Failover. How failover works.
In clustering technology, the action of moving resources back to a failed node or primary node (a computer in a cluster) once it has been recovered. This action can take place manually or automatically depending on how the cluster is configured.
Overview
Suppose you have a cluster that has two nodes, each containing different resources. If Node A experiences failure, failover occurs and the workload of Node A (its set of resources) is transferred to Node B. When Node A reboots, it checks with Node B to see which resources are running on Node B and discovers that some of these cluster groups would "prefer" to reside on Node A. At this point failback will occur if the cluster is configured to failback automatically if the primary node recovers. The preferred groups are then moved from Node B back to Node A. Failback might be configured to occur immediately or at a scheduled time if access to resources is low.
Notes
Failback is sometimes known as "rebalancing the workload."
See Also clustering ,
Any technology that allows one device to take over for a similar device that has failed.
Overview
An example of a typical failover system would be a failover cluster. Failover is also often used to ensure that a break in a communication line does not cause a break in communication between networked systems.
Failover. How failover works.
Suppose you have a cluster that has two nodes, each containing different resources. If Node B experiences failure, failover occurs and the workload of Node B (its set of resources) is transferred to Node A. In Microsoft Corporation's clustering services (Microsoft Cluster Server for Microsoft Windows NT 4 Enterprise Edition and the Cluster service for Windows 2000 Enterprise Server and Datacenter Server and Windows .NET Server Enterprise Server and Datacenter Server), the cluster resources (network applications, data files, and other tools installed on the nodes of the cluster) provide services to clients on the network. A resource can be hosted on only one node at any given time, but by using the Cluster Administrator program, you can configure the resource to failover to the second node if the first node fails. This causes the resource and its operation to move from one node to the other if a failure of one node occurs.
Failover is initiated automatically by the Cluster service when a failure is detected on one of the nodes. This process can take up to 10 seconds to initiate. Failover is transparent to the users if they are accessing cluster resources using stateless protocols such as Hypertext Transfer Protocol (HTTP) and does not require any special client software to be installed on users' machines. If a client is connected using a tool such as Windows Explorer, it will be notified that the connection is unavailable. The user should abort, retry, or cancel the connection attempt. (To connect to the resource on the failover node, retry the connection attempt.) For other Cluster service applications, users might have to log on again to the resource.
Notes
Microsoft's clustering services support failover at the level of virtual servers, which means items such as Web sites, print queues, file shares, and applications can be protected from system failure.
See Also clustering
A class of switches used to provide failover support for critical network communication lines.
Overview
Fallback switches are an essential component of a fault-tolerant network system with resources that must have a high availability. In such a scenario, resources can be connected to your network using two circuits:
A primary line that normally provides access to the resource
A secondary line to which the fallback switch reroutes the moment the primary line fails
Fallback switch. Using a fallback switch.
Uses
Fallback switches can also be used to provide fault tolerance for a high-speed backbone for Fast Ethernet, Fiber Distributed Data Interface (FDDI), or Asynchronous Transfer Mode (ATM) networking. For example, you can use fallback switches to run two multimode fiber-optic cables between a pair of Ethernet switches, instead of having only one cable connecting them. If one fiber-optic cable goes dark, the fallback switch immediately detects the problem and switches over to the backup cable.
Fallback switches that can be managed using Simple Network Management Protocol (SNMP) management consoles are very useful. For example, you could use a remote SNMP terminal to cause a fallback switch to change from a primary to a secondary line if you need to take the primary line down for maintenance. Ganged fallback switches can be used to control multiple serial or local area network (LAN) devices simultaneously. For example, you could schedule a ganged switch to switch over from a set of primary Web servers to a backup Web server every night during a period of low traffic while maintenance or backups are performed on the primary servers. Be sure to use a fallback switch with some form of password protection on its SNMP management functions.
Examples
An example of a resource requiring high availability is a high-speed T1 line that is used by remote clients for accessing a corporate intranet. If the primary T1 line goes down, there must be a backup line that provides instant, transparent failover support for clients. The solution is to use two T1 lines connected to a fallback switch by a serial interface such as RS-232 or V.35. The fallback switch detects a failure the moment the primary line goes down and can perform a remedial action such as
Automatically switching over to the backup line
Sounding an audible alarm to notify administrators
Generating an alert to an SNMP management console
Stands for frequently asked questions, a list of commonly asked questions and their answers.
See Also frequently asked questions (FAQ)
A set of Ethernet standards for 100-megabit-per-second (Mbps) data transmission.
Overview
Ratified as the IEEE 802.3u specification in 1995, Fast Ethernet is an evolution of regular 10 Mbps Ethernet that transmits data at 10 times the speed of standard Ethernet. Fast Ethernet uses the same contention-based media access control method (Carrier Sense Multiple Access with Collision Detection, or CSMA/CD) and the same framing format as standard Ethernet. It also runs over the same structured wiring systems as well, including twisted pair and fiber-optic cabling, with the exception that there is no shared media (physical bus) cabling option as in 10Base2 and 10Base5 Ethernet.
Fast Ethernet is actually a group of standards collectively known as 100BaseT. Like the various 10 Mbps forms of Ethernet, Fast Ethernet also comes in full- and half-duplex varieties and can be implemented as shared media using hubs or in switched networks.
Uses
Fast Ethernet is used mainly for switch uplinks and interconnects for high-speed backbones, switch connections to high-speed servers in server farms, and islands of high-performance workstations running bandwidth-intensive software such as computer-aided design (CAD) or multimedia applications.
Fast Ethernet switches can also be used for segmenting your network to reduce bottlenecks caused by users trying to access key servers on the network. Simply connect each 10/100 autosensing hub to a Fast Ethernet switch, and connect the servers directly to the switch.
Architecture
Fast Ethernet increases its speed tenfold over standard Ethernet by decreasing the bit time (the time duration of each transmitted bit) by a factor of 10. This allows Fast Ethernet to maintain all of the main characteristics of 10 Mbps Ethernet and be compatible with 10 Mbps Ethernet to allow mixed networks of 10 and 100 Mbps segments to coexist. The Fast Ethernet specifications also include a mechanism for autonegotiation of frame speed called autosensing, which lets vendors build dual 10/100-Mbps hubs, switches, and bridges for easily incorporating Fast Ethernet into legacy 10 Mbps Ethernet networks.
Implementation
Fast Ethernet can be implemented in four different media (cabling) formats, which are collected under the umbrella designation of 100BaseT. These four formats are
100BaseTX: This is the most popular implementation of Fast Ethernet. 100BaseTX uses two pairs of wires in Category 5 (Cat5) unshielded twisted- pair (UTP) cabling (the same cabling as the popular but lower-speed 10BaseT variety of Ethernet). 100BaseTX also supports w-pair shielded twisted- pair (STP) cabling as well, but this is rarely used and is available in both half-duplex and full-duplex signaling.
100BaseFX: This form can use duplex (two-strand) 50 or 62.5 micron multimode fiber-optic cable or 9 micron single mode cabling, typically terminated with ST connectors. It is used mainly for backbone wiring such as switch-switch connections and is available in both half-duplex and full-duplex signaling.
100BaseT4: This form uses all four pairs of wires in twisted-pair cabling and enables Fast Ethernet to be used over inexpensive Category 3 (Cat3) UTP cabling. 100BaseT4 supports half-duplex signaling only.
100BaseT2: This form uses two pairs of wires in either Cat3, Category 4 (Cat4), or Cat5 UTP cabling and supports both half- and full-duplex signaling. This option was developed by the Institute of Electrical and Electronics Engineers (IEEE) but was never implemented in commercial Fast Ethernet equipment.
Fast Ethernet. Fast Ethernet island connected to legacy 10BaseT network.
Repeaters (hubs) for Fast Ethernet networks come in two varieties:
Class I repeaters: Perform internal signal translation that introduces slight propagation delays but allows different types of Fast Ethernet media, such as 100BaseTX and 100BaseFX, to be connected. You can use only one Class I repeater per Fast Ethernet segment.
Class II repeaters: Take incoming signals and repeat them immediately (without translation) to all outgoing ports, thus minimizing port latency. Class II repeaters require that all ports connect to the same media, such as 100BaseTX. You can use up to two Class II repeaters per Fast Ethernet segment.
For 100BaseTX, attached stations cannot be more than 328 feet (100 meters) from a hub or repeater (same as 10BaseT) with the maximum network diameter being 690 feet (210 meters), compared to 1640 feet (500 meters) for 10BaseT. 100BaseFX supports longer distances up to 1.25 miles (2 kilometers). In reality, building Fast Ethernet networks is a trifle more complex because the distance limitations of different media options often depend on the class of repeaters used and whether station-hub or hub-hub connections are under consideration.
There are also nonstandard vendor-specific external transceivers available that allow Fast Ethernet to be extended over long-haul multimode fiber for distances as long as 62 miles (100 kilometers).
Advantages and Disadvantages
Switching to Fast Ethernet is probably the easiest and cheapest way of upgrading your network to meet increasing bandwidth needs. The advantages of upgrading 10 Mbps Ethernet networks to Fast Ethernet include the following:
Fast Ethernet integrates easily into existing 10 Mbps Ethernet networks without requiring reinvestment in new network-management and troubleshooting software.
Fast Ethernet is based on the same simple technology as standard 10 Mbps Ethernet, which makes equipment cheap and easy to produce and reduces the amount of training needed to implement it.
Fast Ethernet can carry voice, data, and video at 100 Mbps, which is 10 times faster than traditional 10 Mbps Ethernet.
Fast Ethernet can operate over the same installed media used for a traditional 10 Mbps Ethernet network.
The network can be migrated slowly to Fast Ethernet by using autosensing 10/100 hubs and network interface cards (NICs).
These advantages have made Fast Ethernet the natural successor to standard 10 Mbps Ethernet and have led to the eclipse of competing high-speed networking technologies such as Fast Token Ring and Fiber Distributed Data Interface (FDDI).
Marketplace
The list of vendors offering Fast Ethernet equipment is too long to mention here. One example of the technology's popularity is that every version of Cisco Catalyst switch available supports Fast Ethernet.
Analysts estimate that more than 100 million Fast Ethernet ports were shipped in 2000, a figure that is expected to double by 2004. Price per port has dropped to below $100, making Fast Ethernet an attractive and affordable option for small and mid-sized businesses that need to upgrade their networks. Despite the current market excitement over Gigabit Ethernet (GbE) and the predicted arrival of 10 GbE, Fast Ethernet is likely to remain the primary networking technology for corporate networks for at least the next five years.
Notes
An alternative to Fast Ethernet developed by Hewlett- Packard is 100VG-AnyLAN, also called 100BaseVG and standardized as IEEE 802.12. 100VG-AnyLAN is a 100 Mbps transmission technology that uses a media access control technology called demand priority that Hewlett-Packard originally developed for transporting both Ethernet and Token Ring frames. 100VG- AnyLAN is now considered a legacy technology compared to Fast Ethernet.
See Also 100BaseFX ,100BaseT4 ,100BaseTX ,100VG-AnyLAN ,Ethernet ,Gigabit Ethernet (GbE)
Stands for file allocation table; specifically, a table maintained on a hard disk by MS-DOS and Microsoft Windows operating systems that acts as a table of contents, showing where directories and files are stored on the disk. By extension, the acronym FAT is also used to refer to the file system itself for MS-DOS and Windows platforms.
See Also file allocation table (FAT)
An enhanced version of a file allocation table (FAT), supported by Microsoft Windows 95 OSR2, Windows 98, Windows Millennium Edition (Me), Windows 2000, Windows XP, and Windows .NET Server.
Overview
FAT32 theoretically supports drives of up to 2 tera- bytes (2048 gigabytes [GB]) in size, although for Windows 2000, Windows XP, and Windows .NET Server the actual size limit is 32 GB. If the installation partition is smaller than 2 GB, it will automatically be formatted using FAT. If the installation partition size is equal to or greater than 2 GB, it will automatically be formatted as FAT32.
FAT32 uses a smaller cluster size than FAT so is more efficient at utilizing disk space on large volumes (those greater than 512 megabytes [MB] in size) than FAT. The savings in disk space using FAT32 instead of FAT for large volumes is typically 20 to 30 percent. The following two tables show the difference in cluster sizes between the original FAT and FAT32.
Drive Size | FAT Cluster Size |
0 MB-32 MB | 512 bytes |
33 MB-64 MB | 1 kilobyte (KB) |
65 MB-128 MB | 2 KB |
129 MB-256 MB | 4 KB |
257 MB-512 MB | 8 KB |
513 MB-1024 MB | 16 KB |
1025 MB-2048 MB | 32 KB |
Drive Size | FAT32 Cluster Size |
260 MB-8 GB | 4 KB |
9 GB-16 GB | 8 KB |
17 GB-32 GB | 16 KB |
More than 32 GB | 32 KB |
Notes
Using FAT32 (or FAT) with the Windows 2000, Windows XP, and Windows .NET Server operating system platforms is not recommended because it does not offer the security features that are provided by the NTFS file system (NTFS). FAT32 also does not support disk compression. The only time you'd use FAT32 with Windows 2000, Windows XP, or Windows .NET Server is in a dual-boot situation, which Microsoft Corporation does not recommend. Note that in a dual-boot system, FAT32 volumes cannot be accessed by any operating systems other than Windows 95 OSR2, Windows 98, Windows 2000, Windows XP, or Windows .NET Server. For dual-boot with Windows 95, Windows 98, or Windows NT, drive C must be a FAT partition.
Remember, a client that connects over the network to a shared folder in Windows 2000, Windows XP, or Windows .NET Server can access files in that folder regardless of whether the folder is stored on an NTFS, FAT, or FAT32 volume-provided the client has the appropriate permissions to do so.
See Also file allocation table (FAT) ,NTFS file system (NTFS)
A partition on a physical disk formatted using the file allocation table (FAT) file system.
Overview
FAT volumes can be used to share folders for users to access over the network, but they lack the advanced security control and auditing features of NTFS file system (NTFS) volumes. The maximum file partition size is 4 gigabytes (GB) in Microsoft Windows NT and 2 GB in MS-DOS, Windows 3.x , Windows 95, and Windows 98. Windows 2000, Windows XP, and Windows .NET Server will actually format a partition as FAT32 if the partition is larger than 2 GB.
Notes
Be sure to regularly defragment heavily used FAT volumes because the FAT file system can easily become fragmented when files are deleted and created. Use FAT volumes instead of NTFS volumes when you want to dual-boot Windows NT, Windows 2000, Windows XP, or Windows .NET Server systems with earlier MS- DOS, Windows 3.x , Windows 95, or Windows 98 systems.
See Also file allocation table (FAT) ,NTFS file system (NTFS)
Any mechanism or technology that allows a computer or operating system to recover from a failure.
Overview
In fault-tolerant systems, the data remains available when one component of the system fails. Here are some examples of fault-tolerant systems:
Transactional log files that protect the Microsoft Windows registry and allow recovery of hives
Redundant array of independent disks (RAID)-5 disk systems that protect against data loss
Uninterruptible power supply (UPS) to protect the system against primary power failure
Notes
Just because your system is fault tolerant does not mean you are fully prepared for disaster. You still need to perform regular backups of important data. For example, a RAID-5 disk system will protect against data loss if one disk drive fails, but not if two or more drives fail simultaneously.
See Also disaster recovery ,redundant array of independent disks (RAID)
Stands for Federal Communications Commission, a U.S. government agency regulating all aspects of telecommunications.
See Also Federal Communications Commission (FCC)
Stands for Fiber Distributed Data Interface, a high-speed network technology used mainly for campus backbones.
See Also Fiber Distributed Data Interface (FDDI)
The token-passing access method for Fiber Distributed Data Interface (FDDI) networking.
Overview
The token-passing method used by FDDI is generally similar to the token-passing definition outlined in the IEEE 802.5 specification for Token Ring networks. However, in an FDDI ring, each host holds the token for a predetermined amount of time and can transmit as many frames as it can produce during this time. When the time interval expires, the host must release the token for the next host on the ring to use. This differs from the IEEE 802.5 specification in that many frames from each host can exist on the ring at the same time, instead of only one frame per host, as is the case in Token Ring networks. This allows FDDI networks to support higher data traffic rates than Token Ring networks and makes FDDI more suitable for network backbones.
See Also Fiber Distributed Data Interface (FDDI) ,Token Ring
Stands for frequency-division multiplexing, a signal transmission technology in which multiple signals can simultaneously be transmitted over the same line or channel.
See Also frequency-division multiplexing (FDM)
Stands for Frequency Division Multiple Access, the signal multiplexing technology used in the Advanced Mobile Phone Service (AMPS) analog version of cellular phone technology.
See Also Frequency Division Multiple Access (FDMA)
A U.S. government agency regulating all aspects of telecommunications.
Overview
The Federal Communications Commission (FCC) was established under the Communications Act of 1934 as an independent federal regulatory agency. Among other responsibilities, the FCC licenses portions of the electromagnetic spectrum for communication technologies such as cellular phones and wireless networking. For example, in 1994 the FCC auctioned off portions of the 1900-megahertz (MHz) radio wave section of the electromagnetic spectrum to enable companies to deploy Personal Communications Services (PCS) technologies for cellular communication. FCC auctions are intended to increase the number of cellular phone providers in the United States, foster growth and competition in the telecommunications industry, and raise money for the U.S. government treasury.
One role of the FCC is to implement communication legislation passed by Congress. The Telecommunications Act of 1996 represents the first major overhaul of the laws regarding telecommunications in more than 60 years. The FCC is tasked with enforcing this legislation, which is designed to open up competition in the telecommunications arena to foster innovation and economic progress.
For More Information
Visit the FCC at www.fcc.gov.
Any standard ratified by the National Institute of Standards and Technology (NIST).
Overview
NIST is a U.S. government organization responsible for developing standards in industry and commerce. Federal Information Processing Standard (FIPS) standards are one aspect of the work of NIST and represent standards relating to computing, networking, cryptography, and related subjects.
An example of a FIPS standard is FIPS-140, the "Security Requirements for Cryptographic Modules" standard whose compliance is required by the U.S. government by vendors developing hardware and software platforms for sensitive (but not classified) cryptographic purposes. Microsoft Windows 2000, Windows XP, and Windows .NET Server cryptographic services are FIPS 140-1 Level 1 compliant.
Notes
Another recent FIPS standard is the Advanced Encryption Standard (AES) that officially replaced the aging Data Encryption Standard (DES) in 2001.
For More Information
You can find FIPS publications at www.itl.nist.gov/ fipspubs.
See Also cryptography ,encryption ,National Institute of Standards and Technology (NIST)
Stands for Frequency Hopping Spread Spectrum, any type of wireless communications system based on frequency hopping.
See Also Frequency Hopping Spread Spectrum (FHSS)
A high-speed networking technology used mainly for campus backbones.
Overview
Fiber Distributed Data Interface (FDDI) was developed in the early 1980s as a high-speed networking technology for processor-to-processor communications. It was the first local area network/metropolitan area network (LAN/MAN) networking technology that could support data transmission speeds of 100 megabits per second (Mbps). (Until 1993, its only competitor was 16 Mbps Token Ring, a much slower technology.) Although developed originally for the host interconnection environment, FDDI quickly evolved into a popular technology for building high-speed distributed backbones for campus-wide networks and reached its peak of popularity in the mid-1990s.
FDDI transmits data at 100 Mbps over fiber-optic cabling (either single-mode or multimode) configured in a dual physical ring topology. The dual ring topology provides redundancy since the secondary ring is used as a standby for the primary ring. By utilizing the secondary ring for traffic instead of redundancy, FDDI is also capable of transporting data at 200 Mbps. There is also a version of FDDI called Copper Distributed Data Interface (CDDI) that is implemented using copper cabling instead of fiber-optic cabling, but this is not as popular as the fiber version.
FDDI is standardized by the X3T9 committee of the American National Standards Institute (ANSI) and is an International Organization for Standardization (ISO) standard.
Architecture
FDDI uses a token-passing technology similar to that of Institute of Electrical and Electronics Engineers (IEEE) 802.5 Token Ring networks. FDDI stations generate a three-octet token that controls the sequence in which other stations will gain access to the wire. The token passes around the ring, moving from one node to the next. When a station wants to transmit information, it captures the token, transmits as many frames of information as it wants within the specified access period and releases the token (this feature of transmitting multiple data frames per token capture is known as a timed token or capacity allocation scheme and differentiates it from the priority mechanism used in IEEE 802.5 Token Ring). Each node on the ring checks each and every frame to see if it is the frame's intended recipient, and the recipient node reads the information from the frame. When a frame completes its travel around the ring and returns to its originating node, the frame is stripped from the ring.
FDDI is a connectionless networking architecture that supports both asynchronous and synchronous transmission. FDDI packages data in frames that use 48-bit addressing similar to MAC addressing for Ethernet. The frame size for an FDDI frame can range from 32 to 4400 bytes. FDDI frames can encapsulate local area network (LAN) traffic such as Internet Protocol (IP) packets for transmission over FDDI backbones. Different FDDI implementations use one of three possible framing formats:
FDDI-raw: Supported by Cisco routers running Internetwork Operating System (IOS) versions 11.1.x and later, and by some third-party vendors
FDDI with LLC: Supported by IOS versions 10.0 and earlier
FDDI with LLC and SNAP: Default format for encapsulating Internetwork Packet Exchange (IPX) packets on FDDI
Implementation
FDDI is usually implemented as a dual token-passing ring that uses a physical and logical ring topology for campus-wide backbone networks or a physical ring but logical star topology for FDDI LANs within a building. An FDDI dual ring consists of a primary and secondary ring operating in a counter-rotating fashion. While the primary ring always carries data, the secondary ring is usually reserved as a backup in case the primary ring goes down. This scheme provides FDDI with the degree of fault tolerance valuable for mission-critical network backbones. In the event of a failure on the primary ring, FDDI automatically reconfigures itself to use the secondary ring, as shown in the illustration. Faults can be located and repaired using a fault isolation technique called beaconing.
FDDI can also be implemented in a form where the secondary ring also carries data, but in the opposite direction from the primary ring. This configuration extends the maximum potential bandwidth of FDDI to 200 Mbps.
Nodes (or stations) on an FDDI backbone can connect to either one or both rings depending on the media interface connector (MIC) employed. These nodes may be directly attached computer systems, concentrators (similar to Token Ring Multistation Access Units [MAUs]), or bridges and switches for connecting FDDI to other LAN/WAN architectures. The two ways of attaching nodes to an FDDI backbone are
Dual-Attached Stations (DAS): Also called Class A stations, these devices connect to both rings using dual fiber-optic connectors. The A port is the point at which the primary ring enters and the secondary ring leaves, and the B port is the reverse. Dual-attached stations use both rings, with the secondary ring serving as a backup for the primary. Dual-attached FDDI is used primarily for network backbones that require fault tolerance. Single-attached stations can be connected to dual-attached FDDI backbones using a dual-attached device called a concentrator or multiplexer.
Single-Attached Stations (SAS): Also called Class B stations, these devices connect to either the primary or secondary ring using S ports. Single-attached FDDI uses only the primary ring and is not as commonly deployed for network backbones as dual-attached FDDI. Single-attached stations are used primarily to connect Ethernet LANs or individual servers to FDDI backbones.
FDDI supports up to 500 nodes in its normal dual-ring configuration with distances up to 1.25 miles (2 kilometers) between adjacent nodes. The maximum circumference for an FDDI ring is 62.5 miles (100 kilometers) (or 125 miles/200 kilometers for both rings combined), and there must be a repeater every 1.25 miles (2 kilometers) or less. Bridges or routers are used to connect the FDDI backbone network to Ethernet or Token Ring departmental LANs.
Prospects
In the late 1980s and early 1990s, FDDI was the most popular networking technology for building distributed high-speed campus backbones. Asynchronous Transfer Mode (ATM) was its only competition, but ATM's complexity resulted in slow adoption and relegation of this technology mainly to telecommunication carrier networks.
When Fast Ethernet emerged in 1993, it competed with FDDI with respect to speed but could not do so with respect to distance. Nevertheless, FDDI lost some ground to Fast Ethernet, mainly because Fast Ethernet could be deployed in a switched full-duplex form to build collapsed backbones, a new network backbone architecture that competed with FDDI's distributed backbone architecture. The result was that the market for FDDI technology peaked in 1995 and has been declining ever since.
With the emergence of Gigabit Ethernet (GbE) in 1997, however, the death knell for FDDI began to sound. Switched full-duplex GbE could replace legacy FDDI backbones in campus networks and provide speed increases of tenfold to better carry escalating network traffic.
Fiber Distributed Data Interface (FDDI). Fault-tolerant operation of dual-ring FDDI.
The final blow came in early 2001, when manufacturers of chips used in FDDI transceivers closed shop and stopped producing, which means that once the current supply of vendor's FDDI equipment is sold, no more will be manufactured. Because of these market developments, most large enterprises using FDDI have begun or already completed migrating their network backbones from FDDI to GbE. Although FDDI is a stable technology that has proved reliable in the enterprise, the impending unavailability of replacement equipment makes migration to GbE advisable.
Notes
When bridging between Ethernet LANs and FDDI backbones, be aware that there are two types of bridges:
Encapsulating bridges: Encapsulate Ethernet frames into FDDI frames
Translating bridges: Translate source and distention MAC addresses into FDDI addresses
Deploying these two FDDI bridging technologies together can result in incompatibilities. For example, although Cisco FDDI bridges can generally interoperate with translating bridges from other vendors, their encapsulation method is proprietary and usually will not work with encapsulating bridges from other vendors. Both types of bridging methods are commonly used in FDDI networks.
The following table shows some troubleshooting tips for FDDI networks.
Problem | Suggestions |
FDDI ring is not functioning. | Check the status of the router's FDDI interface, making sure the interface and line protocol are up. Try pinging a remote router. Check the physical connections of the cable; use an optical time domain reflectometer to test for problems. |
Signal is degraded. | Check whether the upstream FDDI neighbor has failed and the bypass switch has been activated. |
See Also Asynchronous Transfer Mode (ATM) , Gigabit Ethernet (GbE), Token Ring
A term referring to the potential saturation of the fiber-optic backbone of the Internet due to the exponentially increasing demand for Internet services.
Overview
As high-speed residential Internet access using cable modems and Asymmetric Digital Subscriber Line (ADSL) technology becomes more and more widely deployed, this creates stress on the capacity of the Internet's backbone for carrying all this additional traffic. Another factor contributing to fiber exhaust is the move within the corporate arena toward new high-bandwidth services such as Internet Protocol (IP) telephony and video multicasting technologies delivered over the Internet. Some analysts foresee conditions arising within the next few years that could cause significant degradation in the performance of the Internet due to the proliferation of these services.
Strategies that telecommunications carriers can use to prevent fiber exhaust from occurring include
Creating additional high-speed, fiber-optic backbone lines for the Internet by laying down more fiber
Using dense wavelength division multiplexing (DWDM) technologies to enable existing fiber backbones to carry additional traffic
Upgrading existing time-division multiplexing (TDM) fiber backbones to higher bit rates
See Also Internet
A glass cabling media that sends network signals using light.
Overview
Fiber-optic cabling (or simply fiber) is the main alternative to copper cabling for building wired computer networks (a network build using wires is called a wireline network, as opposed to a wireless network that transmits data using radio transceivers). Fiber-optic cabling has higher bandwidth capacity than copper cabling and is used mainly for high-speed networking such as Asynchronous Transfer Mode (ATM) and Gigabit Ethernet (GbE) backbone networks, long cable runs between buildings, and switched connections to high-speed server farms and high-performance workstations.
Fiber-optic cabling. Composition of fiber-optic cabling.
As shown in the illustration, fiber-optic cabling consists of a glass core between 5 and 100 microns in diameter (for comparison, a sheet of paper is about 25 microns thick and a human hair about 75 microns thick). This glass core is the signal-carrying medium of the cable, and its extreme purity and transparency allow light to travel along it for many miles before being attenuated.
The glass core is surrounded by a thin layer of pure silica called cladding, which prevents light from escaping from the core by a process called total internal reflection. Surrounding the cladding are protective layers of acrylic plastic coating that give the cable stiffness to prevent it from being excessively bent (bending a fiber-optic cable too much can cause the glass core to fracture), Kevlar fibers for providing additional strength to resist stretching during installation, and a waterproof protective polyvinyl chloride (PVC) jacket that is usually colored a distinctive orange.
Fiber optic-capable networking components such as network interface cards, bridges, switches, and routers convert electrical signals into light pulses for transmission over fiber-optic cables. These light pulses are generated using either light-emitting diode (LED) or laser-emitting diodes and associated electronic circuitry.
The bandwidth of a fiber-optic cable depends on the distance (length of the cable) as well as the frequency used for transmitting the signal. Fiber bandwidth is usually expressed in frequency-distance form-for example, in megahertz-kilometers, or MHz-km. In other words, a 500-MHz-km fiber-optic cable can transmit a signal a distance of 5 kilometers at a frequency of 100 MHz (5 x 100 = 500), or a distance of 50 kilometers at a frequency of 10 MHz (50 x 10 = 500). In other words, there is an inverse relationship between frequency and distance for transmission over fiber-optic cables-the higher the frequency, the shorter the distance supported.
Uses
Fiber-optic cabling is often used for campus-wide backbones, long cabling runs between buildings, and local area network (LAN) connections to heavily used servers or high-speed workstations. Fiber is still not used extensively at the LAN level because it is more expensive and more difficult to install than copper cabling, but the gain in capacity to support future network upgrades often compensates for the increased installation costs.
Fiber-optic cabling. Connecting two local area networks (LANs) using fiber-optic cabling.
Multimode fiber of 62.5 micron diameter is the main type of fiber used for GbE networking. This is because 62.5 micron multimode fiber is also the standard for widely deployed 10BaseF Ethernet and 100BaseFX Fast Ethernet (and also FDDI) networks. This type of fiber supports distances up to 1800 feet (550 meters), making it suitable for building GbE backbones within buildings. If gigabit transmission over longer distances is required, 50 micron multimode fiber can be used instead, but this reduces flexibility since this type cannot be used for slower Ethernet networks. For really long GbE fiber connections, such as between buildings on a campus or across a metropolitan area network (MAN), single-mode fiber must be used.
Fiber is used also in heavy industrial environments where machinery can cause high levels of electromagnetic interference (EMI). Long-distance telecommunications carriers such as Sprint Corporation, MCI Worldcom, and AT&T also use fiber-optic cabling extensively for their long-haul (long-distance) telecommunications trunk lines.
Different styles of fiber-optic cabling exist, depending on the intended use. Examples include the following:
Duplex multimode cable: With 62.5-micron core and 125-micron cladding, this is the most common general purpose cable type for most networking environments that require fiber-optic cabling. These cables usually come already terminated with pairs of connectors attached at each end, but you can also buy the cabling in bulk form where you can separate the two cables for termination purposes just as you can with an appliance power cord.
Breakout style cable: This style of cabling contains multiple individual simplex fibers that are stranded around a central strengthening member. It is used for work-area connections and does not require patch panels.
Distribution style cable: This style of cabling contains multiple individual simplex color-coded fibers that are stranded around a central strengthening member. It is often used in backbone applications that require multiple fiber connections.
Steel-reinforced cable: This type of cabling uses a corrugated steel inner tube for protecting cable that needs to be buried or run outdoors.
Fiber-optic cabling is also available for purchase in bulk for those who want the challenge of terminating it themselves, but most customers buy standard or custom preterminated cables from suppliers. These cables can be simplex or duplex; they can be single-mode or multimode (multimode is most common); and they can be terminated with ST-ST, ST-SC, SC-SC, or SMA connectors.
Implementation
There are two basic types of fiber-optic cabling:
Single-mode fiber-optic cabling: Has a narrow core (typically 7.1, 8.5, or 9 microns in diameter) that allows only one signal (light beam) to be sent or received at a time. Single-mode fiber-optic cabling uses laser-emitting diodes operating at frequencies between 1270 and 1355 nanometers (in the infrared range) to transmit signals over distances up to about 30 miles (50 kilometers) before dispersion will distort signals. Single-mode fiber is therefore ideal for long cable runs (up to 50 times farther than for multimode fiber-optic cabling).
Multimode fiber-optic cabling : Has a thicker core (50, 62.5, or 100 microns in diameter) with sufficient width to allow multiple signals (light beams) to be transmitted simultaneously with each signal following a different path or mode through the fiber. Light-emitting diodes are used to transmit signals operating at frequencies between 770 and 860 nanometers (the near infrared) over distances up to about 3000 feet (900 meters) (longer cable runs can distort signals through modal dispersion). The thicker the glass core, the shorter the distance signals can be carried over the cable before dispersion causes signals to be degraded.
There are also two different types of multimode fiber:
Step-index multimode fiber: The less costly variety of multimode fiber, it uses a wide core with a uniform index of refraction, causing the light beams to reflect in mirror fashion off the core's inside surface by the process of total internal reflection. Because light can take many different paths down the cable and each path takes a different amount of time, signal distortion can result when step-index fiber is used for long cable runs, so use this type only for short cable runs.
Graded-index multimode fiber: The more expensive type of multimode fiber, it uses a core made of multiple concentric layers of glass, each having a lower index of refraction than the layer it contains. In graded-index fiber, light beams follow curved paths and all rays reach the end of the fiber simultaneously, reducing the signal distortion that occurs in step-index fiber when long cable runs are used.
Connectors for fiber-optic cabling come in several varieties, including SC, ST, and SMA connectors. ST connectors have a wider installed base, but SC connectors are more versatile and more popular and are used in 100BaseFX, GbE, and Fibre Channel deployments. SMA connectors are sometimes used but do not conform to Electronic Industries Association/Telecommunication Industry Association (EIA/TIA) wiring standards. A newer type of connector is the MT-RJ, which has a snap latch fastener similar to an RJ-45 plug to simplify reconfiguring fiber networks from patch panels. Other connectors have appeared on the horizon for special purpose usage, but how popular these will become remains to be seen.
All forms of networking components are available in fiber-capable forms, including network cards, hubs, bridges, switches, and routers. Also available are line drivers, devices that enable you to extend or interconnect LANs in either point-to-point or multipoint configurations. Line drivers for fiber-optic cabling are available for synchronous or asynchronous transmission as well as for single-mode or multimode fiber.
Advantages and Disadvantages
Fiber-optic cabling has many advantages over copper cabling, including the following:
Data transmission rates of up to 100 gigabits per second (Gbps) and higher are supported (copper transmission currently maxes out around 5 Gbps).
Bit error rate (BER) for fiber is about 10-10 compared to 10-6 for copper, making fiber a much more reliable transmission media than copper.
Low attenuation, allowing signals to be sent over distances measured in miles instead of feet.
Less than 10 percent the weight of equivalent copper cabling.
Immunity to crosstalk and noise caused by electromagnetic interference (EMI).
Prevention of ground loops by electronically isolating transmitting and receiving stations.
Greater signal security because signals cannot be picked up by electromagnetic induction as they can from copper cabling. Fiber must be tapped (physically opened) in order to eavesdrop on the transmission.
Prospects
Although copper has sufficed in many instances as LAN speeds have increased from 10 Mbps standard Ethernet to 1 Gbps GbE, it is not likely to be able to support speeds beyond 4 to 5 Gbps. The impending 10 GbE specification will likely be a fiber-only specification, and as a result, copper will probably be considered legacy technology in 5 to 10 years.
Although many have argued that fiber is prohibitively expensive for workgroup LAN deployments, recent case studies have suggested that this is not the case. The cost of laying fiber in a structured wiring scenario is only 10 to 20 percent higher than laying copper, and fiber network interface cards (NICs) for PCs are nearing prices of equivalent RJ-45 NICs. In structured wiring, however, laying fiber everywhere allows you to eliminate the traditional wiring closet on each floor and connect floors directly through patch panels and vertical rises to the main equipment room. This means you need far fewer switches and routers in a fiber-based structured wiring deployment than in a copper one. For example, ComputerWorld magazine reported that when George Washington University wired their 80-building campus using fiber, only 11 wiring closets were needed compared with an estimated 160 that would have been required had copper been used. The savings in equipment costs for new installations make fiber a logical choice over copper and also lay the groundwork for future upgrades when faster networking technologies become available. Enterprise network architects would do well to always seriously consider using fiber for both new deployments and when networks are being upgraded.
Another impetus toward the long-awaited goal of fiber to the desktop is technological improvements in fiber-optic cabling and connectors. Some new fiber-optic cabling is so flexible that it can be tied in a knot without fracturing the core, making installation simpler and less worrisome. New and simpler connectors such as the LC connector from Lucent Technologies, Fiber Jack from Panduit Corporation, and VF-45 from 3M Corporation, Corning, and Siemens make fiber installation and configuration a simple plug-and-play process, with some of these connectors rivaling RJ-45 in size.
Notes
Be careful not to stress fiber-optic cabling unduly during installation. The maximum acceptable bend radius is usually 10 times the diameter of the cable, or about 1.2 inches (3 centimeters). Use an optical time domain reflectometer (OTDR) to test for faults after installation. Loss of signal, or attenuation, in fiber-optic cables can be caused by absorption (no medium is completely transparent to light), cable microbending (especially in single-mode fiber if it is not installed correctly), connector loss because of poor splicing or poorly installed or misaligned connectors, or coupling loss at the transmitter or receiver.
For safety, never look down a fiber-optic cable connected to your network because the invisible laser light can injure your retinas. When splicing connectors onto fiber, be careful to avoid getting shards of glass in your eyes or on your hands-use double-sided tape to clean the connection and remove loose shards and always wear protective goggles.
For More Information
Find out what's happening in the fiber market at www.fiberopticsonline.com
See Also copper cabling ,dark fiber ,SC/ST connectors ,time domain reflectometry (TDR)
The laying of fiber-optic cabling by telcos to the customer premises.
Overview
Fiber to the curb (FTTC) is viewed by telcos as the successor to the copper local loop and will allow high speed broadband voice, video, and data services to be delivered directly to the subscriber on all-fiber lines without requiring conversion to electrical signals for transmission over copper. FTTC is thus envisioned by telcos as the replacement for the aging Plain Old Telephone System (POTS).
Other versions of the acronym include
FTTB: Fiber to the building, used to describe commercial (as opposed to residential) upgrades of the copper local loop.
FTTN: Fiber to the neighborhood, used to describe laying fiber from the telco central office (CO) to distribution boxes in neighborhoods.
Prospects
FTTC has been talked about by telcos for years, but it has not been deployed much for two reasons:
The cost of building an entirely new cabling system to replace the existing copper one is extremely high.
Technologies such as Asymmetric Digital Subscriber Line (ADSL) have allowed telcos to deliver high- speed data services and Internet connections to subscribers using existing copper local loop lines, and demand for ADSL has not yet been saturated.
A recent change in this situation is Project Pronto, an FTTN deployment underway by SBC Communications (a Regional Bell Operating Company [RBOC]). Project Pronto is designed to bring ADSL to areas that are currently too far away from COs for this to be possible, and it involves replacing copper subloops with fiber that runs directly from COs to remote terminals in distant neighborhoods. Some other RBOCs are also pursuing similar projects, so the era of FTTC may in fact be only a few years away, at least in metropolitan areas of the United States.
See Also Asymmetric Digital Subscriber Line (ADSL) , local loop, telco
A high-speed networking technology mainly used for connecting storage devices to computer networks.
Overview
Fibre Channel is a gigabit networking technology developed in the late 1980s for connecting peripheral storage systems to mainframe hosts over long distances. The Fibre Channel specification was defined in 1994 by American National Standards Institute (ANSI) standard X3.230.
Fibre Channel typically provides data transfer at 1000 megabits per second (Mbps) or higher and is envisioned as the successor to Small Computer System Interface (SCSI) for connecting storage peripherals to computer systems and networks. Enterprise-level data storage technologies can benefit from Fibre Channel because the traditional SCSI interface has become a bottleneck in high-speed server-to-disk operations. Fibre Channel eliminates the limitations of bandwidth, distance, and scalability that are related to the SCSI standard and is becoming the industry standard for enterprise-level storage solutions involving high-performance redundant array of independent disks (RAID) arrays and storage area networks (SANs).
A simple Fibre Channel implementation could use a stackable hub or switch to connect a server or mainframe host to an external Fibre Channel RAID storage system using 100-Mbps redundant loops and hot-swappable disks. Servers can also use SCSI over Fibre Channel for connecting to legacy storage systems, and Fibre Channel can also carry Transmission Control Protocol/Internet Protocol (TCP/IP) and video traffic for server- to-server connections and high speed workstation connections in computer-aided design/computer-aided engineering (CAD/CAE) or multimedia environments.
Uses
Although Fibre Channel is viewed as the future replacement for the SCSI standard for connecting servers to external data storage units such as external hardware RAID arrays, it can also be used as a transport for high-speed data and video transmission over networks where Fibre Channel competes with other high-speed networking technologies, such as Gigabit Ethernet (GbE) and Asynchronous Transfer Mode (ATM).
Architecture
Fibre Channel is built in a layered architecture that has five layers:
FC-0: This is the lowest layer or physical interface and defines the optical and electrical characteristics and media options for deployment.
FC-1: This layer is responsible for signal encoding and link control. Fibre Channel uses an 8B/10B encoding scheme that packages 8 bits of data into 10 symbols for transmission, which results in 25 percent protocol overhead (for example, 125 megahertz [MHz] signaling can only transmit data at 100 Mbps). Commands can be sent over a Fibre Channel network by prefixing them with a special character called K28.5.
FC-2: This layer is responsible for framing, flow control, and class of service. Fibre Channel frames are 2,148 bytes long, of which 2,112 bytes constitute payload. Fibre Channel currently supports five different service classes, only three of which are commonly implemented, namely, Class 1 (circuit-switched), Class 2 (connectionless frame- switched), and Class 3 (connectionless point-to- multipoint).
FC-3: This layer is open for specifying various advanced services that might be needed.
FC-4: This is the top layer and is responsible for interoperability with other protocols such as Internet Protocol (IP) and SCSI-3.
Fibre Channel is a serial transmission scheme (like SCSI) and supports various transmission speeds, including 133 Mbps, 266 Mbps, 532 Mbps, and 1.0625 gigabits per second (Gbps). The last speed is most commonly used, and with 8B/10B line coding results in data rates of 100 megabytes (MBps), or 200 MBps in full duplex mode). There are plans to increase speeds to 4 Gbps as well.
Implementation
Despite its name, Fibre Channel can operate over both fiber-optic and copper cabling depending on how it is implemented, with fiber being the norm. Fiber links can be 6.2 miles (10 kilometers) or longer using single- mode fiber or up to 1640 feet (500 meters) on multimode fiber. Copper links are used mainly for short interconnects and are limited to 100 feet (30 meters) in length.
Fibre Channel. An example of using Fibre Channel to connect network storage systems to computer systems.
Fibre Channel signaling is performed by special transceivers. A Fibre Channel transceiver is more commonly known as a gigabit interface converter (GBIC), and GBICs can be found in Fibre Channel hubs, switches, and interface cards.
Fibre Channel can be deployed in three different network topologies:
Point-to-point: This involves a dedicated link between only two devices such as two servers, a server and a disk storage system, a router/switch and a SAN, and so on.
Arbitrated loop: This implementation, commonly called Fibre Channel Arbitrated Loop (FC-AL), uses a shared media approach to allow multiple devices to be connected together. It is the most common implementation method for Fibre Channel networks because of its flexibility and efficient use of bandwidth. A special process called arbitration determines which node has control of the media at any moment and is allowed to transmit. The logical topology is a daisy-chained system of loops similar to Fiber Distributed Data Interface (FDDI) and Token Ring architectures, but the actual physical topology is more commonly a hierarchical system of hubs and switches similar to Ethernet. Arbitrated loops can support hundreds of attached devices, but the more devices there are the less average bandwidth available to each device.
Switched fabric: This involves using Fibre Channel switches to provide 100 Mbps switched connections to all connected devices through virtual point- to-point connections. Fully meshed topologies are supported for complete redundancy, and any number of devices can be connected to the fabric. Switched fabrics can theoretically support up to 15 million attached devices (unique addresses), but in practice the limit is about 1000. A downside of this approach is the additional latency caused by the need for virtual connections to be established and torn down frequently.
Advantages and Disadvantages
Fibre Channel's strengths include its protocol-independent transport service (in contrast to GbE's frame format, which extends from the desktop to the network backbone) and its guaranteed delivery service (included in Class 4 Fibre Channel, which makes it competitive with ATM's Quality of Service features). Also, although GbE is limited to general networking transport solutions and ATM is limited to networking and video transport, Fibre Channel can carry both network and video traffic, connect computer systems and networks to network storage devices, and it can be used in high- performance clustering technology.
The main disadvantages are that Fibre Channel equipment is generally expensive, the technology is complex (compared to Ethernet), equipment from different vendors often suffers from interoperability problems, and native file sharing support is not provided.
Prospects
Interoperability issues between vendor implementations of Fibre Channel have been one factor slowing general adoption of the technology, but new specifications were released in 2000 to help make Fibre Channel equipment from different vendors work as simply as plug and play. The two most important of these new specifications are Direct Access File Specification (DAFS) and Fabric Shortest Path First (FSPF).
More seriously, Fibre Channel faces stiff competition from emerging new storage-over-IP network technologies including Service Specific Connection Oriented Protocol (SSCOP) from SAN Ltd., SCSI over TCP/IP from IBM and Cisco Systems, EtherStorage from Adaptec, and especially 10 GbE. This is somewhat ironic as the underlying physical layer technologies of GbE were in fact borrowed from the FC-0 and FC-1 layers of the earlier Fibre Channel standard!
These emerging storage-over-IP technologies promise several advantages over Fibre Channel, including more familiar underlying technology (Ethernet), better latency, lower packet loss, and transmission over longer distances. The industry debate is sometimes hot, from Fibre Channel proponents envisioning Fibre Channel being used for general local area network (LAN) transport to 10 GbE proponents declaring Fibre Channel as dead as FDDI.
But things are constantly changing in the networking world, and Fibre Channel may be down but not out. A new contender in the arena is Fibre Channel Over IP (FCOP), a scheme proposed by Lucent Technologies and other vendors. FCOP encapsulates Fibre Channel frames in IP packets to allow them to be carried over GbE or even long-haul ATM/Synchronous Optical Network (SONET) trunk lines, making FCOP a technology that could extend Fibre Channel links to transcontinental distances. Using FCOP, for example, a SAN in New York can be connected to a corporate network in California over an ATM/SONET wide area network (WAN) link. A similar standard called Fibre Channel Backbone has also been proposed as a possible ANSI standard. We will have to wait until the dust clears on this one!
For More Information
Visit the Fibre Channel Industry Association at www.fibrechannel.com
See Also 10G Ethernet ,Gigabit Ethernet (GbE) ,Small Computer System Interface (SCSI) ,storage over IP
Information assigned a name and stored on a disk or some other media.
Overview
Files are the primary unit of information stored on disk systems. Examples of files include
Executable files (programs)
Data files (documents, databases)
Web pages (HTML files)
Files are generally stored in a file system, which provides a hierarchical way of saving, locating, and accessing information.
See Also file system
Specifically, a table maintained on a hard disk by MS- DOS and Microsoft Windows operating systems that acts as a table of contents, showing where directories and files are stored on the disk. By extension, the acronym FAT is also used to refer to the file system itself for MS-DOS and Windows platforms.
Overview
On Microsoft operating system platforms, when we refer to the file allocation table (FAT) file system, we often simply call it the FAT. The FAT is widely supported by all Windows platforms and can be installed on partitions of up to 2 gigabytes (GB) in size on Windows 95 and Windows 98, and on partitions of up to 4 GB on Windows NT. In Windows 2000, Windows XP, and Windows .NET Server, if the partition size is greater that 2 GB, it will automatically be formatted as FAT32. The FAT is often used in dual-boot scenarios or when the security and reliability of the NTFS file system (NTFS) is not required.
The FAT file system is based on the FAT, a structure that maps the locations of the clusters in which files and folders are stored on the disk. The FAT records the location of each cluster that makes up a given file and the sequence in which it is stored. This is necessary because files usually are not stored in a contiguous location on a hard disk because of the presence of disk fragmentation caused by the creation and deletion of files on the disk. For each file on a FAT volume, the FAT contains the entry point for the allocation unit in which the first segment of the file is stored, followed by a series of links called the allocation chain. The allocation chain indicates where succeeding segments of the file are located and is then terminated by an end-of-file (EOF) marker.
Two copies of the FAT are kept in fixed locations on the disk to provide redundancy. A disk formatted with the FAT file system is said to be a FAT volume. The sizes of the individual clusters in which file information is stored on a FAT volume depend on the size of the partition or logical drive formatted using FAT, as shown in the following table. For compatibility reasons, these cluster sizes are the same whether the FAT volume is on an MS-DOS or Windows platform. In the table, you will see that on small FAT partitions (under 15 megabytes [MB] in size) a special 12-bit FAT file system is used instead of the usual 16-bit FAT.
Drive Size | FAT Type | Sectors/Cluster | Cluster Size |
0 MB-15 MB | 12-bit | 8 | 4 kilobytes (KB) |
16 MB-127 MB | 16-bit | 4 | 2 KB |
128 MB-255 MB | 16-bit | 8 | 4 KB |
256 MB-511 MB | 16-bit | 16 | 8 KB |
512 MB-1023 MB | 16-bit | 32 | 16 KB |
1024 MB-2047 MB | 16-bit | 64 | 32 KB |
2048 MB-4095 MB | 16-bit | 128 | 64 KB |
Different versions of Windows support different file systems. The original release of Windows 95 supports only FAT, but Windows 95 OSR2 and Windows 98 support FAT and FAT32. FAT32 is a newer 32-bit version of FAT that was first included with the OSR2 release of Windows 95. The original version of FAT is 16-bit and is sometimes referred to as FAT16. Windows NT supports both FAT and NTFS, but not FAT32. Windows 2000, Windows XP, and Windows .NET Server support FAT, FAT32, and NTFS. Possible advantages of using FAT volumes with Windows NT, Windows 2000, Windows XP, and Windows .NET Server include the following:
Multiboot capability: If you need to dual boot between Windows 95 or Windows 98 and Windows NT, use FAT instead of NTFS because Windows 95 and Windows 98 cannot read or recognize NTFS volumes.
Efficiency on small partitions: FAT requires less overhead than NTFS and is more efficient on smaller volumes (those under 400 MB in size).
Notes
The root directory on a FAT volume has a fixed size and can contain only a limited number of entries.
See Also FAT32 ,file system NTFS file system (NTFS)
A Microsoft Windows networking component that allows computers running Windows to share folders and printers so that other clients can access them.
Overview
File and Printer Sharing for Microsoft Networks uses the Server Message Block (SMB) file sharing protocol and is compatible with clients such as
Computers running Windows have Client for Microsoft Networks installed
Windows NT, Windows 2000, Windows XP, and Windows .NET Server
Windows for Workgroups
LAN Manager
Use the Network utility in Control Panel to install Client for Microsoft Networks on a computer running Windows 95 or Windows 98.
Notes
You cannot install File and Printer Sharing for Microsoft Networks if File and Printer Sharing for NetWare Networks is already installed.
See Also File and Printer Sharing for NetWare Networks
A Microsoft Windows networking component that allows computers running Windows to share folders and printers so that they can be accessed by Novell NetWare clients and by computers running Windows with Client for NetWare Networks.
Overview
Use the Network utility in Control Panel to install File and Printer Sharing for NetWare Networks on most versions of Windows. Installing File and Printer Sharing for NetWare Networks automatically installs the NWLink Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)-Compatible Transport protocol and Client for NetWare Networks, if these have not already been installed. A bindery-based NetWare server must also be available as a network security provider because File and Printer Sharing for NetWare Networks does not support NetWare servers running Novell Directory Services (NDS).
Notes
You cannot install File and Printer Sharing for NetWare Networks if File and Printer Sharing for Microsoft Networks is already installed.
See Also File and Printer Sharing for Microsoft Networks
A Microsoft Windows 2000 service that provides Apple Macintosh users with access to files stored on NTFS file system (NTFS) volumes on Windows 2000 file servers.
Overview
File and Print Services for Macintosh (FSM) is the Windows 2000 counterpart to Services for Macintosh on machines running Windows NT. FSM lets PC and Apple Macintosh clients share files and printers. With FSM on a server running Windows 2000, Macintosh client machines need nothing more than the Macintosh operating system software installed to access resources on the server.
FSM integrates the following three services:
File Services for Macintosh: Also called MacFile, this service lets Macintosh clients access files stored on the server running Windows 2000. Use MacFile to specify a directory on an NTFS volume as a Macintosh-accessible volume.
Print Services for Macintosh: This service lets Macintosh clients print to printers connected to the server running Windows 2000 and spools print jobs for AppleTalk printers such as the LaserWriter.
AppleTalk protocol: This service can be installed on the server running Windows 2000 to enable it to function as an AppleTalk router.
Once FSM is installed on your server, you can make directories available as Macintosh volumes by using the Shared Folders node in the System Tools folder of the Computer Management tool.
Notes
You can install an optional authentication module for Macintosh clients so that they can securely log on to Windows 2000-based servers running FSM.
See Also AppleTalk
A Microsoft Windows NT and Windows 2000 add-on utility for providing Internetwork Packet Exchange (IPX) file and print services to NetWare clients.
Overview
File and Print Services for NetWare (FPNW) enables a server running Windows NT or Windows 2000 to perform the following functions:
Allow legacy NetWare 3.x IPX client machines to access resources on a server running Microsoft Windows NT
Share directories and printers on a server running Windows NT so that NetWare 3.x clients can access them
Manage NetWare 3.x printers from a server running Windows NT, making these printers also available to Microsoft clients
File and Print Services for NetWare (FPNW). How FPNW works.
Implementation
FPNW accomplishes these functions by mimicking the functionality of a NetWare 3.12 file and print server and providing file and print services directly to NetWare and compatible client computers. A server running Windows NT or Windows 2000 using FPNW appears to NetWare client machines as if it were really a NetWare server, and clients can access volumes, files, and printers just as they would on a NetWare server. Accounts for NetWare client users are stored in the Security Accounts Manager (SAM) database, instead of requiring maintenance in a separate NetWare server. The FPNW server supports both the Server Message Block (SMB) protocol for Windows client connections and the NetWare Core Protocol (NCP) for NetWare client connections. FPNW requires that the NWLink IPX/SPX-Compatible Transport protocol be installed on the server.
FPNW supports NetWare functions such as user- account creation, remote administration, secure logins, and print queue management. However, it does not support NetWare functions such as user disk volume restrictions or inherited rights masks.
Notes
FPNW is not included with Windows NT or Windows 2000, but you can obtain it as a separate utility from your Microsoft value-added reseller (VAR). FPNW can be installed only on server machines, not on workstations. The directory that will be used as a NetWare SYS volume should be on an NTFS file system (NTFS) partition.
In Microsoft operating systems, a string appended to a filename, consisting of a period followed by three alphanumeric characters.
Overview
File extensions usually identify the application that can open or run them. For example, text files end with the extension .txt and are opened with Microsoft Notepad. Other common file extensions include the following:
.doc for Microsoft Word documents
.exe for executable files
.htm for Web pages created in Hypertext Markup Language (HTML)
.gif for GIF 87/89 format images, commonly used on the Internet
File extension. Viewing file extension mappings.
Associations between different file extensions and the programs used to open them are stored in the registry. Sometimes you might need to modify or remove a registered file extension. For example, if two different applications save files using the same file extension, you can easily modify file extensions in Microsoft Windows by using Windows Explorer. Just select Options from the View menu to open the Options dialog box, and select the File Types dialog box. Create, remove, or edit file extensions as desired. Be aware that using this tool might negatively affect the ability of applications on your system to function, so modify extensions with care. In Windows 2000, Windows XP, and Windows .NET Server, you can do the same by selecting Folder Options from the Tools menu.
A method for controlling access to files stored on NTFS file system (NTFS) volumes in systems running Microsoft Windows 2000 and Windows XP.
Overview
File permissions govern access to files on an NTFS volume, and folder permissions govern access to folders on an NTFS volume. There are five standard file permissions on NTFS volumes for computers running Windows 2000, Windows XP, and Windows .NET Server: Full Control, Modify, Read & Execute, Read, and Write. For any given file on an NTFS volume, each of these file permissions can be allowed or denied for a specific user or group by using the Security tab of the file's property sheet in Windows Explorer (see the illustration).
File permissions. Viewing and configuring file permissions in Windows 2000.
Each of these five standard file permissions is made up of a subset of the individual or special file permissions that are available on NTFS volumes on machines running Windows 2000, Windows XP, and Windows .NET Server. The following table lists the various special file permissions and how they are combined to form the five different standard file permissions.
Special Permissions | Full Control | Modify | Read & Execute | Read | Write |
Execute File | x | x | x | ||
Read Data | x | x | x | x | |
Read Attributes | x | x | x | x | |
Read Extended Attributes | x | x | x | x | |
Create Files/Write Data | x | x | x | ||
Append Data | x | x | x | ||
Write Attributes | x | x | x | ||
Write Extended Attributes | x | x | x | ||
Delete Subfolders and Files | x | ||||
Delete | x | x | |||
Read Permissions | x | x | x | x | x |
Change Permissions | x | ||||
Take Ownership | x | ||||
Synchronize | x | x | x | x | x |
See Also folder permissions
Any technology for organizing, storing, and locating data on a system or network.
Overview
The file system for a computing platform defines the method by which the operating system stores, locates, and accesses files on its hard disk subsystem. File systems usually have a hierarchical structure consisting of a series of nested directories for storing files. Each directory can contain files, other subdirectories, or both. The top of the file system is called the root, and the various directories are its branches. The file system thus forms a tree.
File systems include conventions for the type and the maximum number of characters that can be used to name a file. A file can be located in the file system by specifying its absolute path-that is, its path starting from the root and traversing through the directory structure until the file is reached. Using graphical user interface (GUI) or command-line tools, files can be located, copied, moved, and deleted. Microsoft Windows Explorer is an example of a GUI tool that shows the hierarchical structure of the file system on a Windows-based machine. File systems can incorporate technologies for marking files with attributes such as hidden and read-only. Some file systems allow you to compress files, and some allow you to specify file system quotas for users.
File system. A hierarchical file system.
Types
File systems can generally be classified into two types, depending on where the stored resources are located:
Local file systems: These systems are part of the operating system and manage locally attached storage devices such as disk drives and removable drives. Portions of local file systems can be shared to allow users on the network to access specific files, but users generally need to know the name or location of the share in order to access it.
Distributed file systems: These systems are used to combine shared portions of local file systems on many different machines into a single network- wide hierarchical file system. Distributed file systems allow shared network resources located all over the network to appear as though they are located on a single "superserver," and they simplify the process of users locating and accessing shared network resources.
Examples
Examples of common file systems include the following:
The file allocation table (FAT) file system for MS-DOS-based and Windows-based computers
The NTFS file system (NTFS) for Windows NT, Windows 2000, Windows XP, and Windows .NET Server
The Distributed file system (Dfs) for Windows NT, Windows 2000, and Windows .NET Server
The standard hierarchical UNIX file system
Sun's distributed Network File System (NFS) for UNIX platforms
The Open Systems Interconnection (OSI) reference model counterpart of the Internet standard File Transfer Protocol (FTP).
Overview
The File-Transfer Access and Management (FTAM) protocol is an OSI application layer (Layer 7) protocol that specifies a standard mechanism for access and management of a distributed network file system. FTAM enables users to
Access file stores both locally and remotely, making FTAM a distributed file access protocol more similar to Gopher in this regard than to FTP
Integrate management of both local and remote file stores, including the ability to manipulate both files and their attributes
Access file stores on different kinds of machines that have different types of file systems
Transfer files both synchronously and asynchronously
The FTAM model defines the architecture of a hierarchical virtual file store in terms of file structure, file attributes, and the kinds of operations that can be performed on files and their attributes. The FTAM standard does not specify the actual user interface for file access and management, simply the system's underlying architecture. Vendors are left free to create their own user interfaces to FTAM file systems or use existing interfaces for their vendor-specific file systems. Some third-party vendors have developed FTAM-based products for Microsoft Windows NT and other operating systems, but like many aspects of the OSI model, FTAM has not caught on the way Internet protocols such as FTP have, mainly because of its complexity.
See Also Open Systems Interconnection (OSI) reference model
An application-level protocol that can be used for transferring files between hosts on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.
File Transfer Protocol (FTP). How FTP works.
Overview
File Transfer Protocol (FTP) is one of the earliest Internet protocols, and it is still used for uploading and downloading files between clients and servers. An FTP client is an application that can issue FTP commands to an FTP server, and an FTP server is a service or daemon running on a server that responds to FTP commands from a client. FTP commands can be used to change directories, change transfer modes between binary and ASCII, upload files, and download files.
Implementation
FTP uses TCP for reliable network communication by establishing a session before initiating data transfer. TCP port number 21 on the FTP server listens for connection attempts from an FTP client and is used as a control port for establishing a connection between the client and server, for allowing the client to send an FTP command to the server, and for returning the server's response to the command. Once a control connection has been established, the server opens port number 20 to form a new connection with the client for transferring the actual data during uploads and downloads.
Notes
Internet Information Services (IIS) supports virtual servers and virtual directories using FTP. You can view the status of open ports on IIS using the netstat command. If an FTP client has trouble accessing information on IIS, try changing the directory listing style for the FTP service on IIS. FTP supports only Basic Authentication or anonymous access for authentication schemes and does not support the more secure Microsoft Windows NT Challenge/Response Authentication method.
See Also Internet Information Services (IIS) ,Transmission Control Protocol/Internet Protocol (TCP/IP)
A dialog box in Microsoft Windows 2000, Windows XP, and Windows .NET Server that lets you locate objects in Active Directory directory service.
Overview
The Find dialog box allows you to query the global catalog server for objects such as users, groups, computers, shared folders, printers, and other objects in Active Directory.
Find. Using Find in Active Directory Users And Computers.
To use the Find dialog box, open a console with the snap-in for Active Directory Users And Computers installed, right-click on a container or organizational unit, and select Find from the shortcut menu. Then specify what kinds of objects you want to search for within Active Directory, such as
Users, contacts, and groups
Computers
Printers
Shared folders
Directory folders
Routers
Custom search
Next, specify whether you want to search the entire Active Directory, a particular domain, or a particular organizational unit (OU). Finally, specify the query parameters associated with the type of object you are looking for. For example, if you are looking for users, contacts, or groups, you can specify the name of the object, its description, or specific attributes of the object, such as home phone or e-mail address.
Notes
If you are performing a search based on an attribute of an object, you must specify a value for this attribute.
A Transmission Control Protocol/Internet Protocol (TCP/IP) protocol and service for viewing information about a user.
Overview
For a user on the client machine to be able to "finger" someone using finger client software, the finger daemon (service) must be running on the remote system being queried. Then if you finger a user's e-mail address, the result returned to you typically includes the user's username, full name, whether and how long the user has been logged on, and other information depending on the configuration of the finger service you are querying.
Microsoft Corporation's implementation of TCP/IP on Microsoft Windows 2000, Windows XP, and Windows .NET Server has finger client software but no finger service. In other words, you can run the finger client on a machine running Windows 2000, Windows XP, or Windows .NET Server that is connected to the Internet in order to obtain results from a UNIX server at an Internet service provider (ISP) running the finger daemon. For example, typing the command finger jsmith@ s12.microsoft.com displays information about user Jeff Smith on a server called s12.microsoft.com.
If an ISP makes its finger daemon publicly available on the Internet, it is commonly referred to as a finger gateway.
Notes
Finger is more of a security risk than a useful service in most cases and is not widely implemented anymore. A related service that also is not used much these days is whois.
For More Information
Visit Finger Lookup, a popular Internet finger gateway, at alabanza.com/kabacoff/Inter-Links/cgi/finger.cgi.
See Also Transmission Control Protocol/Internet Protocol (TCP/IP)
Stands for Federal Information Processing Standard, any standard ratified by the National Institute of Standards and Technology (NIST)
See Also Federal Information Processing Standard (FIPS)
Any system or device that allows safe network traffic to pass while restricting or denying unsafe traffic.
Overview
Firewalls are usually dedicated machines running at the gateway point between your local network and the outside world and are used to control who has access to your private corporate network from the outside-for example, over the Internet. More generally, a firewall is any system that controls communication between two networks. In today's networking environment in which corporate networks are connected to the Internet-inviting hackers to attempt unauthorized access to valuable business information-a corporate firewall is essential.
A firewall is an essential component of a company's security policy and is one of the primary means for enforcing that policy. A firewall acts as a kind of police officer to monitor, control, arrest, and incarcerate malicious traffic, logging all questionable traffic to allow the administrator to determine the cause or source of the attack.
Types
A corporate firewall can either be a dedicated machine such as a packet filtering router or a rack mountable firewall appliance or firewall software that the administrator must install on a dual-home hardened system. Both approaches are popular and each has its advantages and disadvantages.
A personal firewall is a firewall used to protect a single machine, typically a home user connected to the Internet using dial-up, Asymmetric Digital Subscriber Line (ADSL), or cable modem connections. The personal firewall marketplace has exploded in the last few years as broadband Internet access services have become widely deployed. Personal firewalls are usually implemented as software to be installed on users' machines, but the first personal firewall that was offered in appliance form was Firebox from WatchGuard Technologies in 1997. Personal firewalls also come preinstalled on some ADSL and cable modem routers to protect home users and Small Office/Home Office (SOHO) networks.
An offshoot of personal firewalls is the agent-based firewall. Agent-based firewalls are installed on every machine on a network, but their configuration is managed remotely using policies configured on a central policy server. At the enterprise level, this scenario is called a distributed firewall, and it is becoming a popular approach to secure servers on a network. The advantage here is that servers can be protected not just from hackers on the Internet but also from malicious users inside the corporate network. The agent also serves as an extra level of protection if the regular network firewall has been compromised. Another name for this approach is host-resident firewall, since it involves moving firewall security from the network's perimeter to the hosts themselves, a process that scales much better as perimeter traffic increases.
A new type of firewall is a combination of virtual private networking (VPN) and firewall software. This combination can be used for different purposes from enabling mobile users to connect securely to a corporate intranet over the Internet (using VPN and firewall software installed on their laptops) to enabling e-commerce sites to provide their users with secure access to their services (using rack-mounted VPN/Firewall appliances). In general, the firewall software is placed in front of (nearer the Internet) than the VPN software to simplify configuration. The main problem with this combination is that the VPN slows down access through the firewall, so a method of implementing this combination that is growing more popular is using dedicated high-performance VPN/Firewall appliances.
Finally, a different approach to implementing firewalls is outsourcing your firewall services to a Managed Firewall Service Provider (MFSP). This is becoming a popular alternative for small to mid-sized companies that cannot afford to hire trained security experts to configure, monitor, and maintain a firewall. Some analysts expect this segment of the market to grow to $1.5 billion by the end of 2002.
Architecture
In its simplest form, a firewall is a router (or dual- homed computer with two network interface cards) that filters incoming network packets. This configuration is usually called a packet-filtering router. By comparing the source addresses of these packets with an access list specifying the firewall's security policy, the router determines whether to forward the packets to their intended destinations or stop them. The firewall can simply examine the Internet Protocol (IP) address or domain name from which the packet was sent and determine whether to allow or deny the traffic. To specify a list of IP addresses which the router will permit or deny, an access control list (ACL) or access list (AL) is configured on the router. The router can filter both inbound and outbound packets.
A related form of firewall is the network-level firewall because it operates at the network layer of the Open Systems Interconnection (OSI) reference model for networking. Network-level firewalls are transparent to users and use routing technology to determine which packets are allowed to pass and which will be denied access to the private network. Network-level routers can be configured to block certain types of IP traffic while permitting others to pass. Usually this is done by disabling or enabling different Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports on the firewall system. For example, TCP port 25 is usually left open to permit Simple Mail Transfer Protocol (SMTP) mail to travel between the private corporate network and the Internet, while other ports (such as port 23 for Telnet) might be disabled to prevent Internet users from accessing other services on corporate network servers. The difficulty with this approach is that the size of the access list for the firewall can become huge if a large number of domains or ports are blocked and a large number of exceptions are configured, and a large access list can slow down the router. Another difficulty is that some ports are dynamically assigned at random to certain services (such as remote procedure call services) on startup, so it is more difficult to configure firewalls to control access to these ports using static access lists. Network-level firewalls are sometimes known as screening routers since they screen different types of traffic, and they are usually combined with packet-filtering using access lists for better security.
Routers that employ stateful filtering maintain an internal table of allowed TCP connections and only allow incoming connections to be established if they conform to this table. Stateful filtering is an alternative to access lists and is often used to control outbound traffic and reduce the size of access lists.
Firewall. Two basic types of firewalls.
Another type of firewall is the circuit-level gateway, which is usually implemented as part of a proxy server. Circuit-level gateways essentially operate at a higher level of the OSI model protocol stack than network- level firewalls do. With a circuit-level gateway, connections with the private network are hidden from the remote user. The remote user connects with the firewall, and the firewall forms a separate connection with the network resource being accessed after changing the IP address of the packets being transmitted in either direction through the firewall using a process called Network Address Translation (NAT). The result is a sort of virtual circuit between the remote user and the network resource. This is a safer configuration than a packet- filtering router because the external user never sees the IP address of the internal network in the packets he or she receives, only the IP address of the firewall. A popular protocol for circuit-level gateways is the SOCKS v5 protocol. Circuit-layer gateways are typically used in conjunction with packet-filtering and network-layer protection.
Another more advanced type of firewall is the application gateway, which is also usually included in a proxy server. Application gateways do not allow any packets to pass directly between the two networks they connect. Instead, proxy applications running on the firewall computer forward requests to services on the private network and then forward responses to the originators on the unsecured public network. Application gateways generally authenticate a user's credentials before allowing access to the network, and they use auditing and logging mechanisms as part of their security policy. Application gateways generally require lots of configuration by users to enable their client machines to function properly, but they are more granular in their configurability than network-level firewalls. For example, if a File Transfer Protocol (FTP) proxy is configured on an application gateway, it can be configured to allow some FTP commands but deny others. You could also configure an SMTP proxy on an application gateway that would accept mail from the outside (without revealing internal e-mail addresses) and then forward the mail to the internal mail server. However, because of the additional processing overhead, application gateways have greater hardware requirements and are generally slower than other types of firewalls.
Other advanced features used by firewalls include
Execution control lists (ECLs): These are like access lists but instead control which applications can be executed over the firewall.
Intrusion Detection Systems (IDSs): Usually separate systems from firewalls but sometimes packaged with them, IDSs complement a regular firewall by allowing administrators not just to prevent intrusion into their private networks but also to detect and analyze the source of this intrusion.
Implementation
Before looking at implementing firewalls, it is a good idea to first review some firewall terminology:
Host: Any computer attached to your network.
Bastion host: A host directly exposed to the Internet. Bastion hosts need to be "hardened" to make them more secure by removing nonessential services and software. Web servers and mail servers are two examples of common types of bastion hosts.
Perimeter network: An extra network located between your corporate network and the Internet. Also called a DMZ, which stands for demilitarized zone.
The simplest way of implementing a firewall is to use a packet-filtering router with port screening at the junction between your private network and the Internet. All traffic flows through this point, and the router handles the entire job of securing your network from attack.
For more extensive protection than a simple packet- filtering router, install circuit-level or application- gateway firewall software on a dual-homed hardened system and use it in place of (or in addition to) the dedicated router.
A screened-host firewall allows a bastion host located on the private network to be accessed from the Internet while preventing other hosts from being compromised. This is perhaps less secure than locating the bastion host outside the private network, but it allows easier access to the bastion host for configuration and maintenance.
A screened subnet architecture employs an intermediate network (the perimeter network) between the private and public networks, each of which are connected to the perimeter network using a separate screening router. One or more bastion hosts are then located on the perimeter network. For greater protection, the perimeter network may be split into two segments using another router or a dual-homed host running firewall software. Still another configuration makes each bastion host dual-homed, with one interface of each bastion host connected to the perimeter network segment adjacent to the Internet and the other interface connected to the perimeter network segment adjacent to the private network. You can make the topology even more complex by having separate perimeter networks for each bastion host, and so on.
Advantages and Disadvantages
Although firewalls are essential for networks connected to the Internet, a firewall is only as effective as its configuration. A misconfigured firewall is worse than no firewall at all since it provides the user with a false sense of security that the network is protected. In other words, firewalls cannot configure themselves and are only as smart as the administrators configuring them.
Another misconception is that a carefully configured firewall is all your network needs to be safe from attack. This is hardly the case. Network security begins with the development of a comprehensive security policy on paper and is implemented using a variety of systems and services including firewalls, perimeter networks, antivirus software, an intrusion detection system (IDS), and good network management practices. In addition, administrators need to be on top of possible new threats by subscribing to security newsletters, watching for notices of bugs and fixes from operating system and application vendors, reviewing firewall logs regularly, and educating users about the practices of safe computing.
Marketplace
For the corporate segment of the market, firewall products range from dedicated routers to software to install on hardened dual-homed hosts. A popular dedicated router firewall product is the PIX firewall service from Cisco Systems, included with IOS 11.2 and higher as the Cisco Firewall Feature Set. PIX comes in different flavors depending on whether the need is enterprise or Small Office/Home Office (SOHO) protection, and by some analysts' estimates is used by half of all large companies.
In the enterprise software firewall market, popular products include Firewall-1 from CheckPoint Software Technologies, Microsoft Proxy Server from Microsoft Corporation, and many others. The new Microsoft Internet Security and Acceleration (ISA) Server integrates firewall and Web caching functionality and supports policy-based security.
In the personal firewall arena, some popular products include BlackICE Defender from Network Ice Corporation, Norton Personal Firewall from Symantec Corporation, eSafe from Aladdin Networks, ZoneAlarm from Zone Labs, Secure Desktop from Sybergen Networks, McAfee Personal Firewall from Network Associates, CyberArmor from InfoExpress, and PC Firewall from ConSeal. In general, personal firewalls come with a standardized default configuration that provides a basic level of security, but remember that firewalls are only as smart as the person who configures them. Personal firewalls are also not a substitute for antivirus software and are usually ineffective in dealing with Trojan horses.
Distributed firewalls are popular in corporate environments and are typically used to protect critical servers using firewall agents that are remotely managed from a central policy server. Examples in this market include CyberArmor Enterprise Personal Firewall from Info Express and McAfee Active Virus Defense Suite from Network Associates.
Several vendors offer combinations of firewall and VPN software that can be used to provide secure remote access to corporate networks. Examples include VPN-1 Gateway (a combination of Firewall-1 and VPN-1) from CheckPoint Software, Raptor Firewall with PowerVPN from Symantec, GuardianPro with Guardian IPSec VPN from NetGuard, and eTrust Firewall with eTrust VPN from Computer Associates.
In the VPN/Firewall appliance arena, Cobalt Networks and Axent Technologies have teamed up to provide a 1U-high rack-mountable VPN/Firewall appliance called VelociRaptor that is based on the Linux operating system. Gigabit products in this market include Cisco's PIX 535 firewall and NetScreen-1000ES from NetScreen Technologies, both of which support Triple DES encryption for greater security (although using 3DES slows down performance to about 600 megabits per second [Mbps]).
In the outsourced managed firewall services sector, two popular providers include DefendNet Solutions, whose DefendNet Enterprise solution uses CheckPoint Software's Firewall-1 product and targets companies with more than 250 users, and RIPTech, whose sentry monitoring system works with several popular firewalls including PIX, Raptor, and Firewall-1. Another managed firewall service provider is NetSolve.
Notes
TruSecure, in conjunction with ICSA Labs, acts as an independent standards body that certifies firewall products and provides a number of resources on their Web site relating to firewalls and network security. See www.icsalabs.com for more information.
The best way to begin configuring a packet-filtering firewall is to block all packets at first and then start allowing access to the internal network on a case-by- case basis. Make sure that internal network addresses do not cross the firewall to the outside world and do not store sensitive data on the machine running the firewall software itself. Treat your firewall machine as expendable-the worst possibility should be a hacker's damage to the firewall; this would simply leave your private network securely disconnected from the outside world. You can disable all unnecessary network services on your firewall machine to protect the firewall itself from attack.
If you are concerned only about controlling outgoing access from your network and your users do not need to be able to remotely access your network over the Internet, a packet-filtering router or circuit-level gateway type of firewall is probably sufficient. For users who frequently need to remotely access your network, however, an application gateway is generally best.
See Also appliance ,network security ,proxy server ,router
A name trademarked by Apple Computer for the IEEE 1394 High Performance Serial Bus.
Overview
FireWire (or IEEE 1394 or simply 1394) is a serial transmission specification originally proposed by Apple for connecting high-speed peripherals to computers at speeds of up to 393 megabits per second (Mbps). FireWire supports hot-swapping of peripherals with up to 63 peripherals connected to a single FireWire bus. In addition, up to 1023 buses can be interconnected to form a vast array of peripherals if needed.
FireWire features simple plug-in connectors using thin serial cables that can be hot-plugged without interfering with your system's operation. FireWire connectors are based on the Nintendo Game Boy connector.
The main competitor for PC peripheral interconnection is Universal Serial Bus (USB). Although USB is targeted mainly toward computer peripherals running at speeds up to 12 Mbps, FireWire supports much higher speeds and can transport both asynchronous data and video streams and isochronous streams.
Other vendors have their own trademarked names for IEE 1394, including Sony Corporation with its popular i.Link technology.
Implementation
FireWire as defined in IEEE 1394 uses 64-bit device addresses. FireWire cables use two twisted-pair wires for data transmission and two wires for power. FireWire includes two different serial interfaces:
Backplane interface: Runs at speeds between 12.5, 25, and 50 Mbps for bus connections within a computer system
Point-to-point interface: Runs at speeds of 98.304 Mbps (S100 specification), 196.608 Mbps (S200), and 393.216 Mbps (S400) for connecting devices to computers using serial cables
FireWire. Connecting peripherals using FireWire.
The topology of a typical FireWire implementation can be complex, but it is typically a hierarchical or tree topology consisting of various IEEE 1394 components. More complex topologies, including several computers sharing portions of the peripheral network, are also possible. The illustration shows how you can use FireWire. The four types of components you can use in a FireWire implementation are
Devices: Typically have 3 ports but can have up to 27 ports and can be daisy-chained up to 16 devices
Splitters: Provide extra IEEE 1394 ports if needed to accommodate the number and arrangement of devices used
Repeaters: Overcome distance limitations in IEEE 1394 cables
Bridges: Isolate traffic within a specific portion of an IEEE 1394 bus
FireWire connections have a maximum distance of 15 feet (4.5 meters), but up to 16 components can be daisy-chained to a maximum distance of 236 feet (72 meters) without using repeaters.
FireWire is supported by the Microsoft Windows 98, Windows 2000, and Windows XP operating systems, along with the universal serial bus (USB) specification.
Notes
Windows 98 resets the FireWire bus and assigns new physical addresses to IEEE 1394 devices when
Devices are added or removed from the bus
The system is rebooted
For More Information
Visit the 1394 Trade Association at www.1394ta.org
See Also serial transmission ,universal serial bus (USB)
A problem condition that can occur with dynamic routers on large internetworks.
Overview
When a router is flapping (called a flapping router), it broadcasts routing table updates that alternate between two different routes to a host. For example, the flapping router might indicate during the first broadcast that route A is the best route to a given host, indicate during the second broadcast that route B is the best route, indicate during the following broadcast that route A is best, and so on. Flapping routers thus generate unnecessary routing traffic over the network. This generally happens when a router is unnecessarily configured to load balance between paths with equal hop counts. To determine whether a router is flapping, use a network packet sniffer.
See Also router
A unique set of single-master roles for domain controllers in Microsoft Windows 2000 and Windows .NET Server networks.
Overview
Although domain controllers in a Windows 2000 or Windows .NET Server network mainly function in multimaster mode in which all of them are peers, a few special domain controllers in an Active Directory directory service forest have special roles and execute these in single-master mode. These special roles are known as flexible single-master operation (FSMO) or "fizmo" roles, and there are five of them:
Schema Operations Master: There is only one of these domain controllers in the entire forest, and it is the only one that can be used to create new classes or attributes for the forest schema.
Domain Naming Master: There is only one of these domain controllers in the entire forest, and it manages the names of every domain within the forest and is the only domain controller that can add or remove domains to the forest.
PDC Emulator or PDC Operations Master: There is one of these domain controllers in each domain, and it is used to provide backward compatibility for downlevel Windows NT backup domain controllers (BDCs) within a mixed-mode network.
RID Master: There is one of these in each domain, and it manages the assignment of domain-wide security IDs (SIDs).
Infrastructure Master: There is one of these in each domain, and it updates the SIDs and distinguished names (DNs) in cross-domain references to objects.
See Also Active Directory ,domain controller
Generally, a condition where a network is being bombarded by packets. In routing technologies, a method by which routers communicate to exchange routing table updates.
Overview
Flooding is a mechanism used by dynamic routers for exchanging routing table information with one another across an internetwork. When a router's routing table has changed, it typically floods the network with update messages to alert other routers to modify their tables too. This information is flooded so that every possible recipient router on the internetwork is notified.
The update packets broadcast by the first router are specially formed so that they are received by each subnet only once (otherwise the network could become truly flooded with such broadcasts and communications would be brought to a standstill).
See Also dynamic routing ,routing protocol
The mechanism by which one asynchronous device controls the rate at which it receives data from another asynchronous device.
Overview
One common type of device where flow control is implemented is the modem, the most ubiquitous of asynchronous communications devices. Flow control is also used to describe data rate control mechanisms between other devices, such as computers and attached printers, or between Channel Service Unit/Data Service Units (CSU/DSUs) and routers.
Flow control. Different types of flow control between modems.
Flow control is sometimes equated with handshaking, but the term handshaking specifically refers to flow control negotiations that take place at the beginning of a communication session, although the term flow control also can apply to data transmission management during an active communication session.
In asynchronous communications technologies, two basic types of flow control exist:
Hardware flow control: Also known as RTS/CTS (Request To Send/Clear To Send) control, this method uses special dedicated pinning on cables to leave flow control to the modem itself. In other words, a separate hard-wired signal link (wire) that does not carry data is used to enable one modem to send stop and start messages to the other modem by raising or lowering voltage levels on this wire. Hardware flow control is used with high-speed modems that can compress data and is usually the default setting for Microsoft Windows-based software, such as HyperTerminal, that uses modems.
Software flow control: Also known as XON/XOFF control, this method uses special data characters (usually Ctrl+S to stop transmission, and Ctrl+Q to resume) sent within the data stream itself to enable a local modem to signal a remote modem to stop transmitting data so that the local modem can catch up.
Software flow control is slower and less reliable than hardware flow control because a user, program, or line noise might inadvertently generate a stop signal for the remote modem. In addition, software flow control is used only for transmitting ASCII text information, not for binary data files, because the binary data might contain the Ctrl+S stop character and cause the remote modem to stop transmitting data.
See Also asynchronous transmission ,modem
A method for controlling access to folders and their files stored on NTFS file system (NTFS) volumes in systems running Microsoft Windows 2000, Windows XP, or Windows .NET Server.
Overview
Folder permissions govern access to folders on an NTFS volume, and file permissions govern access to files on an NTFS volume. NTFS volumes for computers running Windows 2000, Windows XP, or Windows .NET Server have six standard folder permissions: Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write.
Folder permissions. Configuring folder permissions in Windows 2000.
For any given folder on an NTFS volume, each of these folder permissions can be allowed or denied for a specific user or group by using the Security tab of the folder's property sheet in Windows Explorer (see the illustration).
Each of these six standard folder permissions is made up of a subset of the individual or special permissions that are available on NTFS volumes on machines running Windows 2000, Windows XP, or Windows .NET Server. The following table lists the various special permissions and how they are combined to form the six different folder permissions.
Special Permissions | Full Control | Modify | Read & Execute | List Folder Contents | Read | Write |
Traverse Folder | x | x | x | x | ||
List Folder | x | x | x | x | x | |
Read Attributes | x | x | x | x | x | |
Read Extended Attributes | x | x | x | x | x | |
Create Files | x | x | x | |||
Create Folders | x | x | x | |||
Write Attributes | x | x | x | |||
Write Extended Attributes | x | x | x | |||
Delete Subfolders And Files | x | |||||
Delete | x | x | ||||
Read Permissions | x | x | x | x | x | |
Change Permissions | x | |||||
Take Ownership | x |
Notes
The List Folder Contents and the Read & Execute Folder permissions have the same special permissions. However, Read & Execute permission is inherited by both files and folders, but List Folder Contents permission is inherited only by folders.
See Also file permissions
In a Microsoft implementation of Transmission Control Protocol/Internet Protocol (TCP/IP), any host that uses a non-Microsoft operating system.
Overview
Examples of foreign hosts on Microsoft IP internetworks might be OS/2 workstations, Solaris servers, and VMS mainframes.
Connectivity with foreign hosts for the purpose of transferring files with the host requires
A common networking protocol, such as TCP/IP or Internetwork Packet Exchange (IPX)
A common file-sharing protocol, such as Server Message Block (SMB) or Network File System (NFS)
See Also Transmission Control Protocol/Internet Protocol (TCP/IP)
A mail system that belongs to a different company than your own and that might also be of a different type.
Overview
In Microsoft messaging terminology, the term foreign mail system usually refers to a mail system other than Microsoft Exchange Server. An example of a foreign mail system could be a public X.400 messaging system in Europe or the Internet's Simple Mail Transfer Protocol (SMTP) mail system. You can establish connectivity between an Exchange organization and a foreign mail system by installing and configuring an appropriate connector on an Exchange server in your organization. Examples include
Using the Internet Mail Service to connect an Exchange organization to the SMTP mail system on the Internet
Using the X.400 Connector to connect an Exchange organization to a public X.400 messaging network such as those common in Europe
See Also Exchange Server ,X.400
Also called a domain forest, a logical structure formed by combining two or more Microsoft Windows 2000 or Windows .NET Server Active Directory directory service trees. The trees within a forest are usually organized as peers and are connected by two-way transitive trust relationships that span across the root domains of each tree. All trees within a forest share a common schema and Global Catalog.
See Also domain forest
A feature of Hypertext Markup Language (HTML) that allows users to submit information to Web servers using Web browsers.
Overview
A form is a portion of a Web page that presents a series of fields for the Web browser user to complete, along with a Submit button to send the data to the Web server for processing. Forms are often used in Web sites for guest books, registration, and similar purposes. If you create an HTML form, you must create a corresponding form handler-an application that accepts the data from the form and processes it accordingly. Form handlers are typically written in Perl and implemented as Common Gateway Interface (CGI) scripts on UNIX Web server platforms such as Apache. On Internet Information Services (IIS), form handlers can be Internet Server API (ISAPI) applications written in C or Active Server Pages (ASP) scripts written in Microsoft Visual Basic, Scripting Edition (VBScript).
See Also Hypertext Markup Language (HTML)
A name server configured to perform iterative queries with other name servers on the Internet.
Overview
If one of your name servers is configured as a forwarder, all off-site queries for resolving Domain Name System (DNS) names are first sent to the forwarder. The forwarder then performs an iterative query with an off-site name server located at your Internet service provider (ISP) to resolve the query. The results of the query are cached by the forwarder. This caching of name query results by the forwarder speeds later name query requests and reduces traffic between your network and the ISP.
Forwarder. How a forwarder resolves a DNS name lookup.
Uses
Forwarders are useful for reducing name resolution traffic and speeding Domain Name System (DNS) name queries for large private Transmission Control Protocol/Internet Protocol (TCP/IP) internetworks that are connected to the Internet. They are also used to resolve name queries when a firewall between your network and the Internet prevents clients in your network from directly querying name servers located at your ISP or elsewhere on the Internet. In this case, a typical location for the forwarder is on the bastion host. (The bastion host is the host running the proxy server or application layer gateway application.)
See Also Domain Name System (DNS) ,name server
A card-based system of cryptographic authentication.
Overview
FORTEZZA was developed by the National Security Agency (NSA) as a way of providing secure authentication to computer systems and services. FORTEZZA functions similarly to smart cards but has greater processing power and memory. The format for a FORTEZZA card is industry-standard Personal Computer Memory Card International Association (PCMCIA) interface, commonly used in laptop computers.
FORTEZZA cards are token-based authentication systems that are tamper-resistant and that protect the data stored on them using cryptography. FORTEZZA is supported by Microsoft Internet Explorer in Microsoft Windows 2000 and Windows XP to control secure Web communications.
You can obtain FORTEZZA card systems from a variety of vendors approved by the NSA. One such vendor is Litronic, which offers a variety of FORTEZZA products and services.
See Also cryptography ,encryption ,smart card
Stands for File and Print Services for NetWare, a Microsoft Windows NT and Windows 2000 add-on utility for providing Internetwork Packet Exchange (IPX) file and print services to NetWare clients.
See Also File and Print Services for NetWare (FPNW)
Stands for fully qualified domain name; in the Domain Name System (DNS), a dotted name that fully identifies a Transmission Control Protocol/Internet Protocol (TCP/IP) host on the Internet.
See Also fully qualified domain name (FQDN)
A T-carrier digital circuit with a speed of less than 1.544 megabits per second (Mbps).
Overview
A fractional T1 line is a T1 line, leased by a T-carrier service provider to a customer, that carries only a fraction of the regular T1 bandwidth of 1.544 Mbps. Regular T1 lines consist of 24 DS0 channels multiplexed together, but fractional T1 lines consist of fewer than 24 channels. Fractional T1 lines typically consist of a combination of nailed-up channels and switched channels. The technology of fractional T-carrier services is the same as that of regular T-carrier services; the extra channels are simply unused. Customers might want to lease fractional T1 services when they do not require the entire bandwidth (or cost) of a regular T1 line.
See Also T-carrier
Stands for Frame Relay Access Device, a telecommunications device that enables a customer site to be connected to a telco's frame relay services.
See Also Frame Relay Access Device (FRAD)
A segment of data transmitted over a network or telecommunications link.
Overview
Frames are assembled and generated by the data-link layer and physical layer of the Open Systems Interconnection (OSI) reference model. This assembly process is called framing. In other words, packets from the network layer are encapsulated by the data-link layer into frames. Data segments generated by higher layers of the OSI model are generally referred to as packets, but the term packet is also sometimes used to include frames.
Architecture
A frame generally consists of a header with preamble (start of frame flag), destination and source addresses, data payload, and usually some form of error-checking information. Frames can be fixed-length or variable- length and have addressing information for multipoint connections or no addressing information for point-to-point connections. They can also have error correction, as in X.25, or no error correction, as in frame relay.
The format in which data frames are constructed depends on the particular data-link layer protocol being used. Thus, we can speak of Ethernet frames, Integrated Services Digital Network (ISDN) frames, X.25 frames, frame relay frames, and so on. Each particular local area network (LAN) or wide area network (WAN) data-link protocol has its own method of framing data for transmission over the network or telecommunications line.
See Also Ethernet , Integrated Services Digital Network (ISDN), X.25
A high-speed packet-switching service offered by telcos and long-distance carriers and used primarily for corporate wide area network (WAN) links.
Overview
Frame relay technology is a packet-switching service with transmission speeds ranging from 56 kilobits per second (Kbps) for DS-0 or ISDN, to 1.544 Mbps for DS-1 or T1, and even sometimes to 45 Mbps for DS-3 or T3. Frame relay is independent of network-level protocols and can thus carry network traffic of all types, including Transmission Control Protocol/Internet Protocol (TCP/IP), Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX), AppleTalk, DECnet, and Systems Network Architecture (SNA).
Frame relay offers both guaranteed bandwidth necessary for most client/server communications and also accommodates "bursty" traffic when demand for bandwidth suddenly increases, as when a file transfer occurs. Because of these features, frame relay has been a popular solution in the enterprise to connect remote branch offices over frame relay WAN links to corporate headquarters.
Frame relay services are available from all major carriers and Regional Bell Operating Companies (RBOCs).
History
The standardization process for frame relay began in the late 1980s, but it was not until the start of the 1990s that commercial frame relay services began to be available from major telecommunications carriers. The impetus for frame relay originally came from Integrated Services Digital Network (ISDN) technologies-in fact the data- link layer of frame relay is Link Access Protocol-D (LAPD) and is borrowed directly from ISDN.
Frame relay is similar in operation to X.25, an earlier CCITT packet-switching technology from which it also evolved. Frame relay, however, is a more streamlined protocol that has lower latency and thus better performance than X.25. This improvement is possible because frame relay is transmitted over digital lines as opposed to analog lines for X.25. Since analog lines are "noisy," X.25 required additional protocol overhead for handling error correction and retransmission of bad packets. By contrast, the digital lines used by frame relay have very little noise, with the result that the error correction and retransmission functions can be moved from the protocol itself to the end stations. This results in much lower latency and hence faster transmission in frame relay than in X.25. Frame relay also does not support the hop-by-hop flow control functions that X.25 supports, which further streamlines the operation of frame relay.
Frame relay services were first offered in 1992 as a faster alternative to X.25 by AT&T, Sprint, and other long-distance carriers. These carriers established POPs (points of presence) major metropolitan locations to provide a means of connecting customers to frame relay services. Frame relay is now a popular solution for building corporate WANs and is available from Incumbent Local Exchange Carrier (ILECs), Competitive Local Exchange Carrier (CLECs), RBOCs, and European Post, Telephone, and Telegraph (PTT) companies all around the world.
Uses
Frame relay is primarily used for connecting corporate local area networks (LANs) into a WAN. In the early 1990s, WAN links were mainly used for batch transfers between remote offices and mainframes at corporate headquarters. For this scenario, frame relay was ideal since companies only accrued charges when the service was actually being used-in between batch transfers, no charges were incurred. With the rise of client/server computing, frame relay remained the best alternative to more expensive leased lines for WAN links between remote offices, and frame relay is today the most popular and widely deployed carrier service for such WAN links.
Most corporate frame relay WAN links use T1 circuits and carry data at rates between 64 kilobytes per second (Kbps) and 1.544 Mbps, with 256 and 512 Kbps being typical values. Until a few years ago, these values sufficed for most remote branch connectivity solutions, but with the explosion of the Internet the bandwidth requirements for corporate WAN links have risen. There are a number of solutions for providing frame relay links beyond T1 speeds (1.5434 Mbps), including
Bonding: This method allows a maximum of two T1 circuits to be joined together to provide 3 Mbps throughput.
Multiplexing: This method allows many DS-1 (another name for T1) circuits to be joined together to provide NxDS-1 frame relay at speeds from 3 Mbps upward. In this scenario the first DS-1 circuit functions as the management circuit for the entire multiplexed group of circuits-if this circuit goes down, connections are broken. Routers with V.35 interfaces support multiplexing of up to about 6 DS-1 circuits, beyond that routers having a faster High-Speed Serial Interface (HSSI) are required.
Channelized DS-3: Multiplexing a large number of DS-1 circuits can be costly. Instead, a single DS-3 (that is T-3) circuit can be "channelized" to provide fractional DS-3-that is, only a portion of the 45 Mbps that a full DS-3 circuit can provide. Implementing channelized DS-3 for frame relay usually requires specialized equipment such as an M13 (DS-1 to DS-3 multiplexer).
Full DS-3: This is the heavy hitter of frame relay services and involves deploying a T-3 circuit to connect a "big iron" frame relay router at your Customer Premises Equipment (CPE) to the carrier. Only a few carriers provide full DS-3 frame relay services.
Architecture
Frame relay is a connection-oriented service similar to X.25 and Asynchronous Transfer Mode (ATM). Frame relay differs from X.25 mainly in eliminating the complex layer-3 error detection and retransmission mechanisms of X.25. Frame relay is thus a simple layer-2 or data-link layer technology that is simple, fast, and independent of higher protocol layers. Although X.25 defines explicit processes for error correction, acknowledgements, packet sequencing, and so forth, in frame relay these functions are handled by the frame relay devices themselves, giving frame relay connections a much lower latency than X.25 connections. In fact, the protocol overhead for frame relay is only about 2 percent compared to almost 50 percent for X.25.
Frame relay is sometimes classified as an "unreliable" service because it performs no error checking or retransmission-if frames become corrupted or delayed by network congestion, they are silently dropped. To make frame relay a reliable service is the responsibility of the frame relay equipment at the ends of the connection, which performs error checking and retransmission and provides flow control.
A carrier's frame relay network is typically depicted as a "cloud" of connections. This cloud is better known as a Frame Relay Bearer Service (FRBS) and physically consists of the collection of ATM/ Synchronous Optical Network (SONET) trunk lines and switches owned by the carrier. As in other packet-switching networks, frame relay operates by packaging network data into "packets" and tagging each packet with address information (discussed below). In frame relay these packets are called frames and are variable length in nature with payload up to 4 kilobytes (KB), making them especially suitable for carrying network traffic such as Internet Protocol (IP) traffic since entire IP packets can be packaged within individual frames without the need to fragment the packets.
Once frames are transmitted onto the FRBS, they are relayed through the switching nodes that make up the FRBS. Instead of relaying each frame individually, frame relay uses virtual circuits (VCs) that act as logical paths through the carrier cloud. These virtual circuits can be either switched virtual circuits (SVCs) that are set up and torn down on a call-by-call basis or permanent virtual circuits (PVCs) that are established in advance. PVCs are generally preferred because they provide a more reliable grade of service for the customer. PVCs provide dedicated point-to-point connections between local and remote customer premises through the cloud. The particular virtual circuit to which a frame belongs is determined by the frame's address information or Data Link Connection Identifier (DLCI), a 10-bit binary value that identifies the frame to the carrier switches within the FRBS. The DLCI is a logical value that uniquely identifies the two end points of the virtual circuit.
Frame relay lets you establish multiple PVCs (and hence multiple logical WAN links) over one physical frame relay connection using statistical time-division multiplexing (STDM). You manage frame relay PVCs using the Local Management Interface (LMI) protocol, which provides features for verifying link integrity and managing the status of PVCs. Frame relay PVCs provide customers with services similar to those of dedicated leased lines such as T1 lines, but since frame relay PVCs are software-implemented instead of hardware- implemented on carrier switches, frame relay is faster and easier to provision and costs less than leased lines.
There are two ways of connecting to a frame relay network:
UNI: Stands for User-Network Interface, this is a signaling method for connecting data terminal equipment (DTE) to an FRBS.
NNI: Stands for Network-Network Interface, this is a signaling method for connecting trunk lines together from two different FRBSs (clouds belonging to different carriers).
Frame relay provides customers with a predefined level of service called the Committed Information Rate (CIR) that is agreed upon by the carrier and customer in advance. CIR is a negotiated level of service you purchase from the carrier that specifies the guaranteed minimum throughput for your frame relay connection. CIR acts as a kind of bandwidth throttling mechanism that facilitates the use of shared frame relay circuits by different users and prevents carriers from oversubscribing their services. Frame relay also allows temporary bursts of traffic to greatly exceed the CIR, thus providing bandwidth-on-demand for customer applications that require it. Bursts of traffic above the CIR are generally short (less than two seconds in duration) and are possible only during off-peak utilization times. When access to the service provider's frame relay network is heavy, your maximum bandwidth will generally be your CIR. Traffic above a higher service level called the Committed Burst Rate (CBR) is flagged as expendable and is dropped if the network is too busy to carry it.
Frame relay is capable of encapsulating IP traffic for transmission over a FRBS. The encapsulation of IP packets by frame relay frames is performed using the High-level Data Link Control (HDLC) protocol described in RFC 2427.
Implementation
The physical layer or Layer 1 for frame relay is the same as ISDN and T-carrier services, and as a result end stations are typically connected to a carrier's frame relay services using T1 or T3 circuits. Frame relay connections can thus be established using any customer premises equipment (CPE) that supports T-carrier services, including many bridges, routers, and switches. Alternatively, a dedicated frame relay device called a FRAD (Frame Relay Access Device) can be installed at the customer premises to connect the customer's network to an Edge Switch (ES) on the carrier side. Most frame relay-capable routers can be configured to operate either as customer-side or carrier-side equipment, but carriers themselves use special "big iron" routers and switches for establishing their cloud of frame relay circuits.
Frame relay. A typical frame relay WAN link.
To set up WAN links between several of your company's locations using frame relay, you typically lease the following services and equipment for each location:
A FRAD or some other device, such as a Cisco router, that is capable of supporting frame relay connections. The FRAD at your customer premises is the data terminal equipment (DTE) side of the connection, and the frame relay/ATM switch at the telco end represents the data circuit-terminating equipment (DCE) end of the connection. Your CPE FRAD is usually connected to your network's backbone switch or router using an RS232, V.35, or X.21 serial interface.
A T1 circuit to connect the FRAD to the carrier network. Even though you may only want to provision a 256 Kbps frame relay link, most carriers require you to purchase a full 1.544 Mbps T1 circuit to do this instead of a fractional T1 circuit.
The required number of virtual circuits to support the number of WAN links you need and the speeds they require. Although frame relay intrinsically supports SVCs, few carriers offer this option because it is more expensive and complicated to implement and more complex for billing purposes than PVCs. A single frame relay physical port can have multiple PVCs configured on it.
The CIR required for each of your WAN links to guarantee the necessary bandwidth for your applications to function optimally over these links. Choose a CIR that is just sufficient to handle your needs to minimize costs, because the higher the CIR, the greater the cost.
If you have more than two remote networks to connect using frame relay WAN links, you have to decide on the topology you want the carrier to provide for you. Frame relay implementations usually follow one of two networking topologies:
Fully meshed topology: In this implementation, each remote location with a FRAD is connected to every other location with a FRAD using PVCs to form a fully meshed multipoint WAN. When an update is transmitted to one device, it is seen by every other device as well. The advantages of this configuration are the redundancy provided within a multipoint mesh network and that the entire frame relay network can be treated as a single data-link connection. The disadvantage is that the number of PVCs needed grows exponentially with the number of locations, and frame relay carriers usually charge per PVC. So this is not really a good solution for more than three remote locations.
Partially meshed topology: This implementation uses a hub-and-spoke topology in which FRADs at branch offices (spokes) are connected by point- to-point connections to the FRAD at the head office (hub). There is no redundancy in this scenario, so typically redundancy is added by providing backup dial-up ISDN links between branch offices and headquarters in case a frame relay link goes down. This scenario must be carefully implemented to avoid split-horizon problems (routing loops).
Advantages and Disadvantages
Frame relay has several advantages over X.25 that has led to the almost complete demise of the earlier technology and its being superseded in the 1990s by frame relay. These advantages include low protocol overhead, low latency, and easy integration with ATM. Originally, when frame relay was developed in 1992, some observers thought that it would soon be superseded by Switched Multimegabit Data Services (SMDS), a packet-switched service that operates at faster speeds than frame relay and does not use PVCs. But apart from MCI Worldcom, few other carriers decided to provision SMDS and instead offer ATM as their top-speed WAN service. If we think of X.25 as the first generation of wide-area packet-switching carrier services, then frame relay is second generation (2G) and ATM is third generation (3G). Although many industry observers expected frame relay itself to be superseded by ATM for WAN connections, this has not occurred, mainly due to the complexity of implementing ATM. Frame relay has also superseded Digital Data Services (DDS), another early WAN service provided by carriers in the early 1990s.
Frame relay also has advantages over dedicated leased line services such as ISDN and T-carrier services. In general, frame relay is less than half the cost of leased lines of equivalent throughput, and, unlike some leased line services, frame relay's cost is independent of distance. Frame relay PVCs are also easier to provision and can be configured more quickly than ISDN or T1 lines. Because frame relay provides bandwidth-on-demand and is charged the same way as regular long-distance services (that is, by usage), using it for WAN links can result in considerable cost savings over leased lines, which rack up charges even when not in use. Finally, frame relay only requires a single router or FRAD at each remote site, even in a fully redundant mesh topology, but deploying multiple leased lines at a site requires additional CPE for each line, incurring further cost and adding management headaches.
The many advantages of frame relay ensure its continued survival in the jungle of today's WAN marketplace. Frame relay is simple in concept and in implementation, has established itself as a reliable solution, has an easy-to-understand pricing structure, is cheaper than other comparable services, supports up to 1024 virtual circuits per WAN to meet the needs of even the largest enterprise, is offered by carriers around the world, and has the intrinsic security of point-to-point connections. The only real challenge to its dominance in the WAN is from upstart Digital Subscriber Line (DSL) coupled with IP VPN (virtual private network) technology, which is discussed later in this article.
Marketplace
The three largest providers of nationwide frame relay services in the United States are the Big Three long distance carriers-AT&T, Sprint Corporation, and MCI Worldcom. Sprint, in fact, was the first carrier to offer CIR for its frame relay subscribers, something that is now universally available. AT&T and Sprint between them have more than 1500 POPs nationwide, which provide good coverage for large enterprises using frame relay for their WAN service. Various RBOCs such as BellSouth Corporation, Bell Atlantic/GTE, and Qwest/US West also provide frame relay services, but with fewer POPs and covering specific geographical regions. Other providers of frame relay services include CLECs such as Intermedia Communications and WinStar Communications.
Although most carriers offer DS-1 frame relay services with CIR up to 1.544 Mbps, enterprises that need higher speeds for frame relay WAN links are more limited in their choice of providers. BellSouth now offers an NxDS-1 frame relay service called Subrate T3 that lets customers choose various frame relay rates between 2xT1 bonding (3 Mbps) and full T3 (45 Mbps). Instead of using a traditional conditioned copper T1 circuit at the customer premises, customers implementing this new service use a fiber T3 circuit, which allows them to upgrade to full T3 if eventually required. A few other carriers offer similar NxDS-1 frame relay services and fewer still offer full DS-3 frame relay. For the few customers requiring speeds higher than DS-3 (45 Mbps) for WAN connectivity, ATM can be used instead of frame relay. If a company has a mix of frame relay and ATM in its WAN, it must choose one of two methods for making these technologies interoperate: FRF.5, which tunnels frame relay over ATM, or FRF.8, which translates frame relay frames into ATM cells. An alternative to ATM for high-speed WAN connectivity that is just starting to emerge is Optical Ethernet, offered by carriers such as Yipes, which can provide Gigabit Ethernet (GbE) to the door WAN services. This is an attractive development that may shake the market up considerably in the next few years, but frame relay and ATM still reign supreme in the international arena and for long-haul WAN links.
The prohibitive costs of building a fully meshed frame relay topology for companies with multiple locations has recently been surmounted by a new service offered from AT&T called IP-enabled Frame Relay (IPFR) and a similar service from MCI WorldCom called Business Class IP. In these new scenarios, each branch office is connected to the carrier's frame relay cloud using a single PVC as in a normal hub-and-spoke implementation. However, each frame is tagged using Cisco Systems' proprietary Multi-Protocol Label Switching (MPLS) technology, which allows traffic to be routed across the cloud using destination IP addresses instead of virtual circuit identifiers. The result is the equivalent of a VPN in an IP network. In a hub-and-spoke network, each frame is first sent to the head office FRAD and then forwarded to the appropriate branch office LAN; in the MPLS scenario, however, frames can be routed directly to their destination LAN. All the switching is done by the carrier's core network (usually ATM), which relieves the FRADs of the additional processing they would otherwise need to do in a normal full-mesh network with multiple PVCs at each site.
Although frame relay supports the capability of billing customers according to usage, most providers bill at flat rates based on the number of frame relay ports, number of virtual circuits, and CIR.
Prospects
Frame relay, despite rumors to the contrary, is still on the rise. Industry analysts predict the frame relay market will be $6 billion in 2002, and this is expected to double over the next five years.
Although costs for leased lines in North America have fallen somewhat in recent years, frame relay still provides equivalent services for WAN connectivity for about half the cost as leased lines. In Europe, prices for leased lines have fallen much more sharply than in the United States, and frame relay is considered to be on a par with leased lines there. In the Asia/Pacific region, however, leased lines are still expensive and most companies use frame relay for linking their regional offices to U.S. offices.
The biggest challenge to frame relay is DSL services now being offered by telcos. DSL can provide frame relay speeds for rock-bottom costs of $50 a month or less. However, DSL is not seen yet to have the same reliability as frame relay, and although widely deployed for residential Internet access, it is not seen by most enterprises as ready for prime-time WAN links that carry mission-critical business traffic. Most DSL deployments involve the cooperation of several parties including CLECs, ILECs, and Internet service providers (ISPs). As a result, when DSL goes wrong, it can take weeks or even months to troubleshoot, with everyone pointing fingers at one another. With frame relay, however, the customer only needs to deal with one provider, or two if User-to- Network Implementation (UNI) services are provided since Network-to-Network Implementation (NNI) services are provisioned directly from the carrier. This makes both provisioning and troubleshooting of frame relay links a snap compared to DSL. Another advantage of frame relay in the WAN is security-frame relay links are point-to-point connections that cannot be hijacked or pirated. By contrast, for companies to use DSL in the WAN, they need to deploy a VPN over the connection to make it secure. Because of all these issues, frame relay is expected to remain a strong player in the corporate WAN marketplace for the next 5 to 10 years until an alternative technology such as DSL makes a compelling case for enterprises to migrate.
Being a packet-switching service, frame relay is inherently poor at carrying delay-sensitive traffic such as voice and video (frame relay was originally designed for carrying data only). Nevertheless, recent advances have led to the provisioning of Voice over Frame Relay (VoFR) services by some carriers, and it remains to be seen how these services will evolve in the marketplace.
Notes
The following table shows some possible strategies for troubleshooting frame relay links in different kinds of situations.
Problem | Suggestions |
Frame relay link is down (connections fail) | Check cabling and connections, make sure you are using a data terminal equipment (DTE) cable, try connecting the cable to a different port, or try a different cable. Make sure you are using Internet Engineering Task Force (IETF) encapsulating if mixing frame relay devices from different vendors. |
Cannot ping remote router | Check the status of PVC; contact carrier if this is down. Check the router's access list, disable access list, and retry. Make sure you are using IETF encapsulating if mixing frame relay devices from different vendors. Check the configuration of the frame relay address map. |
Cannot ping device on remote network | Try pinging local router's frame relay address; check that a default gateway is specified. Check for split horizon conditions in a hub-and-spoke frame relay implementation. |
For More Information
Visit the Frame Relay Forum at www.frforum.com
See Also Asynchronous Transfer Mode (ATM) , DS-0 ,DS-1 ,DS-3 , Integrated Services Digital Network (ISDN), Switched Multimegabit Data Services (SMDS), T-carrier, wide area network (WAN), X.25
A telecommunications device that enables a customer site to be connected to a telco's frame relay services.
Overview
A Frame Relay Access Device (FRAD) is a device that accepts data packets from the customer's network and encapsulates them into a format acceptable for transmission over a T-carrier circuit to a telco's frame relay network. Some FRADs can also statistically multiplex several frame relay virtual circuits (logical data streams) into a single physical communication circuit to support fully meshed frame relay wide area networks (WANs). Statistical multiplexing enables FRADs to provide customers with greater flexibility in bandwidth use, in contrast to time-division multiplexing (TDM) techniques, which ensure a full level of service for each data stream, even when they carry no data. For example, if two data streams are multiplexed using TDM, frames from the two streams will alternate to form the single serial data link. If one of these streams has no data, empty frames will still be sent, resulting in a poor utilization of bandwidth. In statistical multiplexing, the multiplexed data stream contains only frames from data streams that are carrying data, and the higher the data transmission rate of a stream, the greater the number of frames that are multiplexed into the serial data link.
Implementation
A FRAD is typically connected to a bridge, router, or switch attached to your network backbone (some FRADs also have built-in switching and routing capabilities, too). The FRAD accepts network packets, buffers and frames them, and then transmits them over a T1 or T3 circuit to an Asynchronous Transfer Mode (ATM)/frame relay switch at the telco central office (CO).
The FRAD at the customer premises end is the data terminal equipment (DTE) end of the WAN link and typically connects to a router or switch on the customer's backbone network using a serial interface such as RS-232, X.21, or V.35. The switch at the CO end represents the data circuit-terminating equipment (DCE) end of the link and often interfaces directly to the telco's ATM trunk line network.
Some bridges and routers, such as many of those from Cisco Systems, have built-in FRAD technology and need to be connected only to a CSU/DSU (Channel Service Unit/Data Service Unit) through a V.35 or other serial transmission cable to provide customers with an all-in- one frame relay access solution for wide area networking. Use a bridge if you want an easy way to connect a branch office using frame relay. Use a router if you want to control traffic flow or reroute failed connections.
Marketplace
FRADs come in all shapes and sizes from networking vendors and often are described as switches, routers, or access devices instead of FRADs. The reason is that these devices tend to be able to perform several functions, and different vendors classify these functions differently.
Two popular FRADs in enterprise networks are the Netperformer SDM-8200 from ACT Networks and Cisco's 2600 series routers. 3Com Corporation, Openroute Networks, Motorola ING, Fastcomm Communications, IBM, Alcatel, and many other vendors also sell FRADs.
Notes
Sometimes called a Frame Relay Assembler/ Disassembler.
See Also Asynchronous Transfer Mode (ATM) , data communications equipment (DCE) ,data terminal equipment (DTE) ,
The totality of frame relay circuits within a telecommunication carrier's frame relay network.
Overview
A carrier's frame relay network is commonly known as a frame relay cloud, but the more technically correct term is Frame Relay Bearer Service (FRBS). Typically, a frame relay cloud is a collection of packet-switching devices owned by the carrier and used as a shared public network for backboning wide area network (WAN) traffic for private customers. Frame relay clouds can also consist of frame relay circuits owned by private networking consortiums. The frame relay network is described as a "cloud" because of the large number of interconnections between the various edge switches, usually forming a fully connected mesh topology. In frame relay services, each frame of information contains the routing information needed to enable the frame to be routed to its destination through the cloud.
See Also frame relay
A method developed by Cisco Systems for building multiswitch virtual local area networks (VLANs).
Overview
A VLAN consists of a collection of ports on an Ethernet switch that acts as if it were a separate LAN from the remaining ports. In other words, you can segment a network into several VLANs using only one Ethernet switch to create smaller broadcast domains.
Frame tagging is a mechanism developed by Cisco to identify which VLAN a packet belongs to. Frame tagging encapsulates a packet into a frame containing the VLAN ID of the packet. When a tagged packet leaves the switch and arrives at another switch, the second switch can determine which VLAN the packet belongs to and switch it accordingly. The result is that frame tagging can be used to build VLANs that span more than one switch, and the process is scalable to the enterprise level.
Frame tagging is implemented in Cisco Catalyst switches and is widely used for building enterprise VLANs.
See Also Ethernet switch ,virtual LAN (VLAN)
Specifies the data format for frames when using the NWLink IPX/SPX-Compatible Transport on machines running Microsoft Windows 2000, Windows XP, and Windows .NET Server.
Overview
Two machines on a network using NWLink must be using the same frame type to communicate. NWLink on Windows 2000, Windows XP, and Windows .NET Server can listen to Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) traffic on the network and automatically configure itself to use the network frame type, which is usually
802.3 for NetWare 2.2 through 3.11
802.2 for NetWare 3.12 and later
The following table shows the frame types supported by NWLink.
Network Topology | Frame Types Supported | ||||
Ethernet II | 802.2 | 802.3 | SNAP | 802.5 | |
Ethernet | x | x | x | x | |
Token Ring | x | x | |||
FDDI | x | x |
Notes
NWLink on Windows 2000 Server and Windows .NET Server lets you configure multiple frame types if needed, but if multiple frame types are detected where one of them is 802.2, then the 802.2 frame type will be selected by default. NWLink on Windows 2000 Professional and Windows XP Professional can be configured for multiple frame types only by editing the registry.
See Also NWLink IPX/SPX-Compatible Transport (NWLink)
The transmission of data through free space using lasers.
Overview
Free Space Optics (FSO) was conceived 20 years ago when fiber-optic technology was still in its infancy. The promise of FSO has only begun to be commercially realized, however, in the last couple of years.
FSO sends data using modulated laser beams through the air without wires or cables. It can be used to connect networks together and to link networks to high-speed wide area network (WAN) services provided by carriers. It can work with any networking architecture but is most commonly used to transport Internet Protocol (IP) packets. It is fundamentally similar to microwave communications but operates in the terahertz frequency range of infrared and visible light.
Implementation
FSO is a line-of-site (LOS) technology that supports point-to-point, multipoint, and fully meshed networking topologies. Point-to-point connections enable data to be carried up to gigabit speeds over distances of several miles. Multipoint connections tend to be lower in speed, but fully meshed topologies can provide a measure of fault tolerance and resiliency in case of link failure.
Advantages and Disadvantages
The main advantage of FSO over traditional fiber networking is that it is cheaper and easier to deploy. The cost of laying new fiber from a telco central office (CO) to a customer's building can run in the hundreds of thousands of dollars, and it takes weeks or months to be provisioned. By contrast, a point-to-point FSO link can be established between two buildings in a matter of days and for a fraction of the cost.
Since FSO operates in an unregulated portion of the frequency band, no additional licensing costs are required to implement the technology. This cost savings can be passed down to customers, making FSO an attractive alternative to fiber. A factor in favor of FSO deployment is that some analysts estimate that 90 percent of buildings in the United States do not yet have fiber deployed to them by carriers.
On the negative side, FSO has some issues associated with its deployment and usage. Since it is a line of sight technology, interference from buildings, airplanes, birds, and weather can interrupt service, reducing FSO's reliability to well under the 99.999 percent rating of conventional fiber-based carrier services. Often the best solution for FSO providers is to establish a backup network to handle these situations, and a typical such network would be a set of point-to-point microwave links (microwaves can be affected by rain but are impervious to the fog and pollution that can interfere with FSO transmissions).
Another issue is that the buildings on which FSO transceivers are mounted tend to sway in the wind and even change size and shape with the seasons, making it complex to align FSO transmissions accurately. Obtaining rooftop right-of-way to deploy FSO equipment often proves costly, but some vendors have reacted by producing transceivers that can be mounted inside offices and transmit their laser beams through windows.
There is also the issue of public perception of safety hazards associated with FSO, namely of having invisible laser beams running all over the place. Although FSO transceivers typically generate less intensity than a laser pointer, safety is still considered an issue of public import and the U.S. Food and Drug Administration (FDA) will probably set specific guidelines in this area.
Marketplace
The number of vendors and service providers offering FSO has been exploding recently. Some of the vendors offering FSO equipment include AirFiber, LightPointe, Terabeam Corporation, and many others.
Service providers Tellaire and Broadband Highway also offer metropolitan area networking (MAN) services in a number of major cities across the United States.
See Also fiber-optic cabling
The signal multiplexing technology used in the AMPS (Advanced Mobile Phone Service) cellular phone system.
Overview
Frequency Division Multiple Access (FDMA) is one of three methods used for allocating channels to users over the shared wireless communications medium in cellular phone communication; the others are Time Division Multiple Access (TDMA) and Code Division Multiple Access (CDMA). FDMA is the oldest of these methods and is used in the analog AMPS cellular phone system still widely deployed throughout the United States and some other parts of the world. FDMA is also used by traditional AM and FM radio bands to allow broadcast by individual stations and by the CT2 communications system used for cordless telephone systems.
Implementation
FDMA is based on frequency-division multiplexing (FDM) and is implemented at the media access control (MAC) layer of the data-link layer in the Open Systems Interconnection (OSI) reference model. One way to understand FDMA is to imagine different people in the same room communicating in voices with different pitches, some high and some low; they'd all be able to talk simultaneously and (more or less) understand one another.
Frequency Division Multiple Access (FDMA). How FDMA works.
In the AMPS cellular system that is based on FDMA, each user is assigned a specific channel (frequency band) in the allotted electromagnetic spectrum, and during a call that user is the only one who has the right to access the specific band. These frequency bands are allocated from the electromagnetic spectrum as follows:
Transmission by mobile station: 824 megahertz (MHz) to 849 MHz
Transmission by base station: 869 MHz to 894 MHz
Two different frequency bands are used to allow full-duplex communication between base and mobile stations. Both of these bands are then divided into discrete channels that are 30 kilohertz (kHz) wide in bandwidth.
Advantages and Disadvantages
One disadvantage of FDMA is that only one subscriber can be assigned at a time to a particular channel within a cell. Once the channel is allocated, it remains the possession of the subscriber until the call is terminated or the subscriber roams outside the cell.
See Also cellular communications , Code Division Multiple Access (CDMA) , Time Division Multiple Access (TDMA)
A signal transmission technology in which multiple signals can simultaneously be transmitted over the same line or channel.
Overview
Frequency-division multiplexing (FDM) can be used in both wired and wireless networking for transmitting large amounts of data at high speeds. FDM is the simplest and oldest form of multiplexing in wireless networking technology.
FDM involves simultaneously transmitting multiple signals on different frequencies. These different frequencies, called channels, share nonoverlapping portions of the total frequency band being used. Signals from different data sources are fed into a multiplexer that modulates each signal and transmits them at different frequencies. These signals are then transmitted over the wire or through wireless communication and are separated at the destination into individual data signals using a demultiplexer.
Uses
FDM is used in a number of popular technologies including cable television (primarily within Hybrid Fiber Coaxial [HFC] cable systems), microwave and satellite networking, and in the older Advanced Mobile Phone Service (AMPS) cellular phone system.
See Also Frequency Hopping Spread Spectrum (FHSS) ,multiplexing ,time-division multiplexing (TDM)
A spread-spectrum transmission technology for wireless networking.
Frequency hopping. How frequency hopping works.
Overview
Spread-spectrum wireless technologies trade throughput for increased reliability and were originally developed by the U.S. military to provide communication that could not easily be jammed. Frequency hopping transmitters take the incoming data stream and segment it into multibit packets. These packets are then transmitted sequentially in a pseudo-random manner over the various frequency channels within the spread-spectrum band being used. In other words, the frequency of the carrier signal keeps hopping around. Synchronization between the master transmitter and slave devices is achieved by modulating the center or carrier frequency of the communication band according to a preset algorithm. Both the mobile and the base station know the modulation algorithm, which enables them to keep in communication with each other. For increased security, the modulation algorithm can be dynamically modified.
Frequency hopping is employed in cellular communications systems and some wireless networking systems. It is also used in Bluetooth PAN (personal area network) technologies.
See Also Bluetooth , direct sequencing , spread spectrum
Any type of wireless communications system based on frequency hopping.
Overview
Frequency Hopping Spread Spectrum (FHSS) is the earliest secure transmission mechanism used for the physical layer of wireless communications. FHSS was conceived as a technology by actress Hedy Lamarr and composer George Antheil during World War II and became popular as a secure communications system that was resistant to eavesdropping.
Implementation
FHSS employs a narrowband carrier and divides communications up into a number of discrete channels. Information is transmitted in a series of short bursts that hop from one frequency to another. To a non-FHSS receiver, the transmission seems to be random bursts of noise. To make FHSS work, both the transmitter and receiver are programmed with the same hopping sequence and are synchronized with each other so that the receiver always knows what frequency the transmitter is going to hop to next. If interference is encountered on a channel, the transmission for that channel is discarded and retransmitted on the next hop, making FHSS an efficient means of communication in noisy environments.
Uses
FHSS is one of the three PHY layer technologies defined by the 802.11 wireless networking standard, the others being Direct Sequence Spread Spectrum (DSSS) and infrared. Although early 802.11 radio equipment employed FHSS, the newer 802.11b standard does not support FHSS and uses DSSS instead.
Another technology that uses FHSS is Bluetooth, a short-range wireless networking technology for building personal area networks (PANs).
See Also Bluetooth ,Direct Sequence Spread Spectrum (DSSS) ,spread spectrum ,wireless networking
A list of commonly asked questions and their answers.
Overview
Frequently asked questions (FAQ) are usually developed for beginners in a given subject to reduce the amount of customer technical support required. They are often available for computer products and services on company and organization Web sites on the Internet, as well as for many different Usenet newsgroups. Some Microsoft software documentation also includes FAQs to provide quick answers to commonly asked questions about the software. To ease your customer support requirements, create simple and highly usable FAQ for your clients.
Stands for File and Print Services for Macintosh, a Microsoft Windows 2000 service that provides Macintosh users with access to files stored on NTFS volumes on Windows 2000 file servers.
See Also File and Print Services for Macintosh (FSM)
Stands for flexible single-master operation, a unique set of single-master roles for domain controllers in Windows 2000 and Windows .NET Server networks.
See Also flexible single-master operation (FSMO)
Stands for Free Space Optics, the transmission of data through free space using lasers.
See Also Free Space Optics (FSO)
Stands for File-Transfer Access and Management, the Open Systems Interconnection (OSI) reference model counterpart of the Internet standard File Transfer Protocol (FTP).
See Also File-Transfer Access and Management (FTAM)
Stands for File Transfer Protocol, an application-level protocol that can be used for transferring files between hosts on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.
See Also File Transfer Protocol (FTP)
A Microsoft Windows NT service on servers running Microsoft Internet Information Server, or a Windows 2000, Windows XP, or Windows .NET Server service on servers running Internet Information Services (IIS).
Overview
The FTP service supports the Internet standard File Transfer Protocol (FTP) and allows users to upload and download files between FTP clients and FTP servers. IIS FTP servers support only anonymous authentication or Basic Authentication. When an FTP client attempts to connect to an FTP server configured to use Basic Authentication, the user's name and password are transmitted as clear text over the network, which is insecure. The best way to secure FTP services is to enable anonymous authentication on all FTP servers, which requires users to log on with the username "anonymous." (They can enter anything for the password, but the FTP server's welcome message usually requests politely that they use their e-mail address as their password for logging purposes.) You should configure the FTP service on IIS to allow only anonymous logons to prevent users from passing their credentials over the network. Then simply avoid storing critical information on your FTP servers and use them for access to public information only.
You will probably also want to configure your FTP servers to allow only downloads and prohibit all uploads. If your corporate users must upload files remotely using FTP, you can create an FTP drop box for them. An FTP drop box is a folder on an NTFS volume, configured as a virtual directory that has write permission on it but not read permission. In other words, users can upload files to the directory but cannot read what has already been uploaded.
Stands for fiber to the curb, the laying of fiber-optic cabling by telcos to the customer premises.
See Also fiber to the curb (FTTC)
Commonly called a normal backup in Microsoft terminology, a backup type in which an entire volume or system is backed up.
See Also normal backup
A mode of communication in which data is simultaneously transmitted and received between stations.
Overview
Full-duplex communication is twice as fast as half- duplex communication and typically uses two separate pairs of wires (or two channels for wireless networking) for supporting simultaneous transmission and reception by a host. An alternative arrangement is to use some multiplexing technique, such as time-division multiplexing (TDM), to interleave transmission and reception on a single channel. This does not produce true full-duplex communication, but to an ordinary user it might appear to do so if the interleaving process is fast enough.
Full-duplex. Full duplex communications compared to simplex and half-duplex.
Examples of full-duplex communication include cellular telephone technologies and full-duplex Ethernet. Examples of half-duplex communication are walkie- talkies, CB radios, and standard Ethernet networks. Examples of simplex communication technology include satellite broadcasting and cable TV broadcasting.
See Also full-duplex Ethernet ,half-duplex ,signaling ,time-division multiplexing (TDM)
A form of Ethernet that supports full-duplex communication between stations on the network.
Overview
Full-duplex Ethernet lets stations send and receive data simultaneously, thus giving it twice the maximum throughput of traditional forms of Ethernet. Full-duplex Ethernet uses two wires for sending and receiving data simultaneously.
Full-duplex Ethernet. Using full-duplex Ethernet to connect local area networks (LANs) using long-haul fiber.
Full-duplex Ethernet does not use the traditional Carrier Sense Multiple Access with Collision Detection (CSMA/CD) media access control method of traditional half- duplex Ethernet since collisions cannot occur on a full- duplex, point-to-point link between two stations. Instead, full-duplex Ethernet uses dedicated point-to-point connections between stations where collisions cannot occur. To implement these point-to-point connections, you must use Ethernet switches instead of traditional hubs or repeaters since hubs are shared media devices and cannot provide dedicated connections.
Using switches means that full-duplex Ethernet avoids the collisions that can degrade the performance of standard half-duplex Ethernet. In theory, a full-duplex connection on a 100 megabits per second (Mbps) Fast Ethernet network has a maximum speed of 200 Mbps. In reality, however, full-duplex Ethernet tends to achieve only a 20 to 60 percent higher throughput than regular half-duplex Ethernet.
The table below shows which varieties of Ethernet support both half-duplex and full-duplex signaling and which are restricted to half-duplexing only.
Media specification | Full-Duplex Supported |
10Base2 | |
10Base5 | |
10BaseT | X |
10BaseFL | X |
10BaseFB | |
10BaseFP | |
100BaseTX | X |
100BaseT2 | X |
100BaseT4 | |
100BaseFX | X |
1000BaseCX | X |
1000BaseLX | X |
1000BaseSX | X |
1000BaseTX | X |
Uses
Because the distance limitations between two stations in full-duplex Ethernet depend only on the strength of the transceivers with respect to the medium used, station-to-station distances for full-duplex Ethernet connections can be much greater than for traditional Ethernet networks. For 100-Mbps full-duplex links, this is generally around 1.25 miles (2 kilometers) over fiber- optic cabling but using vendor-specific nonstandard repeaters, this can be extended to 62.5 miles (100 kilometers) or more.
You can also use 10-Mbps full-duplex Ethernet to connect two 10BaseT Ethernet networks over duplex single-mode fiber-optic cabling at distances of up to 15 kilometers. To do this, use a pair of half-to-full duplex converters at either end of the fiber-optic line. These converters should always be used in pairs, and they typically have an attachment unit interface (AUI) port that accepts the fiber-optic transceiver.
See Also Carrier Sense Multiple Access with Collision Detection (CSMA/CD) , Ethernet , half-duplex
In the Domain Name System (DNS), a dotted name that fully identifies a Transmission Control Protocol/Internet Protocol (TCP/IP) host on the Internet.
Overview
A fully qualified domain name (FQDN) of a host consists of its host name together with its domain name and any names of subdomains in which the host resides, all of which are separated by periods. FQDNs are used in Uniform Resource Locators (URLs) for accessing Web pages on the Internet and provide an absolute path through the DNS namespace to the target host on which the Web page resides. They are also sometimes called absolute domain names.
Examples
For the host having the FQDN
server7.microsoft.com
the host name is server7 and the domain is microsoft.com.
See Also domain name ,Domain Name System (DNS)
An annual business symposium designed for the business experts and managers in the Microsoft Certified Solution Provider (MCSP) worldwide community.
Overview
The general purpose of Microsoft Fusion is to enable solution providers to
Share information on the latest Microsoft Corporation products, technologies, and sales strategies from experts in the field
Share their experiences and tips with other industry experts and peers
Discover new methods for growing a business by capitalizing on Microsoft technologies and resources
For More Information
Visit Microsoft Fusion at events.microsoft.com/events/fusion.
