Stands for Intelligent Input/Output (I2O), a hardware architecture developed by a consortium led by Intel that improves the input/output (I/O) performance of systems by relieving the CPU of interrupt-intensive I/O tasks.
See Also Intelligent Input/Output (I2O)
Stands for Internet Architecture Board (IAB), a technical advisory group for the Internet Society (ISOC).
See Also Internet Architecture Board (IAB)
Stands for Integrated Access Device, a wide area network (WAN) access device for consolidating voice and data, usually over Asynchronous Transfer Mode (ATM) circuits.
See Also Integrated Access Device (IAD)
Stands for Internet Assigned Numbers Authority, the organization that coordinates the assignment of unique Internet Protocol (IP) parameters such as the IP address space and the Domain Name System (DNS).
See Also Internet Assigned Numbers Authority (IANA)
Stands for Infiniband, an emerging high performance input/output (I/O) architecture.
See Also Infiniband (IB)
Stands for Interior Border Gateway Protocol, the version of Border Gateway Protocol (BGP) used for exchanging routing information within the same autonomous system (AS).
See Also Interior Border Gateway Protocol (IBGP)
Stands for Independent Computing Architecture, a general-purpose presentation services protocol developed by Citrix Systems.
See Also Independent Computing Architecture (ICA)
An Internet Engineering Task Force (IETF) standard for exchange of calendaring information.
Overview
The iCal standard defines a uniform data format for exchanging scheduling information. The intention is for iCal to be used by Internet-based applications so users can exchange information about meetings, appointments, events, and so on. The iCal standard replaces an earlier initiative called vCal or vCalendar.
The iCal standard is supported by Microsoft Outlook, the premier messaging and collaboration client from Microsoft. Specifically, Outlook uses a portion of iCal called iCalendar, together with an Outlook feature called Internet Free/Busy (IFB), to allow Outlook clients to exchange scheduling information over the Internet.
See Also vCard
Stands for Internet Corporation for Assigned Names and Numbers, a nonprofit corporation that has taken over some of the functions of the Internet Assigned Numbers Authority (IANA).
See Also Internet Corporation for Assigned Names and Numbers (ICANN)
Stands for Internet Connection Firewall, a new integrated firewall application in Windows XP and Windows .NET Server.
See Also Internet Connection Firewall (ICF)
Stands for Internet Control Message Protocol, a Transmission Control Protocol/Internet Protocol (TCP/IP) network layer protocol used for various purposes.
See Also Internet Control Message Protocol (ICMP)
An emerging standard from the Internet Engineering Task Force (IETF) for combating distributed denial of service (DDoS) attacks.
Overview
One of the Internet's greatest vulnerabilities is its exposure to DDoS, a form of attack in which hackers commandeer a large number of machines and turn them into "zombies" that are then used to attack Web servers with a flood of Internet Control Message Protocol (ICMP) packets. The source of these packets is difficult to track down because the packets contain spoofed Internet Protocol (IP) source addresses, making it difficult for administrators whose machines are under attack to trace the origin of these attacks. ICMP Traceback Messages, also known by the nickname itrace, is a protocol being developed by the IETF to make such tracking down possible.
Implementation
The itrace protocol is implemented on border and backbone routers deployed at Internet service providers (ISPs). Routers enabled with itrace occasionally tag regular IP packet traffic forwarded by routers with itrace messages. Typically, out of every 20,000 IP packets forwarded by a router, only one will have an itrace message attached to it. As a result, itrace has a negligible impact on network and router performance.
ICMP Traceback Messages. How ICMP Traceback Messages can be used to track down the source of a DDoS attack.
When a DDoS attack is underway, a flood of ICMP packets arrives at the target host. A small number (0.002 percent) of these packets will have itrace messages attached, and these messages can be used with a little ingenuity to trace the ICMP packets back to their sources on zombie machines, regardless of whether the source IP address of the packets is spoofed or not. Once the zombies can be identified, the administrator of the network on which they are located can be contacted to stop the attack and try to determine how their network was originally compromised. Note that itrace by itself can be used only to identify the zombies, not the hacker who originally compromised these machines.
To prevent hackers from spoofing the itrace messages themselves, a public key infrastructure (PKI) is required to guarantee the identity of the messages. This requirement, together with the cost of upgrading ISP routers, makes it probable that it may take a year or so after the ICMP Traceback Messages standard is ratified before it is widely deployed on key routers around the Internet. And for itrace to be effective in defeating DDoS attacks, it must be implemented on edge and backbone routers all over the Internet.
See Also Distributed Denial of Service (DDoS) , hacking , router
Stands for integrated communications provider, a telecommunications service provider that offers one- stop shopping for voice and data telecommunications through a single integrated architecture.
See Also integrated communications provider (ICP)
Stands for Internet Cache Protocol, a protocol that enables arrays of proxy servers to work together over a network.
See Also Internet Cache Protocol (ICP)
A popular Internet conferencing (chat) protocol.
Overview
ICQ is a proprietary protocol developed by Mirabilis and is similar to IRC (Internet Relay Chat). It enables users to locate other ICQ users on the Internet and communicate with them in real time. ICQ, which homophonically stands for "I seek you," lets you search for users currently online on ICQ networks and alerts you when friends go online. You can use ICQ to send real-time messages to other users, have group chat sessions, send e-mail, transfer files and URLs, play games, and so on. ICQ can even function as a universal platform for launching any peer-to-peer application, such as Microsoft NetMeeting.
When you install ICQ and begin the registration process, you are connected to an ICQ server that belongs to a network of such servers distributed across the Internet. During registration, you are given a unique number called an ICQ#, which identifies you to all other users on the ICQ network. You use your ICQ# to register your presence with the ICQ network when you go online and start ICQ and to allow other ICQ users to recognize when you are online so that they can contact you. You can specify a list of ICQ friends, and an ICQ server will alert you when any of these friends go online.
For More Information
Visit ICQ Inc. at www.icq.com
See Also instant messaging (IM) ,Internet Relay Chat (IRC)
Stands for intrusion detection system, any system used to detect attacks on a host or network.
See Also intrusion detection system (IDS)
Stands for ISDN Digital Subscriber Line, a hybrid of Integrated Services Digital Network (ISDN) and Digital Subscriber Line (DSL) technologies.
See Also ISDN Digital Subscriber Line (IDSL)
Stands for Internet Explorer, Microsoft Corporation's integrated suite of client-side Internet software, which is included with all current versions of Microsoft Windows.
See Also Internet Explorer
Stands for Internet Explorer Administration Kit, a tool for customizing and deploying Microsoft Internet Explorer throughout an enterprise.
See Also Internet Explorer Administration Kit (IEAK)
Stands for Institute of Electrical and Electronics Engineers, a worldwide nonprofit association of technical professionals.
See Also Institute of Electrical and Electronics Engineers (IEEE)
A parallel interface standardized by the Institute of Electrical and Electronics Engineers (IEEE).
Overview
Also known as the General-Purpose Interface Bus (GPIB), the IEEE 488 parallel interface was developed by Hewlett-Packard and is used mainly for connecting computers to measurement sensors and test equipment for automatic data acquisition in a laboratory or industrial setting. Examples of such equipment include signal generators, frequency counters, voltmeters, and temperature sensors.
Architecture
IEEE 488 supports high-speed parallel communication using a 24-pin connector. An IEEE 488 cable generally has eight single wires for data transfer, eight twisted- pairs for interface handshaking and management, and a drain (ground) wire, all enclosed in an insulating protective jacket. This configuration provides eight bidirectional channels for transmitting 1 byte (8 bits) of information at a time, at a maximum bus speed of 1 megabit per second (Mbps) using tristate drivers.
The IEEE 488 standard lets you chain together up to 15 devices for a total length of 20 meters (66 feet), with no more than three connectors stacked and no more than 2 meters (6.5 feet) between adjacent devices. The master device acts as a controller that determines which device can transmit data over the bus at any given time, while the other devices are placed in standby mode. Only one device can transmit signals on the bus at any given time, but multiple devices can receive those signals.
Notes
If your industrial environment is dusty or has high levels of electromagnetic interference (EMI) from motors, generators, or other heavy equipment, you can obtain special shielding covers to protect your IEEE 488 connectors. You can also use switchboxes to alternate several industrial sensors on a single IEEE 488 cable.
Also called Project 802, an ongoing project of the Institute of Electrical and Electronics Engineers (IEEE) for defining local area network (LAN) and wide area network (WAN) standards and technologies.
See Also Project 802
A high-speed bidirectional parallel interface standardized by the Institute of Electrical and Electronics Engineers (IEEE).
Overview
IEEE 1284 enables bidirectional communication between computers and attached printers and enables computers to spool jobs to printers at more than 10 times the speed of a traditional parallel port interface. Also called Enhanced Parallel Port (EPP), IEEE 1284 is compatible with the Centronics interface standard used for connecting parallel port printers to computers. This bidirectional communication allows the print device to return information to the computer that queried it for hardware information. This information can include device ID value, printer memory, installed fonts, and other information that the printer driver on the server can use to install and configure the printer. Bidirectional communication also allows the print device to send status messages (such as an "out of paper" message) to the server.
Architecture
IEEE 1284 specifies two electrical interfaces:
Level I interface, which functions at a lower speed and provides only reverse-mode capabilities
Level II interface, which functions at a higher speed and provides bidirectional communication
The connectors for the IEEE 1284 interface also come in various types:
Type A connectors, which are standard 25-pin DB25 connectors
Type B connectors, which are 36-pin centerline Champ connectors with bale locks to hold the cable in place for physical security
Type C connectors, which are 36-pin centerline miniconnectors with clips for physical security
Implementation
Microsoft Windows 2000 can detect plug-and-play print devices by communicating with them using IEEE 1284. To make bidirectional printing work, you need
A print device such as a laser printer that supports bidirectional printing.
A correctly configured parallel port on the connected computer or print server. For example, if the parallel port is configured as AT-compatible, change it to PS/2 mode.
An IEEE 1284-compliant cable having a DB25 male connector on one end and a Centronics 36 male connector on the other. IEEE 1284 cables are commonly used for connecting laser printers, scanners, tape drives, and portable storage devices (such as Iomega Zip drives) to a computer. An IEEE 1284 cable typically has "IEEE 1284" printed on its insulating jacket.
Notes
You can also obtain cables for converting the IEEE 1284 parallel interface to the universal serial bus (USB) interface to connect print devices with a Centronics connector to a computer with a USB connector. Special signal-powered IEEE 1284 cables can allow printers to be located up to 100 feet (30 meters) from the connected computer and still maintain reliable communication. Adapters are available for connecting 36-pin and DB25 connectors.
Better known by its trademarked name "FireWire," a serial interface for connecting high-speed peripherals to computers.
See Also FireWire
Stands for Internet Engineering Task Force, an international community of networking engineers, network administrators, researchers, and vendors whose goal is to ensure the smooth operation and evolution of the Internet.
See Also Internet Engineering Task Force (IETF)
Stands for Internet File System, a technology developed by Oracle Corporation for sharing data over the Internet.
See Also Internet File System (iFS)
Stands for Internet Group Management Protocol, a Transmission Control Protocol/Internet Protocol (TCP/IP) network layer protocol used for informing routers of the availability of multicast groups on the network.
See Also Internet Group Management Protocol (IGMP)
Stands for interior gateway protocol, any routing protocol used to distribute routing information within an autonomous system.
See Also interior gateway protocol (IGP)
Stands for Interior Gateway Routing Protocol, an interior gateway protocol (IGP) developed by Cisco Systems.
See Also Interior Gateway Routing Protocol (IGRP)
Stands for Internet Inter-Orb Protocol, a CORBA (Common Object Request Broker Architecture) technology for distributed computing over the Internet.
See Also Internet Inter-Orb Protocol (IIOP)
Stands for Internet Information Services, a Microsoft Windows service that provides support for application-layer Internet protocols.
See Also Internet Information Services (IIS)
A cache maintained by Microsoft Internet Information Services (IIS).
Overview
The IIS Object Cache stores file objects that are frequently requested by the World Wide Web (WWW), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP) services and by Active Server Pages (ASP) applications. The IIS Object Cache contains handles for open file objects, directory listings, and other frequently used file system objects. The cache runs within the main inetinfo.exe process and provides improved performance for IIS services and ASP applications.
Notes
For performance reasons, you should keep the IIS Object Cache in the working set of the IIS process in RAM. Be sure that you have sufficient RAM to do this. If you do not have enough RAM, the IIS Object Cache will be paged to disk and performance will be impaired. You can observe the performance of the cache by using Performance Monitor. Look for counters relating to cache hits and cache misses for each IIS service.
See Also Internet Information Services (IIS)
Stands for Interim Interswitch Signaling Protocol, an Asynchronous Transfer Mode (ATM) protocol that enables cells to be routed over a switched virtual network (SVC).
See Also Interim Interswitch Signaling Protocol (IISP)
Stands for Internet Key Exchange, a protocol for managing keys in public key cryptography systems.
See Also Internet Key Exchange (IKE)
Stands for Intermediate Language, an intermediate byte code used by Microsoft Corporation's new .NET platform.
See Also Intermediate Language (IL)
Stands for Incumbent Local Exchange Carrier, another name for local telephone companies or telcos.
See Also Incumbent Local Exchange Carrier (ILEC)
Stands for Internet Locator Service, a Lightweight Directory Access Protocol (LDAP) directory service that enables Microsoft NetMeeting users to locate and contact other users for conferencing and collaboration over the Internet.
See Also Internet Locator Service (ILS)
Stands for instant messaging, a service that supports real-time call-based communications over the Internet.
See Also instant messaging (IM)
Stands for Inverse Multiplexing over ATM, a high- speed Asynchronous Transfer Mode (ATM) technology.
See Also Inverse Multiplexing over ATM (IMA)
Stands for Internet Mail Access Protocol version 4, a standard protocol for storage and retrieval of e-mail messages.
See Also Internet Mail Access Protocol version 4 (IMAP4)
A popular mobile communications service in Japan.
Overview
The i-mode service is currently the largest national packet-switched cellular service in the world. By the end of 2000 there were more than 10 million subscribers to this service and thousands of third-party applications and services developed for it. The i-mode service is a 2.5G cellular service operated by NTT DoCoMo and represents a model that's being considered by some providers that are currently implementing General Packet Radio Service (GPRS), such as Pacific Century CyberWorks (PCCW), a mobile services provider in Hong Kong SAR.
See Also 2.5G ,cellular communications
In engineering, the measure of resistance to the flow of electric current.
Overview
Impedance to signal flow within a transmission line has three components: a resistive component, a capacitative component, and an inductive component. The value for each component varies with the frequency of the current, which means that the overall impedance of a transmission line also varies with frequency. A perfect transmission would have an impedance that does not change with frequency.
Characteristic impedance is the measure of resistance of a transmission line (such as a cable) calculated with the assumption that the cable is of infinite length. It is represented by the symbol Z0 . Each type of network cabling has its own characteristic impedance. Twisted- pair cabling can have a relatively constant impedance by virtue of its design and dimensional characteristics. The Electronic Industries Association/Telecommunications Industries Association (EIA/TIA) wiring standards, specifically EIA/TIA 568-A (Commercial Building Telecommunications Cabling Standard), mandate that Category 5 (Cat5) cabling should have an impedance of 100 ohms, plus or minus 15 percent, up to a frequency of 100 megahertz (MHz). It is important that cabling meet these standards because networking equipment, such as hubs, switches, and routers, is designed to match this impedance value. If wiring with a different impedance is used with such equipment, reflections of signals can occur that can distort signals, create signal loss, and degrade network communications-or even render them impossible.
Notes
Impedance is an issue only with copper cabling and is not a relevant physical characteristic for fiber-optic cabling.
See Also cabling
A security mechanism for client/server communication.
Overview
In Microsoft Windows 2000, Windows XP, and the Windows .NET Server family, impersonation is a method that a server uses to determine whether a client has sufficient rights to access a resource.
Impersonation involves temporarily altering the server's security context so that it matches that of the client. When the client attempts a connection to a resource on the server, it tells the server the impersonation level that the server can use to service the client's request. The client can offer four impersonation levels:
Anonymous: The server does not receive any information about the client's security context.
Identification: The server can authenticate the client but cannot use the client's security context for performing access checks.
Impersonation: The server can both authenticate the client and use the client's security context to perform access checks.
Delegation: The server authenticates the client and passes the client's security context to a remote server on the client's behalf. Delegation is not supported by the NTLM authentication method of Windows NT Server, but delegation is supported by the Kerberos authentication method of Windows 2000, Windows XP, and Windows .NET Server.
Examples
An example of impersonation occurs when anonymous access is enabled on a Web site hosted on Internet Information Services (IIS). Anonymous access uses the IUSR_ComputerName anonymous account on the IIS server, which is by default part of the Guests local group. If an IIS machine receives a Hypertext Transfer Protocol (HTTP) request from a remote Web browser, IIS impersonates the IUSR_ComputerName account so that it can allow the remote client to access the requested files or run the requested application. This prevents access to system files on the IIS machine by the remote client.
Stands for International Mobile Telecommunications- 2000, an initiative of the International Telecommunication Union (ITU) to create a global standard for third- generation (3G) wireless data networks.
See Also International Mobile Telecommunications-2000 (IMT-2000)
Stands for inverse multiplexer, a device that can perform inverse multiplexing of digital telecommunication channels.
See Also inverse multiplexer (IMUX)
A special domain in the Domain Name System (DNS) that is used for inverse queries.
Overview
The in-addr.arpa domain contains nodes whose names are based on Internet Protocol (IP) addresses with octets in the reverse order. For example, a host with the IP address 172.16.8.44 would be represented in the in-addr.arpa domain by 44.8.16.172.in-addr.arpa. Resource records for the in-addr.arpa domain are called pointer (PTR) records and are contained within a type of zone file called a reverse lookup file. Using the in-addr.arpa domain, a resolver can submit a request to a name server to resolve an IP address into its corresponding fully qualified domain name (FQDN).
See Also Domain Name System (DNS)
A method of transmitting control information through the same circuit or line that carries data.
Overview
Generally, any signaling transmission that takes place within a range of frequencies that is normally used only for data transmission is known as in-band signaling. Instead of using separate control and data channels, control information is transmitted using a portion of the data channel. If a separate control channel is used instead, the approach is called out-of-band signaling.
Implementation
As an example, in-band signaling is used in switched 56 services, in which a 64-kilobit-per-second (Kbps) digital communication link has 8 Kbps set aside for control signaling. This is sometimes referred to as "robbed-bit signaling" because the 8-Kbps bandwidth is "robbed" from the data channel for handling control functions such as wide area network (WAN) link synchronization. T1 lines that use switched channels also use in-band signaling techniques.
In-band signaling. Comparison with out-of-band signaling.
See Also out-of-band (OOB) signaling
A form of partial backup used in between normal backups during a backup cycle.
Overview
In an incremental backup, only those files and folders that have changed since the last normal backup are backed up. The archive attribute is also marked for each file and folder backed up.
Incremental backups are typically used in conjunction with normal backups to simplify and speed up the overall backup process. If you do a normal backup on one particular day of the week, you can perform incremental backups on the remaining days to back up only the files that have changed during each day of the backup schedule. Incremental backups are faster than normal backups and use less tape.
Notes
Incremental backups are not cumulative, as differential backups are, so when you need to perform a restore, you need the normal backup and all incremental backups since the normal backup was done. Incremental backups are faster to perform but take longer to restore.
See Also backup type ,differential backup
A method of updating zone information between name servers in the Domain Name System (DNS).
Overview
Incremental zone transfer is a more efficient method of propagating zone updates than the earlier standard DNS method of transferring the entire zone file using the AXFR request. Incremental zone transfer is defined in RFC 1995 and uses the IXFR request to transfer only the minimal information needed to keep the DNS servers within a given zone of authority in synchronization.
In incremental zone transfer, every primary or master DNS server maintains a full copy of the up-to-date zone file plus an additional version history that records any changes to resource records that occurred during recent updates of the zone file. When a secondary DNS server makes an IXFR request to a primary or master DNS server, the master server compares the zone version number of the secondary server's zone to its own current version number. The zone version number is the serial number stored in the start of authority (SOA) record of the DNS server. If the master server has a newer version number and incremental zone transfers are supported, the master server sends to the secondary server only those changes to resource records that have occurred in the time interval between the two version numbers. If the version numbers of the master and secondary servers match, no zone transfer takes place. And if incremental zone transfer is not supported, the normal full zone transfer takes place instead.
Notes
Incremental zone transfers are supported as part of the dynamic update features of Microsoft Windows 2000 and Windows .NET Server.
See Also Domain Name System (DNS) ,zone transfer
Another name for local telephone companies or telcos.
Overview
Incumbent Local Exchange Carriers (ILECs) include
Regional Bell Operating Companies (RBOCs), holding companies for about two dozen telephone companies that were created by the divestiture of AT&T in 1984.
Other smaller independent telephone companies, especially in rural areas
The name Incumbent Local Exchange Carrier basically means that ILECs are
Incumbent: They are the ones who own and control the local loop wiring infrastructure that provides telephone services to customers in their particular area.
Local: They service specific regions of the United States, in contrast to inter-exchange carriers (IXCs), which provide long-distance services from coast to coast.
Exchange: They provide telephone exchange services through their central office (CO) switching facilities, enabling customers to dial and make calls.
Carriers: They "carry" phone line signals and generally provide a wide range of telecommunication services as well.
In contrast, Competitive Local Exchange Carriers (CLECs) are companies that either
Lease local loop services from ILECs to provide customers with such services as Digital Subscriber Line (DSL), T-carrier, frame relay, and so on (DSL is the most popular CLEC offering), or
Provide their own connection to customers, typically fiber-optic connections for businesses in dense urban areas to provide such services as Voice over IP (VoIP) and Metropolitan Ethernet. Cable TV (CATV) operators generally are not referred to as CLECs even though they may provide services such as Internet access that "compete" with other Local Exchange Carriers (LECs).
Prospects
Despite the Telecommunications Act of 1996, which was intended to open up the telecom market by giving IXCs and CLECs access to ILEC's local loop wiring, the process has been far from smooth. Analysts have often seen ILECs as reactionary dinosaurs compared to the cutting-edge technologies offered by CLECs. For example, ILECs have not followed through on decades-old promises of replacing the existing copper loop wiring infrastructure with fiber-optic cabling to provide "fiber to the curb" services for business and residential customers. In addition, since the Telecommunications Act some ILECs have been slow in opening up their local loop networks to competitors, resulting in legal challenges that have led in some cases to Federal Communications Commission (FCC) rulings and penalties.
With the collapse of the dot-com bubble in 2001, however, investment in CLECs has declined precipitously, driving many out of the market and forcing others to merge or to be acquired by ILECs and IXCs. The result after five years is that the ILECs have had time to consolidate their positions as regulated monopolies and have begun modernizing their networks to provide high-demand services such as Asymmetric Digital Subscriber Line (ADSL) services for Internet access and High-bit-rate Digital Subscriber Line (HDSL) for enterprise wide area network (WAN) connectivity. ILECs are now offering broadband telecommunication services through Digital Subscriber Line (DSL) over the copper local loop.
Notes
Enterprise network architects looking for telecommunication carriers they can use to build reliable, fault- tolerant WANs should carefully investigate the current offerings before jumping in and making commitments. Where possible, each branch of a large enterprise should employ two LECs instead of one to provide redundancy for its WAN connection, but make sure that each LEC uses a different point of presence (POP). For example, if you use the telecom services of both an ILEC and a CLEC, make sure the CLEC is not simply reselling services from the same ILEC using the same POP, which would nullify the redundancy of the arrangement. If buying WAN services, such as frame relay, from an IXC, be sure to also consider incorporating a redundant arrangement from another IXC or RBOC to protect your investment.
If you want to provision your company with DSL services, you typically have to go through a CLEC because ILECs are effectively regulated monopolies and usually are not allowed to act as Internet service providers (ISPs). This double provisioning makes DSL services more complex to deploy and troubleshoot since you have to deal with two companies instead of one (although the CLEC will usually be your front-end contact in the matter).
See Also Competitive Local Exchange Carrier (CLEC) , local exchange carrier (LEC), Regional Bell Operating Company (RBOC)
An architecture for server-based computing from Citrix Systems.
Overview
Independent Computing Architecture (ICA) is similar to Microsoft Corporation's RDP (Remote Desktop Protocol) and the X Windows System from Sun Microsystems and X/Open in that it provides
A centralized multiuser operating system that allows remote users to log on and run applications on the server from thin clients such as terminals and appliances.
A presentation services protocol that displays a desktop generated by the server on the client.
Implementation
ICA enables the user interface of an application to run with minimal consumption of resources on a client device while the actual application logic executes on an ICA-enabled server (sometimes called a terminal server). The only data transferred over the network between the server and the client device are the user interface, keystrokes, and mouse movements. This results in minimal resource requirements for the client, allowing the use of a "thin client." An ICA presentation only requires about 5 Kbps throughput each direction, so ICA clients can access ICA servers over a wide variety of connections, including 14.4 Kbps and higher modems, ISDN terminal adapters, wireless 802.11b LANs, and traditional Ethernet local area networks (LANs).
ICA provides location independence because it runs the server operating system and application programs at a centralized location while displaying the user interface on supporting clients anywhere on the network. The ICA presentation services protocol also runs over most industry-standard networking protocols including Transmission Control Protocol/Internet Protocol (TCP/IP), NetBEUI, and Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX). ICA also runs over encapsulation transports such as Point-to-Point Protocol (PPP) on top of wide area network (WAN) transport protocols such as Integrated Services Digital Network (ISDN), frame relay, and Asynchronous Transfer Mode (ATM).
ICA also supports browser-based access, enabling applications to be launched from Web pages and making ICA a platform-independent solution. ICA also supports shadowing, which enables administrators to remotely take over control of thin clients for troubleshooting or instructional purposes.
Marketplace
Citrix makes a product called Metaframe that can be installed on different Microsoft Windows server platforms to allow ICA clients to access these servers. In the arena of thin clients, the first ICA appliance to reach the market was the Winterm 1200LE from Wyse Technology, which uses embedded BSD UNIX.
See Also Remote Desktop Protocol (RDP) ,terminal ,terminal server
In relational database terminology, a database object that enables efficient and rapid access to data in the rows of a table using key values.
Overview
Indexes are created on columns in a database table and provide a way to logically order rows in a database table. Because databases without indexes take much longer to query, planning and implementing indexes comprise an essential part of database design. Indexes can also be used to enforce the uniqueness of rows in a database table by building the index on a key value.
Notes
Although using indexes generally speeds queries, it is not a good idea to have an index for every column because building the index takes time and requires additional disk space, plus modifying the contents of the database causes modifications to the index. You should only create indexes for the following:
Primary and foreign keys
Data on which you frequently issue search queries
Columns that are often retrieved in a sorted order or are used in joins
See Also database ,join ,key (database)
An emerging high-performance input/output (I/O) architecture.
Overview
Infiniband (IB) is a new I/O architecture designed for connecting high-performance servers with distributed storage systems such as Storage Area Networks (SANs). IB is designed to overcome the limitations of the standard Peripheral Component Interconnect (PCI) system bus, which is often a bottleneck in enterprise computing systems as far as storage is concerned. The 32-bit 33 megahertz (MHz) PCI bus and its faster 64-bit 133 MHz PCI-X bus are system buses that are capable of transporting data at speeds up to 1 gigabit per second (Gbps). Unfortunately, this means that for high- performance servers using Gigabit Ethernet (GbE) network interface cards (NICs), the entire throughput of the bus could be eaten up by the NIC alone, leaving insufficient bandwidth for moving data between disk storage and RAM. In contrast, IB will offer bus speeds of 10 Gbps or more, sufficient for most current situations.
Another limitation of PCI and PCI-X is that they are shared-bus architectures in which attached devices contend for use of the bus (similar to half-duplex Ethernet). In contrast, IB is a switched architecture that provides each attached device the maximum possible bandwidth and high scalability. IB is not intended to replace PCI/PCI-X but rather to complement these architectures in high-end servers and network storage systems.
History
IB emerged from two earlier competing architectures: Next Generation I/O (NGIO) and Future I/O. These technologies were similar but were supported by different industry coalitions. In 1999, these coalitions joined forces to forge a new System I/O standard, which was renamed IB or Infiniband Architecture (IBA). The IB standards are steered by the Infiniband Trade Association, whose members include Compaq Computer Corporation, Dell Computer Corporation, Hewlett- Packard, IBM, Intel Corporation, Microsoft Corporation, and Sun Microsystems.
Implementation
IB employs a switched point-to-point architecture. Virtual channels are used for establishing communications between different Infiniband-capable devices connected to an IB switch, and multiple channels can be established between two devices to provide fault tolerance in communications. Devices are connected to switches using channel adapters, of which there are two types:
Host channel adapter (HCA): This is used within hosts (servers) to connect processors and memory with external storage systems and network connections. The HCA connects to the server's memory controller, which controls access to the PCI/PCI-X system bus, the processors, and memory.
Target channel adapter (TCA): This is used to connect devices that provide a network service, such as a JBOD (just a bunch of disks) storage farm, a Small Computer System Interface (SCSI) drive array, a Fibre Channel Storage Area Network (SAN), or a local area network (LAN) connection.
IB currently runs only over fiber-optic cabling, although proposals have been made for running it over specialized copper cabling (not standard Category 5 cabling).
Marketplace
The first company to release a commercial product based on the IB 1.0 standard was the startup Mellanox Technologies, which produced switches and adapters in its InfiniBridge line of products. Since then a number of vendors have started to release similar products, and a flood of Infiniband products is expected to hit the market sometime in 2002.
Infiniband (IB). A simple example of using the IB architecture in enterprise computing.
Prospects
The main competitor for IB is Fibre Channel, which already has a head start through a large installed base in enterprise SANs. Although IB was developed mainly as an I/O bus for distributed storage, it can also be used for creating server clusters and to interface directly with LAN switches and wide area network (WAN) access devices. The advantage in speed that IB has over Fibre Channel may also be eroded as efforts are made to push Fibre Channel speeds to 10 Gbps. The biggest advantage IB has is probably its current wide support among major vendors. The next few years will decide which architecture wins out.
See Also Fibre Channel ,storage ,storage area network (SAN)
An international consortium of hardware and software manufacturers that creates and promotes interoperable solutions for infrared (IR) data networking for computer networks, communication, and other networking applications.
Overview
The Infrared Data Association (IrDA), which was formed in 1993, has over 150 members from hardware, software, and communication sectors. It has developed and agreed on standard formats for communication between computers and infrared devices to ensure interoperability between different systems, platforms, and devices. The IrDA also schedules meetings, conferences, and other events relating to infrared networking technologies. IrDA standards include the IrDA Data and IrDA Control infrared communication standards.
Notes
The IrDA standards have not been as widely implemented as had been hoped, mainly because infrared communication is essentially a line-of-sight (LOS) communications technology that is suited only to stationary users and devices. Some analysts believe the emergence of Bluetooth wireless networking technologies may eventually relegate IrDA to legacy technology, but this remains to be seen.
For More Information
Visit the IrDA at www.irda.org
See Also infrared transmission ,IrDA Control
The transmission of data or voice information over infrared (IR) light.
Overview
IR light is beyond the red end of the visible spectrum. Wavelengths in the range of 770 to 1400 nanometers (nm) are called the near infrared region of the electromagnetic spectrum, and longer wavelengths are called the far infrared. In computer networking, IR is often used to connect laptops or Personal Digital Assistants (PDAs) to peripherals (such as printers) without the use of wires. IR is also frequently used to connect laptops to desktop computers for synchronizing files.
Implementation
The most popular computer industry standard for infrared transmission is the IrDA Data standard developed by the Infrared Data Association (IrDA). In a typical IrDA scenario, IR communication makes use of devices called transducers, which consist of a driver and an emitter that can both transmit and receive infrared transmissions. The transducer is typically connected to an encoder/decoder that interfaces with the computer or peripheral's universal asynchronous receiver- transmitter (UART) for asynchronous serial transmission between the devices.
The IrDA Data protocol suite initiates a connection using the discovery functions of the Infrared Link Management Protocol (IrLMP) and then establishes the primary and secondary stations using the Infrared Link Access Protocol (IrLAP). The secondary station then adjusts its data speed to match the primary station and establishes a serial communication link.
Advantages and Disadvantages
The main disadvantages of IrDA devices are that they have severe distance limitations and require a direct line of sight between devices in order to communicate. Furthermore, outdoor communications can be adversely affected by fog and other bad weather conditions. The main advantage, of course, is that communications can be established without the bother of having to deploy wiring or cables, which makes IR mainly useful for transient (short time period) connections in a mobile or changing environment.
See Also Infrared Data Association (IrDA)
A term that refers to the collection of hardware and cabling that makes network communications possible in an enterprise.
Overview
In computer networking and telecommunications, infrastructure generally consists of two aspects:
Passive portion: The cabling and other wiring used to connect hardware devices. This also includes passive devices such as patch panels, connectors, and other devices. If wiring is mainly Category 5 (Cat5) or higher twisted pair copper cabling, the hierarchical structure of such wiring is typically referred to as structured wiring or structured cabling.
Active portion: Hardware devices such as hubs, switches, routers, and other networking devices. If the enterprise is geographically distributed across multiple locations, then the wide area network (WAN) access devices and carrier services may also be considered part of the company's infrastructure.
Marketplace
The infrastructure market is mainly dominated by large players. Examples include
Cisco Systems: Holds a large share of the networking hardware market at three levels: service providers (such as Internet service providers [ISPs] and telcos), enterprise (large companies), and commercial (small and mid-sized companies). Popular vendor for switches, routers, integrated access devices (IADs), and other hardware.
Juniper Networks: Popular switch/router vendor at the service provider level, with roughly one-third of this market.
Nortel Networks: Top vendor in the optical networking market, and a major Voice over IP (VoIP) vendor through partnership with Cable & Wireless.
IBM: Popular vendor in the Web-to-host networking environment.
EMC Corporation: Heavyweight in the network storage arena, with 35 percent of the market. The network storage market, including both Storage Area Network (SAN) and network attached storage (NAS) approaches, is the fastest growing segment of the enterprise infrastructure market.
Other popular infrastructure vendors include Enterasys Networks, Lucent Technologies, and many others.
Prospects
One recent development is the emergence of online superstores where enterprise customers can purchase infrastructure products. Examples of these include Buy.com and cdw.com. Another development is online IT (information technology) exchanges, where infrastructure products and services can be purchased and provisioned. Examples here include Cymerc Exchange (switches and routers), Simplexity (telecom services), ITParade.com (refurbished equipment), and TekSell.com (online auctions of IT equipment).
See Also router ,structured wiring ,switch
The process of child objects acquiring the security settings of parent objects.
Overview
In Microsoft Windows 2000, Windows XP, and the Windows .NET Server family, inheritance is a feature that allows the access control entry (ACE) for an object whose security settings are being configured to be propagated to other objects that are beneath it in the file system or directory hierarchy. Inheritance simplifies the administration of hierarchical file systems and directories by allowing administrators to configure ACEs globally and then modify them on an exception basis, rather than configure ACEs individually for each object in the system.
In Windows NT, inheritance is used in the NTFS file system for propagating the permissions assigned to a folder to the files and folders within that folder. In Windows 2000, inheritance also applies to the Active Directory directory service and allows permissions assigned to a container or an organizational unit (OU) within Active Directory to be propagated further down the directory tree. Inheritance also appears in other directory-based systems such as Microsoft Exchange Server, in which Exchange administrative permissions assigned to a container in the Exchange directory that is based on the Lightweight Directory Access Protocol (LDAP) can be applied to leaf objects and other containers within that container.
See Also delegation ,discretionary access control list (DACL) ,permissions
Text files used in legacy versions of Microsoft Windows.
Overview
Windows 3.1 and Windows for Workgroups stored configuration information about hardware, devices, and services in text files called INI (initialization) files. These files, which have the extension .ini, included
WIN.INI, which stores information about the desktop environment, fonts, and printers, as well as other settings
SYSTEM.INI, which stores boot settings and information specific to running in Standard and 386 Enhanced modes
CONTROL.INI, which maintains the Windows color schemes
PROGMAN.INI, which stores information about program groups
WINFILE.INI, which stores status information for File Manager
In addition, individual applications often created their own INI files during installation to store application- specific settings.
In later versions of Windows, including Windows 95, Windows 98, Windows Millennium Edition (Me), Windows NT, and Windows 2000, INI files are replaced by the registry, a hierarchical structure used to store all system and application configuration settings. Nevertheless, INI files are still included in these operating systems to provide backward compatibility for running 16-bit Windows programs because such programs were designed to save their settings in INI files and cannot access the registry.
See Also Microsoft Windows ,registry
A particular occurrence of a System Monitor counter in Microsoft Windows 2000, Windows XP, and the Windows .NET Server family.
Overview
As an example, if the %Privileged Time counter is being monitored for the Processor object on a symmetric multiprocessing (SMP) machine with four processors, individual instances of that counter are instances 0, 1, 2, and 3. By using instances, you can monitor the performance of processes, threads, and devices on a per-instance basis for detailed understanding of their resource use on a machine. Individual instances of a given counter can be displayed in the usual way using charts and graphs.
A service that supports real-time, call-based communications over the Internet.
Overview
The basic idea of instant messaging (IM) started in the early days of networked UNIX environments, where users who were logged on to the network could use UNIX commands such as Talk, Write, and Finger to determine who else was logged on and to send them short text messages. However, IM now generally refers to a set of technologies popularized by America Online (AOL), Microsoft Corporation, and other companies.
Types
The two most widely used IM services today are AOL Instant Messenger (AIM), developed by AOL, and ICQ ("I seek you"), developed by Mirabilis and now owned by AOL. Together, both services are used by more than 100 million people worldwide, and they support text- based messaging, voice, and file sharing/transfer. Other popular systems include Yahoo Messenger from Yahoo!, MSN Messenger from MSN (Microsoft Network), and Odigo from Odigo.
Implementation
Using AOL's AIM system as an example, AOL users can send instant messages to other AOL users online by using AIM client software. To use AIM messaging, an AOL user first signs on at an AIM central server, indicating that he or she is online and can receive instant messages from other users. The central server records the user's Internet Protocol (IP) address for that session. (The user's IP address is assigned by Dynamic Host Configuration Protocol [DHCP] and can vary from session to session.) Other users can then send instant messages to that user through the server. The user's AIM client sends the server a copy of the user's "buddy list" (a list of other users that he or she frequently exchanges messages with), and the server responds by telling the user which buddies are currently online and can receive messages. The user can select a buddy from the list and submit a message to the server, which forwards the message to the buddy.
Advantages and Disadvantages
IM exploded in popularity as a consumer-oriented service that allowed people to keep in touch with each other while surfing the Internet. The advantages of IM are similar to those of the telephone: simplicity and immediacy. IM is even more immediate than e-mail and include a wider range of communication methods, including voice, text, and file sharing. Since it uses the Internet as its carrier service, IM is effectively free for people already subscribed to an Internet service provider (ISP).
From a corporate perspective, though, some analysts see some disadvantages of IM, whose constant requests for communications can interfere with work even more than the telephone. Furthermore, as IM moves toward multimedia services, such communications can quickly swallow up network bandwidth in the enterprise. Policies also need to be in place and enforced to ensure that IM solutions are not misused, especially if outsourced to public service providers such as AOL or MSN. Another big concern about IM by corporate customers is security, as sensitive business information may be sent over the Internet through IM. Some vendors, however, are working to address this issue by encrypting IM communications. Finally, the main problem with all current IM systems is lack of interoperability between systems from different vendors. While AIM is the most widely used system, it is a proprietary system that AOL has not opened up to competing systems. This lack of ubiquity has hindered IM from being as widely useful as the telephone system, and attempts to develop vendor-independent standards for IM have so far been unsuccessful (see Prospects below).
Instant messaging. The instant messaging system used by AOL.
Marketplace
Many enterprises are looking to set up their own IM solutions in order to better control with whom users are able to communicate. Packaged IM solutions are available from numerous vendors, including the IM features of Microsoft Exchange Server 2000, Lotus SameTime messaging for their Lotus Notes Domino platform, and Novell's instantme 2 secure IM platform. Other vendors have developed IM systems targeted directly for enterprise and not consumer use, including Planet Exchange with their Web-based IM system, NetLert from SoftBase Systems, and Interactive Messaging from 2WAY Corporation.
Prospects
Although IM is widely deployed as a consumer service, it has become attractive to businesses in the last few years. Analysts estimate that by 2002 almost half of Fortune 1000 companies will have either deployed corporate IM solutions in their enterprise or will outsource IM to existing service providers such as Microsoft or AOL. The next big thing will likely be mobile IM that allows users to send instant messages to each other over cellular phones and Personal Digital Assistants (PDAs). The Short Message Service (SMS) widely deployed among Global System for Mobile Communications (GSM) cellular systems in Europe is a first step in this direction and has proved enormously popular-and a revenue booster as well for cellular providers, since users are usually billed by the number of SMS messages sent. Evolution to multimedia IM such as that now available on the Internet is hampered, however, by the slowness of migrations of existing second-generation (2G) cellular systems to 2.5G and third-generation (3G) wireless.
The lack of a universal open standard for IM has resulted in a balkanization of the IM landscape and has prevented it from becoming as universal as the telephone. In 2000 the Internet Engineering Task Force (IETF) attempted to develop such a standard, called Instant Messaging and Presence Protocol (IMPP), and narrowed it down to three candidates: Instant Messaging Extensible Protocol (IMXP), Simple Instant Messaging Protocol (SIMP), and Instant Messaging and Presence using SIP (IMPSIP). This effort failed to produce an agreement, but other efforts toward a universal IM system continue, including the activities of the IMUnified coalition, which includes Microsoft, Yahoo!, and Tribal Voice. The IMUnified specification provides functional interoperability between popular proprietary IM systems but requires users to first sign up for accounts on those systems. Another approach to the problem of IM interoperability is Aimster, the peer-to-peer file-sharing program that has been updated to support buddy lists from such multiple IM systems as those of AOL, MSN, and Yahoo! The real solution to this problem, though, and the one that will eventually transform IM into an essential business tool for the enterprise, must come from the development of vendor-neutral IM specifications from standards bodies such as the IETF.
See Also AOL Instant Messenger (AIM) , Short Message Service (SMS)
A worldwide nonprofit association of technical professionals.
Overview
The Institute of Electrical and Electronics Engineers (IEEE) promotes the development of standards and acts as a catalyst for new technology in all aspects of the engineering industry, including computer networking, telecommunications, electric power, aerospace, and consumer electronics. The IEEE has more than 365,000 individual members in 150 countries and regions. Its activities include standards committees, technical publishing, and conferences.
A major contribution of the IEEE in the field of computer networking is Project 802, a collection of standards for local area network (LAN) architectures, protocols, and technologies. These standards continue to evolve under the auspices of various IEEE working groups and committees.
For More Information
Visit the IEEE at www.ieee.org
See Also Project 802
A wide area network (WAN) access device for consolidating voice and data, usually over Asynchronous Transfer Mode (ATM) circuits.
Overview
Integrated Access Devices (IADs) are a type of WAN access device used for connecting corporate networks and voice telephone systems into wide area networks. A typical IAD can consolidate voice traffic, both analog and ISDN (Integrated Services Digital Network, together with Ethernet local area network (LAN) traffic, for transmission over frame relay or T1 links onto carrier ATM backbone networks. These different types of traffic are aggregated by the IAD into a single traffic flow for transmission over a single WAN link (access circuit). The advantages of IADs are that by integrating multiple WAN functions into a single box, costs are reduced through the elimination of redundant equipment and the traditional truck roll for carrier installation. Also, precious rack space in telecommunications closets can be saved by replacing multiple devices with a single integrated device. IADs provide a simple, cost-effective alternative to other WAN access devices, such as enterprise switches and WAN edge switches. They do not represent new WAN technology but rather an integration of existing technology into a single, easily managed device.
Implementation
IADs combine voice and LAN data traffic into a single data stream through Time Division Multiplexing (TDM) or some other scheme. IADs usually reside at the customer premises and can easily be connected to Private Branch Exchanges (PBXs) and Ethernet backbone switches. IADs are often supplied preconfigured by telecommunications carriers such as Competitive Local Exchange Carriers (CLECs) and Regional Bell Operating Companies (RBOCs).
The simplest form of IAD is essentially just a traffic aggregator, combining several data streams into one for transmission over frame relay, T-carrier, or Digital Subscriber Line (DSL) carrier services. Enhanced IADs include such features as Dynamic Host Configuration Protocol (DHCP), network address translation (NAT), integrated firewall, voice mail, multiprotocol routing, and many other features. High-end IADs are mainly ATM-based and support voice packetization for dynamic bandwidth allocation.
Marketplace
IADs first appeared on the market in 1998 and were expensive and aimed mainly at high-end enterprise customers. Since then, prices have fallen so that units under $2,000 are now available for small and mid-sized businesses. Some popular vendors of IADs include Cabletron Systems with its SmartSwitch 15000, Mariposa with its ATX series of ATM IADs, and offerings from Accelerated Networks, Lucent Technologies, Memotec Communications, Sonoma Systems, and many others.
See Also Asynchronous Transfer Mode (ATM) , Competitive Local Exchange Carrier (CLEC) , Regional Bell Operating Company (RBOC), wide area network (WAN)
A telecommunications service provider that offers one-stop shopping for voice and data telecommunications through a single integrated architecture.
Overview
The main difference between an integrated communications provider (ICP) and a traditional carrier such as a Regional Bell Operating Company (RBOC), Competitive Local Exchange Carrier (CLEC), or Incumbent Local Exchange Carrier (ILEC) is that the ICP generally installs a single, all-in-one integrated access device (IAD) at the customer premises that enables voice and data traffic to be serviced over a single line. This provides for easier management than using multiple lines with different technologies and devices. The IAD typically connects to the provider by using Asynchronous Transfer Mode (ATM) over a single T1 line or Digital Subscriber Line (DSL) circuit at the local loop. (About 80 percent of the customer cost for ICP services is for the ICP's rental of local loop access from an RBOC). At the provider end, ICPs often build their own integrated ATM backbone networks so that they can better control the services they offer.
Integrated communications provider (ICP). How an ICP provisions telecommunication services using an integrated access device (IAD).
Advantages and Disadvantages
Using an ICP can save companies a considerable amount of money compared to leasing the services separately from traditional carriers. However, although the cost of using an ICP might be less than that of using an RBOC or a CLEC, the ICP might not offer some services, such as toll-free long distance and DSL services. You should also be sure that you understand how the various services are billed before you sign a contract.
Some ICPs use time-division multiplexing (TDM) to allow a single T1 line to carry voice, data, and video over 24 DS0 (Digital Signal Zero) channels. In this scenario, you might be paying for bandwidth that you are not using because TDM dedicates slots of bandwidth to services whether or not data is being carried in these slots. You can generally get better value from ICPs that use ATM circuits between the subscriber and provider because ATM can use statistical multiplexing, which allocates bandwidth dynamically between voice and data. However, the disadvantage of the ATM approach is that if the line goes down, all voice and data transmission is interrupted, while with the TDM approach, customers might still have access to analog phone lines if such lines are used.
Marketplace
The landscape for ICPs is in a state of flux, but players include CTC Communications, e.spire Communications, GST Telecommunications, ICG Telecommunications, Intermedia Communications, and many others.
See Also Competitive Local Exchange Carrier (CLEC) , Regional Bell Operating Company (RBOC)
A digital communication service provided by telephone companies (telcos).
Overview
Integrated Services Digital Network (ISDN) is an end-to-end digital telephone and telecommunications service provided by telcos to subscribers who request it. ISDN is a dial-on-demand (dial-up) service that has fast call setup and low latency. It is a circuit-switched service that can be used in both point-to-point and multipoint connections.
ISDN can be used to carry high-quality voice, data, and video transmissions. To do this, ISDN employs the existing widely deployed copper local loop wiring of the Public Switched Telephone Network (PSTN).
ISDN was developed in the 1970s by Bell Laboratories and standardized in the 1980s by the Comit Consultatif International T l graphique et T l phonique (CCITT), a precursor to the ITU (International Telecommunication Union). ISDN was originally envisioned as a digital replacement for the analog Plain Old Telephone System (POTS) and is available around the world with slight differences in architecture and operation.
Types
ISDN is available in a number of different interfaces (flavors) with the two most common being
Basic Rate Interface (BRI): This uses two 64-kilobit-per-second (Kbps) B channels and one 16-Kbps D channel and is thus often referred to as 2B+D (B and D channels are explained later in this article). BRI can support combined voice and data with a maximum data transfer rate of 128 Kbps.
Primary Rate Interface (PRI): This combines 23 64-Kbps B channels with one 64-Kbps D channel and is often referred to as 23B+D. PRI supports maximum data transfer rates up to the DS1 rate of 1.536 megabits per second (Mbps). PRI is generally used to provide the underlying transport for T1 lines.
Within PRI, however, there are also several ways in which ISDN B channels can be bundled together. These bundlings are called H-series configurations and common examples include
H0: Combines 6 B channels for 384 Kbps throughput, equivalent to a fractional T1 line (fT1).
H11: Combines 24 B channels for 1.536 Mbps throughput, equivalent to a T1 line.
H12: Combines 30 B channels for 1.92 Mbps throughput, equivalent to an E1 line (used in Europe).
Another form of ISDN is known as Multirate ISDN, which allows subscribers to specify the bandwidth they need on a per-call basis in increments of 64 Kbps.
Comparison
Since ISDN is a dial-on-demand service, it has similarities to dial-up connections using analog modems. Both analog modem and ISDN use the same copper local loop and PSTN to allow connections to be established with distant stations. Both also require a call to be made before a connection can be established. With analog modems, this may take 15 to 30 seconds, but with ISDN, it is typically only 1 or 2 seconds. But although analog modems operate in an asynchronous fashion, ISDN uses a synchronous connection. And although analog modems transmit their control information (used for call setup and tear-down) in-band, ISDN uses out-of-band signal management with a separate channel called the D channel.
Uses
Because of its dial-on-demand nature, ISDN charges are typically based on a fixed monthly service fee plus usage charges. ISDN is thus ideal for applications where a dedicated (always-on) leased line is unnecessary and would be too costly. ISDN used to be popular with enterprise networks in the 1980s for connecting remote branch offices to company headquarters using ISDN wide area network (WAN) links. These remote offices would transfer their accumulated transactions several times a day over the WAN link for batch processing on mainframes located at headquarters. With the decline of the mainframe computing environment and the rise of client/server computing, however, many enterprises migrated their slow dial-up ISDN links to fast always-on T1 lines. ISDN remained popular with enterprise networks, however, as backup lines in case their dedicated T1 lines go down.
Architecture
The ISDN standards from the ITU define several different series of ISDN protocols, for example:
E-series: These protocols define the addressing and telephone numbering system used by ISDN.
I-series: These protocols cover the basic concepts of ISDN, including definition of the Basic Rate Interface (BRI) and Primary Rate Interface (PRI) interfaces.
Q-series: These protocols describe how ISDN calls are set up and torn down and how switching occurs in an ISDN system.
ISDN uses a layered protocol architecture similar to the Open Systems Interconnection (OSI) model. The physical layer signaling is specific to ISDN and is the same for both B and D channels. For data transmission, ISDN uses a framing (encapsulation) format called V.120, which is the international standard for synchronous ISDN data stream framing. ISDN frames are 48 bits long and are transmitted at 4,000 frames per second. Each ISDN frame contains two 8-bit slots for the B1 channel and two 8-bit slots for the B2 channel, which alternate with each other and with one 1-bit D channel slot after each B channel slot using Time Division Multiplexing (TDM). Each B channel thus provides a data transfer rate of 2 x 8 bits x 4000 hertz (Hz) = 64 Kbps, while the D channel has a bandwidth of 4 x 1 bits x 4000 Hz = 16 Kbps. The remainder of the frame is used for line balancing, echo detection, activation, and padding.
Above the physical layer lies the data-link layer, which employs Link Access Protocol - D channel (LAPD) for flow control and signaling management. LAPD is derived from and is similar to the earlier High-level Data Link Protocol (HDLC) and Link Access Protocol - B channel (LAPB) used by X.25.
Above the data-link layer is the network layer, which employs ISDN-specific I-series protocols for such functions as call setup, establishment, and teardown, and for establishing point-to-point or multipoint circuit- switched or packet-switched connections between call endpoints.
As mentioned previously, there are two different types of ISDN channels:
B (bearer) channels: These are full-duplex bearer (that is, carrying or "bearing" data) channels used for carrying either voice or data at 64 Kbps. The data transmission can be either circuit-switched (telco) or packet-switched (such as X.25) services. Each B channel can function as a completely separate connection, but you can also use a protocol called BONDING to dynamically combine the two B channels of BRI by using inverse multiplexing to produce a single 128-Kbps data channel.
D (delta) channels: These are full-duplex 16 Kbps control channels for setting up connections and for other signaling purposes. For example, ISDN voice communication uses D channels to implement special services such as call forwarding and call display. The D channel uses a completely separate telco communication network called the Signaling System 7 (SS7). This out-of-band telco network is used exclusively for system overhead signaling for ISDN and digital data service (DDS) services, and it makes possible the low latency of ISDN dial-up connections. For example, it takes only 1 to 2 seconds for an ISDN dial-up connection to be established, compared to 15 to 30 seconds for a typical analog modem. D channels can also be used to connect ISDN subscribers to an X.25 network in a flavor of ISDN called Always-On Dynamic ISDN (AO/DI).
Implementation
Provisioning ISDN at a customer premises basically involves two steps:
Installing and configuring ISDN customer premises equipment (CPE) at the subscriber's location. The installation procedure involves setting up and testing the ISDN equipment and configuring the service profile identifier (SPID), which effectively represents the "phone number" of the subscriber's ISDN setup. CPE for ISDN is further discussed later in this article.
Changing the subscriber's connection type at the telco central office (CO) from POTS to ISDN. This basically means disconnecting wires from an analog POTS switch to a digital ISDN switch at the CO. In North America, these ISDN CO switches are typically either 4ESS or 5ESS switches produced by AT&T or DMS-100 switches from Northern Telecom (now Nortel). Other types of switches are used in different parts of the world.
Integrated Services Digital Network (ISDN). Some examples of how to implement ISDN.
The method of connecting CPE to the termination point of an ISDN line at the customer premises depends on the type of equipment you want to connect and which part of the world in which you are located (we will focus here on North American ISDN). The simplest case is if you are connecting "native" ISDN equipment such as an ISDN phone, which is referred to as Terminal Equipment type 1 (TE1), to your ISDN line. A bit more complicated is connecting non-ISDN equipment (known as Terminal Equipment type 2, or TE2) such as computers or routers-here you need to use an intermediary device called a Terminal Adapter (TA). The terminal adapter is usually connected to the TE2 using a serial interface such as RS-232 or V.35. ISDN terminal adapters can be external boxes, cards you plug into a computer's motherboard, or modules you drop into the chassis of a router or integrated access device (IAD). ISDN terminal adapters are sometimes called ISDN modems, but they are not really modems because ISDN is an end-to-end digital communication service and no analog-to-digital signal modulation occurs within an ISDN setup.
The function of Terminal Equipment such as TE1 and TE2 described above is to convert signals received from CPE into BRI or PRI framing format. But to transmit these frames over the ISDN line, they need to be translated into electric signals that can be physically carried over the line. This translation is accomplished by means of a Network Termination Unit (NTU), which again comes in two types: NT1 devices that provide basic ISDN connectivity and NT2 devices used mainly for digital Private Branch Exchange (PBX) connections.
How all these different types of equipment are connected is determined by what are called ISDN interfaces, specifically:
R interface: Specifies how non-ISDN CPE (TE2), such as standard analog telephones, are connected to an ISDN terminal adapter (TA).
S interface: Specifies how ISDN CPE (TE1), such as an ISDN phone, ISDN PBX, or ISDN TA, is connected to ISDN network termination equipment (NTU).
T interface: Specifies how NT1 connects with NT2 (this sometimes combined together as NT1/NT2 equipment, supporting what is called the S/T interface).
U interface: Specifies how NTU connects to the local loop wiring.
Advantages and Disadvantages
For WAN links, ISDN has a couple of advantages over leased lines and analog modems:
It is cheaper than leased lines such as T1 lines.
It has faster call setup than analog modem dial-up connections.
On the downside, ISDN subscribers must be located within 3.5 miles (5.5 kilometers) of a telco CO or from a remote ISDN terminal, which means that ISDN is not always available, especially in rural areas. Also, in today's client/server and Internet networking environments, ISDN may provide insufficient bandwidth and excessive network latency to support today's distributed processing environments. As a result, some industry analysts have begun chanting an "ISDN is dead" mantra, but see the following Prospects section.
Prospects
Although ISDN BRI services may be relegated by the advent of Digital Subscriber Line (DSL) to backup WAN links for offices relying on DSL or T1 as their primary data link, ISDN PRI services are actually thriving worldwide. This is because PRI is an ideal platform for Internet service providers (ISPs) to use for connecting their banks of dial-up analog modems to the PSTN, and with the phenomenal growth of the Internet in the last few years, ISPs are buying up PRI at unprecedented rates. Another popular use for PRI is in corporate environments where it is used to connect digital PBXs at the customer premises to the PSTN. This is a more expensive arrangement than using analog trunk lines for this purpose (compare $1,000 to $2,000 a month for PRI to $50 to $100 a month for trunk lines), but it provides advanced features supported by digital telephones and native data transport at high speeds. So ISDN is definitely not dead as far as the new millennium is concerned, although the BRI version may be fading in usefulness in the enterprise.
Notes
Plug your ISDN network termination unit (NTU) into an uninterruptible power supply (UPS) so that you can use the phone during a power failure and so that your WAN link does not go down. If you have a large company and expect a lot of local telephone calls within your organization, you can sometimes obtain a Centrex ISDN service in which local calls have no usage charges. Microsoft Windows operating systems also have built-in support for ISDN.
Problem | Suggestions |
ISDN router or terminal adapter fails to dial | Check the cabling, the line signal, and the dialer map on the router. |
Dial fails to go through on a BRI line | Be sure that you are using a straight-through RJ-45 cable. Check other cables, make sure the speed is set correctly to 56 or 64 Kbps as necessary, verify the phone number and service profile identifier (SPID) assigned by the service provider, and check the router hardware. |
Dial fails to go through on a PRI line | Be sure that you are using a straight-through DB15 cable and that the speed is set correctly to 56 or 64 Kbps as necessary. Check the dialer map on the router, the phone number of the remote PRI, and the status lights and framing on the Channel Service Unit (CSU). Power-cycle the CSU. |
Dial is successful but cannot ping the remote router | Check the Point-to-Point Protocol (PPP) configuration (if used). Check the routing table and add a static route if necessary. Check that the dialer map has the correct remote router specified, and have the telco check the remote router configuration. |
See Also Always On/Dynamic ISDN (AO/DI) , B channel ,bonding ,BRI-ISDN ,D channel , modem, PRI-ISDN, Public Switched Telephone Network (PSTN), T-carrier, time-division multiplexing (TDM), wide area network (WAN)
A superset of Microsoft Windows NT Challenge/Response (NTLM) authentication.
Overview
Windows NT Challenge/Response authentication (also called NT LAN Manager or NTLM authentication) was the default authentication protocol used by all versions of Microsoft Windows prior to Windows 2000. The Windows 2000 platform now uses the Kerberos V5 authentication by default, which is faster and more secure than NTLM and authenticates both the client and the server (NTLM authenticates only the client). In Windows 2000, NTLM is retained for backward compatibility with earlier versions of Windows.
Integrated Windows Authentication was introduced in Windows 2000 as an enhanced version of NTLM that is backward-compatible with earlier versions of NTLM. The only difference in the new version is that IIS 5, the version of Internet Information Services (IIS) in Windows 2000, sends both an NTLM header and a Negotiate header to requesting clients using Microsoft Internet Explorer 5 or higher. In earlier versions of Windows, Microsoft Internet Information Server (IIS), and Internet Explorer, NTLM headers are used only, and not Negotiate headers.
See Also authentication protocol , Kerberos, Windows NT Challenge/Response Authentication
A computer platform whose processor is based on the Intel 386 architecture microprocessor.
See Also x86 platform
A hub that can be remotely managed using Simple Network Management Protocol (SNMP) or some other management protocol.
Overview
An intelligent hub contains an SNMP Management Information Base (MIB) that specifies which hub functions can be managed and which conditions can be monitored. Examples include
Setting alerts on problem conditions such as excessive collisions
Isolating and disconnecting problem computers
Providing network statistics to remote management consoles
Intelligent hubs are usually managed using in-band signaling methods, but they usually offer out-of-band management functions as well, such as being managed by a remote Telnet connection. Modular hubs often have SNMP modules that can be installed in the hub chassis to provide remote manageability and monitoring.
See Also hub , Management Information Base (MIB), out-of-band (OOB) signaling, out-of-band management (OBM), Simple Network Management Protocol (SNMP), Telnet
A hardware architecture developed by a consortium led by Intel that improves the input/output (I/O) performance of systems by relieving the central processing unit (CPU) of interrupt-intensive I/O tasks.
Overview
Intelligent Input/Output (I2O) makes use of a separate I2O processor such as the Intel i960 series of processors. This enables the CPU to offload interrupts received from peripherals to the I2O processor for handling. This scheme can improve the performance of servers by as much as 30 percent.
I2O also provides a way of standardizing I/O device drivers across different operating systems and hardware platforms. I2O standardizes device drivers by dividing them into two components:
Hardware Device Module (HDM): This component directly interfaces with the peripheral being managed.
Operating System Service Module (OSM): This component interfaces with the operating system on the machine.
In addition, an intermediate layer between the HDM and OSM provides independence between them by providing standard communication mechanisms that allow any HDM for any peripheral to interoperate with any OSM for any operating system.
Notes
The Microsoft Windows 2000, Windows XP, and Windows .NET operating systems support I2O.
A set of management technologies native to Microsoft Windows 2000, Windows XP, and the Windows .NET Server family that simplifies the task of configuring and maintaining applications, settings, and data at the client and server level.
Overview
IntelliMirror provides a distributed replication service that lets clients and servers "intelligently mirror" and share information stored on local and distributed file systems. IntelliMirror mirrors the workstation environment on the network server so that the environment can be easily managed. IntelliMirror also offers full roaming support by allowing a user to log on to any client machine and access his or her software, settings, and data. IntelliMirror is designed to simplify network administration and eliminate the need for administrators to "visit" desktop clients to upgrade operating systems and applications.
IntelliMirror is a combination of several features of Windows 2000 and depends on various aspects of the operating system's architecture, including Active Directory directory service, Group Policy, and various services. IntelliMirror's Change and Configuration Management (CCM) features are provided in three ways:
User data management: Data can follow users wherever they roam on the network and even be available when the user is offline.
User settings management: Enables administrators to use Group Policy to restrict and customize a user's desktop working environment, including which software applications the user is allowed to use.
Software installation and maintenance: Allows software applications to be installed either by assigning them (the first time the user clicks on the application shortcut in the Start menu, the application is downloaded and installed on his machine) or publishing them in Active Directory (the user employs Add/Remove Programs in Control Panel to install the software).
IntelliMirror can also use Remote Installation Services (RIS) to enable authorized clients to download fully configured operating systems, applications, and data from remote servers, thus performing unattended installations on the clients.
IntelliMirror technologies significantly reduce the total cost of ownership (TCO) of PC-based networks.
See Also Active Directory ,Group Policy
A built-in identity in Microsoft Windows 2000, Windows XP, and Windows .NET Server.
Overview
The Interactive built-in identity includes any user who has successfully logged on to the console of the local machine. The operating system uses this identity to enable the user to access resources on the machine. The name Interactive stems from the idea that the user who belongs to this group is "interacting" with the local computer through the console.
As with all built-in identities, administrators cannot directly modify the membership or assigned rights of the Interactive identity.
See Also built-in identities
Logging on to a network through a local machine.
Overview
Interactive logon is a process whereby a user gains access to a network by entering credentials in response to a dialog box displayed on the local machine. This is in contrast to a remote logon, which occurs when a user who is already logged on locally tries to make a network connection to a remote computer-for example, using the Net Use command at the command prompt. Interactive logons are supported by all versions of Microsoft Windows.
In a Windows 2000 or Windows .NET network, the information that the user must specify during an interactive logon depends on the network's security model, as described in the following table. After successfully logging on interactively, the user is granted an access token that is assigned to the initial process created for her.
Security Model | What the User Must Specify |
Workgroup | Username and password |
Domain | Username and password |
Domain with a trust relationship trusting other domains | Username, password, and domain |
Notes
When trust relationships are configured between Windows 2000 or Windows .NET Server domains, the interactive logon dialog box for Windows 2000 and Windows XP clients allows the user to select a logon domain-that is, the domain in which the user's user account is located. In contrast, the earlier Windows 98 and Windows Millennium Edition (Me) logon domains are hard-coded using Client for Microsoft Networks and offer only one domain to choose from at logon time.
See Also logon
A telecommunications carrier that provides long- distance services.
Overview
IXCs own or share the various high-bandwidth, fiber- optic trunk lines that cross different geographic areas and provide high-speed switched digital services for voice, data, and video communication. About 90 percent of the U.S. long-distance communication market is controlled by the Big Three IXCs: AT&T, MCI/WorldCom, and Sprint Corporation. These companies provide services such as long-distance telephone services, frame relay, virtual private networking (VPN), T-1 and T-3 lines, ATM (Asynchronous Transfer Mode) backbone services, and even Internet access.
Inter-exchange carrier (IXC). Traditional relationship between IXCs and Incumbent Local Exchange Carriers (ILECs). This landscape is evolving as a result of the Telecommunications Act of 1996.
While IXCs dominate the long-distance market, the local telephone companies (telcos) provide subscribers in their particular geographical service areas, called Local Access and Transport Areas (LATAs), with the actual local loop wiring that makes all telephony-based services possible. In other words, the telcos are dependent upon the IXCs for long-distance services, but the IXCs need the telcos' local loop in order to provide their services to customers. Each telco offers services only in their own specific LATA, but IXCs provide services connecting different LATAs. Telcos themselves are properly known as Local Exchange Carriers (LECs) and come in two varieties:
ILECs (Incumbent Local Exchange Carriers): These include the Regional Bell Operating Companies (RBOCs) and rural telcos.
CLECs (Competitive Local Exchange Carriers): These include Digital Subscriber Line (DSL) providers, Metropolitan Ethernet providers, and other kinds of carriers.
IXCs provide their own services through one of two methods:
Colocating their equipment and sharing point of presence (POP) facilities at telco central offices (COs)
Building their own POP facilities
Either way, IXCs need to share access with the local loop wiring owned by ILECs. This is facilitated by the government overseeing ILECs as regulated monopolies in their service areas.
Prospects
The Telecommunications Act of 1996 has opened up the market so that LECs can compete in long-distance markets by leasing services from IXCs, and IXCs can compete in local markets by leasing local loop connections from LECs. Some companies have also gained access to each other's services by merging. Other emerging competitors for IXCs are cable television companies, who have customer premises installations in most U.S. residences and who are upgrading their networks for bidirectional communication.
See Also Competitive Local Exchange Carrier (CLEC) , Local Access and Transport Area (LATA), local exchange carrier (LEC), Regional Bell Operating Company (RBOC)
In networking and telecommunication, a mechanism for communicating between two devices.
Overview
An interface specifies the nature of the boundary between two devices and determines the procedures and protocols that make it possible for the devices to exchange data.
Interface. An example of an interface between data terminal equipment (DTE) and data communications equipment (DCE) devices.
The most common type of interface in networking and telecommunication is the serial interface. A serial interface is one that transfers data one bit at a time between two devices. Serial interfaces are commonly used for connecting data terminal equipment (DTE), such as computers or routers, to data communications equipment (DCE), such as modems or Channel Service Unit/Data Service Units (CSU/DSUs). The most common type of serial interface is the RS-232 interface found on the back of most computers and used to connect modems. The following table shows other common examples of serial interfaces.
Serial Interface | Description |
RS-232 | A common interface for communication over unbalanced lines. Uses DB-9 or DB-25 connectors. |
RS-422/485 | For communication over balanced lines. More suitable than RS-232 for environments with significant electromagnetic interference (EMI) or with DB-9 or DB-37 connectors. |
V.35 | A high-speed serial interface for data transmission at 48 Kbps. Combines balanced lines with unbalanced lines and is used in Integrated Services Digital Network (ISDN) and frame relay connections. Uses a 24-pin block connector. |
X.21 | A high-speed serial interface that uses the International Telecommunication Union (ITU) standard for connecting DCE and DTE for synchronous communication. Uses a DB-15 connector. |
Another type of interface is the parallel interface, which transfers data several bits at a time, usually one or more bytes at a time. The most common parallel interface is the one used for connecting printers to computers, which uses a female DB-25 or 36-pin Centronics connector.
Note that the type of interface a device uses is related to the kind of connector or cable used to connect to the device, but not in a one-to-one fashion. For example, you could say that a device has an RS-232 serial interface, but it is incorrect to say that you use an RS-232 connector or an RS-232 cable to connect to that device. RS-232 specifies the interface, but several cabling options can support it, such as a cable terminated with a DB-9 or a DB-25 male connector.
Notes
The term interface is also used in routing terminology, in which it describes the connection between a router and an attached network. In routing terminology, an interface is a remote network that can be reached from the local network. A router interface is said to be active if it provides connectivity with the remove network or inactive if connectivity is not possible at the time.
The term interface is also used in Microsoft Component Object Model (COM) programming to represent pointers through which clients invoke methods of COM objects. From the perspective of a client application, a COM object appears as a set of interfaces.
See Also connector (device) ,routing ,RS-232 ,serial transmission ,V.35
A card you plug into a computer's motherboard to provide connectivity between the main system bus and an external serial or parallel bus.
Overview
Computers usually come with installed serial/parallel interface cards for connecting modems, printers, and other devices to your system, but in certain situations you might want to purchase a separate interface card. These situations include
When you have an older computer whose serial interface card cannot support the newer fast 56-kilobit- per-second (Kbps) V.90 modems or whose parallel interface card cannot support IEEE 1284 bidirectional print devices such as the newer Hewlett Packard LaserJet print devices
When you need a different serial interface such as RS-422/485 to connect your machine to special networking or industrial measurement equipment
Many different kinds of interface cards are available, including the following:
RS-232 high-speed serial input/output (I/O) cards with 16550 universal asynchronous receiver-transmitter (UART) chips for connecting to high-speed modems and Integrated Services Digital Network (ISDN) terminal adapters. These cards can be either Industry Standard Architecture (ISA) or Peripheral Component Interconnect (PCI) bus cards and can support transfer speeds of up to 460.8 Kbps-much higher than the 115.2-Kbps rate supported by standard RS-232 interfaces.
Enhanced Capabilities Port (ECP)/Enhanced Parallel Port (EPP) high-speed parallel I/O cards that support up to 2.5-megabit-per-second (Mbps) transfer speeds.
RS-422/485 interface cards for connecting to industrial sensor and measuring equipment. These cards can support up to 31 separate devices that can be located up to 4000 feet (1220 meters) from the computer. Data transfer speeds are up to 460.8 Kbps.
See Also interface ,RS-232 ,serial transmission
Any device that converts one interface to another.
Overview
Interface converters are generally stand-alone, powered devices for midline use or rack-mounted devices for use in wiring closets. There are interface converters for serial and parallel interfaces, asynchronous and synchronous communication, half-duplex and full-duplex communication, single-node and host converters, copper and fiber-optic converters, AC-powered or interface-powered devices, and so on. Examples of interface converters include the following:
RS-232 to RS-422 serial interface converters for directly connecting the RS-232 serial interface of a computer to an RS-422 programmable logic controller for synchronous data transmission. If handshaking is required, you should use an RS-232 to RS-422/449 serial interface converter instead.
Interface converter. Using an interface converter to convert between an RS-232 interface and a V.35 interface.
RS-232 to RS-422/485 serial interface converters that allow RS-422/485 data collection equipment or industrial measurement devices to be connected to a computer using its built-in RS-232 serial interface. Alternatively, you can install an interface card in the computer to allow it to connect directly with the RS-422/485 device.
RS-232 to V.35 serial interface converters for connecting RS-232 devices to V.35 lines.
V.35 to G.703 or X.21 serial interface connectors for use in Europe.
Small Computer System Interface (SCSI) to parallel converter for connecting SCSI peripherals to an Enhanced Capabilities Port (ECP)/Enhanced Parallel Port (EPP) parallel port.
See Also interface ,RS-232 ,Small Computer System Interface (SCSI) ,V.35
Also called electromagnetic interference (EMI), electrical noise induced in cabling by nearby electrical equipment, such as motors, air conditioners, fluorescent lights, and power lines.
See Also electromagnetic interference (EMI)
An Asynchronous Transfer Mode (ATM) protocol that enables cells to be routed over a switched virtual circuit (SVC).
Overview
The Interim Interswitch Signaling Protocol (IISP) is essentially a form of static routing for ATM networks. Normally, ATM is a connection-oriented architecture in which a switched connection is first established between the transmitting and receiving node, after which cells are delivered across that connection. When IISP is used, the result is more like Internet Protocol (IP) internetworks, where packets can be routed to their destination addresses by various paths.
IISP was created in 1994 and is an extension to the ATM UNI (user-to-network interface) specification.
Architecture
To use IISP, the ATM carrier network must employ switched virtual circuits (SVCs). Unfortunately most ATM carriers currently support only permanent virtual circuits (PVCs), as they are cheaper and easier to implement, which means that IISP is not a widely available solution for enterprises needing to route data over ATM carrier backbone networks.
IISP routes cells based on their 20-octet network service access point (NSAP) address. IISP employs channels 32 to 255 of virtual path identifier (VPI) zero. These channels function as trunk lines for routed transport of cells over ATM networks.
Notes
An alternative to IISP for routing cells over ATM backbone networks is to use Private Network-to-Network Interface (PNNI) protocol. You can combine both IISP and PNNI with multiprotocol label switching (MPLS) for enhanced functionality and performance.
See Also Asynchronous Transfer Mode (ATM)
The version of Border Gateway Protocol (BGP) used for exchanging routing information within the same autonomous system (AS).
Overview
There are two versions of BGP, the classless dynamic routing protocol used on the Internet. These versions are
Exterior Border Gateway Protocol (EBGP): This exterior routing protocol is used for exchanging routing information dynamically between border routers connecting different ASs on the Internet or in a large private Transmission Control Protocol/Internet Protocol (TCP/IP) internetwork. When referring simply to BGP, the variant EBGP is always implied. In other words, EBGP is usually just called BGP.
Interior Border Gateway Protocol (IBGP): This interior routing protocol is used for exchanging routing information between routers within an AS. IBGP is less "chatty" than EBGP and does not communicate route information as frequently. Unlike EBGP, all IBGP routers within a particular AS must be configured as peers.
See Also autonomous system (AS) ,Border Gateway Protocol (BGP) ,classless routing protocol ,dynamic routing
Any routing protocol used to distribute routing information within an autonomous system (AS).
Overview
Also known as interior routing protocols, interior gateway protocols (IGPs) specify how routers within an AS exchange routing information with other routers within the same AS. This is in contrast to exterior gateway protocols (EGPs), which facilitate the exchange of routing information between routers in different ASs.
Interior gateway protocol (IGP). A network using IGP to route information within an autonomous system and exterior gateway protocol (EGP) to route information between autonomous systems.
Examples of IGPs include
Routing Information Protocol (RIP): This is a popular protocol for small to medium-sized internetworks and is based on the distance-vector routing algorithm.
Open Shortest Path First (OSPF) Protocol: This is used mainly on medium-sized to large-sized internetworks and is based on the link-state routing algorithm.
Interior Gateway Routing Protocol (IGRP): This is a proprietary distance-vector routing protocol developed by Cisco Systems.
See Also autonomous system (AS) , dynamic routing protocol ,exterior gateway protocol (EGP) , routing protocol
An interior gateway protocol (IGP) developed by Cisco Systems.
Overview
Interior Gateway Routing Protocol (IGRP) is a proprietary classful interior routing protocol that was developed by Cisco for two reasons:
Routing Information Protocol (RIP) was widely deployed but had several deficiencies, including a simplistic metric that did not mirror real-world network topologies and a limitation in maximum hop count to 15 hops.
Open Shortest Path First (OSPF) was being developed by the Internet Engineering Task Force (IETF) as a successor to RIP and as a routing protocol for larger internetworks, but development of OSPF was slow and the market needed a replacement for RIP.
As a result, Cisco developed IGRP as a proprietary protocol for exchange of routing information within an autonomous system (AS). IGRP was tuned to provide optimal routes to ensure that communications within a network would be minimally disrupted should a router go down. IGMP is a stable protocol capable of supporting very large networks, supports up to 255 hops (100 by default), has fast convergence, provides rudimentary load balancing between parallel routes, and prevents routing loops from occurring.
Architecture
IGRP is based on the same distance-vector routing algorithm used by RIP. In this algorithm a router uses IGRP to exchange routing table updates with adjacent (neighboring) routers only. In contrast to the simple metric of RIP, which forwards packets over the route having the least number of hops, IGRP uses a complicated formula to determine the best route to select, basing the decision on link characteristics that mirror the network's real topology and traffic flow. These factors include
The time it would take a packet to reach its destination when the network is quiet (no traffic)
The amount of bandwidth currently being used by each route (varies with time)
The bandwidth of the slowest hop over the route
The reliability of the route
IGRP routing updates are issued every 90 seconds, compared to every 30 seconds for RIP. In addition, IGRP routing updates are issued in a compressed form that requires fewer packets per update than RIP.
In addition, IGRP makes use of the following features to provide efficient routing:
Hold-down: Prevents a route that has previously gone bad from being reinstated as a valid route
Split horizon: Prevents routing loops from occurring between two routers
Poison reverse update: Reduces the chance of routing loops occurring between three or more routers
Notes
Enhanced IGRP (EIGRP) is another proprietary interior routing protocol developed by Cisco. Despite the similarity in their names, EIGRP is a very different protocol from IGRP.
See Also dynamic routing protocol , Enhanced Interior Gateway Routing Protocol (EIGRP) , Routing Information Protocol (RIP)
Another name for an interior gateway protocol (IGP), any routing protocol used to distribute routing information within an autonomous system (AS).
See Also interior gateway protocol (IGP)
Any networking device positioned between a remote access server (RAS) and a remote client.
Overview
Intermediary devices are third-party devices for performing security-related tasks such as authentication, encryption, and other functions. An intermediary device such as a security host is typically positioned between the RAS server and the modem pool. Remote clients connecting to the modem pool must be authenticated by the security host before they can establish a connection with the RAS server. The security host thus provides an extra layer of security for remote access to the network. The security host might prompt the user for credentials, or the user might be required to use a security card to gain access to the network. Once you have configured the RAS server to work with intermediary devices such as third-party security hosts, you must then configure the client to work with the device. You can typically do this by activating terminal mode on the client so that it can respond to the special prompts issued by the device.
Intermediary device. A security host as an intermediary device between an RAS server and a client.
Notes
Microsoft Windows 2000 and the Windows .NET Server family support intermediary devices for its Routing and Remote Access Services (RRAS).
See Also remote access
An intermediate byte code used by the Windows .NET platform.
Overview
Microsoft Corporation's new .NET platform is a language-independent programming framework for developing secure, scalable Web services. Applications and services can be developed for the .NET platform using a variety of programming languages, including Visual Basic (VB), C++, and Microsoft's new C# language. When compiled on the .NET platform, these languages all produce an architecture-independent intermediate byte code called Intermediate Language (IL). Code written in different languages can be mixed easily since they share the same architecture and data types-all compiled code is in the form of .NET objects.
See Also .NET platform
An International Telecommunication Union (ITU) initiative to create a global standard for third-generation (3G) mobile communication networks.
Overview
The International Mobile Telecommunications-2000 (IMT-2000) initiative has its roots in 3G wireless research undertaken by the ITU in 1986. The goal of the initiative is to establish global mobile communication standards that support voice messaging services integrated with existing Public Switched Telephone Network (PSTN) services, integrated multipoint paging and dispatch services, and high speed data transmission at rates of up to 2 megabits per second (Mbps) for both packet-switched and circuit-switched communications (see table).
Mobility | Minimum Data Rate |
Fixed | 2 Mbps |
Pedestrian | 384 kilobits per second (Kbps) |
Vehicular | 144 Kbps |
Because of differences in how the spectrum is regulated in different countries and regions and because of the fundamental inoperability between the two major types of cellular communication technologies-Time Division Multiple Access (TDMA) and Code Division Multiple Access (CDMA)-the ITU realizes that the initiative probably will not be able to unify worldwide mobile communication into a single global standard. As a result, the original IMT-2000 initiative has evolved somewhat to support several proposed standards, including the following:
Universal Mobile Telecommunications System (UMTS): A standard for 3G wireless networks proposed by the European Telecommunications Standards Institute (ETSI)
Universal Wireless Communications (UWC-136): A standard for 3G wireless networks proposed by the Telecommunications Industry Association (TIA)
CDMA2000: A proposed hardware upgrade to the existing Code Division Multiple Access (CDMA) cellular phone systems used in the United States and in some parts of Asia
W-CDMA: A proposed upgrade to Global System for Mobile Communications (GSM) networks that provides an alternative air interface to CDMA2000 for upgraded CDMA systems in Europe and Japan
The upgrade for CDMA bearers will be simpler and will move them directly from the current IS-95a standard called cdmaOne (the brand name used by the vendor consortium called the CDMA Development Group for existing data transmission at 16 Kbps) to the proposed CDMA2000. The upgrade for TDMA bearers may take several different paths-for example, from TDMA to General Packet Radio Service (GPRS) to Enhanced Data Rates for Global Evolution (EDGE) to UMTS. Some industry watchers predict that GPRS and IMT-2000 will be widely adopted worldwide in the next five years, which will give Europe and Asia an edge in high-speed wireless data communication over the United States, where as many as five competing systems might be deployed widely.
Notes
Note that the 2000 in the term International Mobile Telecommunications-2000 refers to the transmission speed (approximately 2000 Kbps), not the final deployment date (which is likely to be around 2005).
For More Information
Find out more about IMT-2000 at www.itu.int/imt.
See Also CDMA2000 ,Universal Mobile Telecommunications System (UMTS) ,Universal Wireless Communications (UWC-136)
A nongovernmental organization based in Geneva, Switzerland, that has representatives from about 130 countries and regions and is responsible for developing a variety of international standards in science and engineering.
Overview
The International Organization for Standardization (ISO), established in 1947, runs almost 3000 different working groups and committees covering a broad range of standards issues. The ISO's goals are to develop cooperation in scientific, technological, intellectual, and economic activities and to facilitate the international exchange of goods and services. The ISO includes member agencies in more than 30 countries and regions. These member agencies include the American National Standards Institute (ANSI) and the European Computer Manufacturers Association (ECMA).
ISO standards include the following:
Open Systems Interconnection (OSI) reference model for networking
ISO/IEC SQL-92 standard for the transact-SQL language
ISO codes for photographic film speeds
ISO 9000 framework for business-management and quality-assurance standards
ISO 216 international standard paper sizes
Standards for telephone and bank cards
ISO international country codes and currency codes
Notes
If you work with enterprise directory services, you might need to contact the ISO someday. For instance, if you plan to modify the schema of Active Directory directory service for Microsoft Windows 2000 and create new classes or attributes, you must obtain a unique object identifier for your enterprise to ensure that your new classes and attributes do not conflict with those defined by other directory services. This is especially important in a heterogeneous networking environment with multiple interoperating directory services such as Active Directory, Novell Directory Services (NDS), an X.500-based directory service, or Simple Network Management Protocol (SNMP). You can contact the ISO to receive an object identifier for your organization and then subdivide your object identifier space as you desire and assign object identifiers to your new classes and attributes.
For More Information
Visit the ISO at www.iso.ch.
See Also Active Directory ,Novell Directory Services (NDS) ,Simple Network Management Protocol (SNMP) ,X.500
An international organization headquartered in Geneva, Switzerland, that coordinates global telecommunications networks and services with governments and the private sector.
Overview
Known until 1993 as the International Telegraph and Telephone Consultative Committee, also known by its French name, Comit Consultatif International T l graphique et T l phonique (CCITT), the International Telecommunication Union (ITU) is responsible for a number of important international networking and communication standards, including the following X series and V series standards:
V.35 serial interface standard
V.90 56-Kbps modem standard
X.25 packet-switching network standard
X.400 message-handling system (MHS) standard
X.435 standard for electronic data interchange (EDI) over X.400
X.500 directory service recommendations
X.509 digital certificate and authentication standard
Standards for Standardized Generalized Markup Language (SGML), the precursor to Extensible Markup Language (XML)
The ITU also hosts important study groups, meetings, and conferences and is a leading publisher of information on telecommunications technology and standards. The section of the ITU that is concerned with developing international standards for telecommunications is called the ITU Telecommunications Standardization Sector, or ITU-T.
For More Information
Visit the ITU at www.itu.int.
See Also American National Standards Institute (ANSI) ,V.35 ,V.90 ,X.25 ,X.400 ,X.500
The global public Transmission Control Protocol/ Internet Protocol (TCP/IP) internetwork.
Overview
The Internet has evolved in a single decade from an academic network to the backbone of today's economy. The Internet is synonymous in most people's minds with the World Wide Web (WWW) and has displaced most other early Internet protocols apart from Simple Mail Transfer Protocol (SMTP) and File Transfer Protocol (FTP).
The Internet is not owned by any one government, organization, or company. Nevertheless, various administrative bodies oversee different aspects of the Internet's operation. These groups include the following:
Internet Society (ISOC), which coordinates a number of other bodies and gives them advice and direction.
Internet Architecture Board (IAB), which is responsible to the ISOC and oversees the Internet's architecture.
Internet Engineering Task Force (IETF), which is responsible to the IAB and develops Internet protocols that define the TCP/IP protocol suite, the Domain Name System (DNS), and so on.
Internet Assigned Numbers Authority (IANA), which is responsible for coordinating the registration of DNS names and assigning Internet Protocol (IP) addresses. Many of the functions of IANA have been replaced recently by a new body called the Internet Corporation for Assigned Names and Numbers (ICANN).
History
The Internet originated with the ARPANET project of the U.S. Department of Defense in the early 1970s. The original purpose of ARPANET was to create a wide area network (WAN) that would allow researchers at various defense and civilian research agencies to communicate with each other and to collaborate on projects. ARPANET originally consisted of a few hundred IP hosts joined together at several locations across the country.
When ARPANET grew larger and an increasing number of civilian agencies such as universities and networking companies wanted access to it, administration of the network was given to the National Science Foundation (NSF). The NSF then linked five national supercomputing centers together across the country using TCP/IP running over dedicated 56-kilobits-per-second (Kbps) links. This was essentially the birth of the public Internet as we know it. As more and more universities and private individuals became connected to this network, the NSF realized it had to upgrade the network to handle the new traffic. So in 1987 the NSF awarded a contract to Merit network, which in conjunction with MCI and IBM linked together 13 sites totaling 170 local area networks (LANs) using 1.544 megabit-per-second (Mbps) T1 lines. A year later the NSF terminated the original 56-Kbps backbone.
A few years later, traffic on the network had increased to such an extent that a further upgrade was needed. This was performed by Advanced Network and Services (ANS), a spin-off of the earlier Merit/MCI/IBM coalition. In 1990 the backbone was upgraded to T3 lines (45 Mbps) connecting 16 sites representing 3500 LANs. At this point, several other companies tried to get into the act. Alternet (now UUNET) and PSI created the Commercial Internet Exchange (CIX), which began as an alternative network but which soon was connected into the NSF backbone.
Then a company called MFS began to set up fiber-optic ring networks called Metropolitan Area Ethernets (MAEs). These MAEs were connected to the Internet backbone in metropolitan areas. These soon became obvious places for companies to connect their corporate networks to the Internet, and MAE soon stood for Metropolitan Area Exchange instead. The first such exchange was called MAE-East, which is still operational and is located in Washington, D.C. Other MAEs include MAE-West in San Jose, California, and MAE-LA in Los Angeles.
By 1993 the NSF had decided to stop funding and managing the Internet backbone and to turn this job over to private operators. To facilitate this, the NSF established several network access points (NAPs) where backbone networks of these private operators could connect to the NSF's network. There are now several dozen NAPs in the United States (and many others around the world) and these include both the original MAEs and newer ones created by the NSF and by private companies. Finally, in 1995 NSF turned off its network and the Internet was reborn as a "core" of NAPs that are connected and owned by such companies as AT&T, Cable and Wireless, Genuity (formerly part of GTE Corporation), PSINet, Sprint Corporation, Qwest Communications International, and UUNET. Today, these NAPs are connected by fast OC-12, OC-48, and OC-192 connections, and traffic at the Internet's core is estimated by analysts as costing about $800 per megabit per second per month.
Architecture
From a network architecture point of view, the Internet's architecture is amazingly simple: the Internet can be viewed as a collection of thousands of large privately managed networks called Autonomous Systems (ASs). Each AS has a number (Autonomous System Number, or ASN) to identify it to other ASs. Different ASs are joined in a loose mesh configuration using powerful border routers that exchange routing information with each other using Border Gateway Protocol (BGP). IP packets traverse the Internet by being forwarded by these border routers and by routers within the ASs themselves. A typical request for a Web page from somewhere else in the world might result in your request making 15 or more hops across routers on the Internet.
For More Information
You can find interesting and useful information about the Internet at the following sites: www.netsizer.com, www.isc.org, and www.cyberatlas.internet.com.
See Also autonomous system (AS) , autonomous system number (ASN) ,Border Gateway Protocol (BGP) ,
A project of the University Corporation for Advanced Internet Development (UCAID) to develop a high- speed network for research and collaboration and for developing innovative applications for education.
Overview
The Internet2 project is supported by more than 150 universities in the United States and is designed to create a leading-edge network for developing and testing new Internet applications for researchers. Its members consist of a collection of national, regional, and campus organizations whose networks are linked by new technologies and common research goals. Internet2 is not a successor to the present Internet, but rather new technologies to be used as part of the Internet. Internet2 is being developed by a consortium of institutions working to improve on existing Internet technologies. The knowledge and new technologies developed using Internet2 will be made available to the broader Internet community as they emerge.
Some of the potential benefits of new Internet technologies include advances in areas such as telemedicine, digital libraries, and virtual laboratories. Internet2 will also provide researchers with a test bed for developing new networking technologies, such as the following:
Broadband networking
Quality of service (QoS) networking technologies
IPv6, the new 128-bit version of the Internet protocol
Multicasting technologies
Notes
Other groups are working toward similar goals in cooperation with Internet2. Examples include the federally led Next Generation Internet (NGI) initiative, the National Science Foundation's High Performance Connections program, and the MCI/WorldCom vBNS network service.
Europe's version of the Internet2 is called GEANT and is intended as a backbone network joining 30 countries and regions together using 2.5-gigabit-per-second (Gbps) links for the purposes of academic research and industry collaboration.
For More Information
Visit the Internet2 site at www.internet2.edu.
The process of connecting subscribers to Internet service providers (ISPs).
Overview
In the early 1990s, the ways in which businesses and consumers could connect to the Internet were limited, slow, and costly. These technologies included dial-up modems, Integrated Services Digital Network (ISDN) connections, and expensive leased lines such as T1 lines. By the end of the decade, the landscape had changed, however, and broadband Internet access technologies had become widespread, at least in dense urban areas. These new methods for providing Internet access to subscribers include:
Asymmetric Digital Subscriber Line (ADSL): Provides downstream speeds up to about 10 megabits per second (Mbps)-upstream speeds are less-over dedicated connections at about $50 a month. The main disadvantage is that it is available only within a few miles from the telco central office (CO).
Cable modem: Provides symmetric speeds of up to 10 Mbps in theory, but because the system is a shared network, typical speeds are more like 1 Mbps. Cable modem access is widely available in residential areas but difficult to obtain in business and industrial parks.
Fixed wireless: Provides downstream speeds typically of only a few hundred kilobits per second and has limited availability but can be deployed in locations too distant for ADSL or cable modems to function.
See Also Asymmetric Digital Subscriber Line (ADSL) , cable modem , T-carrier, wireless networking
A technical advisory group for the Internet Society (ISOC).
Overview
The Internet Architecture Board (IAB) was established in 1983 for the purpose of providing oversight for the development of Internet protocols and standards. It consists of 13 volunteer members, 6 of whom are nominated by the Internet Engineering Task Force (IETF) and approved by the ISOC. IAB members are part-time volunteers who provide the IETF community with advice and support. The IAB's functions include the following:
Overseeing the evolution of the Internet's architecture and protocols from a long-term, strategic level. The most important of these issues is to ensure the continued scaling of the Internet's core services and protocols.
Overseeing the process for developing Internet standards and for managing and publishing the Request for Comments (RFC) series of standards documents.
Providing guidance to the ISOC on technical and procedural matters relating to the Internet.
Selecting and appointing the chair of the IETF and candidates for the Internet Engineering Steering Group (IESG), which is responsible for the day- to-day operation of the IETF, and the Internet Assigned Numbers Authority (IANA), most of whose functions are now replaced by the Internet Corporation for Assigned Names and Numbers (ICANN).
For More Information
Visit the IAB at www.iab.org
See Also Internet Assigned Numbers Authority (IANA) ,Internet Corporation for Assigned Names and Numbers (ICANN) ,Internet Engineering Task Force (IETF)
The organization that coordinates the assignment of unique Internet protocol parameters such as the Internet Protocol (IP) address space and the Domain Name System (DNS).
Overview
The Internet Assigned Numbers Authority (IANA) operates under the auspices of the Internet Society (ISOC) and is considered part of the Internet Architecture Board (IAB). IANA is the ultimate authority for managing the root name servers that maintain the central database of information for the DNS. IANA also controls the assignment of Transmission Control Protocol/Internet Protocol (TCP/IP) protocol identifiers such as IP addresses and the numbers for autonomous systems on the Internet.
IANA delegates authority to other organizations and companies to grant users unique IP address blocks and register DNS domain names. IANA delegates these responsibilities to three regional bodies:
The American Registry for Internet Numbers (ARIN), which manages North America, South America, and sub-Saharan Africa
R seaux IP Europ ens (RIPE), which manages Europe and North Africa
The Asia Pacific Network Information Center (APNIC), which manages Asia and Australia
IANA is funded by the U.S. government. A new international nonprofit organization called the Internet Corporation for Assigned Names and Numbers (ICANN) has taken over the responsibilities of IANA because of the Internet's increasingly international and commercial nature.
Notes
Actual registration of IP addresses and DNS names is performed by network information centers, which in the United States include:
Various accredited domain name registrars, which have replaced Internet Network Information Center (InterNIC) as the authorities for registering the .com, .org, .net, .gov, and .edu top-level domains
The U.S. Domain Registration Service, which administers the .us top-level domain
The U.S. Department of Defense Network Information Center, which manages the .mil top-level domain
The .int top-level domain registry in Marina del Rey, California
For More Information
Visit IANA at www.iana.org.
See Also American Registry for Internet Numbers (ARIN) , Asia Pacific Network Information Center (APNIC) ,Domain Name System (DNS) , RIPE
A protocol that enables arrays of proxy servers to work together over a network.
Overview
The Internet Cache Protocol (ICP) was developed to allow individual proxy servers to query neighboring proxy servers to try to locate cached copies of requested objects. If these queries fail, the object is requested from the Internet. ICP has some inherent drawbacks:
ICP arrays use queries to determine the location of cached information, a process that generates additional network traffic.
ICP arrays have negative scalability-the more proxy servers in the array, the more query traffic is generated.
ICP arrays tend to become highly redundant, with each cache containing similar information (the URLs of the most frequently visited sites).
Microsoft Corporation's solution to these problems is the Caching Array Routing Protocol (CARP), which it developed for its Microsoft Proxy Server version 2.
See Also Caching Array Routing Protocol (CARP) ,proxy server
A new firewall feature of Windows XP and the Windows .NET Server family.
Overview
Internet Connection Firewall (ICF) is a software-based firewall application that is used to set restrictions on what type of network traffic or information is allowed to communicate between your home or small office network and the Internet. ICF is similar to a "stateful" firewall in that it monitors all aspects of the communications that cross its path and inspects the source and destination address of each message that it handles. Communications that originate from a source outside the ICF computer are dropped by the firewall unless an entry for the type of traffic being received is designated to allow passage. No notifications are created; ICF simply discards unsolicited communications, which prevents common hacking attempts such as port scanning. A security log can be created to allow viewing of the activity that ICF tracks.
See Also firewall ,network security
A Transmission Control Protocol/Internet Protocol (TCP/IP) network layer protocol used for various purposes.
Overview
The Internet Control Message Protocol (ICMP) is a simple TCP/IP protocol that operates at the network layer, the same layer at which Internet Protocol (IP) functions. Unlike IP, whose main function is to enable datagrams to be sent and received, ICMP has more restricted functions, including
Testing of TCP/IP connectivity with remote hosts to make sure they are alive (using ping)
Issuing simple control requests to routers and other hosts
Reporting error conditions from routers and other hosts
In effect, ICMP complements IP by providing control messages and reporting errors on behalf of IP. ICMP is defined in RFCs 792 and 1700.
Architecture
ICMP messages are encapsulated in IP datagrams for transmission over a network. ICMP packets are thus connectionless and do not provide for guaranteed message delivery. ICMP supports broadcast traffic, but unlike both Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), which operate at the higher Internet layer, ICMP does not use port numbers.
The function of an ICMP message is determined by the first 2 bytes of its message header. Some of the more common types of ICMP packets are
Echo Reply (ICMP type 0): The Ping command uses this packet type to test TCP/IP connectivity.
Destination Unreachable (ICMP type 3): Indicates that the destination network, host, or port cannot be reached.
Source Quench (ICMP type 4): Routers send this packet type when they cannot process IP traffic as fast as it is sent. A Source Quench message essentially means "Slow down!" A Microsoft Windows NT or Windows 2000 host can respond to a Source Quench message by slowing down its rate of data transmission.
Redirect Message (ICMP type 5): Used to redirect the host to a different network path. This message essentially tells the router to override the entry in its internal routing table for this packet.
Echo Request (ICMP type 8): The Ping command uses this packet type to test TCP/IP connectivity.
Router Advertisement (ICMP type 9): Sent at random intervals in response to an ICMP Router Solicitation request.
Router Solicitation (ICMP type 10): Sent by routers to request router advertisement updates.
Time Exceeded (ICMP type 11): Indicates that the Time to Live (TTL) has been exceeded because of too many hops. The Tracert command uses this message to test a series of routers between the local and remote hosts.
Parameter Problem (ICMP type 12): Indicates an error processing the header of an IP packet.
Issues
Because of its broadcast nature, ICMP has been open to exploitation as a means of network attack. Many types of denial of service (DoS) attacks are based upon ICMP, including the Smurf attack, Tribe Flood Network (TFN) attack, Loki, and WinFreeze. For example, ICMP redirects can modify a router's routing table, so sometimes hackers try to subvert routers by issuing forged ICMP redirects in order to perform a DoS attack. ICMP redirects are usually sent by routers only if all the following conditions occur:
The router is configured to generate ICMP redirects.
The incoming router interface for the packet is the same as the outgoing router interface.
The subnet of the source IP address is identical to the next-hop IP address.
The IP datagram is not source routed.
See Also denial of service (DoS) , hacking , Transmission Control Protocol (TCP), Transmission Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP)
A nonprofit corporation that has taken over some of the functions of IANA (Internet Assigned Numbers Authority).
Overview
The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for
Allocating portions of the Internet Protocol (IP) address space
Managing the Domain Name System (DNS), including developing new top-level domains and managing root name servers
Assigning Internet Protocol (IP) parameters
Until recently, a U.S. company, Network Solutions, exclusively managed the registration of domain names and maintained the DNS database. With the emergence of ICANN, these processes have been opened up to allow competition in the DNS registration arena through establishing guidelines for determining the following:
Who can function as a domain name registry
Policies on fees and privacy rights for domain name registries
How disputes will be resolved between domain name registries
What new top-level domain names will be allowed
Prospects
The transition from IANA to ICANN has not been entirely smooth. Some members of the international Internet community still see ICANN as largely dominated by U.S. government and corporate interests and would like to see a more radical redesign of the DNS to make it more international and to help reduce the tide of trademark litigation regarding domain names.
For More Information
Visit ICANN at www.icann.org
See Also Domain Name System (DNS) ,
An international community of networking engineers, network administrators, researchers, and vendors whose goal is to ensure the smooth operation and evolution of the Internet.
Overview
The Internet Engineering Task Force (IETF) receives its charter from the Internet Society (ISOC), and its daily operations are overseen by the Internet Architecture Board (IAB). The work of the IETF is performed by a number of working groups who are dedicated to such aspects of the Internet as routing, operations and management, transport, security, applications, and user services. These working groups interact primarily through mailing lists and are managed by area directors who belong to the Internet Engineering Steering Group (IESG). Some working groups develop extensions and newer versions of familiar protocols such as Hypertext Transfer Protocol (HTTP), Lightweight Directory Access Protocol (LDAP), Network News Transfer Protocol (NNTP), Point-to-Point Protocol (PPP), and Simple Network Management Protocol (SNMP). Others develop new protocols such as the Common Indexing Protocol, Internet Open Trading Protocol, and the Internet Printing Protocol.
The working groups produce documents called Internet Drafts, which have a life span of six months, after which they must be deleted, updated, or established as a Request for Comments (RFC) document.
For More Information
Visit the IETF at www.ietf.org
See Also Internet Architecture Board (IAB) ,Internet Society (ISOC) Request for Comments (RFC)
Microsoft Corporation's integrated suite of client-side Internet software, which is included with all current versions of Microsoft Windows.
Overview
Microsoft Internet Explorer has evolved from a simple Web browser to a full-featured suite of Internet tools. It provides access not only to information on Web sites on corporate intranets and the Internet but also to file system resources on the local machine and to shared folders on the network. When deployed using the Internet Explorer Administration Kit (IEAK), the following optional components can be installed or upgraded in addition to the basic Web browser:
Microsoft Outlook Express
Microsoft NetMeeting
Microsoft FrontPage Express
Microsoft Chat
Web Publishing Wizard
Connection Wizard
Features of Internet Explorer 5 and later include
Support for the latest Internet standards and scripting languages, including Hypertext Markup Language (HTML) version 4; Microsoft Visual Basic, Scripting Edition (VBScript); JScript; ActiveX; Java; and Dynamic HTML
Split-screen Search, History, Channel, and Favorites Explorer bars that can be toggled on and off
Security zones for dividing intranets and the Internet into safe and unsafe regions with their own security settings
Authenticode 2 code-signing technology that enables users to check the digital certificate of downloaded code before installing it on their system
Offline browsing, which enables users to access Web content in their History or Subscribed Content folders when they are not connected to the Internet
Scheduled, unattended dial-up for obtaining Web content from subscribed sites to view offline later
Autocompletion of Uniform Resource Locators (URLs) typed into the address bar using Microsoft IntelliSense technology
Dynamic HTML behaviors that allow Dynamic HTML functionality to be extended through hosted components
Development enhancements that allow users to set the properties of items based on the value of an expression
Enhancements to tables that allow users to create fixed-layout tables and collapsible borders
Accessibility enhancements
For More Information
Visit the Internet Explorer home page at www.microsoft.com/windows/ie.
See Also Internet Explorer Administration Kit (IEAK) ,Web browser
A tool for customizing and deploying Microsoft Internet Explorer throughout an enterprise.
Overview
Some of the features of the Internet Explorer Administration Kit (IEAK) include
IEAK Configuration Wizard, which is used to download, configure, and package Internet Explorer components for distribution to users in the enterprise.
Automatic Version Synchronization (AVS) for notifying administrators when software updates for Internet Explorer 4 are available. Administrators can download these updates and distribute them to users.
Profile Manager for centrally managing user desktop settings after deployment of Internet Explorer 4.
Wizard-based configuration for determining which portions of Internet Explorer 4 will be deployed and how they will be configured.
The IEAK also supports deployment methods such as Microsoft Systems Management Server (SMS), e-mail, Web sites, floppy disks, and CDs.
Implementation
You first decide how you want to distribute your custom package for Internet Explorer: CD, floppy disks, or an Internet Uniform Resource Locator (URL) for users to download the package. You use the IEAK Configuration Wizard to build custom packages that include Internet Explorer, its related components, and up to 10 other custom components.
Once you create your package, you can distribute it using the appropriate method for the type of package: locate it on an Internet or file server or give users copies of CDs or floppy disks. Users can then run the Setup program to install Internet Explorer and the additional components on their systems. You can also use the IEAK Configuration Wizard to do the following:
Create silent installation packages that do not allow users to change the configuration settings you have specified
Create branded packages that customize users' browsers using a company-specific logo, title bar text, toolbar background bitmap image, or channel title bar for Internet Explorer
Create packages with preconfigured browser settings such as a Start page, Search page, Support page, default favorites, Welcome page, desktop wallpaper, Active Channels, and proxy settings
See Also Internet Explorer
A technology developed by Oracle Corporation for sharing data over the Internet.
Overview
Oracle's Internet File System (iFS) leverages Extensible Markup Language (XML) to enable applications, services, and users to share data easily using standard Internet protocols. The iFS is included in the Oracle 9i database platform and provides a repository for all types of information including Web documents, e-mail messages, and other files. Using iFS, you can easily move data between Web applications and Oracle databases.
The iFS supports a number of standard Internet protocols, including
Hypertext Transfer Protocol (HTTP)
Web-based Distributed Authoring and Versioning (WebDAV)
File Transfer Protocol (FTP)
Simple Mail Transfer Protocol (SMTP)
The iFS also supports Server Message Block (SMB) protocol, the native file sharing protocol of the Microsoft Windows platform.
See Also File Transfer Protocol (FTP) ,Hypertext Transfer Protocol (HTTP) ,Simple Mail Transfer Protocol (SMTP) ,XML
A Transmission Control Protocol/Internet Protocol (TCP/IP) network layer protocol used for informing routers of the availability of multicast groups on the network.
Overview
The Internet Group Management Protocol (IGMP) is used in a multicasting environment to exchange information on the status of membership in multicast groups between routers on the network. Once a router becomes aware that there are hosts on a locally attached network that are members of a particular multicast group, it advertises this information using IGMP to other routers on the internetwork so that multicast messages are forwarded to the appropriate routers. IGMP is thus used to maintain the group membership on a local subnet for an Internet Protocol (IP) multicast.
Architecture
There are two versions of IGMP: IGMPv1 and the newer IGMPv2. IGMPv1 is defined in RFC 1112 and supports only two types of IGMP messages:
Host membership report: Hosts send this type of message to inform local routers that the host wishes to receive multicast IP traffic addressed to a specific group address.
Host membership query: Routers send this message to poll a local area network (LAN) segment in order to determine if any hosts on the segment are listening for multicast traffic.
IGMPv2 is defined in RFC 2236 and includes several new message types, including
Leave group: Used by a host to inform a router that it is the last member to leave a multicast group (so that the router knows it no longer needs to forward IP multicasts to that subnet).
Group-specific query: Similar to the IGMP Host membership query, except that it checks for membership in a specific multicast group.
Multicast querier election: This allows a single router to be selected for issuing IGMP Host membership query messages to a particular network segment.
IGMPv2 is fully backward-compatible with IGMPv1.
Implementation
Operation of IGMP is best illustrated with a simple example. To join a multicast group, a host must report its request for membership to nearby routers. These routers periodically poll the hosts in their locally attached networks to check on their membership status. When a host first joins a multicast group, it sends an IGMP Host Membership Report to the multicast address 244.0.0.1. The message contains the multicast address that identifies the group it wants to join. Routers connected to that host's local network then advertise to other routers throughout the internetwork that the particular network has hosts belonging to that multicast group. The routers poll the hosts regularly by sending IGMP Host Membership Query messages to determine whether any of them are still members of that group. If no hosts on the network belong to that group any longer, the router stops advertising the information to other routers on the internetwork so that multicast messages directed to that group are no longer forwarded to it.
Notes
IGMP is used by the Routing and Remote Access Service (RRAS) of Microsoft Windows 2000 for IP multicasting. IGMP is also used in Windows NT by the Windows Internet Naming Service (WINS)-at startup a WINS server sends IGMP packets to the multicast address 224.0.1.24 to seek out possible WINS replication partners on the network.
See Also Internet Protocol (IP) ,multicasting ,Transmission Control Protocol/Internet Protocol (TCP/IP)
A user account in Microsoft Windows 2000, Windows XP, and the Windows .NET Server family used by Microsoft Internet Information Services (IIS).
Overview
The Internet guest account on Windows 2000 is usually an account named IUSR_ComputerName, where ComputerName is the name of the Windows 2000 server on which IIS is installed. The account is used to allow anonymous access to World Wide Web (WWW) and File Transfer Protocol (FTP) sites on IIS. The IUSR_ ComputerName account is given a randomly assigned password and is made a member of the Guests local group. The account is also granted the sole system right "log on locally" so that when users on the Internet try to anonymously access a WWW or FTP site on IIS, they are authenticated as if they had logged on locally to the system console (instead of being authenticated as normal network users). This secures the computer against unauthorized network access. Once a user is authenticated as an anonymous user, he or she transparently uses the IUSR_ComputerName account to gain access to files on the WWW or FTP sites of interest.
The IUSR_ComputerName account is automatically included in the built-in Guests local group on the server on which IIS is installed, so be sure to review the permissions and rights that you have granted to the Guests group.
See Also Internet Information Services (IIS)
A Microsoft Windows service that provides support for application-layer Internet protocols.
Overview
Internet Information Services (IIS) enables Windows 2000 servers to function in the roles of Web servers, File Transfer Protocol (FTP) servers, Network News Transfer Protocol (NNTP) servers, and similar Internet and intranet servers. IIS is also a foundational component for a wide variety of other Microsoft server platforms, including Microsoft Exchange Server 2000, Microsoft Sharepoint Server, and other Microsoft .NET Enterprise Servers.
IIS was first released for Windows NT 3.51 as version 1. The highest version available for the Windows NT platform is version 4.01, which was included as part of the Windows NT Option Pack. On Windows 2000, the version of IIS is 5, but on Windows XP, it is 5.1 and on Windows .NET Server, it is 6.
All current versions of IIS support the following features:
Fully integrated with Windows NT security and the version of NTFS file system (NTFS) used in Windows NT
Full support for version 1.1 of Hypertext Transfer Protocol (HTTP)
Support for File Transfer Protocol (FTP)
Limited support for Simple Mail Transfer Protocol (SMTP)
Support for Network News Transfer Protocol (NNTP)
Support for advanced security using the Secure Sockets Layer (SSL) and related protocols
Provides a platform for deploying scalable Web server applications using Active Server Pages (ASP); Internet Server API (ISAPI); Common Gateway Interface (CGI); Microsoft Visual Basic, Scripting Edition (VBScript); JScript; and other installable scripting languages, such as Perl
Allows Web applications to be run as isolated processes in separate memory spaces to prevent one application crash from affecting other applications
Integrates with Microsoft Transaction Server (MTS) and Microsoft Message Queue (MSMQ) Server for deploying transaction-based Web applications
Can be managed using the Microsoft Management Console (MMC), through a standard Web browser such as Microsoft Internet Explorer, or by running administrative scripts using the Windows Scripting Host (WSH)
Includes domain blocking for granting/denying access on the basis of IP address or domain
Allows IIS activity to be logged in various formats, including IIS, World Wide Web Consortium (W3C), National Computer Security Association (NCSA), and open database connectivity (ODBC) logging
Allows Web site operators to be assigned for limited administration of each Web site
Bandwidth throttling to prevent one Web site from monopolizing a server's available bandwidth
Notes
The acronym IIS stood for "Internet Information Server," the forerunner of this feature in the Windows NT platform.
See Also Active Server Pages (ASP) , Common Gateway Interface (CGI) ,File Transfer Protocol (FTP) ,Hypertext Transfer Protocol (HTTP) , Network News Transfer Protocol (NNTP), Secure Sockets Layer (SSL), Simple Mail Transfer Protocol (SMTP), Web server
A Common Object Request Broker Architecture (CORBA) technology for distributed computing over the Internet.
Overview
CORBA is a technology for building object-oriented distributed applications. A CORBA application consists of objects that communicate with each other using orbs (object request brokers). The Internet Inter-Orb Protocol (IIOP) is an extension for CORBA that allows orbs to communicate with each other over the Internet.
IIOP uses Transmission Control Protocol (TCP) as its underlying network transport. IIOP supports bidirectional communications once a TCP session has been established. IIOP also supports callbacks to allow separate connections for client and server communications.
IIOP does not have a standard well-known TCP port number-instead, different orbs each have their own predefined port numbers. Some orbs also support dynamic allocation of port numbers, and some other orbs do not support IIOP at all.
IIOP does not include built-in authentication and encryption features. Instead, CORBA applications are responsible for secure communications using IIOP. An enhanced version of IIOP does exist, however, called IIOPS, standing for IIOP SSL and using the standard Secure Sockets Layer (SSL) protocol for secure communications over the Internet.
See Also Common Object Request Broker Architecture (CORBA) ,Secure Sockets Layer (SSL)
A protocol for managing keys in public key cryptography systems.
Overview
Internet Key Exchange (IKE) is used by the Internet Protocol Security (IPsec) protocol for generating and exchanging keys to enable secure IP network communications. IKE defines the procedures involved in the exchange of credentials necessary for establishing secure communications sessions. When IKE is used with IPsec, network authentication can employ either digital certificates or preshared keys. Preshared keys are used where the number of users is small, and digital certificates can scale effectively to the enterprise level. When digital certificates are used, however, IPsec must be rolled out in conjunction with a full public key infrastructure (PKI) to support the generation and management of such certificates.
The Internet Engineering Task Force (IETF) has recently developed several extensions to IKE to simplify how IPsec authentication is performed:
Hybrid Auth: This uses tunneling to send client credentials to a central security server, which responds by returning a digital certificate to the client.
Xauth: This is similar to Hybrid Auth, but the digital certificate resides on the client instead of the server.
See Also Internet Protocol Security (IPsec) ,public key infrastructure (PKI) ,
A Lightweight Directory Access Protocol (LDAP) directory service that enables Microsoft NetMeeting users to locate and contact other users for conferencing and collaboration over the Internet.
Overview
Microsoft Commercial Internet System (MCIS) has an Internet Locator Service (ILS) that functions as a memory-resident database for storing dynamic directory information about NetMeeting users. This information, which includes a user's name, company, and Internet Protocol (IP) address, is stored in an Active Directory Global Catalog and can be accessed by any LDAP client, such as NetMeeting. Clients periodically refresh the information in the ILS database. Users can access the ILS using LDAP to place a call to other NetMeeting users and to determine which NetMeeting users are currently logged on to the ILS. Using Active Server Pages (ASP), you can design a customizable Web interface that displays who is currently online and allows users to search for other users and initiate NetMeeting sessions with them.
Notes
ILS replaces the earlier User Locator Service (ULS) technology.
See Also Lightweight Directory Access Protocol (LDAP)
A standard protocol for storage and retrieval of e-mail messages.
Overview
Simple Mail Transport Protocol (SMTP) provides the underlying message transport mechanism for sending e-mail messages over the Internet, but it does not provide any facility for storing and retrieving those messages. In order to communicate, SMTP hosts must be continuously connected to one another, but for ordinary users this is not always the case.
Internet Mail Access Protocol version 4 (IMAP4) complements SMTP by providing a mechanism for holding received messages in receptacles called mailboxes. An IMAP4 server stores messages received by each user in a personal mailbox until the user can connect to the server to download and read them. To do this, the user requires an IMAP4-capable mail client such as Microsoft Outlook or Microsoft Outlook Express.
IMAP4 provides functions similar to an earlier protocol called Post Office Protocol version 3 (POP3), but it includes a number of features that were not supported by POP3. Specifically, IMAP4 allows users to
Access multiple folders, including public folders
Create hierarchies of folders for storing messages
Leave messages on the server after reading them so that they can access the messages again from another location
Search a mailbox for a specific message to download
Flag messages as read
Selectively download portions of messages or attachments only
Review the headers of messages before downloading them
Implementation
To retrieve a message from an IMAP4 server, an IMAP4 client first establishes a Transmission Control Protocol (TCP) session using TCP port 143. The client then identifies itself to the server and issues a series of IMAP4 commands:
LIST: Retrieves a list of folders in the client's mailbox
SELECT: Selects a particular folder to access its messages
FETCH: Retrieves individual messages
LOGOUT: Ends the IMAP4 session
To troubleshoot problems with remote IMAP4 servers, use Telnet to connect to port 143. Then try issuing various IMAP4 commands such as the ones described in this entry and examine the results.
Advantages and Disadvantages
Because IMAP4 clients can allow read messages to remain on the IMAP4 server, IMAP4 is especially useful for mobile users who dial up and access their mail from multiple locations. The downside is that IMAP4 servers require more resources than POP3 servers because users tend to leave large numbers of messages on the server. IMAP4 also is not as widely supported by Internet service providers (ISPs) as POP3.
Notes
IMAP4 is supported by Microsoft Exchange Server.
See Also e-mail ,Post Office Protocol version 3 (POP3) ,Simple Mail Transfer Protocol (SMTP)
A method for printing over the Internet.
Overview
The Internet Printing Protocol (IPP) is a standard method for printing files over Internet Protocol (IP) networks and is defined in RFCs 2565 through 2569 and 2639. Using IPP, a user can specify a Uniform Resource Locator (URL) to print to instead of a Universal Naming Convention (UNC) path for the target print device.
Microsoft Windows 2000 supports using IPP to print to Microsoft Windows 2000 print servers running Microsoft Internet Information Services (IIS). Internet printers are represented in Active Directory directory service as printer objects and can be accessed by HTTP/1.1-compatible browsers such as Internet Explorer 4 or higher. IPP print commands run on top of text-based HTTP messages, which itself runs on top of IP.
IPP is a standards-based vendor neutral solution that allows any compatible client to print to any IPP-enabled print server. IPP is also extensible to allow notifications for blocking and job status.
See Also printing terminology ,Universal Naming Convention (UNC)
The network layer protocol used by Transmission Control Protocol/Internet Protocol (TCP/IP) for addressing and routing packets of data between hosts.
Overview
The Internet Protocol (IP) is one of the key protocols within the TCP/IP protocol suite. IP packets carry the actual data being sent across the network from one point to another. IP is a connectionless protocol that provides best-effort delivery of data. IP does not guarantee delivery of data; instead, the responsibility for guaranteeing delivery and sending acknowledgments lies with the higher-level transport layer protocol called Transmission Control Protocol (TCP).
Architecture
The diagram shows an IP packet's structure. Some of the more important header fields in the IP packet structure include
Source IP address: The IP address of the host transmitting the packet.
Destination IP address: The IP address of the host to which the packet is being sent, a multicast group address, or the broadcast IP address 255.255.255.255.
Header checksum: A mathematical computation used for verifying that the packet received is intact.
Time to Live (TTL): The number of router hops that the packet can make before being discarded.
Fragment offset: The position of the fragment if the original IP packet has been fragmented (for example, by a router). This information enables the original packet to be reconstructed.
Internet Protocol (IP). The structure of an IP packet.
Implementation
IP packets are usually moved across a routed TCP/IP internetwork in the following fashion:
If IP determines that the destination IP address is a local address, it transmits the packet directly to the destination host.
If IP determines that the destination IP address is a remote address, it examines the local routing table for a route to the destination host. If a route is found, it is used; if no route is found, IP forwards the packet to the default gateway. In either case, the packet destined for a remote address is usually sent to a router.
At the router, the TTL is decreased by 1 or more (depending on network congestion), and the packet might be fragmented into smaller packets if necessary. The router then determines whether to forward the packet to one of the router's local network interfaces or to another router. This process repeats until the packet arrives at the destination host or has its TTL decremented to zero and is discarded by a router.
See Also host , routing, Transmission Control Protocol (TCP), Transmission Control Protocol/Internet Protocol (TCP/IP)
Application-layer Transmission Control Protocol/Internet Protocol (TCP/IP) protocols commonly used on the Internet.
Overview
The following table shows some of the standard Internet protocols in use today. Some of these protocols, such as Gopher, have declined in popularity and are now considered legacy protocols. To access a protocol such as Hypertext Transfer Protocol (HTTP) with a Web browser such as Microsoft Internet Explorer, you would use a Uniform Resource Locator (URL) beginning with http://.
Protocol | Protocol Name | Description |
http | Hypertext Transfer Protocol | Used for Web pages that contain text, graphics, sound, and other digital information stored on a Web server on the World Wide Web |
ftp | File Transfer Protocol | Transfers files between two computers over the Internet |
gopher | Gopher protocol | Displays information stored on a network of Gopher servers |
wais | WAIS protocol | Used for accessing a Wide Area Information Servers database |
file | File protocol | Opens a file on a local hard disk or a network share |
https | Hypertext Transfer Protocol Secure | Establishes an encrypted HTTP connection using the Secure Sockets Layer (SSL) protocol |
mailto | MailTo protocol | Starts a Simple Mail Transfer Protocol (SMTP) e-mail program to send a message to the specified Internet e-mail address |
news | News protocol | Opens a Network News Transfer Protocol (NNTP) newsreader and the specified Usenet newsgroup |
nntp | Network News Transfer Protocol | Performs the same function as the News protocol |
midi | Musical Instrument Digital Interface (MIDI) protocol | Plays MIDI sequencer files if the computer has a sound card |
telnet | Telnet protocol | Starts a Telnet terminal emulation program |
rlogin | Rlogin protocol | Starts an Rlogin terminal emulation program |
tn3270 | TN3270 protocol | Starts a TN3270 terminal emulation program |
pnm | RealAudio protocol | Plays RealAudio streaming audio from a Real- Audio server |
mms | Microsoft Media Server (MMS) protocol | Plays .asf streams from a Microsoft Streaming Media server |
A protocol for secure transmission over Transmission Control Protocol/Internet Protocol (TCP/IP).
Overview
Internet Protocol Security (IPsec) defines an end-to-end model for data encryption and integrity implemented at the Internet Protocol (IP) level. "End-to-end" means only that the hosts at the two endpoints of an IPsec session need to be IPsec-enabled; intermediate hosts only need to support TCP/IP communications. IPsec can be used to encrypt transmission of data and ensure that the data originated from the sender and was not modified in transit.
IPsec is frequently used to send information securely over the public Internet through a virtual private network (VPN). IPsec is an Internet Engineering Task Force (IETF) standard and is implemented in Microsoft Windows 2000, Windows XP, and the Windows .NET Server family.
Architecture
IPsec is a Layer-3 TCP/IP protocol that is managed by security policies installed on each machine and by an encryption scheme negotiated between the sender and the receiver. Devices and software configured to support IPsec can use either public key encryption using keys supplied by certificate authorities (CAs) or preshared keys for private encryption.
IPsec implements encryption and data integrity through two additional security protocols, which can be used either separately or together. These protocols are
Authentication Header (AH) protocol: Provides user authentication and protection from replay attacks and supports data authentication and integrity functions. AH enables the recipient to be sure of the sender's identity and that the data has not been modified during transmission. AH does not provide any encryption of the data itself. AH information is embedded in the IP packet's header and can be used alone or with the Encapsulating Security Payload (ESP) protocol. AH is defined in RFC 2402.
Encapsulating Security Payload (ESP) protocol: Encapsulates and encrypts user data to provide full data confidentiality. ESP also includes optional authentication and protections from replay attacks and can be used either by itself or with AH. ESP information is also embedded in the IP packet's header. ESP is defined in RFC 2406.
To establish a security association (secure communication session) between two computers, a protocol framework called ISAKMP/Oakley can also be used. ISAKMP/Oakley includes a set of cryptographic algorithms and is extensible, supporting user-defined encryption algorithms. During the negotiation process, agreement is reached on the authentication and security methods to be used, and a shared key is generated for data encryption.
Implementation
IPsec security policies can be configured to meet the needs of securing users, sites, applications, or the enterprise in general. These security policies consist of a collection of filters with associated behaviors. When the IP address, port number, and protocol of an IP packet match a particular filter, the corresponding behavior is applied to the packet. In Windows 2000, for example, IPsec security policies are created and assigned at the domain level or for individual hosts using the IPsec Management snap-in for the Microsoft Management Console (MMC). IPsec policies consist of rules that specify the security requirements for different forms of communication. These rules are used to initiate and control secure communication based on the nature of the IP traffic, the source of the traffic, and its destination. These rules specify authentication and negotiation methods, tunneling attributes, and connection types.
Advantages and Disadvantages
IPsec implements security differently from such tunneling protocols as Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP), which create secure tunnels and operate at the OSI data-link layer (Layer 2). Instead, IPsec secures information at the packet level and operates at the OSI network layer (Layer 3). IPsec also supports only IP traffic, which limits its use in some enterprise environments. PPTP and L2TP, by contrast, support any network protocol including TCP/IP, Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX), or NetBEUI.
Although the restriction to IP traffic is somewhat of a disadvantage, IPsec does have two significant advantages over tunneling protocols:
Application-layer TCP/IP protocols such as Hypertext Transfer Protocol (HTTP) that reside above IPsec can take full advantage of the security offered by IPsec.
Security policies for configuring IPsec make the protocol more powerful and flexible than tunneling protocols.
See Also data-link layer , Layer 2 Tunneling Protocol (L2TP), network layer, Point-to-Point Tunneling Protocol (PPTP), Transmission Control Protocol/Internet Protocol (TCP/IP)
A text-based Internet conferencing protocol.
Overview
Internet Relay Chat (IRC) is a technology that can be used to send real-time, text-based messages over the Internet. IRC is a client/server technology in which users employ IRC client software to connect to an IRC server or hub. Clients can then connect to an existing chat group (also called chat room or channel) and type messages to other users currently in that group. Chat groups are identified using a pound sign (#) prefix. Messages are transmitted in real time and can appear character by character on the recipients' client software if the person sending the message types slowly enough. Depending on how the chat server is configured, users might be able to create their own chat rooms and hold private discussions. Some chat servers require that you register once to obtain a unique nickname, but others allow you to select a nickname for the current session only. Some Web sites also offer Web-based interfaces to their chat servers.
The network of IRC servers on the Internet is known as Undernet. These servers are generally owned and operated by Internet service providers (ISPs) that provide a free IRC environment to online users. The IRC protocol is defined in RFC 1459.
Prospects
In late 2000, the Undernet network was crippled by a lengthy Distributed Denial of Service (DDoS) attack that prevented IRC users from using the network and created havoc for ISPs hosting Undernet servers. The attack graphically illustrated the Internet's current vulnerability to DDoS attacks and has called into question the long-term viability of Undernet and IRC unless changes are made to the Internet's basic architecture to protect it from such attacks.
Notes
Microsoft Exchange Server includes an IRC-based chat service that you can use to set up public or private IRC sites.
For More Information
Find out more about IRC at www.irc.net
See Also Distributed Denial of Service (DDoS) ,
An umbrella organization for several long-term research groups that focus on standards for Internet protocols, architecture, applications, and technologies.
Overview
The Internet Research Task Force (IRTF) is overseen by the Internet Architecture Board (IAB) and includes research groups such as
The End-to-End (E2E) group, which is concerned with end-to-end services and protocols implemented in hosts
The Information Infrastructure Architecture group, which works to articulate a common information infrastructure for the Internet to support greater interoperability between applications
The Internet Resource Directory group, which develops models for resource description on the Internet, including mechanisms for querying, indexing, and retrieval
The Network Management group, which is concerned with issues relating to the management of the Internet from the perspectives of high-level management domains and customer-oriented services
The Services Management group, which is concerned with the convergence of networking technologies relating to the Internet
For More Information
Visit the IRTF at www.irtf.org
See Also Internet Architecture Board (IAB)
Microsoft Corporation's firewall, proxy, and Web- caching platform.
Overview
Microsoft Internet Security and Acceleration Server (ISA Server) 2000 replaces and extends its earlier Proxy Server 2 platform that was part of the BackOffice suite of server applications. ISA Server belongs to Microsoft's new .NET Enterprise Server platform and is designed to meet the security needs of Internet-based businesses. ISA Server provides
A full-featured firewall set that includes stateful inspection, integrated intrusion detection, integrated virtual private network (VPN) support, and broad application support for circuit-level proxies.
Web caching technology to speed the retrieval of frequently used Web content, saving valuable network bandwidth.
Policy-based management for traffic management that can be scheduled and configured at the user, group, site, application, or content type level.
For More Information
Learn more about ISA Server at www.microsoft.com/isa.
See Also firewall ,.NET Enterprise Servers ,proxy server
A set of standard application programming interfaces (APIs) for developing extensions to Microsoft Internet Information Services (IIS).
Overview
Internet Server API (ISAPI) provides Web developers with a powerful way to extend the functionality of IIS. ISAPI provides developers with low-level access to all Microsoft Win32 API functions, and ISAPI applications often have better performance than applications written using Active Server Pages (ASP) or Common Gateway Interface (CGI) . But as ISAPI dynamic-link libraries (DLLs) are generally written in a high-level programming language such as C or C++, ISAPI applications are usually more difficult to develop than ASP-based or CGI-based solutions and often do not scale as well.
There are two basic kinds of ISAPI DLLs, which have different uses on IIS:
ISAPI extensions: Run-time DLLs that can run either in process or out of process on IIS. ISAPI extensions provide extended functionality to IIS.
ISAPI filters: Used to preprocess packets of data before they enter or leave the IIS main process. An example of an ISAPI filter is the Secure Sockets Layer (SSL) protocol component on IIS 4.
Notes
You can create ISAPI extensions easily using the ISAPI Extension Wizard in Microsoft Visual C++.
See Also Active Server Pages (ASP) , Common Gateway Interface (CGI) ,dynamic-link library (DLL) ,
A company that provides Internet access to consumers, businesses, or both.
Overview
Internet service providers (ISPs) come in various shapes and sizes, from volunteer-run freenets to local, regional, and national service providers such as AT&T WorldNet. ISPs can provide a wide range of services, including
Dial-up Internet access
Broadband Internet access-Digital Subscriber Line (DSL) or cable modem
Leased lines and other wide area network (WAN) services.
Web hosting services
E-mail services
Virtual private networking (VPN)
Types
ISPs can be classified into different types according to their size, service area, and particular business orientation. For example,
National: These are often owned by or partnered with inter-exchange carriers (IXCs) to offer services across the country. Examples include AT&T WorldNet, EarthLink, Genuity, MSN, PSInet, Sprint, UUNET, and Verizon.
Regional: These offer services in specific regions of the country and are often owned by or partnered with Regional Bell Operating Companies (RBOCs) or Incumbent Local Exchange Carriers (ILECs). Examples are Ameritech and BellSouth.
B2B: These focus exclusively on the business- to-business market. Examples include GNS from AT&T and Gridnet from UUNET.
Implementation
Choosing an ISP for your enterprise or business is a process you should approach carefully. If your enterprise spans several locations, you need to consider your ISP as part of your network infrastructure, especially if you are using VPN. Be sure to ask potential ISPs questions about
The capacity their backbone can handle and who owns it. OC-12 and OC-48 backbones are common, and OC-192 backbones are beginning to be deployed by large national carriers (the first ISP to deploy OC-192 was AT&T).
Whether they employ redundant backbone connections to upstream providers and what sort of peering arrangements (public or private) they have with these providers. Most large ISPs use private peering arrangements to connect to similar ISPs, but small ISPs generally have to lease wholesale services from upstream ISPs.
Whether they offer colocation for running your own Web servers at their point of presence (POP).
Which advanced features (VPN, VoIP, and so on) they offer.
What level of reliability or SLA (service level agreement) they offer.
Examples
An example of a large (Tier 1) ISP is UUNET (www.uu.net), which merged with MCI/WorldCom, an IXC. UUNET offers a wide range of services, including dial-up, Integrated Services Digital Network (ISDN), frame relay, Asynchronous Transfer Mode (ATM) access, leased lines, DSL, fast wireless Internet access, and more. UUNET's backbone stretches from North America to Europe and the Asia/Pacific region. Peering in the United States takes place at eight different network access points (NAPs), including MAE-East and MAE-West. All UUNET POPs have redundant links to their backbone.
Notes
If you are a consumer looking for an ISP in your area, try TheList (www.thelist.com).
See Also infrastructure ,Internet
A professional society founded in 1992 that provides leadership for the development and evolution of the Internet.
Overview
The Internet Society (ISOC) comprises over 150 individual organizations, including government agencies and private companies, and is an umbrella organization for other Internet groups, including the Internet Engineering Task Force (IETF) and the Internet Architecture Board (IAB). The ISOC has more than 6,000 individual members in over 100 countries and regions. It is governed by a board of trustees elected from its membership. The ISOC hosts conferences and issues publications related to the development and management of the Internet. The ISOC has taken the lead in promoting the formation of a nonprofit constituency for the new Internet Corporation for Assigned Names and Numbers (ICANN), which oversees the Internet Domain Name System (DNS). The ISOC essentially functions as a legal umbrella for the standardization processes managed by the IETF and the IAB.
For More Information
Visit ISOC at www.isoc.org
See Also Internet ,Internet Architecture Board (IAB) ,Internet Corporation for Assigned Names and Numbers (ICANN)
A network, usually Transmission Control Protocol/Internet Protocol (TCP/IP), consisting of multiple networks joined by routers.
Overview
More generally, an internetwork is any network consisting of smaller networks joined in any fashion using bridges, switches, routers, and other devices. For example, an Internet Protocol (IP) internetwork could consist of a mix of Microsoft Windows NT or Windows 2000 and UNIX machines distributed over different subnets connected with standard IP routers from Cisco Systems or another vendor. An Internetwork Packet Exchange (IPX) internetwork could be a set of networks using Novell NetWare clients and servers running IPX that are connected using IPX-enabled routers.
Internetworking is the process of planning, implementing, and maintaining an internetwork. For IP internetworks, this involves such tasks as
Determining which IP address classes and network IDs to use
Dividing the internetwork into different subnets using a custom subnet mask
Managing host IP address information using the Dynamic Host Configuration Protocol (DHCP)
Configuring dynamic routers for efficient exchange of routing information
Acquiring tools and skills for troubleshooting internetwork problems
The operating system developed by Cisco Systems for its line of routers and access servers to provide a standard way to configure these devices.
Overview
Internetwork Operating System (IOS) is a text-based operating system that users access using a command- line interface (CLI) called EXEC. In this way IOS is similar to UNIX, but IOS commands are specific to router configuration and management functions instead of file system management and input/output (I/O). While IOS was originally designed as a monolithic, "router-centric" operating system, it has evolved into a modular operating system composed of different subsystems that can easily be upgraded and that support more complex distributed networking functions. The most recent release of Cisco IOS at the time of writing is IOS 12.2, which has support for IPv6 built into it across the board.
Note that the operating system used on Cisco Catalyst switches is somewhat different from the version used on routers and is referred to either as Catalyst IOS or Catalyst Operating System (COS) in various literature.
Implementation
IOS is usually stored as a system image within a router's flash memory. The startup configuration file called Startup-config is stored in nonvolatile RAM, and the router's actual operating configuration (its routing tables, queues, and so on) is stored in ordinary RAM. Cisco routers can typically run in three different operating environments:
ROM monitor: Also called the bootstrap program, this environment is accessed through the console port. The ROM monitor initiates the bootstrap process and can be used to run diagnostics, recover lost passwords, and recover from system failures.
Boot ROM: This environment is used mainly to upgrade to new versions of IOS by loading a new image of IOS into flash memory.
Cisco IOS: This is the normal operating environment, in which you can enter commands to configure and troubleshoot your router's operation. For example, you can enter the Show Version command to determine which version of IOS your router is running.
The normal IOS operating environment itself can run in four different modes:
User EXEC mode: This mode is enabled by default when you connect to a router using a command-line console (for example, using a Telnet connection). Using EXEC, the IOS system command interpreter, you can type commands using a command-line interface. User EXEC mode supports a subset of IOS commands for performing basic actions such as configuring terminal settings, running tests, and displaying configuration information.
Privileged EXEC mode: This mode lets you do everything you can do in User EXEC mode and more, including running the Setup command to enter configuration information, running the configure command to modify configuration information, and running the debug command to display event messages. Enter Privileged EXEC mode by typing the enable command.
Configuration mode: This mode lets you configure your router's settings. You enter this mode by typing the configure terminal command.
Setup mode: This mode is used to create new configuration files that enable features such as addressing, routing, and security.
Notes
You can quickly tell which command mode of IOS you are running by looking at your command prompt. The table shows the various IOS command modes and their prompts.
Prompt | IOS Mode |
Router> | User EXEC |
Router# | Privileged EXEC |
Router(config)# | Configuration |
(A series of dialog box prompts) | Setup |
You access most router functions by using EXEC mode, either User to view information in read-only format or Privileged to modify and configure router settings. User and Privileged modes also support different subsets of the IOS command set. Note that Privileged EXEC mode should always be password-protected because it lets you reconfigure key operating system parameters. Do not run the debug command when you are connected to the network unless it is absolutely necessary because this increases the load on the processor. Type a question mark (?) at a prompt to determine which commands are available in the currently enabled IOS mode.
There are typically three ways you can connect to a router and issue IOS commands:
Console: By connecting the serial port of a nearby PC to the router using a Cisco console cable, you can run IOS commands on the router using a terminal program such as Microsoft HyperTerminal on the PC.
Modem: For routers in remote locations, you can use a modem to connect the router to the telephone system, allowing administrators to remotely dial-in and run IOS commands using a PC similarly equipped with a modem.
Telnet: If the router has connectivity with a network, a user anywhere in the network can connect to the router and run IOS commands using Telnet.
For More Information
Find out more about Cisco IOS at www.cisco.com/warp/public/732.
See Also command line ,router
A NetWare protocol used for routing packets across an internetwork.
Overview
Internetwork Packet Exchange (IPX) is a network layer protocol that provides connectionless datagram services for Ethernet, Token Ring, and other common data-link layer protocols. IPX is the commonly used local area network (LAN) protocol on legacy NetWare 3.x and 4.x LANs but has now been replaced with native Transmission Control Protocol/Internet Protocol (TCP/IP) in NetWare 5.x and later.
Architecture
IPX packets use 32-bit (4-byte) network numbers to uniquely identify each data link (connected network) in an IPX internetwork. The administrator of each network assigns these network numbers, which must be unique for each connected network; all nodes on a connected network must have the same network number. Nodes discover their network number by communicating with routers attached to the local network. Routers use these network numbers to route IPX packets from one network to another within an internetwork. IPX is thus a routable protocol. The structure of an IPX packet is shown in the diagram.
Internetwork Packet Exchange (IPX). The structure of an IPX packet.
IPX also uses 48-bit (6-byte) addresses for each node within a given network. An entire IPX network address is thus 4 + 6 = 10 bytes long. IPX packets are assigned a 16-bit (2-byte) socket number to identify the networking service they are communicating with-for example, Network Control Protocol (NCP), Service Advertising Protocol (SAP), or Routing Information Protocol (RIP). Thus, the following 12-byte triple completely identifies the networking service that a packet is communicating for:
{network number, node address, socket number}
When an IPX client is booted on a NetWare internetwork using IPX-enabled routers, the client broadcasts a Get Nearest Server (GSN) request message to its locally connected network in order to locate the nearest NetWare server. If a NetWare server cannot be located on the connected network, the router informs the client of the nearest available server based on the cost of the connection. The router is familiar with this information because NetWare servers using IPX periodically notify the network of their presence using SAP, which allows IPX routers to construct server tables based on SAP numbers.
IPX is a connectionless protocol that works at the network layer of the Open Systems Interconnection (OSI) reference model, and IPX packets are connectionless datagrams. To function within connected networks, IPX works with a transport layer protocol called the Sequenced Packet Exchange (SPX) protocol. SPX is responsible for generating acknowledgments for IPX packets received over the network to ensure that no packets were lost during transport.
Notes
On Ethernet networks, NetWare clients and servers can communicate with each other using IPX only if they use compatible frame types (encapsulation formats). The terminology used to describe these frame types depends on whether you are discussing Novell NetWare clients and servers or IPX-enabled routers from Cisco Systems. The following table illustrates these differences.
Ethernet_II is the default frame type for NetWare version 3.x and earlier, but NetWare 4.x uses the Ethernet_802.2 frame type.
Common Terminology | Novell Terminology | Cisco Terminology |
Ethernet | Ethernet_II | arpa |
raw | Ethernet_802.3 | novell-ether |
802.3 | Ethernet_802.2 | sap |
snap | Ethernet_SNAP | snap |
See Also NetWare protocols
A mechanism for establishing a connection between processes running on two computers or on a single multitasking computer to allow data to flow between those processes.
Overview
Interprocess communication (IPC) mechanisms are commonly used in client/server environments and are supported to various degrees by the different Microsoft Windows operating systems. An IPC generally consists of two components:
An application programming interface (API) that defines the standard set of functions that can be called when software tries to use an IPC.
A protocol that specifies the format in which the information is transmitted using the IPC. When IPCs are passed over the network, the format specified is the format of the packet or frame transmitted between the computers.
The following table lists some IPC mechanisms and the platforms that support them.
Process | Windows NT | Windows 95 | Windows 98 | Windows 2000 |
Named pipes | x | x | x | x |
Mailslots | x | x | x | x |
NetBIOS | x | x | x | x |
Windows Sockets | x | x | x | x |
Remote procedure call (RPC) | x | x | x | x |
Network Dynamic Data Exchange (NetDDE) | x | x | x | x |
Distributed Component Object Model (DCOM) | x | x | x |
A Cisco technology that is used for frame tagging.
Overview
Inter-Switch Link (ISL) was developed by Cisco Systems to enable a single physical Ethernet interface to support multiple logical Virtual LAN (VLAN) interfaces. A device using ISL thus appears on the network as if it had multiple physical network interfaces present instead of one.
ISL works by tagging Ethernet frames with the logical VLAN address to which each frame belongs. This technique is more generally known as frame tagging. ISL is implemented in modules for Cisco Catalyst switches and also for special network interface cards (NICs) used in routers and high-performance servers.
Prospects
ISL is widely used in the enterprise but represents a proprietary Cisco solution. The Institute of Electrical and Electronics Engineers (IEEE) is developing a vendor- neutral standard for frame tagging called 802.1Q, but it may take time for this standard to replace ISL due to its large installed base.
See Also 802.1Q ,Ethernet ,frame tagging ,virtual LAN (VLAN)
A private Transmission Control Protocol/Internet Protocol (TCP/IP) internetwork within an organization that uses Internet technologies such as Web servers and Web browsers for sharing information and collaborating.
Overview
Intranets can be used to publish company policies and newsletters, provide sales and marketing staff with product information, provide technical support and tutorials, and just about anything else you can think of that fits within the standard Web server/Web browser environment.
Microsoft Internet Information Services (IIS), with its support for Active Server Pages (ASP), is an ideal platform for building intranet applications that can be accessed using a standard Web browser such as Microsoft Internet Explorer.
See Also Internet ,Internet Information Services (IIS) Web server
Any system used to detect attacks on a host or network.
Overview
Intrusion detection systems (IDSs) can detect, log, report, and even respond to a wide variety of attempts to compromise a network's security. IDSs range from simple tools such as network sniffers and application logs to complex, distributed systems costing thousands of dollars. They can be implemented as software installed on computers, blades inserted into enterprise Ethernet switches, or dedicated network appliances.
An IDS is an essential component of a network security policy and is complementary to a firewall-a firewall prevents certain kinds of intrusion, but an IDS detects what gets through the firewall. An IDS is not a "silver bullet" that solves all network security issues-a poorly implemented or unmonitored IDS is worse than no IDS at all because it provides a false sense of security. The reports generated by an IDS are typically 90 percent false positives and usually require human intelligence to distinguish the real attacks from the false ones.
There are two basic types of IDS:
Network IDS (NIDS): These are systems that capture network traffic and analyze it looking for evidence of attacks. NIDS generally determines which traffic is hostile on the basis of predefined rules or signatures. These signatures must be kept up to date by downloading new versions from the vendor to ensure that NIDS continues to be effective in patrolling the network. NIDS are operating-system independent and can be implemented without modifying your network's infrastructure. On the downside, they increase network traffic, thus consuming valuable bandwidth, and are difficult to implement in a switched environment.
Intrusion detection system. An example of how a network intrusion detection system might be implemented.
Host-based IDS: These are applications installed on critical hosts such as Web servers that monitor such things as Transmission Control Protocol (TCP) sessions, port activity, file integrity, log files, and so on. Host-based IDSs are platform-specific solutions that must be installed on any servers considered in danger of attack.
This distinction between the two types of IDS is beginning to be blurred as vendors combine aspects of both types into newer IDS applications and appliances. Vendors are also beginning to add "intelligent" pattern-recognition functionality into their IDSs to enable them to detect attacks for which no signatures currently exist. The use of artificial intelligence (AI) in IDS systems is probably the big goal in the network security field for the next decade.
Implementation
This example deals with the implementation of a NIDS. A typical NIDS consists of two components:
Sensors: These capture network traffic on various segments and forward it to the management station.
Management station: This receives reports from sensors of possible intrusions and then logs the information in a database, generates reports for human inspection, notifies administrators of the occurrence, and (if configured to do so) shuns harmful traffic.
To detect intrusion at the perimeter of a network connected to the Internet, a sensor would typically be deployed in the perimeter network (otherwise known as a demilitarized zone [DMZ]) where the firewall is located.
Marketplace
The IDS market has exploded over the last few years, with the result that IDS has often become a buzzword that vendors use to market products that have little IDS functionality. Examples of host-based IDS include Intruder Alert from Axent Technologies, Dragon Squire from Enterasys Networks, Kane Security Enterprise from Intrusion.com, and RealSecure OS Sensor from Internet Security Systems. Popular network IDSs include NetProwler from Axent Technologies, Cisco Secure IDS from Cisco Systems (available as both a stand-alone appliance and as a module for Cisco Catalyst 6000 series switches), eTrust Intrusion Detection from Computer Associates, Armor from nCircle Network Security, BlackICE Sentry from Network Ice Corporation, and NFR from Network Flight Recorder. Some popular free UNIX-based IDS tools include Shadow, Snort, and Pakemon.
Issues
One of the main difficulties in deploying NIDS is that most enterprise networks are now switch-based instead of hub-based. All stations connected to a hub share the same broadcast and collision domain, and by connecting a NIDS sensor to a hub, traffic to and from every station can be easily monitored. Ethernet switches are different, however-each attached station forms its own private segment and to monitor traffic effectively would, in theory, require a NIDS sensor for each port.
One workaround for this problem is to use port mirroring (spanning) to copy portions of traffic from each port on the switch to a mirror port to which the sensor can then be attached. The problem with doing this, however, is that it adds an extra processing load to the switch and is difficult to implement in full-duplex configurations. Cisco solves this problem in its Catalyst 6000 series of enterprise switches by providing its Cisco Secure IDS product as a blade that can be installed in the switch to monitor traffic directly on the backplane. By configuring access control lists (ACLs), administrators can then pull up different kinds of traffic such as Hypertext Transfer Protocol (HTTP) to get more targeted information about possible intrusions. Another solution is provided by Shomiti Systems, which sells "taps" that let you unobtrusively listen in to traffic on any 10/100 Mbps Ethernet link and copy traffic to a second switch to which IDS sensors are attached. This way, no extra processing burden is placed on the network's backbone switches.
See Also firewall ,network security
A device that can perform inverse multiplexing of digital telecommunication channels.
Overview
A typical inverse multiplexer (IMUX) might be capable of inverse multiplexing together four Basic Rate Interface ISDN (BRI-ISDN) lines, two T1 lines, or four T1 lines to provide a throughput of 512 kilobits per second (Kbps), 3.088 megabits per second (Mbps), or 6.176 Mbps, respectively. This saves the expense of having to purchase or lease equipment to individually terminate each Integrated Services Digital Network (ISDN) or T1 line, and it provides an efficient way to increase wide area network (WAN) speed for high-bandwidth uses such as videoconferencing, T1 backup, or large file transfers. IMUXes can include built-in Channel Service Unit/Data Service Unit (CSU/DSU) functionality, they have a 34-pin built-in V.35 LAN (data) interface, and they have an RJ-45 or DB25 connector for the line interface. They often feature load-sharing functions so that if one ISDN or T1 line goes down, no delays occur. IMUXes usually include diagnostic and loopback functions for both local and remote troubleshooting.
See Also Channel Service Unit/Data Service Unit (CSU/DSU) , T-carrier
A way of combining the bandwidths of a number of digital network or telecommunication lines into a single virtual pathway for high-speed communication.
Overview
Inverse multiplexing can be used to aggregate the bandwidth of digital data service (DDS), switched 56, Integrated Services Digital Network (ISDN), or T1 and higher T-carrier services into a single high-bandwidth data terminal equipment (DTE) interface. You can then connect this DTE interface to customer premises equipment such as routers or Channel Service Unit/Data Service Units (CSU/DSUs), which are connected to the customer's network.
Inverse multiplexing is the opposite of multiplexing, which combines data transmissions from multiple pieces of DTE into a single digital communication channel.
Implementation
By connecting a device called an inverse multiplexer, or IMUX, to the termination points of several leased digital lines, you can use inverse multiplexing to create a single virtual connection with a bandwidth equal to the sum of the bandwidths of the individual lines. To implement this, for example, with ISDN, an IMUX is required at both the customer premises and the telco central office (CO). When several ISDN subchannels are multiplexed into a single high-speed channel, a connection is initiated when the customer's IMUX dials a number to establish a connection with the CO IMUX. Once a single ISDN subchannel is established, the customer IMUX dials the remaining numbers and establishes the additional ISDN subchannels. Once all the subchannels are up, a protocol called BONDING establishes synchronization between the two stations using a handshaking mechanism to resolve any delays between the subchannels. These delays are primarily the result of the different circuit-switched communication subchannels having physical paths of different lengths, even though they have the same two endpoints. The bonding protocols also ensure that data sent over each subchannel arrives at its destination in the correct order.
Inverse multiplexing. A simple example of using inverse multiplexing to provide a high-bandwidth wide area network (WAN) connection to a corporate network.
Advantages and Disadvantages
The main advantage of inverse multiplexing is that it is often less expensive to lease several low-speed digital lines and inverse multiplex them together than to lease a single high-speed digital line with the same aggregate bandwidth. Inverse multiplexing is also useful in areas where high-speed digital services such as T1 are not readily available.
See Also multiplexing
A high-speed Asynchronous Transfer Mode (ATM) technology.
Overview
Enterprises that need to connect their ATM backbones by means of wide area network (WAN) links to inter-exchange carriers (IXCs) such as AT&T, Sprint, and MCI/Worldcom have traditionally been limited to two main options:
T1 lines: These operate at 1.544 megabits per second (Mbps), well below the speed of even a traditional 10 Mbps Ethernet LAN.
T3 lines: These offer higher speeds of 44.736 Mbps, close to the range of 100 Mbps Fast Ethernet, but at a much higher cost than T1 lines.
Inverse Multiplexing over ATM (IMA) bridges the gap between these two solutions by allowing multiple T1 lines carrying ATM to be aggregated for transmission over a fractional T3 circuit. IMA is a good solution for enterprises needing ATM WAN connectivity faster than T1 but at costs much lower than T3.
See Also Asynchronous Transfer Mode (ATM) ,
A Domain Name System (DNS) query in which a resolver contacts a name server to perform a reverse name lookup, requesting a host name for a given Internet Protocol (IP) address.
Overview
An inverse query is a process whereby given a host's fully qualified domain name (FQDN), the host's IP address is looked up. This is the opposite of the usual DNS query where a FQDN is resolved into its associated IP address. Because of the hierarchical structure of the namespace of the DNS, inverse queries normally have to search all domains to resolve the IP address. To circumvent this, a special domain called in-addr.arpa exists for reverse name lookups. The nodes in this domain are named after the IP addresses of hosts but with the octets in reverse order to facilitate searching. However, inverse queries can take place only on the name server queried and cannot be forwarded to another name server. Because individual name servers manage only a small portion of the entire DNS namespace, there is no guarantee that a given inverse query issued against a specific name server will meet with a successful response.
Notes
Most names used on Internet servers are configured for reverse name lookups to avoid the extra overhead required. However, if you need to use the DNS troubleshooting utility Nslookup, you should configure the in-addr.arpa domain on name servers to support inverse queries. Otherwise, there is no need to configure this inverse domain.
See Also in-addr.arpa ,iterative query recursive query
Stands for Internetwork Operating System, the operating system developed by Cisco Systems for its line of routers and access servers to provide a standard way to configure and administer these devices.
See Also Internetwork Operating System (IOS)
Stands for Internet Protocol, the network layer protocol used by Transmission Control Protocol/Internet Protocol (TCP/IP) for addressing and routing packets of data between hosts.
See Also Internet Protocol (IP)
In IPv4, a 32-bit logical address for a host on an Internet Protocol (IP) network; in IPv6, IP addresses are 64 bits in length.
Overview
IP addresses allow packets to be routed over an IP network. Each IP packet has a header that contains the IP address of the source host that transmitted the packet and the destination host to which the packet is being sent. IP addresses can be one of three types:
Unicast: This type forwards the packet to a single target host (one-to-one forwarding).
Multicast: This type forwards the packet to all hosts that have joined a multicast group (one-to-many forwarding).
Broadcast: This type forwards the packet to all hosts on a subnet or network (one-to-all forwarding).
In order for communication to take place reliably on an IP network, each host on the network needs a unique IP address assigned to it. IP addresses can be assigned either
Manually: By using static IP addressing, or
Dynamically: By using Dynamic Host Configuration Protocol (DHCP)
Architecture
IP addresses are usually expressed in four-octet, dotted- decimal form-w.x.y.z-in which each octet ranges in value from 0 to 255 (with some restrictions). The IP address of a host is partitioned by the network's subnet mask into two parts, a network ID and a host ID.
IP addresses belong to certain classes according to their first octet, as defined in the following table. The actual distinguishing feature of each class is the pattern of high-order bits in the first octet, but it is easier to remember these classes by their first octet decimal numbers. IP addresses whose first octet is 127 represent the loopback address and are used for troubleshooting purposes only, and cannot be assigned to hosts.
IP Address Class | Possible First Octet | Used For |
Class A | 1-126 | Very large networks |
Class B | 128-191 | Medium to large networks |
Class C | 192-223 | Small networks |
Class D | 224-239 | Multicasting |
Class E | 240-255 | Reserved (experimental) |
Networks that are directly connected to the Internet must have their IP addresses assigned by the Internet Network Information Center (InterNIC) or some other authority. Businesses usually obtain these addresses through their local Internet service provider (ISP). However, firewall and proxy server combinations, which are popular on today's networks, hide a network's IP addresses from other hosts on the Internet. These private networks can use any IP addresses they choose, although InterNIC recommends the following IP address blocks for private networks:
Class A networks: 10.x.y.z
Class B networks: 172.16.y.z through 172.31.y.z
Class C networks: 192.168.0.z through 192.168.255.z
Note
Note the following considerations for valid IP addressing:
The network ID cannot be 127.
The network ID and host ID cannot both be 255.
The network ID and host ID cannot both be 0.
The host ID must be unique for a given network ID.
See Also Class A , Class B ,Class C ,Class D ,Class E , subnet mask, subnetting
Also called IP over ATM, a method for enabling Transmission Control Protocol/Internet Protocol (TCP/IP) networks to access Asynchronous Transfer Mode (ATM) networks.
Overview
The traditional way of connecting TCP/IP and ATM networks is to run LAN Emulation (LANE) services on the ATM network. IP/ATM is an alternative to LANE and allows TCP/IP networks to directly use ATM networks and take advantage of ATM's Quality of Service (QoS) features. IP/ATM is faster than LANE and is supported by Microsoft Windows 2000.
Implementation
IP/ATM is implemented as a client/server architecture that includes
IP/ATM servers that include two components: ATM address resolution protocol (ARP) servers and multicast address resolution server (MARS). IP/ATM servers can reside either on an ATM switch or on a Windows 2000 server.
IP/ATM clients, which support both static and dynamic IP addressing.
See Also Asynchronous Transfer Mode (ATM) ,LAN Emulation (LANE) ,Transmission Control Protocol/Internet Protocol (TCP/IP)
Stands for interprocess communication, a mechanism for establishing a connection between processes running on two computers or on a single multitasking computer to allow data to flow between those processes.
See Also interprocess communication (IPC)
A utility for displaying the Internet Protocol (IP) configuration settings of a network interface.
Overview
The Ipconfig command is often one of the first commands you use to check the status of the connection when you experience communication problems on a Transmission Control Protocol/Internet Protocol (TCP/IP) network. When you type ipconfig at a Microsoft Windows 2000 command prompt, the following information is displayed for each network interface card (NIC):
IP address
Subnet mask
Default gateway
You can display additional information, including the host name, physical address, and Dynamic Host Configuration Protocol (DHCP), Windows Internet Name Service (WINS), and Domain Name System (DNS) configuration, using ipconfig /all. You can release and renew IP addresses obtained by DHCP using ipconfig /release and ipconfig /renew.
See Also default gateway , subnet mask
Transmission of fax information over Internet Protocol (IP) networks.
Overview
Fax is a popular method of communications in large enterprises-analysts estimate that almost half of enterprise telephone charges come from faxing. IP Fax is a standard method for formatting fax images into frames for transmission over IP networks. IP Fax can save enterprises considerable costs in long-distance charges by routing faxes over either private IP wide area network (WAN) links or over the public Internet.
Implementation
IP Fax employs the T.37 protocol from the International Telecommunication Union (ITU), which is based on RFCs 2301 and 2305 from the Internet Engineering Task Force (IETF). This protocol implements a store-and-forward method for formatting and transmitting fax information over IP networks. Typically, a user will send a fax from her computer directly to a local fax server, which formats the information using the T.37 protocol. The fax server then sends the information as IP traffic over the private IP network or Internet to a remote fax server near the customer location. The remote fax server unpackages the information and reconstructs the fax and then transmits the fax over the Public Switched Telephone Network (PSTN) as a local call to the intended recipient of the fax. In this way, long-distance charges between the sender and recipient are avoided.
IP Fax. How IP Fax is implemented.
The general concept of transmitting faxes over IP networks is not new, but earlier solutions had used proprietary routing methods developed by different vendors. IP Fax is expected to promote interoperability between equipment from different fax vendors by providing a standards-based solution to the problem.
See Also Internet Protocol (IP)
Stands for IP Next Generation, an early name for IPv6, next generation Internet Protocol (IP) addressing scheme for Transmission Control Protocol/Internet Protocol (TCP/IP) networks.
See Also IPv6
Also called IP/ATM, a method for enabling Transmission Control Protocol/Internet Protocol (TCP/IP) networks to access Asynchronous Transfer Mode (ATM) networks.
See Also IP/ATM
Stands for Internet Printing Protocol, a method for printing over the Internet.
See Also Internet Printing Protocol (IPP)
A private branch exchange (PBX) that uses an Internet Protocol (IP) network as its transport.
Overview
IP PBXs are alternatives to traditional telecom PBXs. They use IP networks for all or part of their transport of call information. IP PBXs come in two main types:
Those that transport call information over the local area network (LAN) and employ special IP telephones and fax machines that plug directly into LAN drops in work areas.
Those that employ IP networks (either dedicated leased lines or over the Internet) to connect branch offices but transport calls to work areas using conventional telephone lines.
Advantages and Disadvantages
IP PBXs are generally cheap compared to traditional PBXs and can save corporate clients from costly service contracts with telcos. They allow voice, fax, and data to be carried over a single wiring infrastructure (the network) instead of requiring an additional wiring infrastructure (telephone wiring). Finally, IP PBXs provide more flexibility than traditional PBXs by supporting Voice over IP (VoIP) and other options.
On the downside, the quality of IP PBXs and the range of features offered, particularly for voice, is often less than that of traditional PBXs. Furthermore, most IP PBXs support only a few hundred users, whereas traditional PBXs can support tens of thousands of users (at a price, of course).
Marketplace
A number of vendors produce IP PBX equipment, including Cisco Systems, 3Com Corporation, Vertical Networks, Shoreline Communications, Sphere Communications, Siemens, and many others. IP Exchange Systems from Lucent Technologies is a popular full- featured high-end IP PBX solution for the enterprise. Cisco's AVVID platform is an enterprise-level IP PBX system that's been around since 1999. A popular IP PBX in the small to mid-size business market is 3Com's NBX 100, and 3Com has over half the share of this market, followed by Vertical Networks and Cisco.
Traditional PBX vendors such as Nortel Networks offer a competing solution to IP PBXs in the form of VoIP gateways that connect with installed traditional PBXs to provide similar services to IP PBXs.
A new offering in the market is the IP Centrex, which is basically outsourcing IP PBX services to a service provider. IP Centrex may appeal to small and mid-sized businesses whose traditional Centrex systems are aging. IP Centrex services are offered from MCI/WorldCom and others.
See Also Private Branch Exchange (PBX) ,Voice over IP (VoIP)
Stands for Internet Protocol Security, a protocol for secure transmission over Transmission Control Protocol/Internet Protocol (TCP/IP).
See Also Internet Protocol Security (IPsec)
A generic name for any method of sending block data over Internet Protocol (IP) networks.
Overview
IP storage is an emerging family of technologies that has great promise. The purpose of these technologies is to enable Ethernet local area networks (LANs) running IP to be directly connected to Storage Area Networks (SANs). IP storage is expected to simplify the management of distributed network storage systems in the enterprise. Another generic name for these technologies is storage-over-IP.
Two approaches to IP storage being considered by the Internet Engineering Task Force (IETF) are
Encapsulation of Fibre Channel control codes in IP packets for communication between Fibre Channel SANs.
Transport of native Small Computer System Interface (SCSI) commands over IP. This technology is generally known as iSCSI.
See Also Fibre Channel , storage
An umbrella term for technologies that allow the transmission of voice and video over Transmission Control Protocol/Internet Protocol (TCP/IP) internetworks instead of the traditional Public Switched Telephone Network (PSTN).
Overview
The advantage of IP telephony is that it allows voice communication to be closely integrated with data transmission over corporate networks and allows long- distance communication to be established over the Internet instead of through private long-distance carriers such as Sprint and MCI/WorldCom. The primary difficulty with IP telephony is that the existing Internet Protocol (IP) internetwork is connectionless and suffers from latency that can cause annoying glitches (pauses) in voice and video transmission over IP packets. This happens because TCP/IP was not originally designed as a connection-oriented service capable of specific levels of quality of service (QoS), whereas the PSTN, with its circuit-switched connections, provides just that.
Marketplace
Many vendors have produced platforms and software for IP telephony, but the technology is still in its growth stage and standards are not clearly established yet. The biggest push in recent years has been by the large inter-exchange carriers (IXCs) AT&T and MCI/WorldCom, who have made large overtures into the Voice over IP (VoIP) marketplace. IP private branch exchanges (PBXs) have proven popular among small and mid-sized businesses, with offerings from 3Com Corporation, Cisco Systems, and others.
See Also H.323 ,Voice over IP (VoIP)
The current version of Internet Protocol (IP).
Overview
IPv6 employs a 32-bit IP addressing scheme that is used on Transmission Control Protocol/Internet Protocol (TCP/IP) networks worldwide. Because the number of hosts connecting to the Internet has skyrocketed in recent years, however, unique IP addresses are gradually running out. A new scheme called IPv6 has been proposed and is currently under review by the Internet community. However, with most corporate networks now hiding their networks behind firewalls, the pressure to move to IPv6 has lessened because companies can choose any network ID they want for their private network. The only assigned IP addresses they require from their Internet service provider (ISP) are for the public interfaces on their firewall machines. At this point, IPv4 seems to be firmly entrenched in the networking world for at least the next few years.
See Also Internet Protocol (IP) ,IPv6
The next generation Internet Protocol (IP) addressing scheme for Transmission Control Protocol/Internet Protocol (TCP/IP) networks.
Overview
IPv6 was developed to replace the current IPv4 scheme that has been running out of available addresses due to the explosion of the Internet. The features of IPv6 include
128-bit IP addresses to solve the problem of the available IP address pool being depleted
A simplified header format to reduce network overhead and improve performance
Support for preallocation of network resources to enable time-dependent services such as voice and video to receive guaranteed bandwidth and quality of service (QoS)
Extensibility to account for future growth and evolution of Internet technologies and standards
Built-in support for Internet Protocol Security (IPsec) and DiffServ
IPv6 is also sometimes referred to as IPng, which stands for "IP Next Generation." A network called the 6Bone was set up in 1995 as a test bed for IPv6 and to investigate how the Internet can be migrated from IPv4 to IPv6.
Prospects
Japan has been in the forefront of implementing IPv6 as a real-world networking protocol, with products by Hitachi, Fujitsu, and others reaching the marketplace in early 2001. In fact, the first Internet service provider (ISP) to offer support for Ipv6 was Japan's NTT telecommunications company. Cisco Systems fully incorporated IPv6 into its IOS operating system in the recent upgrade version 12.2. Microsoft Windows XP also includes built-in support for IPv6, and a downloadable IPv6 stack is available for Windows 2000 as well. All these developments will likely propel IPv6 to the forefront in the next few years, except for one important factor: the inertia of the corporate networking world. The cost of upgrading corporate networks from IPv4 to IPv6 will be high and may bring no immediate benefits. Consequently, many companies may put upgrading on the back burner for several years.
The proliferation of wireless Internet appliances is expected to put pressure on migration to IPv6 since traditional IPv4 will be hard-pressed to fill the need for addressing large numbers of such devices. For once, it may be consumers, and not the enterprise, who drive the evolution of the Internet's core protocols forward.
See Also Internet Protocol (IP)
Stands for Internetwork Packet Exchange, a NetWare protocol used for routing packets across an internetwork.
See Also Internetwork Packet Exchange (IPX)
Microsoft Corporation's version of the Novell NetWare IPX/SPX (Internetwork Packet Exchange/Sequenced Packet Exchange) protocol.
Overview
Using IPX/SPX and Client for NetWare Networks, clients running Microsoft Windows can access shared resources on NetWare servers directly, as long as they have appropriate permissions and rights. IPX/SPX- Compatible Protocol can be used to access Windows 2000 servers running File and Printer Sharing for NetWare Networks. IPX/SPX-Compatible Protocol supports the 32-bit Windows Sockets 1.1 and NetBIOS over Internetwork Packet Exchange (IPX) programming interfaces. In Windows 2000, this protocol is commonly referred to as NWLink.
Notes
Although the Windows 95 and Windows 98 user interfaces allow you to configure multiple bindings for IPX/SPX-Compatible Protocol to multiple network interface cards (NICs), only the first binding is actually used. You cannot use IPX/SPX-Compatible Protocol for connecting to NetWare over an ARCNET network; you must install real-mode IPX drivers instead.
IPX/SPX-Compatible Protocol is set by default to autodetect the frame type used on a NetWare network. If no frame type is detected, the default 802.2 type is used. If multiple frame types are detected, the predominant one is selected.
See Also Internetwork Packet Exchange (IPX) ,NetWare protocols
Stands for Internet Relay Chat, a text-based Internet conferencing protocol.
See Also Internet Relay Chat (IRC)
Stands for Infrared Data Association, an international consortium of hardware and software manufacturers that creates and promotes interoperable solutions for infrared (IR) data networking for computer networks, communication, and other networking applications.
See Also Infrared Data Association (IrDA)
A specification developed in 1998 by the Infrared Data Association (IrDA) for communication over infrared (IR) light between in-room cordless peripheral devices and a host computer.
Overview
IrDA Control is implemented using a suite of protocols that peripherals such as keyboards, joysticks, mouse devices, and other pointing devices can use for communicating with their host computer. IrDA Control includes the following protocols:
IrDA Control PHY (physical) layer: This provides for data transmission that is bidirectional and error-correcting over IR light at speeds of up to 75 Kbps over distances of up to 5 meters (16 feet).
IrDA Control MAC (media access control) layer: This enables host devices to communicate with multiple IrDA Control peripherals and up to eight peripherals simultaneously. IrDA Control MAC offers a fast response time by using a polling interval of 13.8 microseconds) and supports the dynamic assignment and reuse of addresses assigned to peripheral devices.
IrDA Control LLC (logical link control) layer: This ensures proper sequencing of data and handles retransmissions when errors occur.
See Also Infrared Data Association (IrDA) ,IrDA Data
A specification developed by the Infrared Data Association (IrDA) in 1994 for two-way point-to-point communication over infrared (IR) light at speeds of up to 4 megabits per second (Mbps).
Overview
IrDA Data is implemented using a suite of protocols that can be used for communication between palm computers, digital cameras, cellular phones, and other devices. IrDA Data includes the following protocols:
IrDA Data PHY (physical) layer: This provides low-level continuous bidirectional error-correcting operation from 9600 bits per second (bps) up to 4 Mbps over distances of at least 3.3 feet (1 meter). Specifically, asynchronous serial transmission is supported between 9600 bps and 115.2 kilobits per second (Kbps), synchronous serial transmission at 1.152 Mbps, and synchronous communication at 4 Mbps.
IrDA Data Infrared Link Access Protocol (IrLAP): This is a serial link protocol adapted by the IrDA for infrared serial communication from the High-level Data Link Control (HDLC) protocol. IrLAP provides a single serial connection between two IrDA devices and manages the device-to-device discovery, connection, and reliable data transfer functions.
IrDA Data Infrared Link Management Protocol (IrLMP): This is used for link control and multiplexing of IrDA devices. IrLMP allows multiple IrDA devices to communicate over a single infrared link and provides for protocol and service discovery through the Information Access Service (IAS).
In addition to the three mandatory IrDA Data protocols described, a number of optional protocols are available that support flow control, port emulation, object exchange services, image exchange, interfacing with telephony devices, and infrared wireless access to local area networks (LANs).
See Also Infrared Data Association (IrDA) ,IrDA Control
A flavor of the UNIX operating system developed by Silicon Graphics, Inc. (SGI).
Overview
Irix was developed by SGI for their high-end graphics workstations and servers and has been an important factor in the company's success in the imaging and animation market. SGI workstations running Irix are used for creating film and TV animation, medical image processing, and for visualization of scientific concepts such as molecular structures and weather patterns. Irix is a version of UNIX that is tuned specifically for such applications and supports multiprocessing of up to 512 CPUs, up to 1 terabyte of RAM, and high-performance input/output (I/O) throughput. The current version of the platform is Irix 6.5.
Irix was designed to run on MIPS (millions of instructions per second) processors, which these days are slower than their Intel counterparts, bringing the long- term viability of Irix into question. With the broad base of installed SGI workstations and servers, however, SGI is likely to continue to support and develop Irix in the near future, even as it expands its hardware platform to support Microsoft Windows and Linux.
See Also Linux ,Microsoft Windows ,UNIX
Stands for Internet Research Task Force, an umbrella organization for several long-term research groups that focus on standards for Internet protocols, architecture, applications, and technologies.
See Also Internet Research Task Force (IRTF)
Stands for Internet Server API, a set of standard application programming interfaces (APIs) for developing extensions to Microsoft Internet Information Services (IIS).
See Also Internet Server API (ISAPI)
A dynamic-link library (DLL) that runs in the same address space as the Web server running Microsoft Internet Information Services (IIS) and can access all available resources on the Web server.
Overview
You can use ISAPI extensions wherever you might use Common Gateway Interface (CGI) applications, such as for a form handler for Hypertext Markup Language (HTML) forms. An ISAPI extension is generally called in a manner similar to calling a CGI application. For example, the following Uniform Resource Locator (URL) invokes the extension TEST.DLL on the Web site www.northwind.microsoft.com and passes it the parameters Value1 and Value2: www.northwind.microsoft.com/isapie/ TEST.DLL?Value1&Value2 .
ISAPI extensions can run either in process or out of process on IIS. Extensions are generally loaded on demand the first time a user requests them and remain in memory until the service is stopped.
See Also Common Gateway Interface (CGI) , dynamic-link library (DLL) ,
A dynamic-link library (DLL) that is loaded into Microsoft Internet Information Services (IIS) when it starts and that remains in memory until it stops.
Overview
ISAPI filters provide Web servers such as IIS with the ability to preprocess or postprocess information sent between the client and server, and they have no equivalent in the Common Gateway Interface (CGI) scheme. ISAPI filters receive special filter event notifications and respond based on these notifications. You use ISAPI filters for such tasks as custom authentication, encryption, and compression schemes or for updating logging statistics on the Web server. ISAPI filters are generally called for every Uniform Resource Locator (URL) that the Web server processes instead of being explicitly invoked by a URL, as are ISAPI extensions.
Custom ISAPI filters can be designed by third-party developers for such tasks as
Custom authentication
Data encryption
Data compression
Filtering
Traffic analysis
See Also Common Gateway Interface (CGI) , dynamic-link library (DLL) ,
Stands for Internet Security and Acceleration Server, Microsoft Corporation's firewall, proxy, and Web- caching platform.
See Also Internet Security and Acceleration Server (ISA Server)
An emerging standard for transfer of Small Computer System Interface (SCSI) commands and data over Internet Protocol (IP) networks.
Overview
Traditional SCSI is limited in distance to several meters and is thus suitable only for local storage systems and shared storage in clusters. The goal of iSCSI is to remove these distance limitations by enabling SCSI commands and data to be sent between hosts and storage units over a standard IP network.
The iSCSI standard is expected to be a popular IP storage technology in the next few years, propelled on the backs of Gigabit Ethernet (GbE) and the emerging 10 GbE standard.
Implementation
Consider the example of a client trying to remotely access data from a remote storage system such as a SCSI array over a network. With iSCSI, the client simply issues the request in the form of SCSI commands as if to a local SCSI drive. The operating system or dedicated iSCSI card then packages these SCSI commands into a stream of bytes separated by iSCSI headers. The byte stream is broken up into IP packets and transmitted over the network to the remote storage array. Once received by the array, the packets are reassembled into the byte stream and the iSCSI headers are parsed to produce a series of SCSI commands, which are then issued to the local SCSI storage system. The data is then retrieved from the storage system and returned to the client.
iSCSI. How iSCSI allows clients to remotely access storage over an IP network.
Marketplace
A number of vendors produce products and appliances based on the iSCSI standard. One example is the TotalStorage IP storage family of iSCSI storage appliances from IBM. These appliances are designed for workgroups and departments that need turnkey network storage solutions. The future of iSCSI looks good, as it is backed by such major players as Adaptec, Cisco Systems, Hewlett-Packard Company, IBM, Quantum Corporation, and SANgate Systems.
See Also IP storage ,Small Computer System Interface (SCSI) ,storage
Stands for Integrated Services Digital Network, a digital communication service provided by telephone companies (telcos).
See Also Integrated Services Digital Network (ISDN)
A hybrid of Integrated Services Digital Network (ISDN) and Digital Subscriber Line (DSL) technologies.
Overview
ISDN Digital Subscriber Line (IDSL) is a form of DSL that is based on ISDN signal coding. IDSL transports data bidirectionally at a speed of 144 kilobits per second (Kbps), which is 16 Kbps more than normal ISDN. IDSL can be deployed at distances up to 6.8 miles (11 kilometers) from a telco central office (CO).
Unlike other forms of DSL that use the Public Switched Telephone Network (PSTN) as their underlying transport, IDSL uses the digital ISDN system. But unlike normal ISDN, there is no call delay setup in IDSL-it is an "always-on" service.
Prospects
Due to its slow speed compared to other forms of DSL, IDSL has not been widely deployed by telecommunication carriers to date, but a recent development called IDSL bonding may change this. Using IDSL bonding, up to four 144 Kbps IDSL links can be aggregated together using Multilink Point-to-Point Protocol (MPPP) into a respectable fat pipe of 576 Kbps. And because it supports distances up to 6.8 miles (11 kilometers) from a CO, IDSL provides an important option for customers too far from telco COs for Asymmetric Digital Subscriber Line (ADSL) or High-bit-rate Digital Subscriber Line (HDSL) to be deployed for wide area network (WAN) or Internet access. Netopia was the first DSL provider to commercially offer bonded IDSL services to its customers.
See Also Asymmetric Digital Subscriber Line (ADSL) , Digital Subscriber Line (DSL) ,High-bit-rate Digital Subscriber Line (HDSL) ,
A device that allows you to use an Integrated Services Digital Network (ISDN) line as a back up for a digital data service (DDS) line.
ISDN fallback adapter. Using an ISDN fallback adapter to provide a backup for a DDS line.
Overview
ISDN fallback adapters typically have built-in ISDN terminal adapter functionality and can sometimes provide backup support for multiple DDS lines. The fallback and restore settings are configurable using a built-in or serial-connected terminal interface.
To use a fallback adapter, you connect it to the ISDN line with the RJ-45 connector and to the local area network (LAN) bridge or router and the DDS CSU/DSUs (Channel Service Unit/Data Service Units) using the V.35 or RS-232 serial interfaces. When the DDS line fails, the ISDN fallback adapter automatically kicks in the ISDN line to maintain wide area network (WAN) connectivity.
See Also Channel Service Unit/Data Service Unit (CSU/DSU) , digital data service (DDS) , RS-232, V.35
A router with built-in hardware for connecting directly to Integrated Services Digital Network (ISDN) lines.
Overview
ISDN routers-also called ISDN access routers because they provide direct connectivity to a wide area network (WAN) connection-are a popular way of providing SOHOs (Small Office/Home Offices) with 128-Kbps dial-up ISDN connectivity to the Internet or to a remote private corporate network through the industry-standard Point-to-Point Protocol (PPP). They typically support up to 10 users in a small workgroup Ethernet local area network (LAN) and might provide some firewall, network address translation (NAT), or Dynamic Host Configuration Protocol (DHCP) support.
ISDN routers include RJ-11 jacks for connecting several analog phones, fax machines, or other devices for simultaneous voice/fax/data connectivity. Built-in data compression can increase the effective bandwidth by a factor of 5 or higher. Some ISDN routers include built-in hubs for quick connectivity. Many are manageable using a remote Telnet connection or through Simple Network Management Protocol (SNMP).
See Also Dynamic Host Configuration Protocol (DHCP) , network address translation (NAT), Point-to-Point Protocol (PPP), router, Simple Network Management Protocol (SNMP)
A device used at the customer premises to terminate an Integrated Services Digital Network (ISDN) line and connect it to an analog telephone, computer, or local area network (LAN).
Overview
You must employ ISDN terminal adapters when you do not have telephone, computing, or networking equipment that are ISDN-ready. Another name for ISDN terminal adapters is ISDN modems , but this is a misnomer, since no modulation/demodulation is performed by the device.
ISDN terminal adapters can be stand-alone AC powered devices or interface cards that you install on your computer. They can provide 128-kilobit-per-second (Kbps) throughput using the Bandwidth On Demand Interoperability Group (bonding) protocol for high- speed Internet and wide area network (WAN) connectivity, with higher effective data transfer rates using built-in data compression. ISDN terminal adapters are dial-up and do not provide an "always on" network connection, but their latency time interval for establishing a connection is typically small (1 to 3 seconds). To save costs, you can usually also configure an idle timer for dropping idle connections.
When you buy ISDN terminal adapters, be sure that they support the ISDN standard used by your telco. Such standards can include the National ISDN-1, ISDN-2, and ISDN-3 standards for AT&T, Northern Telecom, and Siemens. An ISDN terminal adapter with automatic service profile identifier (SPID) detection generally works with most ISDN installations.
ISDN terminal adapter. Using an ISDN terminal adapter.
Implementation
A terminal adapter typically connects to the U interface of the ISDN line at the customer premises using an RJ-45 connector and provides electrical termination for this line. The other interface on the terminal adapter is typically an RS-232, RS-366, RS-530, or V.35 serial interface such as DB25, or a 34-pin connector for connecting the terminal adapter to a bridge, router, or computer at the customer premises. Terminal adapters can include several RJ-11 connectors for connecting an analog telephone or a fax machine so that you can transfer data, talk on the telephone, and fax documents simultaneously over one ISDN line. Some newer terminal adapters have an S/T interface for connecting to an S/T videoconferencing unit.
Notes
If you need more speed than ISDN but cannot afford to upgrade to T1 lines, try using an inverse multiplexer (IMUX) to combine several ISDN lines into one high-speed data pipe.
See Also Integrated Services Digital Network (ISDN) ,inverse multiplexer (IMUX)
Stands for Inter-Switch Link, a Cisco Systems technology that is used for frame tagging.
See Also Inter-Switch Link (ISL)
Stands for the Industrial, Scientific, and Medical band of the electromagnetic spectrum.
Overview
The ISM band consists of 83 megahertz (MHz) of spectrum at the 2.4 gigahertz (GHz) range that is freely available to anyone who wants to use it.
The ISM band is used by common wireless technologies including cordless phones, microwave ovens, wireless local area networks (LANs) such as 802.11b, and emerging technologies such as Bluetooth and HomeRF. Many of these devices interfere with each other, so as a result, the ISM band has grown "crowded" in recent years. To alleviate this congestion, the Federal Communications Commission (FCC) has allocated another similar portion of spectrum called the UNII band, which provides 300 MHz of spectrum within the 5 GHz range. The UNII band is used by the newer 802.11a wireless networking standard.
Notes
The reason for selecting 2.4 GHz for the ISM band is that the resonant frequency of water molecules is about 2450 MHz, which means this is the optimal frequency for microwave ovens to work.
See Also 802.11a ,802.11b ,Bluetooth ,Federal Communications Commission (FCC) ,wireless networking
Stands for International Organization for Standardization, a nongovernmental organization based in Geneva, Switzerland, that has representatives from about 130 countries and regions and is responsible for developing a variety of international standards in science and engineering.
See Also International Organization for Standardization (ISO)
Stands for Internet Society, a professional society founded in 1992 that provides leadership for the development and evolution of the Internet.
See Also Internet Society (ISOC)
Stands for isochronous Ethernet, an offshoot of 10BaseT Ethernet.
Overview
IsoEthernet was developed in 1992 by National Semiconductor and was standardized by the Institute of Electrical and Electronics Engineers (IEEE) as 802.9a. IsoEthernet follows the cabling specifications of 10BaseT Ethernet but is capable of dedicating some circuits for transport of latency-sensitive multimedia traffic.
The signaling layer of isoEthernet is based on Integrated Services Digital Network (ISDN) protocols instead of those of standard Ethernet.
IsoEthernet never caught on with the industry, mainly because the problem it attacked (the issue of latency for time-sensitive traffic) has been largely solved by Fast Ethernet and Gigabit Ethernet (GbE)-in other words, by simply throwing bandwidth at the problem. IsoEthernet is thus now seen as a legacy networking architecture and is virtually gone from the enterprise scene.
See Also 10BaseT , Ethernet ,Fast Ethernet ,Gigabit Ethernet (GbE) ,
Stands for Internet service provider, a company that provides Internet access to consumers, businesses, or both.
See Also Internet service provider (ISP)
A Domain Name System (DNS) query in which a name server contacts a second name server to perform a name lookup.
Overview
In a typical Internet name lookup (for example, www.fabrikam.microsoft.com), a resolver sends a recursive query to a locally accessible name server such as a name server maintained by your local Internet service provider (ISP). If the local name server cannot resolve the name because it is outside of its zone of authority and it is configured as a forwarder, the server performs an iterative query to a root name server, which responds with the Internet Protocol (IP) address of a name server whose zone of authority includes the desired top-level domain (.com). The local name server then performs an iterative query with this top-level name server, which responds with the IP address of a second-level name server whose zone of authority includes the desired second-level domain (expedia.com). The local name server contacts this second-level name server and resolves the fully qualified domain name (FQDN) into its IP address or returns an error if the query cannot be resolved.
See Also inverse query ,recursive query
Code name for ICMP Traceback Messages, an emerging standard from the Internet Engineering Task Force (IETF) for combating distributed denial of service (DDoS) attacks.
See Also ICMP Traceback Messages
Stands for International Telecommunication Union, an international organization headquartered in Geneva, Switzerland, that coordinates global telecommunications networks and services with governments and the private sector.
See Also International Telecommunication Union (ITU)
Stands for inter-exchange carrier, a telecommunications carrier that provides long-distance services.
See Also inter-exchange carrier (IXC)