* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download NetworkConcepts
Survey
Document related concepts
Net neutrality law wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Computer security wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Computer network wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Network tap wikipedia , lookup
Peer-to-peer wikipedia , lookup
Airborne Networking wikipedia , lookup
Transcript
SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 SOHO Networking Basics Author’s remarks A substantial amount of materials in this set of handout is adapted from Wikipedia and Guide to Networking Essentials (2nd edition) published by Course Technology. This set of materials is co-developed by Chung, C.F. Jeffrey and Alvin C. M. Kwan. What is Computer Networking? Computer networking involves connecting computer systems for the purpose of sharing information and resources. It requires a great deal of technology and there is a number of decisions to be made regarding the choices for physical connection as well as related communication software. What Does Computer Networking Offer? Some advantages of computer networking are as follows: It permits users to share information, e.g., through file sharing, as well as computer hardware, e.g., network printers. Tasks of distributed nature can be processed by networked computer systems by exchanging data and intermediate results among themselves. For example, Fedex tracks the courier items during their delivery. It helps improve human communication by reducing physical document flow and transposition error, e.g., through e-mail. Communication Overheads In addition to the extra software and hardware, data communications involve a number of overhead costs too. Such overheads exhibit in form of extra control information and processing time that are required to make the data communication feasible and reliable. Some overheads are listed below: Each computer/terminal/node in a network must be assigned with a unique address so that messages can be directed to the right destinations. This implies that every message has to be tagged with a destination node’s address which is stored in the header of a packet. Instead of transmitting entire message through the network in one shot, a message is divided into small pieces, often referred to as packets, before it is directed to the network so that a transmission error will only require the retransmission of the problematic packet instead of the entire message. Typically a sequence number is included in each packet header for the reconstruction of the original message. To ensure an error-free communication, messages are usually tagged with control information (e.g., checksum) for error detection and probably error recovery too. To avoid negotiating with the source host for a retransmission of a packet that encounters 1 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 a transmission error, control information that support error recovery instead of error detection only is often included in the trailer of a packet. To reduce communication cost, messages are often compressed before transmission. Compressed messages are decompressed at the receiving end. For applications like e-commerce, data security is needed and thus messages are encrypted before transmission and decrypted at the other end. For large computer networks, communication nodes may be linked together in more than one way (e.g., via different paths on the Internet). Thus, a decision must be made to choose which communication path (or route) to use. In practice, the decision is typically made by a kind of data communication equipment called router. The above points indicate the necessity of including additional control information to the message before transmission. Those control information may either be stored in the header or trailer of the data packet. For example, node address is typically stored in the header whereas checksum is typically stored in the trailer. Teaching remark One way to introduce the topic communication overheads is to use the analogy of posting a letter. The purpose of sending a letter is of course to bring a message across to the recipient. However we need to write the message down on a piece of paper (encoding), enclosing the letter with an envelope (like control information in data communication) with an address written on (recipient address to locate the address). The letter is to be carried forward to the recipient by a postman from the post office (which is an external party). A similar analogy is on moving to a new home. In this case, the idea of packing and unpacking belongings into boxes before and after the moving would be useful to illustrate the idea of fragmenting and reconstruction of the message before and after the transmission respectively. Protection film or foam rubber that wraps up stuff in the moving example is analogous to the inclusion of control information (in form of header or trailer) to help achieve a secured data transmission in a networked environment. Data Transmission Across Packet Switched Network (Discussion on “circuit switching” is out of syllabus) In a large network or a network of networks, there is often more than one path or data link that a packet can traverse from a source host to a destination host. The OSI model does not define how packets are transmitted across a network. Instead it specifies decisions that a protocol needs to make when considering the issue. For example, must all packets of a message be following the same data link? The dominant communications paradigm, packet switching, allows packets to be individually routed over different data links (see Figure 5). This contrasts with another paradigm, circuit switching, which sets up a dedicated data link between the source and destination nodes for their exclusive use for the duration of the communication. 2 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 Figure 5. Data transmission across a packet switched network There are several deficiencies in a circuit switched network. 1. The overhead of setting up a dedicated link before any application data is transferred can be costly especially when the amount of data to be transferred is small. 2. When any network node in the dedicated data link malfunctions, a new end-to-end connection is needed to be established before any remaining data can be transmitted. 3. Any spare data transmission capability (which is more commonly known as bandwidth) that is not taken up by a data transfer in a circuit switched network will be wasted, e.g., when the source host is unable to transmit data to the network at a speed that reaches the network bandwidth. Although it may appear that packet switching is far better than circuit switching, such an understanding is not always correct because of the following reasons. 1. A routing decision is to be made for the transmission of each packet but a routing decision is made once only in a circuit switched network. 2. In packet switched networks, such as the Internet, each data packet is labeled with the complete destination address and routed individually. However circuit switched networks, such as the voice telephone network, allow large amounts of data be sent without continually repeating the complete destination address as a dedicated data link is used exclusively. 3 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 In general, packet switching can optimize the use of the network bandwidth (as it can be shared by multiple data transfers between multiple source and destination hosts) and increase robustness of communication (as data transfer can be conducted on different data links and any failure on a network node will have minimal impact to a packet switched network). However circuit switching is not of no value. It aims to achieve minimal data delay and thus a better quality of services (which is often defined by a maximal tolerable data delay). Such a property is critical to computer applications that require a smooth data transfer between the source and destination hosts, e.g., audio and video data. 4 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 Applications of Small Office/Home Office (SOHO) Networking A SOHO network is a small office/home office local area network. A local area network (LAN) is a collection of computers and other networked devices that fit within the scope of a single physical network. LAN covers a small local area, like a home, office, or small group of buildings such as a university. Communication media are owned by the LAN owner. This contrasts to wide area network or WAN which is a computer network covering a wide geographical area, involving a vast array of computers, e.g. the Internet. SOHO networks generally are confined to a single room. Such networks generally connect communicating devices to a router, small switch, or hub through physical cables (in a wired network) or wirelessly (in a wireless network). Conceptually the networking technology and basic network components involved in SOHO networking are not much different from large networks. The major differences are in the scale and complexity. Generally SOHO networks are used to share information and hardware like files and printers as well as to share an Internet access connection. A SOHO network may also have a server, e.g., a web server, which needs to be accessed. SOHO networking facilitates a new way of work arrangement called telecommuting, telework or working from home (WFH). Employees enjoy flexibility in working location and hours (within limits). The motto is that “work is something you do, not something you travel to”. A successful telecommuting programme requires a management style which is based on results, i.e., “managing by objective”, and not on close scrutiny of individual employees, i.e., “managing by observation”. Wikipedia has the following description about the potential benefits of telecommuting. Telecommuting is seen as a solution to traffic congestion (due to single-car commuting) and the resulting urban air pollution and petroleum use. Initial investments in the network infrastructure and hardware are balanced by an increased productivity and overall greater well-being of telecommuting staff (more quality family time, less travel-related stress), which makes the arrangement attractive to companies, especially those who face large office overhead and other costs related to the need for a big central office (such as the need for extensive parking facilities). The above excerpt indicates that the impact of networking technology is far beyond the technology arena. In fact, many large companies in the United States (of America) have successfully taken advantage of the networking technology to save their operational costs. One example is that many USA companies establish their telephone support services in India. When their clients make a phone enquiry to them, the calls are actually connected to their staff in India with the use of Internet phone technology. The labour cost in India is perhaps less than one-tenth of the America counterpart. 5 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 A Computer Network Scenario To help explain concepts about SOHO networking, the following scenario is created (see Figure 6). Note that the computer network being described is a LAN instead of a SOHO network. The LAN is composed of three smaller LANs and a web server which are separated by a firewall (which will be introduced later). The network adopts the TCP/IP protocol and thus each of the network devices is allocated with an IP address. Note that some IP addresses are reserved for special purposes. For instance, some IP addresses are used for message broadcasting and some others support message multicasting to predefined groups of network devices. Figure 6. A computer network scenario. 6 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 The given network scenario describes the computer network of a small trading company. It has a sales department and an inventory section. The company is managed by a manager who has a personal assistant. All the parties mentioned above need to use computers to support their duties in the company. Considering the confidentiality issue, computers of the manager and his assistant are connected to a peer-to-peer subnetwork (which will be detailed later) which is separated from the other two subnetworks of the company network – one for the inventory section and another for the sales department. The subnetwork for the inventory section is a wireless network composed of wireless access points (which will be introduced later) and a combination of desktop and handheld computers. Some access points are installed in the warehouse to enable the inventory clerks to update the inventory database online during inventory checks. The last subnetwork is owned by the sales department. It is a client-server subnetwork (which will be detailed later). In order to save cost, a printer server is set up to allow users to share the network printer. Besides, instead of allocating one computer to each staff member in the department, a pool of computers is kept. To access a computer, a user needs to log in. All user files are kept in the file server instead of the local machines so that the sales staff does not need to remember on which computer systems that they have stored their file in the past. For promotion purpose, the company has set up its company website. All computers in the company are Internet enabled. Peer-to-Peer Network vs. Client-Server Network Server Computer A server computer or simply a server is a computer that provides a (remote) service to other computer(s) by some kind of network. As shown in Subnet A in Figure 6, the services can lead to sharing of information (e.g. file sharing), hardware (e.g., printer sharing) or other types of resource sharing (e.g., IP address sharing through the use of a DHCP server which will be elaborated later). Web services provided by a web server is another example on resource sharing (see top of Figure 6). Client Computer A client computer or simply a client is a computer that accesses a (remote) service on another computer by some kind of network. In Subnet A (in Figure 6), four computers can access the services of the DHCP, file and printer servers within the subnet and the services of its own web server (outside the subnet). Peer-to-Peer Network In a peer-to-peer network, any computer can function as either a client or a server, e.g. one computer shares its DVD-recorder while another shares its printer for one another. No one computer has any higher priority to access, or heightened responsibility to provide, shared resources on the network. The user access privilege for each computer resource in a peer-to-peer network is maintained separately. 7 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 The advantages of peer-to-peer networking are: Easy to install and configure Needs no dedicated administrator Not dependent on a dedicated server (and thus no single point of failure) Individual users control their own shared resources Needs no additional equipment or software beyond a suitable operating system, e.g., MS Windows XP Inexpensive to purchase and operate Works best for simple networks with a few users The disadvantages of peer-to-peer networking are: Network security applies only to a single resource at a time Users may be forced to use as many passwords as there are shared resources (unless some “centralized” coordination effort Each machine must be backed up individually to protect all shared data Access of a shared resource causes a reduced performance of the machine where the resource resides suffers No centralized organizational scheme to locate or control access to data Does not work well as the number of users grows or for complex networks Client-Server Network In a client-server network, user computers act as clients of dedicated server machines that handle network requests from their clients. As a server needs to respond to the requests of a number of clients, it usually requires a more powerful machine. The advantages of client-server networking are: Simplified network administration due to the use of centralized user accounts, security, and access controls More powerful equipment enables clients to have more efficient access to network resources Appropriate for networks with five or more users or any networks where resources are used heavily The disadvantages of client-server networking are: Server failure can result in a network unusable, or at least in loss of network resources Complex, special-purpose server software requires allocation of expert staff, which increases expenses Dedicated hardware and specialized software add to the cost Basic Network Components A number of network components are used in the computer network scenario given in Figure 6. They are client computers, server computers (e.g., web server, file server and 8 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 printer server), dial-up and cable modems, hubs, switches, routers including the Internet Service Provider (ISP) (broadband) routers, gateways, and wireless access points. Other network components that are not explicitly shown in the diagram include network interface cards (NIC) and networking media, etc. There are also some network components which are omitted in the diagram such as repeaters and bridges. All those components will be introduced below. Networking Media A networking medium, which may be tangible (e.g., cables in a wired network) and intangible (e.g., radio signal in a wireless network), is a medium across which network data can travel in the form of a physical signal, whether it is a type of electrical transmission or some sequence of light pulses. Examples of tangible media are coaxial cable, twisted pair cable, and fiber-optic cables. Examples of intangible media are infrared, microwave and radio wave. Details about networking media will be given later. Figure 7. A network cable. Network Interface Card A network interface card (NIC)or network adaptor establishes and manages the network connection of a network device. It translates parallel digital computer data into serial signals appropriate for transmission along the network medium and serial signals into parallel digital computer data for incoming network data. Figure 8. A network interface card. 9 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 Teaching remark To test an NIC, issue a ping command to the loopback IP address 127.0.0.1 in a command window. Virtually any data written to a network that starts with the number 127 will be written to the output buffer of the NIC and then read in form the input buffer of the same NIC. If the NIC works properly, a screen output similar to the one below will be displayed. Dial-up Modem Telephone lines are not suitable for carrying digital signal as it was designed for carrying voice which is analog in nature. A dial-up modem (a short form of modulatordemodulator) modulates digital signal from a source host to analog signal before it gets into the telephone network and analog signal is demodulated back to digital signal for the destination host at the other end. A dialup modem can be either internal (like a PCI card) or external (see Figure 9). Due to the slow data rate (i.e., bandwidth) of the telephone network, it is almost obsolete nowadays. Figure 9. A dial-up modem. 10 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 A specific type of modem is called the Asymmetric Digital Subscriber Line (ADSL or DSL) modem. For most Internet users, the download data rate is far more important than the upload rate as most of their data traffics are of the download type. ADSL modems enable faster data transmission over copper telephone lines by supporting faster data flow in one direction than the other, i.e., asymmetrically. The basic design rationale is that there is likely to be more crosstalk (i.e., undesirable electrical interference) from other circuits at the digital subscriber line access multiplexer end (where the wires from many local loops are close together) than at the customer premises. Thus the upload signal is weakest at the noisiest part of the local loop, while the download signal is strongest at the noisiest part of the local loop. This explains why the download data rate is configured to be higher than the upload data rate. Cable Modem A cable modem (see Figure 10) is a special type of modem that is designed to modulate a data signal over cable television infrastructure by taking advantage of unused bandwidth on a cable television network (e.g. i-CABLE of CableTV). It is primarily used to deliver broadband Internet access. Cable modems usually deliver speeds comparable to that of ADSL modems though the latter generally have better upload speeds. Users in a neighborhood share the available bandwidth provided by a single coaxial cable line. Therefore, connection speed can vary depending on how many people are using the service at the same time. Since cable networks tend to be spread over larger areas than ADSL services, more care should be taken to ensure good network performance. Figure 10. A cable modem. Hub A hub is a device for connecting multiple network devices together (see Figure 11), making them act as a single segment and providing bandwidth which is shared among all the connected devices. A hub typically provides four or more ports (through which data are sent and received) into which a plug or cable connects. 11 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 Figure 11. A hub. Nowadays most hubs are active in the sense that they serve as a repeater too. A repeater is an electronic device that receives a weak or low-level signal, then amplifies, reshapes, retimes, or performs a combination of any of these functions on the received signal and finally retransmits it at a higher level or higher power, so that the signal can cover longer distances without degradation. Data signals are weakened or degraded as they traveled along the media due to energy loss. For example, data signals in form of electrical pulse lose energy, usually in form of heat, as they pass along a conductive wire. Such a phenomenon is known as signal attenuation. An attenuated signal may be too weak to be discerned and that is why repeaters are sometimes introduced in a computer networks. Teaching remark Hubs, repeaters and network cables work at the physical layer of OSI Model. Switch A switch (see Figure 12) offers the link management that a hub can provide, with greater bandwidth and intelligence. Unlike hubs which are designed to connect network devices in a particular way (i.e., network topology), a switch can be “programmed” to support a variety of networking topologies. Figure 12. A switch. A switch can also be configured to organize groups of devices into virtual LANs to route transmission among one or more groups of selected attached devices. Data received by a hub is broadcast to all connected devices including any non-destination nodes through the hub’s port and it is up to those devices to decide whether they need to act on the received data. Switches are intelligent enough to identify and use only the port(s) to which the destination devices are connected. Thus, unlike a hub, a switch allows multiple data transmissions across a switch at the same time as long as the data transmissions do not 12 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 involve the use of the same ports. This means that a switch can potentially support a larger bandwidth than a hub. Nowadays, switches are often used to replace network hubs and some people may refer a switch to as an intelligent hub. Teaching remark Switches work at the physical layer of OSI Model. Bridge (out of syllabus) A network bridge or bridge connects multiple segments of a local area network together. Unlike repeaters which work at the physical layer, bridges work along the data link layer of the OSI Model. The key advantage of bridges over repeaters is that bridges can filter traffic to ease congestion of network traffic. A bridge keeps a list of MAC addresses and the network segment of each address. When the bridge receives a data packet, it compares the packet’s source and destination addresses to its bridge table. If the two addresses are found to be on the same network segment, the bridge discards the data packet as there is no need to forward it to another network segment. Otherwise, the bridge sends the packet to all segments except the one that received the packet. As a bridge table will be examined for each data transfer, the speed of bridges is slower than that of repeaters. Router A router (see Figure 13) forwards data packet across different networks, if necessary, through a process known as routing until it reaches its destination. Figure 13. A router. Teaching remark Routing work at the network layer of OSI Model. Wikipedia gives a brief description of routers (including Figure 14) as follows: In non-technical terms, a router acts as a junction between two networks to transfer data packets among them. A router is essentially different from a switch that connects devices to form a Local Area Network (LAN). One easy illustration for the different functions of routers and switches is to think of switches as neighborhood streets, and the router as the intersections with the street signs. 13 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 Each house on the street has an address within a range on the block. In the same way, a switch connects various devices each with their own IP address(es) on a LAN. However, the switch knows nothing about IP addresses except its own management address. Routers connect networks together the way that onramps or major intersections connect streets to both highways and freeways, etc. The street signs at the intersection (routing table) show which way the packets need to flow. Figure 14. Routers are like intersections whereas switches are like streets. In the above diagram, the disc symbols represent routers whereas the rectangles represent switches. Other network devices are shown by their IP addresses only. As a router connects two networks together and thus it uses two IP addresses, one in each network. A router that connects clients to the Internet, usually provided by an Internet Service Provider (ISP), is called an edge router or ISP router. Wireless Access Point A wireless access point (WAP or AP) is a device that connects wireless communication devices together to form a wireless network (see Figure 15). The WAP usually connects to a wired network, and can relay data between wireless devices and wired devices. Figure 15. A wireless access point. 14 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 In SOHO networking, a wireless broadband router is often used instead of a WAP as most wireless broadband router is really three devices in one box. First, there is a WAP. Second, it serves as a hub to connect to several networking devices. Finally, the router function ties it all together and lets the whole network share a high-speed cable or DSL Internet connection. Gateway Gateways, also called protocol converters (see Figure 16), can operate at any layer of the OSI model. Typically, a gateway converts one protocol stack into another. It is much more complex than that of a router or switch. A gateway is commonly positioned at the common intersection between a LAN and a WAN (which is typically the Internet in a SOHO network). There the gateway commonly performs address translation (NAT), presenting all of the LAN traffic to the WAN as coming from the gateway’s WAN IP address and doing packet sorting and distribution of return WAN traffic to the local network. Figure 16. A gateway. Firewall A firewall aims at preventing any communications forbidden by the security policy. It can be implemented in a piece of hardware (see Figure 17) and/or software. It has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust). The goal is to provide controlled connectivity between zones of different trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle (see Figure 18). Proper configuration of firewalls requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool. Figure 17. A (hardware) firewall. 15 SOHO Networking Basics: Concepts & Components V1.0 27/03/2006 Figure 18. Controlling traffic between different zones of trust with firewalls. The DMZ indicated in Figure 18 stands for a demilitarized zone. It is a network area (a subnet) that sits between an organization’s internal network and an external network such as the Internet. Connections from the internal and the external network to the DMZ are permitted, whereas connections from the DMZ are only permitted to the external network – hosts in the DMZ may not connect to the internal network. This allows the DMZ’s hosts to provide services to the external network while protecting the internal network in case intruders compromise a host in the DMZ. For someone on the external network who wants to illegally connect to the internal network, the DMZ is a dead end. The DMZ is typically used for connecting servers that need to be accessible from the outside world, such as e-mail, web and domain name servers. Internet Access Methods A network can access the Internet through a dedicated leased line or a usual phone line of the public telephone network (using a dial-up modem), or the cable TV network (using cable modem) or other ISP broadband networks (using ADSL modem, for instance). Broadband connections to the Internet through cable or ADSL modems support both wired and wireless networks. Table 1 gives the characteristics of various Internet access methods in terms of the equipment required, cost, data transfer rate, service reliability and number of users that the Internet access can support. Although it may sound reasonably to use a broadband Internet access instead of a leased line from a cost view point, the latter has the advantage of being more reliable due to the use of a dedicated line. For some time critical applications which require a guarantee quality of service in the response time, there may be a point to stick to the seemingly more expensive leased line option. 16 SOHO Networking Basics: Concepts & Components Modem dialup Leased line Broadband Dialup modem, telephone lines Modem, telephone lines Cable or ADSL modem, ISP router, Category 5e/6 cable and/or optical fiber cable Very low. Less than HKD$100 High. Typically costs HK$1000+ Low to high. HKD$1001000+ per month Equipment required Monthly cost V1.0 27/03/2006 Data transfer rate Slow, support up to 56Kbps only Service reliability Low. Internet connection can be interrupted by incoming phone calls. No. of users (rough estimate) Single user only. May consider it as a backup resource. Medium to fast. 128Kbps (ISDN connection) to 45Mbps (T3 connection) Excellent as the connection is not shared with any other people The bandwidth is adequate for supporting dozens to a few hundreds of users. Fast to very fast. Typically 1.5Mps1000Mbps Good. Data noise may occur occasionally due to bandwidth sharing within the same building. The bandwidth is adequate for supporting a few to a few dozens of users. Table 1. Characteristics of various Internet access methods in terms of equipment required, cost, data transfer rate, service reliability and number of supported users. Wired LAN vs. Wireless LAN Table 2 compares the characteristics of wired and wireless networks. Wired network Wireless network Cost Data transfer rate (for home use) Network interface card (NIC) Network cable Lower 100-1,000Mbps (various Ethernet implementations) Data security Not a serious concern Reliability Network reliability is good. Data retransmission is rarely required. Mobility Little Restricted by network structure (which is set during physical network configuration) Wireless NIC (or WNIC) Wireless Access Point Higher Supported up to 54Mbps (IEEE 802.11g) An important issue (as data are broadcast over the air) Network reliability can be seriously affected by the surrounding environment. Data retransmission is almost a norm. Good Equipment required LAN Interconnection No pre-defined network structure restriction Table 2. Characteristics of wired network and wireless network. 17