72 Networking: A Beginner’s Guide NOTE Because they operate below the network layer at which protocols such as TCP/IP and IPX/ SPX are defined, bridges don’t care about the network protocols they’re carrying. They care only about the information required to operate at the data-link layer. This means that whether or not data is carried over the bridge depends on its MAC address. You should use bridges only on smaller networks, or in cases where you would otherwise use a repeater, but would benefit from keeping traffic on one segment from being transmitted on the other segment unnecessarily. Often, routers or switches offer solutions that perform better and create fewer problems, so examine these other options before choosing a bridge. Routers Just as bridges are basically more intelligent repeaters, routers are more intelligent bridges. Routers operate at the network layer (layer 3) of the OSI model, and they are far more intelligent than bridges in sending incoming packets off to their destination. Because routers operate at the network layer, a connection across a router requires only that the higher layers use the same protocols. The router can translate from any of the protocols at layers 1 through 3 to any other protocols at layers 1 through 3 (provided the router has been configured and designed to do so). Routers can connect both similar and dissimilar networks. They are often used for wide area network (WAN) links. Routers actually become a node on a network, and they have their own network address. Other nodes send packets to the router, which then examines the contents of the packets and forwards them appropriately. For this reason, routers often have fast microprocessors—usually of the reduced instruction set computer (RISC) type—and memory built into them to perform this job. Routers can also determine the shortest route to a destination and use it. They can perform other tricks to maximize network bandwidth and dynamically adjust to changing problems or traffic patterns on a network. NOTE To learn about the networks to which they’re connected, and what they should do to route various types of packets properly, routers use a process called discovery. During the discovery process, the router carefully “listens” to traffic on its ports and also sends out advertisement packets letting other devices know of the router’s presence. Routers form the backbone of the Internet. When you use the TRACERT command to trace the route from a node to a destination, most of the addresses that appear for the hops are actually different routers, each one forwarding the packet to the next until it reaches its destination. NOTE Routers can route only protocols that are routable. AppleTalk, NetBIOS, and NetBEUI are examples of protocols that are not routable, while TCP/IP and IPX/SPX are routable. 73 Chapter 6: Understanding Network Hardware Routers must be programmed to function correctly. They need to have the addresses assigned to each of their ports, and various network protocol settings must be configured. Routers are usually programmed in one of two ways: N Most routers include an RS-232C port. You can connect a terminal or PC with terminal emulation software to this port and program the router in text mode. N Most routers have network-based software that enables you to program the router, often using graphical tools or a simple web interface. The method you use depends on the router and your security needs. (You might want to disable network-based router programming so that unauthorized users cannot change the router’s configuration.) Figure 6–4 shows an example of a network that uses routers. Gateways Gateways are application-specific interfaces that link all seven layers of the OSI model when they are dissimilar at any or all levels. For instance, if you need to connect a network that uses one of the OSI networking models to one using IBM’s Systems Network Architecture (SNA) model, use a gateway. Gateways can also translate from Ethernet to Token Ring, although simpler solutions than gateways exist if you need such a translation. Because gateways must translate so much, they tend to be slower than other solutions, particularly under heavy loads. The primary use for gateways today is for handling e-mail. POP3 and SMTP are two examples of protocols that are handled by gateways. Most e-mail systems that can connect to disparate systems either use a computer set up as a gateway for that chore or let the e-mail server handle the gateway chores itself. Figure 6-4. A network using routers 74 Networking: A Beginner’s Guide Protecting a Network with Firewalls Firewalls are hardware devices that enforce your network security policies. Firewalls often are installed with routers. For instance, firewalls are sometimes installed with routers to create internetwork connections. In most routers designed for small office/ home office use, a firewall is part of the router itself. Equipment for larger networks still keeps these duties in separate pieces of equipment, however. A firewall is a hardware device (which can be a computer set up for the task that runs firewall software or a dedicated firewall device that contains a computer within it) that sits between two networks and enforces network security policies. Generally, firewalls sit between a company LAN and the Internet, but they can also be used between LANs or WANs. There are basically two different types of firewalls: N A network-based firewall operates at the network level (layer 3) and usually implements a technique called packet filtering, where packets between networks are compared against a set of rules programmed into the firewall before the packets are allowed to cross the boundary between the two networks. Packet- filtering rules can allow or deny packets based on source or destination address, or based on TCP/IP port. N An application-based firewall usually acts in a proxy role between the two networks, such that no network traffic passes directly between the two networks. Instead, the firewall (usually called a proxy firewall) acts as a proxy for the users of one network to interact with services on the other network. This proxy interaction is usually done using a technique called network address translation (NAT), where the network addresses on the internal network are not directly exposed to the external network. In the application- based model, the proxy firewall takes care of translating the addresses so that the connections can take place. NOTE Firewalls do not provide a network security panacea. The best firewall in the world won’t protect your network from other security threats, such as some discussed in Chapter 11. However, they are an important part of network security, particularly for LANs connected to the Internet. Firewalls come in all shapes and sizes, and range in cost from as little as a few hundred dollars to thousands of dollars. In fact, these days, you can even find small personal firewalls for home use that cost less than $200 for hardware-based devices, or around $40 for firewall software that can be installed on a home computer. Different firewall devices have various features, and might encompass both network-based and application-based techniques to protect the network. Firewalls also usually serve as an audit point for the traffic between the two networks, using logging and reporting tools to help the administrator detect and deal with inappropriate network traffic. Firewalls are discussed in the context of network security in Chapter 11. 75 Chapter 6: Understanding Network Hardware Connecting RS-232 Devices with Short-Haul Modems While some might not consider a short-haul modem to be a true network device, it is a device that your network might require to provide point-to-point connectivity between a workstation or terminal and another device. Short-haul modems (sometimes called line drivers) enable you to connect two distant RS-232C devices to one another. Standard RS-232C cables are limited in distance to 15 to 30 meters (50 to 100 feet). Short-haul modems allow the same connection to run as far as 5 miles using simple telephone-grade twisted-pair cabling. Short-haul modems can often be perfect solutions when a computer needs terminal access to a remote device. For example, a user might need to access a terminal on a PBX telephone system, which uses an RS-232C port. You have two options to provide this remote access: N Install regular modems on each end and use a telephone connection to connect from the workstation to the PBX. N Use two short-haul modems and run a twisted-pair cable between the two points. Depending on how frequently access is needed and how distant the device is, either approach can be good. Generally, short-haul modems are preferred when the two devices often or always need to be connected, and running a twisted-pair wire between the locations is not prohibitively expensive or difficult. Short-haul modems are fairly inexpensive, at about $100 each. In most short-haul modem systems, two pairs of wire connect each short-haul modem, although one-pair variants exist. With the two-pair variety, one pair is used to transmit data and the other to receive data. Most short-haul modems are full duplex, allowing transmission to take place in both directions simultaneously. To hook up two devices using short-haul modems, you use a standard RS-232C cable to connect each device to its short-haul modem. Then you wire the twisted-pair wire to the short-haul modem, using the instructions that come with the modem. Finally, most short-haul modems require external power, so you need to plug them into a power outlet. Figure 6-5 shows an example of a short-haul modem connection. TIP If you frequently do RS-232C interfacing, you should invest in a device called a breakout box. This is a small device that has two RS-232C connectors on each end. In the box, each of the RS-232C pin signals is represented with a light-emitting diode (LED). Special patch posts and switches in the breakout box enable you to reconfigure the RS-232C connection on the fly. Breakout boxes can be invaluable for achieving RS-232C communications between two devices that aren’t communicating. They can show what is actually happening with the signals and enable you to try different cable configurations dynamically. Once you use the breakout box to figure out how to make the devices communicate, a permanent cable can then be made to those specifications. 76 Networking: A Beginner’s Guide Chapter Summary In this chapter, you learned about the key pieces of hardware that make up most networks. It is important for you to be familiar with the capabilities of all these types of network hardware, which should form the basis of any network design or performance-tuning efforts. Be aware that you need to know about other types of network hardware as well. Additional important network hardware is discussed in later chapters. In particular, you should also know about remote access hardware, hardware that supports WAN links, and certain network functions that are carried out on different types of network servers. Chapter 7 discusses the different technologies used to connect networks to other networks, usually over large distances. WAN connections are used to connect to the Internet and also to form part-time or full-time connections between LANs, such as from one company location to another. Figure 6-5. Short-haul modem connection RS-232 cable Twisted-pair cable RS-232 cable Short-haul modem Short-haul modem . Network Architecture (SNA) model, use a gateway. Gateways can also translate from Ethernet to Token Ring, although simpler solutions than gateways exist if you need such a translation. Because gateways. that are handled by gateways. Most e-mail systems that can connect to disparate systems either use a computer set up as a gateway for that chore or let the e-mail server handle the gateway. network hardware is discussed in later chapters. In particular, you should also know about remote access hardware, hardware that supports WAN links, and certain network functions that are carried