Planning a TCP/IP Network Infrastructure StrategyPlanning a TCP/IP network infrastructure strategy is no simple task. Accomplishing this task can take many years of experience and good a understanding of the mechanics of TCP/IP. This makes TCP/IP one of the exam items that many candidates shy away from because this topic deals with numbers and you may have to do some basic math or understand many concepts just to complete one specific item or task. For example, let's look at a possible problem you may have to contend with. WARNING Implementing Windows Server 2003 in a TCP/IP-based network For the 70-293 exam, you are responsible for knowing how to implement Windows Server 2003 in a TCP/IP-based network and troubleshoot any issues that arise. If you know how a TCP/IP network is designed, how TCP/IP works, and how to troubleshoot it, you will have few problems with the exam, as well as real-word scenarios in which you have to implement this technology on the job. You are the administrator of ABC Corporation and need to connect another network to your own and plan a way for the other network to communicate with you. By itself, this problem is not very difficult, but when looking at the topology map, as shown in Figure 2.1, you start to see where the complexity surfaces. Figure 2.1. Viewing a TCP/IP infrastructure.
The true complexity surfaces when you start to examine the following issues:
These questions are not meant to scare you; instead, they are meant to help you start thinking about the multitude of issues that surround the design and deployment of TCP/IP networks. Before we go any further, let's spend some time reviewing the fundamentals of TCP/IP. TCP/IP FundamentalsTo successfully plan a TCP/IP-based network infrastructure strategy, you need to understand TCP/IP addressing and routing fundamentals. We examine these topics further in this section. TCP/IP stands for Transmission Control Protocol/Internet Protocol , which is actually two separate protocols, one called TCP and the other called IP. TCP/IP is really two protocols within a "suite" of protocols that map to a model. Two models you have most likely heard of are the Open System Interface (OSI) model and the Department of Defense (DoD) model. This chapter does not contain a detailed explanation of these models because most of the information you need for the exam is not based on your memorizing the OSI model; however, you should understand it (if you don't already) before we cover the TCP/IP suite. You can find detailed information on the OSI model from the Microsoft Web site at www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/tcpip/part4/tcpappa.asp. TCP/IP maps to both the OSI and DoD models but actually maps more closely with the DoD model because the Department of Defense was the original creator and user of the protocol. EXAM TIP Understanding the OSI and DoD models You are not expected to know a great deal about either the OSI or DoD models for the 70-293 exam. They exist simply to break a complex topic into smaller pieces. The real importance of understanding the fundamentals of the OSI model becomes apparent when you try to troubleshoot TCP/IP base communications and services. Understanding what is happening at each layer makes it easier to determine where the fault may lie. TCP/IP is the basic communication language or protocol of the Internet. There are many other protocols in use, some of which you may be familiar with, such as AppleTalk, IPX/SPX, even SNA. All these protocols have been displaced by TCP/IP, however. Because most networks today are connected to the Internet somehow, using only TCP/IP on internal networks makes more sense. You can see a good example of a TCP/IP-based network in Figure 2.2, which displays some of the TCP/IP concepts you will be working with both on this exam and also during your day-to-day network administration. Figure 2.2. Viewing a complex TCP/IP infrastructure.
Notice that all end users on the Internet access segment in the user LAN in Figure 2.2 are on the 10.1.1.0/24 network, which is a privately addressed segment because you are using a 10.0.0.0 network address. This end-user segment accesses file, print, and application servers on the 10.1.2.0/24 segment. A Layer 3 switch, which has a router built into the device, separates the user LAN from the server farm. The Layer 3 switch's IP address is 10.1.1.1, which makes it the default gateway for the user LAN. Although a proxy server is not documented in the diagram, one is available in the server farm; it provides Internet access for the network users. This server has an IP address of 10.1.2.30. The proxy server points to a firewall and then out to the external routers on a publicly routable IP address segment. To tie these two segments together, a PC on the user LAN would need to have an IP address on that segment that is in the same subnet (10.1.1.0) and a default gateway assignment of 10.1.1.1. If you need to access a server with an IP address of 10.1.2.30 (the proxy server for Internet access), the packets would be sent to the default gateway for processing. You can run the ipconfig /all command to see how this configuration will look on the client end. The output is as follows : C:\>ipconfig/all Windows 2000 IP Configuration Host Name . . . . . . . . . . . . : SHIMONSKI-LAPTOP Primary DNS Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : rsnetworks.net Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : rsnetworks.net Description . . . . . . . . . . . : 3Com 3C920 (3C905C-TX Compatible) Physical Address. . . . . . . . . : 00-08-74-56-0A-34 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.1.1.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.1.1.1 DHCP Server . . . . . . . . . . . : 10.1.1.12 DNS Servers . . . . . . . . . . . : 10.1.1.15 10.1.1.16 10.1.1.17 Lease Obtained. . . . . . . . . . : Sunday, August 24, 2003 11:30:00 AM Lease Expires . . . . . . . . . . : Monday, August 25, 2003 11:30:00 AM So, now that you have viewed a common network setup, let's look at some relevant terminology:
EXAM TIP ipconfig output Make sure you know how to read the output of the ipconfig utility because it will be one of the most important tools you use when troubleshooting. WARNING Unique IP addresses Duplicate IP addresses do not work. All IP addressing must be unique on each segment. If you have duplicates, your systems will know and give you error messages that duplicate addressing exists somewhere on your network. So, how exactly does IP work? In the following sections, we examine in more detail IP, IP addressing, ranges, classes, and other related terminology. EXAM TIP Using RFCs For detailed information on any protocol standard, you should become familiar with Requests For Comments, which are commonly called RFCs . They are the documents that depict a protocol's standards and fundamentals. Although their content is highly technical, they are the definitive information source on any protocol standard you need to research. For more information, check out the following RFCs: Transmission Control Protocol (TCP) RFC : ftp.isi.edu/in-notes/std/std7.txt Internet Protocol (IP) RFC : ftp.isi.edu/in-notes/std/std5.txt Internet Protocol FundamentalsBy now, you should have a good idea of what an IP network might look like, and more important, you should know what to do with one come exam time. If not, fear not. As we progress through the rest of this chapter, we will continue to lay out scenarios for you to enhance your understanding. Right now, however, we need to dig a little deeper into how IP addressing works so that you fully understand it. The vast majority of production networks currently use IPv4, which stands for Internet Protocol version 4. More often than not, you don't even notice the v4 when discussing IP ”and rightfully so. With the exception of the relatively new IPv6, which some networks are beginning to adopt, there is no other IP to talk about. In reality, you will not be tested on IPv6 on the 70-293 exam, but you need to know of its existence because it is a standard part of the Windows Server 2003 networking suite.
With that brief detour into IPv6 out of the way, let's dig deeper into the mechanics of IP (IPv4, to be proper) and see how it all works together. As we mentioned earlier, an IP address is a 32-bit number that denotes a node or host on a network. The number, which resembles 10.1.1.1/24, is a unique host on a single network. If you have two nodes, one numbered 10.1.1.1 and the other numbered 10.1.1.2, they can communicate if they are connected to the same network segment and no other outstanding issues stop communication. An IP address is broken down into two specific parts : the network identifier and host identifier. Let's look at the following IP address to understand it better:
You need to break down this number into binary bits to truly see what we mean by masking. First, consider the fact that you have a 32-bit address written in decimal format. If you want to see the subnet mask 255.255.255.0 in binary, you have to change the format from decimal to binary, or base 2, numbering, as follows:
Remember, binary uses only 1s and 0s, either on or off. No other numbers are used, so you can see how the network is masked. All 1s in the network portion denote the actual network you are working on. This leaves the host portion (the 0s at the end) available for assignment. This way, any device can know what network it's on, or better, what subnet. Because we've used 24 1s here, we denote the IP address as 10.1.1.0/24. Using this form of notation is an easier way to show a subnet mask assignment. If you see /30, for example, the address appears like this in binary:
This concept can be confusing because, although you now have to perform an operation called subnetting on the exam, you need to know what network a host is on, and being able to see it in this format can help you pass this portion of the exam. How did we get this subnet mask? Easy. First, you must understand what makes up a single octet. An octet is 8 bits out of 32 denoted and separated by a single period. Take one single octet and break it down as shown:
If you can duplicate this chart, then you can figure out a subnet mask. First, you have to know where this chart comes from. Remember how we described base 2 numbering as being 0s and 1s? We also use base 10 numbering, and to go from one to the other, you can use this chart. Remember, a single octet is broken down into 8 bits. Now, take this same chart and plug in the last octet that you don't know because you obviously know that the first three octets have all their bits turned on (1s) so they are all 255 in decimal.
Now, all you have to do is add the table elements, but to make your task even easier, you need to know that all the bits up to the last two should equal 255 because they were all turned on. So, you can simply subtract the last two bits shown as 0s (which adds up to 3) from the number 255. This equals 252, which is a common subnet for a WAN link because you need only a network, a broadcast address, and two useable hosts on the subnet, one for each link from each router. This concept is illustrated in Figure 2.3. Figure 2.3. Viewing a point-to-point link.
So what exactly did we mean by a single network, a broadcast, and two useable nodes? When you subnet, you have to remember one major point: You always need a network address and a broadcast address for each subnet you create. If any one thing is universally true when you are dealing with TCP/IP networks, it might be that each and every one is different from the next . Each network varies in size, complexity, physical and logical layout ”just to name a few key points of interest. So how will you go about planning a new TCP/IP network? What IP class will you choose to implement? How will you go about properly subnetting it? Will you use private or public IP addresses? You must consider all these questions ”and more. We start our examination of these questions by discussing public versus private IP addressing systems. Public Versus Private IP AddressingPublic IP addressing uses three major spaces : Classes A, B, and C. There are also two more classes: Class D, which is used for multicast-based networks, and Class E, which is still experimental. Class A is for very large networks, Class B is for medium- sized networks, and Class C is used for networks that have no more than a couple hundred nodes. Public ranges run as shown in Table 2.1. Table 2.1. Viewing IP Address Classes
NOTE Loopback addressing The IP address 127.0.0.0 is reserved for loopback network and testing. 127.0.0.1 is also located in your HOSTS file, which allows you to test the IP connectivity of your own machine. If you use the command ping localhost (which is the hostname located in the HOSTS file), you can resolve to 127.0.0.1, and you should see a reply. This way, you know that TCP/IP is configured properly ”at least on your own system. Although the private IP address ranges shown in Table 2.2 fall within the Class A, B, and C public IP addresses, note that private IP addresses are not routable on the Internet by design (and by default) and should never be seen outside an internal network. Table 2.2. Viewing Private IP Classes
Now you are familiar with the IP address ranges that you will see both in public and private IP networks, but one question remains: Why do we have "private IP addresses"? IP addresses are a limited commodity ”as difficult a concept as that may seem. Had ISPs and private organizations been allowed to use public IP addresses within their large internal networks, the number of useable IP addresses would have quickly vanished into nothing but a memory. Of course, you might argue that this is still a problem ”hence the arrival of IPv6 ”and it is to a certain extent. Private IP addressing has allowed us to avoid this problem until now, thus negating the need for a newer and better IP addressing system. By assigning a single public IP address to a company, you can then use multiple private IP addresses (tens, hundreds, thousands) internally without any problem, thanks to Network Address Translation (NAT). NAT provides a translation service allowing multiple private IP addresses to access Internet resources as if they indeed had a publicly routable IP address. This also helps explain why private IP addresses are not meant to be routable because it's entirely likely that IP address 192.168.0.100 (one of my internal network servers) is used several hundred thousand times in many other private IP networks. So how does a device know on which class another device is numbered? The device (a router, for example) examines the first octet of the incoming packet and can determine from the first few bits of the packet what class the packet came from and is using. The first few bits of each IP address indicate which of the address class formats it is using. The address structures are shown in Table 2.3. If you have a Class A address, the first number is a 0, the network bits are at 7, and the local address makes up the corresponding 24 bits: 1 bit for the identifier, 7 for the network (8 in total) and 24 for host addressing. Table 2.3 shows all the identifiers used for classes A, B, and C. Table 2.3. Viewing Identifier List for Class A “C IP Addressing
You should now be familiar with the basic operation of IP. We can now begin to really get exam specific. Because we have already covered several of the terms and scenarios you are likely to see on the exam, we can cover each objective without having to go into very granular detail. |