Windows Server 2003 Network Administration

Content preview·Buy reprint rights for this chapter

When you place your computer on a network, it interacts with many other systems. The way you do network administration tasks has effects, good and bad, not only on your system but also on other systems on the network. A sound understanding of basic network administration benefits everyone.

Networking computers dramatically enhances their ability to communicate—and most computers are used more for communication than computation. Many computers are busy crunching the numbers for business and science, but the number of such systems pales in comparison to the millions of systems busy moving email to a remote colleague or retrieving information from a remote repository. When you think of the hundreds of millions of desktop systems that are used primarily for preparing documents to communicate ideas from one person to another, it is easy to see why most computers can be viewed as communications devices.

The positive impact of computer communications increases with the number and type of computers participating in the network. One of the great benefits of TCP/IP is that it provides interoperable communications between all types of hardware and all kinds of operating systems.

The name "TCP/IP" refers to an entire suite of data communications protocols. The suite gets its name from two of its protocols: the Transmission Control Protocol (TCP) and the Internet Protocol (IP). The TCP/IP protocol suite is sometimes just called IP. Both names are acceptable. TCP/IP is the traditional name for this protocol suite and it is the name used in this book.

Protocols are the rules of data communications. The software that network administrators deal with implements those protocols. This book is a practical, step-by-step guide to configuring and managing TCP/IP networking software on Windows server systems. TCP/IP is the leading communications software for local area networks and enterprise intranets, and it is the foundation of the worldwide Internet. TCP/IP is the most important networking software available to a network administrator.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

In 1969, the Advanced Research Projects Agency (ARPA) funded a research and development project to create an experimental packet-switching network. This network, called the ARPANET , was built to study techniques for providing robust, reliable, vendor-independent data communications. Many techniques of modern data communications were developed in the ARPANET.

The experimental network ARPANET was so successful, many of the organizations attached to it began to use it for daily data communications. In 1975, the ARPANET was converted from an experimental network to an operational network, and the responsibility for administering it was given to the Defense Communications Agency (DCA) , which has since changed its name to Defense Informations Systems Agency (DISA) . However, development of the ARPANET did not stop just because it was being used as an operational network; the basic TCP/IP protocols were developed after the network ARPANET was operational.

The TCP/IP protocols were adopted as Military Standards (MIL STD) in 1983, and all hosts connected to the network were required to convert to the new protocols. To ease this conversion, DARPA funded Bolt, Beranek, and Newman (BBN) to implement TCP/IP in Berkeley (BSD) Unix. This provided a reference implementation that could be used by anyone who wanted to implement TCP/IP.

About the time that TCP/IP was adopted as a standard, the term Internet came into common usage. In 1983, the old ARPANET was divided into MILNET, the unclassified part of the Defense Data Network (DDN), and a new, smaller ARPANET. "Internet" was used to refer to the entire network: MILNET plus ARPANET.

In 1985, the National Science Foundation (NSF) created NSFNet and connected it to the then-existing Internet. The original NSFNet linked together the five NSF supercomputer centers. It was smaller than the ARPANET and no faster—56 Kbps. Nonetheless, the creation of the NSFNet was significant because NSF brought with it a new vision of the use of the Internet. NSF wanted to extend the network to every scientist and engineer in the United States. To accomplish this, in 1987 NSF created a new, faster backbone and a three-tiered network topology that included the backbone, regional networks, and local networks. In 1990, the ARPANET formally passed out of existence, while the NSFNet ceased its role as a primary Internet backbone network in 1995.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

To discuss computer networking, terms with special meanings to network professionals need to be used. Even other computer professionals may not be familiar with all the terms in the networking alphabet soup. As is always the case, English and computer-speak are not equivalent (or even necessarily compatible) languages. Although descriptions and examples should make the meaning of the networking jargon more apparent, sometimes terms are ambiguous, so a common frame of reference is necessary.

An architectural model developed by the International Standards Organization (ISO) is frequently used to describe the structure and function of data communications protocols. This architectural model, which is called the Open Systems Interconnect (OSI) Reference Model, provides a common reference for discussing communications. The terms defined by this model are well understood and widely used—so widely used, in fact, that it is difficult to discuss data communications without using OSI's terminology.

The OSI Reference Model contains seven layers that define the functions of data communications protocols. Each layer of the OSI model represents a function performed when data is transferred between cooperating applications across an intervening network. Figure 1-1 identifies each layer by name and provides a short functional description for it. Looking at this figure, the protocols are like a pile of building blocks stacked one upon another. Because of this appearance, the structure is often called a stack or protocol stack .

A layer does not define a single protocol—it defines a data communications function that may be performed by any number of protocols. Therefore, each layer may contain multiple protocols, each providing a service suitable to the function of that layer. For example, a file transfer protocol (ftp) and an electronic mail protocol both provide user services, and both are part of the Application Layer.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

While description of TCP/IP with a layered model is not universally agreed upon, it is generally viewed as being composed of fewer layers than the seven used in the OSI model. Most descriptions of TCP/IP define three to five functional levels in the protocol architecture . The four-level model illustrated in Figure 1-2 is based on the three layers (Application, Host-to-Host, and Network Access) shown in the DOD Protocol Model in the DDN Protocol Handbook—Volume 1, with the addition of a separate Internet layer. This model provides a reasonable pictorial representation of the layers in the TCP/IP protocol hierarchy.

Figure 1-2: Layers in the TCP/IP protocol architecture

As in the OSI model, data is passed down the stack when it is being sent to the network and up the stack when it is being received from the network. The four-layered structure of TCP/IP is seen in the way data is handled as it passes down the protocol stack from the Application Layer to the underlying physical network. Each layer in the stack adds control information to ensure proper delivery. This control information is called a header because it is placed in front of the data to be transmitted. Each layer treats all of the information it receives from the layer above as data and places its own header in front of that information. The addition of delivery information at every layer is called encapsulation . (See Figure 1-3 for an illustration of this.) When data is received, the opposite happens. Each layer strips off its header before passing the data on to the layer above. As information flows back up the stack, information received from a lower layer is interpreted as both a header and data.

Figure 1-3: Data encapsulation

Figure 1-4 shows the terms used by different layers of TCP/IP to refer to the data being transmitted. Applications using TCP refer to data as a

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The Network Access Layer is the lowest layer of the TCP/IP protocol hierarchy. The protocols in this layer provide the means for the system to deliver data to the other devices on a directly attached network. This layer defines how to use the network to transmit an IP datagram. Unlike higher-level protocols, Network Access Layer protocols must know the details of the underlying network (its packet structure, addressing, etc.) to format the data being transmitted to comply with the network constraints. The TCP/IP Network Access Layer can encompass the functions of all three lower layers of the OSI reference Model (Network, Data Link, and Physical).

The design of TCP/IP hides the function of the lower layers, and the better known protocols (IP, TCP, UDP, etc.) are all higher-level protocols. As new hardware technologies appear, new Network Access protocols are developed so that TCP/IP networks can use the new hardware.

Functions performed at this level include encapsulation of IP datagrams into the frames transmitted by the network and mapping of IP addresses to the physical addresses used by the network. One of TCP/IP's strengths is its universal addressing scheme. The IP address must be converted into an address that is appropriate for the physical network over which the datagram is transmitted.

Some examples of RFCs that define network access layer protocols follow:

RFC 894, A Standard for the Transmission of IP Datagrams over Ethernet Networks, specifies how IP datagrams are encapsulated for transmission over Ethernet networks.
RFC 826, Ethernet Address Resolution Protocol (ARP), maps IP addresses to Ethernet addresses. (ARP is covered in Chapter 2.)
RFC 1661, The Point-to-Point Protocol (PPP), specifies how IP datagrams are transmitted over point-to-point connections.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The layer above the Network Access Layer in the protocol hierarchy is the Internet Layer, and the Internet Protocol (IP) is the most important protocol in that layer. The release of IP used in the current Internet is IP Version 4 (IPv4), which is defined in RFC 791. It is called Version 4 because it is identified by the value 4 in the version field of the IP datagram header, which is shown in Figure 1-5. However, IPv4 is the first version of IP deployed in the Internet and it is still in use today. There are later versions of IP. IP Version 5 (IPv5) is an experimental Stream Transport (ST) protocol used for real-time data delivery. IPv5 never came into operational use. IPv6 is an IP standard that provides greatly expanded addressing capacity. Because IPv6 uses a completely different address structure, it is not interoperable with IPv4. While IPv6 is a standard version of IP that is delivered with Windows Server 2003, it is not yet widely used in operational, commercial networks. Our focus is on practical, operational networks, so, while IPv6 is discussed in Chapter 2, we do not cover IPv6 in great detail. In this chapter, and throughout the main body of the text, we refer to IPv4 whenever we say IP. IPv4 is the protocol you will configure on your system when you want to exchange data with remote systems, and it is the focus of this text.

The Internet Protocol is the heart of TCP/IP. IP provides the basic packet delivery service on which TCP/IP networks are built. All protocols, in the layers above and below IP, use the Internet Protocol to deliver data. All TCP/IP data flows through IP, incoming and outgoing, regardless of its final destination.

The Internet Protocol is the building block of the Internet. Its functions include the following:

Defining the datagram, which is the basic unit of transmission in the Internet
Defining the Internet addressing scheme

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The protocol layer just above the Internet Layer is the Transport Layer. The two most important protocols in the Transport Layer are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP provides reliable, connection-oriented data delivery service with end-to-end error detection and correction. UDP provides low-overhead, connectionless datagram delivery service. Both protocols deliver data between the Application Layer and the Internet Layer. Applications programmers can choose whichever service is more appropriate for their specific applications.

The User Datagram Protocol gives application programs direct access to a datagram delivery service, like the delivery service that IP provides. This allows applications to exchange messages over the network with a minimum of protocol overhead.

UDP is an unreliable, connectionless datagram protocol. As noted previously, "unreliable" means that there are no techniques in the protocol for verifying that the data reached the other end of the network correctly. UDP uses 16-bit Source Port and Destination Port numbers in word 1 of the message header, to deliver data to the correct applications process. Figure 1-9 shows the UDP message format.

Figure 1-9: UDP message format

Applications programmers choose UDP as a data transport service for a number of good reasons. If the amount of data being transmitted is small, the overhead of creating connections and ensuring reliable delivery may be greater than the work of retransmitting the entire data set. In this case, UDP is the most efficient choice for a Transport Layer protocol. Applications that fit a query-response model are also excellent candidates for using UDP. The response can be used as a positive acknowledgment to the query. If a response isn't received within a certain time period, the application just sends another query. Still other applications provide their own techniques for reliable data delivery and don't require service from the transport layer protocol. Imposing another layer of acknowledgment on any of these types of applications is inefficient.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

At the top of the TCP/IP protocol architecture is the Application Layer. This layer includes all processes that use the Transport Layer protocols to deliver data. There are many applications protocols. Most of these protocols provide user services, and new services are always being added to this layer.

Some widely known and implemented applications protocols follow:

Telnet: The Network Terminal Protocol provides remote login over the network.
FTP: The File Transfer Protocol is used for interactive file transfer.
SMTP: The Simple Mail Transfer Protocol delivers electronic mail.
HTTP: The Hypertext Transfer Protocol delivers web pages over the network.

While HTTP, FTP, SMTP, and Telnet are widely implemented TCP/IP applications that provide services directly to end users, you will work with other applications that primarily provide services from one host to another. Examples of these types of TCP/IP applications follow:

Domain Name System (DNS): Also called name service, this application maps IP addresses to the names assigned to network devices. DNS is discussed in detail in Chapter 6.
Dynamic Host Configuration Protocol (DHCP): This protocol is used to automatically configure networked computers. DHCP is covered in Chapter 5.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

This chapter discussed the structure of TCP/IP, the protocol suite upon which the Internet is built. TCP/IP is a hierarchy of four layers: Applications, Transport, Internet, and Network Access. This chapter examined the function of each of these layers. The next chapter looks at how the IP datagram moves through a network when data is delivered between hosts.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Chapter 1 touched on the basic architecture and design of the TCP/IP protocols. From that discussion, we know that TCP/IP is a hierarchy of four layers. This chapter explores in finer detail how data moves between the protocol layers and the systems on the network. We examine the structure of Internet addresses, including how addresses route data to its final destination and how address structure is locally redefined to create subnets. We also look at the protocol and port numbers used to deliver data to the correct applications. These additional details move us from an overview of TCP/IP to the specific implementation details that affect your system's configuration.

To deliver data between two Internet hosts, it is necessary to move the data across the network to the correct host, and within that host to the correct application or process. TCP/IP uses three schemes to accomplish these tasks:

Addressing: IP addresses, which uniquely identify every host on the network, deliver data to the correct host.
Routing: Gateways deliver data to the correct network.
Multiplexing: Protocol and port numbers deliver data to the correct software module within the host.

Each of these functions—addressing between hosts, routing between networks, and multiplexing between layers—is necessary to send data between two cooperating applications across the Internet. Let's examine each of these functions in detail.

An IPv4 address is a 32-bit value that uniquely identifies every device attached to a TCP/IP Internet. Some of the bits identify a specific network within the Internet, and are referred to as

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

To deliver data between two Internet hosts, it is necessary to move the data across the network to the correct host, and within that host to the correct application or process. TCP/IP uses three schemes to accomplish these tasks:

Addressing: IP addresses, which uniquely identify every host on the network, deliver data to the correct host.
Routing: Gateways deliver data to the correct network.
Multiplexing: Protocol and port numbers deliver data to the correct software module within the host.

Each of these functions—addressing between hosts, routing between networks, and multiplexing between layers—is necessary to send data between two cooperating applications across the Internet. Let's examine each of these functions in detail.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

An IPv4 address is a 32-bit value that uniquely identifies every device attached to a TCP/IP Internet. Some of the bits identify a specific network within the Internet, and are referred to as network bits , or the network number . Other bits identify the device on the network and are called host bits, or the host number. We'll talk much more about the structure of the IP address in the next section.

IP addresses are usually written as four decimal numbers separated by dots (periods) in a format called dotted decimal notation. Each decimal number represents a byte (8 bits) of the 32-bit address, and each of the four numbers is in the range of 0 through 255 (the decimal values possible in a single byte).

IP addresses are often called host addresses. Although this is common usage, it is slightly misleading. IP addresses are assigned to network interfaces, not to computer systems. A gateway has a different address for each network to which it is connected. The gateway is known to other devices by the address associated with the network that it shares with those devices.

Systems can be addressed in three different ways. Individual systems are directly addressed by a host address, which is called a unicast address. A unicast packet is addressed to one individual host. Groups of systems can be addressed using a multicast address, e.g., 224.0.0.2. Routers along the path from the source to destination recognize the special address and route copies of the packet to each member of the multicast group. All systems on a network are addressed using the broadcast address, e.g., 172.16.255.255. The broadcast address depends on the broadcast capabilities of the underlying physical network.

The broadcast address is a good example of the fact that not all network addresses or host addresses can be assigned to a network device. Some host addresses are reserved for special uses. On all networks, host numbers 0 and 255 are reserved. An IP address with all host bits set to

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Chapter 1 described the evolution of the Internet architecture over the years. Along with these architectural changes have come changes in the way that routing information is disseminated within the network.

In the original Internet structure, there was a hierarchy of gateways. This hierarchy reflected the fact that the Internet was built upon the existing ARPAnet. When the Internet was created, the ARPAnet was the backbone of the network: a central delivery medium to carry long-distance traffic. This central system was called the core, and the centrally managed gateways that interconnected it were called the core gateways.

In that hierarchical structure, routing information for all of the networks on the Internet was passed into the core gateways. The core gateways processed the information and then exchanged it among themselves using the Gateway to Gateway Protocol (GGP ). The processed routing information was then passed back out to the external gateways. The core gateways maintained accurate routing information for the entire Internet.

Using the hierarchical core router model to distribute routing information has a major weakness: every route must be processed by the core. This places a tremendous processing burden on the core, and as the Internet grew larger, the burden increased. In network-speak, we say that this routing model does not "scale well." For this reason, a new model emerged.

Even in the days of a single Internet core, groups of independent networks called autonomous systems (AS) existed outside of the core. The term "autonomous system" has a formal meaning in TCP/IP routing. An autonomous system is not merely an independent network. It is a collection of networks and gateways with its own internal mechanism for collecting routing information and passing it to other independent network systems. The routing information passed to the other network systems is called reachability information . Reachability information simply says which networks can be reached through that autonomous system. In the days of a single Internet core, autonomous systems passed reachability information into the core for processing. The

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Gateways route data between networks, but all network devices, hosts as well as gateways, must make routing decisions. For most hosts, the routing decisions are simple:

If the destination host is on the local network, the data is delivered to the destination host.
If the destination host is on a remote network, the data is forwarded to a local gateway.

IP routing decisions are simply table look-ups. Packets are routed toward their destination as directed by the routing table. The routing table maps destinations to the router and network interface that IP must use to reach that destination. Examining the routing table on a Windows Server 2003 system shows this.

Use the route command with the print option to display the routing table. Here is a simple routing table from a small system:

    C:\>route print
     
    IPv4 Route Table
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x10003 ...00 50 ba 3f c2 5e ...... D-Link DFE-530TX+ PCI Adapter
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination        Netmask         Gateway       Interface  Metric
              0.0.0.0          0.0.0.0     172.16.12.1     172.16.12.20     30
            127.0.0.0        255.0.0.0       127.0.0.1        127.0.0.1      1
          172.16.12.0    255.255.255.0    172.16.12.20     172.16.12.20     30
         172.16.12.20  255.255.255.255       127.0.0.1        127.0.0.1     30
        172.16.12.255  255.255.255.255    172.16.12.20     172.16.12.20     30
            224.0.0.0        240.0.0.0    172.16.12.20     172.16.12.20     30
      255.255.255.255  255.255.255.255    172.16.12.20     172.16.12.20      1
    Default Gateway:       172.16.12.1
    ===========================================================================
    Persistent Routes:
      None

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The IP address and the routing table direct a datagram to a specific physical network, but when data travels across a network, it must obey the physical layer protocols used by that network. The physical networks that underlay the TCP/IP network do not understand IP addressing. Physical networks have their own addressing schemes. One task of the network access protocols is to map IP addresses to physical network addresses.

A good example of this network access layer function is the translation of IP addresses to Ethernet addresses. The protocol that performs this function is Address Resolution Protocol (ARP), which is defined in RFC 826.

The ARP software maintains a table of translations between IP addresses and Ethernet addresses. This table is built dynamically. When ARP receives a request to translate an IP address, it checks for the address in its table. If the address is found, it returns the Ethernet address to the requesting software. If the address is not found in the table, ARP broadcasts a packet to every host on the Ethernet. The packet contains the IP address for which an Ethernet address is sought. If a receiving host identifies the IP address as its own, it responds by sending its Ethernet address back to the requesting host. The response is then cached in the ARP table.

The arp command displays or modifies the contents of the ARP table. To display the entire ARP table, use the arp -a command. Display individual entries by specifying the individual host after the -a argument on the arp command line. For example, to check the ARP table entry for IP address 192.168.0.2 enter:

    C:\>arp -a 192.168.0.2
     
    Interface: 192.168.0.20 --- 0x10003
      Internet Address      Physical Address      Type
      192.168.0.2           00-e0-4c-9b-99-19     dynamic

Check all entries in the table by using with the -a option with no host address. arp -a produces the following output:

            C:\> arp -a
     
    Interface: 192.168.0.20 --- 0x10003
      Internet Address      Physical Address      Type
      192.168.0.2           00-e0-4c-9b-99-19     dynamic
      192.168.0.3           00-00-c0-9a-72-ca     dynamic
      192.168.0.12          00-10-a4-8b-8b-97     static

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Once data has been routed through the network and delivered to a specific host, it must be delivered to the correct user or process. As the data moves up or down the TCP/IP layers, a mechanism is needed to deliver it to the correct protocols in each layer. The system must be able to combine data from many applications into a few transport protocols, and then from the transport protocols into the Internet Protocol. Combining many sources of data into a single data stream is called multiplexing .

Data arriving from the network must be demultiplexed: divided for delivery to multiple processes. To accomplish this task, IP uses protocol numbers to identify transport protocols, and the transport protocols use port numbers to identify applications.

Some protocol and port numbers are reserved to identify well-known services. Well-known services are standard network protocols, such as FTP and Telnet, which are commonly used throughout the network. The IANA assigns protocol numbers and port numbers to well-known services. Officially, assigned numbers are documented at the web site http://www.iana.org. Windows Server 2003 systems document protocol and port numbers in two simple text files.

The protocol number is a single byte in the third word of the datagram header. The value identifies the protocol in the layer above IP to which the data should be passed.

On a Windows system, the protocol numbers are documented in the protocol file. This file is a simple table containing the protocol name and the protocol number associated with that name. The format of the table is a single entry per line, consisting of the official protocol name, separated by whitespace from the protocol number. The protocol number is separated by whitespace from the alias for the protocol name. Comments in the table begin with a #. An example of a protocol file is shown below:

    C:\>type %SystemRoot%\system32\drivers\etc\protocol
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This file contains the Internet protocols as defined by RFC 1700
    # (Assigned Numbers).
    #
    # Format:
    #
    # <protocol name>  <assigned number>  [aliases...]   [#<comment>]
     
    ip       0     IP       # Internet protocol
    icmp     1     ICMP     # Internet control message protocol
    ggp      3     GGP      # Gateway-gateway protocol
    tcp      6     TCP      # Transmission control protocol
    egp      8     EGP      # Exterior gateway protocol
    pup      12    PUP      # PARC universal packet protocol
    udp      17    UDP      # User datagram protocol
    hmp      20    HMP      # Host monitoring protocol
    xns-idp  22    XNS-IDP  # Xerox NS IDP
    rdp      27    RDP      # "reliable datagram" protocol
    rvd      66    RVD      # MIT remote virtual disk

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

This chapter showed how data moves through the global Internet from one specific process on the source computer to a single cooperating process on the other side of the world. TCP/IP uses globally unique addresses to identify any computer on the Internet. It uses protocol numbers and port numbers to uniquely identify a single process running on that computer.

Routing directs the datagrams destined for a remote process through the maze of the global network. Routing uses part of the IP address to identify the destination network. Every system maintains a routing table that describes how to reach remote networks. The routing table usually contains a default route that is used if the table does not contain a specific route to the remote network. A route only identifies the next computer along the path to the destination. TCP/IP uses hop-by-hop routing to move datagrams one step closer to the destination until the datagram finally reaches the destination network.

At the destination network, final delivery is made by using the full IP address (including the host part) and converting that address to a physical layer address. An example of the type of protocol used to convert IP addresses to physical layer addresses is Address Resolution Protocol (ARP). It converts IP addresses to Ethernet addresses for final delivery.

The first two chapters described the structure of the TCP/IP protocol stack and the way in which it moves data across a network. In the next chapter, we move up the protocol stack to look at the type of services the network provides to simplify configuration and use.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Some network services provide essential computer-to-computer functions . These differ from application services in that they are not directly accessed by end users. Instead, these services are used by networked computers to simplify the installation, configuration, and operation of the network.

The functions performed by the services covered in this chapter are varied. They include:

Name service for converting IP addresses to hostnames and hostnames to addresses
Configuration servers that simplify the installation of networked hosts by handling part, or all, of the TCP/IP configuration
Electronic mail services for moving mail through the network from the sender to the recipient
File servers that allow client computers to transparently share files, and print servers that allow printers to be shared
Directory services that provide a shared repository for information about network objects, such as users, computers, files printers, and other servers1

The protocols discussed in this chapter are a combination of:

Standard TCP/IP protocols, such as Domain Name System (DNS), Internet Message Access Protocol (IMAP), and Dynamic Host Configuration Protocol (DHCP)
Microsoft network services, such as Windows Internet Name Service (WINS), Common Internet File System (CIFS), and Active Directory

We begin with a discussion of name service. It is an essential service that you will certainly use on your network.

RFC 791, Internet Protocol, defines names , addresses, and routes as follows:

A name indicates what we seek. An address indicates where it is. A route indicates how to get there.

Names, addresses, and routes all require the network administrator's attention. Routes and addresses are covered in the previous chapter. This section discusses names and how they are disseminated throughout the network. Every network interface attached to a TCP/IP network is identified by a unique 32-bit IP address. A name (called a

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

RFC 791, Internet Protocol, defines names , addresses, and routes as follows:

A name indicates what we seek. An address indicates where it is. A route indicates how to get there.

Names, addresses, and routes all require the network administrator's attention. Routes and addresses are covered in the previous chapter. This section discusses names and how they are disseminated throughout the network. Every network interface attached to a TCP/IP network is identified by a unique 32-bit IP address. A name (called a hostname) can be assigned to any device that has an IP address. Names are assigned to devices because, compared to numeric Internet addresses, names are easier to remember and type correctly. Applications use IP addresses, but names are easier for humans to use.

In most cases, hostnames and numeric addresses can be used interchangeably. A user can ping the PC at IP address 172.16.12.2 by entering:

    C:\>ping 172.16.12.2

or by entering the equivalent command using the hostname associated with that address:

    C:\>ping pooh.example.com

Whether a command is entered with an address or a hostname, the network connection always takes place based on the IP address. The system converts the hostname to an address before the network connection is made. The network administrator is ultimately responsible for names and addresses and the database used to store them.

There are two common methods used to organize computer system names:

Flat namespace: Uses a simple one-part name to identify each host. Using a flat namespace , each hostname must be unique within the network. For example, once the name pooh has been assigned to a host, no other host on that network should be assigned that name.
Hierarchical namespace

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The HOSTS file is a simple text file that associates IP addresses with hostnames. On Windows Server 2003 systems, the file is %SystemRoot%\System32\Drivers\etc\hosts. Each table entry in the HOSTS file contains an IP address separated by whitespace from a list of hostnames associated with that address. Comments begin with #.

The host table on the workstation pooh might contain the following entries:

    #
    # Table of IP addresses and hostnames
    #
    172.16.12.2     pooh.example.com pooh
    127.0.0.1       localhost 

    172.16.12.1     thoth.example.com thoth www
    172.16.12.4     wotan.example.com wotan
    172.16.12.3     kerby.example.com kerby
    172.16.1.2      kiwi.example.com kiwi
    172.16.6.10     thor.sales.example.com thor.sales thor

The first entry in the sample table is for pooh itself. The IP address 172.16.12.2 is associated with the hostname pooh.example.com and the alternate hostname (or alias) pooh. The hostname and all of its aliases resolve to the same IP address, in this case 172.16.12.2.

Aliases provide for name changes, alternate spellings, and shorter hostnames. They also allow for generic hostnames. Look at the entry for 172.16.12.1. One of the aliases associated with that address is www, which is the generic name most users expect to find when searching for information via the Web. Other commonly used generic hostnames are ns for name servers, mailhost for mail servers, and news for network news servers.

The second entry in the sample file assigns the address 127.0.0.1 to the hostname localhost. As we have discussed, the network address 127.0.0.0 is reserved for the loopback network. The host address 127.0.0.1 is a special address used to designate the loopback address of the local host—hence the hostname localhost. This special addressing convention allows the host to address itself the same way it addresses a remote host. The loopback address simplifies software by allowing common code to be used for communicating with local or remote processes. This addressing convention also reduces network traffic because the

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The LMHOSTS file looks similar to a HOSTS file and functions in a similar way. The difference is that the LMHOSTS file maps NetBIOS names to IP addresses, and the HOSTS file maps TCP/IP hostnames to IP addresses. A sample LMHOSTS file shows how similar these two files look:

    172.16.6.16     anubis
    172.16.6.10     thor
    172.16.6.7      theodore

Each entry in an LMHOSTS file contains an IP address that is separated by whitespace from the NetBIOS name associated with that address. An entry must not exceed a single line and comments begin with the pound sign (#). The LMHOSTS file is stored in the %SystemRoot%\system32\drivers\etc directory.

The LMHOSTS file does have some features that are not supported by the HOSTS file. These special commands begin with pound signs (#) so that old Microsoft operating systems that do not understand these commands will treat them as comments, allowing the same file to be used on both new and old Windows systems. The commands are:

#PRE: Causes the entry to be preloaded into the cache and permanently retained there. Normally entries are cached only when they are used for name resolution and are only retained in the cache for a few minutes. Use #PRE to speed up address resolution for frequently used hostnames.
#DOM: domain: Identifies a Windows server that can validate network logon requests. The domain variable is the name of the domain for which this system provides service.
#INCLUDE file: Specifies a remote file that should be incorporated in the local LMHOSTS file. This allows a centrally maintained LMHOSTS file to be automatically loaded. To provide redundant sources for

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The DNS overcomes both major weaknesses of the host table:

DNS scales well. It doesn't rely on a single large table; it is a distributed database system that doesn't bog down as the database grows. DNS currently provides information on tens of millions of hosts, while fewer than 10,000 were ever listed in the host table.
DNS guarantees that new host information will be disseminated to the rest of the network as it is needed.

DNS information is disseminated automatically, and only to those who are interested. Here's how it works. If a DNS server receives a request for information about a host for which it has no information, it passes on the request to an authoritative server. An authoritative server is any server responsible for maintaining accurate information about the domain being queried. When the authoritative server answers, the local server saves (caches) the answer for future use. The next time the local server receives a request for this information, it answers the request itself. The ability to control host information from an authoritative source and to automatically disseminate accurate information makes DNS superior to the host table, even for networks not connected to the Internet.

DNS is a distributed hierarchical system for resolving hostnames into IP addresses. Under DNS, there is no central database with all of the Internet host information. The information is distributed among thousands of name servers organized into a hierarchy similar to the hierarchy of the filesystem. DNS has a root domain at the top of the domain hierarchy that is served by a group of name servers called the root servers .

Directly under the root domain are the top-level domains . There are two basic types of top-level domains—geographic and organizational. Geographic domains have been set aside for each country in the world and are identified by a two-letter country code. Thus, this type of domain is called a

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Historically, Microsoft Networking meant small, peer networks running NetBIOS. NetBIOS and the associated NetBIOS Extended User Interface protocol (NetBEUI ) were designed with small networks in mind. It was never intended to function in a large-scale network environment, let alone in a TCP/IP internetworking environment. The NetBIOS and NetBEUI protocols are only suitable for LAN applications. They cannot be used by themselves for a WAN or an enterprise network because they are nonroutable protocols and they depend on an underlying broadcast medium. What do these two limitations mean?

Nonroutable: The protocol cannot be passed through routers. Packets can only be passed on a single physical network. The protocol has no associated routing protocol and no independent address structure. It depends completely on the underlying physical network address, which limits it to a single physical network.
Broadcast-dependent: The protocol depends on an underlying network that supports physical layer broadcasts. It cannot be used over serial lines, point-to-point networks, or Internets built from dissimilar physical networks.

Originally, Windows systems depended on broadcasting to register its NetBIOS name. When a system first joins the network, it broadcasts a name registration request packet. The packet contains the proposed NetBIOS name that identifies the system. If another computer on the network already uses this name, it responds to the broadcast with a negative name registration response packet. If the new node does not receive any negative responses to its broadcast, it uses the name as its identifier.

The name is literally used as the node's "address." The source and destination fields of a NetBIOS frame contain the names of the source and destination computers. Therefore, if a computer named

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

NetBIOS networks have been traditionally used for file and printer sharing. The Windows file and printer sharing protocol is Server Message Block (SMB) protocol. For Microsoft Windows NT 4.0, Microsoft extended and updated SMB and rechristened it the Common Internet File System (CIFS). The added features provided by CIFS include the following:

CIFS supports all of the file and printer sharing capabilities of SMB, and it extends them to support Andrew File System (AFS)-style referrals. CIFS calls this support the Distributed File System (DFS).
CIFS also frees file and printer sharing from dependence on NetBIOS. Traditionally, SMB relies on NetBIOS running over some transport protocol—TCP or NetBEUI, for example. CIFS removes the dependence on NetBIOS by enhancing SMB so that it can run directly over TCP. This is called Self Host and uses TCP port 445. When SMB uses NetBIOS over TCP, the connection takes place on port 139.

There are several steps involved in sharing a file or printer using CIFS. First, the client resolves the server name to an IP address using either the NetBIOS name resolution process when NetBIOS is used, or using DNS when NetBIOS is not used. NetBIOS name resolution and DNS name resolution are both described earlier in this chapter. Using the IP address returned by name resolution, the client establishes a TCP connection to the server on port 139 when NetBIOS is used or on port 445 when Self Host is used.

The client opens the session with an SMB SESSION REQUEST packet and begins negotiating session parameters by sending a NEGOTIATE packet. The NEGOTIATE packet lists all of the SMB dialects supported by the client. Windows Server 2003 supports the following dialects:

PC NETWORK PROGRAM 1.0

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

Electronic mail is an important network service because it is used for interpersonal communications. Some applications are newer and fancier. Other applications consume more network bandwidth. Others are more important for the continued operation of the network. But email is the application people use to communicate with each other. It isn't fancy, but it's vital.

TCP/IP provides a reliable, flexible email system built on a few basic protocols. These are: Simple Mail Transfer Protocol (SMTP ), Post Office Protocol (POP ), Internet Message Access Protocol (IMAP ), and Multipurpose Internet Mail Extensions (MIME ). There are other TCP/IP mail protocols. However, these are the basic mail protocols. Our coverage concentrates on the four protocols you are most likely to use in building your network: SMTP, POP, IMAP and MIME. We start with SMTP, the foundation of all TCP/IP email systems.

SMTP is the TCP/IP mail delivery protocol. It moves mail across the Internet and across your local network. SMTP was originally defined in RFC 821, A Simple Mail Transfer Protocol. It runs over the reliable, connection-oriented service provided by Transmission Control Protocol (TCP), and it uses well-known port number 25. Table 3-1 lists some of the simple, human-readable commands used by SMTP.

Table 3-1: SMTP commands
Command	Syntax	Function
Hello	`HELO <` sending-host `>`

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy reprint rights for this chapter

The powerful features that add to the utility and flexibility of TCP/IP also add to its complexity. TCP/IP is not as easy to configure as some other networking systems, such as NetWare, which can take its address information directly from the hardware interface. TCP/IP is designed to be independent of any specific underlying network hardware, so configuration information that can be built into the hardware in some network systems cannot be built in for TCP/IP. This independence requires that hardware, addressing, and routing information be provided by a person who is knowledgeable about the network environment. Such knowledgeable people are in short supply.

Dynamic Host Configuration Protocol (DHCP) servers make it possible for the network administrator to control TCP/IP configuration from a central point. DHCP makes it possible for one highly skilled technical person to design the configuration for many systems. It also relieves the end user of most of the burden of configuration and improves the quality of the information used to configure systems.

The configuration parameters provided by a DHCP server can include everything defined in RFC 1123, Requirements for Internet Hosts. DHCP provides a client with the complete set of TCP/IP configuration values, which are called options.

You don't usually need to define all of the configuration options. Don't get us wrong. The parameters are needed for a complete TCP/IP configuration. It's just that you don't need to define values for them. Default values are provided in most TCP/IP implementations, and the defaults only need to be changed in special circumstances. Chapter 6 discusses how you can see the defaults Microsoft sets for the various DHCP options and how you can change those defaults.

The extensive configuration parameters of DHCP cover all facets of the client's TCP/IP configuration, but for most network administrators, automatic allocation of IP addresses is the most interesting feature of DHCP. A DHCP server dynamically assigns IP addresses to DHCP clients for a limited period of time, called a

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·

Table of Contents