Planning a TCPIP Network Infrastructure Strategy | MCSE 70-293 Exam Prep: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (2nd Edition)

Planning a TCP/IP Network Infrastructure Strategy

Planning a TCP/IP network infrastructure strategy is no simple task. Accomplishing this task can take many years of experience and good a understanding of the mechanics of TCP/IP. This makes TCP/IP one of the exam items that many candidates shy away from because this topic deals with numbers and you may have to do some basic math or understand many concepts just to complete one specific item or task. For example, let's look at a possible problem you may have to contend with.

WARNING

Implementing Windows Server 2003 in a TCP/IP-based network For the 70-293 exam, you are responsible for knowing how to implement Windows Server 2003 in a TCP/IP-based network and troubleshoot any issues that arise. If you know how a TCP/IP network is designed, how TCP/IP works, and how to troubleshoot it, you will have few problems with the exam, as well as real-word scenarios in which you have to implement this technology on the job.

You are the administrator of ABC Corporation and need to connect another network to your own and plan a way for the other network to communicate with you. By itself, this problem is not very difficult, but when looking at the topology map, as shown in Figure 2.1, you start to see where the complexity surfaces.

Figure 2.1. Viewing a TCP/IP infrastructure.

The true complexity surfaces when you start to examine the following issues:

How will the two domains work together?
Will DNS namespaces need to be connected?
Are any of the client computers Windows 9 x legacy clients ?
Will you need to implement WINS?
Does the company you are connecting to use DHCP, and what IP ranges does it have in its scopes?
Are the IP addresses and DHCP ranges duplicate to what you use in ABC Corporation?
How are you going to make the two routers communicate?
What wide area network (WAN) topology are you going to use between them?
What routing protocol are you going to use, or should you use static routes?
Are there any firewalls, Access Control Lists (ACLs), or filtering devices present that could potentially block specific transmissions?

These questions are not meant to scare you; instead, they are meant to help you start thinking about the multitude of issues that surround the design and deployment of TCP/IP networks. Before we go any further, let's spend some time reviewing the fundamentals of TCP/IP.

TCP/IP Fundamentals

To successfully plan a TCP/IP-based network infrastructure strategy, you need to understand TCP/IP addressing and routing fundamentals. We examine these topics further in this section.

TCP/IP stands for Transmission Control Protocol/Internet Protocol , which is actually two separate protocols, one called TCP and the other called IP. TCP/IP is really two protocols within a "suite" of protocols that map to a model. Two models you have most likely heard of are the Open System Interface (OSI) model and the Department of Defense (DoD) model. This chapter does not contain a detailed explanation of these models because most of the information you need for the exam is not based on your memorizing the OSI model; however, you should understand it (if you don't already) before we cover the TCP/IP suite. You can find detailed information on the OSI model from the Microsoft Web site at www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/tcpip/part4/tcpappa.asp.

TCP/IP maps to both the OSI and DoD models but actually maps more closely with the DoD model because the Department of Defense was the original creator and user of the protocol.

EXAM TIP

Understanding the OSI and DoD models You are not expected to know a great deal about either the OSI or DoD models for the 70-293 exam. They exist simply to break a complex topic into smaller pieces.

The real importance of understanding the fundamentals of the OSI model becomes apparent when you try to troubleshoot TCP/IP base communications and services. Understanding what is happening at each layer makes it easier to determine where the fault may lie.

TCP/IP is the basic communication language or protocol of the Internet. There are many other protocols in use, some of which you may be familiar with, such as AppleTalk, IPX/SPX, even SNA. All these protocols have been displaced by TCP/IP, however. Because most networks today are connected to the Internet somehow, using only TCP/IP on internal networks makes more sense.

You can see a good example of a TCP/IP-based network in Figure 2.2, which displays some of the TCP/IP concepts you will be working with both on this exam and also during your day-to-day network administration.

Figure 2.2. Viewing a complex TCP/IP infrastructure.

Notice that all end users on the Internet access segment in the user LAN in Figure 2.2 are on the 10.1.1.0/24 network, which is a privately addressed segment because you are using a 10.0.0.0 network address. This end-user segment accesses file, print, and application servers on the 10.1.2.0/24 segment.

A Layer 3 switch, which has a router built into the device, separates the user LAN from the server farm. The Layer 3 switch's IP address is 10.1.1.1, which makes it the default gateway for the user LAN.

Although a proxy server is not documented in the diagram, one is available in the server farm; it provides Internet access for the network users. This server has an IP address of 10.1.2.30. The proxy server points to a firewall and then out to the external routers on a publicly routable IP address segment.

To tie these two segments together, a PC on the user LAN would need to have an IP address on that segment that is in the same subnet (10.1.1.0) and a default gateway assignment of 10.1.1.1. If you need to access a server with an IP address of 10.1.2.30 (the proxy server for Internet access), the packets would be sent to the default gateway for processing.

You can run the ipconfig /all command to see how this configuration will look on the client end. The output is as follows :

 C:\>ipconfig/all Windows 2000 IP Configuration         Host Name . . . . . . . . . . . . : SHIMONSKI-LAPTOP         Primary DNS Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Hybrid         IP Routing Enabled. . . . . . . . : No         WINS Proxy Enabled. . . . . . . . : No         DNS Suffix Search List. . . . . . : rsnetworks.net Ethernet adapter Local Area Connection:         Connection-specific DNS Suffix  . : rsnetworks.net         Description . . . . . . . . . . . : 3Com 3C920 (3C905C-TX Compatible)         Physical Address. . . . . . . . . : 00-08-74-56-0A-34         DHCP Enabled. . . . . . . . . . . : Yes         Autoconfiguration Enabled . . . . : Yes         IP Address. . . . . . . . . . . . : 10.1.1.10         Subnet Mask . . . . . . . . . . . : 255.255.255.0         Default Gateway . . . . . . . . . : 10.1.1.1         DHCP Server . . . . . . . . . . . : 10.1.1.12         DNS Servers . . . . . . . . . . . : 10.1.1.15                                             10.1.1.16                                             10.1.1.17         Lease Obtained. . . . . . . . . . : Sunday, August 24, 2003 11:30:00 AM         Lease Expires . . . . . . . . . . : Monday, August 25, 2003 11:30:00 AM

So, now that you have viewed a common network setup, let's look at some relevant terminology:

IP address ” A 32-bit binary address that is used to identify a TCP/IP host's network and host ID.
Physical address (MAC address) ” A 48-bit alphanumeric number, such as 00-08-74-97-0B-26, that denotes the host's physical address. Also called a Media Access Control (MAC) address, the physical address is unique to the device to which it is assigned.
Network interface card (NIC) ” A device installed into a PC or other host device to allow it to have a MAC address and be assigned an IP address. This device connects you to the network.
Default gateway ” The configured router on a TCP/IP-enabled system that allows all packets destined for a remote network to be forwarded out of the local network.
Layer 3 switch (router) ” A Layer 3 switch is nothing more than a router and a switch integrated into the same chassis, which makes it faster, easier to manage, and more secure. In today's network infrastructures , the line between switches, routers, and firewalls is becoming blurred because most of them are being integrated into one single device (chassis) that can perform all these tasks .
Subnet mask ” In TCP/IP, a mask that is used to determine what subnet an IP address belongs to. A subnet mask enables a host or router to determine which portion of an IP address is the network ID and which is the host ID. The host can then use this information to determine whether to send a packet to a host on the local network or to a router.
Public IP address ” An IP address for use on the Internet or a private network that must be assigned via an organization or Internet service provider (ISP) so that no duplicates will exist.
Private IP address ” An IP address range reserved for private (non “Internet-connected) networks. There are private address ranges in the Class A, Class B, and Class C address blocks.
Network Address Translation (NAT) ” A process by which private IP addresses are mapped to public IP addresses and vice versa. The device that performs this translation keeps a table of which IP addresses given from the NAT pool map to the one that was distributed.
Proxy server ” A server-based application that serves as a go-between for the internal LAN clients and the public Internet. A proxy server also caches pages so that Internet response seems faster to internal clients.
Firewall ” A device that protects the internal network from the external Internet, WAN, business partner, or anything else you may want to protect against.

EXAM TIP

ipconfig output Make sure you know how to read the output of the ipconfig utility because it will be one of the most important tools you use when troubleshooting.

WARNING

Unique IP addresses Duplicate IP addresses do not work. All IP addressing must be unique on each segment. If you have duplicates, your systems will know and give you error messages that duplicate addressing exists somewhere on your network.

So, how exactly does IP work? In the following sections, we examine in more detail IP, IP addressing, ranges, classes, and other related terminology.

EXAM TIP

Using RFCs For detailed information on any protocol standard, you should become familiar with Requests For Comments, which are commonly called RFCs . They are the documents that depict a protocol's standards and fundamentals. Although their content is highly technical, they are the definitive information source on any protocol standard you need to research. For more information, check out the following RFCs:

Transmission Control Protocol (TCP) RFC : ftp.isi.edu/in-notes/std/std7.txt

Internet Protocol (IP) RFC : ftp.isi.edu/in-notes/std/std5.txt

Internet Protocol Fundamentals

By now, you should have a good idea of what an IP network might look like, and more important, you should know what to do with one come exam time. If not, fear not. As we progress through the rest of this chapter, we will continue to lay out scenarios for you to enhance your understanding. Right now, however, we need to dig a little deeper into how IP addressing works so that you fully understand it.

The vast majority of production networks currently use IPv4, which stands for Internet Protocol version 4. More often than not, you don't even notice the v4 when discussing IP ”and rightfully so. With the exception of the relatively new IPv6, which some networks are beginning to adopt, there is no other IP to talk about. In reality, you will not be tested on IPv6 on the 70-293 exam, but you need to know of its existence because it is a standard part of the Windows Server 2003 networking suite.

IPV6 COMING SOON TO A NETWORK NEAR YOU!

It's no secret that we're running out of IP addresses under the current IPv4 addressing system. Under IPv4, IP addresses are 32-bit numbers consisting of four binary octets separated from each other by periods. For example, 11000000.10101000.00000000.10011010 is 192.168.0.154 in decimal notation. This way of providing IP addresses provides for 2 ³² , or 4,294,967,296 possible addresses, of which a small number are reserved for private networks and cannot be routed in the Internet.

The IPv6 addressing system aims to solve this problem by making use of 128-bit numbers to represent unique IP addresses. Using 128 bits gives you 2 ¹²⁸ or 340,282,366,920,938,463,463,374,607,431,768,211,456 (3.4x10 ³⁸ ) possible addresses. That is enough IP addresses to provide 655,570,793,348,866,943,898,599 (6.5x10 ²³ ) addresses for every square meter of the earth's surface. That should help solve the shortage of available public IP addresses. Of course, the true power of the IPv6 addressing system is that it allows multiple hierarchical levels of organization and flexibility in design that is currently lacking from today's IPv4 Internet.

A 128-bit IPv6 address, as you might suspect, looks different from what you are used to seeing in IPv4. An IPv6 address in binary form looks like

 0010000111011010 0000000011010011 0000000000000000 0010111100111011 0000001010101010 0000000011111111 1111111000101000 1001110001011010

which translates into

 21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A

in hexadecimal.

The IPv6 protocol and addressing system should all but put an end to memorizing IP addresses! With the advent of the IPv6 protocol, IP classes and classless interdomain routing (CIDR) will be things of the past. The three commonly used private IP ranges (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) will be replaced by one site-local address range (FEC0::/48). The familiar loopback address of 127.0.0.1 will be replaced by ::1.

In the interest of making things ever easier, you can use double colons (::) to represent contiguous strings of zero value. So, the loopback address 0:0:0:0:0:0:0:1 becomes simply ::1. Of course, you can use double colons only once in an IPv6 IP address ”for obvious reasons.

Additionally, you can use leading zero suppression to remove the leading zeros within an individual 16-bit string. Thus, 21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A becomes 21DA:D3:0:2F3B:2AA:FF:FE28:9C5A. Of course, the drivers within the operating system and the infrastructure hardware devices (routers, switches, and so on) handle all these conversions automatically, invisible to you.

For more information on IPv6, visit the official IPv6 site, located at http://www.ietf.org/html. charters /ipv6-charter.html, or visit the Microsoft Web site on IPv6, located at http://www.microsoft.com/windowsserver2003/technologies/ipv6/default.mspx.

With that brief detour into IPv6 out of the way, let's dig deeper into the mechanics of IP (IPv4, to be proper) and see how it all works together.

As we mentioned earlier, an IP address is a 32-bit number that denotes a node or host on a network. The number, which resembles 10.1.1.1/24, is a unique host on a single network. If you have two nodes, one numbered 10.1.1.1 and the other numbered 10.1.1.2, they can communicate if they are connected to the same network segment and no other outstanding issues stop communication.

An IP address is broken down into two specific parts : the network identifier and host identifier. Let's look at the following IP address to understand it better:

IP address : 10.1.1.1

Subnet mask : 255.255.255.0

You need to break down this number into binary bits to truly see what we mean by masking. First, consider the fact that you have a 32-bit address written in decimal format. If you want to see the subnet mask 255.255.255.0 in binary, you have to change the format from decimal to binary, or base 2, numbering, as follows:

255.255.255.0 = 11111111.11111111.11111111.00000000

Remember, binary uses only 1s and 0s, either on or off. No other numbers are used, so you can see how the network is masked. All 1s in the network portion denote the actual network you are working on. This leaves the host portion (the 0s at the end) available for assignment. This way, any device can know what network it's on, or better, what subnet. Because we've used 24 1s here, we denote the IP address as 10.1.1.0/24. Using this form of notation is an easier way to show a subnet mask assignment. If you see /30, for example, the address appears like this in binary:

11111111.11111111.11111111.11111100

This concept can be confusing because, although you now have to perform an operation called subnetting on the exam, you need to know what network a host is on, and being able to see it in this format can help you pass this portion of the exam.

How did we get this subnet mask? Easy. First, you must understand what makes up a single octet. An octet is 8 bits out of 32 denoted and separated by a single period. Take one single octet and break it down as shown:

128

If you can duplicate this chart, then you can figure out a subnet mask. First, you have to know where this chart comes from. Remember how we described base 2 numbering as being 0s and 1s? We also use base 10 numbering, and to go from one to the other, you can use this chart. Remember, a single octet is broken down into 8 bits. Now, take this same chart and plug in the last octet that you don't know because you obviously know that the first three octets have all their bits turned on (1s) so they are all 255 in decimal.

128	64	32	16	8	4	2	1
1	1	1	1	1	1

Now, all you have to do is add the table elements, but to make your task even easier, you need to know that all the bits up to the last two should equal 255 because they were all turned on. So, you can simply subtract the last two bits shown as 0s (which adds up to 3) from the number 255. This equals 252, which is a common subnet for a WAN link because you need only a network, a broadcast address, and two useable hosts on the subnet, one for each link from each router. This concept is illustrated in Figure 2.3.

Figure 2.3. Viewing a point-to-point link.

So what exactly did we mean by a single network, a broadcast, and two useable nodes? When you subnet, you have to remember one major point: You always need a network address and a broadcast address for each subnet you create.

If any one thing is universally true when you are dealing with TCP/IP networks, it might be that each and every one is different from the next . Each network varies in size, complexity, physical and logical layout ”just to name a few key points of interest. So how will you go about planning a new TCP/IP network? What IP class will you choose to implement? How will you go about properly subnetting it? Will you use private or public IP addresses? You must consider all these questions ”and more.

We start our examination of these questions by discussing public versus private IP addressing systems.

Public Versus Private IP Addressing

Public IP addressing uses three major spaces : Classes A, B, and C. There are also two more classes: Class D, which is used for multicast-based networks, and Class E, which is still experimental. Class A is for very large networks, Class B is for medium- sized networks, and Class C is used for networks that have no more than a couple hundred nodes. Public ranges run as shown in Table 2.1.

Table 2.1. Viewing IP Address Classes

Class	Range
Class A	1 “126
Class B	128 “191
Class C	192 “223

NOTE

Loopback addressing The IP address 127.0.0.0 is reserved for loopback network and testing. 127.0.0.1 is also located in your HOSTS file, which allows you to test the IP connectivity of your own machine. If you use the command ping localhost (which is the hostname located in the HOSTS file), you can resolve to 127.0.0.1, and you should see a reply. This way, you know that TCP/IP is configured properly ”at least on your own system.

Although the private IP address ranges shown in Table 2.2 fall within the Class A, B, and C public IP addresses, note that private IP addresses are not routable on the Internet by design (and by default) and should never be seen outside an internal network.

Table 2.2. Viewing Private IP Classes

Class	Range
Class A	10.0.0.0 “10.255.255.255
Class B	172.16.0.0 “172.31.255.255
Class C	192.168.0.0 “192.168.255.255

Now you are familiar with the IP address ranges that you will see both in public and private IP networks, but one question remains: Why do we have "private IP addresses"? IP addresses are a limited commodity ”as difficult a concept as that may seem. Had ISPs and private organizations been allowed to use public IP addresses within their large internal networks, the number of useable IP addresses would have quickly vanished into nothing but a memory. Of course, you might argue that this is still a problem ”hence the arrival of IPv6 ”and it is to a certain extent. Private IP addressing has allowed us to avoid this problem until now, thus negating the need for a newer and better IP addressing system.

By assigning a single public IP address to a company, you can then use multiple private IP addresses (tens, hundreds, thousands) internally without any problem, thanks to Network Address Translation (NAT). NAT provides a translation service allowing multiple private IP addresses to access Internet resources as if they indeed had a publicly routable IP address. This also helps explain why private IP addresses are not meant to be routable because it's entirely likely that IP address 192.168.0.100 (one of my internal network servers) is used several hundred thousand times in many other private IP networks.

So how does a device know on which class another device is numbered? The device (a router, for example) examines the first octet of the incoming packet and can determine from the first few bits of the packet what class the packet came from and is using. The first few bits of each IP address indicate which of the address class formats it is using. The address structures are shown in Table 2.3.

If you have a Class A address, the first number is a 0, the network bits are at 7, and the local address makes up the corresponding 24 bits: 1 bit for the identifier, 7 for the network (8 in total) and 24 for host addressing. Table 2.3 shows all the identifiers used for classes A, B, and C.

Table 2.3. Viewing Identifier List for Class A “C IP Addressing

Class	Identifier
Class A
Class B	10
Class C	110

You should now be familiar with the basic operation of IP. We can now begin to really get exam specific. Because we have already covered several of the terms and scenarios you are likely to see on the exam, we can cover each objective without having to go into very granular detail.