Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 60 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
60
Dung lượng
886,33 KB
Nội dung
Windows2000Networking T his chapter provides a detailed discussion of Windows2000 networking, including an explanation of TCP/IP, rout- ing, network address translation (NAT), legacy protocols, and other topics related to Windows2000 network configuration. TCP/IP on Windows2000 A little more than a decade ago, TCP/IP was used only by a relatively small number of computers connected to the Internet. As the number of networks connected to the Internet grew explosively, and as companies expanded to include more and more networks within the enterprise, TCP/IP has come to be the protocol of choice for most organizations. The reasons are many but commonly include standardization, ability to route, and of course, need for Internet connectivity. Windows2000 offers strong support for TCP/IP. It can be considered its primary protocol for and the foundation of Active Directory, which is the keystone of Windows2000 networks. On the client side, the TCP/IP protocol enables full support for connecting to both peer and server computers running TCP/IP, the Internet, and TCP/IP-based services such as networked printers. On the server side, Windows2000 offers all the configuration and management tools you would expect, including support for dynamic address allocation through DHCP, name resolution through DNS, NetBIOS name resolution through WINS, and a full range of configuration and troubleshooting tools. 12 12 CHAPTER ✦✦✦✦ In This Chapter TCP/IP on Windows2000 TCP/IP Basics IP Routing Network Address Translation Troubleshooting TCP/IP SNMP Legacy Protocols ✦✦✦✦ 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 415 416 Part IV ✦ Networking and Communications Services Windows2000 offers a few new features to support TCP/IP clients. Windows2000 DHCP clients, for example, can request updates for their host records with a Windows2000 DNS server, enabling DHCP clients to have up-to-date host entries in their domains. Windows2000 DHCP servers can also initiate updates on behalf of TCP/IP clients, including non-Windows 2000 clients. Windows2000 DHCP servers can request an update of the client’s pointer record in DNS as well. Windows2000 includes other new features related to TCP/IP, such as Internet Connection Sharing (ICS), which enables a single Internet connection to be shared by other users on the local network. For more information on ICS and other remote access related topics, see Chapter 15. On both the client and server sides, Windows2000 provides easy TCP/IP configuration. As in other areas of Windows, you configure TCP/IP through various dialog boxes. But, Windows2000 also includes command line utilities such as Ipconfig to help you view and manage a system’s TCP/IP configuration. A very useful feature is the ability to change IP addresses and other settings without requiring the system to reboot. Before you begin configuring and using TCP/IP in Windows 2000, you need to have a basic understanding of how TCP/IP works, which is provided in the following section. If you’re already familiar with TCP/IP and are ready to configure it in Windows 2000, refer to the section “Configuring TCP/IP” later in this chapter. TCP/IP Basics TCP/IP stands for Transmission Control Protocol/Internet Protocol. The IP portion of TCP/IP provides the transport protocol. TCP provides the mechanism through which IP packets are received and recombined, ensuring that IP traffic arrives in a useable state. TCP/IP arose from the ARPANET, which was the precursor to today’s Internet. TCP/IP is standards-based and supported by nearly every operating system, including all Microsoft operating systems, UNIX, Linux, Macintosh, NetWare, OS/2, Open VMS, and others. This wide compatibility and ability to interconnect dissimilar systems are the primary reasons TCP/IP has become so popular. While TCP/IP is most often used to provide wide-area networking (such as on the Internet), it is an excellent choice as a local network transport protocol, particularly where organizations wish to serve network resources to local clients through an intranet. You can use TCP/IP as your only network protocol or use it in conjunction with other protocols such as NetBEUI. For example, you might use TCP/IP for Internet connectivity and use NetBEUI for sharing local resources. One main advantage to this option is that NetBEUI is non-routable and therefore relatively secure from unauthorized access from the Internet. As long as you don’t bind the file and printer sharing client to your TCP/IP protocol, your local resources can be fairly safe from outside access. Tip 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 416 417 Chapter 12 ✦ Windows2000Networking IP Addressing Any device that uses TCP/IP to communicate is called a host. This includes computers, printers, routers, and any other device that uses TCP/IP. As smart devices begin to pervade our daily existence, it’s conceivable that even your washing machine or microwave oven will be a host, if not on the Internet, then at least on your home intranet. Each host must have a unique IP address that identifies the host on the network so that IP data packets can be routed to and from the host. IP data packets are simply data encapsulated in IP format for transmission using TCP. Each address must be unique. Identical addresses on two or more hosts will conflict and prevent those computers from communicating properly. In fact, Windows2000 shuts down the TCP/IP protocol on a computer if it detects an address conflict at TCP/IP initialization. IP addresses are 32-bit values usually expressed in dotted decimal notation, with four octets separated by decimals, such as 192.168.0.221. Each IP address contains two separate pieces of information: the network address and the host address. How these two items of information are defined in the address depends on the address’ class. There are five classes of IP addresses: Class A to Class E. But there are only three classes you should concern yourself with for Windows2000 networking: A, B, and C, which accommodate networks of various sizes. Class A networks yield the highest number of host addresses, and class C networks yield the lowest number. Table 12-1 lists information about each class. The designation w.x.y.z indicates the portion of the IP address that defines network and host ID portions of the address. Table 12-1 IP Address Classes Network Network Number of Number of Hosts Class ID Host ID Available Networks per Network A 1-126 w x.y.z 126 16,777,214 B 128-191 w.x y.z 16,384 65,534 C 192-223 w.x.y z 2,097,151 254 As Table 12-1 indicates, the address range 127.x.y.z is missing. 127.x.y.z is reserved on the local computer for loopback testing and can’t be used as a valid network address. Addresses 224 and higher are reserved for special protocols such as IP multicast and are not available as host addresses. In addition, host addresses 0 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 417 418 Part IV ✦ Networking and Communications Services and 255 are used as broadcast addresses and can’t be used as valid host addresses. For example, 192.168.120.0 and 192.168.120.255 are both broadcast addresses that are not available for use as host addresses. The number of addresses in a given address class is fixed. Class A networks are quite large with over 16 million hosts, and class C networks are relatively small with just 254 hosts. The class you choose depends on how many hosts you need to accommodate, but most important, whether you are using a public address range or a private one. The address ranges listed here are reserved by convention for private networks: ✦ 10.0.0.0, subnet mask 255.0.0.0 ✦ 169.254.0.0, subnet mask 255.255.0.0 ✦ 172.16.0.0, subnet mask 255.240.0.0 ✦ 192.168.0.0, subnet mask 255.255.0.0 However, if you’re not connecting your systems to the Internet, you can use any IP address class, except the loopback addresses, for your needs. For example, a Class A addressing scheme can provide a large number of host addresses for your enterprise. But, if you’re connecting the network to the Internet, at least some of the addresses need to be valid, public addresses that fall in the range described in Table 12-1 (excluding the private ranges mentioned previously). If all your systems connect to the Internet directly rather than through a proxy server or other device that performs network address translation (NAT), each host must have a unique, valid public IP address. If you use NAT, only those hosts on the public side of the Internet connection need valid, public addresses. Those hosts on the private side can use one of the private address ranges described previously, but only NAT and proxy services will allow the public addresses to translate to the private ones. This means you can accommodate a large, class A network internally if needed. Figure 12-1 illustrates a network that uses private IP ranges but connects to the Internet through a proxy server and router with public addresses. Subnetting Each host in addition to an IP address needs a subnet mask. The subnet mask, like an IP address, is a 32-bit value typically expressed as four octets separated by peri- ods. The subnet mask serves to strip the IP address into its two components, net- work ID and host ID, which enables traffic to be routed to the appropriate network and then to the destination host. Table 12-2 shows the subnet masks for the three standard network classes. 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 418 419 Chapter 12 ✦ Windows2000Networking Figure 12-1: This network uses private IP addresses internally and a proxy server to connect to the Internet. Table 12-2 Standard Subnet Masks Class Binary Value Subnet Mask A 11111111 00000000 00000000 00000000 255.0.0.0 B 11111111 11111111 00000000 00000000 255.255.0.0 C 11111111 11111111 11111111 00000000 255.255.255.0 In addition to masking the host ID from the network ID, a subnet mask also can serve to segment a single network into multiple logical networks. For example, assume that your small company obtains Internet access from a local ISP. The ISP uses a class C address space to accommodate a group of clients, of which your company is one. The ISP uses a subnet mask of 255.255.255.224 to divide the network into eight subnets with 30 hosts each. Table 12-3 lists the host ranges for each subnet. 192.168.0.6 192.168.0.5 192.168.0.1 205.219.129.2 192.168.0.4 192.168.0.3 192.168.0.2 Router- CSU/DSU 205.219.129.1 Hub Proxy Server Internet 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 419 420 Part IV ✦ Networking and Communications Services Table 12-3 Sample Subnet Subnet Host Range 0 205.219.128.1 – 205.219.128.30 1 205.219.128.33 – 205.219.128.62 2 205.219.128.65 – 205.219.128.94 3 205.219.128.97 – 205.219.128.126 4 205.219.128.129 – 205.219.128.158 5 205.219.128.161 – 205.219.128.190 6 205.219.128.193 – 205.219.128.222 7 205.219.128.225 – 205.219.128.254 In this example, the ISP uses the first address range (subnet 0) for a routing cloud (a network subnet that functions solely for the purpose of routing) and the remaining seven subnets to accommodate the customers. You’re the first customer and you get subnet 1, with addresses from 33 through 62. Figure 12-2 illustrates the network. You can calculate subnet masks manually, but it’s a real chore. Instead, download a copy of Net3 Group’s IP Subnet Calculator from your favorite shareware/free- ware site, such as www.tucows.com. As you’re designing your network and assigning IP addresses and subnet masks, keep in mind that all nodes on the same logical segment need to have the same sub- net mask. This places them in the same logical network for routing purposes. A full understanding of subnetting is essential for the deployment of Active Directory across multiple sites in an enterprise, or even the Internet. See Chapters 8 and 9 in Part III. Obtaining IP Addresses There are two scenarios for assigning IP addresses: Your systems are connected to the public Internet, or they’re not. Systems that are connected to the Internet directly rather than through a proxy server or other device doing network address translation must have unique, valid IP addresses, often termed “legal” addresses. This means you can’t arbitrarily choose an address range for these systems. Instead, you need to obtain an address range from your ISP to ensure that you are using unique addresses (and that proper routing takes place). The number of addresses you need to obtain depends on how many hosts you will have on the public side of your proxy server or other NAT device, if any. For example, assume Note Tip 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 420 421 Chapter 12 ✦ Windows2000Networking you configure your network so that a proxy server sits between the router and all other hosts. You therefore only really need three public addresses: one for each side of the router and one for the public side of the proxy server. The hosts on the private side of the proxy server can use private addresses. If your network is not connected to the Internet, you could theoretically choose any network address range, including a public range in use by someone else, but you will not be able to connect your network to the Internet without Network Address Translation (NAT). You should, however, follow the convention of using one of the reserved address ranges for your private network (discussed previously in this chapter) because it will make life easier for you when and if you install NAT services, as discussed later in this chapter. You won’t have to re-address all of your hosts later if you decide to connect the network to the Internet — you simply need to provide some means of network address translation through a router (such as RRAS discussed later) or a proxy server. Figure 12-2: This ISP serves seven customers with a class C address space and a subnet mask of 255.255.255.224. Router Router Other frame customer Router Your Local Subnet Internet Service Provider (ISP) 205.219.126.33 255.255.255.224 205.219.126.2 255.255.255.224 205.219.126.1 255.255.255.224 205.219.126.3 255.255.255.224 Frame Relay Cloud Internet 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 421 422 Part IV ✦ Networking and Communications Services Gateways and Routing TCP/IP subnets use gateways to route data between networks. Usually, a gateway is a dedicated router, but it could be any device running routing services, such as a Windows2000 Server running the Routing and Remote Access Service (RRAS). The router maintains IP address information about remote networks so it can route traffic accordingly. Traffic coming from the local network with a public address gets routed out through the appropriate port on the router. Figure 12-3 shows a simple network with two connections to the Internet. The second connection provides redundancy in the event the primary connection fails. Figure 12-3: A simple network with two gateways to the Internet On the host, IP inserts the originating and destination addresses into each packet. The host then checks (using its subnet mask) the destination address to determine if the packet is destined for another host on the same local network or for a host on another network. If the packet is for a local host, it is sent directly to the local host on the same subnet. If the destination host is on a remote network, IP sends the packet Gateway 1Gateway 2 Internet 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 422 423 Chapter 12 ✦ Windows2000Networking to the local host’s default gateway, which routes the traffic to the remote network. You can configure multiple gateways if more than one is present on the network, and the local host attempts to connect through them in turn. If the default gateway is down, the host attempts to reach the next gateway in the list. The packet then travels through (possibly) several other routers until it reaches its destination. Standalone subnets do not require gateways, since there is nowhere for the traffic to go — all traffic is local. Subnets connected to other subnets or to the Internet require at least one gateway. Dynamic Host Configuration Protocol Since every host must have a unique IP address, how you allocate and manage addresses is an important consideration when setting up an IP network. You can allocate addresses in one of two ways: static addressing or dynamic addressing. With static addressing, you simply assign a specific IP address to each host. The address doesn’t change unless you manually reconfigure the host’s TCP/IP properties (thus the term static). Static addressing is fine for small networks where you don’t need to add or remove nodes or change addresses very often. As the number of nodes increases, however, static addressing can become an administrative nightmare. It’s easy to accidentally assign conflicting IP addresses, and when subnet properties change (such as default gateway address), you have to manually reconfigure those properties. Dynamic addressing through the Dynamic Host Configuration Protocol (DHCP) is a much better solution than static addressing, particularly for large networks or dynamic networks in which IP properties change. DHCP enables a DHCP server to automatically allocate IP addresses and related properties (gateway, DNS servers, and so on) to clients as the clients boot. A dynamically assigned address and associ- ated properties is called a lease. Depending on the configuration at the DHCP server, a lease can have an infinite duration or can expire after a certain period. If a lease expires, the client can renew the lease to obtain a new IP address (which could be the same as the one provided by the previous lease). DHCP in Windows2000 offers some additional benefits in its interaction with Windows 2000-based DNS servers. A Windows2000 DHCP client can request that the Windows2000 DNS server update its host address in the DNS namespace for its domain. This means that even if the client receives a new IP address each time it boots, its host record in DNS will remain accurate. Windows2000 DHCP servers can also request host record updates on behalf of clients, including non-Windows 2000 clients that don’t support dynamic DNS updates. See Chapter 13 for detailed information on DHCP and how to configure Windows2000 DHCP clients and servers. Note 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 423 424 Part IV ✦ Networking and Communications Services Domains and Name Resolution IP hosts communicate using IP addresses, but humans would have trouble remem- bering more than a few IP addresses. How would you like to try to remember the addresses of all the Web sites you visit in a week’s time? Domain names, host names, and name resolution help simplify internetworking for the user. Domain names identify networks using a dotted format similar to IP addresses, except that domain names use letters (usually words) rather than numbers. For example, the domain mcity.org identifies a specific network in the .org domain. Each host in the mcity.org domain has a host name that identifies the host uniquely on the network. The host name and domain name combine to create a Fully Qualified Domain Name, or FQDN, that uniquely identifies the host. For example, a host in the mcity.org domain might have the host name server1 . The FQDN for the host would be server1.mcity.org . If the domain contains delegated subnets, those figure into the FQDN, as well. For example, assume mcity.org includes a subdomain called support . The host named fred in support.mcity.org would have the FQDN fred.support.mcity.org . There is not necessarily a correlation between a computer’s FQDN and e-mail address. While the user in the previous example might have the e-mail address fred@support.mcity.org, there is no correlation with his computer’s FQDN. The host name and e-mail account have nothing in common. There isn’t any direct connection between FQDNs or IP addresses, so some method is required to map host names to IP addresses. When you type http://www.mcity. org in your Web browser, for example, some translation needs to occur to map www.mcity.org to its IP address so your browser can connect to the site. That’s where DNS comes in. DNS DNS stands for Domain Name System, and DNS provides a distributed database to enable host names to be mapped to their corresponding IP addresses. DNS name servers maintain records for domains they host and respond to queries for a given host name with the IP address stored in the DNS database for that host. For example, when you attempt to connect to www.mcity.org , your computer submits a DNS request to the DNS server configured in your computer’s TCP/IP properties to resolve the host name www.mcity.org into an IP address. The DNS server looks up the data, passes the address back to your computer, which connects to the site using the IP address. The only interaction you provide in the process is to enter http://www.mcity.org in your browser. Everything else happens behind the scenes. The name resolution process described here is simplified for the purpose of this discussion. See Chapter 14 for a detailed explanation of how DNS works. Note Note 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 424 [...]... mcity.org You query for the unqualified host name fred This option then causes Windows2000 to attempt to resolve fred.mcity.org and fred.support.mcity.org If you have no connection-specific DNS suffix specified, Windows2000 will only attempt to resolve fred.mcity.org 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 429 Chapter 12 ✦ Windows2000Networking ✦ Append parent suffixes of the primary DNS suffix: This option... Chapter 12 ✦ Windows2000Networking IP Routing Except in self-contained private networks, routing plays an important role in TCP/IP Routing enables packets destined for external subnets to reach their destinations and for traffic from remote networks to your own to be delivered to your network Windows2000 includes a service called Routing and Remote Access (RRAS) that enables a Windows2000 server...4667-8 ch12.f.qc 5/15/00 2:04 PM Page 425 Chapter 12 ✦ Windows2000Networking WINS Another name resolution service provided by Windows2000 is Windows Internet Name Service, or WINS WINS provides much the same service for NetBIOS names that DNS provides for TCP/IP host names NetBIOS stands for Network... by earlier Microsoft operating systems such as Windows 95 and 98 and Windows NT to identify and locate computers on the network Just as DNS provides a means for mapping host names to IP addresses, WINS provides a means of mapping NetBIOS names to IP addresses for systems running NetBIOS over TCP/IP Note NetBIOS is not required in Windows 2000, as Windows2000 uses host names and DNS to locate hosts on... DHCP relay agent relays messages between DHCP clients and DHCP servers The DHCP relay agent component provided with Windows2000 RRAS serves that function Figure 12-10 illustrates a Windows2000 server functioning as a DHCP relay agent Note The DHCP relay agent can’t run on a Windows2000 server that also is running the DHCP Server service or Network Address Translation (NAT) with automatic addressing... as a multicast forwarder Note Windows2000 does not include any multicast routing protocols Multicast routers exchange group membership information with one another to help determine how multicast traffic is routed Windows2000 only provides limited multicast routing, but does function as a multicast forwarder, forwarding multicast traffic to listening clients Windows2000 can be configured as a multicast... table accordingly, enabling it to forward traffic to those destinations requesting it The IGMP routing protocol included with Windows2000 is not an IGMP routing protocol per se, but enables a Windows2000 server to function as a forwarder After you add the protocol to Windows 2000, you configure one or more interfaces to handle IGMP You can configure the interface to function in either IGMP router mode... Protocol Select DHCP Relay Agent from the list and click OK to add it to the IP Routing branch 4667-8 ch12.f.qc 5/15/00 2:04 PM Page 449 Chapter 12 ✦ Windows2000Networking DHCP Server Network B RRAS DHCP Relay Agent Network A Figure 12-10: A Windows2000 server operating as a DHCP relay agent Next, add the interface(s) on which the DHCP relay agent will function Right-click in the right pane or on... ch12.f.qc 430 5/15/00 2:04 PM Page 430 Part IV ✦ Networking and Communications Services ✦ Enable NetBIOS over TCP/IP: Select this option to use NetBIOS over TCP/IP (NetBT) and WINS This option is required if the computer communicates by name with other computers running earlier versions of Windows 9x or NT NetBT is not required in a homogenous Windows2000 environment or when connecting to computers... third-party protocols Overview of multicast forwarding A Windows2000 multicast forwarder listens for multicast traffic on all attached networks and forwards the traffic (based on its multicast destination address) to attached networks where listening clients reside or to other routers for networks where participating clients reside A Windows2000 multicast forwarder also listens for IGMP Membership . in Windows 2000 offers some additional benefits in its interaction with Windows 2000- based DNS servers. A Windows 2000 DHCP client can request that the Windows. including non -Windows 2000 clients. Windows 2000 DHCP servers can request an update of the client’s pointer record in DNS as well. Windows 2000 includes