthe network. •TokenerrorAtokenerroroccurredwhentheactivemonitor’stenmillisecondvalidtransmissiontimer(VTX)expiredwithoutthereceiptofaframe andtheAMhadtogenerateanewtoken,oftencausedbyexcessivenoiseonthe network. •InternalerrorAninternalerroroccurredwhenasystemdetectedaparity errorduringdirectmemoryaccess(DMA)betweenthenetworkadapterandthe computer. •FrequencyerrorAfrequencyerroroccurredwhenastandbymonitor systemreceivedasignalthatdifferedfromtheexpectedfrequencybymorethana givenamount. •ACerrorAnACerroroccurredwhenasystemreceivedtwoconsecutive ring-pollingframeswithARIandFCIbitssetto0,inwhichthefirstframewasan AMPoranSMPandthesecondframewasanSMP. •FCerrorAFrameCopiederroroccurredwhenasystemreceivedaunicast MACframewiththeARIbitsetto1,indicatingeitheranoiseproblemora duplicateaddressonthenetwork. •AbortdelimitertransmittederrorAnabortdelimitertransmittederror occurredwhenanetworkconditioncausedaworkstationtostoptransmittingin themiddleofaframeandtogenerateanabortdelimiterframe. •ReceivecongestionerrorAreceivecongestionerroroccurredwhena systemreceivedaunicastframebuthadnoavailablebufferspacetostorethe packetbecauseitwasbeingoverwhelmedbyincomingframes. FDDI Appearingfirstinthelate1980sanddefinedinstandardsdevelopedbytheAmerican NationalStandardsInstitute(ANSI)X3T9.5committee,FiberDistributedDataInterface (FDDI,pronounced“fiddy”)wasthefirst100Mbpsdatalinklayerprotocoltoachieve popularuse. AtthetimeofFDDI’sintroduction,10MbpsthickandthinEthernetwerethe dominantLANtechnologies,andFDDIrepresentedamajorstepforwardinspeed.In addition,theuseoffiber-opticcableprovideddramaticincreasesinpacketsize,network segmentlength,andthenumberofworkstationssupported.FDDIpacketscancarryupto 4,500bytesofdata(comparedto1,500forEthernet),and,undercertainconditions,a networkcanconsistofupto100kmofcable,supportingupto500workstations.These improvements,incombinationwithfiberoptics’completeresistancetotheeffectsof electromagneticinterference,makeitanexcellentprotocolforconnectingdistant workstationsandnetworks,eventhoseindifferentbuildings.Asaresult,FDDIoriginally becameknownprimarilyasabackboneprotocol,aroleforwhichitisadmirablysuited. Whileitoriginallywasdesignedtorunonfiber-opticcables,FDDIcanalsorunoncopper cablesusingelectricalsignals. Becauseofitsuseasabackboneprotocol,productssuchasbridgesandroutersthat connectEthernetnetworkstoFDDIbackbonesarecommon.FDDIiscompletelydifferent fromEthernet,andthetwonetworktypescanbeconnectedonlybyusingadevicesuchas arouteroratranslationbridgethatisdesignedtoprovideaninterfacebetweendifferent networks.ThisprotocolisreliablebecauseFDDInetworkshavetwocounter-rotating ringsthatbackeachotherup.Thatis,shouldoneringfailtofunction,thesystemprovides analternativemethodofsendingdata. FDDITopology FDDIisatoken-passingprotocollikeTokenRingthatuseseitheradouble-ringorastar topology.UnlikeTokenRing,inwhichtheringtopologyislogicalandnotphysical,the originalFDDIspecificationcalledforthesystemstoactuallybecabledinaringtopology. Inthiscase,itisadoublering,however.Thedoublering(alsocalledatrunkring)consists oftwoseparaterings,aprimaryandasecondary,withtrafficrunninginopposite directionstoprovidefaulttolerance.Thecircumferenceofthedoubleringcanbeupto 100km,andworkstationscanbeupto2kmapart. Workstationsconnectedtobothringsarecalleddualattachmentstations(DASs).Ifa cableshouldbreakoraworkstationshouldmalfunction,trafficisdivertedtothe secondaryringthatisrunningintheoppositedirection,enablingittoaccessanyother systemonthenetworkusingthesecondarypath.AFDDInetworkoperatinginthisstateis calledawrappedring.Figure12-4showsaproperlyfunctioningFDDIdual-ringnetwork andawrappedring. Figure12-4TheFDDIdoublering,functioningnormallyontheleftandwrappedontheright Ifasecondcablebreakshouldoccur,thenetworkisthendividedintotwoseparate rings,andnetworkcommunicationsareinterrupted.Awrappedringisinherentlyless efficientthanthefullyfunctionaldoubleringbecauseoftheadditionaldistancethatthe trafficmusttravelandis,therefore,meanttobeatemporarymeasureonlyuntilthefaultis repaired. FDDIcanalsouseastartopologyinwhichworkstationsareattachedtoahub,called adualattachmentconcentrator(DAC).Thehubcaneitherstandaloneorbeconnectedto adoublering,formingwhatissometimescalledadualringoftrees.Workstations connectedtothehubaresingle-attachmentstations(SASs);theyareconnectedonlytothe primaryringandcannottakeadvantageofthesecondaryring’swrappingcapabilities.The FDDIspecificationsdefinefourtypesofportsusedtoconnectworkstationstothe network: •ADASconnectiontosecondaryring •BDASconnectiontoprimaryring •MDACportforconnectiontoanSAS •SSASconnectiontoMportinaconcentrator Table12-2describesthevarioustypesofconnectionsusingthefourtypesofFDDI ports. Table12-2FDDIConnectionTypes DASsandDACshavebothAandBportstoconnectthemtoadoublering.Signals fromtheprimaryringenterthroughtheBportandexitfromtheAport,whilethesignals fromthesecondaryringenterthroughAandexitthroughB.AnSAShasasingleSport, whichconnectsittotheprimaryringonlythroughanMportonaDAC. NOTEThe500workstationand100kmnetwork-lengthlimitationsarebased ontheuseofDAScomputers.AFDDInetworkcomposedonlyofSAS machinescanbeupto200kmlongandsupportupto1,000workstations. DAScomputersthatareattacheddirectlytothedoubleringfunctionasrepeaters;they regeneratethesignalsastheypasseachpacketalongtotherestofthenetwork.Whena systemisturnedoff,however,itdoesnotpassthepacketsalong,andthenetworkwraps, unlessthestationisequippedwithabypassswitch.Abypassswitch,implementedeither aspartofthenetworkinterfaceadapterorasaseparatedevice,enablesincomingsignals topassthroughthestationandontotherestofthenetwork,butitdoesnotregenerate them.Onafiber-opticnetwork,thisistheequivalentofopeningawindowtoletthe sunlightintoaroominsteadofturningonanelectriclight.Aswithanynetworkmedium, thesignalhasatendencytoattenuateifitisnotregenerated.Iftoomanyadjacentsystems arenotrepeatingthepackets,thesignalscanweakentothepointatwhichstationscan’t readthem. TheDACfunctionsmuchlikeaTokenRingMAUinthatitimplementsalogicalring whileusingaphysicalstartopology.ConnectingaDACtoadoubleringextendsthe primaryringtoeachconnectedworkstationandback,asshowninFigure12-5.Noticethat whiletheDACisconnectedtoboththeprimaryandsecondaryrings,theMportsconnect onlytheprimaryringtotheworkstations.Thus,whiletheDACitselftakesadvantageof thedoublering’sfaulttolerance,abreakinthecableconnectingaworkstationtotheDAC severstheworkstationfromthenetwork.However,theDACiscapableofdynamically removingamalfunctioningstationfromthering(again,likeaTokenRingMAU)sothat theproblemaffectsonlythesingleworkstationandnottheentirering. Figure12-5DACsconnectedtothedoubleringprovidemultipleSASconnections ItissometimespossibletoconnectaDAStotwoDACportstoprovideastandbylink tothehubiftheactivelinkfails.Thisiscalleddualhoming.However,thisisdifferent fromconnectingtheDASdirectlytothedoubleringbecauseboththeAandBportsonthe workstationareconnectedtoMportsonthehub.Mportsareconnectedonlytothe primaryring,soadual-homedsystemsimplyhasabackupconnectiontotheprimaryring, notaconnectiontobothrings. CascadinghubsarepermittedonaFDDInetwork.ThismeansyoucanplugoneDAC intoanMportofanotherDACtoextendthenetwork.Thereisnolimittothenumberof layers,aslongasyouobservethemaximumnumberofworkstationspermittedonthe ring.Itisalsopossibletocreateatwo-stationringbyconnectingtheSportsontwoSAS computersorbyconnectinganSporttoeithertheAorBportofaDAS.SomeFDDI adaptersmayrequirespecialconfigurationtodothis. FDDISubsystems ThefunctionalityoftheFDDIprotocolisbrokendownintofourdistinctlayers,as follows: •Physicalmediadependent(PMD)Preparesdatafortransmissionovera specifictypeofnetworkmedium •Physical(PHY)Encodesanddecodesthepacketdataintoaformatsuitable fortransmissionoverthenetworkmediumandisresponsibleformaintainingthe clocksynchronizationonthering •Mediaaccesscontrol(MAC)ConstructsFDDIpacketsbyapplyingthe framecontainingaddressing,scheduling,androutingdata,andthennegotiates accesstothenetworkmedium •Stationmanagement(SMT)ProvidesmanagementfunctionsfortheFDDI ring,includinginsertionandremovaloftheworkstationfromthering,fault detectionandreconfiguration,neighboridentification,andstatisticsmonitoring TheFDDIstandardsconsistofseparatedocumentsforeachoftheselayers,aswellas separatespecificationsforsomeoftheoptionsatcertainlayers.Theoperationsperformed ateachlayerarediscussedinthefollowingsections. ThePhysicalMediaDependentLayer Thephysicalmediadependentlayerisresponsibleforthemechanicsinvolvedin transmittingdataoveraparticulartypeofnetworkmedium.TheFDDIstandardsdefine twophysicallayeroptions,asfollows. Fiber-OpticTheFiber-PMDstandardsdefinetheuseofeithersingle-modeor multimodefiber-opticcable,aswellastheoperatingcharacteristicsoftheother componentsinvolvedinproducingthesignals,includingtheopticalpowersources,photodetectors,transceivers,andmediuminterfaceconnectors.Forexample,theopticalpower sourcesmustbeabletotransmita25-microwattsignal,whilethephotodetectorsmustbe capableofreadinga2-microwattsignal. The2kmmaximumdistancebetweenFDDIstationscitedearlierisformultimode fiber;withsingle-modecable,runsof40kmto60kmbetweenworkstationsarepossible. Thereisalsoalow-costmultimodefibercablestandard,calledLCF-PMD,thatallows only500metersbetweenworkstations.Allofthesefibercablesusethesamewavelength (1300nm),soit’spossibletomixthemonthesamenetwork,aslongasyouadheretothe cablingguidelinesoftheleastcapablecableinuse. Twisted-PairTheTP-PMDstandard,sometimescalledtheCopperDistributedData Interface(CDDI,pronounced“siddy”),callsfortheuseofeitherstandardCategory5 unshieldedtwisted-pairorType1shieldedtwisted-paircable.Inbothcases,themaximum distanceforacablerunis100meters.Twisted-paircableistypicallyusedforSAS connectionstoconcentrators,whilethebackboneusesfiberoptic.Thismakesitpossible touseinexpensivecoppercableforhorizontalwiringtotheworkstationsandretainthe attributesoffiberopticonthebackbonewithouttheneedtobridgeorroutebetweenFDDI andEthernet.CDDInevergainedwideacceptanceinthemarketplace,probablybecause oftheintroductionofFastEthernetatapproximatelythesametime. ThePhysicalLayer WhilethePMDlayerdefinesthecharacteristicsofspecificmediatypes,thePHYlayeris implementedinthenetworkinterfaceadapter’schipsetandprovidesamedia-independent interfacetotheMAClayeraboveit.IntheoriginalFDDIstandards,thePHYlayeris responsiblefortheencodinganddecodingofthepacketsconstructedbytheMAClayer intothesignalsthataretransmittedoverthecable.FDDIusesasignalingschemecalled Non-ReturntoZeroInverted(NRZI)4B/5B,whichissubstantiallymoreefficientthanthe ManchesterandDifferentialManchesterschemesusedbyEthernetandTokenRing, respectively. TheTP-PMDstandard,however,callsforadifferentsignalingscheme,whichis Multi-LevelTransition(MLT-3),whichusesthreesignalvaluesinsteadofthetwousedby NRZI4B/5B.Bothoftheseschemesprovidethesignalneededtosynchronizetheclocks ofthetransmittingandreceivingworkstations. TheMediaAccessControlLayer TheMAClayeracceptsprotocoldataunits(PDUs)ofupto9,000bytesfromthenetwork layerprotocolandconstructspacketsupto4,500bytesinsizebyencapsulatingthedata withinaFDDIframe.Thislayerisalsoresponsiblefornegotiatingaccesstothenetwork mediumbyclaimingandgeneratingtokens. DataFramesMostofthepacketstransmittedbyaFDDIstationaredataframes.Adata framecancarrynetworklayerprotocoldata,MACdatausedinthetokenclaimingand beaconingprocesses,orstationmanagementdata. FDDIframescontaininformationencodedintosymbols.Asymbolisa5-bitbinary stringthattheNRZI4B/5Bsignalingschemeusestotransmita4-bitvalue.Thus,two symbolsareequivalentto1byte.Thisencodingprovidesvaluesforthe16hexadecimal datasymbols,8controlsymbolsthatareusedforspecialfunctions(someofwhichare definedintheframeformatthatfollows),and8violationsymbolsthatFDDIdoesnotuse. Table12-3liststhesymbolsusedbyFDDIandthe5-bitbinarysequencesusedto representthem. Table12-3FDDISymbolValues Figure12-6showstheformatofaFDDIdataframe.Thefunctionsoftheframefields areasfollows: •Preamble(PA),8bytesContainsaminimumof16symbolsofidle,thatis, alternating0sand1s,whichtheothersystemsonthenetworkusetosynchronize theirclocks,afterwhichtheyarediscarded. •StartingDelimiter(SD),1byteContainsthesymbolsJandK,which indicatethebeginningoftheframe. •FrameControl(FC),1byteContainstwosymbolsthatindicatewhatkind ofdataisfoundintheINFOfield.Someofthemostcommonvaluesareas follows: •40(Voidframe)ContainsnothingbutIusedtoresettimersduring initialization. •41,4F(StationManagement[SMT]frame)IndicatesthattheINFOfield containsanSMTPDU,whichiscomposedofanSMTheaderandSMT information. •C2,C3(MACframe)IndicatesthattheframeiseitheraMACClaimframe (C2)oraMACBeaconframe(C3).Theseframesareusedtorecoverfrom abnormaloccurrencesinthetoken-passingprocess,suchasfailuretoreceivea tokenorfailuretoreceiveanydataatall. •50,51(LLCframe)IndicatesthattheINFOfieldcontainsastandardIEEE 802.2LLCframe.FDDIpacketscarryingapplicationdatauselogicallinkcontrol (LLC)frames. •60(implementerframe)Theseframesaredefinedbytheuserofthe networkorvendor. •70(reservedframe)Theseframesarereservedforfutureuse. •DestinationAddress(DA),6bytesSpecifiestheMACaddressofthe systemonthenetworkthatwillnextreceivetheframeoragrouporbroadcast address. •SourceAddress(SA),6bytesSpecifiestheMACaddressofthesystem sendingthepacket. •Data(INFO),variableContainsnetworklayerprotocoldata,anSMT headeranddata,orMACdata,dependingonthefunctionoftheframe,as specifiedintheFCfield. •FrameCheckSequence(FCS),4bytesContainsacyclicredundancy checkvalue,generatedbythesendingsystem,thatwillberecomputedatthe destinationandcomparedwiththisvaluetoverifythatthepackethasnotbeen damagedintransit. •EndingDelimiter(ED),4bitsContainsasingleTsymbolindicatingthat theframeiscomplete. •EndofFrameSequence(FS),12bitsContainsthreeindicatorsthatcan haveeitherthevalueR(Reset)orthevalueS(Set).AllthreehavethevalueR whentheframeisfirsttransmittedandmaybemodifiedbyintermediatesystems whentheyretransmitthepacket.Thefunctionsofthethreeindicatorsareas follows: •E(Error)Indicatesthatthesystemhasdetectedanerror,eitherinthe FCSorintheframeformat.AnysystemreceivingaframewithavalueofS forthisindicatorimmediatelydiscardstheframe. •A(Acknowledge)Indicatesthatthesystemhasdeterminedthatthe frame’sdestinationaddressappliestoitself,becausetheDAfieldcontains eithertheMACaddressofthesystemorabroadcastaddress. •C(Copy)Indicatesthatthesystemhassuccessfullycopiedthecontents oftheframeintoitsbuffers.Undernormalconditions,theAandCindicators aresettogether;aframeinwhichtheAindicatorissetandCisnotindicates thattheframecouldnotbecopiedtothesystem’sbuffers.Thisismostlikely becauseofthesystemshavingbeenoverwhelmedwithtraffic. Figure12-6TheFDDIdataframe TokenPassingFDDIusestokenpassingasitsmediaaccesscontrolmechanism,likethe TokenRingprotocol.Aspecialpacketcalledatokencirculatesaroundthenetwork,and onlythesysteminpossessionofthetokenispermittedtotransmititsdata.Theoptional featurecalledearlytokenreleaseonaTokenRingnetwork,inwhichasystemtransmitsa newtokenimmediatelyafteritfinishestransmittingitslastpacket,isstandardonaFDDI network.FDDIsystemscanalsotransmitmultiplepacketsbeforereleasingthetokento thenextstation.Whenapackethastraversedtheentireringandreturnedtothesystem thatoriginallycreatedit,thatsystemremovesthetokenfromtheringtopreventitfrom circulatingendlessly. Figure12-7showstheformatofthetokenframe.Thefunctionsofthefieldsareas follows: •Preamble(PA),8bytesContainsaminimumof16symbolsofidle,thatis, alternating0sand1s,whichtheothersystemsonthenetworkusetosynchronize theirclocks,afterwhichtheyarediscarded •StartingDelimiter(SD),1byteContainsthesymbolsJandK,which indicatethebeginningoftheframe •FrameControl(FC),1byteContainstwosymbolsthatindicatethe functionoftheframe,usingthefollowinghexadecimalvalues: •80(NonrestrictedToken) •C0(RestrictedToken) •EndingDelimiter(ED),1byteContainstwoTsymbolsindicatingthatthe frameiscomplete Figure12-7TheFDDItokenframe FDDIisadeterministicnetworkprotocol.Bymultiplyingthenumberofsystemson thenetworkbytheamountoftimeneededtotransmitapacket,youcancalculatethe maximumamountoftimeitcantakeforasystemtoreceivethetoken.Thisiscalledthe targettokenrotationtime.FDDInetworkstypicallyruninasynchronousringmode,in whichanycomputercantransmitdatawhenitreceivesthetoken.SomeFDDIproducts canalsoruninsynchronousringmode,whichenablesadministratorstoallocateaportion ofthenetwork’stotalbandwidthtoasystemorgroupofsystems.Alloftheother computersonthenetworkrunasynchronouslyandcontendfortheremainingbandwidthin thenormalmanner. TheStationManagementLayer UnlikeEthernetandmostotherdatalinklayerprotocols,FDDIhasnetworkmanagement andmonitoringcapabilitiesintegratedintoitandwasdesignedaroundthesecapabilities. TheSMTlayerisresponsibleforringmaintenanceanddiagnosticsoperationsonthe network,suchasthefollowing: •Stationinitialization •Stationinsertionandremoval •Connectionmanagement •Configurationmanagement •Faultisolationandrecovery •Schedulingpolicies •Statisticscollection AcomputercancontainmorethanoneFDDIadapter,andeachadapterhasitsown PMD,PHY,andMAClayerimplementations,butthereisonlyoneSMTimplementation fortheentiresystem.SMTmessagesarecarriedwithinstandardFDDIdataframeswitha valueof41or4Fintheframecontrolfield.Instationmanagementframes,theINFOfield oftheFDDIdataframecontainsanSMTPDU,whichiscomposedofanSMTheaderand anSMTinfofield.Figure12-8showstheformatoftheSMTPDU.Thefunctionsofthe fieldsareasfollows: •FrameClass,1byteSpecifiesthefunctionofthemessage,usingthe followingvalues: •01(NeighborInformationFrame[NIF])FDDIstationstransmitperiodic announcementsoftheirMACaddresses,whichenablethesystemsonthenetwork todeterminetheirupstreamneighboraddresses(UNAs)andtheirdownstream neighboraddresses(DNAs).ThisisknownastheNeighborNotificationProtocol. Networkmonitoringproductscanalsousethesemessagestocreateamapofthe FDDIring. •02(StatusInformationFrame-Configuration[SIF-Cfg])Usedtorequest andprovideasystem’sconfigurationinformationforpurposesoffaultisolation, ringmapping,andstatisticsmonitoring. •03(StatusInformationFrame-Operation[SIF-Opr])Usedtorequestand provideasystem’soperationinformationforpurposesoffaultisolation,ring mapping,andstatisticsmonitoring. •04(EchoFrame)UsedforSMT-to-SMTloopbacktestingbetweenFDDI systems. •05(ResourceAllocationFrame[RAF])Usedtoimplementnetwork policies,suchastheallocationofsynchronousbandwidth. •06(RequestDeniedFrame[RDF])Usedtodenyarequestissuedby anotherstationbecauseofanunsupportedVersionIDvalueoralengtherror. •07(StatusReportFrame[SRF])Usedtoreportastation’sstatusto networkadministratorswhenspecificconditionsoccur,muchlikeanSNMPtrap. Someoftheseconditionsareasfollows: •FrameErrorConditionIndicatestheoccurrenceofanunusuallyhigh numberofframeerrors •LERConditionIndicatestheoccurrenceoflinkerrorsonaportabovea specifiedlimit •DuplicateAddressConditionIndicatesthatthesystemoritsupstream neighborisusingaduplicateaddress •PeerWrapConditionIndicatesthataDASisoperatinginwrapped mode—inotherwords,thatitisdivertingdatafromtheprimaryringtothe secondarybecauseofacablebreakorothererror •HoldConditionIndicatesthatthesystemisinaholding-prmorholdingsecstate •NotCopiedConditionIndicatesthatthesystem’sbuffersare overwhelmedandthatpacketsarebeingrepeatedwithoutbeingcopiedinto thebuffers •EBErrorConditionIndicatesthepresenceofanelasticitybuffererror onanyport •MACPathChangeIndicatesthatthecurrentpathhaschangedforany ofthesystem’sMACaddresses •PortPathChangeIndicatesthatthecurrentpathhaschangedforanyof thesystem’sports •MACNeighborChangeIndicatesachangeineithertheupstreamor downstreamneighboraddress •UndesirableconnectionIndicatestheoccurrenceofanundesirable connectiontothesystem •08(ParameterManagementFrame-Get[PMF-Get])Providesthemeans tolookatmanagementinformationbase(MIB)attributesonremotesystems. •09(ParameterManagementFrame-Set[PMF-Set])Providesthemeansto setvaluesforcertainMIBattributesonremotesystems. •FF(ExtendedServiceFrame[ESF])Intendedforusewhendefiningnew SMTservices. •FrameType,1byteIndicatesthetypeofmessagecontainedintheframe, usingthefollowingvalues: •01Announcement •02Request •03Response •VersionID,2bytesSpecifiesthestructureoftheSMTInfofield,usingthe followingvalues: •0001Indicatestheuseofaversionlowerthan7.x •0002Indicatestheuseofversion7.x •TransactionID,4bytesContainsavalueusedtoassociaterequestand responsemessages. •StationID,8bytesContainsauniqueidentifierforthestation,consistingof twouser-definablebytesandthe6-byteMACaddressofthenetworkinterface adapter. •Pad,2bytesContainstwobyteswithavalueof00thatbringtheoverall sizeoftheheaderto32bytes. •InfoFieldLength,2bytesSpecifiesthelengthoftheSMTInfofield. •SMTInfo,variableContainsoneormoreparameters,eachofwhichis composedofthefollowingsubfields: •ParameterType,2bytesSpecifiesthefunctionoftheparameter.The firstofthetwobytesindicatestheparameter’sclass,usingthefollowing values: •00Generalparameters •10SMTparameters •20MACparameters •32PATHparameters •40PORTparameters •ParameterLength,2bytesSpecifiesthetotallengthoftheResource IndexandParameterValuefields. •ResourceIndex,4bytesIdentifiestheMAC,PATH,orPORTobject thattheparameterisdescribing. •ParameterValue,variableContainstheactualparameterinformation. Figure12-8TheFDDIstationmanagementlayerPDUformat AFDDIsystemusesSMTmessagestoinsertitselfintotheringwhenitispowered up.Theprocedureconsistsofseveralsteps,inwhichitinitializestheringandteststhe linktothenetwork.Thenthesysteminitiatesitsconnectiontotheringusingaclaim token,whichdetermineswhetheratokenalreadyexistsonthenetwork.Ifatokenframe alreadyexists,theclaimtokenconfiguresittoincludethenewlyinitializedsysteminthe token’spath.Ifnotokenisdetected,allofthesystemsonthenetworkgenerateclaim frames,whichenablethesystemstodeterminethevalueforthetokenrotationtimeand determinewhichsystemshouldgeneratethetoken. BecauseoftheSMTheader’ssizeandthenumberoffunctionsperformedbySMT messages,thecontroloverheadonaFDDInetworkishigh,relativetootherprotocols. PART IV NetworkSystems CHAPTER13 TCP/IP CHAPTER14 OtherTCP/IPProtocols CHAPTER15 TheDomainNameSystem CHAPTER16 InternetServices CHAPTER 13 TCP/IP Sinceitsinceptioninthe1970s,theTCP/IPprotocolsuitehasevolvedintotheindustry standardfordatatransferprotocolsatthenetworkandtransportlayersoftheOpen SystemsInterconnection(OSI)model.Inaddition,thesuiteincludesmyriadother protocolsthatoperateaslowasthedatalinklayerandashighastheapplicationlayer. Operatingsystemstendtosimplifytheappearanceofthenetworkprotocolstackto makeitmorecomprehensibletotheaverageuser.OnaWindowsworkstation,for example,youinstallTransmissionControlProtocol/InternetProtocol(TCP/IP)by selectingasinglemodulecalledaprotocol,butthisprocessactuallyinstallssupportfora wholefamilyofprotocols,ofwhichTCPandIPareonlytwo.Understandinghowthe individualTCP/IPprotocolsfunctionandhowtheyworktogethertoprovide communicationservicesisanessentialpartofadministeringaTCP/IPnetwork. TCP/IPAttributes ThereareseveralreasonswhyTCP/IPistheprotocolsuiteofchoiceonthemajorityof datanetworks,nottheleastofwhichisthatthesearetheprotocolsusedontheInternet. TCP/IPwasdesignedtosupportthefledglingInternet(thencalledtheARPANET)ata timebeforetheintroductionofthePCwheninteroperabilitybetweencomputingproducts madebydifferentmanufacturerswasallbutunheardof.TheInternetwas,andis, composedofmanydifferenttypesofcomputers,andwhatwasneededwasasuiteof protocolsthatwouldbecommontoallofthem. ThemainelementthatsetsTCP/IPapartfromtheothersuitesofprotocolsthat providenetworkandtransportlayerservicesisitsself-containedaddressingmechanism. EverydeviceonaTCP/IPnetworkisassignedanIPaddress(orsometimesmorethanone) thatuniquelyidentifiesittotheothersystems.Devicestodayusenetworkinterface adaptersthathaveuniqueidentifiers(MACaddresses)hard-codedintothem,whichmakes theIPaddressredundant.Othertypesofcomputershaveidentifiersassignedbynetwork administrators,however,andnomechanismexiststoensurethatanothersystemona worldwideinternetworksuchastheInternetdoesnotusethesameidentifier. BecauseIPaddressesareregisteredbyacentralizedbody,youcanbecertainthatno two(properlyconfigured)machinesontheInternethavethesameaddress.Becauseofthis addressing,theTCP/IPprotocolscansupportvirtuallyanyhardwareorsoftwareplatform inusetoday.TheIPXprotocolswillalwaysbeassociatedprimarilywithNovellNetWare, andNetBEUIisusedalmostexclusivelyonMicrosoftWindowsnetworks.TCP/IP, however,istrulyuniversalinitsplatforminteroperability,supportedbyallanddominated bynone. AnotheruniqueaspectoftheTCP/IPprotocolsisthemethodbywhichtheirstandards aredesigned,refined,andratified.RatherthanrelyingonaninstitutionalizedstandardsmakingbodyliketheInstituteofElectricalandElectronicsEngineers(IEEE),theTCP/IP protocolsaredevelopedinademocraticmannerbyanadhocgroupofvolunteerswho communicatelargelythroughtheInternet.Anyonewhoisinterestedenoughtocontribute tothedevelopmentofaprotocoliswelcome.Inaddition,thestandardsthemselvesare publishedbyabodycalledtheInternetEngineeringTaskForce(IETF)andarereleasedto thepublicdomain,makingthemaccessibleandreproduciblebyanyone.Standardslike thosepublishedbytheIEEEareavailable,butuntilveryrecently,youhadtopayhundreds ofdollarstopurchaseanofficialcopyofanIEEEstandardlikethe802.3documenton whichEthernetisbased.Ontheotherhand,youcanlegallydownloadanyoftheTCP/IP standards,calledrequestforcomments(RFCs),fromtheIETF’swebsiteatwww.ietf.org/ orfromanynumberofotherInternetsites. TheTCP/IPprotocolsarealsoextremelyscalable.Asevidenceofthis,considerthat theseprotocolsweredesignedatatimewhentheARPANETwasessentiallyanexclusive clubforscientistsandacademicsandnooneintheirwildestdreamsimaginedthatthe protocolstheywerecreatingwouldbeusedonanetworkthesizeoftheInternetasit existstoday.ThemainfactorlimitingthegrowthoftheInternetisthe32-bitsizeoftheIP addressspaceitself,andanewerversionoftheIPprotocol,calledIPv6,addressesthat shortcomingwitha128-bitaddressspace.BySeptember30,2014,allU.S.government agenciesmustupdatetheirpublicnetworkstothisversion. NOTEFormoreinformationaboutIPv6,seeChapter14. TCP/IPArchitecture TCP/IPisdesignedtosupportnetworksofalmostanypracticalsize.Asaresult,TCP/IP mustbeabletoprovidetheservicesneededbytheapplicationsusingitwithoutbeing overlyprofligateinitsexpenditureofnetworkbandwidthandotherresources.To accommodatetheneedsofspecificapplicationsandfunctionswithinthoseapplications, TCP/IPusesmultipleprotocolsincombinationtoprovidethequalityofservicerequired forthetaskandnomore. TheTCP/IPProtocolStack TCP/IPpredatestheOSIreferencemodel,butitsprotocolsbreakdownintofourlayers thatcanberoughlyequatedtotheseven-layerOSIstack,asshowninFigure13-1. Figure13-1TheTCP/IPprotocolshavetheirownprotocolstackthatcontainsonlyfourlayers. OnLANs,thelinklayerfunctionalityisnotdefinedbyaTCP/IPprotocolbutbythe standarddatalinklayerprotocols,suchasEthernetandTokenRing.Toreconcilethe MACaddresssuppliedbyanetworkinterfaceadapterwiththeIPaddressusedatthe networklayer,systemsuseaTCP/IPprotocolcalledtheAddressResolutionProtocol (ARP).However,theTCP/IPstandardsdodefinethetwoprotocolsmostcommonlyused toestablishlinklayercommunicationsusingmodemsandotherdirectconnections.These arethePoint-to-PointProtocol(PPP)andtheSerialLineInternetProtocol(SLIP). AttheInternetlayeristheInternetProtocol(IP),whichistheprimarycarrierforallof theprotocolsoperatingattheupperlayers,andtheInternetControlMessageProtocol (ICMP),whichTCP/IPsystemsusefordiagnosticsanderrorreporting.IP,asageneral carrierprotocol,isconnectionlessandunreliablebecauseservicessuchaserrorcorrection andguaranteeddeliveryaresuppliedatthetransportlayerwhenrequired. Twoprotocolsoperateatthetransportlayer:theTransmissionControlProtocol(TCP) andtheUserDatagramProtocol(UDP).TCPisconnection-orientedandreliable,while UDPisconnectionlessandunreliable.Anapplicationusesoneortheother,dependingon itsrequirementsandtheservicesalreadyprovidedforitattheotherlayers. Thetransportlayercan,insomeways,besaidtoencompasstheOSIsessionlayeras wellasthetransportlayerintheOSImodel,butnotineverycase.Windowssystems,for example,canuseTCP/IPtocarrytheNetBIOSmessagestheyusefortheirfileand printer-sharingactivities,andNetBIOSstillprovidesthesamesessionlayerfunctionality aswhenasystemusesNetBEUIorIPXinsteadofTCP/IP.Thisisjustoneillustrationof howthelayersoftheTCP/IPprotocolstackareroughlyequivalenttothoseoftheOSI model,butnotdefinitivelyso.Bothofthesemodelsarepedagogicalandarediagnostic toolsmorethantheyareguidelinesforprotocoldevelopmentanddeployment,andtheydo notholduptostrictcomparisonsofthevariouslayers’functionswithactualprotocols. Theapplicationlayeristhemostdifficulttodefinebecausetheprotocolsoperating therecanbefullyrealized,self-containedapplicationsinthemselves,suchastheFile TransferProtocol(FTP),ormechanismsusedbyotherapplicationstoperformaservice, suchastheDomainNameSystem(DNS)andtheSimpleMailTransferProtocol(SMTP). IPVersions Currently,twoversionsofIParebeingused.Thenextseveralsectionsinthischapter discusstheolderversionofIPv4,thatis,IPversion4.Initiallypublishedintheearly 1980s,thisversiondidnotanticipatethegrowthoftheInternetnorthemillionsofmobile devicesinusetoday.WhilesuchenhancementsasClasslessInter-DomainRouting (CIDR)andNetworkAddressTranslators(NATs)forestalledtheissueforatime,the dramaticincreaseintheuseofsmartphones,tablets,andothersuchdevicescreatedthe demandformoreIPaddressavailability.(Seethesectionsdiscussingtheseenhancements laterinthischapter.) Inthe1990s,IPv6wasestablishedandcreated128-bitaddressfieldsintheIPpacket headerratherthanthe32-bitaddressespresentinIPv4.Inthismanner,eachtimeasingle bitisadded,thenumberofpossibleaddressesdoubles.However,asdiscussedinChapter 14,thislatestversiondoesnotsolvealloftheissueswithIPaddresses.Table13-1shows someofthedifferencesbetweenIPv4andIPv6. Table13-1SomeDifferencesBetweenIPv4andIPv6 IPv4Addressing TheIPv4addressesusedtoidentifysystemsonaTCP/IPnetworkwerethesinglemost definitivefeatureoftheprotocolsuite.TheIPaddressisanabsoluteidentifierofboththe individualmachineandthenetworkonwhichitresides.EveryIPdatagrampacket transmittedoveraTCP/IPnetworkcontainstheIPaddressesofthesourcesystemthat generateditandthedestinationsystemforwhichitisintendedinitsIPheader.While EthernetandTokenRingsystemshaveauniquehardwareaddresscodedintothenetwork interfacecard,thereisnoinherentmethodtoeffectivelyroutetraffictoanindividual systemonalargenetworkusingthisaddress. ANIC’shardwareaddressiscomposedofaprefixthatidentifiesthemanufacturerof thecardandanodeaddressthatisuniqueamongallthecardsbuiltbythatmanufacturer. Themanufacturerprefixisuseless,asfarasroutingtrafficisconcerned,becauseanyone manufacturer’scardscanbescatteredaroundthenetworkliterallyatrandom.Todeliver networkpacketstoaspecificmachine,amasterlistofallofthesystemsonthenetwork andtheirhardwareaddresseswouldbeneeded.OnanetworkthesizeoftheInternet,this wouldobviouslybeimpractical.Byidentifyingthenetworkonwhichasystemislocated, IPaddressescanberoutedtotheproperlocationusingarelativelymanageablelistof networkaddresses,notalistofindividualsystemaddresses. IPaddressesare32bitslongandarenotatedasfour8-bitdecimalnumbersseparated byperiods,asin192.168.2.45.Thisisknownasdotteddecimalnotation;eachofthe8-bit numbersissometimescalledanoctetoraquad.(Thesetermswereoriginallyused becausetherearecomputersforwhichthemorecommontermbytedoesnotequal8bits.) Becauseeachquadisthedecimalequivalentofan8-bitbinarynumber,theirpossible valuesrunfrom0to255.Thus,thefullrangeofpossibleIPaddressesis0.0.0.0to 255.255.255.255. IPaddressesdonotrepresentcomputersperse;rather,theyrepresentnetwork interfaces.AcomputerwithtwonetworkinterfacecardshastwoIPaddresses.Asystem withtwoormoreinterfacesissaidtobemultihomed.Iftheinterfacesconnectthe computertodifferentnetworksandthesystemisconfiguredtopasstrafficbetweenthe networks,thesystemissaidtofunctionasarouter. NOTEAroutercanbeastandardcomputerwithtwonetworkinterfacesand softwarethatprovidesroutingcapabilities,oritcanbeadedicated hardwaredevicedesignedspecificallyforroutingnetworktraffic.At times,theTCP/IPstandardsrefertoroutersofanykindasgateways, whilestandardnetworkingterminologydefinesagatewayasbeingan applicationlayerdevicethatforwardstrafficbetweennetworksthatuse differentprotocols,asinane-mailgateway.Donotconfusethetwo. EveryIPaddresscontainsbitsthatidentifyanetworkandbitsthatidentifyan interface(calledahost)onthatnetwork.Toreferenceanetwork,systemsusejustthe networkbits,replacingthehostbitswithzeros.Routersusethenetworkbitstoforward packetstoanotherrouterconnectedtothedestinationnetwork,whichthentransmitsthe datatothedestinationhostsystem. SubnetMasking IPaddressesalwaysdedicatesomeoftheirbitstothenetworkidentifierandsometothe hostidentifier,butthenumberofbitsusedforeachpurposeisnotalwaysthesame.Many commonaddressesuse24bitsforthenetworkand8forthehost,butthesplitbetweenthe networkandhostbitscanbeanywhereintheaddress.Toidentifywhichbitsareusedfor eachpurpose,everyTCP/IPsystemhasasubnetmaskalongwithitsIPaddress.Asubnet maskisa32-bitbinarynumberinwhichthebitscorrespondtothoseoftheIPaddress.A bitwitha1valueinthemaskindicatesthatthecorrespondingbitintheIPaddressispart ofthenetworkidentifier,whilea0bitindicatesthatthecorrespondingaddressbitispart ofthehostidentifier.AswithanIPaddress,thesubnetmaskisexpressedindotted decimalnotation,soalthoughitmaylooksomethinglikeanIPaddress,themaskhasa completelydifferentfunction. Asanexample,considerasystemwiththefollowingTCP/IPconfiguration: IPaddress:192.168.2.45 Subnetmask:255.255.255.0 Inthiscase,the192.168.2portionoftheIPaddressidentifiesthenetwork,whilethe 45identifiesthehost.Whenexpressedindecimalform,thismayappearconfusing,butthe binaryequivalentsareasfollows: IPaddress:11000000101010000000001000101101 Subnetmask:11111111111111111111111100000000 Asyoucanseeinthisexample,thedividinglinebetweenthenetworkandhostbits liesbetweenthethirdandfourthquads.Thedividinglineneednotfallbetweenquads, however.Asubnetmaskof255.255.240.0allocates12bitsforthehostaddressbecause thebinaryequivalentofthemaskisasfollows: 11111111111111111111000000000000 Thedividinglinebetweenthenetworkandhostbitscanfallanywhereinthe32bitsof themask,butyouneverseenetworkbitsmixedupwithhostbits.Aclearlinealways separatesthenetworkbitsontheleftfromthehostbitsontheright. IPAddressRegistration ForIPaddressestouniquelyidentifythesystemsonthenetwork,itisessentialthatnotwo interfacesbeassignedthesameaddress.Onaprivatenetwork,theadministratorsmust ensurethateveryaddressisunique.Theycandothisbymanuallytrackingtheaddresses assignedtotheirnetworksandhosts,ortheycanuseaserviceliketheDynamicHost ConfigurationProtocol(DHCP)toassigntheaddressesautomatically. OntheInternet,however,thisproblemisconsiderablymorecomplicated.With individualadministratorscontrollingthousandsofdifferentnetworks,notonlyisit impracticaltoassumethattheycangettogetherandmakesurethatnoaddressesare duplicated,butnoworldwideserviceexiststhatcanassignaddressesautomatically. Instead,theremustbeaclearinghouseorregistryforIPaddressassignmentsthatensures noaddressesareduplicated. Eventhistaskismonumental,however,becausemillionsofsystemsareconnectedto theInternet.Infact,sucharegistryexists,butinsteadofassigningindividualhost addressestoeachsystem,itassignsnetworkaddressestocompaniesandorganizations. TheorganizationchargedwithregisteringnetworkaddressesfortheInternetiscalledthe InternetAssignedNumbersAuthority(IANA).Afteranorganizationobtainsanetwork address,theadministratorissolelyresponsibleforassigninguniquehostaddressestothe machinesonthatnetwork. NOTETheIANAmaintainsawebsiteatwww.iana.org. Thistwo-tieredsystemofadministrationisoneofthebasicorganizationalprinciples oftheInternet.Domainnameregistrationworksthesameway.Anindependentdomain registryregistersdomainnamestoorganizationsandindividuals,andtheindividual administratorsofthosedomainsareresponsibleforassigningnamesinthosedomainsto theirhosts. IPAddressClasses TheIANAregistersseveraldifferentclassesofnetworkaddresses,whichdifferintheir subnetmasks,thatis,thenumberofbitsusedtorepresentthenetworkandthehost.Table 13-2summarizestheseaddressclasses. Table13-2IPv4AddressClasses Theideabehindthedifferentclasseswastocreatenetworksofvaryingsizessuitable fordifferentorganizationsandapplications.Acompanybuildingarelativelysmall networkcanregisteraClassCaddressthat,becausetheaddresseshaveonly8hostbits, supportsupto254systems,whilelargerorganizationscanuseClassBorAaddresses with16or24hostbitsandcreatesubnetsoutofthem.Youcreatesubnetsby“borrowing” someofthehostbitsandusingthemtocreatesubnetworkidentifiers,essentiallynetworks withinanetwork. Thesurestwaytoidentifytheclassofaparticularaddressistolookatthevalueofthe firstquad.ClassAaddressesalwayshada0astheirfirstbit,whichmeansthatthebinary valuesforthefirstquadrangefrom00000000to01111111,whichtranslatesintothe decimalvalues0through127.Inthesameway,ClassBaddressesalwayshad10astheir firsttwobits,providingfirstquadvaluesof10000000to10111111,or128to191.ClassC addresseshad110astheirfirstthreebits,sothefirstquadcanrangefrom11000000to 11011111,or192to223. TheIPaddressclassdeterminedtheboundarybetweenthehostandthenetwork addresses. Inpractice,networkaddressesarenotregisteredwiththeIANAdirectlybythe companiesandorganizationsrunningtheindividualnetworks.Instead,companiesinthe businessofprovidingInternetaccess,calledInternetserviceproviders(ISPs),register multiplenetworksandsupplyblocksofaddressestoclientsasneeded. ClassDaddressesarenotintendedforallocationinblocksliketheotherclasses.This partoftheaddressspaceisallocatedformulticastaddresses.Multicastaddresses representgroupsofsystemsthathaveacommonattributebutthatarenotnecessarily locatedinthesameplaceorevenadministeredbythesameorganization.Forexample, packetssenttothemulticastaddress224.0.0.1areprocessedbyalloftheroutersonthe localsubnet. UnregisteredIPAddresses IPaddressregistrationisdesignedfornetworksconnectedtotheInternetwithcomputers thatmustbeaccessiblefromothernetworks.Whenyouregisteranetworkaddress,noone elseispermittedtouseit,andtheroutersontheInternethavetheinformationneededto forwardpacketstoyournetwork.Foraprivatenetworkthatisnotconnectedtothe Internet,itisnotnecessarytoregisternetworkaddresses.Inaddition,mostbusiness networksconnectedtotheInternetusesomesortoffirewallproducttopreventintruders fromaccessingtheirnetworksfromoutside.Innearlyallcases,thereisnorealneedfor everysystemonanetworktobedirectlyaccessiblefromtheInternet,andthereisa genuinedangerindoingso.Manyfirewallproducts,therefore,isolatethesystemsonthe network,makingregisteredIPaddressesunnecessary. ForanetworkthatiscompletelyisolatedfromtheInternet,administratorscanuseany IPaddressestheywant,aslongastherearenoduplicatesonthesamenetwork.Ifanyof thenetwork’scomputersconnecttotheInternetbyanymeans,however,thereispotential foraconflictbetweenaninternaladdressandthesystemontheInternetforwhichthe addresswasregistered.If,forexample,youhappenedtoassignoneofyournetwork systemsthesameaddressasaMicrosoftwebserver,auseronyournetworkattemptingto accessMicrosoft’ssitemayreachtheinternalmachinewiththesameaddressinstead. Topreventtheseconflicts,RFC1918,“AddressAllocationforPrivateInternets,” specifiedthreeaddressrangesintendedforuseonunregisterednetworks,asshownhere. Theseaddresseswerenotassignedtoanyregisterednetworkandcould,therefore,beused byanyorganization,publicorprivate. •ClassA10.0.0.0through10.255.255.255 •ClassB172.16.0.0through172.31.255.255 •ClassC192.168.0.0through192.168.255.255 UsingunregisteredIPaddressesnotonlysimplifiedtheprocessofobtainingand assigningaddressestonetworksystems,italsoconservedtheregisteredIPaddressesfor usebysystemsthatactuallyneededthemfordirectInternetcommunications.Aswith manydesigndecisionsinthecomputerfield,nooneexpectedatthetimeofitsinception thattheInternetwouldgrowtobeasenormousasitisnow.The32-bitaddressspacefor theIPprotocolwasthoughttobebigenoughtosupportallfuturegrowth(aswasthe original640KBmemorylimitationinPCs). SpecialIPAddresses Asidefromtheblocksofaddressesdesignatedforusebyunregisterednetworks,there wereotheraddressesnotallocatedtoregisterednetworksbecausetheywereintendedfor specialpurposes.Table13-3liststheseaddresses. Table13-3Special-PurposeIPAddresses Subnetting Theoretically,theIPaddressesyouassigntothesystemsonyournetworkdonothaveto correlateexactlytothephysicalnetworksegments,butinstandardpractice,it’sagood ideaiftheydo.Obviously,anorganizationthatregistersaClassBaddressdoesnothave 65,534nodesonasinglenetworksegment;theyhaveaninternetworkcomposedofmany segments,joinedbyrouters,switches,orotherdevices.Tosupportamultisegment networkwithasingleIPnetworkaddress,youcreatesubnetscorrespondingtothe physicalnetworksegment. Asubnetissimplyasubdivisionofthenetworkaddressthatyoucreatebytaking someofthehostidentifierbitsandusingthemasasubnetidentifier.Todothis,you modifythesubnetmaskonthemachinestoreflecttheborrowedbitsaspartofthe networkidentifier,insteadofthehostidentifier. Forexample,youcansubnetaClassBnetworkaddressbyusingthethirdquad, originallyintendedtobepartofthehostidentifier,asasubnetidentifierinstead,asshown inFigure13-2.Bychangingthesubnetmaskfrom255.255.0.0to255.255.255.0,you dividetheClassBaddressinto254subnetsof254hostseach.Youthenassigneachofthe physicalsegmentsonthenetworkadifferentvalueforthethirdquadandnumberthe individualsystemsusingonlythefourthquad.Theresultisthattheroutersonyour networkcanusethevalueofthethirdquadtodirecttraffictotheappropriatesegments. Figure13-2ThetopexampleshowsastandardClassBaddress,splitinto16-bitnetworkandhostidentifiers.Inthe bottomexample,theaddresshasbeensubnettedbyborrowingeightofthehostbitsforuseasasubnetidentifier. NOTEThesubnetidentifierispurelyatheoreticalconstruction.Torouters andothernetworksystems,anIPaddressconsistsonlyofnetworkand hostidentifiers,withthesubnetbitsincorporatedintothenetwork identifier. Thepreviousexampledemonstratesthemostbasictypeofsubnetting,inwhichthe boundariesofthesubnetidentifierfallbetweenthequads.However,youcanuseany numberofhostbitsforthesubnetidentifierandadjustthesubnetmaskandIPaddress accordingly.Thisiscalledvariablemasksubnetting.If,forexample,youhaveaClassB addressanddecidetouse4hostbitsforthesubnetidentifier,youwoulduseasubnet maskwiththefollowingbinaryvalue: 11111111111111111111000000000000 Thefirst4bitsofthethirdquadarechangedfromzerosandonestoindicatethatthese bitsarenowpartofthenetworkidentifier.Thedecimalequivalentofthisnumberis 255.255.240.0,whichisthevalueyouwoulduseforthesubnetmaskinthesystem’s TCP/IPconfiguration.Byborrowing4bitsinthisway,youcancreateupto14subnets, consistingof4,094hostseach.Theformulafordeterminingthenumberofsubnetsand hostsisasfollows: 2x-2 wherexequalsthenumberofbitsusedforthesubnetidentifier.Yousubtract2toaccount foridentifiersconsistingofallzerosandallones,whicharetraditionallynotused,because thevalue255isusedforbroadcasts,andthevalue0torepresentthenetwork.Forthis example,therefore,youperformthefollowingcalculations: 24-2=14 212-2=4,094 NOTESomeTCP/IPimplementationsarecapableofusing0asasubnet identifier,butyoushouldavoidthispracticeunlessyouarecertainthatall ofyourroutersalsosupportthisfeature. TodeterminetheIPaddressesyouassigntoparticularsystems,youincrementthe4 bitsofthesubnetidentifierseparatelyfromthe12bitsofthehostidentifierandconvert theresultsintodecimalform.Thus,assumingaClassBnetworkaddressof172.16.0.0 withasubnetmaskof255.255.240.0,thefirstIPaddressofthefirstsubnetwillhavethe followingbinaryaddress: 10101100000100000001000000000001 Thefirsttwoquadsarethebinaryequivalentsof172and16.Thethirdquadconsists ofthe4-bitsubnetidentifier,withthevalue0001,andthefirst4bitsofthe12-bithost identifier.Becausethisisthefirstaddressonthissubnet,thevalueforthehostidentifieris 000000000001. Althoughthese12bitsareincrementedasasingleunit,whenconvertingthebinary valuestodecimals,youtreateachquadseparately.Therefore,thevalueofthethirdquad (00010000)indecimalformis16,andthevalueofthefourthquad(00000001)indecimal formis1,yieldinganIPaddressof172.16.16.1. Fortunately,manuallycomputingthevaluesforyourIPaddressesisn’tnecessary whenyousubnetthenetwork.Utilitiesareavailablethatenableyoutospecifyanetwork addressandclassandthenselectthenumberofbitstobeusedforthesubnetidentifier. TheprogramthensuppliesyouwiththeIPaddressesforthemachinesintheindividual subnets. NOTEThereareseveralfreeIPv4andIPv6subnetcalculatorutilities available.Typefreesubnetcalculatorinanysearchengine. PortsandSockets TheIPv4addressmakesitpossibletoroutenetworktraffictoaparticularsystem,but oncepacketsarriveatthecomputerandbegintravelinguptheprotocolstack,theystill mustbedirectedtotheappropriateapplication.Thisisthejobofthetransportlayer protocol,eitherTCPorUDP.Toidentifyspecificprocessesrunningonthecomputer,TCP andUDPuseportnumbersthatareincludedineveryTCPandUDPheader.Typically,the portnumberidentifiestheapplicationlayerprotocolthatgeneratedthedatacarriedinthe packet. Theportnumberspermanentlyassignedtospecificservices,whicharecalledwellknownports,arestandardizedbytheInternetAssignedNumbersAuthority(IANA)and publishedinthe“AssignedNumbers”RFC(RFC1700).EveryTCP/IPsystemhasafile calledServicesthatcontainsalistofthemostcommonwell-knownportnumbersandthe servicestowhichtheyareassigned. Forexample,theIPheaderofaDNSquerymessagecontainstheIPaddressofaDNS serverinitsDestinationAddressfield.Oncethepackethasarrivedatthedestination,the receivingcomputerseesthattheUDPheader’sDestinationPortfieldcontainsthewellknownportvalue53.Thesystemthenknowstopassthemessagetotheserviceusingport number53,whichistheDNSservice. NOTETheportnumberassignmentsfortheTCPandUDPprotocolsare separate.Althoughnottypical,itispossibleforaservicetousedifferent portnumbersforTCPandUDPandforthesameportnumbertobe assignedtoadifferentserviceforeachprotocol. ThecombinationofanIPaddressandaportnumberisknownasasocket.The uniformresourcelocator(URL)formatcallsforasockettobenotatedwiththeIPaddress followedbytheportnumber,separatedbyacolon,asin192.168.2.45:80. Notallportnumbersarewellknown.Whenaclientconnectstoawell-knownservice, suchasawebserver,itusesthewell-knownportnumberforthatservice(whichinthe caseofawebserveris80),butselectstheportnumberthatitwilluseasitsSourcePort valueatrandom.Thisisknownasanephemeralportnumber.Thewebserver,on receivingthepacketfromtheclientaddressedtoport80,readstheSourcePortvalueand knowstoaddressitsreplytotheephemeralportnumbertheclienthaschosen.Toprevent clientsfromselectingwell-knownportsfortheirephemeralportnumbers,allofthewellknownportnumberassignmentsfallbelow1,024,andallephemeralportnumbersmustbe over1,024andhigher. TCP/IPNaming IPaddressesareanefficientmeansofidentifyingnetworksandhosts,butwhenitcomes touserinterfaces,theyaredifficulttouseandremember.Therefore,theDomainName System(DNS)wasdevisedtosupplyfriendlynamesforTCP/IPsystems.Inadiscussion ofthenetworkandtransportlayerTCP/IPprotocols,themostimportantinformationto rememberaboutDNSnamesisthattheyhavenothingtodowiththeactualtransmission ofdataacrossthenetwork. PacketsareaddressedtotheirdestinationsusingIPaddressesonly.Wheneverauser suppliesaDNSnameinanapplication(suchasaURLinawebbrowser),thefirstthing thesystemdoesisinitiateatransactionwithaDNSservertoresolvethenameintoanIP address.Thisoccursbeforethesystemtransmitsanytrafficatalltothedestinationsystem. OncethesystemhasdiscoveredtheIPaddressofthedestination,itusesthataddressinthe IPheadertosendpacketstothatdestination;theDNSnameisnolongerusedafterthat point. NOTEThestructureofDNSnamesandthefunctionsofDNSserversare discussedmorefullyinChapter15. TCP/IPProtocols ThefollowingsectionsexaminesomeofthemajorprotocolsthatmakeuptheTCP/IP suite.TherearedozensofTCP/IPprotocolsandstandards,butonlyafewarecommonly usedbythesystemsonaTCP/IPnetwork. SLIPandPPP TheSerialLineInternetProtocol(SLIP)andthePoint-to-PointProtocol(PPP)areunique amongtheTCP/IPprotocolsbecausetheyprovidefulldatalinklayerfunctionality. SystemsconnectedtoaLANrelyononeofthestandarddatalinklayerprotocols,suchas EthernetandTokenRing,tocontroltheactualconnectiontothenetwork.Thisisbecause thesystemsareusuallysharingacommonmediumandmusthaveaMACmechanismto regulateaccesstoit. SLIPandPPPweredesignedforusewithdirectconnectionsinwhichthereisnoneed formediaaccesscontrol.Becausetheyconnectonlytwosystems,SLIPandPPParecalled point-to-pointorend-to-endprotocols.OnasystemusingSLIPorPPP,theTCP/IP protocolsdefinetheworkingsoftheentireprotocolstack,exceptforthephysicallayer itself,whichreliesonahardwarestandardlikethatfortheRS-232serialportinterface, whichprovidesaconnectiontothemodem. Inmostcases,systemsuseSLIPorPPPtoprovideInternetorWANconnectivity, whetherornotthesystemisconnectedtoaLAN.Virtuallyeverystand-alonePCthatuses amodemtoconnecttoanISPforInternetaccessdoessousingaPPPconnection, althoughafewsystemtypesstilluseSLIP.LANsalsouseSLIPorPPPconnectionsin theirrouterstoconnecttoanISPtoprovideInternetaccesstotheentirenetworkorto connecttoanotherLAN,formingaWANconnection.Althoughcommonlyassociated withmodemconnections,otherphysicallayertechnologiescanalsouseSLIPandPPP, includingleasedlines,ISDN,framerelay,andATMconnections. SLIPandPPPareconnection-orientedprotocolsthatprovideadatalinkbetweentwo systemsinthesimplestsenseoftheterm.TheyencapsulateIPdatagramsfortransport betweencomputers,justasEthernetandTokenRingdo,buttheframetheyuseisfar simpler.ThisisbecausetheprotocolsarenotsubjecttothesameproblemsastheLAN protocols.Becausethelinkconsistsonlyofaconnectionbetweenthetwocomputers, thereisnoneedforamediaaccesscontrolmechanismlikeCSMA/CDortokenpassing. Also,thereisnoproblemwithaddressingthepacketstoaspecificdestination;because onlytwocomputersareinvolvedintheconnection,thedatacangotoonlyoneplace. SLIP SLIPwascreatedintheearly1980stoprovidethesimplestpossiblesolutionfor transmittingdataoverserialconnections.Noofficialstandarddefinedtheprotocol,mainly becausethereisnothingmuchtostandardizeandinteroperabilityisnotaproblem.There isanIETFdocument,however,called“ANonstandardforTransmissionofIPDatagrams overSerialLines”(RFC1055),thatdefinesthefunctionalityoftheprotocol. TheSLIPframeissimplicityitself.Asingle1-bytefieldwiththehexadecimalvalue c0servesasanENDdelimiter,followingeveryIPdatagramtransmittedoverthelink.The ENDcharacterinformsthereceivingsystemthatthepacketcurrentlybeingtransmitted hasended.SomesystemsalsoprecedeeachIPdatagramwithanENDcharacter.Thisway, ifanylinenoiseoccursbetweendatagramtransmissions,thereceivingsystemtreatsitasa packetuntoitselfbecauseitisdelimitedbytwoENDcharacters.Whentheupper-layer protocolsattempttoprocessthenoise“packet,”theyinterpretitasgibberishanddiscard it. Ifadatagramcontainsabytewiththevaluec0,thesystemaltersittothe2-bytestring dbdcbeforetransmissiontoavoidterminatingthepacketincorrectly.Thedbbyteis referredtoastheESC(escape)character,which,whencoupledwithanothercharacter, servesaspecialpurpose.IfthedatagramcontainsanactualESCcharacteraspartofthe data,thesystemsubstitutesthestringdbddbeforetransmission. NOTETheESCcharacterdefinedbySLIPisnottheequivalentoftheASCII ESCcharacter. SLIPShortcomings Becauseofitssimplicity,SLIPwaseasytoimplementandaddedlittleoverheadtodata transmissions,butitalsolackedfeaturesthatcouldmakeitamoreusefulprotocol.For example,SLIPlacksthecapabilitytosupplytheIPaddressofeachsystemtotheother, meaningthatbothsystemshadtobeconfiguredwiththeIPaddressoftheother.SLIPalso hadnomeansofidentifyingtheprotocolitcarriedinitsframe,whichpreventeditfrom multiplexingnetworklayerprotocols(suchasIPandIPX)overasingleconnection.SLIP alsohadnoerror-detectionorcorrectioncapabilities,whichleftthesetaskstotheupperlayerprotocols,causinggreaterdelaysthanadatalinklayererror-detectionmechanism would. PPP PPPwascreatedasanalternativetoSLIPthatprovidedgreaterfunctionality,suchasthe capabilitytomultiplexdifferentnetworklayerprotocolsandsupportvarious authenticationprotocols.Naturally,thecostoftheseadditionalfeaturesisalargerheader, butPPPstilladdedonlyamaximumof8bytestoapacket(ascomparedtothe16bytes neededforanEthernetframe).MostoftheconnectionstoInternetserviceproviders, whetherbystand-alonesystemsorrouters,usePPPbecauseitenablestheISPto implementaccesscontrolmeasuresthatprotecttheirnetworksfromintrusionby unauthorizedusers. AtypicalPPPsessionconsistsofseveralconnectionestablishmentandtermination procedures,usingotherprotocolsinadditiontothePPP.Theseproceduresareasfollows: •ConnectionestablishmentThesysteminitiatingtheconnectionusesthe LinkControlProtocol(LCP)tonegotiatecommunicationparametersthatthetwo machineshaveincommon. •AuthenticationAlthoughnotrequired,thesystemmayusean authenticationprotocolsuchasthePasswordAuthenticationProtocol(PAP)orthe ChallengeHandshakeAuthenticationProtocol(CHAP)tonegotiateaccesstothe othersystem. •NetworklayerprotocolconnectionestablishmentForeachnetworklayer protocolthatthesystemsuseduringthesession,theyperformaseparate connectionestablishmentprocedureusingaNetworkControlProtocol(NCP) suchastheInternetProtocolControlProtocol(IPCP). UnlikeSLIP,PPPisstandardized,butthespecificationsaredividedamongseveral differentRFCs.Table13-4liststhedocumentsforeachoftheprotocols. Table13-4PPPandRelatedStandards ThePPPFrame RFC1661definedthebasicframeusedbythePPPprotocoltoencapsulateotherprotocols andtransmitthemtothedestination.Theframeissmall,only8(orsometimes10)bytes, andisillustratedinFigure13-3. Figure13-3ThePPPframeformat Thefunctionsofthefieldsareasfollows: •Flag(1byte)Containsahexadecimalvalueof7eandfunctionsasapacket delimiter,likeSLIP’sENDcharacter. •Address(1byte)Containsahexadecimalvalueofff,indicatingthepacketis addressedtoallstations. •Control(1byte)Containsahexadecimalvalueof03,identifyingthepacket ascontaininganHDLCunnumberedinformationmessage. •Protocol(2bytes)Containsacodeidentifyingtheprotocolthatgenerated theinformationinthedatafield.Codevaluesinthe0xxxto3xxxrangeareusedto identifynetworklayerprotocols,valuesfrom4xxxto7xxxidentifylow-volume networklayerprotocolswithnocorrespondingNCP,valuesfrom8xxxtobxxx identifynetworklayerprotocolswithcorrespondingNCPs,andvaluesfromcxxx tofxxxidentifylinklayercontrolprotocolslikeLCPandtheauthentication protocols.Thepermittedcodes,specifiedintheTCP/IP“AssignedNumbers” document(RFC1700),includethefollowing: •0021UncompressedIPdatagram(usedwhenVanJacobsoncompression isenabled) •002bNovellIPXdatagram •002dIPdatagramswithcompressedIPandTCPheaders(usedwhenVan Jacobsoncompressionisenabled) •002fIPdatagramscontaininguncompressedTCPdata(usedwhenVan Jacobsoncompressionisenabled) •8021InternetProtocolControlProtocol(IPCP) •802bNovellIPXControlProtocol(IPXIP) •c021LinkControlProtocol(LCP) •c023PasswordAuthenticationProtocol(PAP) •c223ChallengeHandshakeAuthenticationProtocol(CHAP) •DataandPad(variable,upto1,500bytes)Containsthepayloadofthe packet,uptoadefaultmaximumlength(calledthemaximumreceiveunit[MRU]) of1,500bytes.Thefieldmaycontainmeaninglessbytestobringitssizeuptothe MRU. •FrameCheckSequence(FCS,2or4bytes)ContainsaCRCvalue calculatedontheentireframe,excludingtheflagandframechecksequence fields,forerror-detectionpurposes. •Flag(1byte)Containsthesamevalueastheflagfieldatthebeginningof theframe.Whenasystemtransmitstwopacketsconsecutively,oneoftheflag fieldsisomittedbecausetwowouldbemistakenasanemptyframe. SeveralofthefieldsinthePPPframecanbemodifiedasaresultofLCPnegotiations betweenthetwosystems,suchasthelengthoftheprotocolandFCSfieldsandtheMRU forthedatafield.Thesystemscanagreetousea1-byteprotocolfieldora4-byteFCS field. TheLCPFrame PPPsystemsuseLinkControlProtocol(LCP)tonegotiatetheircapabilitiesduringthe connectionestablishmentprocesssotheycanachievethemostefficientpossible connection.LCPmessagesarecarriedwithinPPPframesandcontainconfiguration optionsfortheconnection.Oncethetwosystemsagreeonaconfigurationtheycanboth support,thelinkestablishmentprocesscontinues.Byspecifyingtheparametersforthe connectionduringthelinkestablishmentprocess,thesystemsdon’thavetoinclude redundantinformationintheheaderofeverydatapacket. Figure13-4showstheLCPmessageformat. Figure13-4TheLCPmessageformat Thefunctionsoftheindividualfieldsarelistedhere: •Code(1byte)SpecifiestheLCPmessagetype,usingthefollowingcodes: •1Configure-Request •2Configure-Ack •3Configure-Nak •4Configure-Reject •5Terminate-Request •6Terminate-Ack •7Code-Reject •8Protocol-Reject •9Echo-Request •10Echo-Reply •11Discard-Request •Identifier(1byte)Containsacodeusedtoassociatetherequestandreplies ofaparticularLCPtransaction. •Length(2bytes)SpecifiesthelengthoftheLCPmessage,includingthe code,identifier,length,anddatafields. •Data(variable)Containsmultipleconfigurationoptions,eachofwhichis composedofthreesubfields. EachoftheoptionsintheLCPmessage’sdatafieldconsistsofthesubfieldsshownin Figure13-5.Thefunctionsofthesubfieldsareasfollows: •Type(1byte)Specifiestheoptiontobeconfigured,usingacodefromthe “AssignedNumbers”RFC,asfollows: •0VendorSpecific •1MaximumReceiveUnit •2AsyncControlCharacterMap •3AuthenticationProtocol •4QualityProtocol •5MagicNumber •6Reserved •7ProtocolFieldCompression •8AddressandControlFieldCompression •9FCSAlternatives •10Self-DescribingPad •11NumberedMode •12MultilinkProcedure •13Callback •14ConnectTime •15CompoundFrames •16NominalDataEncapsulation •17MultilinkMRRU •18MultilinkShortSequenceNumberHeaderFormat •19MultilinkEndpointDiscriminator •20Proprietary •21DCEIdentifier •Length(1byte)SpecifiesthelengthoftheLCPmessage,includingthe code,identifier,length,anddatafields. •Data(variable)ContainsinformationpertinenttothespecificLCPmessage type,asindicatedbythecodefield. Figure13-5TheLCPoptionformat TheLCPprotocolisalsodesignedtobeextensible.Byusingacodevalueof0, vendorscansupplytheirownoptionswithoutstandardizingthemwiththeIANA,as documentedinRFC2153,“PPPVendorExtensions.” AuthenticationProtocols PPPconnectionscanoptionallyrequireauthenticationtopreventunauthorizedaccess, usinganexternalprotocolagreedonduringtheexchangeofLCPconfigurationmessages andencapsulatedwithinPPPframes.Twoofthemostpopularauthenticationprotocols— PAPandCHAP—aredefinedbyTCP/IPspecifications,butsystemscanalsouseother proprietaryprotocolsdevelopedbyindividualvendors. ThePAPFramePAPistheinherentlyweakerofthetwoprimaryauthentication protocolsbecauseitusesonlyatwo-wayhandshakeandtransmitsaccountnamesand passwordsoverthelinkincleartext.SystemsgenerallyusePAPonlywhentheyhaveno otherauthenticationprotocolsincommon.PAPpacketshaveavalueofc023inthePPP header’sprotocolfieldanduseamessageformatthatisbasicallythesameasLCP,except fortheoptions. TheCHAPFrameTheCHAPprotocolisconsiderablymoresecurethanPAPbecauseit usesathree-wayhandshakeandnevertransmitsaccountnamesandpasswordsinclear text.CHAPpacketshaveavalueofc223inthePPPheader’sprotocolfieldandusea messageformatalmostidenticaltoPAP’s. TheIPCPFrame PPPsystemsuseNetworkControlProtocols(NCPs)tonegotiateconnectionsforeachof thenetworklayerprotocolstheywilluseduringthesession.Beforeasystemcan multiplexthetrafficgeneratedbydifferentprotocolsoverasinglePPPconnection,itmust establishaconnectionforeachprotocolusingtheappropriateNCPs. TheInternetProtocolControlProtocol(IPCP),whichistheNCPforIP,isagood exampleoftheprotocolstructure.ThemessageformatoftheNCPsisnearlyidenticalto thatofLCP,exceptthatitsupportsonlyvalues1through7forthecodefield(thelink configuration,linktermination,andcoderejectvalues)andusesdifferentoptionsinthe datafield.LikeLCP,themessagesarecarriedinPPPframes,butwithavalueof8021in thePPPheader’sprotocolfield. TheoptionsthatcanbeincludedinthedatafieldofanIPCPmessageusethe followingvaluesinthetypefield: •2(IPCompressionProtocol)Specifiestheprotocolthesystemshoulduse tocompressIPheaders,forwhichtheonlyvalidoptionisVanJacobson compression. NOTEVanJacobsonTCP/IPHeaderCompressionisadatacompression protocoldescribedinRFC1144,specificallydesignedbyVanJacobson toimproveTCP/IPperformanceoverslowseriallinks.Thiscompression reducesthenormal40-byteTCP/IPpacketheadersdownto3to4bytes fortheaveragecasebysavingthestateofTCPconnectionsatbothends ofalinkandsendingthedifferencesonlyintheheaderfieldsthatchange. Whilethismakesabigdifferenceonlow-speedlinks,itwillnotdo anythingabouttheprocessingdelayinherenttomostdial-upmodems. •3(IPAddress)UsedbythetransmittingsystemtorequestaparticularIP addressor,ifthevalueis0.0.0.0,torequestthatthereceivingsystemsupplyan address(replacesthetype1IPAddressesoption,whichisnolongerused). PPPConnectionEstablishment Oncethephysicallayerconnectionbetweenthetwosystemshasbeenestablished,thePPP connectionestablishmentprocessbegins.Thetwosystemspassthroughseveraldistinct phasesduringthecourseofthesession,asillustratedinFigure13-6anddiscussedinthe followingsections. Figure13-6PPPconnectionphases LinkDeadBothsystemsbeginandendthesessionintheLinkDeadphase,which indicatesthatnophysicallayerconnectionexistsbetweenthetwomachines.Onatypical session,anapplicationorserviceononesysteminitiatesthephysicallayerconnection. Oncethehardwareconnectionprocessiscompleted,thesystemspassintotheLink Establishmentphase. LinkEstablishmentIntheLinkEstablishmentphase,thesysteminitiatingthe connectiontransmitsanLCPConfigureRequestmessagetothedestinationcontainingthe optionsitwouldliketoenable,suchastheuseofspecificauthentication,link-quality monitoring,andnetworklayerprotocols(ifany),andwhetherthesystemsshouldmodify standardfeatures,suchasthesizeoftheFCSfieldoradifferentMRUvalue.Ifthe receivingsystemcansupportallthespecifiedoptions,itreplieswithaConfigureAck messagecontainingthesameoptionvalues,andthisphaseoftheconnectionprocessis completed. Ifthereceivingsystemrecognizestheoptionsintherequestmessagebutcannot supportthevaluesforthoseoptionssuppliedbythesender(suchasifthesystemsupports authenticationbutnotwiththeprotocolthesenderhasspecified),itreplieswitha ConfigureNakmessagecontainingtheoptionswithvaluesitcannotsupport.Withthese options,thereplyingsystemsuppliesallthevaluesitdoessupportandalsomayinclude otheroptionsitwouldliketoseeenabled.Usingthisinformation,theconnectingsystem generatesanotherConfigureRequestmessagecontainingoptionsitknowsaresupported, towhichthereceiverreplieswithaConfigureAckmessage. Ifthereceivingsystemfailstorecognizeanyoftheoptionsintherequest,itreplies withaConfigureRejectmessagecontainingonlytheunrecognizedoptions.Thesender thengeneratesanewConfigureRequestmessagethatdoesnotcontaintherejected options,andtheprocedurecontinuesaspreviouslyoutlined.Eventually,thesystems performasuccessfulrequest/acknowledgmentexchange,andtheconnectionprocess movesontothenextphase. AuthenticationTheAuthenticationphaseoftheconnectionprocessisoptionalandis triggeredbytheinclusionoftheAuthenticationProtocoloptionintheLCPConfigure Requestmessage.DuringtheLCPlinkestablishmentprocess,thetwosystemsagreeonan authenticationprotocoltouse.UseofthePAPandCHAPprotocolsiscommon,butother proprietaryprotocolsareavailable. ThemessageformatandexchangeproceduresfortheAuthenticationphaseare dictatedbytheselectedprotocol.InaPAPauthentication,forexample,thesendingsystem transmitsanAuthenticateRequestmessagecontaininganaccountnameandpassword, andthereceiverreplieswitheitheranAuthenticateAckorAuthenticateNakmessage. CHAPisinherentlymoresecurethanPAPandrequiresamorecomplexmessage exchange.ThesendingsystemtransmitsaChallengemessagecontainingdatathatthe receiveruseswithitsencryptionkeytocomputeavalueitreturnstothesenderina Responsemessage.Dependingonwhetherthevalueintheresponsematchesthesender’s owncomputations,ittransmitsaSuccessorFailuremessage. Asuccessfultransactioncausestheconnectionproceduretoproceedtothenextphase, buttheeffectofafailureisdictatedbytheimplementationoftheprotocol.Somesystems proceeddirectlytotheLinkTerminationphaseintheeventofanauthenticationfailure, whileothersmightpermitretriesorlimitednetworkaccesstoahelpsubsystem. LinkQualityMonitoringTheuseofalinkqualitymonitoringprotocolisalsoan optionalelementoftheconnectionprocess,triggeredbytheinclusionoftheQuality ProtocoloptionintheLCPConfigureRequestmessage.Althoughtheoptionenablesthe sendingsystemtospecifyanyprotocolforthispurpose,onlyonehasbeenstandardized, theLinkQualityReportprotocol.Thenegotiationprocessthatoccursatthisphaseenables thesystemstoagreeonanintervalatwhichtheyshouldtransmitmessagescontaininglink trafficanderrorstatisticsthroughoutthesession. NetworkLayerProtocolConfigurationPPPsupportsthemultiplexingofnetwork layerprotocolsoverasingleconnection,andduringthisphase,thesystemsperforma separatenetworklayerconnectionestablishmentprocedureforeachofthenetworklayer protocolsthattheyhaveagreedtouseduringtheLinkEstablishmentphase.Eachnetwork layerprotocolhasitsownnetworkcontrolprotocol(NCP)forthispurpose,suchasthe InternetProtocolControlProtocol(IPCP)ortheInternetworkingPacketExchange ControlProtocol(IPXCP).ThestructureofanNCPmessageexchangeissimilartothatof LCP,excepttheoptionscarriedintheConfigureRequestmessageareuniquetothe requirementsoftheprotocol.DuringanIPCPexchange,forexample,thesystemsinform eachotheroftheirIPaddressesandagreeonwhethertouseVanJacobsonheader compression.Otherprotocolshavetheirownindividualneedsthatthesystemsnegotiate asneeded.NCPinitializationandterminationprocedurescanalsooccuratanyothertime duringtheconnection. LinkOpenOncetheindividualNCPexchangesarecompleted,theconnectionisfully established,andthesystemsentertheLinkOpenphase.Networklayerprotocoldatacan nowtraveloverthelinkineitherdirection. LinkTerminationWhenoneofthesystemsendsthesessionorasaresultofother conditionssuchasaphysicallayerdisconnection,anauthenticationfailure,oran inactivitytimeout,thesystemsentertheLinkTerminationphase.Toseverthelink,one systemtransmitsanLCPTerminateRequestmessagetowhichtheothersystemreplies withaTerminateAck.BothsystemsthenreturntotheLinkDeadphase. NCPsalsosupporttheTerminateRequestandTerminateAckmessages,buttheyare intendedforusewhilethePPPconnectionremainsintact.Infact,thePPPconnectioncan remainactiveevenifallofthenetworklayerprotocolconnectionshavebeenterminated. Itisunnecessaryforsystemstoterminatethenetworklayerprotocolconnectionsbefore terminatingthePPPconnection. ARP TheAddressResolutionProtocol(ARP)occupiesanunusualplaceintheTCP/IPsuite becauseitdefiesallattemptsatcategorization.UnlikemostoftheotherTCP/IPprotocols, ARPmessagesarenotcarriedwithinIPdatagrams.Aseparateprotocolidentifieris definedinthe“AssignedNumbers”documentthatdatalinklayerprotocolsusetoindicate thattheycontainARPmessages.Becauseofthis,thereissomedifferenceofopinion aboutthelayeroftheprotocolstacktowhichARPbelongs.SomesayARPisalinklayer protocolbecauseitprovidesaservicetoIP,whileothersassociateitwiththeInternetlayer becauseitsmessagesarecarriedwithinlinklayerprotocols. ThefunctionoftheARPprotocol,asdefinedinRFC826,“AnEthernetAddress ResolutionProtocol,”istoreconciletheIPaddressesusedtoidentifysystemsattheupper layerswiththehardwareaddressesatthedatalinklayer.Whenitrequestsnetwork resources,aTCP/IPapplicationsuppliesthedestinationIPaddressusedintheIPprotocol header.ThesystemmaydiscovertheIPaddressusingaDNSorNetBIOSname-resolution process,oritmayuseanaddresssuppliedbyanoperatingsystemorapplication configurationparameter. DatalinklayerprotocolssuchasEthernet,however,havenouseforIPaddressesand cannotreadthecontentsoftheIPdatagramanyway.Totransmitthepackettoits destination,thedatalinklayerprotocolmusthavethehardwareaddresscodedintothe destinationsystem’snetworkinterfaceadapter.ARPconvertsIPaddressesintohardware addressesbybroadcastingrequestpacketscontainingtheIPaddressonthelocalnetwork andwaitingfortheholderofthatIPaddresstorespondwithareplycontainingthe equivalenthardwareaddress. NOTEARPwasoriginallydevelopedforusewithDIXEthernetnetworks, buthasbeengeneralizedtoallowitsusewithotherdatalinklayer protocols. ThebiggestdifferencebetweenIPaddressesandhardwareaddressesisthatIPis responsibleforthedeliveryofthepackettoitsultimatedestination,whileanEthernet implementationisconcernedonlywithdeliverytothenextstoponthejourney.Ifthe packet’sdestinationisonthesamenetworksegmentasthesource,theIPprotocoluses ARPtoresolvetheIPaddressoftheultimatedestinationintoahardwareaddress.If, however,thedestinationislocatedonanothernetwork,theIPprotocolwillnotuseARPto resolvetheultimatedestinationaddress(thatis,thedestinationaddressintheIPheader). Instead,itwillpasstheIPaddressofthedefaultgatewaytotheARPprotocolforaddress resolution. Thisisbecausethedatalinkprotocolheadermustcontainthehardwareaddressofthe nextintermediatestopasitsdestination,whichmaywellbearouter.Itisuptothatrouter toforwardthepacketonthenextlegofitsjourney.Thus,inthecourseofasingle internetworktransmission,manydifferentmachinesmayperformARPresolutionsonthe samepacketwithdifferentresults. ARPMessageFormat ARPmessagesarecarrieddirectlywithindatalinklayerframes,using0806asthe EthertypeorSNAPLocalCodevaluetoidentifytheprotocolbeingcarriedinthepacket. ThereisoneformatforalloftheARPmessagetypes,whichisillustratedinFigure13-7. Figure13-7TheARPmessageformat ARPTransactions AnARPtransactionoccurswhentheIPprotocolinaTCP/IPsystemisreadytotransmita datagramoverthenetwork.ThesystemknowsitsownhardwareandIPaddresses,aswell astheIPaddressofthepacket’sintendeddestination.Allitlacksisthehardwareaddress ofthesystemonthelocalnetworkthatistoreceivethepacket.TheARPmessage exchangeproceedsaccordingtothefollowingsteps: 1.ThetransmittingsystemgeneratesanARPRequestpacketcontainingitsown addressesintheSenderHardwareAddressandSenderProtocolAddressfields. TheTargetProtocolAddresscontainstheIPaddressofthesystemonthelocal networkthatistoreceivethedatagram,whiletheTargetHardwareAddressisleft blank.Someimplementationsinsertabroadcastaddressorothervalueintothe TargetHardwareAddressfieldoftheARPRequestmessage,butthisvalueis ignoredbytherecipientbecausethisistheaddresstheprotocolistryingto ascertain. 2.ThesystemtransmitstheARPRequestmessageasabroadcasttothelocal network,askingineffect,“WhoisusingthisIPaddress,andwhatisyour hardwareaddress?” 3.EachTCP/IPsystemonthelocalnetworkreceivestheARPRequest broadcastandexaminesthecontentsoftheTargetProtocolAddressfield.Ifthe systemdoesnotusethataddressononeofitsnetworkinterfaces,itsilently discardsthepacket.Ifthesystemdoesusetheaddress,itgeneratesanARPReply messageinresponse.Thesystemusesthecontentsoftherequestmessage’s SenderHardwareAddressandSenderProtocolAddressfieldsasthevaluesforits replymessage’sTargetHardwareAddressandTargetProtocolAddressfields.The systemtheninsertsitsownhardwareaddressandIPaddressintotheSender HardwareAddressandSenderProtocolAddressfields,respectively. 4.ThesystemusingtherequestedIPaddresstransmitsthereplymessageasa unicasttotheoriginalsender.Onreceiptofthereply,thesystemthatinitiatedthe ARPexchangeusesthecontentsoftheSenderHardwareAddressfieldasthe DestinationAddressforthedatalinklayertransmissionoftheIPdatagram. ARPCaching Becauseofitsrelianceonbroadcasttransmissions,ARPcangenerateasignificantamount ofnetworktraffic.Tolessentheburdenoftheprotocolonthenetwork,TCP/IPsystems cachethehardwareaddressesdiscoveredthroughARPtransactionsinmemoryfora designatedperiodoftime.Thisway,asystemtransmittingalargestringofdatagramsto thesamehostdoesn’thavetogenerateindividualARPrequestsforeachpacket. Thisisparticularlyhelpfulinaninternetworkenvironmentinwhichsystemsroutinely transmitthemajorityoftheirpacketstodestinationsonothernetworks.Whenanetwork segmenthasonlyasinglerouter,allIPdatagramsdestinedforothernetworksaresent throughthatrouter.WhensystemshavethehardwareaddressforthatrouterintheARP cache,theycantransmitthemajorityoftheirdatagramswithoutusingARPbroadcasts. TheamountoftimethatentriesremainintheARPcachevarieswithdifferentTCP/IP implementations.Windowssystemspurgeentriesaftertwominuteswhentheyarenot usedtotransmitadditionaldatagrams. IP TheInternetProtocol(IP),asdefinedinRFC791,istheprimarycarrierprotocolforthe TCP/IPsuite.IPisessentiallytheenvelopethatcarriesthemessagesgeneratedbymostof theotherTCP/IPprotocols.OperatingatthenetworklayeroftheOSImodel,IPisa connectionless,unreliableprotocolthatperformsseveralfunctionsthatareacriticalpart ofgettingpacketsfromthesourcesystemtothedestination.Amongthesefunctionsare thefollowing: •AddressingIdentifyingthesystemthatwillbetheultimaterecipientofthe packet •PackagingEncapsulatingtransportlayerdataindatagramsfortransmission tothedestination •FragmentingSplittingdatagramsintosectionssmallenoughfor transmissionoveranetwork •RoutingDeterminingthepathofthepacketthroughtheinternetworktothe destination Thefollowingsectionsexaminethesefunctionsinmoredetail. Addressing IPistheprotocolresponsibleforthedeliveryofTCP/IPpacketstotheirultimate destination.Itisvitaltounderstandhowthisdiffersfromtheaddressingperformedbya datalinklayerprotocollikeEthernetorTokenRing.Datalinklayerprotocolsareaware onlyofthemachinesonthelocalnetworksegment.Nomatterwherethepacketfinally endsup,thedestinationaddressinthedatalinklayerprotocolheaderisalwaysthatofa machineonalocalnetwork. Iftheultimatedestinationofthepacketisasystemonanothernetworksegment,the datalinklayerprotocoladdresswillpointtoarouterthatprovidesaccesstothatsegment. Onreceiptofthepacket,therouterstripsoffthedatalinklayerprotocolheaderand generatesanewonecontainingtheaddressofthepacket’snextintermediatedestination, calledahop.Thus,throughoutthepacket’sjourney,thedatalinkprotocolheaderwill containadifferentdestinationaddressforeachhop. ThedestinationaddressintheIPheader,however,alwayspointstothefinal destinationofthepacket,regardlessofthenetworkonwhichit’slocated,anditnever changesthroughoutthejourney.IPisthefirstprotocolinthestack(workingupfromthe bottom)tobeconsciousofthepacket’send-to-endjourneyfromsourcetodestination. Mostoftheprotocol’sfunctionsrevolvearoundthepreparationofthetransportlayerdata fortransmissionacrossmultiplenetworkstothedestination. Packaging IPisalsoresponsibleforpackagingtransportlayerprotocoldataintostructurescalled datagramsforitsjourneytothedestination.Duringthejourney,routersapplyanewdata linklayerprotocolheadertoadatagramforeachhop.Beforereachingitsfinaldestination, apacketmaypassthroughnetworksusingseveraldifferentdatalinklayerprotocols,each ofwhichrequiresadifferentheader.TheIP“envelope,”ontheotherhand,remainsintact throughouttheentirejourney,exceptforafewbitsthataremodifiedalongtheway,just likeamailingenvelopeispostmarked. Asitreceivesdatafromthetransportlayerprotocol,IPpackagesitintodatagramsofa sizesuitablefortransmissionoverthelocalnetwork.Adatagram(inmostcases)consists ofa20-byteheaderplusthetransportlayerdata.Figure13-8illustratestheheader. Figure13-8TheIPheaderformat Thefunctionsoftheheaderfieldsareasfollows: •Version,4bitsSpecifiestheversionoftheIPprotocolinuse.Thevaluefor thecurrentimplementationis4. •IHL(InternetHeaderLength),4bitsSpecifiesthelengthoftheIPheader, in32-bitwords.Whentheheadercontainsnooptionalfields,thevalueis5. •TOS(TypeofService),1byteBits1through3and8areunused.Bits4 through7specifytheserviceprioritydesiredforthedatagram,usingthe followingvalues: •0000Default •0001MinimizeMonetaryCost •0010MaximizeReliability •0100MaximizeThroughput •1000MinimizeDelay •1111MaximizeSecurity •TotalLength,2bytesSpecifiesthelengthofthedatagram,includingallthe headerfieldsandthedata. •Identification,2bytesContainsauniquevalueforeachdatagram,usedby thedestinationsystemtoreassemblefragments. •Flags,3bitsContainsbitsusedduringthedatagramfragmentationprocess, withthefollowingvalues: •Bit1Notused. •Bit2(Don’tFragment)Whensettoavalueof1,preventsthedatagram frombeingfragmentedbyanysystem. •Bit3(MoreFragments)Whensettoavalueof0,indicatesthatthelast fragmentofthedatagramhasbeentransmitted.Whensetto1,indicatesthat fragmentsstillawaittransmission. •FragmentOffset,13bitsSpecifiesthelocation(in8-byteunits)ofthe currentfragmentinthedatagram. •TTL(TimetoLive),1byteSpecifiesthenumberofroutersthedatagram shouldbepermittedtopassthroughonitswaytothedestination.Eachrouterthat processesthepacketdecrementsthisfieldby1.Oncethevaluereaches0,the packetisdiscarded,whetherornotithasreachedthedestination. •Protocol,1byteIdentifiestheprotocolthatgeneratedtheinformationinthe datafield,usingvaluesfoundinthe“AssignedNumbers”RFC(RFC1700)and thePROTOCOLfilefoundoneveryTCP/IPsystem,someofwhichareas follows: •1InternetControlMessageProtocol(ICMP) •2InternetGroupManagementProtocol(IGMP) •3Gateway-to-GatewayProtocol(GGP) •6TransmissionControlProtocol(TCP) •8ExteriorGatewayProtocol(EGP) •17UserDatagramProtocol(UDP) •HeaderChecksum,2bytesContainsachecksumvaluecomputerintheIP headerfieldsonlyforerror-detectionpurposes. •SourceIPAddress,4bytesSpecifiestheIPaddressofthesystemfrom whichthedatagramoriginated. •DestinationIPAddress,4bytesSpecifiestheIPaddressofthesystemthat willbetheultimaterecipientofthedatagram. •Options(variable)Cancontainanyof16optionsdefinedinthe“Assigned Numbers”RFC,describedlaterinthissection. •Data(variable,uptotheMTUfortheconnectednetwork)Containsthe payloadofthedatagram,consistingofdatapasseddownfromatransportlayer protocol. SystemsusetheIPheaderoptionstocarryadditionalinformation,eithersuppliedby thesenderorgatheredasthepackettravelstothedestination.Eachoptioniscomposedof thefollowingfields: •OptionType(1byte)Containsavalueidentifyingtheoptionthatconsists ofthefollowingthreesubfields: •CopyFlag(1bit)Whensettoavalueof1,indicatestheoptionshould becopiedtoeachofthefragmentsthatcomprisethedatagram. •OptionClass(2bits)Containsacodethatidentifiestheoption’sbasic function,usingthefollowingvalues: •0Control •2Debuggingandmeasurement •OptionNumber(5bits)Containsauniqueidentifierfortheoption,as specifiedinthe“AssignedNumbers”RFC. •OptionLength(1byte)Specifiesthetotallengthoftheoption,including theOptionType,OptionLength,andOptionDatafields. •OptionData(OptionLengthminus2)Containstheoption-specific informationbeingcarriedtothedestination. Table13-5listssomeoftheoptionssystemscaninsertintoIPdatagrams,thevalues fortheoptionsubfields,andtheRFCsthatdefinetheoption’sfunction.Thefunctionsof theoptionsareasfollows: •EndofOptionsListConsistingonlyofanOptionTypefieldwiththevalue 0,thisoptionmarkstheendofalltheoptionsinanIPheader. •NoOperationConsistingonlyofanOptionTypefield,systemscanusethis optiontopadoutthespacebetweentwootheroptions,toforcethefollowing optiontobeginattheboundarybetween32-bitwords. •LooseSourceRouteandStrictSourceRouteSystemsusetheLoose SourceRouteandStrictSourceRouteoptionstocarrytheIPaddressesofrouters thedatagrammustpassthroughonitswaytothedestination.Whenasystemuses theLooseSourceRouteoption,thedatagramcanpassthroughotherroutersin additiontothoselistedintheoption.TheStrictSourceRouteoptiondefinesthe entirepathofthedatagramfromthesourcetothedestination. •TimeStampThisoptionisdesignedtoholdtimestampsgeneratedbyone ormoresystemsprocessingthepacketasittravelstoitsdestination.Thesending systemmaysupplytheIPaddressesofthesystemsthataretoaddtimestampsto theheader,enablethesystemstosavetheirIPaddressestotheheaderalongwith thetimestamps,oromittheIPaddressesofthetime-stampingsystemsentirely. Thesizeoftheoptionisvariabletoaccommodatemultipletimestamps,butmust bespecifiedwhenthesendercreatesthedatagramandcannotbeenlargedenroute tothedestination. •RecordRouteThisoptionprovidesthereceivingsystemwitharecordofall theroutersthroughwhichthedatagramhaspassedduringitsjourneytothe destination.Eachrouteraddsitsaddresstotheoptionasitprocessesthepacket. Table13-5IPHeaderOptions Fragmenting ThesizeoftheIPdatagramsusedtotransmitthetransportlayerdatadependsonthedata linklayerprotocolinuse.Ethernetnetworks,forexample,cancarrydatagramsupto 1,500bytesinsize,whileTokenRingnetworkstypicallysupportpacketsaslargeas4,500 bytes.Thesystemtransmittingthedatagramusesthemaximumtransferunit(MTU)ofthe connectednetwork,thatis,thelargestpossibleframethatcanbetransmittedusingthat datalinklayerprotocol,asonefactorindetermininghowlargeeachdatagramshouldbe. Duringthecourseofitsjourneyfromthesourcetothedestination,packetsmay encounternetworkswithdifferentMTUs.AslongastheMTUofeachnetworkislarger thanthepacket,thedatagramistransmittedwithoutaproblem.Ifapacketislargerthan theMTUofanetwork,however,itcannotbetransmittedinitscurrentform.Whenthis occurs,theIPprotocolintherouterprovidingaccesstothenetworkisresponsiblefor splittingthedatagramintofragmentssmallerthantheMTU.Therouterthentransmits eachfragmentinaseparatepacketwithitsownIPheader. Dependingonthenumberandnatureofthenetworksitpassesthrough,adatagram maybefragmentedmorethanoncebeforeitreachesthedestination.Asystemmightsplit adatagramintofragmentsthatarethemselvestoolargefornetworksfurtheralonginthe path.Anotherrouter,therefore,splitsthefragmentsintostillsmallerfragments. Reassemblyofafragmenteddatagramtakesplaceonlyatthedestinationsystemafterit hasreceivedallofthepacketscontainingthefragments,notattheintermediaterouters. NOTETechnicallyspeaking,thedatagramisdefinedastheunitofdata, packagedbythesourcesystem,containingaspecificvalueontheIP header’sIdentificationfield.Whenarouterfragmentsadatagram,ituses thesameIdentificationvalueforeachnewpacketitcreates,meaningthe individualfragmentsarecollectivelyknownasadatagram.Referringtoa singlefragmentasadatagramisincorrectuseoftheterm. Whenarouterreceivesadatagramthatmustbefragmented,itcreatesaseriesofnew packetsusingthesamevaluefortheIPheader’sIdentificationfieldastheoriginal datagram.Theotherfieldsoftheheaderarethesameaswell,withthreeimportant exceptions,whichareasfollows: •ThevalueoftheTotalLengthfieldischangedtoreflectthesizeofthe fragment,insteadofthesizeoftheentiredatagram. •Bit3oftheFlagsfield,theMoreFragmentsbit,ischangedtoavalueof1to indicatethatfurtherfragmentsaretobetransmitted,exceptinthecaseofthe datagram’slastfragment,inwhichthisbitissettoavalueof0. •ThevalueoftheFragmentOffsetfieldischangedtoreflecteachfragment’s placeinthedatagram,basedonthesizeofthefragments(whichis,inturn,based ontheMTUofthenetworkacrosswhichthefragmentsaretobetransmitted).The valueforthefirstfragmentis0;thenextisincrementedbythesizeofthe fragment,inbytes. ThesechangestotheIPheaderareneededforthefragmentstobeproperly reassembledbythedestinationsystem.Theroutertransmitsthefragmentslikeanyother IPpackets,andbecauseIPisaconnectionlessprotocol,theindividualfragmentsmaytake differentroutestothedestinationandarriveinadifferentorder.Thereceivingsystemuses theMoreFragmentsbittodeterminewhenitshouldbeginthereassemblyprocessand usestheFragmentOffsetfieldtoassemblethefragmentsintheproperorder. SelectingthesizeofthefragmentsisleftuptoindividualIPimplementations. Typically,thesizeofeachfragmentistheMTUofthenetworkoverwhichitmustbe transmitted,minusthesizeofthedatalinkandIPprotocolheaders,androundeddownto thenearest8bytes.Somesystems,however,automaticallycreate576-bytefragments becausethisisthedefaultpathMTUusedbymanyrouters. Fragmentationisnotdesirable,butitisanecessaryevil.Obviously,because fragmentingadatagramcreatesmanypacketsoutofonepacket,itincreasesthecontrol overheadincurredbythetransmissionprocess.Also,ifonefragmentofadatagramislost ordamaged,theentiredatagrammustberetransmitted.Nomeansofreproducingand retransmittingasinglefragmentexistsbecausethesourcesystemhasnoknowledgeofthe fragmentationperformedbytheintermediaterouters.TheIPimplementationonthe destinationsystemdoesnotpasstheincomingdatauptothetransportlayeruntilallthe fragmentshavearrivedandbeenreassembled.Thetransportlayerprotocolmusttherefore detectthemissingdataandarrangefortheretransmissionofthedatagram. Routing BecausetheIPprotocolisresponsibleforthetransmissionofpacketstotheirfinal destinations,IPdeterminestheroutethepacketswilltake.Apacket’srouteisthepathit takesfromoneendsystem,thesource,toanotherendsystem,thedestination.Therouters thepacketpassesthroughduringthetriparecalledintermediatesystems.Thefundamental differencebetweenendsystemsandintermediatesystemsishowhighthepacketdata reachesintheprotocolstack. Onthesourcecomputer,arequestforaccesstoanetworkresourcebeginsatthe applicationlayerandwendsitswaydownthroughthelayersoftheprotocolstack, eventuallyarrivingatthephysicallayerencapsulatedinapacket,readyfortransmission. Whenitreachesthedestination,thereverseoccurs,andthepacketispassedupthestack totheapplicationlayer.Onendsystems,therefore,theentireprotocolstackparticipatesin theprocessingofthedata.Onintermediatesystems,suchasrouters,thedataarrivingover thenetworkispassedonlyashighasthenetworklayerprotocol,which,inthiscase,isIP (seeFigure13-9). Figure13-9Packetspassingthroughrouterstravelnohigherthanthenetworklayeroftheprotocolstack. IPstripsoffthedatalinklayerprotocolheaderand,afterdeterminingwhereitshould sendthepacketnext,preparesitforpackaginginadatalinklayerprotocolframesuitable fortheoutgoingnetwork.ThismayinvolveusingARPtoresolvetheIPaddressofthe packet’snextstopintoahardwareaddressandthenfurnishingthataddresstothedatalink layerprotocol. Routingisaprocessthatoccursonehopofapacket’sjourneyatatime.Thesource systemtransmitsthepackettoitsdefaultgateway(router),andtherouterdetermines wheretosendthepacketnext.Ifthefinaldestinationisonanetworksegmenttowhich therouterisattached,itsendsthepacketthere.Ifthedestinationisonanothernetwork, therouterdetermineswhichoftheotherroutersitshouldsendthepackettoinorderforit toreachitsdestinationmostefficiently.Thus,thenextdestinationforthepacket, identifiedbythedestinationaddressinthedatalinklayerprotocol,maynotbethesame systemasthatspecifiedintheIPheader’sDestinationIPAddressfield. Eventually,oneoftherouterswillhaveaccesstothenetworkonwhichthepacket’s finaldestinationsystemislocatedandwillbeabletosenditdirectlytothatmachine. Usingthismethod,theroutingprocessisdistributedamongthenetwork’srouters.Noneof thecomputersinvolvedintheprocesshascompleteknowledgeofthepacket’sroute throughthenetworkatanytime.Thisdistributionoflabormakeshugenetworkslikethe Internetpossible.Nopracticalmethodexistsforasinglesystemtodetermineaviablepath throughthemanythousandsofroutersontheInternettoaspecificdestinationforeach packet. Themostcomplexpartoftheroutingprocessisthemannerinwhichtherouter determineswheretosendeachpacketnext.Routershavedirectknowledgeonlyofthe networksegmentstowhichtheyareconnected.Theyhavenomeansofunilaterally determiningthebestroutetoaparticulardestination.Inmostcases,routersgain knowledgeaboutothernetworksbycommunicatingwithotherroutersusingspecialized protocolsdesignedforthispurpose,suchastheRoutingInformationProtocol(RIP).Each routerpassesinformationaboutitselftotheotherroutersonthenetworkstowhichitis connected,thoseroutersupdatetheirneighboringrouters,andsoon. Regularupdatesfromtheneighboringroutersenableeachsystemtokeepupwith changingconditionsonthenetwork.Ifaroutershouldgodown,forexample,its neighborswilldetectitsabsenceandspreadthewordthattherouterisunavailable.The otherrouterswilladjusttheirbehaviorasneededtoensurethattheirpacketsarenotsent downadead-endstreet. Routingprotocolsenableeachroutertocompileatableofnetworkswiththe informationneededtosendpacketstothatnetwork.Essentially,thetablesays“send traffictonetworkx;useinterfacey”whereyisoneoftherouter’sownnetworkinterfaces. Administratorscanalsomanuallyconfigureroutesthroughthenetwork.Thisiscalled staticrouting,asopposedtoprotocol-basedconfiguration,whichiscalleddynamic routing. Oncomplexnetworks,theremaybeseveralviableroutesfromasourcetoaparticular destination.Routerscontinuallyratethepossiblepathsthroughthenetwork,sotheycan selecttheshortest,fastest,oreasiestrouteforapacket. CHAPTER 14 OtherTCP/IPProtocols WhileInternetProtocolversion4(IPv4)hasbeenthemostcommonlyused,thereare manyotherpartsoftheTransmissionControlProtocol/InternetProtocol(TCP/IP)suiteof protocols.ThischapterdiscussesotherpartsoftheTCP/IPfamilyaswellasothergroups orprotocolsuitesencounteredintoday’snetworks. IPv6 AsmentionedinChapter13,nooneinvolvedintheoriginaldesignandimplementationof theInternetcouldhavepredicteditsexplosivegrowth.TheTCP/IPprotocolsheldup remarkablywelloverthedecades,provingthatthescalabilityfeaturesincorporatedinto themwerewelldesigned.However,thesinglebiggestproblemwiththeuseofthese protocolsistherapidconsumptionoftheaddressspaceprovidedbyIPv4,thecurrent version.ThelastblockofIPv4addresseswereallottedbytheInternetAssignedNumbers Authority(IANA)inFebruary2011,sothefreepoolofIPv4addressesisnowgone. IPaddressesarenolongerbeingusedonlybycomputers;cellularphones,tablets, globalpositioningsystems,andothermobiledevicesneedtheseaddressesaswell. Anticipatingtheeventualdepletionofthe32-bitaddressspace,workcommencedonan upgradedversionofIPin1998,whichhasresultedinseveraldozenrequestsfor comments(RFCs),includingRFC2460,“InternetProtocol,Version6(IPv6) Specification.”IPv6doesnotreplaceIPv4,whichisstillusedinmanyapplications.This versionenhancesandsolvessomeoftheinherentissuesinIPv4. TheprimaryimprovementinIPv6istheexpansionoftheaddressspacefrom32to 128bits.Forthenearfuture,thisshouldprovideasufficientnumberofIPaddressesforall devicesthatcanmakeuseofthem(whichisprobablywhatthedesignersofIPv4said whentheydecidedtouse32-bitaddresses).Inadditiontotheexpandedaddressspace, IPv6includesthefollowingenhancements: •SimplifiedheaderformatIPv6removesextraneousfieldsfromtheprotocol headerandmakesotherfieldsoptionaltoreducethenetworktrafficoverhead generatedbytheprotocol. •HeaderextensionsIPv6introducestheconceptofextensionheaders,which areseparate,optionalheaderslocatedbetweentheIPheaderanditspayload.The extensionheaderscontaininformationthatisusedonlybytheendsystemthatis thepacket’sfinaldestination.Bymovingthemintoextensionheaders,the intermediatesystemsdon’thavetoexpendthetimeandprocessorclockcycles neededtoprocessthem. •FlowlabelingIPv6enablesapplicationstoapplya“flowlabel”tospecific packetsinordertorequestanonstandardqualityofservice.Thisisintendedto enableapplicationsthatrequirereal-timecommunications,suchasstreaming audioandvideo,torequestpriorityaccesstothenetworkbandwidth. •SecurityextensionsIPv6includesextensionsthatsupportauthentication, dataintegrity,anddataconfidentiality. IPv6requiresanumberoffundamentalchangestothehardwareandsoftwarethat makeupthenetworkinfrastructure,apartfromjusttheadaptationto128-bitaddresses. Forexample,theoperatingsystemsandapplicationsthatuseIPv6mustalsoincludethe IPv6versionofICMP,definedinRFC2463.Also,networksthatuseIPv6mustsupporta maximumtransferunitvalueofatleast1,280bytes.Issueslikethesecomplicatedthe processoftransitioningtheInternetfromIPv4toIPv6.RFC1933definedmechanisms designedtofacilitatethetransitionprocess,suchassupportforbothIPv4andIPv6layers inthesamesystemandthetunnelingofIPv6datagramswithinIPv4datagrams,enabling theexistingIPv4routinginfrastructuretocarryIPv6information.Thesearesomeofthe differences: •LargeraddressspaceThe128-bitaddressesinIPv6allowjustover340 trilliontrilliontrillionaddresses. •DatagramformatThepacketheaderinIPv6enablesmoresecureand efficientrouting. •ImprovedreassemblyThemaximumtransmissionunit(MTU)is1,280 bytesinIPv6. •BetterconnectivityUnderIPv6,everysystemhasauniqueIPaddressand canmovethroughtheInternetwithoutany“translators.”Onceitisfully implemented,eachhostcanreacheveryotherhostdirectly.However,firewalls andnetworkpoliciesdocreatesomelimitationsonthisconnectivity. IPv6Addresses AccordingtoRFC4291,“IPVersion6AddressingArchitecture,”therearethreetypesof identifiersforIPv6addresses: •AnycastWhenusingananycastaddress,apacketisdeliveredtooneofthe interfacesidentifiedbythataddress. •MulticastPacketssenttoamulticastaddressinIPv6aredeliveredtoall interfacesidentifiedbythataddress.ThisisthesameasIPv4. •UnicastPacketssenttoaunicastaddressaredeliveredonlytothataddress. UnicastAddressTypes TherearethreetypesofunicastaddressesinIPv6:linklocal,uniquelocal,andglobal unicast.Eachhasitsownconfiguration. Link-LocalAddressInthisconfiguration,theautoconfiguredIPv6startswithFE80,as shownhere: 1111111010000000(FE80inhexadecimal) withthenext48bitssetto0. TheseaddressesareusedbetweenIPv6hostsonabroadcastsegmentonlyandarenot routable.Thus,arouterneverforwardstheaddressoutsidethelink. Unique-LocalAddressThistypeshouldbeusedonlyforlocalcommunication,even thoughitisgloballyunique.Theaddressisdividedbetweenprefix(1111110),localbit(1 bitonly),globalID(40bits),subnetID(16bits),andinterfaceID(64bits).Theprefixis alwayssetto1111110(asshown),withthelocalbitsetto1iftheaddressislocally assigned.Atthistime,thelocalbithasnotyetbeendefined. GlobalUnicastAddressEssentially,thisisIPv4’spublicaddress.InIPv6,these addressesaregloballyidentifiableanduniquelyaddressable.Themostsignificant48bits aredesignatedastheglobalroutingprefix,andthe3mostsignificantbitsoftheprefixare alwayssetto001,asshowninTable14-1. Table14-1TheGlobalUnicastAddressinIPv6 IPv6AddressStructure AllIPv6addressesarefourtimeslonger(128bitsinsteadof32bits)thanIPv4addresses. AsdiscussedinChapter13,anIPv4addresscontainsfouroctetsandhasadecimalvalue between0and255.Aperiodseparateseachoftheoctets.IPv4addressmustincludefour octets. NormalIPv6Addresses IPv6addresseshaveaformatthatlookslikethis: y:y:y:y:y:y:y:y. Inthisformat,eachyiscalledasegmentandcanbeanyhexadecimalvaluebetween0 andFFFF.NormalIPv6addressesrequireeightsegments. DualIPv6Addresses ThedualIPv6addresscombinesbothanIPv6andanIPv4addressandlookslikethis: y:y:y:y:y:y:x.x.x.x. TheIPv6portionisalwaysfirst,andthesegmentsareseparatedbycolonsinsteadof periods.Itmusthavesixsegments.TheIPv4portionmustcontainthreeperiodsandfour octets. OtherProtocols Thereareothertypesofnetworkprotocols,someofwhicharediscussedhere.See Chapters15and16foradditionalinformation. ICMP TheInternetControlMessageProtocol(ICMP)isanetworklayerprotocolthatdoesnot carryuserdata,althoughitsmessagesareencapsulatedinIPdatagrams.ICMPfillstwo rolesintheTCP/IPsuite.Itprovideserror-reportingfunctions,informingthesending systemwhenatransmissioncannotreachitsdestination,forexample,anditcarriesquery andresponsemessagesfordiagnosticprograms.Thepingutility,forinstance,whichis includedineveryTCP/IPimplementation,usesICMPechomessagestodetermine whetheranothersystemonthenetworkcanreceiveandsenddata. TheICMPprotocol,asdefinedinRFC792,consistsofmessagescarriedinIP datagrams,withavalueof1intheIPheader’sProtocolfieldand0intheTypeofService field.Figure14-1illustratestheICMPmessageformat. Figure14-1TheICMPmessageformat TheICMPmessageformatconsistsofthefollowingfields: •Type(1byte)Containsacodeidentifyingthebasicfunctionofthemessage •Code(1byte)Containsasecondarycodeidentifyingthefunctionofthe messagewithinaspecifictype •Checksum(2bytes)Containstheresultsofachecksumcomputationonthe entireICMPmessage,includingtheType,Code,Checksum,andDatafields(with avalueof0intheChecksumfieldforcomputationpurposes) •Data(variable)Containsinformationspecifictothefunctionofthe message TheICMPmessagetypesarelistedinTable14-2. Table14-2ICMPMessageTypes ICMPErrorMessages BecauseofthewayTCP/IPnetworksdistributeroutingchoresamongvarioussystems, thereisnowayforeitheroftheendsystemsinvolvedinatransmissiontoknowwhathas happenedduringapacket’sjourney.IPisaconnectionlessprotocol,sono acknowledgmentmessagesarereturnedtothesenderatthatlevel.Whenusinga connection-orientedprotocolatthetransportlayer,likeTCP,thedestinationsystem acknowledgestransmissions,butonlyforthepacketsitreceives.Ifsomethinghappens duringthetransmissionprocessthatpreventsthepacketfromreachingthedestination, thereisnowayforIPorTCPtoinformthesenderaboutwhathappened. ICMPerrormessagesaredesignedtofillthisvoid.Whenanintermediatesystem,such asarouter,hastroubleprocessingapacket,theroutertypicallydiscardsthepacket, leavingtheupper-layerprotocolstodetectthepacket’sabsenceandarrangefora retransmission.ICMPmessagesenabletheroutertoinformthesenderoftheexactnature oftheproblem.DestinationsystemscanalsogenerateICMPmessageswhenapacket arrivessuccessfullybutcannotbeprocessed. TheDatafieldofanICMPerrormessagealwayscontainstheIPheaderofthe datagramthesystemcouldnotprocess,plusthefirst8bytesofthedatagram’sownData field.Inmostcases,these8bytescontainaUDPheaderorthebeginningofaTCPheader, includingthesourceanddestinationportsandthesequencenumber(inthecaseofTCP). Thisenablesthesystemreceivingtheerrormessagetoisolatetheexacttimetheerror occurredandthetransmissionthatcausedit. However,ICMPerrormessagesareinformationalonly.Thesystemreceivingthem doesnotrespondnordoesitnecessarilytakeanyactiontocorrectthesituation.Theuser oradministratormayhavetoaddresstheproblemthatiscausingthefailure. Ingeneral,allTCP/IPsystemsarefreetotransmitICMPerrormessages,exceptin certainspecificsituations.TheseexceptionsareintendedtopreventICMPfromgenerating toomuchtrafficonthenetworkbytransmittinglargenumbersofidenticalmessages. Theseexceptionalsituationsareasfollows: •TCP/IPsystemsdonotgenerateICMPerrormessagesinresponsetoother ICMPerrormessages.Withoutthisexception,itwouldbepossiblefortwo systemstobounceerrormessagesbackandforthbetweenthemendlessly. SystemscangenerateICMPerrorsinresponsetoICMPqueries,however. •Inthecaseofafragmenteddatagram,asystemgeneratesanICMPerror messageonlyforthefirstfragment. •TCP/IPsystemsnevergenerateICMPerrormessagesinresponseto broadcastormulticasttransmissions,transmissionswithasourceIPaddressof 0.0.0.0,ortransmissionsaddressedtotheloopbackaddress. ThefollowingsectionsexaminethemostcommontypesofICMPerrormessagesand theirfunctions. DestinationUnreachableMessagesDestinationunreachablemessageshaveavalueof 3intheICMPTypefieldandanyoneof13valuesintheCodefield.Asthenameimplies, thesemessagesindicatethatapacketortheinformationinapacketcouldnotbe transmittedtoitsdestination.Thevariousmessagesspecifyexactlywhichcomponentwas unreachableand,insomecases,why.Thistypeofmessagecanbegeneratedbyarouter whenitcannotforwardapackettoacertainnetworkortothedestinationsystemononeof therouter’sconnectednetworks.Destinationsystemsthemselvescanalsogeneratethese messageswhentheycannotdeliverthecontentsofthepackettoaspecificprotocolor host. Inmostcases,theerrorisaresultofsometypeoffailure,eithertemporaryor permanent,inacomputerorthenetworkmedium.Theseerrorscouldalsopossiblyoccur asaresultofIPoptionsthatpreventthetransmissionofthepacket,suchaswhen datagramsmustbefragmentedfortransmissionoveraspecificnetworkandtheDon’t FragmentflagintheIPheaderisset. SourceQuenchMessagesThesourcequenchmessage,withaTypevalueof4anda Codevalueof0,functionsasanelementaryformofflowcontrolbyinforminga transmittingsystemthatitissendingpacketstoofast.Whenthereceiver’sbuffersarein dangerofbeingoverfilled,thesystemcantransmitasourcequenchmessagetothesender, whichslowsdownitstransmissionrateasaresult.Thesendershouldcontinuetoreduce therateuntilitisnolongerreceivingthemessagesfromthereceiver. Thisisabasicformofflowcontrolthatisreasonablyeffectiveforusebetween systemsonthesamenetworkbutthatgeneratestoomuchadditionaltrafficonrouted networks.Inmostcases,thisisunnecessarybecauseTCPprovidesitsownflow-control mechanismoveradditionaltrafficoninternetworks. RedirectMessagesRedirectmessagesaregeneratedonlybyrouterstoinformhostsor otherroutersofbetterroutestoaparticulardestination. Becausehavingthehostsendthepacketsintendedforthatdestinationdirectlyto Router2wouldbemoreefficient,Router1sendsaredirectdatagramfortheNetwork message(Type5,Code0)tothetransmittinghostafteritforwardstheoriginalpacketto Router2.TheredirectmessagecontainstheusualIPheaderandpartialdatainformation, aswellastheIPaddressoftherouterthehostshoulduseforitsfuturetransmissionsto thatnetwork. Inthisexample,theredirectmessageindicatesthatthehostshouldusetheotherrouter forthepacketsitwilltransmittoallhostsonNetworkBinthefuture.Theotherredirect messages(withCodes1through3)enabletheroutertospecifyanalternativerouterfor transmissionstothespecifichost,tothespecifichostwiththesameTypeofServicevalue, andtotheentirenetworkwiththesameTypeofServicevalue. TimeExceededMessagesTimeexceededmessagesareusedtoinformatransmitting systemthatapackethasbeendiscardedbecauseatimeouthaselapsed.TheTimetoLive ExceededinTransitmessage(Type11,Code0)indicatesthattheTime-to-Livevalueina packet’sIPheaderhasreachedzerobeforearrivingatthedestination,forcingtherouterto discardit. ThismessageenablestheTCP/IPtracerouteprogramtodisplaytheroutethroughthe networkthatpacketstaketoagivendestination.Bytransmittingaseriesofpacketswith incrementedvaluesintheTime-to-Livefield,eachsuccessiverouteronthepathtothe destinationdiscardsapacketandreturnsanICMPtimeexceededmessagetothesource. TheFragmentReassemblyTimeExceededmessage(Code1)indicatesthata destinationsystemhasnotreceivedallthefragmentsofaspecificdatagramwithinthe timelimitspecifiedbythehost.Asaresult,thesystemmustdiscardallthefragmentsit hasreceivedandreturntheerrormessagetothesender. ICMPQueryMessages ICMPquerymessagesarenotgeneratedinresponsetootheractivities,asaretheerror messages.Systemsusethemforself-containedrequest/replytransactionsinwhichone computerrequestsinformationfromanother,whichrespondswithareplycontainingthat information. BecausetheyarenotassociatedwithotherIPtransmissions,ICMPqueriesdonot containdatagraminformationintheirDatafields.Thedatatheydocarryisspecifictothe functionofthemessage.Thefollowingsectionsexaminesomeofthemorecommon ICMPquerymessagesandtheirfunctions. EchoRequestsandRepliesEchoRequestandEchoReplymessagesarethebasisfor theTCP/IPpingutility,whichsendstestmessagestoanotherhostonthenetworkto determinewhetheritiscapableofreceivingandrespondingtomessages.Eachping consistsofanICMPEchoRequestmessage(Type8,Code0)that,inadditiontothe standardICMPType,Code,andChecksumfields,addsIdentifierandSequenceNumber fieldsthatthesystemsusetoassociaterequestsandreplies. Ifthesystemreceivingthemessageisfunctioningnormally,itreversestheSourceand DestinationIPAddressfieldsintheIPheader,changesthevalueoftheICMPTypefieldto 0(EchoReply),andrecomputesthechecksumbeforetransmittingitbacktothesender. RouterSolicitationsandAdvertisementsThesemessagesmakeitpossibleforahost systemtodiscovertheaddressesoftheroutersconnectedtothelocalnetwork.Systems canusethisinformationtoconfigurethedefaultgatewayentryintheirroutingtables. WhenahostbroadcastsormulticastsaRouterSolicitationmessage(Type10,Code0),the routersonthenetworkrespondwithRouterAdvertisementmessages(Type9,Code0). Routerscontinuetoadvertisetheiravailabilityatregularintervals(typicallyseventoten minutes).Ahostmaystopusingarouterasitsdefaultgatewayifitfailstoreceive continuedadvertisements. TheRouterSolicitationmessageconsistsonlyofthestandardType,Code,and Checksumfields,plusa4-bytepadintheDatafield.Figure14-2showstheRouter Advertisementmessageformat. Figure14-2TheRouterAdvertisementmessageformat TheRouterAdvertisementmessageformatcontainsthefollowingadditionalfields: •NumberofAddresses(1byte)Specifiesthenumberofrouteraddresses containedinthemessage.Theformatcansupportmultipleaddresses,eachof whichwillhaveitsownRouterAddressandPreferenceLevelfields. •AddressEntrySize(1byte)Specifiesthenumberof4-bytewordsdevoted toeachaddressinthemessage.Thevalueisalways2. •Lifetime(2bytes)Specifiesthetime,inseconds,thatcanelapsebetween advertisementsbeforeasystemassumesarouterisnolongerfunctioning.The defaultvalueisusually1,800seconds(30minutes). •RouterAddress(4bytes)SpecifiestheIPaddressoftheroutergenerating theadvertisementmessage. •PreferenceLevel(4bytes)Containsavaluespecifiedbythenetwork administratorthathostsystemscanusetoselectonerouteroveranother. UDP TwoTCP/IPprotocolsoperateatthetransportlayer:TCPandUDP.TheUserDatagram Protocol(UDP),definedinRFC768,isaconnectionless,unreliableprotocolthatprovides minimaltransportservicetoapplicationlayerprotocolswithaminimumofcontrol overhead.Thus,UDPprovidesnopacketacknowledgmentorflow-controlserviceslike TCP,althoughitdoesprovideend-to-endchecksumverificationonthecontentsofthe packet. Althoughitprovidesaminimumofservicesofitsown,UDPdoesfunctionasapassthroughprotocol,meaningthatitprovidesapplicationswithaccesstonetworklayer services,andviceversa.If,forexample,adatagramcontainingUDPdatacannotbe deliveredtothedestinationandarouterreturnsanICMPDestinationUnreachable message,UDPalwayspassestheICMPmessageinformationupfromthenetworklayerto theapplicationthatgeneratedtheinformationintheoriginaldatagram.UDPalsopasses alonganyoptionalinformationincludedinIPdatagramstotheapplicationlayerand,in theoppositedirection,informationfromapplicationsthatIPwilluseasvaluesforthe Time-to-LiveandTypeofServiceheaderfields. ThenatureoftheUDPprotocolmakesitsuitableonlyforbrieftransactionsinwhich allthedatatobesenttothedestinationfitsintoasingledatagram.Thisisbecauseno mechanismexistsinUDPforsplittingadatastreamintosegmentsandreassemblingthem, asinTCP.ThisdoesnotmeanthatthedatagramcannotbefragmentedbyIPinthecourse oftransmission,however.Thisprocessisinvisibletothetransportlayerbecausethe receivingsystemreassemblesthefragmentsbeforepassingthedatagramupthestack. Inaddition,becausenopacketacknowledgmentexistsinUDP,itismostoftenused forclient-servertransactionsinwhichtheclienttransmitsarequestandtheserver’sreply messageservesasanacknowledgment.Ifasystemsendsarequestandnoreplyis forthcoming,thesystemassumesthedestinationsystemdidnotreceivethemessageand retransmits.ItismostlyTCP/IPsupportserviceslikeDNSandDHCP,servicesthatdon’t carryactualuserdata,thatusethistypeoftransaction.ApplicationssuchasDHCPalso useUDPwhentheyhavetosendbroadcastormulticasttransmissions.BecausetheTCP protocolrequirestwosystemstoestablishaconnectionbeforetheytransmituserdata,it doesnotsupportbroadcastsandmulticasts. TheheaderforUDPmessages(sometimesconfusinglycalleddatagrams,likeIP messages)issmall,only8bytes,asopposedtothe20bytesoftheTCPheader.Figure143illustratestheformat. Figure14-3TheUDPmessageformat Thefunctionsofthefieldsareasfollows: •SourcePortNumber(2bytes)Identifiestheportnumberoftheprocessin thetransmittingsystemthatgeneratedthedatacarriedintheUDPdatagram.In somecases,thismaybeanephemeralportnumberselectedbytheclientforthis transaction. •DestinationPortNumber(2bytes)Identifiestheportnumberofthe processonthedestinationsystemthatwillreceivethedatacarriedintheUDP datagram.Well-knownportnumbersarelistedinthe“AssignedNumbers”RFC andintheServicesfileoneveryTCP/IPsystem. •UDPLength(2bytes)SpecifiesthelengthoftheentireUDPmessage, includingtheHeaderandDatafields,inbytes. •UDPChecksum(2bytes)Containstheresultsofachecksumcomputation computedfromtheUDPheaderanddata,alongwithapseudo-headercomposed oftheIPheader’sSourceIPAddress,DestinationIPAddress,andProtocolfields, plustheUDPLengthfield.Thispseudo-headerenablestheUDPprotocolatthe receivingsystemtoverifythatthemessagehasbeendeliveredtothecorrect protocolonthecorrectdestinationsystem. •Data(variable,upto65,507bytes)Containstheinformationsuppliedby theapplicationlayerprotocol. TCP TheTransmissionControlProtocolistheconnection-oriented,reliablealternativetoUDP, whichaccountsforthemajorityoftheuserdatatransmittedacrossaTCP/IPnetwork,as wellasgivingtheprotocolsuiteitsname.TCP,asdefinedinRFC793,provides applicationswithafullrangeoftransportservices,includingpacketacknowledgment, errordetectionandcorrection,andflowcontrol. TCPisintendedforthetransferofrelativelylargeamountsofdatathatwillnotfitinto asinglepacket.Thedataoftentakestheformofcompletefilesthatmustbesplitupinto multipledatagramsfortransmission.InTCPterminology,thedatasuppliedtothe transportlayerisreferredtoasasequence,andtheprotocolsplitsthesequenceinto segmentsfortransmissionacrossthenetwork.AswithUDP,however,thesegmentsare packagedinIPdatagramsthatmayenduptakingdifferentroutestothedestination.TCP, therefore,assignssequencenumberstothesegmentssothereceivingsystemcan reassembletheminthecorrectorder. BeforeanytransferofuserdatabeginsusingTCP,thetwosystemsexchange messagestoestablishaconnection.Thisensuresthatthereceiverisoperatingandcapable ofreceivingdata.Oncetheconnectionisestablishedanddatatransferbegins,the receivingsystemgeneratesperiodicacknowledgmentmessages.Thesemessagesinform thesenderoflostpacketsandalsoprovidetheinformationusedtocontroltherateofflow tothereceiver. TheTCPHeader Toprovidetheseservices,theheaderappliedtoTCPsegmentsisnecessarilylargerthan thatforUDP.At20bytes(withoutoptions),it’sthesamesizeastheIPheader. Thefunctionsofthefieldsareasfollows: •SourcePort(2bytes)Identifiestheportnumberoftheprocessinthe transmittingsystemthatgeneratedthedatacarriedintheTCPsegments.Insome cases,thismaybeanephemeralportnumberselectedbytheclientforthis transaction. •DestinationPort(2bytes)Identifiestheportnumberoftheprocessonthe destinationsystemthatwillreceivethedatacarriedintheTCPsegments.Wellknownportnumbersarelistedinthe“AssignedNumbers”RFCandinthe ServicesfileoneveryTCP/IPsystem. •SequenceNumber(4bytes)Specifiesthelocationofthedatainthis segmentinrelationtotheentiredatasequence. •AcknowledgmentNumber(4bytes)Specifiesthesequencenumberofthe nextsegmentthattheacknowledgingsystemexpectstoreceivefromthesender. ThisisactiveonlywhentheACKbitisset. •DataOffset(4bits)Specifiesthelength,in4-bytewords,oftheTCPheader (whichmaycontainoptionsexpandingittoasmuchas60bytes). •Reserved(6bits)Unused. •ControlBits(6bits)Containssix1-bitflagsthatperformthefollowing functions: •URGIndicatesthatthesequencecontainsurgentdataandactivatesthe UrgentPointerfield •ACKIndicatesthatthemessageisanacknowledgmentofpreviously transmitteddataandactivatestheAcknowledgmentNumberfield •PSHInstructsthereceivingsystemtopushallthedatainthecurrent sequencetotheapplicationidentifiedbytheportnumberwithoutwaitingfor therest •RSTInstructsthereceivingsystemtodiscardallthesegmentsinthe sequencethathavebeentransmittedthusfarandresetstheTCPconnection •SYNUsedduringtheconnectionestablishmentprocesstosynchronize thesequencenumbersinthesourceanddestinationsystems •FINIndicatestotheothersystemthatthedatatransmissionhasbeen completedandtheconnectionistobeterminated •Window(2bytes)ImplementstheTCPflow-controlmechanismby specifyingthenumberofbytesthesystemcanacceptfromthesender. •Checksum(2bytes)Containsachecksumcomputationcomputedfromthe TCPheader;data;andapseudo-headercomposedoftheSourceIPAddress, DestinationIPAddress,Protocolfieldsfromthepacket’sIPheader,andthelength oftheentireTCPmessage. •UrgentPointer(2bytes)ActivatedbytheURGbit,specifiesthedatainthe sequencethatshouldbetreatedbythereceiverasurgent. •Options(variable)Maycontainadditionalconfigurationparametersforthe TCPconnection,alongwithpaddingtofillthefieldtothenearest4-byte boundary.Theavailableoptionsareasfollows: •MaximumSegmentSizeSpecifiesthesizeofthelargestsegmentsthe currentsystemcanreceivefromtheconnectedsystem •WindowScaleFactorUsedtodoublethesizeoftheWindowSizefield from2to4bytes •TimestampUsedtocarrytimestampsindatapacketsthatthereceiving systemreturnsinitsacknowledgments,enablingthesendertomeasurethe round-triptime •Data(variable)Maycontainasegmentoftheinformationpasseddown fromanapplicationlayerprotocol.InSYN,ACK,andFINpackets,thisfieldis leftempty. ConnectionEstablishment DistinguishingTCPconnectionsfromtheothertypesofconnectionscommonlyusedin datanetworkingisimportant.Whenyoulogontoanetwork,forexample,youinitiatea sessionthatremainsopenuntilyoulogoff.Duringthatsession,youmayestablishother connectionstoindividualnetworkresourcessuchasfileserversthatalsoremainopenfor extendedlengthsoftime.TCPconnectionsaremuchmoretransient,however,and typicallyremainopenonlyforthedurationofthedatatransmission.Inaddition,asystem (orevenasingleapplicationonthatsystem)mayopenseveralTCPconnectionsatonce withthesamedestination. Asanexample,considerabasicclient-servertransactionbetweenawebbrowserand awebserver.WheneveryoutypeaURLinthebrowser,theprogramopensaTCP connectionwiththeservertotransferthedefaultHTMLfilethatthebrowserusesto displaytheserver’shomepage.Theconnectionlastsonlyaslongasittakestotransfer thatonepage.Whentheuserclicksahyperlinktoopenanewpage,anentirelynewTCP connectionisneeded.Ifthereareanygraphicsonthewebpages,aseparateTCP connectionisneededtotransmiteachimagefile. Theadditionalmessagesrequiredfortheestablishmentoftheconnection,plusthesize oftheheader,addconsiderablytothecontroloverheadincurredbyaTCPconnection. ThisisthemainreasonwhyTCP/IPhasUDPasalow-overheadtransportlayer alternative. Thecommunicationprocessbetweentheclientandtheserverbeginswhentheclient generatesitsfirstTCPmessage,beginningthethree-wayhandshakethatestablishesthe connectionbetweenthetwomachines.Thismessagecontainsnoapplicationdata;it simplysignalstotheserverthattheclientwantstoestablishaconnection.TheSYNbitis set,andthesystemsuppliesavalueintheSequenceNumberfield,calledtheinitial sequencenumber(ISN),asshowninFigure14-4. Figure14-4Theclient’sSYNmessageinitiatestheconnectionestablishmentprocess. ThesystemusesacontinuouslyincrementingalgorithmtodeterminetheISNitwill useforeachconnection.Theconstantcyclingofthesequencenumbersmakesithighly unlikelythatmultipleconnectionsusingthesamesequencenumberswilloccurbetween thesametwosockets.Theclientsystemthentransmitsthemessageasaunicasttothe destinationsystemandenterstheSYN-SENTstate,indicatingthatithastransmittedits connectionrequestandiswaitingforamatchingrequestfromthedestinationsystem. Theserver,atthistime,isintheLISTENstate,meaningthatitiswaitingtoreceivea connectionrequestfromaclient.Whentheserverreceivesthemessagefromtheclient,it replieswithitsownTCPcontrolmessage.Thismessageservestwofunctions:It acknowledgesthereceiptoftheclient’smessage,asindicatedbytheACKbit,andit initiatesitsownconnection,asindicatedbytheSYNbit(seeFigure14-5).Theserverthen enterstheSYN-RECEIVEDstate,indicatingthatithasreceivedaconnectionrequest, issuedarequestofitsown,andiswaitingforanacknowledgmentfromtheothersystem. BoththeACKandSYNbitsarenecessarybecauseTCPisafull-duplexprotocol,meaning thataseparateconnectionisactuallyrunningineachdirection.Bothconnectionsmustbe individuallyestablished,maintained,andterminated.Theserver’smessagealsocontainsa valueintheSequenceNumberfield(116270),aswellasavalueintheAcknowledgment Numberfield(119841004). Figure14-5Theserveracknowledgestheclient’sSYNandsendsaSYNofitsown. Bothsystemsmaintaintheirownsequencenumbersandarealsoconsciousofthe othersystem’ssequencenumbers.Later,whenthesystemsactuallybegintosend applicationdata,thesesequencenumbersenableareceivertoassembletheindividual segmentstransmittedinseparatepacketsintotheoriginalsequence. Remember,althoughthetwosystemsmustestablishaconnectionbeforetheysend applicationdata,theTCPmessagesarestilltransmittedwithinIPdatagramsandare subjecttothesametreatmentasanyotherdatagram.Thus,theconnectionisactuallya virtualone,andthedatagramsmaytakedifferentroutestothedestinationandarriveina differentorderfromthatinwhichtheyweresent. Aftertheclientreceivestheserver’smessage,ittransmitsitsownACKmessage(see Figure14-6)acknowledgingtheserver’sSYNbitandcompletingthebidirectional connectionestablishmentprocess.Thismessagehasavalueof119841004asitssequence number,whichisthevalueexpectedbytheserver,andanacknowledgmentnumberof 116271,whichisthesequencenumberitexpectstoseeintheserver’snexttransmission. BothsystemsnowentertheESTABLISHEDstate,indicatingthattheyarereadyto transmitandreceiveapplicationdata. Figure14-6Theclientthenacknowledgestheserver’sSYN,andtheconnectionisestablishedinbothdirections. DataTransfer OncetheTCPconnectionisestablishedinbothdirections,thetransmissionofdatacan begin.Theapplicationlayerprotocoldetermineswhethertheclientortheserverinitiates thenextexchange.InaFileTransferProtocol(FTP)session,forexample,theserversends aReadymessagefirst.InaHypertextTransferProtocol(HTTP)exchange,theclient beginsbysendingtheURLofthedocumentitwantstoreceive. Thedatatobesentisnotpackagedfortransmissionuntiltheconnectionis established.ThisisbecausethesystemsusetheSYNmessagestoinformtheothersystem ofthemaximumsegmentsize(MSS).TheMSSspecifiesthesizeofthelargestsegment eachsystemiscapableofreceiving.ThevalueoftheMSSdependsonthedatalinklayer protocolusedtoconnectthetwosystems. EachsystemsuppliestheotherwithanMSSvalueintheTCPmessage’sOptions field.LikewiththeIPheader,eachoptionconsistsofmultiplesubfields,whichforthe MaximumSegmentSizeoption,areasfollows: •Kind(1byte)Identifiesthefunctionoftheoption.FortheMaximum SegmentSizeoption,thevalueis2. •Length(1byte)Specifiesthelengthoftheentireoption.FortheMaximum SegmentSizeoption,thevalueis4. •MaximumSegmentSize(2bytes)Specifiesthesize(inbytes)ofthe largestdatasegmentthesystemcanreceive. Intheclientsystem’sfirstTCPmessage,shownearlierinFigure14-4,thevalueofthe Optionsfieldis(inhexadecimalnotation)020405B001010402.Thefirst4bytesofthis valueconstitutetheMSSoption.TheKindvalueis02,theLengthis04,andtheMSSis 05B0,whichindecimalformis1,456bytes.Thisworksouttothemaximumframesize foranEthernetIInetwork(1,500bytes)minus20bytesfortheIPheaderand24bytesfor theTCPheader(20bytesplus4optionbytes).Theserver’sownSYNpacketcontainsthe samevalueforthisoptionbecausethesetwocomputerswerelocatedonthesameEthernet network. NOTETheremaining4bytesintheOptionsfieldconsistof2bytesof padding(0101)andtheKind(04)andLength(02)fieldsoftheSACKPermittedoption,indicatingthatthesystemiscapableofprocessing extendedinformationaspartofacknowledgmentmessages. Whenthetwosystemsarelocatedondifferentnetworks,theirMSSvaluesmayalso bedifferent,andhowthesystemsdealwiththisisleftuptotheindividualTCP implementations.Somesystemsmayjustusethesmallerofthetwovalues,whileothers mightreverttothedefaultvalueof536bytesusedwhennoMSSoptionissupplied. Windows2000systemsuseaspecialmethodofdiscoveringtheconnectionpath’sMTU (thatis,thelargestpacketsizepermittedonaninternetworklinkbetweentwosystems). Thismethod,asdefinedinRFC1191,enablesthesystemstodeterminethepacketsizes permittedonintermediatenetworks.Thus,evenifthesourceanddestinationsystemsare bothconnectedtoEthernetnetworkswith1,500-byteMTUs,theycandetectan intermediateconnectionthatsupportsonlya576-byteMTU. OncetheMSSfortheconnectionisestablished,thesystemscanbeginpackagingdata fortransmission.InthecaseofanHTTPtransaction,thewebbrowserclienttransmitsthe desiredURLtotheserverinasinglepacket(seeFigure14-7).Noticethatthesequence numberofthispacket(119841004)isthesameasthatforthepreviouspacketitsentin acknowledgmenttotheserver’sSYNmessage.ThisisbecauseTCPmessagesconsisting onlyofanacknowledgmentdonotincrementthesequencecounter.Theacknowledgment numberisalsothesameasinthepreviouspacketbecausetheclienthasnotyetreceived thenextmessagefromtheserver.NotealsothatthePSHbitisset,indicatingthatthe servershouldsendtheencloseddatatotheapplicationimmediately. Figure14-7ThefirstdatapacketsentovertheconnectioncontainstheURLrequestedbythewebbrowser. Afterreceivingtheclient’smessage,theserverreturnsanacknowledgmentmessage, asshowninFigure14-8,thatusesthesequencenumberexpectedbytheclient(116271) andhasanacknowledgmentnumberof119841363.Thedifferencebetweenthis acknowledgmentnumberandthesequencenumberoftheclientmessagepreviouslysent is359;thisiscorrectbecausethedatagramtheclientsenttotheserverwas399bytes long.Subtracting40bytesfortheIPandTCPheadersleaves359bytesofdata.Thevalue intheserver’sacknowledgmentmessage,therefore,indicatesthatithassuccessfully received359bytesofdatafromtheclient.Aseachsystemsendsdatatotheother,they incrementtheirsequencenumbersforeachbytetransmitted. Figure14-8Theserveracknowledgesallofthedatabytestransmittedbytheclient. Thenextstepintheprocessisfortheservertorespondtotheclient’srequestby sendingittherequestedHTMLfile.UsingtheMSSvalue,theservercreatessegments smallenoughtobetransmittedoverthenetworkandtransmitsthefirstoneinthe message,asshowninFigure14-9.Thesequencenumberisagainthesameastheserver’s previousmessagebecausethepreviousmessagecontainedonlyanacknowledgment.The acknowledgmentnumberisalsothesamebecausetheserverissendingasecondmessage withoutanyinterveningcommunicationfromtheclient. Figure14-9Inresponsetotheclient’srequest,theserverbeginstotransmitthewebpageaftersplittingitintomultiple segments. Inadditiontotheacknowledgmentservicejustdescribed,theTCPheaderfields providetwomoreservices: •Errorcorrection •Flowcontrol Thefollowingsectionsexamineeachofthesefunctions. ErrorCorrectionYousawinthepreviousexamplehowareceivingsystemusesthe acknowledgmentnumberinitsACKmessagetoinformthesenderthatitsdatawas receivedcorrectly.Thesystemsalsousethismechanismtoindicatewhenanerrorhas occurredanddataisnotreceivedcorrectly. TCP/IPsystemsuseasystemofdelayedacknowledgments,meaningtheydonothave tosendanacknowledgmentmessageforeverypackettheyreceive.Themethodusedto determinewhenacknowledgmentsaresentisleftuptotheindividualimplementation,but eachacknowledgmentspecifiesthatthedata,uptoacertainpointinthesequence,has beenreceivedcorrectly.Thesearecalledpositiveacknowledgmentsbecausetheyindicate thatdatahasbeenreceived.Negativeacknowledgmentsorselectiveacknowledgments, whichspecifythatdatahasnotbeenreceivedcorrectly,arenotpossibleinTCP. Whatif,forexample,inthecourseofasingleconnection,aservertransmitsfivedata segmentstoaclientandthethirdsegmentmustbediscardedbecauseofachecksumerror? Thereceivingsystemmustthensendanacknowledgmentbacktothesenderindicating thatallthemessagesupthroughthesecondsegmenthavebeenreceivedcorrectly.Even thoughthefourthandfifthsegmentswerealsoreceivedcorrectly,thethirdsegmentwas not.Usingpositiveacknowledgmentsmeansthatthefourthandfifthsegmentsmustbe retransmitted,inadditiontothethird. ThemechanismusedbyTCPiscalledpositiveacknowledgmentwithretransmission becausethesendingsystemautomaticallyretransmitsalloftheunacknowledgedsegments afteracertaintimeinterval.Thewaythisworksisthatthesendingsystemmaintainsa queuecontainingallofthesegmentsithasalreadytransmitted.Asacknowledgments arrivefromthereceiver,thesenderdeletesthesegmentsthathavebeenacknowledged fromthequeue.Afteracertainelapsedtime,thesendingsystemretransmitsallofthe unacknowledgedsegmentsremaininginthequeue.Thesystemsusealgorithms documentedinRFC1122tocalculatethetimeoutvaluesforaconnectionbasedonthe amountoftimeittakesforatransmissiontotravelfromonesystemtotheotherandback again,calledtheround-triptime. FlowControlFlowcontrolisanimportantelementoftheTCPprotocolbecauseitis designedtotransmitlargeamountsofdata.Receivingsystemshaveabufferinwhichthey storeincomingsegmentswaitingtobeacknowledged.Ifasendingsystemtransmitstoo manysegmentstooquickly,thereceiver’sbufferfillsupandanypacketsarrivingatthe systemarediscardeduntilspaceinthebufferisavailable.TCPusesamechanismcalleda slidingwindowforitsflowcontrol,whichisessentiallyameansforthereceivingsystem toinformthesenderofhowmuchbufferspaceithasavailable. EachacknowledgmentmessagegeneratedbyasystemreceivingTCPdataspecifies theamountofbufferspaceithasavailableinitsWindowfield.Aspacketsarriveatthe receivingsystem,theywaitinthebufferuntilthesystemgeneratesthemessagethat acknowledgesthem.Thesendingsystemcomputestheamountofdataitcansendby takingtheWindowvaluefromthemostrecentlyreceivedacknowledgmentand subtractingthenumberofbytesithastransmittedsinceitreceivedthatacknowledgment. Iftheresultofthiscomputationiszero,thesystemstopstransmittinguntilitreceives acknowledgmentofoutstandingpackets. ConnectionTermination Whentheexchangeofdatabetweenthetwosystemsiscomplete,theyterminatetheTCP connection.Becausetwoconnectionsareactuallyinvolved—oneineachdirection—both mustbeindividuallyterminated.Theprocessbeginswhenonemachinesendsamessage inwhichtheFINcontrolbitisset.Thisindicatesthatthesystemwantstoterminatethe connectionithasbeenusingtosenddata. Whichsysteminitiatestheterminationprocessisdependentontheapplication generatingthetraffic.InanHTMLtransaction,theservercanincludetheFINbitinthe messagecontainingthelastsegmentofdatainthesequence,oritcantaketheformofa separatemessage.TheclientreceivingtheFINfromtheserversendsanacknowledgment, closingtheserver’sconnection,andthensendsaFINmessageofitsown.Notethat, unlikethethree-wayhandshakethatestablishedtheconnection,theterminationprocedure requiresfourtransmissionsbecausetheclientsendsitsACKandFINbitsinseparate messages.Whentheservertransmitsitsacknowledgmenttotheclient’sFIN,the connectioniseffectivelyterminated. CHAPTER 15 TheDomainNameSystem Computersaredesignedtoworkwithnumbers,whilehumansaremorecomfortable workingwithwords.ThisfundamentaldichotomyisthereasonwhytheDomainName System(DNS)cametobe.Backinthedarkdaysofthe1970s,whentheInternetwasthe ARPANETandtheentireexperimentalnetworkconsistedofonlyafewhundredsystems, aneedwasrecognizedforamechanismthatwouldpermituserstorefertothenetwork’s computersbyname,ratherthanbyaddress.TheintroductionoftheTransmissionControl Protocol/InternetProtocol(TCP/IP)protocolsintheearly1980sledtotheuseof32-bitIP addresses,whichevenindotteddecimalformweredifficulttoremember. HostTables Thefirstmechanismforassigninghuman-friendlynamestoaddresseswascalledahost table,whichtooktheformofafilecalled/etc/hostsonUnixsystems.Thehosttablewasa simpleASCIIfilethatcontainedalistofnetworksystemaddressesandtheirequivalent hostnames.Whenuserswantedtoaccessresourcesonothernetworksystems,theywould specifyahostnameintheapplication,andthesystemwouldresolvethenameintothe appropriateaddressbylookingitupinthehosttable.Thishosttablestillexistsonall TCP/IPsystemstoday,usuallyintheformofafilecalledHostssomewhereonthelocal diskdrive.Ifnothingelse,thehosttablecontainsthefollowingentry,whichassignstothe standardIPloopbackaddressthehostnamelocalhost: 127.0.0.1localhost Today,theDomainNameSystemhasreplacedthehosttablealmostuniversally,but whenTCP/IPsystemsattempttoresolveahostnameintoanIPaddress,itisstillpossible toconfigurethemtochecktheHostsfilefirstbeforeusingDNS.Ifyouhaveasmall networkofTCP/IPsystemsthatisnotconnectedtotheInternet,youcanusehosttableson yourmachinestomaintainfriendlyhostnamesforyourcomputers.Thenameresolution processwillbeveryfastbecausenonetworkcommunicationsarenecessaryandyouwill notneedaDNSserver. HostTableProblems TheuseofhosttablesonTCP/IPsystemscausedseveralproblems,allofwhichwere exacerbatedasthefledglingInternetgrewfromasmall“family”ofnetworkedcomputers intotoday’sgiganticnetwork.Themostfundamentalproblemwasthateachcomputerhad tohaveitsownhosttable,whichlistedthenamesandaddressesofalloftheother computersonthenetwork.Whenyouconnectedanewcomputertothenetwork,you couldnotaccessituntilanentryforitwasaddedtoyourcomputer’shosttable. Foreveryonetokeeptheirhosttablesupdated,itwasnecessarytoinformthe administratorswhenasystemwasaddedtothenetworkoranameoraddresschange occurred.HavingeveryadministratorofanARPANETsysteme-maileveryother administratoreachtimetheymadeachangewasobviouslynotapracticalsolution,soit wasnecessarytodesignatearegistrarthatwouldmaintainamasterlistofthesystemson thenetwork,theiraddresses,andtheirhostnames. ThetaskofmaintainingthisregistrywasgiventotheNetworkInformationCenter (NIC)attheStanfordResearchInstitute(SRI),inMenloPark,California.Themasterlist wasstoredinafilecalledHosts.txtonacomputerwiththehostnameSRI-NIC. AdministratorsofARPANETsystemswoulde-mailtheirmodificationstotheNIC,which wouldupdatetheHosts.txtfileperiodically.Tokeeptheirsystemsupdated,the administratorswoulduseFTPtodownloadthelatestHosts.txtfilefromSRI-NICand compileitintoanewHostsfilefortheirsystems. Initially,thiswasanadequatesolution,butasthenetworkcontinuedtogrow,it becameincreasinglyunworkable.Asmoresystemswereaddedtothenetwork,the Hosts.txtfilegrewlarger,andmorepeoplewereaccessingSRI-NICtodownloaditona regularbasis.Theamountofnetworktrafficgeneratedbythissimplemaintenancetask becameexcessive,andchangesstartedoccurringsofastthatitwasdifficultfor administratorstokeeptheirsystemsupdated. Anotherseriousproblemwasthattherewasnocontroloverthehostnamesusedto representthesystemsonthenetwork.OnceTCP/IPcameintogeneraluse,theNICwas responsibleforassigningnetworkaddresses,butadministratorschosetheirown hostnamesforthecomputersontheirnetworks.Theaccidentaluseofduplicatehostnames resultedinmisroutedtrafficanddisruptionofcommunications.Imaginethechaosthat wouldresulttodayifanyoneontheInternetwasallowedtosetupawebserveranduse thenamemicrosoft.comforit.Clearly,abettersolutionwasneeded,andthisledtothe developmentoftheDomainNameSystem. DNSObjectives Toaddresstheproblemsresultingfromtheuseofhosttablesfornameregistrationand resolution,thepeopleresponsiblefortheARPANETdecidedtodesignacompletelynew mechanism.Theirprimaryobjectivesatfirstseemedtobecontradictory:todesigna mechanismthatwouldenableadministratorstoassignhostnamestotheirownsystems withoutcreatingduplicatenamesandtomakethathostnameinformationglobally availabletootheradministratorswithoutrelyingonasingleaccesspointthatcould becomeatrafficbottleneckandasinglepointoffailure.Inaddition,themechanismhadto beabletosupportinformationaboutsystemsthatusevariousprotocolswithdifferent typesofaddresses,andithadtobeadaptableforusebymultipleapplications. ThesolutionwastheDomainNameSystem,designedbyPaulMockapetrisand publishedin1983astwoInternetEngineeringTaskForce(IETF)documentscalled requestforcomments(RFC):RFC882,“DomainNames:ConceptsandFacilities,”and RFC883,“DomainNames:ImplementationSpecification.”Thesedocumentswere updatedin1987,publishedasRFC1034andRFC1035,respectively,andratifiedasan IETFstandard.Sincethattime,numerousotherRFCshaveupdatedtheinformationinthe standardtoaddresscurrentnetworkingissues. Currentrequestsandupdatestoolderentriescanbefoundatrfc-editor.org. TheDNS,asdesignedbyMockapetris,consistsofthreebasicelements: •Ahierarchicalnamespacethatdividesthehostsystemdatabaseintodiscrete elementscalleddomains •Domainnameserversthatcontaininformationaboutthehostand subdomainswithinagivendomain •Resolversthatgeneraterequestsforinformationfromdomainnameservers Theseelementsarediscussedinthefollowingsections. DomainNaming TheDomainNameSystemachievesthedesignatedobjectivesbyusingahierarchical system,bothinthenamespaceusedtonamethehostsandinthedatabasethatcontains thehostnameinformation.BeforetheDNSwasdeveloped,administratorsassignedsimple hostnamestothecomputersontheirnetworks.Thenamessometimesreflectedthe computer’sfunctionoritslocation,aswithSRI-NIC,buttherewasnopolicyinplacethat requiredthis.Atthattime,therewerefewenoughcomputersonthenetworktomakethis apracticalsolution. Tosupportthenetworkasitgrewlarger,Mockapetrisdevelopedahierarchicalname spacethatmadeitpossibleforindividualnetworkadministratorstonametheirsystems, whileidentifyingtheorganizationthatownsthesystemsandpreventingtheduplicationof namesontheInternet.TheDNSnamespaceisbasedondomains,whichexistina hierarchicalstructuremuchlikethedirectorytreeinafilesystem.Adomainisthe equivalentofadirectory,inthatitcancontaineithersubdomains(subdirectories)orhosts (files),formingastructurecalledtheDNStree(seeFigure15-1).Bydelegatingthe responsibilityforspecificdomainstonetworkadministratorsallovertheInternet,the resultisadistributeddatabasescatteredonsystemsalloverthenetwork. Figure15-1TheDomainNameSystemusesatreestructurelikethatofafilesystem. NOTEThetermdomainhasmorethanonemeaninginthecomputerindustry. Adomaincanbeagroupofdevicesonanetworkadministeredasone unit.OntheInternet,itcanbeanIPaddress,suchasmcgrawhill.comin whichallthedevicessharingpartofthisaddressareconsideredpartof thesamedomain.Youmayalsoseesoftwarethatisinthepublicdomain, whichmeanstheprogramcanbeusedwithoutcopyrightrestrictions. ToassignuniqueIPaddressestocomputersallovertheInternet,atwo-tieredsystem wasdevisedinwhichadministratorsreceivethenetworkidentifiersthatformthefirstpart oftheIPaddressesandthenassignhostidentifierstoindividualcomputersthemselvesto formthesecondpartoftheaddresses.Thisdistributestheaddressassignmenttasksamong thousandsofnetworkadministratorsallovertheworld.TheDNSnamespacefunctionsin thesameway:Administratorsareassigneddomainnamesandarethenresponsiblefor specifyinghostnamestosystemswithinthatdomain. TheresultisthateverycomputerontheInternetisuniquelyidentifiablebyaDNS namethatconsistsofahostnameplusthenamesofallofitsparentdomains,stretchingup totherootoftheDNStree,separatedbyperiods.Eachofthenamesbetweentheperiods canbeupto63characterslong,withatotallengthof255charactersforacompleteDNS name,includingthehostandallofitsparentdomains.Domainandhostnamesarenotcase sensitiveandcantakeanyvalueexceptthenullvalue(nocharacters),whichrepresentsthe rootoftheDNStree.Domainandhostnamesalsocannotcontainanyofthefollowing symbols: _:,/\[email protected]#!$%^&*(){}[]|;"<>~` NOTEUsingashellprompt,youcanentertheIPaddressofacomputerto lookuptheDNSname. InFigure15-2,acomputerinthemycorpdomainfunctionsasawebserver,andthe administratorhasthereforegivenitthehostnamewww.Thisadministratorisresponsible forthemycorpdomainandcanthereforeassignsystemsinthatdomainanyhostnamehe wants.Becausemycorpisasubdomainofcom,thefullDNSnameforthatwebserveris www.mycorp.com.Thus,aDNSnameissomethinglikeapostaladdress,inwhichthe top-leveldomainistheequivalentofthestate,thesecond-leveldomainisthecity,andthe hostnameisthestreetaddress. Figure15-2ADNSnamelikewww.mycorp.comreflectsasystem’splaceinthedomainhierarchy. BecauseacompleteDNSnametracesthedomainpathallthewayupthetreestructure totheroot,itshouldtheoreticallyendwithaperiod,indicatingthedivisionbetweenthe top-leveldomainandtheroot.However,thistrailingperiodisnearlyalwaysomittedin commonuse,exceptincasesinwhichitservestodistinguishanabsolutedomainname fromarelativedomainname.Anabsolutedomainname(alsocalledafullyqualified domainname[FQDN])doesspecifythepathallthewaytotheroot,whilearelative domainnamespecifiesonlythesubdomainrelativetoaspecificdomaincontext.For example,whenworkingonacomplexnetworkcalledzacker.comthatusesseverallevels ofsubdomains,youmightrefertoasystemusingarelativedomainnameofmail.paris withoutaperiodbecauseit’sunderstoodbyyourcolleaguesthatyou’reactuallyreferring toasystemwithanabsolutenameofmail.paris.zacker.com.(withaperiod). It’salsoimportanttounderstandthatDNSnameshavenoinherentconnectiontoIP addressesoranyothertypeofaddress.Theoretically,thehostsystemsinaparticular domaincanbelocatedondifferentnetworks,thousandsofmilesapart. Top-LevelDomains IneveryDNSname,thefirstwordontherightrepresentsthedomainatthehighestlevel intheDNStree,calledatop-leveldomain.Thesetop-leveldomainsessentiallyfunctionas registrarsforthedomainsatthesecondlevel.Forexample,theadministratorof zacker.comwenttothecomtop-leveldomainandregisteredthenamezacker.Inreturnfor afee,thatadministratornowhasexclusiveuseofthenamezacker.comandcancreateany hostorsubdomainnamesinthatdomainthathewants.Itdoesn’tmatterthatthousandsof othernetworkadministratorshavenamedtheirwebserverswwwbecausetheyallhave theirownindividualdomainnames.Thehostnamewwwmaybeduplicatedanywhere,as longastheDNSnameisunique. TheoriginalDNSnamespacecalledforseventop-leveldomains,centeredinU.S. nomenclatureanddedicatedtospecificpurposes,asfollows: •comCommercialorganizations •eduFour-year,degree-grantingeducationalinstitutionsinNorthAmerica •govU.S.governmentinstitutions •intOrganizationsestablishedbyinternationaltreaty •milU.S.militaryapplications •netNetworkingorganizations •orgNoncommercialorganizations Theedu,gov,int,andmildomainswereoriginallyreservedforusebycertified organizations,butthecom,org,andnetdomainswereandarecalledglobaldomains, becauseorganizationsanywhereintheworldcanregistersecond-leveldomainswithin them.Originally,thesetop-leveldomainsweremanagedbyacompanycalledNetwork Solutions(NSI,formerlyknownasInterNIC,theInternetNetworkInformationCenter)as aresultofcooperativeagreementwiththeU.S.government.Youcanstillgotoitsweb siteatwww.networksolutions.com/andregisternamesinthesetop-leveldomains. In1998,theagreementwiththeU.S.governmentwaschangedtopermitother organizationstocompetewithNSIinprovidingdomainregistrations.Anorganization calledtheInternetCorporationforAssignedNamesandNumbers(ICANN)isresponsible fortheaccreditationofdomainnameregistrars.Underthisnewpolicy,theproceduresand feesforregisteringnamesinthecom,net,andorgdomainsmayvary,buttherewillbeno differenceinthefunctionalityofthedomainnames,norwillduplicatenamesbe permitted.ThecompletelistofregistrarsthathavebeenaccreditedbyICANNisavailable athttp://www.webhosting.info/registrars/. Currently,morethan1,900newtop-leveldomainnameshavebeensubmittedto ICANN,andduring2015,itisanticipatedthateachweeknewnameswillbeavailablefor openregistration.Whiletheremaybeconflicts,theissueswill,atthistime,besettledby auctionornegotiation.Approvalfornewtop-leveldomainnamescurrentlyhasthree stages: •SunrisestageDuringthis60-dayperiod,legaltrademarkownerscan“stake theirclaim”beforeregistrationforthatname. •LandrushstageThisisapreregistrationperiodwhereapplicantscanpaya fee(whichinmanycaseswillbesubstantial)foraspecificdomainname. •OpenregistrationDuringthistime,anyonecanregisteranewdomain. .comDomainConflicts Thecomtop-leveldomainistheonemostcloselyassociatedwithcommercialInternet interests,andnamesofcertaintypesinthecomdomainarebecomingscarce.For example,itisdifficultatthistimetocomeupwithasnappynameforanInternet technologycompanythatincludestheword“net”thathasnotalreadybeenregisteredin thecomdomain. Therehavealsobeenconflictsbetweenorganizationsthatthinktheyhavearighttoa particulardomainname.Trademarklawpermitstwocompaniestohavethesamename,as longastheyarenotdirectlycompetitiveinthemarketplace.However,A1AutoParts CompanyandA1Softwaremaybothfeelthattheyhavearighttothea1.comdomain,and lawsuitshaveariseninsomecases.Inotherinstances,forward-thinkingprivate individualswhoregistereddomainsusingtheirownnameshavelaterbeenconfrontedby corporationswiththesamenamewhowanttojumpontheInternetbandwagonandthink theyhavearighttothatname.IfacertainindividualofScottishextractionregistershis domainonlytofindoutsomeyearslaterthatafast-foodcompany(forexample)isvery anxioustoacquirethatdomainname,theendresultcanbeeitheraprofitablesettlement fortheindividualoranastycourtcase. ThisphenomenongaverisetoaparticularbreedofInternetbottom-feederknownas domainnamespeculators.Thesepeopleregisterlargenumbersofdomainnamesthatthey thinksomecompanymightwantsomeday,hopingthattheycanreceivealargefeein returnforsellingthemthedomainname.Anotherunscrupulouspracticeisforacompany inaparticularbusinesstoregisterdomainsusingthenamesoftheircompetitors.Thus, whenInternetusersgotopizzaman.com,expectingtofindRaythePizzaMan’swebsite, theyinsteadfindthemselvesredirectedtothesiteforBob’sPizzaPalace,whichislocated acrossthestreetfromRay’s. Cybersquatting Bydefinition,cybersquattingisthepracticeofregisteringanInternetdomainnamesimply forthepurposeofprofitingbysellingthenametosomeoneelse.AccordingtotheWorld IntellectualPropertyOrganization(WIPO),thispracticeincludesthefollowing: •Abusiveregistrationofadomainnamethatismisleadinglysimilaror identicaltoanexistingtrademark. •Aregistereddomainnameforwhichtheregisteringpartyhasnorightsor legitimateinterests. •Adomainnamethatisregisteredandusedinbadfaith. ICANNcreateditsUniformDomainNameResolutionPolicy(UDRP)tocounteract cybersquatting.Since2000,allregistrantsofdomainssuchas.com,.net,and.orghave beensubjecttothispolicy.Inresponsetothenewtop-leveldomains(TLDs),inMarch 2013,ICANNlaunchedtheIPTrademarkClearinghouse,acentralizeddatabaseofvalid trademarkstoprotectthesetrademarks,especiallyduringthetimeinwhichthenewTLDs arelaunched. Country-CodeDomains Therearemanycountry-codedomains(alsocalledinternationaldomains),namedfor specificcountriesusingtheISOdesignations,suchasfrforFranceanddeforDeutschland (Germany).Manyofthesecountriesallowfreeregistrationofsecond-leveldomainsto anyone,withoutrestrictions.Fortheothercountries,anorganizationmustconformto somesortoflocalpresence,tax,ortrademarkguidelinesinordertoregisterasecond-level domain.Eachofthesecountry-codedomainsismanagedbyanorganizationinthat country,whichestablishesitsowndomainnameregistrationpolicies. NOTEForthecountrycodesmaintainedbytheInternationalOrganizationfor Standardization(ISO),seewww.iso.org/iso/country_codes.htm. Thereisalsoaustop-leveldomainthatisaviablealternativefororganizationsunable toobtainasatisfactorynameinthecomdomain.InMarch2014,theNational TelecommunicationsandInformationAdministration(NTIA)armoftheU.S.Department ofCommerceawardedtheadministrativecontracttoNeustarforthreeyears.Thisentity registerssecond-leveldomainstobusinessesandindividuals,aswellastogovernment agencies,educationalinstitutions,andotherorganizations.Theonlyrestrictionisthatall usdomainsmustconformtoanaminghierarchythatusestwo-letterstateabbreviationsat thethirdlevelanduseslocalcityorcountynamesatthefourthlevel.Thus,anexampleof avaliddomainnamewouldbesomethinglikemgh.newyork.ny.us.Thegeneralformatis <organization-name>.<locality>.<state>.us,where<state>isastate’stwo-letterpostal abbreviation. Second-LevelDomains Theregistrarsofthetop-leveldomainsareresponsibleforregisteringsecond-leveldomain names,inreturnforasubscriptionfee.Aslongasanorganizationcontinuestopaythe feesforitsdomainname,ithasexclusiverightstothatname.Thedomainregistrar maintainsrecordsthatidentifytheownerofeachsecond-leveldomainandspecifythree contactswithintheregistrant’sorganization—anadministrativecontact,abillingcontact, andatechnicalcontact.Inaddition,theregistrarmusthavetheIPaddressesoftwoDNS serversthatfunctionasthesourceforfurtherinformationaboutthedomain.Thisisthe onlyinformationmaintainedbythetop-leveldomain.Theadministratorsofthe registrant’snetworkcancreateasmanyhostsandsubdomainswithinthesecond-level domainastheywantwithoutinformingtheregistrarsatall. Tohostasecond-leveldomain,anorganizationmusthavetwoDNSservers.ADNS serverisasoftwareprogramthatrunsonacomputer.DNSserverproductsareavailable forallofthemajornetworkoperatingsystems.TheDNSserversdonothavetobelocated ontheregistrant’snetwork;manycompaniesoutsourcetheirInternetserverhostingchores andusetheirserviceprovider’sDNSservers.TheDNSserversidentifiedinthetop-level domain’srecordaretheauthorityforthesecond-leveldomain.Thismeansthatthese serversaretheultimatesourceforinformationaboutthatdomain.Whennetwork administratorswanttoaddahosttothenetworkorcreateanewsubdomain,theydosoin theirownDNSservers.Inaddition,wheneverauserapplicationsomewhereonthe InternethastodiscovertheIPaddressassociatedwithaparticularhostname,therequest eventuallyendsupatoneofthedomain’sauthoritativeservers. Thus,initssimplestform,theDomainNameSystemworksbyreferringrequestsfor theaddressofaparticularhostnametoatop-leveldomainserver,whichinturnpassesthe requesttotheauthoritativeserverforthesecond-leveldomain,whichrespondswiththe requestedinformation.ThisiswhytheDNSisdescribedasadistributeddatabase.The informationaboutthehostsinspecificdomainsisstoredontheirauthoritativeservers, whichcanbelocatedanywhere.Thereisnosinglelistofallthehostnamesontheentire Internet,whichisactuallyagoodthingbecauseatthetimethattheDNSwasdeveloped, noonewouldhavepredictedthattheInternetwouldgrowaslargeasithas. ThisdistributednatureoftheDNSdatabaseeliminatesthetraffic-congestionproblem causedbytheuseofahosttablemaintainedonasinglecomputer.Thetop-leveldomain serverhandlesmillionsofrequestsaday,buttheyarerequestsonlyfortheDNSservers associatedwithsecond-leveldomains.Ifthetop-leveldomainshadtomaintainrecordsfor everyhostineverysecond-leveldomaintheyhaveregistered,theresultingtrafficwould bringtheentiresystemtoitsknees. Distributingthedatabaseinthiswayalsosplitsthechoresofadministeringthe databaseamongthousandsofnetworkadministratorsaroundtheworld.Domainname registrantsareeachresponsiblefortheirownareaofthenamespaceandcanmaintainitas theywantwithcompleteautonomy. Subdomains ManyofthedomainsontheInternetstopattwolevels,meaningthatthesecond-level domaincontainsonlyhostsystems.However,itispossiblefortheadministratorsofa second-leveldomaintocreatesubdomainsthatformadditionallevels.Theustop-level domain,forexample,requiresaminimumofthreelevels:thecountrycode,thestatecode, andthelocalcityorcountycode.Thereisnolimitonthenumberoflevelsyoucancreate withinadomain,exceptforthoseimposedbypracticalityandthe255-charactermaximum DNSnamelength. Insomecases,largeorganizationsusesubdomainstosubdividetheirnetworks accordingtogeographicalororganizationalboundaries.Alargecorporationmightcreatea third-leveldomainforeachcityorcountryinwhichithasanoffice,suchas paris.zacker.comandnewyork.zacker.com,orforeachofseveraldepartments,suchas sales.zacker.comandmis.zacker.com.Theorganizationalparadigmforeachdomainisleft completelyuptoitsadministrators. Theuseofsubdomainscanmakeiteasiertoidentifyhostsonalargenetwork,but manyorganizationsalsousethemtodelegatedomainmaintenancechores.TheDNS serversforatop-leveldomaincontaintheaddressesforeachsecond-leveldomain’s authoritativeservers.Inthesameway,asecond-leveldomain’sserverscanreferto authoritativeserversforthird-leveladministratorsateachsitetomaintaintheirownDNS servers. Tomakethisdelegationpossible,DNSserverscanbreakupadomain’snamespace intoadministrativeunitscalledzones.Adomainwithonlytwolevelsconsistsofonlya singlezone,whichissynonymouswiththedomain.Athree-leveldomain,however,can bedividedintomultiplezones.AzonecanbeanycontiguousbranchofaDNStreeand canincludedomainsonmultiplelevels.Forexample,inthediagramshowninFigure153,theparis.zacker.comdomain,includingallofitssubdomainsandhosts,isonezone, representedbyitsownDNSservers.Therestofthezacker.comdomain,including newyork.zacker.com,chicago.zacker.com,andzacker.comitself,isanotherzone.Thus,a zonecanbedefinedasanypartofadomain,includingitssubdomains,thatisnot designatedaspartofanotherzone. Figure15-3AzoneisanadministrativeentitythatcontainsabranchoftheDNStree. EachzonemustberepresentedbyDNSserversthataretheauthorityforthatzone.A singleDNSservercanbeauthoritativeformultiplezones,soyoucouldconceivablycreate aseparatezoneforeachofthethird-leveldomainsinzacker.comandstillhaveonlytwo setsofDNSservers. DNSFunctions DNSserversareaubiquitouspartofmostTCP/IPnetworks,evenifyouaren’tawareofit. IfyouconnecttotheInternet,youuseaDNSservereachtimeyouenteraservernameor URLintoawebbrowserorotherapplicationtoresolvethenameofthesystemyou specifiedintoanIPaddress.Whenastand-alonecomputerconnectstoanInternetservice provider(ISP),theISP’sserverusuallysuppliestheaddressesoftheDNSserversthatthe systemwilluse.OnaTCP/IPnetwork,administratorsorusersconfigureclientswiththe addressesoftheDNSserverstheywilluse.Thiscanbeamanualprocessperformedfor eachworkstationoranautomaticprocessperformedusingaservicesuchasDynamicHost ConfigurationProtocol(DHCP).TheenduserwillnotusuallyseetheIPaddressbecause thisisalltakencareofinthebackground. TCP/IPcommunicationsarebasedsolelyonIPaddresses.Beforeonesystemcan communicatewithanother,itmustknowitsIPaddress.Often,theusersuppliesafriendly name(suchasaDNSname)foradesiredservertoaclientapplication.Theapplication mustthenresolvethatservernameintoanIPaddressbeforeitcantransmitamessageto it.Ifthenameresolutionmechanismfailstofunction,nocommunicationwiththeserveris possible. VirtuallyallTCP/IPnetworksusesomeformoffriendlynameforhostsystemsand includeamechanismforresolvingthosenamesintotheIPaddressesneededtoinitiate communicationsbetweensystems.IfthenetworkisconnectedtotheInternet,DNSname resolutionisanecessity.Privatenetworksdonotnecessarilyneedit,however.Microsoft WindowsNTnetworks,forexample,useNetBIOSnamestoidentifytheirsystemsand havetheirownmechanismsforresolvingthosenamesintoIPaddresses.These mechanismsincludetheWindowsInternetNamingSystem(WINS)andalsothe transmissionofbroadcastmessagestoeverysystemonthenetwork.NetBIOSnamesand nameresolutionmechanismsdonotreplacetheDNS;theyareintendedforuseon relativelysmall,privatenetworksandwouldnotbepracticalontheInternet.Acomputer canhavebothaNetBIOSnameandaDNShostnameandusebothtypesofname resolution. ResourceRecords DNSserversarebasicallydatabaseserversthatstoreinformationaboutthehostsand subdomainforwhichtheyareresponsibleinresourcerecords(RRs).Whenyourunyour ownDNSserver,youcreatearesourcerecordforeachhostnamethatyouwanttobe accessiblebytherestofthenetwork.Thereareseveraldifferenttypesofresourcerecords usedbyDNSservers,themostimportantofwhichareasfollows: •Startofauthority(SOA)Indicatesthattheserveristhebestauthoritative sourcefordataconcerningthezone.EachzonemusthaveanSOArecord,and onlyoneSOArecordcanbeinazone. •Nameserver(NS)IdentifiesaDNSserverfunctioningasanauthorityfor thezone.EachDNSserverinthezone(whetherprimary,master,orslave)must berepresentedbyanNSrecord. •Address(A)Providesaname-to-addressmappingthatsuppliesanIP addressforaspecificDNSname.Thisrecordtypeperformstheprimaryfunction oftheDNS,convertingnamestoaddresses. •PTR(Pointer)Providesanaddress-to-namemappingthatsuppliesaDNS nameforaspecificaddressinthein-addr.arpadomain.Thisisthefunctional oppositeofanArecord,usedforreverselookupsonly. •Canonicalname(CNAME)Createsanaliasthatpointstothecanonical name(thatis,the“real”name)ofahostidentifiedbyanArecord.CNAME recordsareusedtoprovidealternativenamesbywhichsystemscanbeidentified. Forexample,youmayhaveasystemwiththenameserver1.zacker.comonyour networkthatyouuseasawebserver.Changingthehostnameofthecomputer wouldconfuseyourusers,butyouwanttousethetraditionalnameofwwwto identifythewebserverinyourdomain.OnceyoucreateaCNAMErecordforthe namewww.zacker.comthatpointstoserver1.zacker.com,thesystemis addressableusingeithername. •Mailexchanger(MX)Identifiesasystemthatwilldirecte-mailtrafficsent toanaddressinthedomaintotheindividualrecipient,amailgateway,oranother mailserver. InadditiontofunctioningastheauthorityforasmallsectionoftheDNSnamespace, serversprocessclientnameresolutionrequestsbyeitherconsultingtheirownresource recordsorforwardingtherequesttoanotherDNSserveronthenetwork.Theprocessof forwardingarequestiscalledareferral,andthisishowalloftheDNSserversonthe Internetworktogethertoprovideaunifiedinformationresourcefortheentiredomain namespace. DNSNameResolution AllInternetapplicationsuseDNStoresolvehostnamesintoIPaddresses.Whenyoutype aURLcontainingaDNSname(suchasmcgrawhill.com)intothebrowser’sAddressfield andpressENTER,itiswhiletheapplicationgoesthroughtheprocessoffindingthesite andconnectingthattheDNSnameresolutionprocessoccurs. Fromtheclient’sperspective,theprocedurethatoccursduringthesefewseconds consistsoftheapplicationsendingaquerymessagetoitsdesignatedDNSserverthat containsthenametoberesolved.TheserverthenreplieswithamessagecontainingtheIP addresscorrespondingtothatname.Usingthesuppliedaddress,theapplicationcanthen transmitamessagetotheintendeddestination.ItisonlywhenyouexaminetheDNS server’sroleintheprocessthatyouseehowcomplextheprocedurereallyis. Resolvers ThecomponentintheclientsystemthatgeneratestheDNSqueryiscalledaresolver.In mostcases,theresolverisasimplesetoflibraryroutinesintheoperatingsystemthat generatesthequeriestobesenttotheDNSserver,readstheresponseinformationfromthe server’sreplies,andfeedstheresponsetotheapplicationthatoriginallyrequestedit.In addition,aresolvercanresendaqueryifnoreplyisforthcomingafteragiventimeout periodandcanprocesserrormessagesreturnedbytheserver,suchaswhenitfailsto resolveagivenname. DNSRequests ATCP/IPclientusuallyisconfiguredwiththeaddressesoftwoDNSserverstowhichit cansendqueries.AclientcansendaquerytoanyDNSserver;itdoesnothavetousethe authoritativeserverforthedomaininwhichitbelongs,nordoestheserverhavetobeon thelocalnetwork.UsingtheDNSserverthatisclosesttotheclientisbest,however, becauseitminimizesthetimeneededformessagestotravelbetweenthetwosystems.A clientneedsaccesstoonlyoneDNSserver,buttwoareusuallyspecifiedtoprovidea backupincaseoneserverisunavailable. TherearetwotypesofDNSqueries:recursiveanditerative.Whenaserverreceivesa recursivequery,itisresponsiblefortryingtoresolvetherequestednameandfor transmittingareplytotherequestor.Eveniftheserverdoesnotpossesstherequired informationitself,itmustsenditsownqueriestootherDNSserversuntilitobtainsthe requestedinformationoranerrormessagestatingwhytheinformationwasunavailable andmustthenrelaytheinformationtotherequestor.Thesystemthatgeneratedthequery, therefore,receivesareplyonlyfromtheoriginalservertowhichitsentthequery.The resolversinclientsystemsnearlyalwayssendrecursivequeriestoDNSservers. Whenaserverreceivesaniterativequery(alsocalledanonrecursivequery),itcan eitherrespondwithinformationfromitsowndatabaseorrefertherequestortoanother DNSserver.Therecipientofthequeryrespondswiththebestansweritcurrently possesses,butisnotresponsibleforsearchingfortheinformation,aswitharecursive query.DNSserversprocessingarecursivequeryfromaclienttypicallyuseiterative queriestorequestinformationfromotherservers.ItispossibleforaDNSservertosenda recursivequerytoanotherserver,thusineffect“passingthebuck”andforcingtheother servertosearchfortherequestedinformation,butthisisconsideredbadformandisrarely donewithoutpermission. OneofthescenariosinwhichDNSserversdosendrecursivequeriestootherservers iswhenyouconfigureaservertofunctionasaforwarder.Onanetworkrunningseveral DNSservers,youmaynotwantalloftheserverssendingqueriestootherDNSserverson theInternet.IfthenetworkhasarelativelyslowconnectiontotheInternet,forexample, severalserverstransmittingrepeatedqueriesmayusetoomuchoftheavailable bandwidth. Topreventthis,someDNSimplementationsenableyoutoconfigureoneserverto functionastheforwarderforallInternetqueriesgeneratedbytheotherserversonthe network.AnytimethataserverhastoresolvetheDNSnameofanInternetsystemand failstofindtheneededinformationinitscache,ittransmitsarecursivequerytothe forwarder,whichisthenresponsibleforsendingitsowniterativequeriesovertheInternet connection.Oncetheforwarderresolvesthename,itsendsareplytotheoriginalDNS server,whichrelaysittotheclient. Thisrequest-forwardingbehaviorisafunctionoftheoriginalserveronly.The forwardersimplyreceivesstandardrecursivequeriesfromtheoriginalserverand processesthemnormally.Aservercanbeconfiguredtouseaforwarderineitherexclusive ornonexclusivemode.Inexclusivemode,theserverreliescompletelyontheforwarderto resolvetherequestedname.Iftheforwarder’sresolutionattemptfails,theserverrelaysa failuremessagetotheclient.Aserverthatusesaforwarderinexclusivemodeiscalleda slave.Innonexclusivemode,iftheforwarderfailstoresolvethenameandtransmitsan errormessagetotheoriginalserver,thatservermakesitsownresolutionattemptbefore respondingtotheclient. RootNameServers Inmostcases,DNSserversthatdonotpossesstheinformationneededtoresolveaname requestedbyaclientsendtheirfirstiterativequerytooneoftheInternet’srootname servers.Therootnameserverspossessinformationaboutallofthetop-leveldomainsin theDNSnamespace.WhenyoufirstinstallaDNSserver,theonlyaddressesthatitneeds toprocessclientrequestsarethoseoftherootnameserversbecausetheseserverscansend arequestforanameinanydomainonitswaytotheappropriateauthority. TherootnameserverscontaintheaddressesoftheauthoritativeserversforallthetopleveldomainsontheInternet.Infact,therootnameserversaretheauthoritiesforcertain top-leveldomains,buttheycanalsoreferqueriestotheappropriateserverforanyofthe othertop-leveldomains,includingthecountry-codedomains,whicharescatteredallover theworld.Therearecurrently13rootnameservers,andtheyprocessmillionsofrequests eachday.Theserversarealsoscatteredwidelyandconnectedtodifferentnetworktrunks, sothechancesofallofthembeingunavailableareminimal.Ifthisweretooccur,virtually allDNSnameresolutionwouldcease,andtheInternetwouldbecrippled. Currently,theNTIAadministersauthoritythroughICANNovertheserootname servers.However,inMarch2014,theNTIAannounceditwillcedeauthoritytoanother organization,whichhasnotyetbeenidentified. ResolvingaDomainName Withtheprecedingpiecesinplace,youarenowreadytoseehowtheDNSserverswork togethertoresolvethenameofaserverontheInternet(seeFigure15-4).Theprocessisas follows: Figure15-4DNSserverscommunicateamongthemselvestolocatetheinformationrequestedbyaclient. 1.AuseronaclientsystemspecifiestheDNSnameofanInternetserverinan applicationsuchasawebbrowserorFileTransferProtocol(FTP)client. 2.Theapplicationgeneratesanapplicationprogramminginterface(API)callto theresolverontheclientsystem,andtheresolvercreatesaDNSrecursivequery messagecontainingtheservername. 3.TheclientsystemtransmitstherecursivequerymessagetotheDNSserver identifiedinitsTCP/IPconfiguration. 4.Theclient’sDNSserver,afterreceivingthequery,checksitsresource recordstoseewhetheritistheauthoritativesourceforthezonecontainingthe requestedservername.Ifitistheauthority,itgeneratesareplymessageand transmitsittotheclient.IftheDNSserverisnottheauthorityforthedomainin whichtherequestedserverislocated,itgeneratesaniterativequeryandsubmitsit tooneoftherootnameservers. 5.TherootnameserverexaminesthenamerequestedbytheoriginalDNS serverandconsultsitsresourcerecordstoidentifytheauthoritativeserversforthe name’stop-leveldomain.Becausetherootnameserverreceivedaniterative request,itdoesnotsenditsownrequesttothetop-leveldomainserver.Instead,it transmitsareplytotheoriginalDNSserverthatcontainsareferraltothetop-level domainserveraddresses. 6.TheoriginalDNSserverthengeneratesanewiterativequeryandtransmitsit tothetop-leveldomainserver.Thetop-leveldomainserverexaminesthesecondleveldomainintherequestednameandtransmitstotheoriginalserverareferral containingtheaddressesofauthoritativeserversforthatsecond-leveldomain. 7.Theoriginalservergeneratesyetanotheriterativequeryandtransmitsitto thesecond-leveldomainserver.Iftherequestednamecontainsadditionaldomain names,thesecond-leveldomainserverreplieswithanotherreferraltothethirdleveldomainservers.Thesecond-leveldomainservermayalsorefertheoriginal servertotheauthoritiesforadifferentzone.Thisprocesscontinuesuntilthe originalserverreceivesareferraltothedomainserverthatistheauthorityforthe domainorzonecontainingtherequestedhost. 8.Oncetheauthoritativeserverforthedomainorzonecontainingthehost receivesaqueryfromtheoriginalserver,itconsultsitsresourcerecordsto determinetheIPaddressoftherequestedsystemandtransmitsitinareply messagetothatoriginalserver. 9.Theoriginalserverreceivesthereplyfromtheauthoritativeserverand transmitstheIPaddressbacktotheresolverontheclientsystem.Theresolver relaystheaddresstotheapplication,whichcantheninitiatecommunicationswith thesystemspecifiedbytheuser. Thisprocedureassumesasuccessfulcompletionofthenameresolutionprocedure.If anyoftheauthoritativeDNSserversqueriedreturnsanerrormessagetotheoriginal serverstating,forexample,thatoneofthedomainsinthenamedoesnotexist,thiserror messageisrelayedtotheclientandthenameresolutionprocessissaidtohavefailed. DNSServerCaching Thisprocessmayseemextremelylongandcomplex,butinmanycases,itisn’tnecessary fortheclient’sDNSservertosendqueriestotheserversforeachdomainspecifiedinthe requestedDNSname.DNSserversarecapableofretainingtheinformationtheylearn abouttheDNSnamespaceinthecourseoftheirnameresolutionproceduresandstoringit inacacheonthelocaldrive. ADNSserverthatreceivesrequestsfromclients,forexample,cachestheaddressesof therequestedsystems,aswellastheaddressesforparticulardomains’authoritative servers.Thenexttimethataclienttransmitsarequestforapreviouslyresolvedname,the servercanrespondimmediatelywiththecachedinformation.Inaddition,ifaclient requestsanothernameinoneofthesamedomains,theservercansendaquerydirectlyto anauthoritativeserverforthatdomain,andnottoarootnameserver.Thus,usersshould generallyfindthatnamesincommonlyaccesseddomainsresolvemorequicklybecause oneoftheserversalongthelinehasinformationaboutthedomaininitscache,while namesinobscuredomainstakelongerbecausetheentirerequest/referralprocessis needed. NegativeCachingInadditiontostoringinformationthataidsinthenameresolution process,mostmodernDNSserverimplementationsarecapableofnegativecaching. NegativecachingoccurswhenaDNSserverretainsinformationaboutnamesthatdonot existinadomain.If,forexample,aclientsendsaquerytoitsDNSservercontaininga nameinwhichthesecond-leveldomaindoesnotexist,thetop-leveldomainserverwill returnareplycontaininganerrormessagetothateffect.Theclient’sDNSserverwillthen retaintheerrormessageinformationinitscache.Thenexttimeaclientrequestsanamein thatdomain,theDNSserverwillbeabletorespondimmediatelywithitsownerror message,withoutconsultingthetop-leveldomain. CacheDataPersistenceCachingisavitalelementoftheDNSarchitecturebecauseit reducesthenumberofrequestssenttotherootnameandtop-leveldomainservers,which, beingatthetopoftheDNStree,arethemostlikelytoactasabottleneckforthewhole system.However,cachesmustbepurgedeventually,andthereisafinelinebetween effectiveandineffectivecaching.BecauseDNSserversretainresourcerecordsintheir caches,itcantakehoursorevendaysforchangesmadeinanauthoritativeservertobe propagatedaroundtheInternet.Duringthisperiod,usersmayreceiveincorrect informationinresponsetoaquery.Ifinformationremainsinservercachestoolong,the changesthatadministratorsmaketothedataintheirDNSserverstaketoolongto propagatearoundtheInternet.Ifcachesarepurgedtooquickly,thenumberofrequests senttotherootnameandtop-leveldomainserversincreasesprecipitously. TheamountoftimethatDNSdataremainscachedonaserveriscalleditstimetolive (TTL).Unlikemostdatacaches,thetimetoliveisnotspecifiedbytheadministratorof theserverwherethecacheisstored.Instead,theadministratorsofeachauthoritativeDNS serverspecifyhowlongthedatafortheresourcerecordsintheirdomainsorzonesshould beretainedintheserverswhereitiscached.Thisenablesadministratorstospecifyatimeto-livevaluebasedonthevolatilityoftheirserverdata.OnanetworkwherechangesinIP addressesortheadditionofnewresourcerecordsisfrequent,alowertime-to-livevalue increasesthelikelihoodthatclientswillreceivecurrentdata.Onanetworkthatrarely changes,youcanusealongertime-to-livevalueandminimizethenumberofrequestssent totheparentserversofyourdomainorzone. DNSLoadBalancing Inmostcases,DNSserversmaintainoneIPaddressforeachhostname.However,there aresituationsinwhichmorethanoneIPaddressisrequired.Inthecaseofahighly traffickedwebsite,forexample,oneservermaynotbesufficienttosupportallofthe clients.Tohavemultiple,identicalserverswiththeirownIPaddresseshostingthesame site,somemechanismisneededtoensurethatclientrequestsarebalancedamongthe machines. Onewayofdoingthisistocontrolhowtheauthoritativeserversforthedomainon whichthesiteislocatedresolvetheDNSnameofthewebserver.SomeDNSserver implementationsenableyoutocreatemultipleresourcerecordswithdifferentIPaddresses forthesamehostname.Astheserverrespondstoqueriesrequestingresolutionofthat name,itusestheresourcerecordsinarotationalfashiontosupplytheIPaddressofa differentmachinetoeachclient. DNScachingtendstodefeattheeffectivenessofthisrotationalsystembecauseservers usethecachedinformationaboutthesite,ratherthanissuinganewqueryandpossibly receivingtheaddressforanothersystem.Asaresult,itisgenerallyrecommendedthatyou usearelativelyshorttime-to-livevaluefortheduplicatedresourcerecords. ReverseNameResolution TheDomainNameSystemisdesignedtofacilitatetheresolutionofDNSnamesintoIP addresses,buttherearealsoinstancesinwhichIPaddresseshavetoberesolvedintoDNS names.Theseinstancesarerelativelyrare.Inlogfiles,forexample,somesystemsconvert IPaddressestoDNSnamestomakethedatamorereadilyaccessibletohumanreaders. Certainsystemsalsousereversenameresolutioninthecourseofauthentication procedures. ThestructureoftheDNSnamespaceandthemethodbywhichit’sdistributedamong variousserversisbasedonthedomainnamehierarchy.Whentheentiredatabaseis locatedononesystem,suchasinthecaseofahosttable,searchingforaparticular addresstofindoutitsassociatednameisnodifferentfromsearchingforanametofindan address.However,locatingaparticularaddressintheDNSnamespacewouldseemto requireasearchofalloftheInternet’sDNSservers,whichisobviouslyimpractical. Tomakereversenameresolutionpossiblewithoutperformingamassivesearchacross theentireInternet,theDNStreeincludesaspecialbranchthatusesthedotteddecimal valuesofIPaddressesasdomainnames.Thisbranchstemsfromadomaincalledinaddr.arpa,whichislocatedjustbeneaththerootoftheDNStree,asshowninFigure15-5. Justbeneaththein-addrdomain,thereare256subdomainsnamedusingthenumbers0to 255torepresentthepossiblevaluesofanIPaddress’sfirstbyte.Eachofthesesubdomains containsanother256subdomainsrepresentingthepossiblevaluesofthesecondbyte.The nextlevelhasanother256domains,eachofwhichcanhaveupto256numberedhosts, whichrepresentthethirdandfourthbytesoftheaddress. Figure15-5Thein-addr.arpadomainhierarchy Usingthein-addr.arpadomainstructure,eachofthehostsrepresentedbyastandard nameonaDNSserveralsohasanequivalentDNSnameconstructedusingitsIPaddress. Therefore,ifasystemwiththeIPaddress192.168.214.23islistedintheDNSserverfor thezacker.comdomainwiththehostnamewww,thereisalsoaresourcerecordforthat systemwiththeDNSname23.214.168.192.in-addr.arpa,meaningthatthereisahostwith thename23inadomaincalled214.168.192.in-addr.arpa,asshowninFigure15-6.This domainstructuremakesitpossibleforasystemtosearchfortheIPaddressofahostina domain(orzone)withouthavingtoconsultotherserversintheDNStree.Inmostcases, youcanconfigureaDNSservertoautomaticallycreateanequivalentresourcerecordin thein-addr.arpadomainforeveryhostyouaddtothestandarddomainnamespace. Figure15-6EachhostintheDNSdatabasehastworesourcerecords. ThebytevaluesofIPaddressesarereversedinthein-addr.arpadomainbecauseina DNSname,theleastsignificantwordcomesfirst,whereasinIPaddresses,theleast significantbytecomeslast.Inotherwords,aDNSnameisstructuredwiththerootofthe DNStreeontherightsideandthehostnameontheleft.InanIPaddress,thehost identifierisontheright,andthenetworkidentifierisontheleft.Itwouldbepossibleto createadomainstructureusingtheIPaddressbytesintheirregularorder,butthiswould complicatetheadministrationprocessbymakingithardertodelegatemaintenancetasks basedonnetworkaddresses. DNSNameRegistration Asyouhavealreadylearned,nameresolutionistheprocessbywhichIPaddress informationforahostnameisextractedfromtheDNSdatabase.Theprocessbywhich hostnamesandtheiraddressesareaddedtothedatabaseiscallednameregistration.Name registrationreferstotheprocessofcreatingnewresourcerecordsonaDNSserver,thus makingthemaccessibletoalloftheotherDNSserversonthenetwork. ThenameregistrationprocessonatraditionalDNSserverisdecidedlylow-tech. Thereisnomechanismbywhichtheservercandetectthesystemsonthenetworkand entertheirhostnamesandIPaddressesintoresourcerecords.Infact,acomputermaynot evenbeawareofitshostnamebecauseitreceivesallofitscommunicationsusingIP addressesandneverhastoanswertoitsname. ToregisterahostintheDNSnamespace,anadministratorhastomanuallycreatea resourcerecordontheserver.Themethodforcreatingresourcerecordsvariesdepending ontheDNSserverimplementation.Unix-basedserversrequireyoutoeditatextfile, whileMicrosoftDNSServerusesagraphicalinterface. ManualNameRegistration ThemanualnameregistrationprocessisanadaptationofthehosttableforuseonaDNS server.Itiseasytoseehow,intheearlydays,administratorswereabletoimplementDNS serversontheirnetworkbyusingtheirhosttableswithslightmodifications.Today, however,themanualnameregistrationprocesscanbeproblematiconsomenetworks. Ifyouhavealargenumberofhosts,manuallycreatingresourcerecordsforallofthem canbeatediousaffair,evenwithagraphicalinterface.However,dependingonthenature ofthenetwork,itmaynotbenecessarytoregistereverysystemintheDNS.If,for example,youarerunningaWindowsNTnetworkusingunregisteredIPaddresses,you maynotneedyourownDNSserveratall,exceptpossiblytoprocessclientname resolutionrequests.WindowsNTnetworkshavetheirownNetBIOSnamingsystemand nameresolutionmechanisms,andyougenerallydon’tneedtorefertothemusingDNS names. TheexceptionstothiswouldbesystemswithregisteredIPaddressesthatyouuseas webserversorothertypesofInternetservers.ThesemustbevisibletoInternetusersand, therefore,musthaveahostnameinaregisteredDNSdomain.Inmostcases,thenumber ofsystemslikethisonanetworkissmall,somanuallycreatingtheresourcerecordsisnot muchofaproblem.IfyouhaveUnixsystemsonyournetwork,however,youaremore likelytouseDNStoidentifythemusingnames,andinthiscase,youmustcreateresource recordsforthem. DynamicUpdates Asnetworksgrowlargerandmorecomplex,thebiggestproblemarisingfrommanual nameregistrationstemsfromtheincreasinguseofDHCPserverstodynamicallyassignIP addressestonetworkworkstations.ThemanualconfigurationofTCP/IPclientsisanother long-standingnetworkadministrationchorethatisgraduallybeingphasedoutinfavorof anautomatedsolution.AssigningIPaddressesdynamicallymeansthatworkstationscan havedifferentaddressesfromonedaytothenext,andtheoriginalDNSstandardhasno wayofkeepingupwiththechanges. OnnetworkswhereonlyafewservershavetobevisibletotheInternet,itwasn’ttoo greataninconveniencetoconfigurethemmanuallywithstaticIPaddressesanduseDHCP fortheunregisteredsystems.ThissituationchangedwiththeadventofWindows2000and ActiveDirectory.WindowsNTnetworksusedWINStoresolveNetBIOSnamesintoIP addresses,butnameregistrationwasautomaticwithWINS.WINSautomaticallyupdated itsdatabaserecordforaworkstationassignedanewIPaddressbyaDHCPserversothat noadministratorinterventionwasrequired.ActiveDirectory,however,reliedheavilyon DNSinsteadofWINStoresolvethenamesofsystemsonthenetworkandtokeeptrackof thedomaincontrollersavailableforusebyclientworkstations. TomaketheuseofDNSpractical,membersoftheIETFdevelopedanew specification,publishedasRFC2136,“DynamicUpdatesintheDomainNameSystem.” ThisdocumentdefinedanewDNSmessagetype,calledanUpdate,withwhichsystems suchasdomaincontrollersandDHCPserverscouldgenerateandtransmittoaDNS server.TheseUpdatemessagesmodifyordeleteexistingresourcerecordsorcreatenew ones,basedonprerequisitesspecifiedbytheadministrator. ZoneTransfers MostnetworksuseatleasttwoDNSserverstoprovidefaulttoleranceandtogiveclients accesstoanearbyserver.Becausetheresourcerecords(inmostcases)havetobecreated andupdatedmanuallybyadministrators,theDNSstandardsdefineamechanismthat replicatestheDNSdataamongtheservers,thusenablingadministratorstomakethe changesonlyonce. ThestandardsdefinetwoDNSserverroles:theprimarymasterandthesecondary master,orslave.Theprimarymasterserverloadsitsresourcerecordsandother informationfromthedatabasefilesonthelocaldrive.Theslave(orsecondarymaster) serverreceivesitsdatafromanotherserverinaprocesscalledazonetransfer,whichthe slaveperformseachtimeitstartsandperiodicallythereafter.Theserverfromwhichthe slavereceivesitsdataiscalleditsmasterserver,butitneednotbetheprimarymaster.A slavecanreceivedatafromtheprimarymasteroranotherslave. Zonetransfersareperformedforindividualzones,andbecauseasingleservercanbe theauthorityformultiplezones,morethanonetransfermaybeneededtoupdateallofa slaveserver’sdata.Inaddition,theprimarymasterandslaverolesarezonespecific.A servercanbetheprimarymasterforonezoneandtheslaveforanother,althoughthis practicegenerallyshouldnotbenecessaryandislikelytogeneratesomeconfusion. Althoughslaveserversreceiveperiodiczonetransfersfromtheirprimaries,theyare alsoabletoloaddatabasefilesfromtheirlocaldrives.Whenaslaveserverreceivesazone transfer,itupdatesthelocaldatabasefiles.Eachtimetheslaveserverstarts,itloadsthe mostcurrentresourcerecordsithasfromthedatabasefilesandthenchecksthisdatawith theprimarymastertoseewhetheranupdateisneeded.Thispreventszonetransfersfrom beingperformedneedlessly. DNSMessaging DNSnameresolutiontransactionsuseUserDatagramProtocol(UDP)datagramsonport 53forserversandonanephemeralportnumberforclients.Communicationbetweentwo serversusesport53onbothmachines.Incasesinwhichthedatatobetransmitteddoes notfitinasingleUDPdatagram,inthecaseofzonetransfers,thetwosystemsestablisha standardTCPconnection,alsousingport53onbothmachines,andtransmitthedatausing asmanypacketsasneeded. TheDomainNameSystemusesasinglemessageformatforallofitscommunications thatconsistsofthefollowingfivesections: •HeaderContainsinformationaboutthenatureofthemessage •QuestionContainstheinformationrequestedfromthedestinationserver •AnswerContainsRRssupplyingtheinformationrequestedintheQuestion section •AuthorityContainsRRspointingtoanauthorityfortheinformation requestedintheQuestionsection •AdditionalContainsRRswithadditionalinformationinresponsetothe Questionsection EveryDNSmessagehasaHeadersection,andtheotherfoursectionsareincluded onlyiftheycontaindata.Forexample,aquerymessagecontainstheDNSnametobe resolvedintheQuestionsection,buttheAnswer,Authority,andAdditionalsectionsaren’t needed.Whentheserverreceivingthequeryconstructsitsreply,itmakessomechangesto theHeadersection,leavestheQuestionsectionintact,andaddsentriestooneormoreof theremainingthreesections.Eachsectioncanhavemultipleentriessothataservercan sendmorethanoneresourcerecordinasinglemessage. TheDNSHeaderSection TheHeadersectionoftheDNSmessagecontainscodesandflagsthatspecifythefunction ofthemessageandthetypeofservicerequestedfromorsuppliedbyaserver.Figure15-7 showstheformatoftheHeadersection. Figure15-7TheDNSHeadersectionformat ThefunctionsoftheHeaderfieldsareasfollows: •ID,2bytesContainsanidentifiervalueusedtoassociatequerieswith replies. •Flags,2bytesContainsflagbitsusedtoidentifythefunctionsand propertiesofthemessage,asfollows: •QR,1bitSpecifieswhetherthemessageisaquery(value0)ora response(value1). •OPCODE,4bitsSpecifiesthetypeofquerythatgeneratedthemessage. Responsemessagesretainthesamevalueforthisfieldasthequerytowhich theyareresponding.Possiblevaluesareasfollows: •0Standardquery(QUERY) •1Inversequery(IQUERY) •2Serverstatusrequest(STATUS) •3–15Unused •AA(AuthoritativeAnswer),1bitIndicatesthataresponsemessagehas beengeneratedbyaserverthatistheauthorityforthedomainorzoneinwhich therequestednameislocated. •TC(Truncation),1bitIndicatesthatthemessagehasbeentruncated becausetheamountofdataexceedsthemaximumsizeforthecurrenttransport mechanism.InmostDNSimplementations,thisbitfunctionsasasignalthatthe messageshouldbetransmittedusingaTCPconnectionratherthanaUDP datagram. •RD(RecursionDesired),1bitInaquery,indicatesthatthedestination servershouldtreatthemessageasarecursivequery.Inaresponse,indicatesthat themessageistheresponsetoarecursivequery.Theabsenceofthisflagindicates thatthequeryisiterative. •RA(RecursionAvailable),1bitSpecifieswhetheraserverisconfiguredto processrecursivequeries. •Z,3bitsUnused. •RCODE(ResponseCode),4bitsSpecifiesthenatureofaresponse message,indicatingwhenanerrorhasoccurredandwhattypeoferror,usingthe followingvalues: •0Noerrorhasoccurred. •1–FormatErrorIndicatesthattheserverwasunabletounderstandthe query. •2–ServerFailureIndicatesthattheserverwasunabletoprocessthe query. •3–NameErrorUsedbyauthoritativeserversonlytoindicatethata requestednameorsubdomaindoesnotexistinthedomain. •4–NotImplementedIndicatesthattheserverdoesnotsupportthetype ofqueryreceived. •5–RefusedIndicatesthatserverpolicies(suchassecuritypolicies)have preventedtheprocessingofthequery. •6–15Unused. •QDCOUNT,2bytesSpecifiesthenumberofentriesintheQuestion section. •ANCOUNT,2bytesSpecifiesthenumberofentriesintheAnswersection. •NSCOUNT,2bytesSpecifiesthenumberofnameserverRRsinthe Authoritysection. •ARCOUNT,2bytesSpecifiesthenumberofentriesintheAdditional section. TheDNSQuestionSection TheQuestionsectionofaDNSmessagecontainsthenumberofentriesspecifiedinthe header’sQDCOUNTfield.Inmostcases,thereisonlyoneentry.Eachentryisformatted asshowninFigure15-8. Figure15-8TheDNSQuestionsectionformat Thefunctionsofthefieldsareasfollows: •QNAME,variableContainstheDNS,domain,orzonenameaboutwhich informationisbeingrequested •QTYPE,2bytesContainsacodethatspecifiesthetypeofRRthequeryis requesting •QCLASS,2bytesContainsacodethatspecifiestheclassoftheRRbeing requested DNSResourceRecordSections ThethreeremainingsectionsofaDNSmessage,theAnswer,Authority,andAdditional sections,eachcontainresourcerecordsthatusetheformatshowninFigure15-9.The numberofresourcerecordsineachsectionisspecifiedintheheader’sANCOUNT, NSCOUNT,andRCOUNTfields. Figure15-9TheformatoftheDNSAnswer,Authority,andAdditionalsections Thefunctionsofthefieldsareasfollows: •NAME,variableContainstheDNS,domain,orzonenameaboutwhich informationisbeingsupplied. •TYPE,2bytesContainsacodethatspecifiesthetypeofRRtheentry contains. •CLASS,2bytesContainsacodethatspecifiestheclassoftheRR. •TTL,4bytesSpecifiestheamountoftime(inseconds)thattheRRshould becachedintheservertowhichitisbeingsupplied. •RDLENGTH,2bytesSpecifiesthelength(inbytes)oftheRDATAfield. •RDATA,variableContainsRRdata,thenatureofwhichisdependentonits TYPEandCLASS.ForanA-typerecordintheINclass,forexample,thisfield containstheIPaddressassociatedwiththeDNSnamesuppliedintheNAME field. Differenttypesofresourcerecordshavedifferentfunctionsand,therefore,may containdifferenttypesofinformationintheRDATAfield.Mostresourcerecords,suchas theNS,A,PTR,andCNAMEtypes,haveonlyasinglenameoraddressinthisfield, whileothershavemultiplesubfields.TheSOAresourcerecordisthemostcomplexinthe DomainNameSystem.Forthisrecord,theRDATAfieldisbrokenupintosevensubfields. ThefunctionsoftheSOAresourcerecordsubfieldsareasfollows: •MNAME,variableSpecifiestheDNSnameoftheprimarymasterserver thatwasthesourcefortheinformationaboutthezone. •RNAME,variableSpecifiesthee-mailaddressoftheadministrator responsibleforthezonedata.Thisfieldhasnoactualpurposeasfarastheserver isconcerned;itisstrictlyinformational.Thevalueforthisfieldtakestheformof aDNSname.Standardpracticecallsfortheperiodafterthefirstwordtobe [email protected]ailaddress. •SERIAL,4bytesContainsaserialnumberthatisusedtotrack modificationstothezonedataontheprimarymasterserver.Thevalueofthis fieldisincremented(eithermanuallyorautomatically)ontheprimarymaster servereachtimethezonedataismodified,andtheslavecomparesitsvaluetothe onesuppliedbytheprimarymastertodeterminewhetherazonetransferis necessary. •REFRESH,4bytesSpecifiesthetimeinterval(inseconds)atwhichthe slaveshouldtransmitanSOAquerytotheprimarymastertodeterminewhethera zonetransferisneeded. •RETRY,4bytesSpecifiesthetimeinterval(inseconds)atwhichtheslave shouldmakerepeatattemptstoconnecttotheprimarymasterafteritsinitial attemptfails. •EXPIRE,4bytesSpecifiesthetimeinterval(inseconds)afterwhichthe slaveserver’sdatashouldexpire,intheeventthatitcannotcontacttheprimary masterserver.Oncethedatahasexpired,theslaveserverstopsrespondingto queries. •MINIMUM,4bytesSpecifiesthetime-to-liveinterval(inseconds)thatthe servershouldsupplyforalloftheresourcerecordsinitsresponsestoqueries. DNSMessageNotation ThelatterfoursectionsoftheDNSmessagearelargelyconsistentinhowtheynotatethe informationintheirfields.DNS,domain,andzonenamesareallexpressedinthesame way,andthesectionsallusethesamevaluesfortheresourcerecordtypeandclasscodes. TheonlyexceptionsareafewadditionalcodesthatareusedonlyintheQuestionsection, calledQTYPESandQCLASSES,respectively.Thefollowingsectionsdescribehowthese valuesareexpressedintheDNSmessage. DNSNameNotation Dependingonthefunctionofthemessage,anyorallofthefoursectionscancontainthe fullyqualifiednameofahostsystem,thenameofadomain,orthenameofazoneona server.Thesenamesareexpressedasaseriesofunits,calledlabels,eachofwhich representsasinglewordinthename.Theperiodsbetweenthewordsarenotincluded,so todelineatethewords,eachlabelbeginswithasinglebytethatspecifiesthelengthofthe word(inbytes),afterwhichthespecifiednumberofbytesfollows.Thisisrepeatedfor eachwordinthename.Afterthefinalwordofafullyqualifiedname,abytewiththe valueof0isincludedtorepresentthenullvalueoftherootdomain. ResourceRecordTypes AllofthedatadistributedbytheDomainNameSystemisstoredinresourcerecords. Querymessagesrequestcertainresourcerecordsfromservers,andtheserversreplywith thoseresourcerecords.TheQTYPEfieldinaQuestionsectionentryspecifiesthetypeof resourcerecordbeingrequestedfromtheserver,andtheTYPEfieldsintheAnswer, Authority,andAdditionalsectionentriesspecifythetypeofresourcerecordsuppliedby theserverineachentry.Table15-1containstheresourcerecordtypesandthecodesused torepresenttheminthesefields.Allofthevaluesinthistablearevalidforboththe QTYPEandTYPEfields.Table15-2containsfouradditionalvaluesthatrepresentsetsof resourcerecordsthatarevalidfortheQTYPEfieldinQuestionsectionentriesonly. Table15-1DNSResourceRecordTypesandValuesforUseintheTYPEorQTYPEField Table15-2AdditionalValuesRepresentingSetsofResourceRecordsforUseintheQTYPEFieldOnly ClassTypes TheQCLASSfieldintheQuestionsectionandtheCLASSfieldintheAnswer,Authority, andAdditionalsectionsspecifythetypeofnetworkforwhichinformationisbeing requestedorsupplied.Althoughtheyperformedavalidfunctionatonetime,thesefields arenowessentiallymeaninglessbecausevirtuallyallDNSmessagesusetheINclass. CSNETandCHAOSclassnetworksareobsolete,andtheHesiodclassisusedforonlya fewexperimentalnetworksatMIT.Foracademicpurposesonly,thevaluesfortheCLASS andQCLASSvaluesareshowninTables15-3and15-4. Table15-3ValuesfortheResourceRecordCLASSandQCLASSFields Table15-4AdditionalValuefortheResourceRecordQCLASSFieldOnly NameResolutionMessages TheprocessofresolvingaDNSnameintoanIPaddressbeginswiththegenerationofa querybytheresolverontheclientsystem.Figure15-10showsaquerymessage,captured inanetworkmonitorprogram,generatedbyawebbrowsertryingtoconnecttotheURL www.zacker.com/.Thevalueofthemessage’sOPCODEflagis0,indicatingthatthisisa regularquery,andtheRDflaghasavalueof1,indicatingthatthisisarecursivequery.As aresult,theDNSserverreceivingthequery(whichiscalledCZ1)willberesponsiblefor resolvingtheDNSnameandreturningtheresultstotheclient.TheQDCOUNTfield indicatesthatthereisoneentryintheQuestionsectionandnoentriesinthethreeresource recordsections,whichisstandardforaquerymessage.TheQuestionsectionspecifiesthe DNSnametoberesolved(www.zacker.com)andthetype(1=A)andclass(1=IN)of theresourcerecordbeingrequested. Figure15-10Thenameresolutionquerymessagegeneratedbytheresolver CZ1isnottheauthoritativeserverforthezacker.comdomain,nordoesithavethe requestedinformationinitscache,soitmustgenerateitsownqueries.CZ1firstgenerates aquerymessageandtransmitsittooneoftherootnameservers(198.41.0.4)configured intotheserversoftware.TheentryintheQuestionsectionisidenticaltothatoftheclient’s querymessage.Theonlydifferencesinthisqueryarethattheserverhasincludeda differentvalueintheIDfield(4114)andhaschangedthevalueoftheRDflagto0, indicatingthatthisisaniterativequery. TheresponsethatCZ1receivesfromtherootnameserverbypassesonestepofthe processbecausethisrootnameserverisalsotheauthoritativeserverforthecomtop-level domain.Asaresult,theresponsecontainstheresourcerecordthatidentifiesthe authoritativeserverforthezacker.comdomain.IftherequestedDNSnamehadbeenina top-leveldomainforwhichtherootnameserverwasnotauthoritative,suchasoneofthe country-codedomains,theresponsewouldcontainaresourcerecordidentifyingthe properauthoritativeservers. TheresponsemessagefromtherootdomainserverhasaQRbitthathasavalueof1, indicatingthatthisisaresponsemessage,andthesameIDvalueastherequest,enabling CZ1toassociatethetwomessages.TheQDCOUNTfieldagainhasavalueof1because theresponseretainstheQuestionsection,unmodified,fromthequerymessage.The NSCOUNTandARCOUNTfieldsindicatethattherearetwoentrieseachintheAuthority andAdditionalsections.ThefirstentryintheAuthoritysectioncontainstheNSresource recordforoneoftheauthoritativeserversforzacker.comknowntotherootname/topleveldomainserver,andthesecondentrycontainstheNSrecordfortheother.Thetype andclassvaluesarethesameasthoserequestedinthequerymessage;thetime-to-live valueassignedtobothrecordsis172,800seconds(48hours).TheRDATAfieldinthefirst entryis16byteslongandcontainstheDNSnameofthefirstauthoritativeserver (ns1.secure.net).TheRDATAfieldinthesecondentryisonly6byteslongandcontains onlythehostname(ns2)fortheotherauthoritativeserversinceit’sinthesamedomainas thefirstone. TheseAuthoritysectionentriesidentifytheserversthatCZ1needstocontactto resolvethewww.zacker.comdomainname,butitdoessousingDNSnames.Toprevent CZ1fromhavingtogothroughthiswholeprocessagaintoresolvens1.secure.netand ns2.secure.netintoIPaddresses,therearetwoentriesintheAdditionalsectionthatcontain theAresourcerecordsforthesetwoservers,whichincludetheirIPaddresses. Usingtheinformationcontainedinthepreviousresponse,CZ1transmitsaqueryto thefirstauthoritativeserverforthezacker.comdomain(ns1.secure.net–192.41.1.10). Exceptforthedestinationaddress,thisqueryisidenticaltotheonethatCZ1senttothe rootnameserver.TheresponsemessagethatCZ1receivesfromthens1.secure.netserver (finally)containstheinformationthattheclientoriginallyrequested.Thismessage containstheoriginalQuestionsectionentryandtwoentrieseachintheAnswer,Authority, andAdditionalsections. ThefirstentryintheAnswersectioncontainsaresourcerecordwithaTYPEvalueof 5(CNAME)andatime-to-livevalueof86,400seconds(24hours).Theinclusionofa CNAMEresourcerecordinaresponsetoaqueryrequestinganArecordindicatesthatthe hostnamewwwexistsinthezacker.comdomainonlyasacanonicalname(thatis,analias foranothername),whichisspecifiedintheRDATAfieldaszacker.com.Thesecondentry intheAnswersectioncontainstheAresourcerecordforthenamezacker.com,which specifiestheIPaddress192.41.15.74intheRDATAfield.ThisistheIPaddressthatthe clientsystemmustusetoreachthewww.zacker.comwebserver.Theentriesinthe AuthorityandAdditionalsectionsspecifythenamesandaddressesoftheauthoritative serverforzacker.comandareidenticaltotheequivalententriesintheresponsemessage fromtherootnameserver. RootNameServerDiscovery EachtimetheDNSserverstarts,itloadstheinformationstoredinitsdatabasefiles.One ofthesefilescontainsrootnameserverhints.Actually,thisfilecontainsthenamesand addressesofalltherootnameservers,buttheDNSserver,insteadofrelyingonthisdata, usesittosendaquerytothefirstoftherootnameservers,requestingthatitidentifythe authoritativeserversfortherootdomain.Thisistoensurethattheserverisusingthemost currentinformation.Thequeryisjustlikethatforanameresolutionrequest,exceptthat thereisnovalueintheNAMEfield. Thereplyreturnedbytherootnameservercontains13entriesinboththeAnswerand Additionalsections,correspondingtothe13rootnameserverscurrentlyinoperation(see Figure15-11).EachentryintheAnswersectioncontainstheNSresourcerecordforone oftherootnameservers,whichspecifiesitsDNSname,andthecorrespondingentryin theAdditionalsectioncontainstheArecordforthatserver,whichspecifiesitsIPaddress. Alloftheseserversarelocatedinadomaincalledroot-server.netandhaveincremental hostnamesfromatom.Becausetheinformationabouttheseserversdoesnotchange often,ifatall,theirresourcerecordscanhavealongtime-to-livevalue:518,400seconds (144hoursor6days)fortheNSrecordsand3,600,000(1,000hoursor41.67days)forthe Arecords. Figure15-11Therootnameserver’sresponsemessage,containingtheRRsforall13rootnameservers ZoneTransferMessages AzonetransferisinitiatedbyaDNSserverthatfunctionsasaslaveforoneormorezones whenevertheserversoftwareisstarted.Theprocessbeginswithaniterativequeryforan SOAresourcerecordthattheslavesendstotheprimarymastertoensurethatitisthebest sourceforinformationaboutthezone(seeFigure15-12).ThesingleQuestionsection entrycontainsthenameofthezoneintheQNAMEfieldandavalueof6fortheQTYPE field,indicatingthattheserverisrequestingtheSOAresourcerecord. Figure15-12TheSOAquerymessagegeneratedbyaslaveservertodeterminewhetherazonetransferiswarranted Theprimarymasterthenrepliestotheslavewitharesponsethatincludestheoriginal QuestionsectionandasingleAnswersectioncontainingtheSOAresourcerecordforthe zone(seeFigure15-13).Theslaveusestheinformationintheresponsetoverifythe primarymaster’sauthorityandtodeterminewhetherazonetransferisneeded.Ifthevalue oftheSOArecord’sSERIALfield,asfurnishedbytheprimarymaster,isgreaterthanthe equivalentfieldontheslaveserver,thenazonetransferisrequired. Figure15-13TheresponsemessagefromtheprimarymasterservercontainingtheSOAresourcerecord AzonetransferrequestisastandardDNSquerymessagewithaQTYPEvalueof252, whichcorrespondstotheAXFRtype.AXFRistheabbreviationforaresourcerecordset thatconsistsofalloftherecordsinthezone.However,inmostcases,alloftheresource recordsinthezonewillnotfitintoasingleUDPdatagram.UDPisaconnectionless, unreliableprotocolinwhichtherecanbeonlyoneresponsemessageforeachquery becausetheresponsemessagefunctionsastheacknowledgmentofthequery.Becausethe primarymasterwillalmostcertainlyhavetousemultiplepacketsinordertosendallof theresourcerecordsinthezonetotheslave,adifferentprotocolisneeded.Therefore, beforeittransmitsthezonetransferrequestmessage,theslaveserverinitiatesaTCP connectionwiththeprimarymasterusingthestandardthree-wayhandshake.Oncethe connectionisestablished,theslavetransmitstheAXFRqueryinaTCPpacketusingport 53(seeFigure15-14). Figure15-14TheAXFRqueryrequestingazonetransfer,transmittedtotheprimarymasterserverusingaTCP connection Inresponsetothequery,theprimarymasterservertransmitsalloftheresource recordsintherequestedzoneasentriesintheAnswersection,asshowninFigure15-15. Onceallofthedatahasbeentransmitted,thetwosystemsterminatetheTCPconnection intheusualmanner,andthezonetransferiscompleted. Figure15-15Onepacketfromazonetransfertransmittedbytheprimarymasterserver CHAPTER 16 InternetServices Atonetime,thetermserverincomputernetworkingwasnearlyalwaysusedinthephrase fileserver,referringtoaPCrunninganetworkoperatingsystem(NOS)thatenablesusers toaccesssharedfilesandprinters.However,therapidgrowthoftheInternethaschanged thecommonmeaningoftheterm.TomostInternetusers,serversaretheinvisiblesystems thathostwebsitesorthatenablethemtosendandreceivee-mail.ForLANusers,servers stillfillthetraditionalfileandprintersharingroles,butalsoprovideapplication-related functions,suchasaccesstodatabases.Thus,peoplearegraduallylearningthataserveris bothasoftwareaswellasahardwareentityandthatasinglecomputercanactually functioninmultipleserverrolessimultaneously. InternetserversaresoftwareproductsthatprovidetraditionalInternetservicesto clients,whetherornottheyareactuallyconnectedthroughtheInternet.Web,FTP,andemailareallservicesthatcanbeasusefulonaLAN,asmartphone,oratabletasonthe Internet.Thischapterexaminesthetechnologybehindtheseservicesandtheprocedures forimplementingthemonyournetwork. WebServers TheWebisaubiquitoustoolforbusiness,education,andrecreation.Alongwiththe proliferationofmobiledevices,a“webpresence”isnearlyrequiredformostbusinesses. ThebasicbuildingblocksoftheWebareasfollows: •WebserversComputersrunningasoftwareprogramthatprocessesresource requestsfromclients •BrowsersClientsoftwarethatgeneratesresourcerequestsandsendsthemto webservers •HypertextTransferProtocol(HTTP)TheTransmissionControl Protocol/InternetProtocol(TCP/IP)applicationlayerprotocolthatserversand browsersusetocommunicate •HypertextMarkupLanguage(HTML)Themarkuplanguageusedto createwebpages SelectingaWebServer Awebserverisactuallyarathersimpledevice.Whenyouseecomplexpagesfulloffancy textandgraphicsonyourmonitor,you’reactuallyseeingsomethingthatismorethe productofthepagedesignerandthebrowsertechnologythanofthewebserver.Inits simplestform,awebserverisasoftwareprogramthatprocessesrequestsforspecificfiles frombrowsersanddeliversthosefilestothebrowser.Theserverdoesnotreadthe contentsofthefiles,nordoesitparticipateintherenderingprocessthatcontrolshowa webpageisdisplayedinthebrowser.Thedifferencesbetweenwebserverproductsarein theadditionalfeaturestheyprovideandtheirabilitytohandlelargenumbersofrequests. WebServerFunctions Awebserverisaprogramthatrunsinthebackgroundonacomputerandlistensona particularTCPportforincomingrequests.Simplyspeaking,theprocessisasfollows: 1.Acomputerclientasksforafile. 2.Theserverfindsthefile. 3.Theserverssendsaresponsetotheclient,usuallyaheaderaswellasthe data. 4.Theserverclosestheconnection. ThestandardTCPportforanHTTPserveris80,althoughmostserversenableyouto specifyadifferentportnumberforasiteandmayuseasecondportnumberforthe server’sadministrativeinterface.Toaccessawebserverusingadifferentport,youmust specifythatportnumberaspartoftheURL. UniformResourceLocatorsTheformatoftheuniformresourcelocator(URL)that youtypeintoabrowser’sAddressfieldtoaccessaparticularwebsiteisdefinedinRFC 1738,publishedbytheInternetEngineeringTaskForce(IETF).AURLconsistsoffour elementsthatidentifytheresourcethatyouwanttoaccess: •ProtocolSpecifiestheapplicationlayerprotocolthatthebrowserwilluseto connecttotheserver.SomeofthevaluesdefinedintheURLstandardareas follows(othershavebeendefinedbyadditionalstandardspublishedsinceRFC 3986,whichupdatedRFC1738): •httpHypertextTransferProtocol •ftpFileTransferProtocol •mailtoMailaddress •newsUsenetnews •telnetReferencetointeractivesessions •waisWideareainformationservers •fileHost-specificfilenames •ServernameSpecifiestheDNSnameorIPaddressoftheserver. •PortnumberSpecifiestheportnumberthattheserverismonitoringfor incomingtraffic. •DirectoryandfileIdentifiesthelocationofthefilethattheservershould sendtothebrowser. TheformatofaURLisasfollows: protocol://name:port/directory/file.html Mostofthetime,usersdonotspecifytheprotocol,port,directory,andfileintheir URLs,andthebrowserusesitsdefaultvalues.WhenyouenterjustaDNSname,suchas www.zacker.com,thebrowserassumestheuseoftheHTTPprotocol,port80,andtheweb server’shomedirectory.Fullyexpanded,thisURLwouldappearsomethinglikethe following: http://www.zacker.com:80/index.html Theonlyelementthatcouldvaryamongdifferentserversisthefilenameofthedefault webpage,hereshownasindex.html.Thedefaultfilenameisconfiguredoneachserver andspecifiesthefilethattheserverwillsendtoaclientwhennofilenameisspecifiedin theURL. Ifyouconfigureawebservertouseaportotherthan80tohostasite,usersmust specifytheportnumberaspartoftheURL.Themainexceptiontothisiswhenthe administratorwantstocreateasitethatishiddenfromtheaverageuser.Somewebserver products,forexample,areconfigurableusingawebbrowser,andtheservercreatesa separateadministrativesitecontainingtheconfigurationcontrolsfortheprogram.During thesoftwareinstallation,theprogrampromptstheadministratorforaportnumberthatit shouldusefortheadministrativesite.Thus,specifyingthenameoftheserverona browseropensthedefaultsiteonport80,butspecifyingtheservernamewiththeselected portaccessestheadministrativesite. Theuseofanonstandardportisnotreallyasecuritymeasurebecausethereare programsavailablethatcanidentifytheportsthatawebserverisusing.The administrativesiteforaserverusuallyhassecurityintheformofuserauthenticationas well;theportnumberisjustameansofkeepingthesitehiddenfromcurioususers. CGIMuchofthetrafficgeneratedbytheWebtravelsfromthewebservertothe browser.TheupstreamtrafficfrombrowsertoserverconsistsmainlyofHTTPrequests forspecificfiles.However,therearemechanismsbywhichbrowserscansendothertypes ofinformationtoservers.Theservercanthenfeedtheinformationtoanapplicationfor processing.TheCommonGatewayInterface(CGI)isawidelysupportedmechanismof thistype.Inmostcases,theusersuppliesinformationinaformbuiltintoawebpage usingstandardHTMLtagsandthensubmitstheformtoaserver.Theserver,upon receivingthedatafromthebrowser,executesaCGIscriptthatdefineshowthe informationshouldbeused.Theservermightfeedtheinformationasaquerytoa databaseserver,useittoperformanonlinefinancialtransaction,oruseitforanyother purpose. LoggingVirtuallyallwebservershavethecapabilitytomaintainlogsthattrackall clientaccesstothesiteandanyerrorsthathaveoccurred.Thelogstypicallytaketheform ofatextfile,witheachserveraccessrequestorerrorappearingonaseparateline.Each linecontainsmultiplefields,separatedbyspacesorcommas.Theinformationloggedby theserveridentifieswhoaccessedthesiteandwhen,aswellastheexactdocumentssent totheclientbytheserver. Mostwebserversenabletheadministratortochooseamongseveralformatsforthe logstheykeep.Someserversuseproprietarylogformats,whichgenerallyarenot supportedbythestatisticsprograms,whileotherserversmayalsobeabletologserver informationtoanexternaldatabaseusinganinterfacesuchasOpenDatabase Connectivity(ODBC).Mostservers,however,supporttheCommonLogFileformat definedbytheNationalCenterforSupercomputingApplications(NCSA).Thisformat consistsofnothingbutone-lineentrieswithfieldsseparatedbyspaces.Theformatfor eachCommonLogFileentryandthefunctionsofeachfieldareasfollows: remotehostlognameusernamedaterequeststatusbytes •remotehostSpecifiestheIPaddressoftheremoteclientsystem.Some serversalsoincludeaDNSreverselookupfeaturethatresolvestheaddressintoa DNSnameforloggingpurposes. •lognameSpecifiestheremotelognameoftheuserattheclientsystem. Mostoftoday’sbrowsersdonotsupplythisinformation,sothefieldinthelogis filledwithaplaceholder,suchasadash. •usernameSpecifiestheusernamewithwhichtheclientwasauthenticatedto theserver. •dateSpecifiesthedateandtimethattherequestwasreceivedbytheserver. Mostserversusethelocaldateandtimebydefault,butmayincludeaGreenwich meantimedifferential,suchas–0500forU.S.EasternStandardTime. •requestSpecifiesthetextoftherequestreceivedbytheserver. •statusContainsoneofthestatuscodesdefinedintheHTTPstandardthat specifieswhethertherequestwasprocessedsuccessfullyand,ifnot,why. •bytesSpecifiesthesize(inbytes)ofthefiletransmittedtotheclientbythe serverinresponsetotherequest. ThereisalsoalogfileformatcreatedbytheWorldWideWebConsortium(W3C), calledtheExtendedLogFileformat,thataddressessomeoftheinherentproblemsofthe CommonLogFileformat,suchasdifficultiesininterpretingloggeddatabecauseof spaceswithinfields.TheExtendedLogFileprovidesanextendableformatwithwhich administratorscanspecifytheinformationtobeloggedorinformationthatshouldn’tbe logged.TheformatfortheExtendedLogFileconsistsoffields,aswellasentries.Fields appearonseparatelines,beginningwiththe#symbol,andspecifyinformationaboutthe datacontainedinthelog.Thevalidfieldentriesareasfollows: •#Version:integer.integerSpecifiestheversionofthelogfileformat.This fieldisrequiredineverylogfile. •#Fields:[specifiers]Identifiesthetypeofdatacarriedineachfieldofalog entry,usingabbreviationsspecifiedintheExtendedLogFileformatspecification. Thisfieldisrequiredineverylogfile. •#SoftwarestringIdentifiestheserversoftwarethatcreatedthelog. •#Start-Date:datetimeSpecifiesthedateandtimethatloggingstarted. •#End-Date:datetimeSpecifiesthedateandtimethatloggingceased. •#Date:datetimeSpecifiesthedateandtimeatwhichaparticularentrywas addedtothelogfile. •#Remark:textContainscommentinformationthatshouldbeignoredbyall processes. Thesefieldsenableadministratorstospecifytheinformationtoberecordedinthelog whilemakingitpossibleforstatisticsprogramstocorrectlyparsethedatainthelog entries. RemoteAdministrationAllwebserversneedsomesortofadministrativeinterfacethat youcanusetoconfiguretheiroperationalparameters.Evenano-frillsserverletsyou defineahomedirectorythatshouldfunctionastherootofthesiteandotherbasicfeatures. Someserverproductsincludeaprogramthatyoucanrunonthecomputerthatprovides thisinterface,butmanyproductshavetakentheopportunitytoincludeanadministrative websitewiththeproduct.Withasitelikethis,youcanconfiguretheserverfromany computerusingastandardwebbrowser.Thisisaconvenienttoolforthenetwork administrator,especiallywhenthewebserversystemislocatedinaserverclosetorother remotelocationorwhenonepersonisresponsibleformaintainingseveralservers. Thebiggestproblemwiththisformofremoteadministrationissecurity,butthereare mechanismsthatcanpreventunauthorizedusersfrommodifyingtheserverconfiguration. Themostbasicofthesemechanisms,asmentionedearlier,istheuseofanonstandardport numberfortheadministrativesite.Serversthatusenonstandardportstypicallyrequirethat youspecifytheportnumberduringtheserverinstallation. AsecondmethodistoincludeameansbywhichyoucanspecifytheIPaddressesof theonlysystemsthataretobepermittedaccesstotheadministrativeinterface.IIS includesthismethod,andbydefault,theonlysystemthatcanaccesstheweb-based interfaceistheoneonwhichtheserverisinstalled.However,youcanopenuptheserver toremoteadministrationandspecifytheaddressesofotherworkstationstobegranted accessorspecifytheaddressesofsystemsthataretobedenied. VirtualDirectoriesAwebserverutilizesadirectoryonthecomputer’slocaldriveas thehomedirectoryforthewebsiteithosts.Theservertransmitsthedefaultfilenamein thatdirectorytoclientswhentheyaccessthesiteusingaURLthatconsistsonlyofaDNS nameorIPaddress.Subdirectoriesbeneaththatdirectoryalsoappearassubdirectorieson thewebsite.IIS,forexample,usestheC:\InetPub\wwwrootdirectoryasthedefaulthome directoryforitswebsite.IfthatwebserverisregisteredintheDNSwiththename www.zacker.com,thedefaultpagedisplayedbyabrowseraccessingthatsitewillbethe default.htmfileinthewwwrootdirectory.AfileintheC:\InetPub\wwwroot\docsdirectory ontheserverwill,therefore,appearonthesiteinwww.zacker.com/docs. Usingthissystem,allthefilesanddirectoriesthataretoappearonthewebsitemust belocatedbeneaththehomedirectory.However,thisisnotaconvenientarrangementfor everysite.Onanintranet,forexample,administratorsmaywanttopublishdocumentsin existingdirectoriesusingawebserverwithoutmovingthemtothehomedirectory.To makethispossible,someserverproductsenableyoutocreatevirtualdirectoriesonthe site.Avirtualdirectoryisadirectoryatanotherlocation—elsewhereonthedrive,on anotherdrive,orsometimesevenonanothercomputer’sshareddrive—thatispublished onawebsiteusinganalias.Theadministratorspecifiesthelocationofthedirectoryand thealiasunderwhichitwillappearonthesite.Thealiasfunctionsasasubdirectoryonthe sitethatuserscanaccessinthenormalmannerandcontainsthefilesandsubdirectories fromtheotherdrive. NOTESeeChapters25and26forinformationaboutwebandnetwork security. HTML TheHypertextMarkupLanguageisthelinguafrancaoftheWeb,butitactuallyhaslittle todowiththefunctionsofawebserver.Webserversareprogramsthatdeliverrequested filestoclients.ThefactthatmostofthesefilescontainHTMLcodeisimmaterialbecause theserverdoesnotreadthem.Theonlywayinwhichtheyaffecttheserver’sfunctionsis whentheclientparsestheHTMLcodeandrequestsadditionalfilesfromtheserverthat areneededtodisplaythewebpageinthebrowser,suchasimagefiles.Eveninthiscase, however,theimagefilerequestsarejustadditionalrequeststotheserver. HTTP Communicationbetweenwebserversandtheirbrowserclientsisprovidedbyan applicationlayerprotocolcalledtheHypertextTransferProtocol.HTTPisarelatively simpleprotocolthattakesadvantageoftheservicesprovidedbytheTCPprotocolatthe transportlayertotransferfilesfromserverstoclients.Whenaclientconnectstoaweb serverbytypingaURLinabrowserorclickingahyperlink,thesystemgeneratesan HTTPrequestmessageandtransmitsittotheserver.Thisisanapplicationlayerprocess, butbeforeitcanhappen,communicationatthelowerlayersmustbeestablished. UnlesstheuserorthehyperlinkspecifiestheIPaddressofthewebserver,thefirst stepinestablishingtheconnectionbetweenthetwosystemsistodiscovertheaddressby sendinganameresolutionrequesttoaDNSserver.Thisaddressmakesitpossibleforthe IPprotocoltoaddresstraffictotheserver.Oncetheclientsystemknowstheaddress,it establishesaTCPconnectionwiththeserver’sport80usingthestandardthree-way handshakeprocessdefinedbythatprotocol. OncetheTCPconnectionisestablished,thebrowserandtheservercanexchange HTTPmessages.HTTPconsistsofonlytwomessagetypes,requestsandresponses. Unlikethemessagesofmostotherprotocols,HTTPmessagestaketheformofASCIItext strings,notthetypicalheaderswithdiscretecodedfields.Infact,youcanconnecttoa webserverwithaTelnetclientandrequestafilebyfeedinganHTTPcommanddirectlyto theserver.TheserverwillreplywiththefileyourequestedinitsrawASCIIform. EachHTTPmessageconsistsofthefollowingelements: •StartlineContainsarequestcommandorareplystatusindicator,plusa seriesofvariables •Headers[optional]Containsaseriesofzeroormorefieldscontaining informationaboutthemessageorthesystemsendingit •EmptylineContainsablanklinethatidentifiestheendoftheheadersection •Messagebody[optional]Containsthepayloadbeingtransmittedtothe othersystem HTTPRequests ThestartlineforallHTTPrequestsisstructuredasfollows: RequestTypeRequestURIHTTPVersion HTTPstandardsdefineseveraltypesofrequestmessages,whichincludethefollowing valuesfortheRequestTypevariable: •GETContainsarequestforinformationspecifiedbytheRequestURI variable.Thistypeofrequestaccountsforthevastmajorityofrequestmessages. •HEADFunctionallyidenticaltotheGETrequest,exceptthatthereply shouldcontainonlyastartlineandheaders;nomessagebodyshouldbeincluded. •POSTRequeststhattheinformationincludedinthemessagebodybe acceptedbythedestinationsystemasanewsubordinatetotheresourcespecified bytheRequestURIvariable. •OPTIONSContainsarequestforinformationaboutthecommunication optionsavailableontherequest/responsechainspecifiedbytheRequestURI variable. •PUTRequeststhattheinformationincludedinthemessagebodybestored atthedestinationsysteminthelocationspecifiedbytheRequestURIvariable. •DELETERequeststhatthedestinationsystemdeletetheresourceidentified bytheRequestURIvariable. •TRACERequeststhatthedestinationsystemperformanapplicationlayer loopbackoftheincomingmessageandreturnittothesender. •CONNECTReservedforusewithproxyserversthatprovideSSL tunneling. TheRequestURIvariablecontainsauniformresourceidentifier(URI),atextstring thatuniquelyidentifiesaparticularresourceonthedestinationsystem.Inmostcases,this variablecontainsthenameofafileonawebserverthattheclientwantstheservertosend toitorthenameofadirectoryfromwhichtheservershouldsendthedefaultfile.The HTTPVersionvariableidentifiestheversionoftheHTTPprotocolthatissupportedbythe systemgeneratingtherequest. Thus,whenausertypesthenameofawebsiteintoabrowser,therequestmessage generatedcontainsastartlinethatappearsasfollows: GET/HTTP/1.1 TheGETcommandrequeststhattheserversendafile.Theuseoftheforwardslashas thevaluefortheRequestURIvariablerepresentstherootofthewebsite,sotheserverwill respondbysendingthedefaultfilelocatedintheserver’shomedirectory. HTTPHeaders Followingthestartline,anyHTTPmessagecanincludeaseriesofheaders,whicharetext stringsformattedinthefollowingmanner: FieldName:FieldValue Here,theFieldNamevariableidentifiesthetypeofinformationcarriedintheheader, andtheFieldValuevariablecontainstheinformation.Thevariousheadersmostlyprovide informationaboutthesystemsendingthemessageandthenatureoftherequest,whichthe servermayormaynotusewhenformattingthereply.Thenumber,choice,andorderof theheadersincludedinamessagearelefttotheclientimplementation,buttheHTTP specificationrecommendsthattheybeorderedusingfourbasiccategories. GeneralHeaderFieldsGeneralheadersapplytobothrequestandresponsemessages butdonotapplytotheentity(thatis,thefileorotherinformationinthebodyofthe message).ThegeneralheaderFieldNamevaluesareasfollows: •Cache-ControlContainsdirectivestobeobeyedbycachingmechanismsat thedestinationsystem •ConnectionSpecifiesoptionsdesiredforthecurrentconnection,suchthatit bekeptaliveforusewithmultiplerequests •DateSpecifiesthedateandtimethatthemessagewasgenerated •PragmaSpecifiesdirectivesthatarespecifictotheclientorserver implementation •TrailerIndicatesthatspecificheaderfieldsarepresentinthetrailerofa messageencodedwithchunkedtransfer-coding •Transfer-EncodingSpecifieswhattypeoftransformation(ifany)hasbeen appliedtothemessagebodyinordertosafelytransmitittothedestination •UpgradeSpecifiesadditionalcommunicationprotocolssupportedbythe client •ViaIdentifiesthegatewayandproxyserversbetweentheclientandthe serverandtheprotocolstheyuse •WarningContainsadditionalinformationaboutthestatusortransformation ofamessage RequestHeaderFieldsRequestheadersapplyonlytorequestmessagesandsupply informationabouttherequestandthesystemmakingtherequest.Therequestheader FieldNamevaluesareasfollows: •AcceptSpecifiesthemediatypesthatareacceptableintheresponse message •Accept-CharsetSpecifiesthecharactersetsthatareacceptableinthe responsemessage •Accept-EncodingSpecifiesthecontentcodingsthatareacceptableinthe responsemessage •Accept-LanguageSpecifiesthelanguagesthatareacceptableinthe responsemessage •AuthorizationContainscredentialswithwhichtheclientwillbe authenticatedtotheserver •ExpectSpecifiesthebehaviorthattheclientexpectsfromtheserver •FromContainsane-mailaddressfortheusergeneratingtherequest •HostSpecifiestheInternethostnameoftheresourcebeingrequested (usuallyaURL),plusaportnumberifdifferentfromthedefaultport(80) •If-MatchUsedtomakeaparticularrequestconditionalbymatching particularentitytags •If-Modified-SinceUsedtomakeaparticularrequestconditionalby specifyingthemodificationdateoftheclientcacheentrycontainingtheresource, whichtheservercomparestotheactualresourceandreplieswitheitherthe resourceoracachereferral •If-None-MatchUsedtomakeaparticularrequestconditionalbynot matchingparticularentitytags •If-RangeRequeststhattheservertransmitthepartsofanentitythatthe clientismissing •If-Unmodified-SinceUsedtomakeaparticularrequestconditionalby specifyingadatethattheservershouldusetodeterminewhethertosupplythe requestedresource •Max-ForwardsLimitsthenumberofproxiesorgatewaysthatcanforward therequesttoanotherserver •Proxy-AuthorizationContainscredentialswithwhichtheclientwill authenticateitselftoaproxyserver •RangeContainsoneormorebyterangesrepresentingpartsoftheresource specifiedbytheResourceURIvariablethattheclientisrequestingbesentbythe server •RefererSpecifiestheresourcefromwhichtheResourceURIvaluewas obtained •TESpecifieswhichextensiontransfer-codingstheclientcanacceptinthe responseandwhethertheclientwillaccepttrailerfieldsinachunkedtransfercoding •User-AgentContainsinformationaboutthebrowsergeneratingtherequest ResponseHeaderFieldsTheresponseheadersapplyonlytoresponsemessagesand provideadditionalinformationaboutthemessageandtheservergeneratingthemessage. TheresponseheaderFieldNamevaluesareasfollows: •Accept-RangesEnablesaservertoindicateitsacceptanceofrangerequests foraresource(usedinresponsesonly) •AgeSpecifiestheelapsedtimesinceacachedresponsewasgeneratedata server •EtagSpecifiesthecurrentvalueoftheentitytagfortherequestedvariant •LocationDirectsthedestinationsystemtoalocationfortherequested resourceotherthanthatspecifiedbytheRequestURIvariable •Proxy-AuthenticateSpecifiestheauthenticationschemeusedbyaproxy server •Retry-AfterSpecifieshowlongarequestedresourcewillbeunavailableto theclient •ServerIdentifiesthewebserversoftwareusedtoprocesstherequest •VarySpecifiestheheaderfieldsusedtodeterminewhetheraclientcanusea cachedresponsetoarequestwithoutrevalidationbytheserver •WWW-AuthenticateSpecifiesthetypeofauthenticationrequiredinorder fortheclienttoaccesstherequestedresource EntityHeaderFieldsThetermentityisusedtodescribethedataincludedinthe messagebodyofaresponsemessage,andtheentityheadersprovideadditional informationaboutthatdata.TheentityheaderFieldNamevaluesareasfollows: •AllowSpecifiestherequesttypessupportedbyaresourceidentifiedbya particularRequestURIvalue •Content-EncodingSpecifiesadditionalcontent-codingmechanisms(such asgzip)thathavebeenappliedtothedatainthebodyofthemessage •Content-LanguageSpecifiesthelanguageofthemessagebody •Content-LengthSpecifiesthelengthofthemessagebody,inbytes •Content-LocationSpecifiesthelocationfromwhichtheinformationinthe messagebodywasderived,whenitisseparatefromthelocationspecifiedbythe ResourceURIvariable •Content-MD5ContainsanMD5digestofthemessagebody(asdefinedin RFC1864)thatwillbeusedtoverifyitsintegrityatthedestination •Content-RangeIdentifiesthelocationofthedatainthemessagebody withinthewholeoftherequestedresourcewhenthemessagecontainsonlypartof theresource •Content-TypeSpecifiesthemediatypeofthedatainthemessagebody •ExpiresSpecifiesthedateandtimeafterwhichthecachedresponseistobe consideredstale •Last-ModifiedSpecifiesthedateandtimeatwhichtheserverbelievesthe requestedresourcewaslastmodified •Extension-HeaderEnablestheuseofadditionalentityheaderfieldsthat mustberecognizedbyboththeclientandtheserver HTTPResponses TheHTTPresponsesgeneratedbywebserversusemanyofthesamebasicelementsas therequests.Thestartlinealsoconsistsofthreeelements,asfollows: HTTPVersionStatusCodeStatusPhrase TheHTTPVersionvariablespecifiesthestandardsupportedbytheserver,usingthe samevalueslistedearlier.TheStatusCodeandStatusPhrasevariablesindicatewhetherthe requesthasbeenprocessedsuccessfullybytheserverand,ifithasn’t,whynot.Thecode isathree-digitnumber,andthephraseisatextstring.Thecodevaluesaredefinedinthe HTTPspecificationandareusedconsistentlybyallwebserverimplementations.Thefirst digitofthecodespecifiesthegeneralnatureoftheresponse,andthesecondtwodigits givemorespecificinformation.Thestatusphrasesaredefinedbythestandardaswell,but somewebserverproductsenableyoutomodifythetextstringsinordertosupplymore informationtotheclient.Thecodesandphrasesdefinedbythestandardarelistedinthe followingsections. InformationalCodesInformationalcodesareusedonlyinresponseswithnomessage bodiesandhavethenumeral1astheirfirstdigit,asshownhere: •100–ContinueIndicatesthattherequestmessagehasbeenreceivedbythe serverandthattheclientshouldeithersendanothermessagecompletingthe requestorcontinuetowaitforaresponse.Aresponseusingthiscodemustbe followedbyanotherresponsecontainingacodeindicatingcompletionofthe request. •101–SwitchingProtocolAresponsetoanUpdaterequestbytheclientand indicatestheserverisswitchingaswell.Whilenotincommonuse,thiscodewas createdtoallowmigrationtoanincompatibleprotocolversion. SuccessfulCodesSuccessfulcodeshavea2astheirfirstdigitandindicatethatthe client’srequestmessagehasbeensuccessfullyreceived,understood,andaccepted.The validcodesareasfollows: •200–OKIndicatesthattherequesthasbeenprocessedsuccessfullyandthat theresponsecontainsthedataappropriateforthetypeofrequest. •201–CreatedIndicatesthattherequesthasbeenprocessedsuccessfully andthatanewresourcehasbeencreated. •202–AcceptedIndicatesthattherequesthasbeenacceptedforprocessing butthattheprocessinghasnotyetbeencompleted. •203–NonauthoritativeInformationIndicatesthattheinformationinthe headersisnotthedefinitiveinformationsuppliedbytheserverbutisgathered fromalocalorathird-partycopy. •204–NoContentIndicatesthattherequesthasbeenprocessedsuccessfully butthattheresponsecontainsnomessagebody.Itmaycontainheader information. •205–ResetContentIndicatesthattherequesthasbeenprocessed successfullyandthattheclientbrowserusershouldresetthedocumentview.This messagetypicallymeansthatthedatafromaformhasbeenreceivedandthatthe browsershouldresetthedisplaybyclearingtheformfields. •206–PartialContentIndicatesthattherequesthasbeenprocessed successfullyandthattheserverhasfulfilledarequestthatusestheRangeheader tospecifypartofaresource. RedirectionCodesRedirectioncodeshavea3astheirfirstdigitandindicatethat furtheractionfromtheclient(eitherthebrowserortheuser)isrequiredtosuccessfully processtherequest.Thevalidcodesareasfollows: •300–MultipleChoicesIndicatesthattheresponsecontainsalistof resourcesthatcanbeusedtosatisfytherequest,fromwhichtheusershouldselect one. •301–MovedPermanentlyIndicatesthattherequestedresourcehasbeen assignedanewpermanentURIandthatallfuturereferencestothisresource shoulduseoneofthenewURIssuppliedintheresponse. •302–FoundIndicatesthattherequestedresourceresidestemporarilyunder adifferentURIbutthattheclientshouldcontinuetousethesameRequestURI valueforfuturerequestssincethelocationmaychangeagain. •303–SeeOtherIndicatesthattheresponsetotherequestcanbefound underadifferentURIandthattheclientshouldgenerateanotherrequestpointing tothenewURI. •304–NotModifiedIndicatesthattheversionoftherequestedresourcein theclientcacheisidenticaltothatontheserverandthatretransmissionofthe resourceisnotnecessary. •305–UseProxyIndicatesthattherequestedresourcemustbeaccessed throughtheproxyspecifiedintheLocationheader. •306–UnusedNolongerusedandiscurrentlyreservedforfutureuse. •307–TemporaryRedirectIndicatesthattherequestedresourceresides temporarilyunderadifferentURIbutthattheclientshouldcontinuetousethe sameRequestURIvalueforfuturerequestssincethelocationmaychangeagain. •308–PermanentRedirectIndicatesthattheresourceisnowatanother URL.Whilesimilartothe301responsecode,theexceptionfora308codeisthat theuseragentmustnotchangetheHTTPmethodused. ClientErrorCodesClienterrorcodeshavea4astheirfirstdigitandindicatethatthe requestcouldnotbeprocessedbecauseofanerrorbytheclient.Thevalidcodesareas follows: •400–BadRequestIndicatesthattheservercouldnotunderstandthe requestbecauseofmalformedsyntax •401–UnauthorizedIndicatesthattheservercouldnotprocesstherequest becauseuserauthenticationisrequired •402–PaymentRequiredReservedforfutureuse •403–ForbiddenIndicatesthattheserverisrefusingtoprocesstherequest andthatitshouldnotberepeated •404–NotFoundIndicatesthattheservercouldnotlocatetheresource specifiedbytheRequestURIvariable •405–MethodNotAllowedIndicatesthattherequesttypecannotbeused forthespecifiedRequestURI •406–NotAcceptableIndicatesthattheresourcespecifiedbythe RequestURIvariabledoesnotconformtoanyofthedatatypesspecifiedinthe requestmessage’sAcceptheader •407–ProxyAuthenticationRequiredIndicatesthattheclientmust authenticateitselftoaproxyserverbeforeitcanaccesstherequestedresource •408–RequestTimeoutIndicatesthattheclientdidnotproducearequest withintheserver’stimeoutperiod •409–ConflictIndicatesthattherequestcouldnotbeprocessedbecauseofa conflictwiththecurrentstateoftherequestedresource,suchaswhenaPUT commandattemptstowritedatatoaresourcethatisalreadyinuse •410–GoneIndicatesthattherequestedresourceisnolongeravailableatthe serverandthattheserverisnotawareofanalternativelocation •411–LengthRequiredIndicatesthattheserverhasrefusedtoprocessa requestthatdoesnothaveaContent-Lengthheader •412–PreconditionFailedIndicatesthattheserverhasfailedtosatisfyone ofthepreconditionsspecifiedintherequestheaders •413–RequestEntityTooLargeIndicatesthattheserverisrefusingto processtherequestbecausethemessageistoolarge •414–RequestURITooLongIndicatesthattheserverisrefusingtoprocess therequestbecausetheRequestURIvalueislongerthantheserveriswillingto interpret •415–UnsupportedMediaTypeIndicatesthattheserverisrefusingto processtherequestbecausetherequestisinaformatnotsupportedbythe requestedresourcefortherequestedmethod •416–RequestedRangeNotSatisfiableIndicatesthattheservercannot processtherequestbecausethedataspecifiedbytheRangeheaderintherequest messagedoesnotexistintherequestedresource •417–ExpectationFailedIndicatesthattheservercouldnotsatisfythe requirementsspecifiedintherequestmessage’sExpectheader ServerErrorCodesServererrorcodeshavea5astheirfirstdigitandindicatethatthe requestcouldnotbeprocessedbecauseofanerrorbytheserver.Thevalidcodesareas follows: •500–InternalServerErrorIndicatesthattheserverencounteredan unexpectedconditionthatpreventeditfromfulfillingtherequest •501–NotImplementedIndicatesthattheserverdoesnotsupportthe functionalityrequiredtosatisfytherequest •502–BadGatewayIndicatesthatagatewayorproxyserverhasreceived aninvalidresponsefromtheupstreamserveritaccessedwhileattemptingto processtherequest •503–ServiceUnavailableIndicatesthattheservercannotprocessthe requestbecauseofitbeingtemporarilyoverloadedorundermaintenance •504–GatewayTimeoutIndicatesthatagatewayorproxyserverdidnot receiveatimelyresponsefromtheupstreamserverspecifiedbytheURIorsome otherauxiliaryserverneededtocompletetherequest •505–HTTPVersionNotSupportedIndicatesthattheserverdoesnot support,orrefusestosupport,theHTTPprotocolversionusedintherequest message Afterthestartline,aresponsemessagecancontainaseriesofheaders,justlikethose inarequest,thatprovideinformationabouttheserverandtheresponsemessage.The headersectionconcludeswithablankline,afterwhichcomesthebodyofthemessage, typicallycontainingthecontentsofthefilerequestedbytheclient.Ifthefileislargerthan whatcanfitinasinglepacket,theservergeneratesadditionalresponsemessages containingmessagebodiesbutnostartlinesorheaders. FTPServers TheFileTransferProtocolisanapplicationlayerTCP/IPprotocolthatenablesan authenticatedclienttoconnecttoaserverandtransferfilestoandfromtheothermachine. FTPisnotthesameassharingadrivewithanothersystemonthenetwork.Accessis limitedtoafewbasicfilemanagementcommands,andtheprimaryfunctionofthe protocolistocopyfilestoyourlocalsystem,nottoaccesstheminplaceontheserver. LikeHTTP,FTPusestheTCPprotocolforitstransportservicesandreliesonASCII textcommandsforitsuserinterface.TherearenowmanygraphicalFTPclientsavailable thatautomatethegenerationandtransmissionoftheappropriatetextcommandstoa server. ThebigdifferencebetweenFTPandHTTP(aswellasmostotherprotocols)isthat FTPusestwoportnumbersinthecourseofitsoperations.WhenanFTPclientconnectsto aserver,itusesport21toestablishacontrolconnection.Thisconnectionremainsopen duringthelifeofthesession;theclientandserveruseittoexchangecommandsand replies.Whentheclientrequestsafiletransfer,theserverestablishesasecondconnection onport20,whichitusestotransferthefileandthenterminatesimmediatelyafterward. FTPCommands AnFTPclientconsistsofauserinterface,whichmaybetextbasedorgraphical,anda userprotocolinterpreter.Theuserprotocolinterpretercommunicateswiththeserver protocolinterpreterusingtextcommandsthatarepassedoverthecontrolconnection(see Figure16-1).Whenthecommandscallforadatatransfer,oneoftheprotocolinterpreters triggersadatatransferprocess,whichcommunicateswithalikeprocessontheother machineusingthedataconnection.Thecommandsissuedbytheuserprotocolinterpreter donotnecessarilycorrespondtothetraditionaltext-baseduserinterfacecommands.For example,toretrieveafilefromaserver,thetraditionaluserinterfacecommandisGET plusthefilename,butaftertheuserprotocolinterpreterreceivesthiscommand,itsendsan RETRcommandtotheserverwiththesamefilename.Thus,theuserinterfacecanbe modifiedforpurposesoflanguagelocalizationorotherreasons,butthecommandsused bytheprotocolinterpretersremainconsistent. Figure16-1TheprotocolinterpretersintheFTPclientandserverexchangecontrolmessages ThefollowingsectionslistthecommandsusedbytheFTPprotocolinterpreters. AccessControlCommands FTPclientsusetheaccesscontrolcommandstologintoaserver,authenticatetheuser, andterminatethecontrolconnectionattheendofthesession.Thesecommandsareas follows: •USERusernameSpecifiestheaccountnameusedtoauthenticatetheclient totheserver. •PASSpasswordSpecifiesthepasswordassociatedwiththepreviously furnishedusername. •ACCTaccountSpecifiesanaccountusedforaccesstospecificfeaturesof theserverfilesystem.TheACCTcommandcanbeissuedatanytimeduringthe sessionandnotjustduringtheloginsequence,aswithUSER. •CWDpathnameChangestheworkingdirectoryintheserverfilesystemto thatspecifiedbythepathnamevariable. •CDUPShiftstheworkingdirectoryintheserverfilesystemonelevelupto theparentdirectory. •SMNTpathnameMountsadifferentfilesystemdatastructureontheserver, withoutalteringtheuseraccountauthentication. •REINTerminatesthecurrentsession,leavingthecontrolconnectionopen andcompletinganydataconnectiontransferinprogress.AnewUSERcommand isexpectedtofollowimmediately. •QUITTerminatesthecurrentsessionandclosesthecontrolconnectionafter completinganydataconnectiontransferinprogress. TransferParameterCommands Thetransferparametercommandspreparethesystemstoinitiateadataconnectionand identifythetypeoffilethatistobetransferred.Thesecommandsareasfollows: •PORThost/portNotifiestheserveroftheIPaddressandephemeralport numberthatitexpectsadataconnectiontouse.Thehost/portvariableconsistsof sixintegers,separatedbycommas,representingthefourbytesoftheIPaddress andtwobytesfortheportnumber. •PASVInstructstheservertospecifyaportnumberthattheclientwilluseto establishadataconnection.Thereplyfromtheservercontainsahost/port variable,likePORT. •TYPEtypecodeSpecifiesthetypeoffiletobetransferredoveradata connection.Currentlyusedoptionsareasfollows: •AASCIIplain-textfile •IBinaryfile •STRUstructurecodeSpecifiesthestructureofafile.Thedefaultsetting,F (forFile),indicatesthatthefileisacontiguousbytestream.Twootheroptions,R (forRecord)andP(forPage),arenolongerused. •MODEmodecodeSpecifiesthetransfermodeforadataconnection.The defaultsetting,S(forStream),indicatesthatthefilewillbetransferredasabyte stream.Twootheroptions,B(forBlock)andC(forCompressed),arenolonger used. FTPServiceCommands TheFTPservicecommandsenabletheclienttomanagethefilesystemontheserverand initiatefiletransfers.Thesecommandsareasfollows: •RETRfilenameInstructstheservertotransferthespecifiedfiletothe client. •STORfilenameInstructstheservertoreceivethespecifiedfilefromthe client,overwritinganidenticallynamedfileintheserverdirectoryifnecessary. •STOUInstructstheservertoreceivethefilefromtheclientandgiveita uniquenameintheserverdirectory.Thereplyfromtheservermustcontainthe uniquename. •APPEpathnameInstructstheservertoreceivethespecifiedfilefromthe clientandappendittotheidenticallynamedfileintheserverdirectory.Ifnofile ofthatnameexists,theservercreatesanewfile. •ALLObytesAllocatesaspecifiednumberofbytesontheserverbeforethe clientactuallytransmitsthedata. •RESTmarkerSpecifiesthepointinafileatwhichthefiletransfershould berestarted. •RNFRfilenameSpecifiesthenameofafiletoberenamed;mustbe followedbyanRNTOcommand. •RNTOfilenameSpecifiesthenewnameforthefilepreviouslyreferenced inanRNFRcommand. •ABORAbortsthecommandcurrentlybeingprocessedbytheserver,closing anyopendataconnections. •DELEfilenameDeletesthespecifiedfileontheserver. •RMDpathnameDeletesthespecifieddirectoryontheserver. •MKDpathnameCreatesthespecifieddirectoryontheserver. •PWDReturnsthenameoftheserver’scurrentworkingdirectory. •LISTpathnameInstructstheservertotransmitanASCIIfilecontaininga listofthespecifieddirectory’scontents,includingattributes. •NLSTpathnameInstructstheservertotransmitanASCIIfilecontaininga listofthespecifieddirectory’scontents,withnoattributes. •SITEstringCarriesnonstandard,implementation-specificcommandstothe server. •SYSTReturnsthenameoftheoperatingsystemrunningontheserver. •STATfilenameWhenusedduringafiletransfer,returnsastatusindicator forthecurrentoperation.Whenusedwithafilenameargument,returnstheLIST informationforthespecifiedfile. •HELPstringReturnshelpinformationspecifictotheserver implementation. •NOOPInstructstheservertoreturnanOKresponse.Thisisusedasa sessionkeep-alivemechanism;thecommandperformsnootheractions. FTPReplyCodes AnFTPserverrespondstoeachcommandsentbyaclientwithathree-digitreplycode andatextstring.AswithHTTP,thesereplycodesmustbeimplementedasdefinedinthe FTPstandardonallserverssothattheclientcandetermineitsnextaction,butsome productsenableyoutomodifythetextthatisdeliveredwiththecodeanddisplayedtothe user. Thefirstdigitofthereplycodeindicateswhetherthecommandwascompleted successfully,unsuccessfully,ornotatall.Thepossiblevaluesforthisdigitareasfollows: •1##–PositivepreliminaryreplyIndicatesthattheserverisinitiatingthe requestedactionandthattheclientshouldwaitforanotherreplybeforesending anyfurthercommands •2##–PositivecompletionreplyIndicatesthattheserverhassuccessfully completedtherequestedaction •3##–PositiveintermediatereplyIndicatesthattheserverhasacceptedthe commandbutthatmoreinformationisneededbeforeitcanexecuteitandthatthe clientshouldsendanothercommandcontainingtherequiredinformation •4##–TransientnegativecompletionreplyIndicatesthattheserverhasnot acceptedthecommandorexecutedtherequestedactionduetoatemporary conditionandthattheclientshouldsendthecommandagain •5##–PermanentnegativecompletionreplyIndicatesthattheserverhas notacceptedthecommandorexecutedtherequestedactionandthattheclientis discouraged(butnotforbidden)fromresendingthecommand Theseconddigitofthereplycodeprovidesmorespecificinformationaboutthenature ofthemessage.Thepossiblevaluesforthisdigitareasfollows: •#0#–SyntaxIndicatesthatthecommandcontainsasyntaxerrorthathas preventeditfrombeingexecuted •#1#–InformationIndicatesthatthereplycontainsinformationthatthe commandrequested,suchasstatusorhelp •#2#–ConnectionsIndicatesthatthereplyreferstothecontrolordata connection •#3#–AuthenticationandaccountingIndicatesthatthereplyreferstothe loginprocessortheaccountingprocedure •#4#–UnusedCurrentlyunused.Isavailableforfutureuse. •#5#–FilesystemIndicatesthestatusoftheserverfilesystemasaresultof thecommand TheerrorcodesdefinedbytheFTPstandardareasfollows: •110Restartmarkerreply •120Servicereadyinnnnminutes •125Dataconnectionalreadyopen;transferstarting •150Filestatusokay;abouttoopendataconnection •200Commandokay •202Commandnotimplemented,superfluousatthissite •211Systemstatus,orsystemhelpreply •212Directorystatus •213Filestatus •214Helpmessage •215NAMEsystemtype •220Servicereadyfornewuser •221Serviceclosingcontrolconnection •225Dataconnectionopen;notransferinprogress •226Closingdataconnection •227EnteringPassiveMode(h1,h2,h3,h4,p1,p2) •230Userloggedin,proceed •250Requestedfileactionokay,completed •257“PATHNAME”created •331Usernameokay,needpassword •332Needaccountforlogin •350Requestedfileactionpendingfurtherinformation •421Servicenotavailable;closingcontrolconnection •425Can’topendataconnection •426Connectionclosed;transferaborted •450Requestedfileactionnottaken •451Requestedactionaborted;localerrorinprocessing •452Requestedactionnottaken;insufficientstoragespaceinsystem •500Syntaxerror,commandunrecognized •501Syntaxerrorinparametersorarguments •502Commandnotimplemented •503Badsequenceofcommands •504Commandnotimplementedforthatparameter •530Notloggedin •532Needaccountforstoringfiles •550Requestedactionnottaken;fileunavailable(e.g.,filenotfound,no access) •551Requestedactionaborted;pagetypeunknown •552Requestedfileactionaborted;exceededstorageallocation(forcurrent directoryordataset) •553Requestedactionnottaken;filenamenotallowed FTPMessaging AnFTPsessionbeginswithaclientestablishingaconnectionwithaserverbyusingeither aGUIorthecommandlinetospecifytheserver’sDNSnameorIPaddress.Thefirst orderofbusinessistoestablishaTCPconnectionusingthestandardthree-way handshake.TheFTPserverislisteningonport21forincomingmessages,andthisnew TCPconnectionbecomestheFTPcontrolconnectionthatwillremainopenforthelifeof thesession.ThefirstFTPmessageistransmittedbytheserver,announcingand identifyingitself,asfollows: 220CZ2MicrosoftFTPService(Version5.0) AswithallmessagestransmittedoveraTCPconnection,acknowledgmentisrequired. Duringthecourseofthesession,themessageexchangeswillbepunctuatedbyTCPACK packetsfrombothsystems,asneeded.Afteritsendstheinitialacknowledgment,theclient promptstheuserforanaccountnameandpasswordandperformstheuserloginsequence, asfollows: USERanonymous 331Anonymousaccessallowed,sendidentity(e-mailname)aspassword. [email protected] 230Anonymoususerloggedin. TheclienttheninformstheserverofitsIPaddressandtheportthatitwillusefordata connectionsontheclientsystem,asfollows: PORT192,168,2,3,7,233 200PORTcommandsuccessful. Thevalues192,168,2,and3arethefourdecimalbytevaluesoftheIPaddress,andthe7 and233arethe2bytesoftheportnumbervalue,whichtranslatesas2025.Byconverting these2portbytestobinaryform(0000011111101001)andthenconvertingthewhole2bytevaluetoadecimal,youget2025. Atthispoint,theclientcansendcommandstotheserverrequestingfiletransfersor filesystemprocedures,suchasthecreationanddeletionofdirectories.Onetypicalclient commandistorequestalistingofthefilesintheserver’sdefaultdirectory,asfollows: NLST-l Inresponsetothiscommand,theserverinformstheclientthatitisgoingtoopenadata connectionbecausethelististransmittedasanASCIIfile. 150OpeningASCIImodedataconnectionfor/bin/ls. TheserverthencommencestheestablishmentofthesecondTCPconnection,usingits ownport20andtheclientport2025specifiedearlierinthePORTcommand.Oncethe connectionisestablished,theservertransmitsthefileithascreatedcontainingthelisting forthedirectory.Dependingonthenumberoffilesinthedirectory,thetransfermay requirethetransmissionofmultiplepacketsandacknowledgments,afterwhichtheserver immediatelysendsthefirstmessageinthesequencethatterminatesthedataconnection. Oncethedataconnectionisclosed,theserverrevertstothecontrolconnectionand finishesthefiletransferwiththefollowingpositivecompletionreplymessage: 226Transfercomplete. Atthispoint,theclientisreadytoissueanothercommand,suchasarequestfor anotherfiletransfer,whichrepeatstheentireprocessbeginningwiththePORTcommand orsomeotherfunctionthatusesonlythecontrolconnection.Whentheclientisreadyto terminatethesessionbyclosingthecontrolconnection,itsendsaQUITcommand,and theserverrespondswithanacknowledgmentlikethefollowing: 221 E-mail WhileInternetservicessuchastheWebandFTParewildlypopular,theservicethatisthe closesttobeingaubiquitousbusinessandpersonalcommunicationstoolise-mail.E-mail isauniquecommunicationsmediumthatcombinestheimmediacyofthetelephonewith theprecisionofthewrittenword,andnoInternetserviceismorevaluabletothenetwork user.Untilthemid-1990s,thee-mailsystemsyouwerelikelytoencounterwereselfcontained,proprietarysolutionsdesignedtoprovideanorganizationwithinternal communications.Asthevalueofe-mailasabusinesstoolbegantoberecognizedbythe generalpublic,businesspeoplebeganswappingthee-mailaddressessuppliedtothemby specificonlineservices.However,ifyousubscribedtoadifferentservicethanyour intendedcorrespondent,youwereoutofluck.TheriseoftheInternetrevolutionizedtheemailconceptbyprovidingasingle,worldwidestandardformailcommunicationsthatwas independentofanysingleserviceprovider.Today,e-mailaddressesarealmostascommon astelephonenumbers,andvirtuallyeverynetworkwithanInternetconnectionsuppliesits userswithe-mailaddresses. E-mailAddressing Thee-mailaddressformatsoonbecomessecondnaturetobeginninge-mailusers.An Internete-mailaddressconsistsofausernameandadomainname,separatedbyan“at” symbol(@),[email protected] sites,thedomainnameinane-mailaddress([email protected]) identifiestheorganizationhostingthee-mailservicesforaparticularuser.Forindividual users,thedomainistypicallythatofanISP,whichnearlyalwayssuppliesoneormoreemailaddresseswithanInternetaccessaccount.Forcorporateusers,thedomainnameis usuallyregisteredtotheorganizationandisusuallythesamedomainusedfortheirweb sitesandotherInternetservices. Theusernamepartofane-mailaddress([email protected]) representsthenameofamailboxthathasbeencreatedonthemailserverservicingthe domain.Theusernameoftenconsistsofacombinationofnamesand/orinitialsidentifying anindividualuserattheorganization,butit’salsocommontohavemailboxesforspecific rolesandfunctionsinthedomain.Forexample,mostdomainsrunningawebsitehavea [email protected]ionalityof thewebsite. BecauseInternete-mailreliesonstandarddomainnamestoidentifymailservers,the DomainNameSystem(DNS)isanessentialpartoftheInternete-mailarchitecture.DNS serversstoreinformationinunitsofvarioustypescalledresourcerecords.TheMX resourcerecordistheoneusedtoidentifyane-mailserverinaparticulardomain.Whena mailserverreceivesanoutgoingmessagefromane-mailclient,itreadstheaddressofthe intendedrecipientandperformsaDNSlookupofthedomainnameinthataddress.The servergeneratesaDNSmessagerequestingtheMXresourcerecordforthespecified domain,andtheDNSserver(afterperformingthestandarditerativeprocessthatmay involverelatingtherequesttootherdomainservers)replieswiththeIPaddressoftheemailserverforthedestinationdomain.Theserverwiththeoutgoingmessagethenopensa connectiontothedestinationdomain’smailserverusingtheSimpleMailTransfer Protocol(SMTP).Itisthedestinationmailserverthatprocessestheusernamepartofthe e-mailaddressbyplacingthemessageintheappropriatemailbox,whereitwaitsuntilthe clientpicksitup. E-mailClientsandServers LikeHTTPandFTP,Internete-mailisaclient-serverapplication.However,inthiscase, severaltypesofserversareinvolvedinthee-mailcommunicationprocess.SMTPservers areresponsibleforreceivingoutgoingmailfromclientsandtransmittingthemail messagestotheirdestinationservers.Theothertypeofserveristheonethatmaintainsthe mailboxesandwhichthee-mailclientsusetoretrievetheirincomingmail.Thetwo predominantprotocolsforthistypeofserverarethePostOfficeProtocol,version3 (POP3)andtheInternetMessageAccessProtocol(IMAP).Thisisanothercasewhereit’s importanttounderstandthatthetermserverreferstoanapplicationandnotnecessarilyto aseparatecomputer.Inmanycases,theSMTPandeitherthePOP3orIMAPserverrunon thesamecomputer. E-mailserverproductsgenerallyfallintotwocategories,thosethataredesigned solelyforInternete-mailandthosethatprovidemorecomprehensiveinternale-mail servicesaswell.Theformerarerelativelysimpleapplicationsthattypicallyprovide SMTPsupportandmayormaynotincludeeitherPOP3orIMAPaswell.Ifnot,youhave topurchaseandinstallaPOP3orIMAPserveralsosothatyouruserscanaccesstheir mail.OneofthemostcommonSMTPserversusedontheInternetisafreeUnixprogram calledsendmail,buttherearemanyotherproducts,bothopensourceandcommercial,that runonavarietyofcomputingplatforms. Afterinstallingthemailserverapplications,theadministratorcreatesamailboxfor eachuserandregisterstheserver’sIPaddressinaDNSMXresourcerecordforthe domain.ThisenablesotherSMTPserversontheInternettosendmailtotheusers’ mailboxes.ClientsaccessthePOP3orIMAPservertodownloadmailfromtheir mailboxesandsendoutgoingmessagesusingtheSMTPserver.ISPstypicallyusemail serversofthistypebecausetheirusersarestrictlyconcernedwithInternete-mail.The servermayprovideotherconvenienceservicesforusersaswell,suchasweb-basedclient access,whichenablesuserstoaccesstheirmailboxesfromanywebbrowser. Themorecomprehensivee-mailserversareproductsthatevolvedfrominternale-mail systems.ProductslikeMicrosoftExchangestartedoutasserversthatacorporationwould installtoprovideprivatee-mailservicetouserswithinthecompany,aswellasother servicessuchascalendars,personalinformationmanagers,andgroupscheduling.As Internete-mailbecamemoreprevalent,theseproductswereenhancedtoincludethe standardInternete-mailconnectivityprotocolsaswell.Today,asingleproductsuchas Exchangeprovidesawealthofcommunicationsservicesforprivatenetworkusers.Onthis typeofe-mailproduct,themailmessagesandotherpersonaldataarestoredpermanently onthemailservers,andusersrunaspecialclienttoaccesstheirmail.Storingthemailon theservermakesiteasierforadministratorstobackitupandenablesuserstoaccesstheir mailfromanycomputer.E-mailapplicationssuchasExchangearemuchmoreexpensive thanInternet-onlymailservers,andadministeringthemismorecomplicated. Ane-mailclientisanyprogramthatcanaccessauser’smailboxonamailserver. Somee-mailclientprogramsaredesignedstrictlyforInternete-mailandcantherefore accessonlySMTP,POP3,and/orIMAPservers.Therearemanyproducts,both commercialandfree,thatperformthesamebasicfunctions.Inmanycases,e-mailclient functionalityisintegratedintootherprograms,suchaspersonalinformationmanagers (PIMs).BecausetheInternete-mailprotocolsarestandardized,userscanrunanyInternet e-mailclientwithanySMTP/POP3/IMAPservers.ConfiguringanInternete-mailclientto sendandretrievemailissimplyamatterofsupplyingtheprogramwiththeIPaddresses ofanSMTPserver(foroutgoingmail)andaPOP3orIMAPserver(forincomingmail), aswellasthenameofamailboxonthePOP3/IMAPserveranditsaccompanying password. Themorecomprehensivee-mailserverproductsrequireaproprietaryclienttoaccess alloftheirfeatures.InthecaseofExchange,theclientistheMicrosoftOutlookprogram includedaspartofthemanyMicrosoftOfficeversions.Outlookisanunusuale-mail clientinthatyoucanconfigureittooperateincorporate/workgroupmode,inwhichthe clientconnectstoanExchangeserver,orinInternet-onlymode.Bothmodesenableyouto accessSMTPandPOP3/IMAPservices,butcorporate/workgroupmodeprovidesaccessto alloftheExchangefeatures,suchasgroupscheduling,andstorestheuser’smailonthe server.Internet-onlymodestoresthemailonthecomputer’slocaldrive. SimpleMailTransferProtocol SMTPisanapplicationlayerprotocolthatisstandardizedintheIETF’sRFC821 document.SMTPmessagescanbecarriedbyanyreliabletransportprotocol,butonthe Internetandmostprivatenetworks,theyarecarriedbytheTCPprotocol,usingwellknownportnumber25attheserver.LikeHTTPandFTP,SMTPmessagesarebasedon ASCIItextcommands,ratherthantheheadersandfieldsusedbytheprotocolsatthe lowerlayersoftheprotocolstack.SMTPcommunicationscantakeplacebetweene-mail clientsandserversorbetweenservers.Ineachcase,thebasiccommunicationmodelisthe same.Onecomputer(calledthesender-SMTP)initiatescommunicationwiththeother(the receiver-SMTP)byestablishingaTCPconnectionusingthestandardthree-way handshake. SMTPCommands OncetheTCPconnectionisestablished,thesender-SMTPcomputerbeginstransmitting SMTPcommandstothereceiver-SMTP,whichrespondswithareplymessageanda numericcodeforeachcommanditreceives.Thecommandsconsistofakeywordandan argumentfieldcontainingotherparametersintheformofatextstring,followedbya carriagereturn/linefeed(CR/LF). NOTETheSMTPstandardusesthetermssender-SMTPandreceiver-SMTP todistinguishthesenderandthereceiveroftheSMTPmessagesfromthe senderandthereceiverofanactualmailmessage.Thetwoarenot necessarilysynonymous. Thecommandsusedbythesender-SMTPandtheirfunctionsareasfollows(the parenthesescontaintheactualtextstringstransmittedbythesendingcomputer): •HELLO(HELO)Usedbythesender-SMTPtoidentifyitselftothe receiver-SMTPbytransmittingitshostnameastheargument.Thereceiver-SMTP respondsbytransmittingitsownhostname. •MAIL(MAIL)Usedtoinitiateatransactioninwhichamailmessageisto bedeliveredtoamailboxbyspecifyingtheaddressofthemailsenderasthe argumentand,optionally,alistofhoststhroughwhichthemailmessagehasbeen routed(calledasourceroute).Thereceiver-SMTPusesthislistintheeventithas toreturnanondeliverynoticetothemailsender. •RECIPIENT(RCPT)Identifiestherecipientofamailmessage,usingthe recipient’smailboxaddressastheargument.Ifthemessageisaddressedto multiplerecipients,thesender-SMTPgeneratesaseparateRCPTcommandfor eachaddress. •DATA(DATA)Containstheactuale-mailmessagedata,followedbya CRLF,aperiod,andanotherCRLF(<CRLF>.<CRLF>),whichindicatestheend ofthemessagestring. •SEND(SEND)Usedtoinitiateatransactioninwhichmailistobedelivered toauser’sterminal(insteadoftoamailbox).LiketheMAILcommand,the argumentcontainsthesender’smailboxaddressandthesourceroute. •SENDORMAIL(SOML)Usedtoinitiateatransactioninwhichamail messageistobedeliveredtoauser’sterminal,iftheyarecurrentlyactiveand configuredtoreceivemessages,ortotheuser’smailbox,iftheyarenot.The argumentcontainsthesamesenderaddressandsourcerouteastheMAIL command. •SENDANDMAIL(SAML)Usedtoinitiateatransactioninwhichamail messageistobedeliveredtoauser’sterminal,iftheyarecurrentlyactiveand configuredtoreceivemessages,andtotheuser’smailbox.Theargumentcontains thesamesenderaddressandsourcerouteastheMAILcommand. •RESET(RSET)Instructsthereceiver-SMTPtoabortthecurrentmail transactionanddiscardallsender,recipient,andmaildatainformationfromthat transaction. •VERIFY(VRFY)Usedbythesender-SMTPtoconfirmthattheargument identifiesavaliduser.Iftheuserexists,thereceiver-SMTPrespondswiththe user’sfullnameandmailboxaddress. •EXPAND(EXPN)Usedbythesender-SMTPtoconfirmthattheargument identifiesavalidmailinglist.Ifthelistexists,thereceiver-SMTPrespondswith thefullnamesandmailboxaddressesofthelist’smembers. •HELP(HELP)Usedbythesender-SMTP(presumablyaclient)torequest helpinformationfromthereceiver-SMTP.Anoptionalargumentmayspecifythe subjectforwhichthesender-SMTPneedshelp. •NOOP(NOOP)PerformsnofunctionotherthantorequestthatthereceiverSMTPgenerateanOKreply. •QUIT(QUIT)Usedbythesender-SMTPtorequesttheterminationofthe communicationschanneltothereceiver-SMTP.Thesender-SMTPshouldnot closethechanneluntilithasreceivedanOKreplytoitsQUITcommandfromthe receiver-SMTP,andthereceiver-SMTPshouldnotclosethechanneluntilithas receivedandrepliedtoaQUITcommandfromthesender-SMTP. •TURN(TURN)Usedbythesender-SMTPtorequestthatitandthe receiver-SMTPshouldswitchroles,withthesender-SMTPbecomingthereceiverSMTPandthereceiver-SMTPthesender-SMTP.Theactualroleswitchdoesnot occuruntilthereceiver-SMTPreturnsanOKresponsetotheTURNcommand. NOTENotallSMTPimplementationsincludesupportforallofthe commandslistedhere.Theonlycommandsthatarerequiredtobe includedinallSMTPimplementationsareHELO,MAIL,RCPT,DATA, RSET,NOOP,andQUIT. SMTPReplies Thereceiver-SMTPisrequiredtogenerateareplyforeachofthecommandsitreceives fromthesender-SMTP.Thesender-SMTPisnotpermittedtosendanewcommanduntilit receivesareplytothepreviousone.Thispreventsanyconfusionofrequestsandreplies. Thereplymessagesgeneratedbythereceiver-SMTPconsistofathree-digitnumerical valueplusanexplanatorytextstring.Thenumberandthetextstringareessentially redundant;thenumberisintendedforusebyautomatedsystemsthattakeactionbasedon thereply,whilethetextstringisintendedforhumans.Thetextmessagescanvaryfrom implementationtoimplementation,butthereplynumbersmustremainconsistent. Thereplycodesgeneratedbythereceiver-SMTPareasfollows(italicizedvalues representvariablesthatthereceiver-SMTPreplaceswithanappropriatetextstring): •211Systemstatus,orsystemhelpreply •214Helpmessage •220Domainserviceready •221Domainserviceclosingtransmissionchannel •250Requestedmailactionokay,completed •251Usernotlocal;willforwardtoforward-path •354Startmailinput;endwith<CRLF>.<CRLF> •421Domainservicenotavailable,closingtransmissionchannel •450Requestedmailactionnottaken:mailboxunavailable •451Requestedactionaborted:localerrorinprocessing •452Requestedactionnottaken:insufficientsystemstorage •500Syntaxerror,commandunrecognized •501Syntaxerrorinparametersorarguments •502Commandnotimplemented •503Badsequenceofcommands •504Commandparameternotimplemented •550Requestedactionnottaken:mailboxunavailable •551Usernotlocal;pleasetryforward-path •552Requestedmailactionaborted:exceededstorageallocation •553Requestedactionnottaken:mailboxnamenotallowed •554Transactionfailed SMTPTransactions AtypicalSMTPmailtransactionbegins(afteraTCPconnectionisestablished)withthe sender-SMTPtransmittingaHELOcommandtoidentifyitselftothereceiver-SMTPby includingitshostnameasthecommandargument.Ifthereceiver-SMTPisoperational,it respondswitha250reply.Next,thesender-SMTPinitiatesthemailtransactionby transmittingaMAILcommand.Thiscommandcontainsthemailboxaddressofthe messagesenderastheargumentonthecommandline.Notethatthissenderaddressrefers tothepersonwhogeneratedthee-mailmessageandnotnecessarilytotheSMTPserver currentlysendingcommands. NOTEInthecasewheretheSMTPtransactionisbetweenane-mailclient andanSMTPserver,thesenderofthee-mailandthesender-SMTPrefer tothesamecomputer,butthereceiver-SMTPisnotthesameasthe intendedreceiver(thatis,theaddressee)ofthee-mail.Inthecaseoftwo SMTPserverscommunicating,suchaswhenalocalSMTPserver forwardsthemailmessagesithasjustreceivedfromclientstotheir destinationservers,neitherthesender-SMTPnorthereceiver-SMTPrefer totheultimatesenderandreceiverofthee-mailmessage. Ifthereceiver-SMTPisreadytoreceiveandprocessamailmessage,itreturnsa250 responsetotheMAILmessagegeneratedbythesender-SMTP.Afterreceivingapositive responsetoitsMAILcommand,thesender-SMTPproceedsbysendingatleastoneRCPT messagethatcontainsasitsargumentthemailboxaddressofthee-mailmessage’s intendedrecipient.Iftherearemultiplerecipientsforthemessage,thesender-SMTPsends aseparateRCPTcommandforeachmailboxaddress.Thereceiver-SMTP,onreceivingan RCPTcommand,checkstoseewhetherithasamailboxforthataddressand,ifso, acknowledgesthecommandwitha250reply.Ifthemailboxdoesnotexist,thereceiverSMTPcantakeoneofseveralactions,suchasgeneratinga251UserNotLocal;Will Forwardresponseandtransmittingthemessagetotheproperserverorrejectingthe messagewithafailureresponse,suchas550RequestedActionNotTaken:Mailbox Unavailableor551UserNotLocal.Ifthesender-SMTPgeneratesmultipleRCPT messages,thereceiver-SMTPmustreplyseparatelytoeachonebeforethenextcanbe sent. ThenextstepintheprocedureisthetransmissionofaDATAcommandbythesenderSMTP.TheDATAcommandhasnoargument,andisfollowedsimplybyaCRLF.On receivingtheDATAcommand,thereceiver-SMTPreturnsa354responseandassumes thatallofthelinesthatfollowarethetextofthee-mailmessageitself.Thesender-SMTP thentransmitsthetestofthemessage,onelineatatime,endingwithaperiodona separateline(inotherwords,aCRLF.CRLFsequence).Onreceiptofthisfinalsequence, thereceiver-SMTPrespondswitha250replyandproceedstoprocessthemailmessageby storingitinthepropermailboxandclearingitsbuffers. MultipurposeInternetMailExtension SMTPisdesignedtocarrytextmessagesusing7-bitASCIIcodesandlinesnomorethan 1,000characterslong.Thisexcludesforeigncharactersand8-bitbinarydatafrombeing carriedine-mailmessages.TomakeitpossibletosendthesetypesofdatainSMTPemail,anotherstandardcalledtheMultipurposeInternetMailExtension(MIME)was publishedinfiveRFCdocuments,numbered2045through2049.MIMEisessentiallya methodforencodingvarioustypesofdataforinclusioninane-mailmessage. ThetypicalSMTPe-mailmessagetransmittedaftertheDATAcommandbeginswitha headercontainingthefamiliarelementsofthemessageitself,suchastheTo,From,and Subjectfields.MIMEaddstwoadditionalfieldstothisinitialheader,aMIME-Version indicatorthatspecifieswhichversionofMIMEthemessageisusingandaContent-Type fieldthatspecifiestheformatoftheMIME-encodeddataincludedinthemessage.The Content-TypefieldcanspecifyanyoneofseveralpredeterminedMIMEformats,oritcan indicatethatthemessageconsistsofmultiplebodyparts,eachofwhichusesadifferent format. Forexample,theheaderofamultipartmessagemightappearasfollows: MIME-Version:1.0 From:[email protected] To:[email protected] Subject:Networkdiagrams Content-Type:multipart/mixed;boundary=gc0p4Jq0M2Yt08j34c0p TheContent-Typefieldinthisexampleindicatesthatthemessageconsistsofmultiple parts,indifferentformats.Theboundaryparameterspecifiesatextstringthatisusedto delimittheparts.Thevaluespecifiedintheboundaryparametercanbeanytextstring,just aslongasitdoesnotappearinthemessagetext.Afterthisheadercomestheseparate partsofthemessage,eachofwhichbeginswiththeboundaryvalueonaseparatelineand aContent-Typefieldthatspecifiestheformatforthedatainthatpartofthemessage,as follows: —gc0p4Jq0M2Yt08j34c0p Content-Type:image/jpeg Theactualmessagecontentthenappears,intheformatspecifiedbytheContent-Type value. Theheaderforeachpartofthemessagecanalsocontainanyofthefollowingfields: •Content-Transfer-EncodingSpecifiesthemethodusedtoencodethedata inthatpartofthemessage,usingvaluessuchas7-bit,8-bit,Base64,andBinary •Content-IDOptionalfieldthatspecifiesanidentifierforthatpartofthe messagethatcanbeusedtoreferenceitinotherplaces •Content-DescriptionOptionalfieldthatcontainsadescriptionofthedatain thatpartofthemessage ThemostcommonlyrecognizableelementsofMIMEarethecontenttypesusedto describethenatureofthedataincludedaspartofane-mailmessage.AMIMEcontent typeconsistsofatypeandasubtype,separatedbyaforwardslash,asinimage/jpeg.The typeindicatesthegeneraltypeofdata,andthesubtypeindicatesaspecificformatforthat datatype.Theimagetype,forexample,hasseveralpossiblesubtypes,includingjpegand gif,whicharebothcommongraphicsformats.Systemsinterpretingthedatausethe MIMEtypestodeterminehowtheyshouldhandlethedata,eveniftheydonotrecognize theformat.Forexample,anapplicationreceivingdatawiththetext/richtextcontenttype mightdisplaythecontenttotheuser,evenifitcannothandletherichtextformat.Because thebasictypeistext,theapplicationcanbereasonablysurethatthedatawillbe recognizabletotheuser.Iftheapplicationreceivesamessagecontainingimage/gifdata, however,andisincapableofinterpretingthegifformat,itcanbeequallysure,becausethe messagepartisoftheimagetype,thattheraw,uninterpreteddatawouldbemeaningless totheuserandasaresultwouldnotdisplayitinitsrawform. ThesevenMIMEcontenttypesareasfollows: •TextContainstextualinformation,eitherunformatted(subtype:plain)or enrichedbyformattingcommands •ImageContainsimagedatathatrequiresadevicesuchasagraphicaldisplay orgraphicalprintertoviewtheinformation •AudioContainsaudioinformationthatrequiresanaudiooutputdevice(such asaspeaker)topresenttheinformation •VideoContainsvideoinformationthatrequiresthehardware/software neededtodisplaymovingimages •ApplicationContainsuninterpretedbinarydata,suchasaprogramfile,or informationtobeprocessedbyaparticularapplication •MultipartContainsatleasttwoseparateentitiesusingindependentdata types •MessageContainsanencapsulatedmessage,suchasthosedefinedbyRFC 822,whichmaythemselvescontainmultiplepartsofdifferenttypes PostOfficeProtocol ThePostOfficeProtocol,version3(POP3)isaservicedesignedtoprovidemailbox servicesforclientcomputersthatarethemselvesnotcapableofperformingtransactions withSMTPservers.Forthemostpart,thereasonfortheclientsrequiringamailbox serviceisthattheymaynotbecontinuouslyconnectedtotheInternetandarethereforenot capableofreceivingmessagesanytimearemoteSMTPserverwantstosendthem.A POP3serveriscontinuouslyconnectedandisalwaysavailabletoreceivemessagesfor offlineusers.Theserverthenretainsthemessagesinanelectronicmailboxuntiltheuser connectstotheserverandrequeststhem. POP3issimilartoSMTPinthatitreliesontheTCPprotocolfortransportservices (usingwell-knownport110)andcommunicateswithclientsusingtext-basedcommands andresponses.AswithSMTP,theclienttransmitscommandstotheserver,butinPOP3, thereareonlytwopossibleresponsecodes,+OK,indicatingthesuccessfulcompletionof thecommand,and–ERR,indicatingthatanerrorhasoccurredtopreventthecommand frombeingexecuted.InthecaseofPOP3,theserveralsosendstherequestede-mail messagedatatotheclient,ratherthantheclientsendingoutgoingmessagestotheserver asinSMTP. APOP3client-serversessionconsistsofthreedistinctstates:theauthorizationstate, thetransactionstate,andtheupdatestate.Thesestatesaredescribedinthefollowing sections. TheAuthorizationState ThePOP3sessionbeginswhentheclientestablishesaTCPconnectionwithanactive server.OncetheTCPthree-wayhandshakeiscomplete,theservertransmitsagreetingto theclient,usuallyintheformofan+OKreply.Atthispoint,thesessionentersthe authorizationstate,duringwhichtheclientmustidentifyitselftotheserverandperform anauthenticationprocessbeforeitcanaccessitsmailbox.ThePOP3standarddefinestwo possibleauthenticationmechanisms.OneoftheseutilizestheUSERandPASS commands,whichtheclientusestotransmitamailboxnameandthepasswordassociated withittotheserverincleartext.Another,moresecure,mechanismusestheAPOP command,whichperformsanencryptedauthentication. Whileintheauthorizationstate,theonlycommandpermittedtotheclientotherthan authentication-relatedcommandsisQUIT,towhichtheserverrespondswitha+OKreply beforeterminatingthesessionwithoutenteringthetransactionorupdatestates. Oncetheauthenticationprocesshasbeencompletedandtheclientgrantedaccessto itsmailbox,thesessionentersthetransactionstate. TheTransactionState Oncethesessionhasenteredthetransactionstate,theclientcanbegintotransmitthe commandstotheserverwithwhichitretrievesthemailmessageswaitinginitsmailbox. Whentheserverentersthetransactionstate,itassignsanumbertoeachofthemessagesin theclient’smailboxandtakesnoteofeachmessage’ssize.Thetransactionstate commandsusethesemessagenumberstorefertothemessagesinthemailbox.The commandspermittedwhilethesessionisinthetransactionstateareasfollows.Withthe exceptionoftheQUITcommand,allofthefollowingcommandscanbeusedonlyduring thetransactionstate. •STATCausestheservertotransmitadroplistingofthemailboxcontentsto theclient.Theserverrespondswithasinglelinecontainingan+OKreply, followedonthesamelinebythenumberofmessagesinthemailboxandthetotal sizeofallthemessages,inbytes. •LISTCausestheservertotransmitascanlistingofthemailboxcontentsto theclient.Theserverrespondswithamultilinereplyconsistingofa+OKonthe firstline,followedbyanadditionallineforeachmessageinthemailbox, containingitsmessagenumberanditssize,inbytes,followedbyalinecontaining onlyaperiod,whichindicatestheendofthelisting.Aclientcanalsoissuethe LISTcommandwithaparameterspecifyingaparticularmessagenumber,which causestheservertoreplywithascanlistingofthatmessageonly. •RETRCausestheservertotransmitamultilinereplycontainingan+OK reply,followedbythefullcontentsofthemessagenumberspecifiedasa parameterontheRETRcommandline.Aseparatelinecontainingonlyaperiod servesasadelimiter,indicatingtheendofthemessage. •DELECausestheservertomarkthemessagerepresentedbythemessage numberspecifiedasaparameterontheDELEcommandlineasdeleted.Once marked,clientscannolongerretrievethemessage,nordoesitappearindrop listingsandscanlistings.However,theserverdoesnotactuallydeletethemessage untilitenterstheupdatestate. •NOOPPerformsnofunctionotherthantocausetheservertogeneratean +OKreply. •RSETCausestheservertounmarkanymessagesthathavebeenpreviously markedasdeletedduringthesession. •QUITCausesthesessiontoentertheupdatestatepriortotheterminationof theconnection. TheUpdateState Oncetheclienthasfinishedretrievingmessagesfromthemailboxandperformingother transactionstateactivities,ittransmitstheQUITcommandtotheserver,causingthe sessiontotransitiontotheupdatestate.Afterenteringtheupdatestate,theserverdeletes allofthemessagesthathavebeenmarkedfordeletionandreleasesitsexclusiveholdon theclient’smailbox.Iftheserversuccessfullydeletesallofthemarkedmessages,it transmitsa+OKreplytotheclientandproceedstoterminatetheTCPconnection. InternetMessageAccessProtocol POP3isarelativelysimpleprotocolthatprovidesclientswithonlythemostbasicmailbox service.Innearlyallcases,thePOP3serverisusedonlyasatemporarystoragemedium; e-mailclientsdownloadtheirmessagesfromthePOP3serveranddeletethemfromthe serverimmediatelyafterward.Itispossibletoconfigureaclientnottodeletethemessages afterdownloadingthem,buttheclientmustthendownloadthemagainduringthenext session.TheInternetMessageAccessProtocol(IMAP)isamailboxservicethatis designedtoimproveuponPOP3’scapabilities. IMAPfunctionssimilarlytoPOP3inthatitusestext-basedcommandsandresponses, buttheIMAPserverprovidesconsiderablymorefunctionsthanPOP3.Thebiggest differencebetweenIMAPandPOP3isthatIMAPisdesignedtostoree-mailmessageson theserverpermanently,andIMAPprovidesawiderselectionofcommandsthatenable clientstoaccessandmanipulatetheirmessages.Storingthemailontheserverenables userstoeasilyaccesstheirmailfromanycomputerorfromdifferentcomputers. Take,forexample,anofficeworkerwhonormallydownloadshere-mailmessagesto herworkcomputerusingaPOP3server.Shecancheckhermailfromherhomecomputer ifshewantstobyaccessingthePOP3serverfromthere,butanymessagesthatshe downloadstoherhomecomputerarenormallydeletedfromthePOP3server,meaning thatshewillhavenorecordofthemonherofficecomputer,wheremostofhermailis stored.UsingIMAP,shecanaccessallofhermailfromeitherherhomeoroffice computeratanytime,includingallofthemessagesshehasalreadyreadatbothlocations. Tomakethestorageofclients’e-mailontheserverpractical,IMAPincludesanumber oforganizationalandperformancefeatures,includingthefollowing: •Userscancreatefoldersintheirmailboxesandmovetheire-mailmessages amongthefolderstocreateanorganizedstoragehierarchy. •Userscandisplayalistofthemessagesintheirmailboxesthatcontainsonly theheaderinformationandthenselectthemessagestheywanttodownloadin theirentirety. •Userscansearchformessagesbasedonthecontentsoftheheaderfields,the messagesubject,orthebodyofthemessage. WhileIMAPcanbeasensiblesolutionforacorporatee-mailsysteminwhichusers mightbenefitfromitsfeatures,itisimportanttorealizethatIMAPrequiresconsiderably moreinthewayofnetworkandsystemresourcesthanPOP3.Inadditiontothediskspace requiredtostoremailontheserverindefinitely,IMAPrequiresmoreprocessingpowerto executeitsmanycommandsandconsumesmorenetworkbandwidthbecauseusersremain connectedtotheserverformuchlongerperiodsoftime.Forthesereasons,POP3remains themailboxserverofchoiceforInternetserviceproviders,thelargestconsumersofthese serverproducts. PART V NetworkOperatingServices CHAPTER17 Windows CHAPTER18 ActiveDirectory CHAPTER19 Linux CHAPTER20 Unix CHAPTER21 OtherNetworkOperatingSystemsandNetworkingintheCloud CHAPTER 17 Windows Intheyearssinceitsinitialreleasein1985,Microsoft’sWindowsoperatingsystemhas becomethemostprevalentoperatingsystemonthemarket.Window’sfamiliarinterface andeaseofuseenabledrelativelyunsophisticateduserstoinstallandmaintainlocalarea networks(LANs),makingLANtechnologyaubiquitouspartofdoingbusiness.The variousversionsofWindows8(and8.1),thelatestincarnationsoftheoperatingsystem, aredesignedforusebymobiledevices,stand-alonecomputers,andthemostpowerful servers. TheRoleofWindows Windowsoperatesonapeer-to-peermodel,inwhicheachsystemcanfunctionbothasa clientandasaserver.Asaresult,thesamefamiliarinterfaceisusedinallWindows computers,bothclientsandservers,simplifyingthelearningcurveforusersaswellasthe developmenteffortforsoftwaredesigners. AtthetimeofWindowsNT’sintroduction,installingaserverwaslargelyamanual processinwhichyouhadtomodifytheserver’sconfigurationfilesinordertoloadthe appropriatedrivers.Windows,ontheotherhand,hadanautomatedinstallationprogram muchlikethoseofmostapplications.Whiletheprocessofsettingupearliernetworks requiredconsiderableexpertise,manypeoplediscoveredthatareasonablysavvyPCuser couldinstalltheWindowsoperatingsystem(OS)andWindowsapplicationswithlittle difficulty. AmajorfactorthatcontributedtoWindows’riseinpopularitywasitsadoptionof TransmissionControlProtocol/InternetProtocol(TCP/IP)asitsdefaultprotocols.Asthe Internetgrew,amarketdevelopedforaplatformthatwaseasiertousethanUnixthat wouldrunInternetandintranetserverapplications,andWindowsfitthebillnicely. Eventually,majordatabaseengineswererunningonWindowsservers,andthesimilarity oftheclientandserverplatformsstreamlinedthedevelopmentprocess. Versions ThefirstversionofWindowsNT(whichwasgiventheversionnumber3.1toconform withthethen-currentversionofWindows)wasintroducedin1993.Themotivationbehind itwastocreateanew32-bitOSfromthegroundupthatleftallvestigesofDOSbehind. AlthoughtheinterfacewasnearlyidenticalinappearancetothatofaWindows3.1 system,NTwasacompletelynewOSinmanyfundamentalways.Backward compatibilitywithexistingapplicationsisafactorthathasalwayshinderedadvancesin operatingsystemdesign,andonceMicrosoftdecidedthatrunninglegacyprogramswas nottobeaprioritywithWindowsNT,itwasfreetoimplementradicalchanges. ThevariousversionsofWindowsNTfellintothreedistinctgenerations,basedonthe userinterface.ThefirstgenerationconsistedofWindowsNT3.1,3.5,and3.51,allthree ofwhichusethesameWindows3.1–styleinterface.Version3.1usedNetBEUIasits defaultprotocol,whichimmediatelylimiteditsusetorelativelysmallnetworks.TCP/IP andIPXsupportwereavailable,butonlythroughtheSTREAMSinterface. ThesecondgenerationconsistedofWindowsNT4.0,whichwasreleasedin1996as aninterimupgradeleadingtowardthemajorinnovationthatMicrosoftbeganpromisingin 1993.NT4usedthesameinterfaceintroducedinWindows95andpositionedtheOS morepositivelyasanInternetplatformwiththeinclusionoftheInternetExplorerweb browserandInternetInformationServices—acombinationWorldWideWeb,FTP,and Gopherserver. ThethirdgenerationwasWindows2000,whichwasthelong-awaitedreleaseofthe operatingsystemthatwasoriginallycode-namedCairo.TheWindows2000interfacewas arefinedversionoftheNT4/Windows95graphicaluserinterface(GUI),butthebiggest improvementwastheinclusionofActiveDirectory,anenterprisedirectoryservicethat representedaquantumleapoverthedomain-baseddirectoryserviceincludedinWindows NT.WindowsXPwasthenext-generationoperatingsystemthatbroughttheDOS-based worldofWindows95,98,andMEtogetherwiththeWindowsNT/2000designtoforma singleproductlinethatwassuitableforbothhomeandofficecomputers. SinceWindowsXP(whichwasnolongerautomaticallyupdatedafterApril2014), therehavebeenseveralnewsystems.WindowsVistawasreleasedin2006andincluded IPv6,comprehensivewirelessnetworking,and64-bitsupport.Vistareceivedgeneral criticismbasedonseveralfactors,suchasperformance,whichwascriticizedasnotbeing muchofanimprovementoverWindowsXP.Manyusersresoundinglyattackedthe enhancementsthatweresupposedtocreateadditionalsecuritysuchastheproduct activationrequirementsandthepersistentUserAccountControl(UAC)securityfeature. (UACinWindowsVistarequiredapprovalofeachapplicationbeforeitcouldbeutilized.) Inretrospect,WindowsVistaisoftenconsideredtobeoneofthebiggesttechfailuresof theearlyyearsofthe21stcentury. AfterthefailureofWindowsVista,MicrosoftintroducedWindows7in2009. Originallydesignedasanincrementalupgrade,thisversionincludedarevampedUAC andmuchbetterperformanceandintuitiveinterface.Itofferedimprovedperformance withthemulticoreprocessorsthatwerebecomingcommon,supportformoremodern graphicscards,mediafeatures,andfastboottimes,aswellassupportforvirtualhard disks. In2013,MicrosoftintroducedWindows8.Windows8wasvisuallyquitedifferent fromearliersystemsandwasdesignedtoworkontouchscreens(suchasthoseonmobile devices)aswellaswithamouseandkeyboard.Bycombiningthemobile-friendlyscreens withtheWindowsdesktopwithwhichmostwerefamiliar,theresultwasasystemthat pleasednoone.Withinafewmonths(byMicrosoftstandards),Windows8.1wasreleased, whichkeptmanyofthefeaturesofthe“mobile”screensbutmadethedesktopmore accessibletopleasedesktopusers. Microsofthastraditionallyreleaseditsserversoftwareinconjunctionwithits operatingsystems.However,startingwithWindowsServer2008(R2),ithassometimes changedreleasetimes.Thelatestversion,WindowsServer2012R2,however,was releasedatthesametimeasWindows8.1inOctoberof2013. ServicePacks Traditionally,MicrosofthasreleasedregularupdatestotheWindowsproductsintheform ofservicepacks,whichcontainnumerousfixesandupgradesinonepackage,usinga singleinstallationroutine.Microsoftwasoneofthefirstsoftwarecompaniestoadoptthis updatereleasemethod,whichwasavastimprovementoverdozensofsmallpatchreleases (sometimescalledhotfixes)thataddressedsingle,specificissues.Apartfromthe inconvenienceofdownloadingandinstallingmanysmallpatches,thisupdatemethodwas atechnicalsupportnightmarebecauseitwasdifficultforboththeuserandthetechnician toknowexactlywhichpatcheshadbeeninstalled.Servicepacksweredesignedtodetect thecomponentsinstalledonaWindowscomputerandinstallonlytheupdatesneededby thosecomponents. Servicepacksconsistofasinglereleaseforallofthevariouseditionsofanoperating system.Servicepacksoftenconsistofmorethanjustbugfixes.Theymayinclude upgradedversionsofoperatingsystemutilities,newfeatures,orentirelynewprograms. Allofthecomponentsareinstalledatthesametimebytheservicepack’ssetupprogram. Servicepacksaresometimes(butnotalways)cumulative,meaningthateachsuccessive servicepackforaparticularproductcontainsthecontentsofallofthepreviousservice packsforthatproduct.ThissimplifiestheprocessofinstallingWindowsonanew computerorupdatingonethathasn’tbeenpatchedinsometime,butitalsocausesthe servicepackreleasestogrowverylarge.Microsoftmakesitsservicepacksavailableas freedownloadsoronCD-ROMs,forwhichyoumustpaypostage,handling,andmedia fees. Again,traditionally,Microsoft’spolicywastoproducesecurityfixesforboththe currentservicepackandthepreviousone.ITpeopleappreciatedthisbecausethisallowed plentyoftimetotestthenewupdatebeforeitwasdeployedacrosstheirnetworks. However,whenthefirstupdatetoWindows8.1wasreleasedinApril2014,thispolicy seemstohavechanged.Microsoftstatedthatthisupdatewasmandatoryandthatallfuture securityupdateswouldrequiretheAprilupdatetobeinstalled.Thispolicyandtheupdate maysignaltheendofservicepacksastheypreviouslybeenknown. MicrosoftTechnicalSupport ForthenetworkadministratorwhoisheavilycommittedtotheuseofMicrosoftproducts, MicrosoftTechNetwasasubscription-basedCD-ROMproductthatwasaninvaluable resourcefortechnicalinformationandproductupdatesthatendedin2013.Themonthly releasestypicallyincludedsixormoreCD-ROMscontainingresourcekits, documentation,theentireKnowledgeBaseforalloftheMicrosoftproducts,andalotof othermaterial. Startingin2013,Microsoftreplacedthisprogramwithanumberoffreeresources, includingtheTechNetEvaluationCenterlocatedathttp://technet.microsoft.com/enUS/evalcenter.ThesenewservicesforITprofessionalsincludeTechNetVirtualLabsfor freeonlinetesting.Thisenvironmentisdesignedtoevaluatenewproducts;the documentationstatesthatthetestingcanbecompletedonlineinlessthantwohours,so thereisnoneedtoinstallevaluationcopieslocally.Microsoftalsohaspaidsubscriptions foraccesstobothcurrentandpriorsoftwareversionsthroughitsMSDNandMAPS programs.BothofferITprofessionalsthechancetodownloadproducts,askquestions,test products,andtakee-learningclassesonMicrosoftproducts. Inaddition,MicrosofthascreatedaprogramforstudentscalledDreamSpark.This programallowsregisteredstudentstodownloadsoftwarefortestingandstudy.Forsmall businessstartups,asimilarprogramcalledBizSparkisavailablebasedoncertain eligibilitycriteria.Thereareadditional(free)coursesavailablethroughtheMicrosoft VirtualAcademysiteatwww.microsoftvirtualacademy.com. OperatingSystemOverview Windowssystemsaremodularoperatingsystemsthataredesignedtotakeadvantageof theadvancedcapabilitiesbuiltintothelatestprocessors,whileleavingbehindthememory andstorageconstraintsimposedbyDOS-basedoperatingsystems.Earlyoperating systemssuchasDOSweremonolithic—thatis,theentireOSconsistedofasingle functionalunit,whichmadeitdifficulttoupgradeandmodify.BycreatinganOS composedofmanyseparatecomponents,Microsoftmadeiteasiertoupgradeandmodify partsoftheoperatingsystemwithoutaffectingotherelementsintheoverallfunctionality ofthewhole. KernelModeComponents TheWindowsoperatingsystemsarecomposedofcomponentsthatruninoneoftwo modes:kernelmodeandusermode(seeFigure17-1).Acomponentrunninginkernel modehasfullaccesstothesystem’shardwareresourcesviathehardwareabstraction layer(HAL),whichisavirtualinterfacethatisolatesthekernelfromthecomputer hardware.AbstractingthekernelfromthehardwaremakesitfareasiertoporttheOSto differenthardwareplatforms. Figure17-1Windowsarchitecture TheOSkernelitselfisresponsiblefordelegatingspecifictaskstothesystem processororprocessorsandotherhardware.Tasksconsistofprocesses,brokendowninto threads,whicharethesmallestunitsthatthekernelcanscheduleforexecutionbya processor.Athreadisasequenceofinstructionstowhichthekernelassignsapriority levelthatdetermineswhenitwillbeexecuted.Whenthecomputerhasmultiple processors,thekernelrunsonallofthemsimultaneously,sharingaccesstospecific memoryareasandallocatingthreadstospecificprocessorsaccordingtotheirpriorities. InadditiontotheHALandthekernel,Windows’executiveservicesruninkernel mode.Theseexecutiveservicesconsistofthefollowingcomponents. ObjectManager Windowscreatesobjectsthatfunctionasabstractrepresentationsofoperatingsystem resources,suchashardwaredevicesandfilesystementities.Anobjectconsistsof informationabouttheresourceitrepresentsandalistofmethods,whichareprocedures usedtoaccesstheobject.Afileobject,forexample,consistsofinformationsuchasthe file’snameandmethodsdescribingtheoperationsthatcanbeperformedonthefile,such asopen,close,anddelete. TheWindowsObjectManagermaintainsahierarchical,globalnamespaceinwhich theobjectsarestored.Forexample,whenthesystemloadsakernelmodedevicedriver,it registersadevicenamewiththeObjectManager,suchas\Device\CDRom0foraCDROMdriveor\Device\Serial0foraserialport.Theobjectsthemselvesarestoredin directoriessimilartothoseinafilesystem,buttheyarenotpartofanyWindowsfile system.Inadditiontohardwaredevices,objectscanreferencebothabstractandconcrete entities,includingthefollowing: •Files •Directories •Processes •Threads •Memorysegments •Semaphores Byusingastandardformatforallobjects,regardlessofthetypeofentitiesthey represent,theObjectManagerprovidesaunifiedinterfaceforobjectcreation,security, monitoring,andauditing.Accesstoobjectsinthenamespaceisprovidedtosystem processesusingobjecthandles,whichcontainpointerstotheobjectsandtoaccesscontrol information. NOTEThekernelmodeobjectsdiscussedherearenotequivalenttothe objectsintheActiveDirectorydatabase.Theyaretwocompletely differenthierarchies.ActiveDirectoryrunsinusermodewithinthe Windowssecuritysubsystem. Usually,theonlyplacesthatyouseedevicesreferredtobytheseobjectnamesare entriesintheregistry’sHKEY_LOCAL_MACHINE\HARDWAREkeyanderror messagessuchasthosedisplayedintheinfamous“bluescreenofdeath.”Applications typicallyrunintheWin32subsystem,whichisausermodecomponentthatcannotuse internalWindowsdevicenames.Instead,theWin32subsystemreferencesdevicesusing standardMS-DOSdevicenames,likedrivelettersandportdesignationssuchasCOM1. TheseMS-DOSnamesexistasobjectsintheObjectManager’snamespace,inadirectory called\??,buttheydonothavethesamepropertiesastheoriginalresources;theyare actuallyonlysymboliclinkstotheequivalentWindowsdevicenames. SecurityReferenceMonitor EveryWindowsobjecthasanaccesscontrollist(ACL)thatcontainsaccesscontrolentries (ACEs)thatspecifythesecurityidentifiers(SIDs)ofusersorgroupsthataretobe permittedaccesstotheobject,aswellasthespecificactionsthattheuserorgroupcan perform.Whenausersuccessfullylogsontothecomputer,Windowscreatesasecurity accesstoken(SAT)thatcontainstheSIDsoftheuserandallthegroupsofwhichtheuser isamember.Whenevertheuserattemptstoaccessanobject,theSecurityReference MonitorisresponsibleforcomparingtheSATwiththeACLtodeterminewhethertheuser shouldbegrantedthataccess. ProcessandThreadManager TheProcessandThreadManagerisresponsibleforcreatinganddeletingtheprocess objectsthatenablesoftwaretorunonaWindowssystem.Eachprocess(orsoftware program)hasitsuniqueidentifier,andathreadistheidentifierforthepartoftheprogram thatiscurrentlyrunning.Aprocessobjectincludesavirtualaddressspaceandacollection ofresourcesallocatedtotheprocess,aswellasthreadscontainingtheinstructionsthat willbeassignedtothesystemprocessors.Whenamachinehasonlyoneprocessor,each threadmustberunbyitself.Afterthatthreadhascompleted,theprocessorexecutesthe nextthread.Onamachinewithmorethanoneprocessor,aprogram(application)with multiplethreadscanexecutethosemultiplethreads,withonethreadbeingrunoneach processor. VirtualMemoryManager TheabilitytousevirtualmemorywasoneofthemajorPCcomputingadvancements introducedintheIntel80386processor,andWindowsNTand2000weredesignedaround thiscapability.Virtualmemoryistheabilitytousethecomputer’sdiskspaceasan extensiontothephysicalmemoryinstalledinthemachine. EveryprocesscreatedonaWindowscomputerbytheProcessManagerisassigneda virtualaddressspacethatappearstobe4GBinsize.TheVirtualMemoryManager (VMM)isresponsibleformappingthatvirtualaddressspacetoactualsystemmemory,as needed,in4KBunitscalledpages.Whenthereisnotenoughphysicalmemoryinthe computertoholdallofthepagesallocatedbytherunningprocesses,theVMMswapsthe leastrecentlyusedpagestoafileonthesystem’sharddiskdrivecalledPagefile.sys.This swappingprocessisknownasmemorypaging. LocalProcedureCallFacility TheenvironmentalsubsystemsthatruninWindows’usermode(suchastheWin32 subsystem)areutilizedbyapplications(alsorunninginusermode)inaserver-client relationship.Themessagesbetweentheclientsandserversarecarriedbythelocal procedurecall(LPC)facility.Localprocedurecallsareessentiallyaninternalizedversion oftheremoteprocedurecallsusedformessagingbetweensystemsconnectedbya network. Whenanapplication(functioningasaclient)makesacallforafunctionthatis providedbyoneoftheenvironmentalsubsystems,amessagecontainingthatcallis transmittedtotheappropriatesubsystemusingLPCs.Thesubsystem(functioningasthe server)receivesthemessageandrepliesusingthesametypeofmessage.Theprocessis completelytransparenttotheapplication,whichisnotawarethatthefunctionisnot implementedinitsowncode. I/OManager TheI/OManagerhandlesallofaWindowscomputer’sinput/outputfunctionsby providingauniformenvironmentforcommunicationbetweenthevariousdriversloaded onthemachine.UsingthelayeredarchitectureshowninFigure17-2,theI/OManager enableseachdrivertoutilizetheservicesofthedriversinthelowerlayers.Forexample, whenanapplicationneedstoaccessafileonadrive,theI/OManagerpassesanI/O requestpacket(IRP)generatedbyafilesystemdriverdowntoadiskdriver.SincetheI/O Managercommunicateswithallofthedriversinthesameway,therequestcanbe satisfiedwithoutthefilesystemhavinganydirectknowledgeofthediskdevicewherethe fileisstored. Figure17-2TheI/OManagerprovidesalayeredinterfacebetweenWindowsdrivers. WindowManager TheWindowManager,alongwiththeGraphicalDeviceInterface(GDI),isresponsible forcreatingthegraphicaluserinterfaceusedbyWindowsapplications.Applicationsmake callstoWindowManagerfunctionsinordertocreatearchitecturalelementsonthescreen, suchasbuttonsandwindows.Inthesameway,theWindowManagerinformsthe applicationwhentheusermanipulatesscreenelementsbymovingthecursor,clicking buttons,orresizingawindow. UserModeComponents Inadditiontothekernelmodeservices,Windowshastwotypesofprotectedsubsystems thatruninusermode:environmentsubsystemsandintegralsubsystems.Theenvironment subsystemsenableWindowstorunapplicationsthatweredesignedforvariousOS environments,suchasWin32.Integralsubsystems,likethesecuritysystem,performvital OSfunctions.UsermodesubsystemsareisolatedfromeachotherandfromtheWindows executiveservicessothatmodificationstothesubsystemcodedonotaffectthe fundamentaloperabilityoftheOS.Ifausermodecomponentsuchasasubsystemor applicationshouldcrash,theothersubsystemsandtheWindowsexecutiveservicesarenot affected. TheWin32Subsystem Win32istheprimaryenvironmentsubsystemthatprovidessupportforallnativeWindows applications.AlloftheotherenvironmentsubsystemsincludedwithWindowsareoptional andloadedonlywhenaclientapplicationneedsthem,butWin32isrequiredandrunsat alltimes.Thisisbecauseitisresponsibleforhandlingthekeyboardandmouseinputsand thedisplayoutputforalloftheothersubsystems.SincetheyrelyonWin32APIcalls,the otherenvironmentsubsystemscanallbesaidtobeclientsofWin32. TheDOS/Win16Subsystem UnlikeearlierversionsofWindows,Windows2000andNTdidnotrunaDOSkernel,and asaresult,theycouldnotshellouttoaDOSsession.Instead,2000andNTemulatedDOS usingasubsystemthatcreatesvirtualDOSmachines(VDMs).EveryDOSapplication usedaseparateVDMthatemulatedanIntelx86processorinVirtual86mode(evenona non-Intelsystem).Alloftheapplication’sinstructionsrannativelywithintheVDMexcept forI/Ofunctions,whichwereemulatedusingvirtualdevicedrivers(VDDs).VDDs convertedtheDOSI/OfunctionsintostandardWindowsAPIcallsandfedthemtotheI/O Manager,whichsatisfiedthecallsusingthestandardWindowsdevicedrivers. NOTEBecauseofthisemulation,notallDOSprogramsareguaranteedtorun optimally. Services AserviceisaprogramorothercomponentthatWindowsloadswiththeOSbeforeauser logsonorseesthedesktopinterface.Servicesusuallyloadautomaticallyandpermitno interferencefromthesystemuserasthey’reloading.Thisisincontrasttoother mechanismsthatloadprogramsautomatically,suchastheStartupprogramgroup.Auser withappropriaterightscanstart,stop,andpauseservicesusingtheServicesconsoleorthe NETcommandandalsospecifywhetheraparticularserviceshouldloadwhenthesystem starts,notloadatall,orrequireamanualstartup.SeeFigure17-3fortheoptions. Figure17-3TheNETcommandisusedfromthecommandprompt. Userswithoutadministrativerightscannotcontroltheservicesatall,whichmakesthe servicesausefultoolfornetworkadministrators.Youcan,forexample,configurea workstationtoloadaparticularserviceatstartup,anditwillrunwhetherauserlogsonor not.TheServerservice,forexample,whichenablesnetworkuserstoaccessthe computer’sshares,loadsautomaticallybydefault.Evenifnoonelogsontothecomputer, itispossibletoaccessitssharesfromthenetwork. TheWindowsNetworkingArchitecture NetworkingisanintegralpartofWindows,andtheoperatingsystemsuseamodular networkingarchitecturethatprovidesagreatdealofflexibilityforthenetwork administrator.WhilenotperfectlyanalogoustotheOpenSystemsInterconnection(OSI) referencemodel,theWindowsnetworkingarchitectureisstructuredinlayersthatprovide interchangeabilityofmodulessuchasnetworkadapterdriversandprotocols.Figure17-4 showsthebasicstructureofthenetworkingstack. Figure17-4TheWindowsnetworkingarchitecture Windowsreliesontwoprimaryinterfacestoseparatethebasicnetworkingfunctions, calledtheNDISinterfaceandTransportDriverInterface(TDI).Betweenthesetwo interfacesaretheprotocolsuitesthatprovidetransportservicesbetweencomputersonthe network:TCP/IP,NetBEUI,andIPX.Althoughtheyhavedifferentfeatures,thesethree setsofprotocolsareinterchangeablewhenitcomestobasicnetworkingservices.A Windowscomputercanuseanyoftheseprotocolsorallofthemsimultaneously.TheTDI andNDISinterfacesenablethecomponentsoperatingaboveandbelowthemtoaddress whicheverprotocolisneededtoperformaparticulartask. TheNDISInterface TheNetworkDriverInterfaceSpecification(NDIS)isastandarddevelopedjointlyby Microsoftand3Comthatdefinesaninterfacebetweenthenetworklayerprotocolsandthe mediaaccesscontrol(MAC)sublayerofthedatalinklayerprotocol.TheNDISinterface liesbetweenthenetworkadapterdriversandtheprotocoldrivers.Protocolsdonot communicatedirectlywiththenetworkadapter;instead,theygothroughtheNDIS interface.ThisenablesaWindowscomputertohaveanynumberofnetworkadaptersand anynumberofprotocolsinstalled,andanyprotocolcancommunicatewithanyadapter. ThelatestversionofNDISis6.10,whichappearedinWindowsVista.NDIS6.30is includedinWindows8,andNDIS6.40withWindows8.1.Itisimplementedona Windows8systemintwoparts:theNDISwrapper(Ndis.sys)andtheNDISMACdriver. TheNDISwrapperisnotdevicespecific;itcontainscommoncodethatsurroundsthe MACdriversandprovidestheinterfacebetweenthenetworkadapterdriversandthe protocoldriversinstalledinthecomputer.ThisreplacestheProtocolManager (PROTMAN)usedbyotherNDISversionstoregulateaccesstothenetworkadapter. TheNDISMACdriverisdevicespecificandprovidesthecodeneededforthesystem tocommunicatewiththenetworkinterfaceadapter.Thisincludesthemechanismfor selectingthehardwareresourcesthedeviceuses,suchastheIRQandI/Oportaddress.All ofthenetworkinterfaceadaptersinaWindowssystemmusthaveanNDISdriver,which isprovidedbyvirtuallyallofthemanufacturersproducingNICstoday. TheTransportDriverInterface TheTransportDriverInterface(TDI)performsroughlythesamebasicfunctionasthe NDISwrapperbuthigherupinthenetworkingstack.TheTDIfunctionsastheinterface betweentheprotocoldriversandthecomponentsoperatingabovethem,suchastheserver andtheredirectors.Trafficmovingupanddownthestackpassesthroughtheinterfaceand canbedirectedtoanyoftheinstalledprotocolsorothercomponents. AbovetheTDI,Windowshasseveralmorecomponentsthatapplicationsusetoaccess networkresourcesinvariousways,usingtheTDIastheinterfacetotheprotocoldrivers. BecauseWindowsisapeer-to-peeroperatingsystem,therearecomponentsthathandle trafficrunninginbothdirections.ThemostbasicofthesecomponentsaretheWorkstation andServerservices,whichenablethesystemtoaccessnetworkresourcesandprovide networkclientswithaccesstolocalresources(respectively).Alsoatthislayerare applicationprogramminginterfaces(APIs),suchasNetBIOSandWindowsSockets, whichprovideapplicationsrunningonthesystemspecialaccesstocertainnetwork resources. EffectivewithWindows8,whichhastwoworkingmodes,MetroandDesktop,TDIis beingphasedout.(Youmayseeamessage“TDIfiltersandLSPsarenotallowed”when workinginMetromode.)MostappsthatworkedinWindows7alsoworkinDesktop mode,includingLSP.However,MetromodecannotusethenormalWinAPIandinstead usesWinRT,whichhasbeendevelopedespeciallyforWindows8. NOTELayerServiceProtocolsisaretiredMicrosoftWindowsservicethat couldinsertitselfintotheTCP/IPprotocolstackandmodifyandintercept bothinboundandoutboundtraffic. TheWorkstationService Whenyouopenafileorprintadocumentinanapplication,theprocessisthesame whetherthefileorprinterispartofthelocalsystemoronthenetwork,asfarastheuser andtheapplicationareconcerned.TheWorkstationservicedetermineswhetherthe requestedfileorprinterislocaloronthenetworkandsendstherequesttotheappropriate driver.Byprovidingaccesstonetworkresourcesinthisway,theWorkstationserviceis essentiallytheclienthalfofWindows’client-servercapability. TheWorkstationserviceconsistsoftwomodules:Services.exe,theServiceControl Manager,whichfunctionsastheusermodeinterfaceforallservices;andtheWindows networkredirector.Whenanapplicationrequestsaccesstoafile,therequestgoestothe I/OManager,whichpassesittotheappropriatefilesystemdriver.Theredirectorisalsoa filesystemdriver,butinsteadofprovidingaccesstoalocaldrive,theredirectortransmits therequestdownthroughtheprotocolstacktotheappropriatenetworkresource.TheI/O Managertreatsaredirectornodifferentlyfromanyotherfilesystemdrivers.Windows installsaredirectorfortheMicrosoftWindowsnetworkbydefault. TheMultipleUNCProvider Inthecaseofasystemwithmultiplenetworkclients(andmultipleredirectors),Windows usesoneoftwomechanismsfordeterminingwhichredirectoritshoulduse,dependingon howanapplicationformatsitsrequestsfornetworkresources.ThemultipleUNCprovider (MUP)isusedforapplicationsthatuseUniformNamingConvention(UNC)namesto specifythedesiredresource,andthemultiproviderrouter(MPR)isusedforapplications thatuseWin32networkAPIs. TheUNCdefinestheformatthatWindowsusesforidentifyingnetworkitems.UNC namestakethefollowingform: \server\share TheMultiproviderRouter ForapplicationsthatrequestaccesstonetworkresourcesusingtheWin32networkAPIs (alsoknownastheWNetAPIs),themultiproviderrouterdetermineswhichredirector shouldprocesstherequests.Inadditiontoaredirector,anetworkclientinstalledona WindowscomputerincludesaproviderDLLthatfunctionsasaninterfacebetweenthe MPRandtheredirector.TheMPRpassestherequeststhatitreceivesfromapplicationsto theappropriateproviderDLLs,whichpassthemtotheredirectors. TheServerService JustastheWorkstationserviceprovidesnetworkclientcapabilities,theServerservice enablesotherclientsonthenetworktoaccessthecomputer’slocalresources.Whenthe redirectoronaclientsystemtransmitsarequestforaccesstoafileonaserver,the receivingsystempassestherequestuptheprotocolstacktotheServerservice.TheServer serviceisafilesystemdriver(calledSrv.sys)thatisstartedbytheServiceControl Manager,justliketheWorkstationservice,thatoperatesjustabovetheTDI.Whenthe Serverservicereceivesarequestforaccesstoafile,itgeneratesareadrequestandsends ittotheappropriatelocalfilesystemdriver(suchastheNTFSorFATdriver)throughthe I/OManager.Thelocalfilesystemdriveraccessestherequestedfileintheusualmanner andreturnsittotheServerservice,whichtransmitsitacrossthenetworktotheclient.The Serverservicealsoprovidessupportforprintersharing,aswellasremoteprocedurecalls (RPCs)andnamedpipes,whichareothermechanismsusedbyapplicationsto communicateoverthenetwork. APIs ServicesarenottheonlycomponentsthatinteractwiththeTDIonaWindowssystem. Applicationprogramminginterfaces,suchasNetBIOSandWindowsSockets,alsosend andreceivedatathroughtheTDI,enablingcertaintypesofapplicationstocommunicate withothernetworksystemswithoutusingtheServerandWorkstationservices.Windows alsosupportsotherAPIsthatoperatehigherupinthestackandusethestandardservices toreachtheTDI. NetBIOS NetBIOSwasanintegralcomponentofMicrosoftWindowsnetworkingthroughWindows XPbecauseitprovidesthenamespaceusedtoidentifythedomains,computers,and sharesonthenetwork.BecauseofitsdependenceonNetBIOS,Windowssupportsitinall ofitsprotocols.NetBEUIisinherentlydesignedforusewithNetBIOScommunications, andtheNetBIOSoverTCP/IP(NetBT)standardsdefinedbytheInternetEngineering TaskForce(IETF)enableitsusewiththeTCP/IPprotocols.BecauseNetBIOScouldbe usedtogatherinformationaboutyournetwork(andeachcomputer),manypeopledisable itinbothWindows7andWindows8. NOTEIntoday’snetworks,NetBIOSisoftenusedforfileandprintsharingonalocal network.Thisleavesanopenpathforhackers.Youcanremovetheriskintwoways. DisableNetBIOSthroughyournetworkconnectionsettingsonyourEthernetadapter ordisabletheportsusedbyNetBIOS: UDP137,theNetBIOSnameserviceport UDP138,theNetBIOSdatagramserviceport TCP139,theNetBIOSsessionserviceport WindowsSockets TheWindowsSocketsspecificationdefinesoneoftheAPIsthatismostcommonlyused byapplicationsbecauseitistheacceptedstandardforInternetnetworkaccess.Web browsers,FTPclients,andotherInternetclientandserverapplicationsalluseWindows Sockets(Winsock)togainaccesstonetworkresources.UnlikeNetBIOS,Winsockdoes notsupportalloftheWindowsprotocols.WhileitcanbeusedwithNWLink(IPX),the overwhelmingmajorityofWinsockapplicationsuseTCP/IPexclusively.Aswith NetBIOS,WinsockisimplementedinWindowsasakernelmodeemulatorjustabovethe TDIandausermodedriver,calledWsock32.dll. FileSystems TheFATfilesystemwasaholdoverfromtheDOSdaysthatthedevelopersoftheoriginal WindowsNTproductwereseekingtotranscend.Whileanadequatesolutionfora workstation,the16-bitFATfilesystemusedbyDOScannotsupportthelargevolumes typicallyrequiredonservers,anditlacksanysortofaccesscontrolmechanism. FAT16 ThetraditionalDOSfilesystemdividedaharddiskdriveintovolumesthatwere composedofuniformlysizedclustersandusedafileallocationtable(FAT)tokeeptrack ofthedatastoredineachcluster.Eachdirectoryonthedrivecontainedalistofthefilesin thatdirectoryand,inadditiontothefilenameandotherattributes,specifiedtheentryin theFATthatrepresentedtheclustercontainingthebeginningofthefile.ThatfirstFAT entrycontainedareferencetoanotherentrythatreferencesthefile’ssecondcluster,the secondentryreferencesthethird,andsoon,untilenoughclustersareallocatedtostorethe entirefile.ThisisknownasaFATchain. NOTEItwasonlywiththeintroductionoftheFAT32filesystemthatthe traditionalFATfilesystemcametobecalledFAT16.Inmostcases, referencestoaFATdrivewithoutanumericalidentifierrefertoaFAT16 drive. TheotherlimitingfactoroftheFATfilesystemisthatasclustersgrowlarger,more drivespaceiswastedbecauseofslack.Slackisthefractionofaclusterleftemptywhen thelastbitofdatainafilefailstocompletelyfillthelastclusterinthechain.When3KB ofdatafromafileislefttostore,forexample,avolumewith4KBclusterswillcontain 1KBofslack,whileavolumewith64KBclusterswillwaste61KB.WindowsNTis designedtobeaserverOSaswellasaworkstationOS,andserversarenaturallyexpected tohavemuchlargerdrives.Theamountofslackspaceandthe4GBlimitonvolumesize arenotacceptableforaserverOS. TheothermajorshortcomingoftheFATfilesystemistheamountofinformation abouteachfilethatisstoredonthediskdrive.Inadditiontothedataitself,aFATdrive maintainsthefollowinginformationabouteachfile: •FilenameLimitedtoaneight-characternameplusathree-character extension •AttributesContainsfourusablefileattributes:Read-only,Hidden,System, andArchive •Date/timeSpecifiesthedateandtimethatthefilewascreatedorlast modified •SizeSpecifiesthesizeofthefile,inbytes FAT32 Asharddiskdrivecapacitiesgrewovertheyears,thelimitationsoftheFATfilesystem becamemoreofaproblem.Toaddresstheproblem,Microsoftcreatedafilesystemthat used32-bitFATentriesinsteadof16-bitones.Thelargerentriesmeantthattherecouldbe moreclustersonadrive.TheresultswerethatthemaximumsizeofaFAT32volumeis2 terabytes(or2,048GB)insteadof2GBforaFAT16drive,andtheclusterscanbemuch smaller,thusreducingthewastebecauseofslackspace. TheFAT32filesystemwasintroducedintheWindows95OSR2releaseandwasalso includedinWindows98,WindowsME,andWindows2000.FAT32supportedlarger volumesandsmallerclusters,butitdidnotprovideanyappreciablechangein performance,anditstilldidnothavetheaccesscontrolcapabilitiesneededfornetwork serverslikeNTFSdoes. NTFS NTFSwasthefilesystemintendedtobeusedthroughWindows7.Withoutit,youcannot installActiveDirectoryorimplementthefileanddirectory-basedpermissionsneededto secureadrivefornetworkuse.BecauseitusesacompletelydifferentstructurethanFAT drives,youcannotcreateNTFSdrivesusingtheFDISKutility. IntheNTFSfilesystem,filestaketheformofobjectsthatconsistofanumberof attributes.UnlikeDOS,inwhichthetermattributetypicallyrefersonlytotheRead-only, System,Hidden,andArchiveflags,NTFStreatsalloftheinformationregardingthefileas anattribute,includingtheflags,thedates,thesize,thefilename,andeventhefiledata itself.NTFSalsodiffersfromFATinthattheattributesarestoredwiththefile,insteadof inaseparatedirectorylisting. TheequivalentstructuretotheFATonanNTFSdriveiscalledthemasterfiletable (MFT).UnlikeFAT,however,theMFTcontainsmorethanjustpointerstootherlocations onthedisk.Inthecaseofrelativelysmallfiles(uptoapproximately1,500bytes),allof theattributesareincludedintheMFT,includingthefiledata.Whenlargeramountsof dataneedtobestored,additionaldiskclusterscalledextentsareallocated,andpointersare includedwiththefile’sattributesintheMFT.TheattributesstoredintheMFTarecalled residentattributes;thosestoredinextentsarecallednonresidentattributes. InadditiontothefourstandardDOSfileattributes,anNTFSfileincludesa Compressionflag;twodates/timesspecifyingwhenthefilewascreatedandwhenitwas lastmodified;andasecuritydescriptorthatidentifiestheownerofthefile,liststheusers andgroupsthatarepermittedtoaccessit,andspecifieswhataccesstheyaretobegranted. ResilientFileSystem StartingwithWindowsServer2012andWindowsServer8,Microsofthasintroduced ResilientFileSystem(ReFS),animprovedsystemthathastheabilitytohandlemuch highervolumesandcansharestoragepoolsacrossmachines.ItisbuiltontheNTFS,and oneofitsmainadvantagesistheabilitytodetectallformsofdiskcorruption.Primarily designedforstorageatthispoint,itcannotbootanoperatingsystemorbeusedon removablemedia. TheWindowsRegistry TheregistryisthedatabasewhereWindowsstoresnearlyallofitssystemconfiguration data.Asasystemornetworkadministrator,you’llbeworkingwiththeregistryina varietyofways,sincemanyoftheWindowsconfigurationtoolsfunctionbymodifying entriesintheregistry.Theregistryisahierarchicaldatabasethatisdisplayedinmost registryeditorapplicationsasanexpandabletree,notunlikeadirectorytree.Attherootof thetreearefivecontainers,calledkeys,withthefollowingnames: •HKEY_CLASSES_ROOTContainsinformationonfileassociations—that is,associationsbetweenfilenameextensionsandapplications. •HKEY_CURRENT_USERContainsconfigurationinformationspecificto theusercurrentlyloggedontothesystem.Thiskeyistheprimarycomponentofa userprofile. •HKEY_LOCAL_MACHINEContainsinformationonthehardwareand softwareinstalledinthecomputer,thesystemconfiguration,andtheSecurity AccountsManagerdatabase.Theentriesinthiskeyapplytoallusersofthe system. •HKEY_USERSContainsinformationonthecurrentlyloadeduserprofiles, includingtheprofilefortheuserwhoiscurrentlyloggedonandthedefaultuser profile. •HKEY_CURRENT_CONFIGContainshardwareprofileinformationused duringthesystembootsequence. Inmostcases,youworkwiththeentriesintheHKEY_LOCAL_MACHINEand HKEY_CURRENT_USERkeys(oftenabbreviatedastheHKLMandHKCU, respectively)whenyouconfigureaWindowssystem,whetheryouareawareofitornot. Whenthekeysaresavedasfiles,asinthecaseofuserprofiles,they’reoftenreferredtoas hives.Whenyouexpandoneofthesekeys,youseeaseriesofsubkeys,ofteninseveral layers.Thekeysandsubkeysfunctionasorganizationalcontainersfortheregistryentries, whichcontaintheactualconfigurationdataforthesystem.Aregistryentryconsistsof threecomponents:thevaluename,thevaluetype,andthevalueitself. Thevaluenameidentifiestheentryforwhichavalueisspecified.Thevaluetype specifiesthenatureofthedatastoredintheentry,suchaswhetheritcontainsabinary value,analphanumericstringofagivensize,ormultiplevalues.Thevaluetypesfoundin theregistryareasfollows: •REG_SZIndicatesthatthevalueconsistsofastringofalphanumeric characters.Manyoftheuser-configurablevaluesintheregistryareofthistype. •REG_DWORDIndicatesthatthevalueconsistsofa4-bytenumericalvalue usedtospecifyinformationsuchasdeviceparameters,servicevalues,andother numericconfigurationparameters. •REG_MULTI_SZSameastheREG_SZvaluetype,exceptthattheentry containsmultiplestringvalues. •REG_EXPAND_SZSameastheREG_SZvaluetype,exceptthattheentry containsavariable(suchas%SystemRoot%)thatmustbereplacedwhenthevalue isaccessedbyanapplication. •REG_BINARYIndicatesthatthevalueconsistsofrawbinarydata,usually usedforhardwareconfigurationinformation.Youshouldnotmodifytheseentries manuallyunlessyouarefamiliarwiththefunctionofeverybinarybitinthevalue. •REG_FULL_RESOURCE_DESCRIPTORIndicatesthatthevalueholds configurationdataforhardwaredevicesintheformofaninformationrecordwith multiplefields. Theregistryhierarchyislargeandcomplex,andthenamesofitskeysandentriesare oftencryptic.Locatingthecorrectentrycanbedifficult,andthevaluesareoftenlessthan intuitive.Whenyouedittheregistrymanually,youmustbecarefultosupplythecorrect valueforthecorrectentryortheresultscanbecatastrophic.Anincorrectregistry modificationcanhaltthecomputerorpreventitfrombooting,forcingyoutoreinstall Windowsfromscratch. Becauseoftheregistry’ssensitivitytoimproperhandling,selectingthepropertoolto modifyitiscrucial.Thetrade-offinWindows’registryeditingtoolsisbetweenasafe, easy-to-useinterfacewithlimitedregistryaccessandcomprehensiveaccessusingaless intuitiveinterface.Thefollowingsectionsexaminethevariousregistryeditingtools includedwithWindows. TheControlPanel Althoughitisn’tevidentfromtheinterface,mostofthefunctionsintheWindowsControl Panelworkbymodifyingsettingsintheregistry.TheControlPanel’sgraphicalinterface providesuserswithsimplifiedaccesstotheregistryandpreventsthemfromintroducing incorrectvaluesduetotypographicalerrors.YoucanalsouseWindows’security mechanismstopreventunauthorizedaccesstocertainregistrysettingsthroughtheControl Panel.ThemaindisadvantageofusingtheControlPaneltomodifytheregistryisthatit providesuseraccesstoonlyasmallfractionoftheregistry’ssettings. TheSystemPolicyEditor Systempoliciesarecollectionsofregistrysettingssavedinapolicyfilethatyoucan configureaWindowscomputertoloadwheneverauserlogsontothesystemorthe network.Youcancreatedifferentsetsofpoliciesforeachofyournetworkuserssothat whenJohnDoelogsontoaworkstation,hiscustomizedregistrysettingsaredownloaded tothecomputerandloadedautomatically.WindowsincludesatoolcalledtheSystem PolicyEditorthatyoucanusetocreatepolicyfiles;youcanalsouseittomodifythe registrydirectly.LiketheControlPanel,theSystemPolicyEditorusesagraphical interfacetosetregistryvalues,butitisfarmoreconfigurablethantheControlPaneland canprovideaccesstoagreatmanymoreregistryentries. ThesystempoliciesthattheSystemPolicyEditorlistsinitshierarchicaldisplayare derivedfromafilecalledapolicytemplate.ThetemplateisanASCIItextfilewithan .admextensionthatusesaspecialformattodefinehoweachpolicyshouldappearinthe SystemPolicyEditorandwhichregistrysettingseachpolicyshouldmodify.Windows includesseveraltemplatefilesthatdefinepoliciesforawiderangeofsystemsettings, someofwhicharealsoconfigurablethroughtheControlPanel.Becausecreatinganew systempolicyissimplyamatterofcreatinganewtemplate,softwaredeveloperscan includewiththeirproductstemplatefilesthatdefineapplication-specificsystempolicies. Youcanalsocreateyourowntemplatestomodifyotherregistrysettings. TheprocessofsettingvaluesforasystempolicybyusingtheSystemPolicyEditor consistsofnavigatingthroughthehierarchicaldisplayandselectingapolicy.Some policiesconsistofasinglefeaturethatyoucantoggleonandoff,whileothershave additionalcontrolsintheformofcheckboxes,pull-downmenus,ordataentryfields.To createapolicyfile,youselectthepoliciesyouwanttoset,specifyvaluesforthem,and thensavethemtoafilewitha.polextension. TheSystemPolicyEditorcanalsodirectlymodifytheWindowsregistry,however. WhenyouselectFile|OpenRegistry,theprogramconnectstotheregistryonthelocal machine.Whenyouconfigureapolicy,theprogramappliesthenecessarychangesdirectly totheregistry.Inaddition,whenyouchooseFile|Connect,youcanselectanother Windowscomputeronthenetworkandmodifyitsregistryfromyourremotelocation. TheuseofcustomizabletemplatefilesmakestheSystemPolicyEditorafarmore comprehensiveregistry-editingtoolthantheControlPanel.Youcanspecifyvaluesfora widerrangeofregistryentries,whilestillretainingtheadvantagesofthegraphical interface.BecausethechangesthattheSystemPolicyEditormakestotheregistryare controlledbythepolicytemplate,thepossibilityofamisspelledvalueinadataentryfield stillexists,butthechancesofanincorrectvaluedamagingthesystemisfarlessthanwhen editingtheregistrymanually. GroupPolicies Windowsgrouppoliciesarethenextstepintheevolutionofthesystempoliciesfoundin WindowsNTand98.Grouppoliciesincludealloftheregistrymodificationcapabilities foundinNTsystempolicies,plusagreatdealmore,suchastheabilitytoinstalland updatesoftware,implementdiskquotas,andredirectfoldersonuserworkstationsto networkshares.WhileNTsystempoliciesareassociatedwithdomainusersandgroups, WindowsgrouppoliciesareassociatedwithActiveDirectoryobjects,suchassites, domains,andorganizationalunits. TheRegistryEditors WindowsincludesaRegistryEditor,calledregedit.exe,thatprovidesdirectaccesstothe entireregistry.TherearemanyWindowsfeaturesyoucanconfigureusingtheRegistry Editorthatarenotaccessiblebyanyotheradministrativeinterface.Theseprogramsare themostpowerfulandcomprehensivemeansofmodifyingregistrysettingsinWindows andalsothemostdangerous.Theseeditorsdonotsupplyfriendlynamesfortheregistry entries,andtheydonotusepull-downmenusorcheckboxestospecifyvalues.Youmust locate(orcreate)thecorrectentryandsupplythecorrectvalueintheproperformat,orthe resultscanbewildlyunpredictable.WindowsinstallstheRegistryEditorwiththeOS,but itdoesnotcreateshortcutsforthemintheStartmenuoronthedesktop.Youmustlaunch theRegistryEditorbyusingtheRundialogbox,byusingWindowsExplorer,orby creatingyourownshortcuts.LiketheSystemPolicyEditor,theRegistryEditorenables youtoconnecttoanotherWindowssystemonthenetworkandaccessitsregistry. NOTEMakingregistryadjustmentscancausemajorissueswithyour computer.Registryeditingshouldbedoneonlyafteracompleteregistry backup. OptionalWindowsNetworkingServices Inadditiontoitscoreservices,Windows,particularlyintheServerversions,includesa largecollectionofoptionalservicesthatyoucanchoosetoinstalleitherwiththeOSorat anytimeafterward.Someoftheseservicesarediscussedinthefollowingsections. ActiveDirectory ActiveDirectory,theenterprisedirectoryserviceincludedwithmostWindowsServer products,isahierarchical,replicateddirectoryservicedesignedtosupportnetworksof virtuallyunlimitedsize.FormoreinformationonActiveDirectory,seeChapter18. MicrosoftDHCPServer UnlikeNetBEUIandIPX,usingtheTCP/IPprotocolsonanetworkrequiresthateach computerbeconfiguredwithauniqueIPaddress,aswellasotherimportantsettings.A DynamicHostConfigurationProtocol(DHCP)serverisanapplicationdesignedto automaticallysupplyclientsystemswithTCP/IPconfigurationsettingsasneeded,thus eliminatingatediousmanualnetworkadministrationchore. MicrosoftDNSServer TheDomainNameSystem(DNS)facilitatestheuseoffamiliarnamesforcomputersona TCP/IPnetworkinsteadoftheIPaddressestheyusetocommunicate.Designedforuseon theInternet,DNSserversresolvedomainnames(Internetdomainnames,notNTdomain names)intoIPaddresses,eitherbyconsultingtheirownrecordsorbyforwardingthe requesttoanotherDNSserver.TheDNSserverincludedwithWindowshasaserverto functionontheInternetinthiscapacity. WindowsInternetNamingService WindowsInternetNamingService(WINS)isanotherservicethatsupportstheuseof TCP/IPonaWindowsnetwork.Windows9xandNTidentifiedsystemsusingNetBIOS names,butinordertotransmitapackettoamachinewithagivennameusingTCP/IP,the senderhadtofirstdiscovertheIPaddressassociatedwiththatname.WINSisessentiallya databaseserverthatstorestheNetBIOSnamesofthesystemsonthenetworkandtheir associatedIPaddresses.Whenasystemwantstotransmit,itsendsaquerytoaWINS servercontainingtheNetBIOSnameofthedestinationsystem,andtheWINSserver replieswithitsIPaddress. CHAPTER 18 ActiveDirectory Thedomain-baseddirectoryserviceusedbyWindowsoncecameunderfireforits inabilitytoscaleuptosupportlargernetworks.Anenterprisenetworkthatconsistsof multipledomainsislimitedinitscommunicationbetweenthosedomainstothetrust relationshipsthatadministratorsmustmanuallyestablishbetweenthem.Inaddition, becauseeachdomainmustbemaintainedindividually,theaccountadministrationprocess iscomplicatedenormously.SincetheoriginalWindowsNT3.1releasein1993,Microsoft promisedtodeliveramorerobustdirectoryservicebettersuitedforuseonlargenetworks, andfinallyMicrosoftaccomplishedthetaskinWindows2000withActiveDirectory. ActiveDirectory(AD)isanobject-oriented,hierarchical,distributeddirectory servicesdatabasesystemthatprovidesacentralstorehouseforinformationaboutthe hardware,software,andhumanresourcesofanentireenterprisenetwork.Basedonthe generalprinciplesoftheX.500globaldirectorystandards,networkusersarerepresented byobjectsintheActiveDirectorytree.Administratorscanusethoseobjectstograntusers accesstoresourcesanywhereonthenetwork,whicharealsorepresentedbyobjectsinthe tree.Unlikeaflat,domain-basedstructureforadirectory,ActiveDirectoryexpandsthe structureintomultiplelevels.ThefundamentalunitoforganizationintheActive Directorydatabaseisstillthedomain,butagroupofdomainscannowbeconsolidated intoatree,andagroupoftreescanbeconsolidatedintoaforest.Administratorscan managemultipledomainssimultaneouslybymanipulatingthetreeandcanmanage multipletreessimultaneouslybymanipulatingaforest. Adirectoryserviceisnotonlyadatabaseforthestorageofinformation,however.It alsoincludestheservicesthatmakethatinformationavailabletousers,applications,and otherservices.ActiveDirectoryincludesaglobalcatalogthatmakesitpossibletosearch theentiredirectoryforparticularobjectsusingthevalueofaparticularattribute. Applicationscanusethedirectorytocontrolaccesstonetworkresources,andother directoryservicescaninteractwithADusingastandardizedinterfaceandtheLightweight DirectoryAccessProtocol(LDAP). ActiveDirectoryArchitecture ActiveDirectoryiscomposedofobjects,whichrepresentthevariousresourcesona network,suchasusers,usergroups,servers,printers,andapplications.Anobjectisa collectionofattributesthatdefinetheresource,giveitaname,listitscapabilities,and specifywhoshouldbepermittedtouseit.Someofanobject’sattributesareassigned automaticallywhenthey’recreated,suchasthegloballyuniqueidentifier(GUID) assignedtoeachone,whileothersaresuppliedbythenetworkadministrator.Auser object,forexample,hasattributesthatstoreinformationabouttheuseritrepresents,such asanaccountname,password,telephonenumber,ande-mailaddress.Attributesalso containinformationabouttheotherobjectswithwhichtheuserinteracts,suchasthe groupsofwhichtheuserisamember.Therearemanydifferenttypesofobjects,eachof whichhasdifferentattributes,dependingonitsfunctions. ActiveDirectoryprovidesadministratorsanduserswithaglobalviewofthenetwork. EarlierWindowsNTdirectoryservicescouldusemultipledomains,butinsteadof managingtheusersofeachdomainseparately,forexample,asinWindowsNT4.0,AD administratorscreateasingleobjectforeachuserandcanuseittograntthatuseraccessto resourcesinanydomain. Eachtypeofobjectisdefinedbyanobjectclassstoredinthedirectoryschema.The schemaspecifiestheattributesthateachobjectmusthave,theoptionalattributesitmay have,thetypeofdataassociatedwitheachattribute,andtheobject’splaceinthedirectory tree.TheschemaarethemselvesstoredasobjectsinActiveDirectory,calledclassschema objectsandattributeschemaobjects.Aclassschemaobjectcontainsreferencestothe attributeschemaobjectsthattogetherformtheobjectclass.Thisway,anattributeis definedonlyonce,althoughitcanbeusedinmanydifferentobjectclasses. TheschemaisextensiblesothatapplicationsandservicesdevelopedbyMicrosoftor thirdpartiescancreatenewobjectclassesoraddnewattributestoexistingobjectclasses. ThisenablesapplicationstouseActiveDirectorytostoreinformationspecifictotheir functionsandprovidethatinformationtootherapplicationsasneeded.Forexample, ratherthanmaintainitsowndirectory,ane-mailserverapplicationsuchasMicrosoft ExchangecanmodifytheActiveDirectoryschemasothatitcanuseADtoauthenticate usersandstoretheire-mailinformation. ObjectTypes TherearetwobasictypesofobjectsinActiveDirectory,calledcontainerobjectsandleaf objects.Acontainerobjectissimplyanobjectthatstoresotherobjects,whilealeafobject standsaloneandcannotstoreotherobjects.Containerobjectsessentiallyfunctionasthe branchesofthetree,andleafobjectsgrowoffofthebranches.ActiveDirectoryuses containerobjectscalledorganizationalunits(OUs)tostoreotherobjects.Containerscan storeothercontainersorleafobjects,suchasusersandcomputers.Theguidingruleof directorytreedesignisthatrightsandpermissionsflowdownwardthroughthetree. Assigningapermissiontoacontainerobjectmeansthat,bydefault,alloftheobjectsin thecontainerinheritthatpermission.Thisenablesadministratorstocontrolaccessto networkresourcesbyassigningrightsandpermissionstoasinglecontainerratherthanto manyindividualusers. Bydefault,anActiveDirectorytreeiscomposedofobjectsthatrepresenttheusers andcomputersonthenetwork,thelogicalentitiesusedtoorganizethem,andthefolders andprinterstheyregularlyaccess.Theseobjects,theirfunctions,andtheiconsusedto representthemintoolssuchasActiveDirectoryUsersandComputersarelistedinTable 18-1. Table18-1SomeActiveDirectoryObjectTypes ObjectNaming EveryobjectintheActiveDirectorydatabaseisuniquelyidentifiedbyanamethatcanbe expressedinseveralforms.ThenamingconventionsarebasedontheLightweight DirectoryAccessProtocol(LDAP)standarddefinedinRFC2251,publishedbythe InternetEngineeringTaskForce(IETF).Thedistinguishedname(DN)ofanobject consistsofthenameofthedomaininwhichtheobjectislocated,plusthepathdownthe domaintreethroughthecontainerobjectstotheobjectitself.Thepartofanobject’sname thatisstoredintheobjectiscalleditsrelativedistinguishedname(RDN). NOTETheLightweightDirectoryAccessProtocolisanadaptationofthe DirectoryAccessProtocol(DAP)designedforusebyX.500directories. ActiveDirectorydomaincontrollersandseveralotherdirectoryservices useLDAPtocommunicatewitheachother. Byspecifyingthenameoftheobjectandthenamesofitsparentcontainersuptothe rootofthedomain,theobjectisuniquelyidentifiedwithinthedomain,eveniftheobject hasthesamenameasanotherobjectinadifferentcontainer.Thus,ifyouhavetwousers, calledJohnDoeandJaneDoe,youcanusetheRDNjdoeforbothofthem.Aslongas theyarelocatedindifferentcontainers,theywillhavedifferentDNs. CanonicalNames MostActiveDirectoryapplicationsrefertoobjectsusingtheircanonicalnames.A canonicalnameisaDNinwhichthedomainnamecomesfirst,followedbythenamesof theobject’sparentcontainersworkingdownfromtherootofthedomainandseparatedby forwardslashes,followedbytheobject’sRDN,asfollows: mgh.com/sales/inside/jdoe Inthisexample,jdoeisauserobjectintheinsidecontainer,whichisinthesales container,whichisinthemgh.comdomain. LDAPNotation ThesameDNcanalsobeexpressedinLDAPnotation,whichwouldappearasfollows: cn=jdoe,ou=inside,ou=sales,dc=mgh,dc=com Thisnotationreversestheorderoftheobjectnames,startingwiththeRDNontheleft andthedomainnameontheright.Theelementsareseparatedbycommasandincludethe LDAPabbreviationsthatdefineeachtypeofelement.Theseabbreviationsareasfollows: •cnCommonname •ouOrganizationalunit •dcDomaincomponent Inmostcases,LDAPnamesdonotincludetheabbreviations,andtheycanbeomitted withoutalteringtheuniquenessorthefunctionalityofthename.Itisalsopossibleto expressanLDAPnameinaURLformat,asdefinedinRFC1959,whichappearsas follows: ldap://cz1.mgh.com/cn=jdoe,ou=inside,ou=sales,dc=mgh,dc=com Thisformatdiffersinthatthenameofaserverhostingthedirectoryservicemust appearimmediatelyfollowingtheldap://identifier,followedbythesameLDAPnameas shownearlier.ThisnotationenablesuserstoaccessActiveDirectoryinformationusinga standardwebbrowser. GloballyUniqueIdentifiers InadditiontoitsDN,everyobjectinthetreehasagloballyuniqueidentifier(GUID), whichisa128-bitnumberthatisautomaticallyassignedbytheDirectorySystemAgent whentheobjectiscreated.UnliketheDN,whichchangesifyoumovetheobjecttoa differentcontainerorrenameit,theGUIDispermanentandservesastheultimate identifierforanobject. UserPrincipalNames Distinguishednamesareusedbyapplicationsandserviceswhentheycommunicatewith ActiveDirectory,buttheyarenoteasyforuserstounderstand,type,orremember. Therefore,eachuserobjecthasauserprinciplename(UPN)thatconsistsofausername andasuffix,[email protected],justlikethestandardInternete-mailaddress formatdefinedinRFC822.Thisnameprovidesuserswithasimplifiedidentityonthe networkandinsulatesthemfromtheneedtoknowtheirplaceinthedomaintree hierarchy. Inmostcases,theusernamepartoftheUPNistheuserobject’sRDN,andthesuffixis theDNSnameofthedomaininwhichtheuserobjectislocated.However,ifyour networkconsistsofmultipledomains,youcanopttouseasingledomainnameasthe suffixforallofyourusers’UPNs.Thisway,theUPNcanremainunchangedevenifyou movetheuserobjecttoadifferentdomain. TheUPNisaninternalnamethatisusedonlyontheWindows2000network,soit doesn’thavetoconformtotheuser’sInternete-mailaddress.However,usingyour network’se-maildomainnameasthesuffixisagoodideasothatusershavetoremember onlyoneaddressforaccessinge-mailandloggingontothenetwork. NOTEYoucanusetheActiveDirectoryDomainsandTrustsconsoleto specifyalternativeUPNsuffixessothatallofyouruserscanlogontothe networkusingthesamesuffix. Domains,Trees,andForests Windowshasalwaysbaseditsnetworkingparadigmondomains,andallbutsmall networksrequiremultipledomainstosupporttheirusers.ActiveDirectorymakesiteasier tomanagemultipledomainsbycombiningthemintolargerunitscalledtreesandforests. WhenyoucreateanewActiveDirectorydatabasebypromotingaservertodomain controller,youcreatethefirstdomaininthefirsttreeofanewforest.Ifyoucreate additionaldomainsinthesametree,theyallsharethesameschema,configuration,and globalcatalogserver(GCS,amasterlistdirectoryofActiveDirectoryobjectsthat providesuserswithanoverallviewoftheentiredirectory)andareconnectedbytransitive trustrelationships. Trustrelationshipsarehowdomainsinteractwitheachothertoprovideaunified networkdirectory.IfDomainAtrustsDomainB,theusersinDomainBcanaccessthe resourcesinDomainA.InWindowsNTdomains,trustrelationshipsoperateinone directiononlyandmustbeexplicitlycreatedbynetworkadministrators.Ifyouwantto createafullnetworkoftrustsbetweenthreedomains,forexample,youmustcreatesix separatetrustrelationshipssothateachdomaintrustseveryotherdomain.Active Directoryautomaticallycreatestrustrelationshipsbetweendomainsinthesametree. Thesetrustrelationshipsflowinbothdirections,areauthenticatedusingtheKerberos securityprotocol,andaretransitive,meaningthatifDomainAtrustsDomainBand DomainBtrustsDomainC,thenDomainAautomaticallytrustsDomainC.Atree, therefore,isasingleadministrativeunitthatencompassesanumberofdomains.The administrativenightmareofmanuallycreatingtrustrelationshipsbetweenlargenumbers ofdomainsisdiminished,andusersareabletoaccessresourcesonotherdomains. Thedomainsinatreeshareacontiguousnamespace.UnlikeaWindowsNTdomain, whichhasasingle,flatname,anActiveDirectorydomainhasahierarchicalnamethatis basedontheDNSnamespace,suchasmycorp.com.Sharingacontiguousnamespace meansthatifthefirstdomaininatreeisgiventhenamemycorp.com,thesubsequent domainsinthattreewillhavenamesthatbuildontheparentdomain’sname,suchas sales.mycorp.comandmis.mycorp.com(seeFigure18-1). Figure18-1ActiveDirectoryparentandchilddomains Theparent-childrelationshipsinthedomainhierarchyarelimitedsolelytothesharing ofanamespaceandthetrustrelationshipsbetweenthem.Unlikethecontainerhierarchy withinadomain,rightsandpermissionsdonotflowdownthetreefromdomainto domain. Inmostcases,asingletreeissufficientforanetworkofalmostanysize.However,it ispossibletocreatemultipletreesandjointheminaunitknownasaforest.Allofthe domainsinaforest,includingthoseinseparatetrees,sharethesameschema, configuration,andGCS.Everydomaininaforesthasatransitivetrustrelationshipwith theotherdomains,regardlessofthetreestheyarein.Theonlydifferencebetweenthe treesinaforestisthattheyhaveseparatenamespaces.Eachtreehasitsownrootdomain andchilddomainsthatbuildoffofitsname.Thefirstdomaincreatedinaforestisknown astheforestrootdomain. Themostcommonreasonforhavingmultipletreesisthemergingoftwo organizations,bothofwhichalreadyhaveestablisheddomainnamesthatcannotbe readilyassimilatedintoonetree.Usersareabletoaccessresourcesinothertreesbecause thetrustrelationshipsbetweendomainsindifferenttreesarethesameasthosewithina singletree.Itisalsopossibletocreatemultipleforestsonyournetwork,buttheneedfor thisisrare. Differentforestsdonotsharethesameschema,configuration,andGCS,noraretrust relationshipsautomaticallycreatedbetweenforests.Itispossibletomanuallycreate unidirectionaltrustsbetweendomainsindifferentforests,justasyouwouldonaWindows NTnetwork.Inmostcases,though,theprimaryreasonforcreatingmultipleforestsisto completelyisolatetwoareasofthenetworkandpreventinteractionbetweenthem. DNSandActiveDirectory WindowsNTisbasedonNetBIOSandusesaNetBIOSnameservercalledWindows InternetNamingService(WINS)tolocatecomputersonthenetworkandresolvetheir namesintoIPaddresses.TheprimarylimitationofNetBIOSandWINSisthattheyusea flatnamespace,whereasActiveDirectory’snamespaceishierarchical.TheADname spaceisbasedonthatoftheDomainNameSystem(DNS),sothedirectoryusesDNS serversinsteadofWINStoresolvenamesandlocatedomaincontrollers.Youmusthaveat leastoneDNSserverrunningonyournetworkinorderforActiveDirectorytofunction properly. ThedomainsinActiveDirectoryarenamedusingstandardDNSdomainnames, whichmayormaynotbethesameasthenamesyourorganizationusesontheInternet.If, forexample,youhavealreadyregisteredthedomainnamemycorp.comforusewithyour Internetservers,youcanchoosetousethatsamenameastheparentdomaininyourAD treeorcreateanewnameforinternaluse.Thenewnamedoesn’thavetoberegisteredfor Internetuse,becauseitsusewillbelimitedtoyourWindows2000networkonly. DNSisbasedonresourcerecords(RRs)thatcontaininformationaboutspecific machinesonthenetwork.Traditionally,administratorsmustcreatetheserecordsmanually, butonaWindowsnetwork,thiscausesproblems.Thetaskofmanuallycreatingrecords forhundredsofcomputersislonganddifficult,anditiscompoundedbytheuseofthe DynamicHostConfigurationProtocol(DHCP)toautomaticallyassignIPaddressesto networksystems.BecausetheIPaddressesonDHCP-managedsystemscanchange,there mustbeawayfortheDNSrecordstobeupdatedtoreflectthosechanges. TheMicrosoftDNSserversupportsdynamicDNS(DDNS),whichworkstogether withMicrosoftDHCPServertodynamicallyupdatetheresourcerecordsforspecific systemsastheirIPaddresseschange. GlobalCatalogServer Tosupportlargeenterprisenetworks,ActiveDirectorycanbebothpartitionedand replicated,meaningthatthedirectorycanbesplitintosectionsstoredondifferentservers, andcopiesofeachsectioncanbemaintainedonseparateservers.Splittingupthe directoryinthisway,however,makesitmoredifficultforapplicationstolocatespecific information.Therefore,ActiveDirectorymaintainstheglobalcatalog,whichprovidesan overallpictureofthedirectorystructure.WhileadomaincontrollercontainstheActive Directoryinformationforonedomainonly,theglobalcatalogisareplicaoftheentire ActiveDirectory,exceptthatitincludesonlytheessentialattributesofeachobject,known asbindingdata. Becausetheglobalcatalogconsistsofasubstantiallysmalleramountofdatathanthe entiredirectory,itcanbestoredonasingleserverandaccessedmorequicklybyusersand applications.Theglobalcatalogmakesiteasyforapplicationstosearchforspecific objectsinActiveDirectoryusinganyoftheattributesincludedinthebindingdata. DeployingActiveDirectory AllofthearchitecturalelementsofActiveDirectorythathavebeendescribedthusfar, suchasdomains,trees,andforests,arelogicalcomponentsthatdonotnecessarilyhave anyeffectonthephysicalnetwork.Inmostcases,networkadministratorscreatedomains, trees,andforestsbasedonthepoliticaldivisionswithinanorganization,suchas workgroupsanddepartments,althoughgeographicalelementscancomeintoplayaswell. Physically,however,anActiveDirectoryinstallationismanifestedasacollectionof domaincontrollers,splitintosubdivisionscalledsites. CreatingDomainControllers Adomaincontroller(DC)isasystemthathostsallorpartoftheActiveDirectory databaseandprovidestheservicestotherestofthenetworkthroughwhichapplications accessthatdatabase.Whenauserlogsontothenetworkorrequestsaccesstoaspecific networkresource,theworkstationcontactsadomaincontroller,whichauthenticatesthe userandgrantsaccesstothenetwork. ActiveDirectoryhasonlyonetypeofdomaincontroller.Wheninstallingaserver,you havetospecifywhetheritshouldbeaprimarydomaincontroller(PDC),abackupdomain controller(BDC),oramemberserver.Onceasystemisinstalledasadomaincontroller foraspecificdomain,thereisnowaytomoveittoanotherdomainorchangeitbacktoa memberserver.AllWindowsserversstartoutasstand-aloneormemberservers;youcan thenpromotethemtodomaincontrollersandlaterdemotethembacktomemberservers. ActiveDirectoryhasnoPDCsorBDCs;alldomaincontrollersfunctionaspeers. AserverthatistofunctionasadomaincontrollermusthaveatleastoneNTFS5.0 drivetoholdtheActiveDirectorydatabase,logfiles,andthesystemvolume,anditmust haveaccesstoaDNSserverthatsupportstheSRVresourcerecordand(optionally) dynamicupdates.IfthecomputercannotlocateaDNSserverthatprovidesthesefeatures, itofferstoinstallandconfiguretheMicrosoftDNSServersoftwareontheWindows system. DirectoryReplication Everydomainonyournetworkshouldberepresentedbyatleasttwodomaincontrollers forreasonsoffaulttolerance.OnceyournetworkisreliantonActiveDirectoryfor authenticationandotherservices,inaccessibledomaincontrollerswouldbeamajor problem.Therefore,eachdomainshouldbereplicatedonatleasttwodomaincontrollers sothatoneisalwaysavailable.Directoryservicereplicationisnothingnew,butActive DirectoryreplicatesitsdomaindatadifferentlyfromWindowsNT. WindowsNTdomainsarereplicatedusingatechniquecalledsinglemaster replication,inwhichasinglePDCwithread-writecapabilitiesreplicatesitsdatatooneor moreBDCsthatareread-only.Inthismethod,replicationtrafficalwaystravelsinone direction,fromthePDCtotheBDCs.IfthePDCfails,oneoftheBDCscanbepromoted toPDC.Thedrawbackofthisarrangementisthatchangestothedirectorycanbemade onlytothePDC.Whenanadministratorcreatesanewuseraccountormodifiesan existingone,forexample,theUserManagerforDomainsutilitymustcommunicatewith thePDC,evenifitislocatedatadistantsiteconnectedbyaslowWANlink. ActiveDirectoryusesmultiplemasterreplication,whichenablesadministratorsto makechangesonanyofadomain’sreplicas.ThisiswhytherearenolongerPDCsor BDCs.Theuseofmultiplemastersmakesthereplicationprocessfarmoredifficult, however.Insteadofsimplycopyingthedirectorydatafromonedomaincontrollerto another,theinformationoneachdomaincontrollermustbecomparedwiththatonallof theotherssothatthechangesmadetoeachreplicaarepropagatedtoeveryotherreplica. Inaddition,it’spossiblefortwoadministratorstomodifythesameattributeofthesame objectontwodifferentreplicasatvirtuallythesametime.Thereplicationprocessmustbe abletoreconcileconflictsliketheseandseetoitthateachreplicacontainsthemostup-todateinformation. MultimasterDataSynchronization Somedirectoryservices,suchasNDS,basetheirdatasynchronizationalgorithmsontime stampsassignedtoeachdatabasemodification.Whicheverchangehasthelatertimestamp istheonethatbecomesoperativewhenthereplicationprocessiscompleted.Theproblem withthismethodisthattheuseoftimestampsrequirestheclocksonallofthenetwork’s domaincontrollerstobepreciselysynchronized,whichisdifficulttoarrange.TheActive Directoryreplicationprocessreliesontimestampsinonlycertainsituations.Instead,AD usesupdatesequencenumbers(USNs),whichare64-bitvaluesassignedtoall modificationswrittentothedirectory.Wheneveranattributechanges,thedomain controllerincrementstheUSNandstoresitwiththeattribute,whetherthechangeresults fromdirectactionbyanadministratororreplicationtrafficreceivedfromanotherdomain controller. Theonlyproblemwiththismethodiswhenthesameattributeismodifiedontwo differentdomaincontrollers.Ifanadministratorchangesthevalueofaspecificattribute onServerBbeforeachangemadetothesameattributeonServerAisfullypropagatedto allofthereplicas,thenacollisionissaidtohaveoccurred.Toresolvethecollision,the domaincontrollersusepropertyversionnumberstodeterminewhichvalueshouldtake precedence.UnlikeUSNs,whichareasinglenumericalsequencemaintainedseparately byeachdomaincontroller,thereisonlyonepropertyversionnumberforeachobject attribute. Whenadomaincontrollermodifiesanattributeasaresultofdirectactionbya networkadministrator,itincrementsthepropertyversionnumber.However,whena domaincontrollerreceivesanattributemodificationinthereplicationtrafficfromanother domaincontroller,itdoesnotmodifythepropertyversionnumber.Adomaincontroller detectscollisionsbycomparingtheattributevaluesandpropertyversionnumbersreceived duringareplicationeventwiththosestoredinitsowndatabase.Ifanattributearriving fromanotherdomaincontrollerhasthesamepropertyversionnumberasthelocalcopyof thatattributebutthevaluesdon’tmatch,acollisionhasoccurred.Inthiscase,andonlyin thiscase,thesystemusesthetimestampsincludedwitheachoftheattributestodetermine whichvalueisnewerandshouldtakeprecedenceovertheother. Sites Asingledomaincanhaveanynumberofdomaincontrollers,allofwhichcontainthe sameinformation,thankstotheADreplicationsystem.Inadditiontoprovidingfault tolerance,youcancreateadditionaldomaincontrollerstoprovideuserswithlocalaccess tothedirectory.InanorganizationwithofficesinmultiplelocationsconnectedbyWAN links,itwouldbeimpracticaltohaveonlyoneortwodomaincontrollersbecause workstationswouldhavetocommunicatewiththeADdatabaseoverarelativelyslow, expensiveWANconnection.Therefore,administratorsoftencreateadomaincontrollerat eachlocationwherethereareresourcesinthedomain. TherelativelyslowspeedoftheaverageWANconnectionalsoaffectsthereplication processbetweendomaincontrollers,andforthisreason,ActiveDirectorycanbreakupa domainintosites.Asiteisacollectionofdomaincontrollersthatareassumedtobewell connected,meaningthatallofthesystemsareconnectedusingthesamerelativelyhighspeedLANtechnology.TheconnectionsbetweensitesareassumedtobeWANsthatare slowerandpossiblymoreexpensive. Theactualspeedoftheintrasiteandintersiteconnectionsisnotanissue.Theissueis therelativespeedbetweenthedomaincontrollersatthesamesiteandthoseatdifferent sites.Thereasonfordividingadomainintologicalunitsthatreflectthephysicallayoutof thenetworkistocontrolthereplicationtrafficthatpassesovertheslowerWANlinks. ActiveDirectoryalsousessitestodeterminewhichdomaincontrolleraworkstation shouldaccesswhenauthenticatingauser.Wheneverpossible,authenticationprocedures useadomaincontrollerlocatedonthesamesite. IntrasiteReplication Thereplicationofdatabetweendomaincontrollerslocatedatthesamesiteiscompletely automaticandself-regulating.AcomponentcalledtheKnowledgeConsistencyChecker (KCC)dynamicallycreatesconnectionsbetweenthedomaincontrollersasneededto createareplicationtopologythatminimizeslatency.Latencyistheperiodoftimeduring whichtheinformationstoredonthedomaincontrollersforasingledomainisdifferent— thatis,theintervalbetweenthemodificationofanattributeononedomaincontrollerand thepropagationofthatchangetotheotherdomaincontrollers.TheKCCtriggersa replicationeventwheneverachangeismadetotheADdatabaseonanyofthesite’s replicas. TheKCCmaintainsatleasttwoconnectionstoeachdomaincontrolleratthesite.This way,ifacontrollergoesoffline,replicationbetweenalloftheotherdomaincontrollersis stillpossible.TheKCCmaycreateadditionalconnectionstomaintaintimelycontact betweentheremainingdomaincontrollerswhilethesystemisunavailableandthen removethemwhenthesystemcomesbackonline.Inthesameway,ifyouaddanew domaincontroller,theKCCmodifiesthereplicationtopologytoincludeitinthedata synchronizationprocess.Asarule,theKCCcreatesareplicationtopologyinwhicheach domaincontrollerisnomorethanthreehopsawayfromanyotherdomaincontroller. Becausethedomaincontrollersarealllocatedonthesamesite,theyareassumedtobe wellconnected,andtheKCCiswillingtoexpendnetworkbandwidthintheinterestof replicationspeed.Allupdatesaretransmittedinuncompressedformbecauseeventhough thisrequiresthetransmissionofmoredata,itminimizestheamountofprocessingneeded ateachdomaincontroller. Replicationoccursprimarilywithindomains,butwhenmultipledomainsarelocated atthesamesite,theKCCalsocreatesconnectionsbetweentheglobalcatalogserversfor eachdomainsothattheycanexchangeinformationandcreateareplicaoftheentire ActiveDirectorycontainingthesubsetofattributesthatformthebindingdata. IntersiteReplication Bydefault,adomainconsistsofasinglesite,calledDefault-First-Site-Name,andany additionaldomainsyoucreateareplacedwithinthatsite.Youcan,however,usethe ActiveDirectorySitesandServicesconsoletocreateadditionalsitesandmovedomains intothem.Justaswithdomainsinthesamesite,ActiveDirectorycreatesareplication topologybetweendomainsindifferentsites,butwithseveralkeydifferences. BecausetheWANlinksbetweensitesareassumedtobeslower,ActiveDirectory attemptstominimizetheamountofreplicationtrafficthatpassesbetweenthem.First, therearefewerconnectionsbetweendomaincontrollersatdifferentsitesthanwithasite; thethree-hopruleisnotobservedfortheintersitereplicationtopology.Second,all replicationdatatransmittedoverintersiteconnectionsiscompressedtominimizethe amountofbandwidthutilizedbythereplicationprocess.Finally,replicationevents betweensitesarenotautomaticallytriggeredbymodificationstotheActiveDirectory database.Instead,replicationcanbescheduledtooccuratspecifiedtimesandintervalsto minimizetheeffectonstandardusertrafficandtotakeadvantageoflowerbandwidth costsduringoff-hours. MicrosoftManagementConsole MicrosoftManagementConsole(MMC)isanapplicationthatprovidesacentralized administrationinterfaceformanyoftheservicesincludedinWindows,includingthose usedtomanageActiveDirectory.Windowsreliesonseparatemanagementapplications formanyofitsservices,suchastheDHCPManager,WINSManager,andDisk Administrator.Windowsconsolidatesalloftheseapplications,andmanyothers,into MMC.Mostofthesystemadministrationtasksfortheoperatingsystemarenow performedthroughMMC. MMChasnoadministrativecapabilitiesofitsown;itis,essentially,ashellfor applicationmodulescalledsnap-insthatprovidetheadministrativefunctionsformanyof Windows’applicationsandservices.Snap-instaketheformoffileswithan.mscextension thatyouloadeitherfromthecommandlineorinteractivelythroughtheMMCmenus. Windowssuppliessnap-infilesforallofitstools,buttheinterfaceisdesignedsothat third-partysoftwaredeveloperscanusetheMMCarchitecturetocreateadministration toolsfortheirownapplications. MMCcanloadmultiplesnap-inssimultaneouslyusingtheWindowsmultipledocumentinterface(MDI).Youcanusethiscapabilitytocreateacustomizedmanagement interfacecontainingallofthesnap-insyouuseonaregularbasis.WhenyourunMMC (bylaunchingtheMmc.exefilefromtheRundialogbox)andselectConsole|New,you getanemptyConsoleRootwindow.ByselectingConsole|Add/RemoveSnap-in,youcan buildalistoftheinstalledsnap-insandloadselectedonesintotheconsole.Thevarious snap-insappearinanexpandable,Explorer-likedisplayintheleftpaneofMMC’smain screen,asshowninFigure18-2. Figure18-2Workingwithsnap-insinWindows7 NOTEInWindows8or8.1,locatetheWindowsSystemsappandchoose Run. ManyofWindow’sadministrativetools,suchasActiveDirectorySitesandServices, areactuallypreconfiguredMMCconsoles.SelectingComputerManagementfromthe Programs/AdministrativeToolsgroupintheStartmenudisplaysaconsolethatcontainsa collectionofthebasicadministrationtoolsforaWindowssystem.Bydefault,the ComputerManagementconsoleadministersthelocalsystem,butyoucanuseallofits toolstomanagearemotenetworksystembyselectingAction|ConnectToAnother Computer. CreatingandConfiguringSites Splittinganetworkintositeshasnoeffectonthehierarchyofdomains,trees,andforests thatyouhavecreatedtorepresentyourenterprise.However,sitesstillappearasobjectsin ActiveDirectory,alongwithseveralotherobjecttypesthatyouusetoconfigureyour network’sreplicationtopology.TheseobjectsarevisibleonlyintheActiveDirectorySites andServicestool.TheobjectcalledDefault-First-Site-Nameiscreatedautomatically whenyoupromotethefirstserveronyournetworktoadomaincontroller,alongwitha serverobjectthatappearsintheServersfolderbeneathit.Serverobjectsarealways subordinatetositeobjectsandrepresentthedomaincontrollersoperatingatthatsite.A sitecancontainserverobjectsfordomaincontrollersinanynumberofdomains,locatedin anytreeorforest.Youcanmoveserverobjectsbetweensitesasneeded. Theothertwoimportantobjecttypesassociatedwithsitesandserversaresubnetand sitelinkobjects.SubnetobjectsrepresenttheparticularIPsubnetsthatyouuseatyour varioussitesandareusedtodefinetheboundariesofthesite.Whenyoucreateasubnet object,youspecifyanetworkaddressandsubnetmask.Whenyouassociateasitewitha subnetobject,serverobjectsforanynewdomaincontrollersthatyoucreateonthatsubnet areautomaticallycreatedinthatsite.Youcanassociatemultiplesubnetobjectswitha particularsitetocreateacompletepictureofyournetwork. SitelinkobjectsrepresenttheWANlinksonyournetworkthatActiveDirectorywill usetocreateconnectionsbetweendomaincontrollersatdifferentsites.ActiveDirectory supportstheuseoftheInternetProtocol(IP)andtheSimpleMailTransportProtocol (SMTP)forsitelinks,bothofwhichappearintheInter-SiteTransportsfolderinActive DirectorySitesandServices.AnSMTPsitelinkcantaketheformofanyapplicationsyou usetosende-mailusingtheSMTPprotocol.Whenyoucreateasitelinkobject,youselect thesitesthatareconnectedbytheWANlinktheobjectrepresents.Theattributesofsite linkobjectsincludevariousmechanismsfordeterminingwhenandhowoftenActive Directoryshouldusethelinktotransmitreplicationtrafficbetweensites: •CostThecostofasitelinkcanreflecteitherthemonetarycostoftheWAN technologyinvolvedorthecostintermsofthebandwidthneededforother purposes. •ScheduleThisspecifiesthehoursofthedayduringeachdayoftheweek thatthelinkcanbeusedtocarryreplicationtraffic. •ReplicationperiodThisspecifiestheintervalbetweenreplication proceduresthatusethislink,subjecttothescheduledescribedpreviously. Bydefault,ActiveDirectorycreatesanIPsitelinkobject,DEFAULTIPSITELINK, thatyoucanuseasisorcanmodifytoreflectthetypeoflinkusedtoconnectyoursites.If allofyoursitesareconnectedbyWANlinksofthesametype,youdon’thavetocreate additionalsitelinkobjectsbecauseasinglesetofschedulingattributesshouldbe applicableforallofyourintersiteconnections.IfyouusevarioustypesofWAN connections,however,youcancreateaseparatesitelinkobjectforeachtypeand configureitsattributestoreflecthowyouwantittobeused. ThereisanothertypeofobjectthatyoucancreateintheInter-SiteTransports container,calledasitelinkbridgeobject,thatisdesignedtomakeitpossibletoroute replicationtrafficthroughoneremotesitetoothers.Bydefault,thesitelinksyoucreate aretransitive,meaningthattheyarebridgedtogether,enablingthemtoroutereplication traffic.Forexample,ifyouhaveasitelinkobjectconnectingSiteAtoSiteBandanother oneconnectingSiteBtoSiteC,thenSiteAcansendreplicationtraffictoSiteC.Ifyou want,youcandisablethedefaultbridgingbyopeningthePropertiesdialogboxfortheIP folderandclearingtheBridgeAllSiteLinkscheckbox.Ifyoudothis,youmustmanually createsitelinkbridgeobjectsinordertoroutereplicationtrafficinthisway.Asitelink bridgeobjectgenerallyrepresentsarouteronthenetwork.Whileasitelinkobjectgroups twositeobjects,asitelinkbridgeobjectgroupstwositelinkobjects,makingitpossible forreplicationtraffictoberoutedbetweenthem. Onceyouhavecreatedobjectsrepresentingthesitesthatformyournetworkandthe linksthatconnectthem,theKCCcancreateconnectionsthatformthereplication topologyfortheentireinternetwork,subjecttothelimitationsimposedbythesitelink objectattributes.TheconnectionscreatedbytheKCC,bothwithinandbetweensites, appearasobjectsintheNTDSSettingscontainerbeneatheachserverobject.Aconnection objectisunidirectional,representingthetrafficrunningfromtheserverunderwhichthe objectappearstothetargetserverspecifiedasanattributeoftheobject.Inmostcases, thereshouldbenoneedtomanuallycreateorconfigureconnectionobjects,butitis possibletodoso.Youcancustomizethereplicationtopologyofyournetworkbycreating yourownconnectionsandschedulingthetimesduringwhichtheymaybeused.Manually createdconnectionobjectscannotbedeletedbytheKCCtoaccommodatechanging networkconditions;theyremaininplaceuntilyoumanuallyremovethem. DesigninganActiveDirectory Aswithanyenterprisedirectoryservice,theprocessofdeployingActiveDirectoryon yournetworkinvolvesmuchmorethansimplyinstallingthesoftware.Theplanning processis,inmanycases,morecomplicatedthantheconstructionofthedirectoryitself. Naturally,thelargeryournetwork,themorecomplicatedtheplanningprocesswillbe.You shouldhaveaclearideaoftheformthatyourADstructurewilltakeandwhowill maintaineachpartofitbeforeyouactuallybegintodeploydomaincontrollersandcreate objects. Inmanycases,theplanningprocesswillrequiresomehands-ontestingbeforeyou deployActiveDirectoryonyourproductionnetwork.Youmaywanttosetupatest networkandtrysomeforestdesignsbeforeyoucommityourselftoanyoneplan. Althoughatestnetworkcan’tfullysimulatetheeffectsofhundredsofusersworkingat once,thetimethatyouspendfamiliarizingyourselfwiththeActiveDirectorytoolsand procedurescanonlyhelpyoulaterwhenyou’rebuildingthelivedirectoryservice. PlanningDomains,Trees,andForests ActiveDirectoryexpandsthescopeofthedirectoryservicebytwoordersofmagnitudeby providingtreesandforeststhatyoucanusetoorganizemultipledomains.Inaddition,the domainsthemselvescanbesubdividedintosmalleradministrativeentitiescalled organizationalunits.Tousethesecapabilitieseffectively,youmustevaluateyournetwork inlightofbothitsphysicallayoutandtheneedsoftheorganizationthatitserves. CreatingMultipleTrees Inmostcases,asingletreewithoneormoredomainsissufficienttosupportanenterprise network.Themainreasonforcreatingmultipletreesisifyouhavetwoormoreexisting DNSnamespacesthatyouwanttoreflectinActiveDirectory.Forexample,acorporation thatconsistsofseveraldifferentcompaniesthatoperateindependentlycanusemultiple treestocreateaseparatenamespaceforeachcompany.Althoughtherearetransitivetrust relationshipsbetweenallofthedomainsinatree,separatetreesareconnectedonlyby trustsbetweentheirrootdomains. Ifyouhaveseverallevelsofchilddomainsineachtree,theprocessofaccessinga resourceinadifferenttreeinvolvesthepassingofauthenticationtrafficupfromthe domaincontainingtherequestingsystemtotherootofthetree,acrosstotherootofthe othertree,anddowntothedomaincontainingtherequestedresource.Ifthetreesoperate autonomouslyandaccessrequestsforresourcesinothertreesarerare,thismaynotbe muchofaproblem.Ifthetrustrelationshipsinadirectorydesignlikethisdocausedelays onaregularbasis,youcanmanuallycreatewhatareknownasshortcuttrustsbetween childdomainslowerdowninbothtrees. Justasyoucancreatemultipletreesinaforest,youcancreatemultipleforestsinthe ActiveDirectorydatabase.Scenariosinwhichtheuseofmultipleforestsisnecessaryare evenrarerthanthosecallingformultipletreesbecauseforestshavenoinherenttrust relationshipsbetweenthematallanduseadifferentglobalcatalog,makingitmore difficultforuserseventolocateresources.Youmaywanttouseaseparateforestforalabbasedtestnetworkorforaprojectthatyoudon’twantothernetworkuserstoknoweven exists. CHAPTER 19 Linux DevelopedasacollegeprojectbyLinusTorvaldsofSweden,theLinuxoperatingsystem hasemergedasoneofthemostpopularUnixvariants.Thischaptercoverstheadvantages anddisadvantagesofLinux,Linuxfilesystems,andhowtoworkwithLinuxfiles. UnderstandingLinux WrittenintheCprogramminglanguage,LinuxusesGNUtools,whicharefreely available.Likeothervariants,LinuxisavailableasafreedownloadfromtheInternetin versionsformoststandardhardwareplatformsandiscontinuallyrefinedbyanadhoc groupofprogrammerswhocommunicatemainlythroughInternetmailinglistsand newsgroups.Becauseofitspopularity,manyLinuxmodulesandapplicationshavebeen developed.Oftennewfeaturesandcapabilitiesaretheresultofprogrammersadaptingthe existingsoftwarefortheirownusesandthenpostingtheircodeforotherstouse.Asthe productincreasesinpopularity,morepeopleworkonitinthisway,andthedevelopment processaccelerates.ThisactivityhasalsoledtothefragmentationoftheLinux developmentprocess.ManydifferentLinuxversionsareavailable,whicharesimilarin theirkernelfunctionsbutvaryinthefeaturestheyinclude.SomeoftheseLinuxpackages areavailablefordownloadontheInternet,butthegrowthinthepopularityofthe operatingsystem(OS)hasledtocommercialdistributionreleasesaswell. NOTEGNUisanoperatingsystemannouncedin1993thatcontainstotally freesoftware.Accordingtowww.gnu.org,GNUstandsforGNU’sNot Unix. LinuxDistributions ManyLinuxvariationsareavailablefreeforthedownload,andothersrequiresomesortof paymentordonation.Table19-1showssomeoftheLinuxdistributions(oftencalled distros)available.Theyarelistedinalphabeticorder,notinorderofpopularity. Table19-1SomeLinuxDistros Today’sLinuxsystemsrunondevicesfromtabletsandcellphonestoworkstations andhigh-endservers.Sincethesystemisopensource(meaningthatitisavailablefor anyone),asproblemsorglitchesoccur,anyoneworldwidecanreporttheproblem,and manypeoplewillwritecodetofixtheissueforfutureusers.AsLinuxhasmatured,some newerusersjustwanttousetheprogram,notwritecode.Theseuserswantaprogramthat theycandownloadanduserightaway.Itisforthoseusersthatsomecompanieshave developeddistributionsthatareguaranteedtowork“outofthebox.”Thesecompanies requirepaymentforLinuxandofferbothtechnicalsupportandwarrantiesonthe downloadedprogram. AdvantagesandDisadvantagesofLinux Besidesbeinganopensourcesystem,Linuxoftenrequireslessdiskspacethanmany otheroperatingsystems.Thereareotheradvantagesaswell: •Sincethesystemisopensource,manypeoplehavecontributedtoits stability. •Securityflawsareoftenfoundbeforetheybecomeanissue. •Itsrobustadaptabilityadjuststomanysituations. •Itiseasilycustomizableandupdatable. •Appsareusuallyfree,andthenumberofappsisincreasing. •Linuxisscalable,meaningitcanbeusedastheoperatingsystemforsmall itemssuchaswirelessroutersandtabletstolarge,multitieredsystemssuchas storageclustersanddatacenters. Opensourcealsohassomedisadvantages: •Applicationsmaybemoredifficulttofindandlearn(althoughtodaymany applicationsareavailable,andsomeevenlooklikemorefamiliarWindows programs).Forexample,OpenOfficeandLibreOfficebothofferasetof applicationsincludingawordprocessor,aspreadsheet,andapresentation manager.ThescreenslookmuchthesameinWindowsandLinux,asshownin Figure19-1. Figure19-1TheOpenOfficeWriterscreenlookssimilarinbothWindowsandLinux. •TherearemanydistributionsofLinux,soitcanbedifficulttotransfer knowledgeofonedistrotoanother. •Linuxcanbeconfusingatfirstfornewusers. ThepopularityofLinuxhasreachedthepointatwhichitisexpandingbeyondUnix’s traditionalmarketofcomputerprofessionalsandtechnicalhobbyists.Inpart,thisis becauseofabacklashagainstMicrosoft,whichsomepeoplebelieveisclosetoholdinga monopolyonoperatingsystems.Whenyoupayfora“commercial”Linuxreleasesuchas Ubuntu,youdownloadnotonlytheOSandsourcecodebutalsoavarietyofapplications, productdocumentation,andtechnicalsupport,whichareoftenlackinginthefree downloadreleases.Otherdistributorsprovidesimilarproductsandservices,butthisdoes notnecessarilymeanthattheseLinuxversionsarebinarycompatible.Insomecases, softwarewrittenforonedistributionwillnotrunonanotherone. ThefreeLinuxdistributionsprovidemuchofthesamefunctionalityasthe commercialonesbutinalessconvenientpackage.Thedownloadscanbelargeandtime consuming,andyoumayfindyourselfinterruptingtheinstallationprocessfrequentlyto trackdownsomeessentialpieceofinformationortodownloadanadditionalmoduleyou didn’tknowyouneeded.OneofthebiggestadvantagesofLinuxoverotherUnixvariants isitsexcellentdriversupport.Devicedriversareanintegralpartofanyoperatingsystem, andifUnixisevergoingtobecomearivaltoWindowsinthepersonalcomputer mainstream,it’sgoingtohavetorunonthesamecomputersthatrunWindows,usingthe sameperipherals.ManyoftheotherUnixvariantshaverelativelylimiteddevicedriver support.IfyouaretryingtoinstallaUnixproductonanIntel-basedcomputerwiththe latestandgreatestvideoadapter,forexample,youmaynotbeabletofindadriverthat takesfulladvantageofitscapabilities. Devicedrivers,eventhoseincludedwithoperatingsystems,aregenerallywrittenby thedevicemanufacturer.Notsurprisingly,hardwaremanufacturersdevotemostoftheir driverdevelopmentattentiontoWindows,withothersystemsgettingonlyperfunctory support,ifanyatall.ThefansofLinuxarelegion,however,andtheOS’sdevelopment modelhasledtheoperatingsystem’ssupporterstodeveloptheirowndriversformanyof thedevicescommonlyfoundinIntel-basedcomputers.Ifyouarehavingtroublefinding appropriatedriversforyourhardwarethatrunonotherUnixvariants,youaremorelikely tohavesuccesswithLinux. Forexample,acomputerrunningLinuxasitsOSandApacheasitswebserver softwareisapowerfulcombinationthatiseasilyequalorsuperiortomostofthe commercialproductsonthemarket—andthesoftwareiscompletelyfree. FileSystems ForthemanycomputeruserswhoarefamiliarwiththeMicrosoftNTFSandtheolderFAT filesystem,themyriadoffilesystemsavailableinopensourceoperatingsystemscanbe daunting.Table19-2showssomeofthefilesystemsthatareavailableforLinuxusers. Table19-2LinuxFileSystems BitsandBytes Alldatainacomputerisacombinationofzerosandones.Eachzerooroneis designatedasabit.Abyteconsistsof8bits.Forexample,00110111isonebyte. Thereareanumberofotherdesignations,indicatingtheamountofstoragespace availableineachdesignation.Today,harddrivesaremeasuredinterabytes,while randomaccessmemory(RAM)iscurrentlymeasuredingigabytes. •Akilobyteis1,024bytesshownas1KB. •Amegabyteis1,024kilobytes,shownas1MB. •Agigabyteis1,024megabytes,shownas1GB. •Aterabyteis1,024gigabytes,shownas1TB. •Apetabyteis1,024terabytes,shownas1PB. •Aexabtyeis1,024petabytes,shownas1EB. NOTEAnoldtechiesayingisthat4bits=1nibble. NOTEAlegacysystemisonethatisoutdated,unsupported,orobsolete. Someorganizationsstilluseoldersystemsbecauseofsoftwareor hardwarerequirements. LinuxInstallationQuestions BeforeyouinstallLinuxonamachine,youshouldknowtheanswerstothefollowing: •Haveyoureadthedocumentationforthedistributionyoudownloaded? •Willthisdistributionworkonthehardwareyouareusing? •HowmuchRAMisavailableonthismachine? •DoyouwanttoinstalljustaworkstationorcreateaLinuxserver?Canyou downloadallthenecessarysoftware? •DoyouhavetocreateaCDorDVDfromthedownloadedfile?Normally, Linuxdownloadsarein.isoformat,andmanyrequirethatyouburnthe downloadedfiletoaCDorDVDinordertoperformtheinstallation. •Doyouunderstandhowtousean.isofile? •IsLinuxthemainoperatingsystemoroneofseveral? •Doyouneedtocreateanewpartitionbeforeyouinstallthesystem? •SinceLinuxexpectstobeonanetwork,whatistheIPaddressand hostname? BootingLinux WhenyoubootyourLinuxcomputer,thereareseveralstepstotheprocess,asshownin Figure19-2.Intextmode,onceyourLinuxterminaldisplaystheloginpromptaswhite lettersonablackbackground,youenteryourusernameandpassword(pressingenterafter each). Figure19-2ThebootsequenceinLinux LoggingOutofLinux Intextmode,enterthelogoutcommandandpressenter. DirectoryStructure MostLinuxdistributionscontainthedirectoriesdescribedinTable19-3. Table19-3TypicalLinuxDirectories QuickCommandsinLinux YoucanuseseveralcommandsinLinuxtofindyourwayaround.Table19-4listsseveral commoncommandsandtheresultingaction.Thecommandstructureisasfollows: Table19-4CommonLinuxCommands commandoption(s)argument(s) Eachwouldbeshownfromtherootprompt,suchasthis: [email protected]:~#command Unlikeotheroperatingsystems,Linuxcommandsarecasesensitive. WorkingwithLinuxFiles ForthosefamiliarwithWindowspathnames,thisishowyouwouldfindafile: C:\MyFolder\MyFinances\MyBudget.txt TofindthesamefileinLinux,youwouldusethispathway: /MyFolder/MyFinances/MyBudget.txt Youmaynoteseveraldifferencesinthetwo.First,thereisnodrivenameshown. Linuxmountstherootpartitionwhenthecomputerfirstboots.Therefore,allthefilesand foldersarefoundat/.Second,theslashesareforwardslashesinsteadofthebackslashesin Windows.Also,inLinux,allfilesandfolderarecasesensitive,whileinWindows,case doesnotmatter.InLinux,/School/English/essay1.txtisadifferentfilethan /School/English/Essay1.txt. Linuxfilesystemsareoftenmorereliablethanothersystemsbecauseofseveral factors. Journaling Inmorefamiliarfilesystems,eachfileiswrittendirectlytoalocationontheharddrive, andifthecomputershutsdownforanyreason,theinformationinthatfilemaybelostor corrupted.Afilesystemthatjournalsfirstwritesinformationtoaspecialfilecalleda journalthatisstoredonanotherpartoftheharddrive.Thisjournalcontainsdataabout boththefileandlocationandismucheasiertoretrieveifthereisaproblem.Atanygiven time,thissystemhasthreepossiblestates:asavedfile,ajournalreportthatshowsthefile asnotbeingsaved,orajournalfilethatshowsinconsistenciesbutcanberebuilt. Thissystemismorereliablethansystemswritingdirectlytotheharddrive.Some systemswritethedatatwice,whichcanpreventcorruptionandsaveafterapoweror softwareproblemrequirestheusertorebootthesystem. Editing OneofthebestfeaturesofaLinux(orUnix)fileisthatitcanbeeditedwhileitisopen. Unix/Linuxfilesareindexedbynumber(calledainode)thatcontainstheattributessuch asname,permissions,location,andsoon.Whenafileisdeleted,theinodeisjustunlinked fromthefilename.Ifotherprogramsareusingthatfile,thelinktotheoperatingsystemis stillopenandwillbeupdatedaschangesaremadetoit. LackofFragmentation FATandNTFSsystemsdonotkeepallthepiecesoftheirfilestogetherinordertoutilize spacemoreefficiently.Whilethispracticesavedspaceinthesmallerharddrivesofthe day,itmadefordifficultieswhenitcametoperformancebecausetheprocessorwould havetoconnectthepartsofthefilesbeforetheycouldberun.Startingwiththeext3 system,Linuxfileblocksarekepttogether. CHAPTER 20 Unix Unixisamultiuser,multitaskingoperatingsystem(OS)withrootsthatdatebacktothe late1960s.Itwasdevelopedthroughoutthe1970sbyresearchersatAT&T’sBellLabs, finallyculminatinginUnixSystemVRelease1in1983.Duringthistime,andsincethen, manyotherorganizationshavebuilttheirownvariantsontheUnixformula,andnow dozensofdifferentoperatingsystemsfunctionusingthesamebasicUnixcomponents, includingbothAppleandLinux.Thiswaspossiblebecause,fromthebeginning,Unixhas beenmoreofacollaborativeresearchprojectthanacommercialproduct.Whilesome companiesguardthesourcecodetotheiroperatingsystems,manyUnixdevelopersmake theircodefreelyavailable.Thisenablesanyonewiththeappropriateskillstomodifythe OStotheirownspecifications. Unixisnotauser-friendlyOS,norisitcommonlyfoundonthedesktopoftheaverage personalcomputeruser.Toitsdetractors,UnixisanoutdatedOSthatreliesprimarilyon anarchaic,character-basedinterface.Toitsproponents,however,Unixisthemost powerful,flexible,andstableOSavailable.Asisusuallythecase,bothopinionsare correcttosomedegree. YouarenotgoingtoseeracksofUnix-basedgamesandotherrecreationalsoftwareat thecomputerstoreanytimesoon,norareyoulikelytoseeofficesfullofemployees runningproductivityapplications,suchaswordprocessorsandspreadsheets,onUnix systems.However,whenyouuseabrowsertoconnecttoawebsite,there’sagoodchance thattheserverhostingthesiteisrunningsomeformofUnix.Yoursmartphone,tablet,or MacusesaformofUnix.Inaddition,manyoftheverticalapplicationsdesignedfor specificindustries,suchasthoseusedwhenyoubookahotelroomorrentacar,runon Unixsystems.Inthisinstance,wearediscussingthebaseformofUnix,akatheterminal orcommandline. Asaserveroperatingsystem,Unixhasareputationforbeingstableenoughtosupport mission-criticalapplications,portableenoughtorunonmanydifferenthardware platforms,andscalableenoughtosupportauserbaseofalmostanysize.AllUnixsystems useTransmissionControlProtocol/InternetProtocol(TCP/IP)astheirnativeprotocols,so theyarenaturallysuitedforuseontheInternetandfornetworkingwithotheroperating systems.Infact,UnixsystemswereinstrumentalinthedevelopmentoftheInternetfrom anexperimentindecentralized,packet-switchednetworkingtotheworldwide phenomenonitistoday. UnixPrinciples Morethanotheroperatingsystems,Unixisbasedonaprincipleofsimplicitythatmakesit highlyadaptabletomanydifferentneeds.ThisisnottosaythatUnixissimpletouse becausegenerallyitisn’t.Rather,itmeansthattheOSisbasedonguidingprinciplesthat treatthevariouselementsofthecomputerinasimpleandconsistentway.Forexample,a Unixsystemtreatsphysicaldevicesinthecomputer,suchastheprinter,thekeyboard,and thedisplay,inthesamewayasittreatsthefilesanddirectoriesonitsdrives.Youcancopy afiletothedisplayortoaprinterjustasyouwouldcopyittoanotherdirectoryanduse thedeviceswithanyotherappropriatefile-basedtools. AnotherfundamentalprincipleofUnixistheuseofsmall,simpletoolsthatperform specificfunctionsandthatcaneasilyworktogetherwithothertoolstoprovidemore complexfunctions.Insteadoflargeapplicationswithmanybuilt-infeatures,Unix operatingsystemsarefarmorelikelytoutilizeasmalltoolthatprovidesabasicserviceto othertools.Agoodexampleisthesortcommand,whichtakesthecontentsofatextfile, sortsitaccordingtouser-suppliedparameters,andsendstheresultstoanoutputdevice, suchasthedisplayoraprinter.Inadditiontoapplyingthecommandtoanexistingtext file,youcanuseittosorttheoutputofothercommandsbeforedisplayingorprintingit. Theelementthatletsyoujointoolsinthiswayiscalledapipe(|),whichenablesyou touseonetooltoprovideinputtooracceptoutputfromanothertool.DOScanusepipes toredirectstandardinputandoutputinvariousways,butUnixincludesamuchwider varietyoftoolsandcommandsthatcanbecombinedtoprovideelaborateandpowerful functions. Thus,Unixisbasedonrelativelysimpleelements,butitsabilitytocombinethose elementsmakesitquitecomplex.Whilealargeapplicationattemptstoanticipatethe needsoftheuserbycombiningitsfunctionsinvariouspredeterminedways,Unixsupplies userswiththetoolsthatprovidethebasicfunctionsandletsthemcombinethetoolstosuit theirownneeds.TheresultisanOSwithgreatflexibilityandextensibilitybutthat requiresanoperatorwithmorethantheaveragecomputeruser’sskillstotakefull advantageofit.However,theoperatorhastorememberallthecommands. Becauseofthisguidingprinciple,Unixisinmanywaysa“programmer’soperating system.”Ifatooltoperformacertaintaskisnotincluded,youusuallyhavetheresources availabletofashiononeyourself.Thisisnottosaythatyouhavetobeaprogrammerto useUnix,butmanyofthetechniquesthatprogrammersusewhenwritingcodeare instrumentaltotheuseofmultipletoolsontheUnixcommandline. Ifallofthistalkofprogrammingandcommand-linecomputingisintimidating,be assuredthatitisquitepossibletoinstall,maintain,anduseaUnixsystemwithouta substantialinvestmentinlearningcommand-linesyntax.SomeoftheUnixoperating systemsarebeinggearedmoreandmoretotheaveragecomputeruser,withmostofthe commonsystemfunctionsavailablethroughthegraphicaluserinterface(GUI).Youcan performmostofyourdailycomputingtasksontheseoperatingsystemswithoutever seeingacommandprompt. ThevariousUnixoperatingsystemsarebuiltaroundbasicelementsthatare fundamentallythesame,buttheyincludevariouscollectionsoftoolsandprograms. Dependingonwhichvariantyouchooseandwhetheritisacommercialproductorafree download,youmayfindthattheOScomescompletewithmodulessuchaswebandDNS serversandotherprograms,oryoumayhavetoobtaintheseyourself.However,oneofthe otherprinciplesofUnixdevelopmentthathasenduredthroughtheyearsisthecustomof makingthesourcecodeforUnixsoftwarefreelyavailabletoeveryone.Theresultofthis opensourcemovementisawealthofUnixtools,applications,andothersoftwarethatis freelyavailablefordownloadfromtheInternet. Insomecases,programmersmodifyexistingUnixmodulesfortheirownpurposes andthenreleasethosemodificationstothepublicdomainsothattheycanbeofhelpto others.SomeprogrammerscollaborateonUnixsoftwareprojectsassomethingofahobby andreleasetheresultstothepublic.OneofthebestexamplesofthisistheLinux operatingsystem,whichwasdesignedfromthebeginningtobeafreeproductandwhich hasnowbecomeoneofthemostpopularUnixvariantsinusetoday. UnixArchitecture BecauseUnixisavailableinsomanyvariants,Unixoperatingsystemscanrunona varietyofhardwareplatforms.ManyoftheUnixvariantsareproprietaryversionscreated byspecificmanufacturerstorunontheirownhardwareplatforms.MostofthesoftwareonlyUnixsolutionsrunonIntel-basedPCs,andsomeareavailableinversionsfor multipleplatforms. ThehardwarerequirementsforthevariousUnixplatformsvarygreatly,dependingon thefunctionsrequiredofthemachine.YoucanrunLinuxonanold386,forexample,as longasyoudon’texpecttouseaGUIorrunaserversupportingalargenumberofusers. Today,manylargebusinessesareusingLinuxasacost-savingalternativebecauseeven mid-rangeUnixserverscancostmorethan$200,000,includinghardware. NomatterwhathardwareaUnixsystemuses,thebasicsoftwarecomponentsarethe same(seeFigure20-1).Thekernelisthecoremodulethatinsulatestheprogramsrunning onthecomputerfromthehardware.Thekernelusesdevicedriversthatinteractwiththe specifichardwaredevicesinstalledinthecomputertoperformbasicfunctionssuchas memorymanagement,input/output,interrupthandling,andaccesscontrol. Figure20-1BasiccomponentsofaUnixsystem TheUnixkernelprovidesapproximately100systemcallsthatprogramscanuseto executecertaintasks,suchasopeningafile,executingaprogram,andterminatinga process.However,thesystemcallscanvarywildlydependingonthevariant.Theseare thebuildingblocksthatprogrammersusetointegratehardware-relatedfunctionsintotheir applications’morecomplextasks.ThesystemcallscanvarybetweenthedifferentUnix versionstosomeextent,particularlyinthewaythatthesysteminternalsperformthe differentfunctions. Abovethekernelistheshell,whichprovidestheinterfaceyouusetoissuecommands andexecuteprograms.Theshellisacommandinterpreter,muchlikeCommand.comin DOSandCmd.exeinWindows,whichprovidesacharacter-basedcommandpromptthat youusetointeractwiththesystem.Theshellalsofunctionsasaprogramminglanguage youcanusetocreatescripts,whicharefunctionallysimilartooldDOSbatchfilesbut muchmoreversatileandpowerful. UnlikeWindows,whichlimitsyoutoasinglecommandinterpreter,Unixtraditionally hasseveralshellsyoucanchoosefrom,withdifferentcapabilities.Theshellsthatare includedwithparticularUnixoperatingsystemsvary,andothersareavailableasfree downloads.Often,theselectionofashellisamatterofpersonalpreference,guidedbythe user’spreviousexperience.Thebasiccommandsusedforfilemanagementandother standardsystemtasksarethesameinalloftheshells.Thedifferencesbecomemore evidentwhenyourunmorecomplexcommandsandcreatescripts. TheoriginalUnixshellisaprogramcalledshthatwascreatedbySteveBourneandis commonlyknownastheBourneshell.Someoftheothercommonshellsareasfollows: •cshKnownastheCshellandoriginallycreatedforusewithBerkeley SoftwareDistribution(BSD)Unix;utilizesasyntaxsimilartothatoftheC languageandintroducesfeaturessuchasacommandhistorylist,jobcontrol,and aliases.ScriptswrittenfortheBourneshellusuallyneedsomemodificationtorun intheCshell. •kshKnownastheKornshell;buildsontheBourneshellandaddselements oftheCshell,aswellasotherimprovements.ScriptswrittenfortheBourneshell usuallycanrunintheKornshellwithoutmodification. •bashThedefaultshellusedbyLinux;closelyrelatedtotheKornshell,with elementsoftheCshell. Runningontopoftheshellarethecommandsthatyouusetoperformtasksonthe system.Unixincludeshundredsofsmallprograms,usuallycalledtoolsorcommands, whichyoucancombineonthecommandlinetoperformcomplextasks.Hundredsof othertoolsareavailableontheInternetthatyoucancombinewiththoseprovidedwiththe OS.Unixcommand-linetoolsareprograms,butdon’tconfusethemwiththecomplex applicationsusedbyotheroperatingsystems,suchasWindows.Unixhasfull-blown applicationsaswell,butitsrealpowerliesinthesesmallprograms.Addinganewtoolon aUnixsystemdoesnotrequireaninstallationprocedure;yousimplyhavetospecifythe appropriatelocationofthetoolinthefilesysteminorderfortheshelltorunit. UnixVersions ThesheernumberofUnixvariantscanbebewilderingtoanyonetryingtofindthe appropriateoperatingsystemforaparticularapplication.However,apartfromsystems intendedforspecialpurposes,virtuallyanyUnixOScanperformwellinavarietyof roles,andtheselectionyoumakemaybebasedmoreoneconomicfactors,hardware platform,orpersonaltastethanonanythingelse.If,forexample,youdecidetopurchase proprietaryUnixworkstations,you’llbeusingtheversionoftheOSintendedforthe machine.IfyouintendtorunUnixonIntel-basedcomputers,youmightchoosetheOS basedontheGUIthatyoufeelmostcomfortablewith,oryoumightbelookingforthe bestbargainyoucanfindandlimityourselftotheversionsavailableasfreedownloads. ThefollowingsectionsdiscusssomeofthemajorUnixversionsavailable. UnixSystemV UnixSystemVistheculminationoftheoriginalUnixworkbegunbyAT&T’sBellLabs inthe1970s.Upuntilrelease3.2,theprojectwaswhollydevelopedbyAT&T,evenwhile otherUnixworkwasongoingattheUniversityofCaliforniaatBerkeleyandotherplaces. UnixSystemVRelease4(SVR4),releasedinthelate1980s,consolidatedthebenefitsof theSVRoperatingsystemwiththoseofBerkeley’sBSD,Sun’sSunOS,andMicrosoft’s Xenix.Thisreleasebroughttogethersomeofthemostimportantelementsthatarenow indeliblyassociatedwiththenameUnix,includingnetworkingelementssuchasthe TCP/IPInternetPackagefromBSD,whichincludesfiletransfer,remotelogin,andremote programexecutioncapabilities,andtheNetworkFileSystem(NFS)fromSunOS. AT&TeventuallysplititsUnixdevelopmentprojectoffintoasubsidiarycalledUnix SystemLaboratories(USL),whichreleasedSystemVRelease4.2.In1993,AT&Tsold USLtoNovell,whichreleaseditsownversionofSVR4underthenameUnixWare.In lightofpressurefromtheothercompaniesinvolvedinUnixdevelopment,Novell transferredtheUnixtrademarktoaconsortiumcalledX/Open,thusenablingany manufacturertodescribeitsproductasaUnixOS.In1995,Novellsoldallofitsinterest inUnixSVR4andUnixWaretotheSantaCruzOperation(SCO),whichownsittothis day.In1997,SCOreleasedUnixSystemVRelease5(SVR5)underthename OpenServer,aswellasversion7ofitsUnixWareproduct.Thesearethedescendantsof theoriginalAT&Tproducts,andtheyarestillonthemarket. BSDUnix In1975,oneoftheoriginaldevelopersofUnix,KenThompson,tookasabbaticalatthe UniversityofCaliforniaatBerkeley,andwhilethere,heportedhiscurrentUnixversionto aPDP-11/70system.Theseedheplantedtookroot,andBerkeleybecameamajor developerofUnixinitsownright.BSDUnixintroducedseveralofthemajorfeatures associatedwithmostUnixversions,includingtheCshellandthevitexteditor.Several versionsofBSDUnixappearedthroughoutthe1970s,culminatingin3BSD.In1979,the U.S.DepartmentofDefense’sAdvancedResearchProjectsAgency(DARPA)fundedthe developmentof4BSD,whichcoincidedwiththedevelopmentandadoptionoftheTCP/IP networkingprotocols.FormoreinformationaboutBSDUnix,seeChapter21. UnixNetworking Unixisapeer-to-peernetworkoperatingsystem,inthateverycomputeriscapableofboth accessingresourcesonothersystemsandsharingitsownresources.Thesenetworking capabilitiestakethreebasicforms,asfollows: •Theabilitytoopenasessiononanothermachineandexecutecommandson itsshell •Theabilitytoaccessthefilesystemonanothermachine,usingaservicelike NFS •Theabilitytorunaservice(calledadaemon)ononesystemandaccessit usingaclientonanothersystem TheTCP/IPprotocolsareanintegralpartofallUnixoperatingsystems,andmanyof theTCP/IPprogramsandservicesthatmaybefamiliartoyoufromworkingwiththe InternetarealsoimplementedonUnixnetworks.Forexample,Unixnetworkscanuse DNSserverstoresolvehostnamesintoIPaddressesanduseBOOTPorDHCPserversto automaticallyconfigureTCP/IPclients.StandardInternetservicessuchasFileTransfer Protocol(FTP)andTelnethavelongbeenavitalelementofUnixnetworking,asare utilitiessuchasPingandTraceroute. ThefollowingsectionsexaminethetypesofnetworkaccessusedonUnixsystemsand thetoolsinvolvedinimplementingthem. UsingRemoteCommands OneformofnetworkaccessthatisfarmorecommonlyusedonUnixthanonother networkoperatingsystemsistheremoteconsolesession,inwhichauserconnectsto anothercomputeronthenetworkandexecutescommandsonthatsystem.Oncethe connectionisestablished,commandsenteredbytheuserattheclientsystemareexecuted bytheremoteserver,andtheoutputisredirectedoverthenetworkbacktotheclient’s display.It’simportanttounderstandthatthisisnottheequivalentofaccessingashared networkdriveonaWindowscomputerandexecutingafile.Inthelattercase,theprogram runsusingtheclientcomputer’sprocessorandmemory.Whenyouexecuteacommandon aUnixcomputerusingaremoteconsolesession,theprogramactuallyrunsontheother computer,usingitsresources. BecauseUnixreliesheavilyonthecommandprompt,character-basedremotesessions aremoreusefulthantheyareinamoregraphicallyorientedenvironmentlikethatof Windows. BerkeleyRemoteCommands TheBerkeleyremotecommandswereoriginallypartofBSDUnixandhavesincebeen adoptedbyvirtuallyeveryotherUnixOS.Sometimesknownasther*commands,these toolsareintendedprimarilyforuseonlocalareanetworks(LANs),ratherthanoverwide areanetwork(WAN)orInternetlinks.Thesecommandsenableyounotonlytoopena sessiononaremotesystembuttoperformspecifictasksonaremotesystemwithout logginginandwithoutworkinginteractivelywithashellprompt. rlogin Therlogincommandestablishesaconnectiontoanothersystemonthenetworkand providesaccesstoitsshell.Onceconnected,anycommandsyouenterareexecutedbythe othercomputerusingitsprocessor,filesystem,andothercomponents.Toconnectto anothermachineonthenetwork,youuseacommandlikethefollowing: rlogin[-lusername]hostname wherethehostnamevariablespecifiesthenameofthesystemtowhichyouwantto connect. NOTEYoucansometimesusetheIPaddressinsteadofyourhostname. Authenticationisrequiredforthetargetsystemtoestablishtheconnection,whichcan happenusingeitherhost-leveloruser-levelsecurity.Tousehost-levelsecurity,theclient systemmustbetrustedbytheserverbyhavingitshostnamelistedinthe/etc/host.equiv fileontheserver.Whenthisisthecase,theclientlogsinwithoutausernameorpassword becauseitisautomaticallytrustedbytheservernomatterwho’susingthesystem. User-levelsecurityrequirestheuseofausernameandsometimesapassword,in additiontothehostname.Bydefault,rloginsuppliesthenameoftheusercurrentlylogged inontheclientsystemtotheremotesystem,aswellasinformationaboutthetypeof terminalusedtoconnect,whichistakenfromthevalueoftheTERMvariable.Thenamed usermusthaveanaccountintheremotesystem’spassworddatabase,andiftheclient systemisnottrustedbytheremotesystem,theremotesystemmaythenprompttheclient forthepasswordassociatedwiththatusername.It’salsopossibletologinusinga differentusernamebyspecifyingitontherlogincommandlinewiththe-lswitch. Fortheusernametobeauthenticatedbytheremotesystemwithoutusingapassword, itmustbedefinedasanequivalentuserbybeinglistedina.rhostsfilelocatedinthe user’shomedirectoryonthatsystem.The.rhostsfilecontainsalistofhostnamesand usernamesthatspecifywhetherauserworkingonaspecificmachineshouldbegranted immediateaccesstothecommandprompt.Dependingonthesecurityrequirementsforthe remotesystem,the.rhostsfilescanbeownedeitherbytheremoteusersthemselvesorby therootaccountonthesystem.Addinguserstoyour.rhostsfileisasimplewayofgiving themaccesstoyouraccountonthatmachinewithoutgivingthemthepassword. NOTETherootaccountonaUnixcomputerisabuilt-insuperuserthathas fullaccesstotheentiresystem,muchliketheAdministratoraccountin Windowsbutevenmorepowerful(dependingontheversionof Windows). Onceyouhavesuccessfullyestablishedaconnectiontoaremotesystem,youcan executeanycommandinitsshellthatyouwouldonyourlocalsystem,exceptforthose thatlaunchgraphicalapplications.Youcanalsouserloginfromtheremoteshellto connecttoathirdcomputer,givingyousimultaneousaccesstoallthree.Toterminatethe connectiontoaremotesystem,youcanusetheexitcommand,presstheCTRL-Dkey combination,ortypeatildefollowedbyaperiod(~.). rsh Insomeinstances,youmaywanttoexecuteasinglecommandonaremotesystemand viewtheresultingoutputwithoutactuallyloggingin.Youcandothiswiththersh command,usingthefollowingsyntax: rshhostnamecommand wherethehostnamevariablespecifiesthesystemonwhichyouwanttoopenaremote shell,andthecommandvariableisthecommandtobeexecutedontheremotesystem. Unlikerlogin,interactiveauthenticationisnotpossiblewithrsh.Forthecommandto work,theusermusthaveeitheraproperlyconfigured.rhostsfileontheremotesystemor anentryinthe/etc/host.equivfile.Thershcommandprovidesessentiallythesame command-linecapabilitiesasrlogin,exceptthatitworksforonlyasinglecommandand doesnotmaintainanopensession. NOTEThershcommandwascalledremshonHP-UXsystems.Thereare manycasesinwhichcommandsprovidingidenticalfunctionshave differentnamesonvariousUnixoperatingsystems. rcp Thercpcommandisusedtocopyfilestoorfromaremotesystemacrossanetwork withoutperforminganinteractivelogin.Thercpfunctionsmuchlikethecpcommand usedtocopyfilesonthelocalsystem,usingthefollowingsyntax: rcp[-r]sourcehost:filenamedesthost:filename wherethesourcehost:filenamevariablespecifiesthehostnameofthesourcesystemand thenameofthefiletobecopied,andthedesthost:filenamevariablespecifiesthehostname ofthedestinationsystemandthenamethatthefileshouldbegivenonthatsystem.You canalsocopyentiredirectoriesbyaddingthe-rparametertothecommandandspecifying directorynamesinsteadoffilenames.Aswithrsh,thereisnologinprocedure,sotouse rcp,eithertheclientsystemmustbetrustedbytheremotesystemortheusermustbe listedinthe.rhostsfile. SecureShellCommands ThedownsideoftheBerkeleyremotecommandsisthattheyareinherentlyinsecure. Passwordsaretransmittedoverthenetworkincleartext,makingitpossibleforintruders tointerceptthem.Becauseofthissusceptibilitytocompromise,manyadministrators prohibittheuseofthesecommands.Toaddressthisproblem,thereisaSecureShell programthatprovidesthesamefunctionsasrlogin,rsh,andrcp,butwithgreatersecurity. TheequivalentprogramsintheSecureShellarecalledslogin,ssh,andscp.Theprimary differencesinusingthesecommandsarethattheconnectionisauthenticatedonbothsides andallpasswordsandotherdataaretransmittedinencryptedform. DARPACommands TheBerkeleyremotecommandsaredesignedforuseonlikeUnixsystems,butthe DARPAcommandsweredesignedaspartoftheTCP/IPprotocolsuiteandcanbeusedby anytwosystemsthatsupportTCP/IP.VirtuallyallUnixoperatingsystemsincludeboth theclientandserverprogramsforTelnet,FTP,andTrivialFileTransferProtocol(TFTP) andinstallthembydefault,althoughsomeadministratorsmaychoosetodisablethem later. telnet Thetelnetcommandissimilarinitsfunctionalitytorlogin,exceptthattelnetdoesnot sendanyinformationabouttheuserontheclientsystemtotheserver.Youmustalways supplyausernameandpasswordtobeauthenticated.AswithalloftheDARPA commands,youcanuseaTelnetclienttoconnecttoanycomputerrunningaTelnetserver, evenifitisrunningadifferentversionofUnixoranon-UnixOS.Thecommandsyoucan usewhileconnected,however,arewhollydependentontheOSrunningtheTelnetserver. If,forexample,youinstallaTelnetserveronaWindowssystem,youcanconnecttoit fromaUnixclient,butonceconnected,youcanuseonlythecommandsrecognizedby Windows.SinceWindowsisnotprimarilyacharacter-basedOS,itscommand-line capabilitiesarerelativelylimited,unlessyouinstalloutsideprograms. ftp Theftpcommandprovidesmorecomprehensivefiletransfercapabilitiesthanrcpand enablesaclienttoaccessthefilesystemonanycomputerrunninganFTPserver. However,insteadofaccessingfilesinplaceontheothersystem,ftpprovidesonlythe abilitytotransferfilestoandfromtheremotesystem.Forexample,youcannoteditafile onaremotesystem,butyoucandownloadittoyourownsystem,edititthere,andthen uploadthenewversiontotheoriginallocation.LikewithTelnet,usersmustauthenticate themselvestoanFTPserverbeforetheyaregrantedaccesstothefilesystem.Many systemsrunningFTP,suchasthoseontheInternet,supportanonymousaccess,buteven thisrequiresanauthenticationprocessofsortsinwhichtheusersuppliesthename “anonymous”andtheserverisconfiguredtoacceptanypassword. tftp ThetftpcommandusestheTrivialFileTransferProtocoltocopyfilestoorfromaremote system.WhereasftpreliesontheTransmissionControlProtocolatthetransportlayer,tftp usestheUserDatagramProtocol(UDP).BecauseUDPisaconnectionlessprotocol,no authenticationbytheremotesystemisneeded.However,thislimitsthecommandto copyingonlyfilesthatarepubliclyavailableontheremotesystem.TheTFTPprotocol wasdesignedprimarilyforusebydisklessworkstationsthathavetodownloadan executableoperatingsystemfilefromaserverduringthebootprocess. NetworkFileSystem Sharingfilesisanessentialpartofcomputernetworking,andUnixsystemsuseseveral mechanismstoaccessfilesonothersystemswithoutfirsttransferringthemtoalocal drive,aswithftpandrcp.ThemostcommonlyusedofthesemechanismsistheNetwork FileSystem(NFS),whichwasdevelopedbySunMicrosystemsinthe1980sandhasnow beenstandardizedbytheInternetEngineeringTaskForce(IETF)asRFC1094(NFS Version2)andRFC1813(NFSVersion3).ByallowingNFStobepublishedasanopen standard,Sunmadeitpossibleforanyonetoimplementtheservice,andtheresultisthat NFSsupportisavailableforvirtuallyeveryOSinusetoday. PracticallyeveryUnixvariantavailableincludessupportforNFS,whichmakesit possibletosharefilesamongsystemsrunningdifferentUnixversions.Non-Unix operatingsystems,suchasWindowsandNetWare,canalsosupportNFS,butaseparate product(marketedbyeitherthemanufacturerorathirdparty)isrequired.SinceWindows andNetWarehavetheirowninternalfile-sharingmechanisms,theseotheroperating systemsmostlyrequireNFSonlytointegrateUnixsystemsintotheirnetworks. NFSisaclient-serverapplicationinwhichaservermakesallorpartofitsfilesystem availabletoclients(usingaprocesscalledexportingorsharing),andaclientaccessesthe remotefilesystembymountingit,whichmakesitappearjustlikepartofthelocalfile system.NFSdoesnotcommunicatedirectlywiththekernelonthelocalcomputerbut ratherreliesontheremoteprocedurecalls(RPC)service,alsodevelopedbySun,to handlecommunicationswiththeremotesystem.RPChasalsobeenreleasedasanopen standardbySunandpublishedasanIETFdocumentcalledRFC1057.Thedata transmittedbyNFSisencodedusingamethodcalledExternalDataRepresentation (XDR),asdefinedinRFC1014.Inmostcases,theserviceusestheUDPprotocolfor networktransportandlistensonport2049. NFSisdesignedtokeeptheserversideoftheapplicationassimpleaspossible.NFS serversarestateless,meaningtheydonothavetomaintaininformationaboutthestateofa clienttofunctionproperly.Inotherwords,theserverdoesnotmaintaininformationabout whichclientshavefilesopen.Intheeventthataservercrashes,clientssimplycontinueto sendtheirrequestsuntiltheserverresponds.Ifaclientcrashes,theservercontinuesto operatenormally.Thereisnoneedforacomplicatedreconnectionsequence.Because repeatediterationsofthesameactivitiescanbetheconsequenceofthisstatelessness,NFS isalsodesignedtobeasidempotentaspossible,meaningthattherepeatedperformanceof thesametaskwillnothaveadeleteriouseffectontheperformanceofthesystem.NFS serversalsotakenopartintheadaptationoftheexportedfilesystemtotheclient’s requirements.Theserversuppliesfilesysteminformationinageneralizedform,anditis uptotheclienttointegrateitintoitsownfilesystemsothatapplicationscanmakeuseof it. ThecommunicationbetweenNFSclientsandserversisbasedonaseriesofRPC proceduresdefinedintheNFSstandardandlistedinTable20-1.Thesebasicfunctions enabletheclienttointeractwiththefilesystemontheserverinallofthewaysexpected byatypicalapplication.AnInternet-DraftreleasedinApril2014byIETFdescribesminor updatestoearlierNFSversions.Thegoalofthisrevision,accordingtothedraft,isto “improveaccessandgoodperformanceontheInternet,providestrongsecurity,good cross-platforminteroperability,andisdesignedforprotocolextensionswhichdonot compromisebackwardcompatibility.”(Seehttp://tools.ietf.org/html/draft-ietf-nfsv4rfc3530bis-33#section-1.1formoreinformation.) Table20-1SomeRPCProceduresinNFSVersions OnasystemconfiguredtofunctionasanNFSserver,youcancontrolwhichpartsof thefilesystemareaccessibletoclientsbyusingcommandssuchasshareonSolarisand SVR4systemsandexportfsonLinuxandHP-UX.Usingthesecommands,youspecify whichdirectoriesclientscanaccessandwhatdegreeofaccesstheyareprovided.Youcan choosetoshareadirectoryonaread-onlybasis,forexample,orgrantread-writeaccess, andyoucanalsodesignatedifferentaccesspermissionsforspecificusers. Clientsystemsaccessthedirectoriesthathavebeensharedbyaserverbyusingthe mountcommandtointegratethemintothelocalfilesystem.Themountcommand specifiesadirectorysharedbyaserver,theaccessthatclientapplicationsshouldhaveto theremotedirectory(suchasread-writeorread-only),andthemountpointfortheremote files.Themountpointisadirectoryonthelocalsysteminwhichthesharedfilesand directorieswillappear.Applicationsandcommandsrunningontheclientsystemcan referencetheremotefilesjustasiftheywerelocatedonalocaldrive. Client-ServerNetworking Client-servercomputingisthebasisfornetworkingonUnixsystems,asitisonmany othercomputingplatforms.Unixisapopularapplicationserverplatformlargelybecause itsrelativesimplicityandflexibilityenablethecomputertodevotemoreofitsresources towarditsprimaryfunction.OnaWindowsserver,forexample,asignificantamountof systemresourcesaredevotedtorunningtheGUIandothersubsystemsthatmayhavelittle ornothingtodowiththeserverapplicationsthatareitsprimaryfunctions.Whenyou dedicateacomputertofunctioningasawebserver,forexample,andyouwantittobe abletoserviceasmanyclientsaspossible,itmakessensetodisableallextraneous functions,whichissomethingthatisfareasiertodoonaUnixsystemthaninWindows. ServerapplicationsonUnixsystemstypicallyrunasdaemons,whicharebackground processesthatruncontinuously,regardlessofthesystem’sotheractivities.Therearemany commercialserverproductsavailableforvariousUnixversionsandalsoagreatmanythat areavailablefreeofcharge.BecausetheTCP/IPprotocolswerelargelydevelopedonthe Unixplatform,UnixserversoftwareisavailableforeveryTCP/IPapplicationin existence. CHAPTER 21 OtherNetworkOperatingSystems andNetworkingintheCloud Additionaloperatingsystemshavebeencreatedascomputinghasevolved.Today,many usersareturningtothecloudfornetworking(andotherservices).Astechnology advances,newmethodsandapproacheswilldevelop. HistoricalSystems In1977,aUnix-basedoperatingsystemwasdevelopedbytheUniversityofCalifornia, Berkeley.ThissystemwasoriginallyanextensionofAT&TResearch’sUnixoperating system.Eventually,BerkeleySoftwareDistribution(BSD)Unixcametobetheoperating system(OS)thatmanyotherorganizationsusedasthebasisfortheirownUnixproducts, includingSunMicrosystems’SunOS.Theresultisthatmanyoftheprogramswrittenfor oneBSD-basedUnixversionarebinary-compatiblewithotherversions.OncetheSVR4 releaseconsolidatedthebestfeaturesofBSDandseveralotherUnixversionsintoone product,theBSDproductbecamelessinfluentialandculminatedinthe4.4BSDversionin 1992. AlthoughmanyoftheUnixvariantsthatarepopulartodayoweagreatdebttothe BSDdevelopmentproject,theversionsofBSDthatarestillcommonlyusedarepublic domainoperatingsystems,suchasFreeBSD,Linux,NetBSD,andOpenBSD.Allofthese operatingsystemsarebasedonBerkeley’s4.4BSDreleaseandcanbedownloadedfrom theInternetfreeofchargeandusedforprivateandcommercialapplicationsatnocost. FreeBSD FreeBSD,availableatfreebsd.org/inversionsfortheIntelandAlphaplatforms,isbased ontheBerkeley4.4BSD-Lite2releaseandisbinary-compatiblewithLinux,SCO,SVR4, andNetBSDapplications.TheFreeBSDdevelopmentprojectisdividedintotwo branches:theSTABLEbranch,whichincludesonlywell-testedbugfixesandincremental enhancements,andtheCURRENTbranch,whichincludesallofthelatestcodeandis intendedprimarilyfordevelopers,testers,andenthusiasts.Thecurrentstableversionasof January2015is10.1. NetBSD NetBSD,availableatnetbsd.org/,isderivedfromthesamesourcesasFreeBSDbutboasts portabilityasoneofitshighestpriorities.NetBSDisavailableinformalreleasesfor15 hardwareplatforms,rangingfromIntelandAlphatoMac,SPARC,andMIPSprocessors, includingthosedesignedforhandheldWindowsCEdevices.Manyotherportsareinthe developmentalandexperimentalstages.NetBSD’sbinarycompatibilityenablesitto supportapplicationswrittenformanyotherUnixvariants,includingBSD,FreeBSD, HP/UX,Linux,SVR4,Solaris,SunOS,andothers.Networkingcapabilitiessupported directlybythekernelincludeNFS,IPv6,networkaddresstranslation(NAT),andpacket filtering.ThelatestversionofNetBSD,releasedinSeptember2014is6.1.5. OpenBSD OpenBSDisavailableatopenbsd.org/;thecurrentversionis5.6,releasedinNovember 2014.LiketheotherBSD-derivedoperatingsystems,OpenBSDisbinary-compatiblewith mostofitspeers,includingFreeBSD,SVR4,Solaris,SunOS,andHP/UX,anditcurrently supports20hardwareplatforms,includingIntel,Alpha,SPARC,PowerPC,andothers. However,thetopprioritiesofOpenBSD’sdevelopersaresecurityandcryptography. BecauseOpenBSDisanoncommercialproduct,itsdevelopersfeeltheycantakeamore uncompromisingstanceonsecurityissuesanddisclosemoreinformationaboutsecurity thancommercialsoftwaredevelopers.Also,becauseitisdevelopedinanddistributed fromCanada,OpenBSDisnotsubjecttotheAmericanlawsthatprohibittheexportof cryptographicsoftwaretoothercountries.Thedevelopersare,therefore,morelikelyto takeacryptographicapproachtosecuritysolutionsthanareAmerican-basedcompanies. OracleSolaris SunMicrosystems(sun.com)becameinvolvedinUnixdevelopmentintheearly1980s, whenitsoperatingsystemwasknownasSunOS.In1991,Suncreatedasubsidiarycalled SunSoftthatbeganworkonanewUnixversionbasedonSVR4,whichitcalledSolaris. PurchasedbyOraclein2010,OracleSolarisisnowacompletecloudinfrastructure operatingsystemandbillsitselfasthe“industry’smostwidelydeployedUnixoperating system”andthe“firstfullyvirtualizedoperatingsystem.”Seethenextsectiontolearn moreaboutcloudcomputing. OperatingintheCloud Working“inthecloud”isnotanewconcept.WhenVannevarBushandJ.C.R.Licklider wereformulatingtheAdvancedResearchProjectsAgencyNetwork(ARPANET)inthe 1960s,Lickliderenvisionedthe“IntergalacticComputerNetwork.”Apaperwrittenwith RobertW.Taylorin1968entitled“TheComputerasaCommunicationDevice”predicted thatcomputernetworkswouldbeusedforcommunication.Althoughhisideaswerenot realizeduntiltheavailabilityofhigherbandwidthsinthe1990s,muchofwhathe describedisusedtoday.HispaperisstillavailableatseverallocationsontheInternet, includinghttp://memex.org/licklider.pdf. HistoryoftheCloud Thetermcloudcomputinghasbeeninuseforseveraldecades.Whiletheexactorigin seemstobeunknown,acloudsymbolhaslongbeenusedtorepresenttheInternetwhen creatingcomputerdiagrams.And,theclouditselfisanetworkedgroupofserversthatcan beaccessedovertheInternet,makingitpossibletoobtainservices,resources,andstorage fromanyworldlocationwhereanInternetconnectionisavailable. PrecursorstotheCloud Inthe1950s,mainframecomputerswereusedforcommunicationatlargecompaniesand universities.Manywereincapableofprocessinginformationbutwereaccessiblefromsocalledthin-clientworkstations.Theseunitswerequitecostly,andtimeonthemwasoften rentedtoothers;therefore,“time-sharing”becameapopularmethodofrecoupingthehigh costoftheseunits. In1960,theDataphonewascreatedbyAT&Ttoconvertdigitalcomputersignalsto analogsignalssothedigitalsignalscouldbesentviaAT&T’slong-distancenetwork. Onlinetransactionprocessingbecameavailableovertelephonelinesin1964.
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
advertisement
© 2021