70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching
Objectives Build IP networks Configure Windows Server 2003 as a router Create and configure demand-dial connections Understand the purpose of virtual LANs Implement Network Address Translation Work with Internet Connection Sharing Configure Internet Connection Firewall Plan Internet connectivity 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Building a Subnetted IP Network Subnetting: breaking a single large IP network into smaller networks Main benefit of subnetting is network traffic control Supernetting is the opposite process of subnetting Supernetting combines multiple small networks into one large network 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Binary Numbering and TCP/IP IP addresses are expressed in dotted decimal notation A computer looks at an IP address as a single group of 32 binary digits The subnet mask determines which bits are part of the network ID and which bits are part of the host ID 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Decimal Numbering The decimal system uses the values from 0 to 9 for each digit The value of the first column in the decimal numbering system is ten to the zero power (100=1); the value of the second column is ten to the first power (101=10) etc. 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Binary Numbering Subnetting is based on binary Binary is a base-two numbering system, which means that there are only two potential values for each digit, 0 and 1 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Conversion Between Binary and Decimal To convert a binary octet to a decimal value, multiply the digit in each column by the value of each column and then determine the sum of those products Binary digits are always either 1 or 0, so multiply the value of each column by 1 or 0 Most people use Windows Calculator to perform the conversion 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Activity 4-1: Converting Binary Numbers to Decimal Using Windows Calculator The purpose of this activity is to convert numbers between binary and decimal numbering systems 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Binary Subnet Masks The binary process used by your computer to find the network ID is called ANDing If both binary digits being compared have a value of 1, then the result is 1 If one digit is 0 and the other is 1, or if both digits are zero, then the result is 0 When an IP address is ANDed with a subnet mask, the result is the network ID 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Activity 4-2: ANDing The purpose of this activity is to find the network ID of several IP addresses based on the given subnet mask 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
The Benefits of Subnets Subnetting provides the following benefits: Improves performance Reduces collisions Limits broadcasts Controls traffic 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Reducing Collisions Subnetting reduces the number of hosts on each network, reduces the amount of traffic on the network and improves throughput In a routed network, each network is a separate collision domain Collisions that occur on one network do not affect another network 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Limiting Broadcasts Subnetting a network creates multiple networks with fewer hosts on each network The presence of fewer hosts on each network results in fewer broadcast messages, which reduces the processing load on each host 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Controlling Traffic Routers provides greater control over network traffic Routers can implement rules about which packets they forward 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Subnetting a Network To subnet a network, you take some bits from the host ID and give them to the network ID The number of subnets can be calculated using the formula 2n-2 In this formula, n is the number of bits taken from the host ID and used for subnetting The minus 2 is only used for traditional subnetting in which the subnets of all 1s and all 0s are removed 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Activity 4-3: Complex Subnetting The purpose of this activity is to subnet a single large network into 10 smaller networks 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Subnet Hosts The formula 2n-2, is also used to calculate the number of usable hosts on a subnet The formula finds the total number of combinations that can be created from n bits However, when used to calculate the number of usable hosts on a subnet, n is the number of bits in the host ID, and two combinations are removed for the broadcast on the subnet and the subnet itself 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Activity 4-4: Finding Valid Hosts The purpose of this activity is to calculate the number of valid hosts on a subnet 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Supernetting Supernetting is used to create one large network from several smaller ones Supernetting takes bits from the network ID and gives them to the host ID All of the networks being combined for supernetting must be contiguous 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Router Installation and Configuration Main benefit of implementing Windows Server 2003 as a router within a small or midsized organization is cost Routing is part of Routing and Remote Access Service (RRAS) and can be configured using the same wizard that is used to configure dial-up and VPN servers 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Router Installation and Configuration (continued) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Activity 4-5: Configuring RRAS as a Router The purpose of this activity is to configure Windows Server 2003 as a router 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Routing Tables The routing table is a list of the networks that are known to the router Each entry in an IP routing table contains: the IP address of the network the subnet mask of the network the gateway that is used to reach the network the router interface that is used to reach the gateway the metric that measures how far away the network is 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Routing Tables (continued) Static routing is the process by which routing tables are maintained manually by an administrator Dynamic routing is the process by which routing tables are automatically generated by routers based on communication with other routers 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Routing Protocols Routing protocols are responsible for calculating the best path from one network to another and advertising routes for dynamic routing The two routing protocols used in Windows Server 2003 for IP routing are: Routing Information Protocol (RIP) Open Shortest Path First (OSPF) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
RIP In Routing Information Protocol (RIP), the distance between networks is measured by the number of routers through which the data must pass, or hops RIP is the simpler and more popular of the two protocols The best path from one network to another is the path with the least number of hops This is known as distance-vector routing 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Activity 4-6: Installing and Using RIP The purpose of this activity is to configure your server as an RIP router 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
OSPF Open Shortest Path First (OSPF) is a routing algorithm that determines the best path from one network to another based on a configurable value called cost OSPF is more flexible than RIP and better suited to complex routing environments 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Configuring RIP In RIP you can configure: The type of events to be logged From which IP addresses this router accepts updates Settings for each interface How often routing table announcements are sent How long entries in the routing table last before they expire Many other options 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Demand-Dial Connections A demand-dial connection establishes a connection between two routers only when there is data to send When a router with a demand-dial interface receives packets destined for a remote network, a connection is created so the packets can be sent 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Creating Demand-Dial Connections For a demand-dial connection to function properly you must: Enable the server to perform demand-dial routing Configure a port to allow demand-dial routing Create a demand-dial interface 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Demand-Dial Interface Wizard New demand-dial connections are created using the Demand-Dial Interface Wizard To start this wizard in the Routing and Remote Access snap-in, right-click Network Interfaces, and click New Demand-dial Interface 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Activity 4-7: Creating a Demand-Dial Connection The purpose of this activity is to create a demand-dial VPN connection 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Demand-dial Interface Properties Properties of the demand-dial interface can be used to configure security settings and the idle timeout The idle timeout is on the Options tab If the Connection type chosen is the Persistent connection option, then the servers are connected whenever RRAS is functional 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Dial-out Hours/Demand-Dial Filters A demand-dial connection can be configured with a set of dial-out hours that control when it can be active Controls unwanted dial-up connections that might result in large long-distance charges Demand-dial filters control which types of network traffic trigger a demand-dial connection Reduces the number of connections activated and the amount of long-distance charges 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Activity 4-8: Configuring Demand-Dial Filters The purpose of this activity is to configure demand-dial filters to control the activation of demand-dial connections 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Virtual LANs A VLAN is a broadcast domain created by a switch based on: Subnets Protocols MAC addresses switch ports 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Network Address Translation NAT is a protocol used by routers to allow multiple clients to share a single Internet-addressable IP address IP headers are modified to make the packet look as though it came from the NAT router 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
How NAT Works NAT modifies the IP headers of packets that are forwarded through a router When a packet is forwarded through the router, NAT removes the original source IP address and source port number The source IP address changes to the IP address of the router The source port number is changed to a randomly generated port number To keep track of the translations that are being performed, NAT builds a table 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
How NAT Works (continued) 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
How NAT Works 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Installing NAT NAT is automatically installed when RRAS is configured to be a router, but interfaces must be added The NAT/Basic Firewall tab allows you to configure whether this interface is a private interface, public interface, or basic firewall For proper NAT functionality, one interface must be configured as public and one as private 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Activity 4-9: Installing and Testing NAT The purpose of this activity is to Install NAT and confirm it is functioning using a Web page on your instructor’s computer 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Configuring NAT The NAT protocol is configured by right-clicking NAT/Basic Firewall, and clicking Properties 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Internet Connection Sharing Internet Connection Sharing (ICS) is a Windows Server 2003 service that provides an automated way for a small office using Windows Server 2003 as a router to connect to the Internet ICS automatically performs NAT and configures network connections 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Internet Connection Firewall Internet Connection Firewall (ICF) is a stateful packet filter (a filter that automatically creates reverse rules for response traffic) that can be used to protect any server running Windows Server 2003 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Enabling ICF ICF is configured per connection ICF is enabled in the properties of a connection If ICF is enabled on a server that is not a router, only that server is protected If ICF is enabled on a router, then all computers on the internal network are protected 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Configuring ICF To allow requests from the network to access services on the server running ICF, you need to configure services The Security Logging tab, is used to configure: the type of information that is logged the location of the log the maximum size of the log ICF is capable of logging both dropped packets and successful connections 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Activity 4-10: Installing ICF The purpose of this activity is to install and configure ICF on your server 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Planning Internet Connectivity When planning Internet Connectivity a decision must be made on whether to use internal private addresses or Internet accessible IP addresses Using Internet accessible IP addresses is more expensive Using internal private IP addresses is more secure Most organizations use internal private IP addresses 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Summary Subnetting is used to divide a single large network into multiple smaller networks Supernetting is used to combine multiple smaller networks into one large network The formula 2n-2 is used to calculate the number of subnets that can be created from n bits RIP is a distance-vector routing algorithm that calculates paths based on hops OSPF is a link-state routing algorithm that calculates paths based on a configurable metric called cost 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
Summary (continued) Demand-dial connections are activated only when network traffic requires them NAT allows many computers to access the Internet using a single Internet-addressable IP address ICS is an automated way to configure a router for NAT ICF is a stateful packet filter When planning Internet Connectivity a decision must be made on whether to use internal private addresses or Internet accessible IP addresses 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network