BEST OF NETWORKING

Networking Standards

2010-01-29T04:18:00.000-08:00

Networking Standards

All networking technologieshave standards associated with them. These are usually highly technical documents, and often presume that the reader has a fair bit of knowledge about networking. If you aren't an expert, you will probably have some difficulty understanding networking standards. (Some people seem to think I am an expert, but I too have trouble with most of the details in a typical networking standard.)

In fact, many technologies have quite a number of standards associated with them. A networking technology may have more than one standard for any or all of the following reasons:

* The original standard has been revised or updated;

* The technology is sufficiently complex that it needs to be described in more than one document;

* The technology borrows from or builds on documents used in related technologies;

* More than one organization has been involved in developing the technology.

Standards documents created in the United States are usually developed in English, but are also routinely translated into other languages. European standards are often published simultaneously in English, French and German, and perhaps other languages as well.

IEEE standards for Networking:

IEEE 802.11 is a set of standards carrying out wireless local area network (WLAN) computer communication in the 2.4, 3.6 and 5 GHz frequency bands. They are created and maintained by the IEEE LAN/MAN Standards Committee (IEEE 802).

There are several specifications in the 802.11 family:

* 802.11 — applies to wireless LANs and provides 1 or 2 Mbps transmission in the 2.4 GHz band using either frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum (DSSS).
* 802.11a — an extension to 802.11 that applies to wireless LANs and provides up to 54-Mbps in the 5GHz band. 802.11a uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS.
* 802.11b (also referred to as 802.11 High Rate or Wi-Fi) — an extension to 802.11 that applies to wireless LANS and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1-Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. 802.11b was a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet.
* 802.11e — a wireless draft standard that defines the Quality of Service (QoS) support for LANs, and is an enhancement to the 802.11a and 802.11b wireless LAN (WLAN) specifications. 802.11e adds QoS features and multimedia support to the existing IEEE 802.11b and IEEE 802.11a wireless standards, while maintaining full backward compatibility with these standards.
* 802.11g — applies to wireless LANs and is used for transmission over short distances at up to 54-Mbps in the 2.4 GHz bands.
* 802.11n — 802.11n builds upon previous 802.11 standards by adding multiple-input multiple-output (MIMO). The additional transmitter and receiver antennas allow for increased data throughput through spatial multiplexing and increased range by exploiting the spatial diversity through coding schemes like Alamouti coding. The real speed would be 100 Mbit/s (even 250 Mbit/s in PHY level), and so up to 4-5 times faster than 802.11g.
* 802.11r — 802.11r, also called Fast Basic Service Set (BSS) Transition, supports VoWi-Fi handoff between access points to enable VoIP roaming on a Wi-Fi network with 802.1X authentication.
* 802.1X — Not to be confused with 802.11x (which is the term used to describe the family of 802.11 standards) 802.1X is an IEEE standard for port-based Network Access Control that allows network administrators to restricted use of IEEE 802 LAN service access points to secure communication between authenticated and authorized devices.

WiFi Antennas

2010-01-16T17:20:00.000-08:00

WiFi Antennas

If you are setting up a wireless home network, you should know that you can maximize your network's performance by replacing the WiFi antenna. While this is not necessary in the majority of cases, if you are having trouble getting access to the network throughout your home, or if you just can't strategically place your router or access point because no matter where you put it, the signal strength is weak in places, replacing the WiFi antenna may be the solution you've been looking for.

Built-In WiFi Antennas

Most access points and routers contain built-in omnidirectional antennas. These antennas send signals out equally well in all directions. This makes router or access point set up easy, since when it is placed in the center of the home, and wireless devices are located throughout the rooms, an omnidirectional antenna ensures that signals are sent to all corners of the house.

However, while the omnidirectional antenna built-in to your router or access point makes setup easy, it may not be the most effective antennas for your wireless home network. The built-in antenna may have trouble reaching all places in your house where network service is required.

Replacement Antennas

Built-in omnidirectional antennas can have trouble sending signals for long distances because power must be expended in all directions. This means there is less power left over for long distance coverage.

To address this problem, some manufacturers sell external omnidirectional antennas that are significantly stronger than the built-in antennas. This increases the distance that the routers and access points can service. This will in turn increase network performance.

But there are also security concerns for wireless antennas that are too strong. The stronger your omnidirectional signal, the more likely it is to bleed outside the house, where signals can be snooped and exploited.

To deal with this concern, you can replace your omnidirectional antenna with a high gain directional antenna. This will send a strong signal in a particular direction of your choosing. Since the signal is focused, it can be better controlled by aiming it at the area of your home where wireless devices are located.

Many routers have an external antenna jack that allows you to connecting the new antenna. Consult the router product documentation for details.

Selecting a WiFi antenna

The single most important thing you can do to extend the range of your 802.11 system is to install an external antenna with some good gain and directional or omni-directional qualities. WiFi is simply a radio, which is used for computer. You can think of your antenna as the “speaker system” of your WiFi card. Get a bigger antenna; your WiFi will go a lot further. However, don't install a speaker on your wifi system or your range will be horrible!

Directional Antennas
Directional antennas are used for Point-to-Point or sometimes for Multi-Point systems depending on the setup. If you are trying to go from one location (say for instance your router), to another location, this is the type of antenna we recommend.

Omni-Directional
This is the common “Base” antenna used for Point-to-Multi-Point or can be an omni-directional antenna for your car. An Omni-Directional antenna would serve as your main antenna to distribute the signal to other computers or devices (such as wireless printers, PDAs, etc) in your workgroup. You can use 2 Omni-Directional antennas for a point to point system, but this is usually not recommended because there is no real point to distributing your signal all over the place when you only want to going from point A to point B.

Point-to-Point
Point-to-Point systems usually involve 2 different wireless points, or building to building wireless connections. But there are exceptions to every rule. If the access point is across a long valley and the owner of the system wishes to share the connection with multiple users on the other side of the valley. This would be a point to Multi-Point system but using directional antennas.

Home
Home antennas are always the easiest types of antennas to purchase and take the least amount of effort in choosing and installing. In most circumstances, only one antenna is needed on the remote computer. We recommend putting any external antenna on the remote computer, simply because if you install it on your router and don’t plan on setting up security, it will provide less signal strength outside of your home and your system will be less prone to hackers. If you have a multi-story home or a very large house, you may have to install antennas on every computer to get the range or bandwidth required. Every wall that you have to penetrate will decrease the signal strength of your system.

Office
Office antennas are pretty straight forward. If you want to run a network system inside of your office building and don’t want to run cables all over the place, first, purchase a good wireless card. However, this can get a little complex if the office is split between 2 different points or if the office is really large or on multiple stories of a building.

Mobile WiFi antennas
Why would anyone want WiFi in their car? Well, there are a lot of truck-stops and RV parks around the country now that offer wireless access. In fact, many public high speed wireless networks can be accessed directly from your car, truck, or RV. There is also something called WarDriving which is where bad people drive around neighborhoods and get their high-speed access for free.

Yagi Antennas
Yagi antennas were the design of two Japanese people, Hidetsugu Yagi and Shintaro Uda, and are sometimes referred to as Yagi-Uda antennas. They were originally designed for radio, but are now also used for 802.11 systems. These antennas are typically very directional and are used for point to point, or to extend the range of a point to multi-point system. We highly recommend using the RadioLabs 14 or 16 element weatherproof Yagi antenna if you want to install your system outside. They have excellent signal strength and in the right circumstances can communicate for miles!

Backfire antennas - The backfire is a small directional antenna with excellent gain. They look similar to a parabolic dish, but the gain isn't as high. We highly recommend Backfire antennas for point to point or point to multipoint systems because of the excellent gain and the good noise figures. We offer a backfire antenna with 15 dBi of Gain!! This is excellent considering the antenna is only 10 inches diameter. Almost invisible!!

Parabolic or dish antennas
This is where the real power is! Parabolic dish antennas put out tremendous gain but are a little hard to point and make a connection with. As the gain of an antenna increases, the antenna’s radiation pattern decreases until you have a very little window to point or aim your dish correctly. Dish antennas are almost always used for a point to point system for long haul systems. The Parabolic Dish antennas work by focusing the power to a central point and beaming the radio’s signal to a specific area, kind of like the adjustable reflector on a flashlight. These antennas are highly focused and are the perfect tool if you want to send your signal a very long distance.

Gain Considerations
The gain you will require for each individual WiFi antenna system will dependant on any direct objects in your path, the distance you must cover and the individual wifi cards. These all must be taken into consideration before choosing the proper antenna system. If our calculator is too difficult to use, please feel free to contact us for information.

Interference
As with all radio systems, interference is always a problem. If you are listening to an AM radio and you hear static, this is interference. The same thing applies to WiFi systems, however not to such a large degree. Things that cause interference with WiFi systems are Microwave ovens, certain lighting systems, other 802.11 access points or systems, microwave transmitters, even high speed processors for computers can cause interference for 802.11 systems. All these problems must be isolated before you can expect any significant range out of your system. If you need help, please don't be afraid to ask us. Afterall, WiFi is our business.

Virtual Private Network(VPN)

2010-01-16T17:04:00.000-08:00

A VPN (Virtual Private Network) is a virtual computer network that exists over the top of an existing network. The purpose of a VPN is to allow communications between systems connected to the VPN using an existing shared network infrastructure as the transport, without the VPN network being aware of the existence of the underlying network backbone or without the VPN interfering with other network traffic on the backbone. A VPN between two networks is often referred to as a VPN Tunnel.

Most VPN technologies can be separated into two broad categories, Secure VPNs and Trusted VPNs.

Secure VPNs are designed to provide information security features such as authentication and confidentiality and are often used to secure traffic travelling over the Internet. Secure VPNs may be implemented by organizations wishing to provide remote access facilities to their employees or by organizations wishing to connect multiple networks together securely using the Internet to carry the traffic. A common use for Secure VPNs is in remote access scenarios, where VPN client software on an end user system is used to connect to a remote office network securely.

Trusted VPNs are commonly created by carriers and large organizations and are used for traffic segmentation on large core networks. They often provide quality of service guarantees and other carrier-grade features. Trusted VPNs may be implemented by network carriers wishing to multiplex multiple customer connections transparently over an existing core network or by large organizations wishing to segregate traffic flows from each other in the network.

Trusted VPNs differ from Secure VPNs in that they do not provide security features such as data confidentiality through encryption. Secure VPNs however do not offer the level of control of the data flows that a Trusted VPN can provide such as bandwidth guarantees or routing.

Some other types of VPN may not fit neatly within these two categories. For example, an end-user managed GRE tunnel may not necessarily use encryption to protect the tunnel contents. L2TP can also be used to tunnel traffic from a network access server to another location without enforcing encryption.

Clients and Servers

A VPN server is a piece of hardware or software that can acts as a gateway into a whole network or a single computer. It is generally ‘always on’ and listening for VPN clients to connect to it.

A VPN Client is most often a piece of software but can be hardware too. A client initiates a ‘call’ to the server and logs on. Then the client computer can server network can communicate. They are on the same ‘virtual’ network. Many broadband routers can 'pass' one or more VPN sessions from your LAN to the Internet. Each router handles this differently.

VPN Software

VPN ‘server’ software is rather rare. Windows Server level operating systems like ‘Windows 2000 Server’ have a ‘VPN server’ built in. I know if no software products priced for home or small business that allows you to set up a VPN server.

VPN ‘client’ software is much more common. When loaded on your computer, this software allows you create a secure VPN tunnel across the Internet and into another network fronted by a VPN server.

VPN Languages

There are two major 'languages' or protocols that VPN's speak. Microsoft uses PPTP or Point to Point Tunneling Protocol and most everyone else uses IPSec - Internet Protocol Security. Most broadband routers can pass PPTP traffic by forwarding port 1723 but IPSec is more complex. If your router does not explicitly support IPSEC pass through, then even placing your computer in the DMZ might not work.

PPTP has 'good' encryption and also features 'authentication' for verifying a user ID and password. IPSec is pureley an encryption model and is mutch safer but does not include authentication routines. A third standard, L2TP is IPSec with authentication built in.

Broadband Routers with VPN Servers

Until recently, VPN server hardware was VERY expensive. As home networks become more sophisticated, the demand for home level VPN’s increase. At the end of 2001, the home network industry responded by adding VPN servers into some broadband routers. These products are often priced at under $300 (us) and some are as inexpensive as $170.

VPN functionality is very processor intensive and most broadband routers have somewhat slow processors in them. Broadband router based VPN servers are often limited in throughput because of their microprocessors. Most have a maximum VPN throughput of around .6Mbps or 600Kbps.

Network Switches

2010-01-15T15:24:00.000-08:00

Like a hub, a switch is a device that connects individual devices on an Ethernet network so that
they can communicate with one another. But a switch also has an additional capability; it
momentarily connects the sending and receiving devices so that they can use the entire bandwidth
of the network without interference. If you use switches properly, they can improve the
performance of your network by reducing network interference.

Switches have two benefits: (1) they provide each pair of communicating devices with a fast
connection; and (2) they segregate the communication so that it does not enter other portions of
the network. (Hubs, in contrast, broadcast all data on the network to every other device on the
network.)

Different models of network switches support differing numbers of connected devices. Most consumer-grade network switches provide either four or eight connections for Ethernet devices. Switches can be connected to each other, a so-called daisy chaining method to add progressively larger number of devices to a LAN.

Function:

The network switch, packet switch (or just switch) plays an integral part in most Ethernet Local Area Networks or LANs. Mid-to-large sized LANs contain a number of linked managed switches. Small office/home office (SOHO) applications typically use a single switch, or an all-purpose converged device such as gateway access to small office/home broadband services such as DSL router or cable Wi-Fi router. In most of these cases, the end user device contains a router and components that interface to the particular physical broadband technology, as in the Linksys 8-port and 48-port devices. User devices may also include a telephone interface to VOIP.

In the context of a standard 10/100 Ethernet switch, a switch operates at the data-link layer of the OSI model to create a different collision domain per switch port. If you have 4 computers A/B/C/D on 4 switch ports, then A and B can transfer data between them as well as C and D at the same time, and they will never interfere with each others' conversations. In the case of a "hub" then they would all have to share the bandwidth, run in Half Duplex and there would be collisions and retransmissions. Using a switch is called micro-segmentation. It allows you to have dedicated bandwidth on point to point connections with every computer and to therefore run in Full duplex with no collisions.

Role of switches in networks:

Switches may operate at one or more OSI layers, including physical, data lin, network or transport. A device that operates simultaneously at more than one of these layers is known as a multilayer switch.

In switches intended for commercial use, built-in or modular interfaces make it possible to connect different types of networks, including Ethernet, fibre channel , ATM and 802.11 . This connectivity can be at any of the layers mentioned. While Layer 2 functionality is adequate for speed-shifting within one technology, interconnecting technologies such as Ethernet and token ring are easier at Layer 3.

Interconnection of different Layer 3 networks is done by routers. If there are any features that characterize "Layer-3 switches" as opposed to general-purpose routers, it tends to be that they are optimized, in larger switches, for high-density Ethernet connectivity.

In some service provider and other environments where there is a need for a great deal of analysis of network performance and security, switches may be connected between WAN routers as places for analytic modules. Some vendors provide firewall network intrusion detection and performance analysis modules that can plug into switch ports. Some of these functions may be on combined modules.

In other cases, the switch is used to create a mirror image of data that can go to an external device. Since most switch port mirroring provides only one mirrored stream, network hubs can be useful for fanning out data to several read-only analyzers, such as intrusion detection systems and packet sniffers.

Purchase Considerations

When you purchase and install a switch, you should review and
apply the following criteria:

• Your switches must be compatible with your physical and data link
level protocols. If you are running a 10BaseT Ethernet network, then
you must purchase a 10BaseT switch.
• Some switches can accommodate more than one physical or data link
level protocol. For example, modern switches accommodate both
10BaseT and 100BaseTX protocols. It is wise to purchase a switch
with at least one 100BaseTX port, since you can interconnect your
switches via their high speed ports to improve network performance
(even if the remainder of your network uses 10BaseT).
• If you purchase a switch that accommodates more than one protocol,
then make sure that it automatically senses which protocol is being
used on each port. Autosensing switches ensure that you can connect
any part of the network to any switch port. (Older switches required
that you attach each segment of the network to a port compatible
with its physical and data link level protocol. Keeping the segments
and ports straight presents a management headache.)
• Purchase switches from a known manufacturer whose support you
trust. Make sure the manufacturer provides a competitive warranty.
• Install your switches in a room that is cool and free of dust, if
possible. Additionally, plug your switches into an uninterruptible
power supply (UPS) to ensure that they receive clean power.

All About Repeater

2010-01-15T15:05:00.000-08:00

Definition: Network repeaters regenerate incoming electrical, wireless or optical signals. With physical media like Ethernet or Wi-Fi, data transmissions can only span a limited distance before the quality of the signal degrades. Repeaters attempt to preserve signal integrity and extend the distance over which data can safely travel.

Actual network devices that serve as repeaters usually have some other name. Active hubs, for example, are repeaters. Active hubs are sometimes also called "multiport repeaters," but more commonly they are just "hubs." Other types of "passive hubs" are not repeaters. In Wi-Fi, access points function as repeaters only when operating in so-called "repeater mode."

Higher-level devices in the OSI model like switches and routers generally do not incorporate the functions of a repeater. All repeaters are technically OSI physical layer devices.

Usage

Repeaters are often used in trans-continental and submarine communication cables, because the attenuation(signal loss) over such distances would be unacceptable without them. Repeaters are used in both copper-wire cables carrying electrical signals, and in fibre optics carrying light.

Repeaters are used in radio communication services. Radio repeaters often transmit and receive on different frequencies. A special subgroup of those repeaters is those used in amateur radio.

Repeaters are also used extensively in broadcasting, where they are known as translators, boosters or TV relay transmitters.

When providing a point-to-point telecom link using radio beyond line of sight, one uses repeaters in a microwave radio relay. A reflector, often on a mountaintop, that relays such signals around an obstacle, is called a passive repeaer or Passive Radio Link Deflection. A microwave repeater in a communications sattelite is called a transponder.

In optical communications the term repeater is used to describe a piece of equipment that receives an optical signal, converts that signal into an electrical one, regenerates it, and then retransmits an optical signal. Since such a device converts the optical signal into an electrical one, and then back to an optical signal, they are often known as Optical-Electrical-Optical (OEO) repeaters.

Before the invention of electronic amplifiers, mechanically coupled carbon microphones were used as amplifiers in telephone repeaters. The invention of the audion tube made transcontinental telephony practical. In the 1930s vaccum tube repeaters using hybrid coils became commonplace, allowing the use of thinner wires.

Bridges(Networking)

2010-01-14T16:30:00.000-08:00

A bridge is a device that connects two or more local area networks, or two or more segments of
the same network. For example, suppose that your network includes both 10BaseT Ethernet and localTalk connections. You can use a bridge to connect these two networks so that they can
share information with each other.
In addition to connecting networks, bridges perform an additional, important function. They filter information so that network traffic intended for one portion of the network does not congest the rest of the network.

Bridges operate at the data link layer (Layer 2) of the OSI model. Bridges inspect incoming traffic and decide whether to forward or discard it. An Ethernet bridge, for example, inspects each incoming Ethernet frame - including the source and destination MAC addresses, and sometimes the frame size - in making individual forwarding decisions. Bridges serve a similar function as switches, that also operate at Layer 2. Traditional bridges, though, support one network boundary, whereas switches usually offer four or more hardware ports. Switches are sometimes called "multi-port bridges" for this reason.

When bridges were introduced in the 1980’s, they typically joined two homogeneous networks
(for example, two kinds of Ethernet networks). More recently it has become possible for bridges
to connect networks with different physical and data link level protocols. For example, you can
use a bridge to connect a LocalTalk network to an Ethernet network, or an Ethernet network to a TokenRing network.
Like switches, bridges learn the MAC addresses of all connected clients, servers, and peripherals,
and associate each address with a bridge port (network connection). When a bridge (or switch)
receives an incoming frame, it opens and reads its destination MAC address. If the port that will
receive the frame is different from the port connected to the sender, then the bridge forwards the frame to the destination port. If the port that will receive the frame is the same as the port
connected to the sender, the bridge drops the frame. (Since the bridge is by definition at the end
of the network segment, the receiving computer presumably intercepted a copy of the frame on its way to the bridge.) If the bridge cannot determine which port is associated with a destination
address, it passes the frame along to all ports.
Traditional bridges connect a single workgroup to another workgroup. More recently, however, manufacturers have produced multiport bridges. Multiport bridges allow network managers to connect more than two network segments to each other. Additionally, you can reconfigure or expand networks because simply by replacing one network interface card inside the multiport bridge with another (for example, adding a LocalTalk interface to a multiport Ethernet bridge).
Bridges generally inspect data link level information within a network signal—information like
the Ethernet or LocalTalk (MAC) destination address. They do not attend to network routing or
transport protocol information such as that carried within the TCP/IP, IPX/SPX, or AppleTalk
portions of the signal. However, bridges can be fitted with custom filters that enable them to read this information—including network routing or transport source address, packet size, or type of protocol—and reject or forward information based on it. Custom filters enable network managers to isolate particular areas of the network and control which protocols enter or leave each area.
For example, custom filters might allow requests from the Internet (outside the school district) not to enter certain areas of the network.
Bridges are relatively simple and efficient traffic regulators. However, in some networks they
have been replaced by their more powerful cousins—hubs, switches, and routers. Each of these
traffic regulators brings a unique set of strengths and weaknesses to its work:
• Hubs, switches, bridges, and routers can interconnect two different kinds of networks such as
10BaseT Ethernet and 100BaseTX.
• Hubs (unlike switches, bridges, and routers) do not filter traffic between the two networks.
• Switches have the unique capability to enable communicating devices momentarily to utilize
the full bandwidth (data carrying capacity) of the network.
• However, switches (and hubs) cannot accommodate the variety of protocols and cabling types
that bridges can.
• Routers are much more expensive and much more difficult to install and manage than hubs,
switches, or bridges, but they can filter and route information much more precisely. (We
discuss routers in more detail later in this chapter.)
When you purchase equipment, make sure you understand how each of these details affects your
network. Then work with your technical staff or network integrator to choose the best equipment
for each situation.
Because bridges (like switches) generally depend upon MAC addresses, we say in the parlance of
the OSI model that bridges are level 2 devices. You must purchase a bridge that is compatible
with your physical network and your data link protocols.

Purchase Considerations
When you consider purchase of a bridge, you should follow
these guidelines:

• Before you decide on your purchase, take a moment to clarify what
you wish to achieve (connecting a Macintosh LocalTalk lab to
Ethernet? connecting two Ethernet segments?). Then work with your
technical staff, or with manufacturers and consultants, to determine
your options. You can often use a hub, switch, or router in the same
places that you can use a bridge. Each device brings its unique set of
strengths and weaknesses to the job.
• Make sure that the bridge is compatible with your physical and data
link protocols.
• Purchase bridges from a known manufacturer whose support you
trust. Make sure the manufacturer provides a competitive warranty.
• Install your bridges in a room that is cool and free of dust, if
possible. Additionally, plug your bridges into an uninterruptible
power supply (UPS) to ensure that they receive clean power

Advantages of network bridges:

Self-configuring
Simple bridges are inexpensive
Isolate collision domain
Reduce the size of collision domain by microsegmentation in non-switched networks
Transparent to protocols above the MAC layer
Allows the introduction of management/performance information and access control
LANs interconnected are separate, and physical constraints such as number of stations, repeaters and segment length don't apply
Helps minimize bandwidth usage.

Disadvantages of network bridges:

Does not limit the scope of broadcasts
Does not scale to extremely large networks
Buffering and processing introduces delays
Bridges are more expensive than repeaters or hubs
A complex network topology can pose a problem for transparent bridges. For example, multiple paths between transparent bridges and LANs can result in bridge loops. The spanning tree protocol helps to reduce problems with complex topologies.

Three types of bridges are used in networks:

Transparent bridge Derives its name from the fact that the devices on the network are unaware of its existence. A transparent bridge does nothing except block or forward data based on the MAC address.
Source route bridge Used in Token Ring networks. The source route bridge derives its name from the fact that the entire path that the packet is to take through the network is embedded within the packet.
Translational bridge Used to convert one networking data format to another; for example, from Token Ring to Ethernet and vice versa.

ROUTERS

2010-01-14T15:55:00.000-08:00

A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called routing, which is somewhat like switching, but a router is different from a switch. The latter is simply a device to connect machines to form a LAN.

Routing is the process during which data packets are forwarded from one machine or device (technically referred to as a node) to another on a network until they reach their destinations.

Routing is the same as switching (with some very technical differences, which I will spare you from). IP routing uses IP addresses to forward IP packets from their sources to their destinations. IP adopts packet switching.

How a Router Works

When data packets are transmitted over a network (say the Internet), they move through many routers (because they pass through many networks) in their journey from the source machine to the destination machine. Routers work with IP packets, meaning that it works at the level of the IP protocol.

Each router keeps information about its neighbors (other routers in the same or other networks). This information includes the IP address and the cost, which is in terms of time, delay and other network considerations. This information is kept in a routing table, found in all routers.

When a packet of data arrives at a router, its header information is scrutinized by the router. Based on the destination and source IP addresses of the packet, the router decides which neighbor it will forward it to. It chooses the route with the least cost, and forwards the packet to the first router on that route.

Routers for Home & Small Business

Not all routers are created equal since their job will differ slightly from network to network. Additionally, you may look at a piece of hardware and not even realize it is a router. What defines a router is not its shape, color, size or manufacturer, but its job function of routing data packets between computers. A cable modem which routes data between your PC and your ISP can be considered a router. In its most basic form, a router could simply be one of two computers running the Window 98 (or higher) operating system connected together using ICS(Internet Connection Sharing). In this scenario, the computer that is connected to the Internet is acting as the router for the second computer to obtain its Internet connection.

Going a step up from ICS, we have a category of hardware routers that are used to perform the same basic task as ICS, albeit with more features and functions. Often called broadband or Internet connection sharing routers, these routers allow you to share one Internet connection between multiple computers.

Broadband or ICS routers will look a bit different depending on the manufacturer or brand, but wired routers are generally a small box-shaped hardware device with ports on the front or back into which you plug each computer, along with a port to plug in your broadband modem. These connection ports allow the router to do its job of routing the data packets between each of the the computers and the data going to and from the Internet.

Depending on the type of modem and Internet connection you have, you could also choose a router with phone or fax machine ports. A wired Ethernet broadband router will typically have a built-in Ethernet switch to allow for expansion. These routers also support NAT(network address translation), which allows all of your computers to share a single IP address on the Internet. Internet connection sharing routers will also provide users with much needed features such as an SPI Firewallor serve as a DHCP Server.

Wired and Wireless Routers

Wireless broadband routers look much the same as a wired router, with the obvious exception of the antenna on top, and the lack of cable running from the PCs to the router when it is all set up. Creating a wireless network adds a bit more security concerns as opposed to wired networks, but wireless broadband routers do have extra levels of embedded security.

Along with the features found in wired routers, wireless routers also provide features relevant to wireless security such as Wi-Fi Protected Access (WPA) and wireless MAC address filtering. Additionally, most wireless routers can be configured for "invisible mode" so that your wireless network cannot be scanned by outside wireless clients. Wireless routers will often include ports for Ethernet connections as well. For those unfamiliar with WiFi and how it works, it is important to note that choosing a wireless router may mean you need to beef up your Wi-Fi knowledge-base. After a wireless network is established, you may possibly need to spend more time on monitoring and security than one would with a wired LAN.

Wired and wireless routers and the resulting network can claim pros and cons over each other, but they are somewhat equal overall in terms of function and performance. Both wired and wireless routers have high reliability and reasonably good security (without adding additional products). However —and this bears repeating — as we mentioned you may need to invest time in learning more about wireless security. Generally, going wired will be cheaper overall, but setting up the router and cabling in the computers is a bit more difficult than setting up the wireless network. Of course, mobility on a wired system is very limited while wireless offers outstanding mobility features.

Static routers - Are configured manually and route data packets based on information in a router table.
Dynamic routers - Use dynamic routing algorithms. There are two types of algorithms:
- Distance vector - Based on hop count, and periodically broadcasts the routing table to other routers which takes more network bandwidth especially with more routers. RIP uses distance vectoring. Does not work on WANs as well as it does on LANs.
- Link state - Routing tables are broadcast at startup and then only when they change. The open shortest path first (OSPF) protocol uses the link state routing method to configure routes or distance vector algorithm (DVA).

Common routing protocols include:

IS-IS -Intermediate system to intermediate system which is a routing protocol for the OSI suite of protocols.
IPX - Internet Packet Exchange. Used on Netware systems.
NLSP - Netware Link Services protocol - Uses OSPF algorithm and is replacing IPX to provide internet capability.
RIP - Routing information protocol uses a distance vector algorithm.

There is a device called a brouter which will function similar to a bridge for network transport protocols that are not routable, and will function as a router for routable protocols. It functions at the network and data link layers of the OSI network model.

Internet Protocol

2010-01-04T14:43:00.000-08:00

Internet Protocol

The Internet Protocol (IP) is a protocol used for communicating data across a packet-switced internetwork using the Internet Protocol Suite, also referred to as TCP/IP.

IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol datagrams (packets) from the source host to the destination host solely based on their addresses. For this purpose the Internet Protocol defines addressing methods and structures for datagram encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4(IPv4) is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6(IPv6) is being deployed actively worldwide.

IP (Internet Protocol) is the primary network protocol used on the Internet, developed in the 1970s. On the Internet and many other networks, IP is often used together with the Transport Control Protocol (TCP) and referred to interchangeably as TCP/IP.

IP supports unique addressing for computers on a network. Most networks use the Internet Protocol version 4 (IPv4) standard that features IP addresses four bytes (32 bits) in length. The newer Internet Protocol version 6 (IPv6) standard features addresses 16 bytes (128 bits) in length.

Data on an Internet Protocol network is organized into packets. Each IP packet includes both a header (that specifies source, destination, and other information about the data) and the message data itself.

IP functions at layer 3 of the OSI model. It can therefore run on top of different data link interfaces including Ethernet and Wi-Fi.

IP encapsulation

Data from an upper layer protocol is encapsulated as packets/datagrams(the terms are basically synonymous in IP). Circuit setup is not needed before a host may send packets to another host that it has previously not communicated with (a characteristic of packet switched networks), thus IP is a connectionless protocol. This is in contrast to public switched telephone networks that require the setup of a circuit for each phone call (connection-oriented protocol).

Services provided by IP

Because of the abstraction provided by encapsulation, IP can be used over a heterogeneous network, i.e., a network connecting computers may consist of a combination of Ethernet, ATM, FDDI,Wi-Fi or others. Each link layer implementation may have its own method of addressing (or possibly the complete lack of it), with a corresponding need to resolve IP addresses to data link addresses.

Internet Protocol Service (IPS) is a dedicated Internet access service that rides on Level 3’s continuously upgradeable IP, transport, and physical networks. IPS, which is delivered using the Level 3 IP platform, provides a broad range of IP transit and network interconnection solutions tailored to meet the varied needs of Government agencies. Level 3’s IPS provides dedicated Internet access connectivity to the public Internet via the Level 3 Multi-Protocol Label Switching (MPLS)-based IP network. Access to locations on the public Internet that do not reside on the Level 3 Network is achieved via peering relationships between Level 3 and other Tier 1 providers. Level 3’s IPS provides a variety of port interfaces to accommodate customer Internet access requirements. The following types of port interfaces are available options for our IPS service:

DS-1 (1.54 Mbs)
Fractional T3
DS-3 (45 Mbps)
OC-3 (155 Mbps)
OC-12 (622 Mbps)
OC-48 (2.5 Gbps)
OC-192 (10 Gbps)
100BT/Fast Ethernet (100 Mbps)
1000SX/GigabitEthernet (1000 Mbps)
10 Gigabit Ethernet

Access Methods

Level 3 IPS offering includes a variety of access methods, including dial up, private line, broadband, and UNI connections with existing frame relay and ATM networks:

Analog Dial-up
Private Line/ SONETS
Ethernet

Peering Arrangements

Level 3 has established peering relationships worldwide. These include both public and private peering. Relative to the shared switched fabric connecting networks in public exchanges, private peering provides improved performance and scalability. Level 3’s private peering connections are OC-48, OC-192 or 10 GigE. Approximately 95% of Level 3’s interconnection traffic runs through private interconnections. Private interconnects provide the best possible performance between Level 3 and other Tier 1 backbones.

IP Addresses and Domain Names

Level 3 IPS supports IP address assignment and domain name service. IP network numbers are globally governed by the Internet Assigned Numbers Authority (IANA). IANA in turn delegates authority for some parts of the IP address space to regional Internet registries. Although assigned to the customer for the duration of its service contract with Level 3, all Level 3-assigned IP network numbers remain an integral part of Level 3’s contiguous range of addresses and must be relinquished by the customer when service expires or is terminated. Customers who require or desire IP address portability must apply for IP network numbers directly from the appropriate registry. For customers who have legally assigned IP network numbers that they wish Level 3 to route as part of IPS, Level 3 will accept routing of those IP network numbers on behalf of these customers. For customers requesting that Level 3 route IP network numbers belonging to another ISP’s address space, Level 3 requires written permission from that ISP to route those network numbers on the customer’s behalf. For broadband access, the Level 3 Team offers both Dynamic Host Configuration Protocol (DHCP) and static IP options. Some DSL services may be a point-to-point Protocol over Ethernet (PPPoE) variant of DHCP. Sometimes it may not be possible, or desirable, to install a PPPoE software stack on an end user’s PC. In these cases, the Team will deploy secondary CPE (router and/or hub) for purposes of authenticating a PPPoE session.

Domain Name Service

Domain name registration service includes the administrative tasks of originating unique domain names with an ICANN-accredited registrar. Level 3 will assist the customer with submission of the appropriate information to register chosen domain names. However, the customer is responsible for actual submissions to the registrar, all registration fees, ongoing maintenance charges, and modifications to the domain names. These are the direct responsibility of the customer, as dictated by the domain registrar. Level 3 provides primary name server support for its customers. In this service, Level 3 establishes and manages primary zone records for the customer’s domains on one of Level 3’s name servers. Once established, Level 3 performs zone record changes during normal business hours and limits these changes to one per week (on average). Level 3 attempts to implement customer change requests within one business day. Level 3’s name servers are located at physically separate facilities within the United States and are connected to Level 3’s backbone at different points. Level 3 also provides secondary name server support for its customers. In this service, Level 3 establishes and manages zone transfers with the primary name server keeping the master zone records. Zone transfers will not occur more frequently than once per hour. Customers can elect for Level 3 to support secondary name services or both primary and secondary name services.

Border Gateway Protocol (BGP) Support

Static routing is the standard configuration for those customers with a single Internet connection. BGP4 routing is supported for customers with connections to multiple Level 3 Gateways or customers with connections to both Level 3’s and other ISPs’ networks. Customers may provide their own registered Autonomous System (AS) Number or may use a Level-3-provided, private AS when the customer is multi-homed only to Level 3.

Benefits

Many companies attempt to integrate multiple legacy systems to create one complete network. These “patchwork” systems create many difficulties when problems must be controlled or when the source of a problem must be located. Level 3 is unencumbered by legacy networks and is able to more easily and more rapidly scale our network. This provides for a faster deployment of new technologies. The Level 3 IPS consistently provides outstanding performance, including best-in-class latency, outstanding availability, very low packet loss, and fast service restoration. Level 3 repeatedly receives top marks in reputation and quality from both our customers and third-party analysts. Level 3 built its entire IP Core North American network from the ground up. Optronics and optical fiber are uniform throughout. We maintain complete operations and management control over the network. The result is fewer variables when troubleshooting, which enables us to provide to the Government highly reliable and available IP-based services.

Alternative Services:

SONETS
CHS
NBIP-VPNS

Restrictions:

None

Virtual Network Components

2009-01-10T02:33:00.000-08:00

The key virtual networking components in a VMware Infrastructure are virtual Ethernet adapters and virtual switches. A virtual machine can be configured with one or more virtual Ethernet adapter. Virtual switches allow virtual machines on the same VMware ESX host to communicate with each other using the same protocols that would be used over physical switches, without the need for additional hardware. They also support VLANS that are compatible with standard VLAN implementations from other vendors, such as Cisco.

Connecting Virtual Machines to your Network

VMware technology lets you link local virtual machines to each other and to the external enterprise network through the virtual switch. The virtual switch emulates a traditional physical Ethernet network switch to the extent that it forwards frames at the data link layer. VMware ESX may contain multiple virtual switches, each providing more than 1,000 internal virtual ports for virtual machine use.

The virtual switch connects to the enterprise network through outbound Ethernet adapters. A maximum of eight Gigabit Ethernet ports or ten 10/100 Ethernet ports can be used by the virtual switch for external connectivity. The virtual switch is capable of binding multiple VMNICs together, in a manner much like NIC teaming on a traditional server, offering greater availability and bandwidth to the virtual machines using the virtual switch.

Virtual Ethernet Adapters

There are three types of adapters available for virtual machines in VMware Infrastructure 3.

vmxnet is a paravirtualized device that works only if VMware Tools is installed on the Operating System. This adapter is optimized for virtual environments and designed for high performance.
vlance emulates the AMD Lance PCNet32 Ethernet adapter. It is compatible with most 32-bit guest operating systems and can be used without VMware Tools.
e1000 emulates the Intel E1000 Ethernet adapter and is used in either 64-bit or 32-bit virtual machines.

There are two other virtual adapters that are available through VMware technology. Vswif is a paravirtualized device similar to vmxnet that is used by the VMware ESX service console. Vmknic is a device in the VMkernal that is used by the TCP/IP stack to serve NFS and software iSCSI clients.

Virtual Switches

VMware technology includes virtual switches that you can build on demand at run-time to provide different functions, including:

Layer 2 forwarding.
VLAN tagging, stripping and filtering.
Layer 2 security, checksum and segmentation offloading.

This modular approach reduces complexity and maximizes system performance, VMware virtualization technology loads only those components it needs to support the specific physical and virtual Ethernet adapter types used in the configuration. Additionally, the modular design enables VMware and third-party developers to incorporate new modules to enhance the system in the future. Up to 248 virtual switches can be created on each VMware ESX host. Following are important features of virtual switches:

Virtual ports: The ports on a virtual switch provide logical connection points among virtual devices and between virtual and physical devices. Each virtual switch can have up to 1,016 virtual ports, with a limit of 4,096 ports on all virtual switches on a host. The virtual ports provide a rich control channel for communication with the virtual Ethernet adapters attached to them.
Uplink ports: Uplink ports are associated with physical adapters, providing a connection between the virtual network and the physical networks. They connect to physical adapters when they are initialized by a device driver or when the teaming policies for virtual switches are reconfigured. Virtual Ethernet adapters connect to virtual ports when you power on the virtual machine, when you take an action to connect the device or when you migrate a virtual machine using VMware Vmotion.A virtual Ethernet adapter updates the virtual switch port with MAC filtering information when it is initialized or when it changes.
Port groups: Port groups make it possible to specify that a given virtual machine should have a particular type of connectivity on every host, and they contain enough configuration information to provide persistent and consistent network access for virtual Ethernet adapters. Some of the information contained in a port group includes virtual switch name, VLANIDs and policies for tagging and filtering, the teaming policy and traffic shaping parameters. This is all the information needed for a switch port.
Uplinks: With VMware technology, uplinks are the physical Ethernet adapters that serve as bridges between the virtual and physical network. The virtual ports connected to them are called uplink ports. A host may have up to 32 uplinks.

Other things to consider:

Virtual switches do not learn from the network to populate their forward tables. This helps to minimize denial of service attacks.
Virtual switches make private copies of frame data used to make forwarding or filtering decisions. This ensures the guest operating systems cannot access sensitive data once the frame is passed onto the virtual switch.
VMware technology ensures that frames are contained within the appropriate VLAN on a virtual switch 1) by carrying the data outside the frame as it passes through the virtual switch, and 2) because there is no dynamic trunking support that could open up isolation leaks, making the data vulnerable to attack.

Virtual Switches vs. Physical Switches

Virtual switches are similar to modern physical Ethernet switches in many ways. Like a physical switch, it maintains a MAC:port forward table and performs frame destination lookup and frame forwarding. It also supports VLAN segmentation at the port level, so that each port can be configured as an access or trunk port, providing access to either single or multiple VLANs.

However, unlike physical switches, virtual switches do not require a spanning tree protocol, because VMware Infrastructure 3 enforces a single-tier networking topology. There’s no way to interconnect multiple virtual switches. Also, network traffic cannot flow directly form one virtual switch to another within the same host. Virtual switches provide all the ports you need in one switch. You don’t need to cascade virtual switches or prevent bad virtual switch connections, and because they don’t share physical Ethernet adapters, leaks between switches do not occur. Each virtual switch is isolated and has its own forwarding table, so every destination the switch looks up can match only ports on the same virtual switch where the frame originated. This feature improves security, making it difficult for hackers to break virtual switch isolation.

Network Access Protection Using 802.1x VLAN’s or Port ACLs

2008-12-03T17:52:00.000-08:00

Given that the NAC (Network Access Control)market is one of the hottest segments in the industry (I think virtualization has that distinction at the moment) it is fitting to take a look at the variety of options available from Microsoft's Network Access Protection (NAP). NAP supports a variety of what we call enforcement methods. In the NAP space, and enforcement method is simply a term that defines the way a machine connects to a network. In NAP, these are DHCP, 802.1x (wired or wireless), VPN, IPsec, or via a Terminal Services Gateway.

The most common method of the list is 802.1x for a variety of reasons. First, the industry has been selling 802.1x network authentication for the last 10 years. 1x gained tremendous popularity as wireless networking became prevalent in the late 90's and early 2000's and has been proven to be a viable solution to identifying assets and users on your network. For customers that have invested in 802.1x capable switches and access points, NAP can very easily be implemented to complement what is already in place. The Network Policy Server (NPS) role Windows Server 2008 has been dramatically improved to make 802.1x policy creation much simpler to do, however, what many people don't realize is that there really are 2 rather distinct ways to deploy 802.1x based NAP, and this is what we will be discussing today. These 2 methods are commonly referred to as the use of VLAN's or Port ACL's.

VLAN

Since we are talking about this in the context of NAP, this would be a good time to introduce the fact that taking the VLAN approach essentially requires that you involve the folks that own your switching infrastructure in your NAP plans. Why you ask, because you will now be asking them to touch all the switches and AP's on the network to create the VLAN structure that you will need for your NAP deployment. At a minimum, you would want to create 3 different VLAN's. One for 'healthy' or compliant computers, one for 'unhealthy' or non-compliant computers, and a third VLAN for guests, or unknown devices that cannot pass the ports requirement to do 802.1x authentication.

In the VLAN scenario, on your RADIUS server (i.e. our NPS server) you would create a policy that had a set of attributes with values that matched the VLAN you have created on the switch. The most common attributes used are Tunnel-Private-Group-ID, Tunnel-Tag and Filter-ID. The values for these attributes usually would match the VLAN name, or number you created on the switch.

As an example, let's say on your switch VLAN 100 is the compliant VLAN and VLAN 200 is the non-compliant VLAN.

To make this work when you walk through the wizard in NPS to create 802.1x policies you will create a compliant and non-compliant policy. When prompted to insert values for these attributes you will enter "100" for your compliant policy (i.e. Tunnel-Private-Group-ID = 100) and "200" for the non-compliant policy. Our wizard based configuration makes this very easy.

Once completed, when a machine comes onto your network and meets the criteria of one of the policies you created, the NPS will send back this tunnel information to the switch to instruct the switch to put that machine in the proper VLAN. Pretty simple and straight forward.

Port ACLs

There are 2 approaches here.

You send the switch a 'reference' to an ACL you have already created on the switch
You send the switch vendor specific attributes with values that tell the switch how to ACL the port

In scenario 1, you would do the heavy configuration on the switch by creating the ACLs you would want for compliant and non-compliant machines. Most likely those ACL's would restrict protocols and ports and access to only certain IP addresses. For this example let's say you have named your ACL's "compliant" and "non-compliant".

In your RADIUS server you would use something like the Filter-ID attribute (this is the most commonly supported attribute) with a string value of "compliant" or "non-compliant". When received the switch will then know what ACL to apply to that port.

In scenario 2, instead of configuring and sending the Filter-ID attribute, you would create Vendor Specific Attributes (VSAs) (this is a common concept in the RADIUS protocol) that tell the switch explicitly what ACL's to apply to that port. For example, the HP ProCurve line of switches will accept the following Vendor Specific Attribute (VSA)

permit in udp from any to 10.10.10.2 53

This essentially says 'allow any DNS traffic on this port to IP address 10.10.10.2'. The assumption is that 10.10.10.2 is your DNS server.

The pros and cons of the 2 port ACL approaches are fairly similar as well.

Pros, simplified RADIUS server configuration, less prone to mistakes in the RADIUS server configuration; Cons, required to touch your entire switching infrastructure, ACL configuration isn't centralized
Pros, doesn't require you to touch your entire switching infrastructure, configuration can be centralized on your RADIUS servers; Cons, more complex RADIUS server configuration, prone to mistakes in ACL configuration on the RADIUS server

Comparing the 2 approaches

Now that everyone understands what is required for each approach, let's take a look at some of the pro's and con's of each.

VLAN

+ The concept of VLAN's is one that is easy to explain that even a manager can figure out!

+ Doesn't require extensive knowledge of the RADIUS protocol to set up and anyone who's anyone at a switch CLI could get this set up pretty easily

+ Makes helpdesk troubleshooting a bit simpler by being able to quickly find out why a machine can't connect to (insert your answer here). It would go something like "Oh, you can't get to your mail because you're in VLAN 200!"

- The user experience can be very poor if the machine is being dynamically moved from VLAN to VLAN (which is what NAP does essentially). The reason why is because when a machine changes VLAN's the interface on the machine is torn down and essentially does an ipconfig /release /renew

- If not properly designed, this can be a real helpdesk nightmare. A common mistake here is to ACL down the non-compliant VLAN to not have any corporate access, which is a mistake since that machine may need to re-authenticate itself with the network after NAP has remediated it

- Requires you to touch all of your switches and AP's to do the VLAN creation and management.

- For NAP, your AP's and switches will need to support the ability to do dynamic VLAN assignment and not all switches and AP's support this concept. In fact, not all firmware versions from the same manufacturer support this, so an upgrade may be required.

Port ACL

+ Can possibly be implemented without having to touch all your switches and AP's since the configuration would reside on the NPS Server. This can also be seen as a political positive as well since infrastructure folks and server folks are commonly separate teams with separate objectives that rarely overlap.

+ The actual enforcement of the ACL is done at the switch or AP and thus offers the user a more pleasant experience since even if the machine is moving from a compliant to a non-compliant state (or vice versa) it is handled at the switch and not on the client machine (no ipconfig /release /renew)

+ The attributes and values required in your NPS policy to make this scenario work are commonly supported and have been for some time, so the chance of having to do a hardware upgrade in this scenario are less likely

- To really make this work effectively in an enterprise you really need to know the ins and outs of your switches and what is and is not supported, not to mention you must be a pretty good RADIUS geek as well to get this working (we are a dying breed these days… J)

- Troubleshooting and helpdesk support in this scenario is a bit more complicated since your NPS policy for this could have multiple ACL's in it that look like this (permit in udp from any to 10.10.10.2 53). It would not be uncommon to have 10-12 lines like this in your policy and trying to figure out why a machine can't connect to a resource on the network

- Finding accurate documentation on exactly what attributes and values are supported for your device(s) can be a challenge

In conclusion

Hopefully now you have a better understanding of what 802.1x authentication support in NAP can offer you. 1x is a very powerful means of maintaining and safe and healthy network, but it's not the ultimate solution by any means. Network security and health is an ongoing exercise that may require multiple solutions to achieve your business goals (like using 1x and IPsec together for instance).

Network HUBs

2008-12-02T08:16:00.000-08:00

Hubs and switches function as a common connection point for the workstations, printers, file servers and other devices that make up a network. The main difference between hubs and switches is the way in which they communicate with the network.

What is a Hub?

A hub functions as the central connection point of a network. It joins together the workstations, printers, and servers on a network, so they can communicate with each other. Each hub has a number of ports that connect it to the other devices via a network cable.

How does a Hub work?

A hub is an inexpensive way to connect devices on a network. Data travels around a network in 'packets' and a hub forwards these data packets out to all the devices connected to its ports.

As a hub distributes packets to every device on the network, when a packet is destined for only one device, every other device connected to the hub receives that packet. Because all the devices connected to the hub are contending for transmission of data the individual members of a shared network will only get a percentage of the available network bandwidth. This process can slow down a busy network.

A 10Base-T hub Ethernet Hub provides a total of 10 Mbit/sec of bandwidth, which all users share. If one person on the network is downloading a very large file, for example, little or no bandwidth is available for other users. These users will experience very slow network performance.

What is a Switch?

A switch is more sophisticated than a hub, giving you more options for network management, as well as greater potential to expand. A switch filters the data packets, and only sends the packet to the port which is connected to the destination address of that packet. It does this by keeping a table of each destination address and its port. When the switch receives a packet, it reads the destination address and then establishes a connection between the source port and the destination port. After the packet is sent, the connection is terminated.

What are the advantages of a Switch?

A switch provides higher total throughput than a hub because it can support multiple simultaneous conversations. For example, when a 100Mbit/sec hub has five workstations, each receives only 20Mbit/sec of the available bandwidth. When a 10/100Mbit/sec switch is used every port on the switch represents a dedicated 100Mbit/sec path, so each workstation receives 100Mbit/sec of bandwidth.

Switches also run in full duplex mode, which allows data to be sent and received across the network at the same time. Switches can effectively double the speed of the network when compared to a hub which only supports half duplex mode.

Why choose one of our Switches?

Switches improve the performance and efficiency of a network and should be used when you:

Need to make best use of the available bandwidth

Have multiple file servers

Require improved performance from file servers, web servers or workstations

Use high speed multi-media applications

Are adding a high speed workgroup to a 10Mbit/sec LAN

Plan to upgrade from 10 to 100Mbit/sec or Gigabit network

The standard features on all N-Way switches are:

10/100Mbit/sec Auto-Negotiation on all ports, the switch automatically senses the speed of the attached device and configures the port for the proper speed. This simplifies deployment in mixed Ethernet and Fast Ethernet environments

Auto MDI/MDI-X auto-detects whether the connected cable type is normal or cross-over

Full or Half Duplex operation

Which Switch do I need?

If you are setting up a home or small office network an ideal solution is to use a switch with 5 to 8 ports. Switches can be linked together as your network expands.

For a good entry level switch to meet this requirement we recommend the 5 Port 10/100Base-TX Ethernet N-Way Switch (Part No. 32981) or the 8 Port 10/100Base-TX Fast Ethernet N-Way Switch (Part No. 32982)

The compact 8 Port 10/100Base-TX Fast Ethernet Switch features Auto MDI/MDI-X on all ports, 10/100Mbit/sec Auto-Negotiation, and full and half-duplex modes and can be desktop or wall mounted.

If you require a larger switch with rackmount capability choose the 16 Port 10/100 Base-TX Fast Ethernet N-Way Switch (Part No. 25020) or 24 Port 10/100 Base-TX Fast Ethernet N-Way Switch (Part No. 25021).

These 19" rackmount switches are the perfect solution for expanding a 10/100 network.

Gigabit Ethernet Switches

Our GIGA N-Way Switches provide cost effective scalability of the network by utilising the existing copper CAT5e cabling environment. Connectivity is not sacrificed because the same cabling is used for Ethernet, Fast Ethernet and Gigabit Ethernet.

These switches also incorporate VLAN technology. This feature is accessed from a console port on the switch and provides network administrators advanced configuration options and the ability to set up “virtual” LANs which function as separate, secure network segments.

The LINDY 24 Port 10/100Base-TX + 2 Port 1000Base-T GIGA N-Way Switch (Part No. 25000) is ideal for linking backbone connections between servers and network switches.

24 Port 10/100Base-TX Switch with two 10/100/1000Base-T Gigabit Ethernet Ports with VLAN technology.

Managed Switches

A managed switch allows the ports on the switch to be configured, monitored, enabled and disabled. Switch management can also gather information on a variety of network parameters, such as:

The number of packets that pass through each of its ports

What types of packets they are

Whether the packets contain errors

The number of collisions that have occurred

You should look for the following features on a managed switch:

Gigabit Ethernet support

SNMP management and remote control capabilities

A management interface that can be accessed through an internet browser

Auto-negotiation support which auto-senses the speed and duplex capabilities of connected devices

Built-in expansion capability

The Fully Managed SNMP 24 Port 10/100Base-TX + GIGA Expansion N-Way Switch (Part No. 25030) is a high performance web-managed Layer 2 Switch that provides 24 Fast Ethernet 10/100Mbps ports. The built-in expansion slot can accommodate a number of different modules. Optional Gigabit/Fast Ethernet modules can be copper or fibre based and support 10/100/1000Base-T, 100Base-FX, and 1000Base-SX. This switch is ideal for organisations wishing to create a new, or upgrade their existing network infrastructure.

The switch features advanced SNMP (Simple Network Management Protocol) management and remote control capabilities, and supports an easy to use Layer 2 management interface that can be accessed through an internet browser.

Fully managed SNMP 24 Port Fast Ethernet and full Gigabit backbone support with remote management.

Using a managed switch can reduce hidden costs by using –

Switch and traffic monitoring to help head off problems before they occur, reducing user downtime

Management tools that offer an intuitive graphical user interface (GUI) that simplifies configuration and monitoring tasks

Management functions can be performed remotely using a web browser or directly via a console connected to the switch

Virtual Network Components

2008-12-02T07:53:00.000-08:00

Virtual Network Components

Connecting Virtual Machines to your Network

Virtual Ethernet Adapters

There are three types of adapters available for virtual machines in VMware infrastrucure 3:

vmxnet is a paravirtualized device that works only if VMware Tools is installed on the Operating System. This adapter is optimized for virtual environments and designed for high performance.
vlance emulates the AMD Lance PCNet32 Ethernet adapter. It is compatible with most 32-bit guest operating systems and can be used without VMware Tools.
e1000 emulates the Intel E1000 Ethernet adapter and is used in either 64-bit or 32-bit virtual machines.

Virtual Switches

VMware technology includes virtual switches that you can build on demand at run-time to provide different functions, including:

Layer 2 forwarding.
VLAN tagging, stripping and filtering.
Layer 2 security, checksum and segmentation offloading.

Virtual ports: The ports on a virtual switch provide logical connection points among virtual devices and between virtual and physical devices. Each virtual switch can have up to 1,016 virtual ports, with a limit of 4,096 ports on all virtual switches on a host. The virtual ports provide a rich control channel for communication with the virtual Ethernet adapters attached to them.
Uplink ports: Uplink ports are associated with physical adapters, providing a connection between the virtual network and the physical networks. They connect to physical adapters when they are initialized by a device driver or when the teaming policies for virtual switches are reconfigured. Virtual Ethernet adapters connect to virtual ports when you power on the virtual machine, when you take an action to connect the device or when you migrate a virtual machine using VMware Vmotion. A virtual Ethernet adapter updates the virtual switch port with MAC filtering information when it is initialized or when it changes.
Port groups: Port groups make it possible to specify that a given virtual machine should have a particular type of connectivity on every host, and they contain enough configuration information to provide persistent and consistent network access for virtual Ethernet adapters. Some of the information contained in a port group includes virtual switch name, VLANIDs and policies for tagging and filtering, the teaming policy and traffic shaping parameters. This is all the information needed for a switch port.
Uplinks: With VMware technology, uplinks are the physical Ethernet adapters that serve as bridges between the virtual and physical network. The virtual ports connected to them are called uplink ports. A host may have up to 32 uplinks.

Other things to consider:

Virtual switches do not learn from the network to populate their forward tables. This helps to minimize denial of service attacks.
Virtual switches make private copies of frame data used to make forwarding or filtering decisions. This ensures the guest operating systems cannot access sensitive data once the frame is passed onto the virtual switch.
VMware technology ensures that frames are contained within the appropriate VLAN on a virtual switch 1) by carrying the data outside the frame as it passes through the virtual switch, and 2) because there is no dynamic trunking support that could open up isolation leaks, making the data vulnerable to attack.

Virtual Switches vs. Physical Switches

Networking In Workstations

2008-11-28T22:13:00.000-08:00

Local Area Network (LAN)

The services offered to Departments will cover new network installations, network upgrades, troubleshooting, and maintenance. We provide:
· Network needs assessment
· Software and hardware support for most available LAN systems and LAN based software packages
· Network installation and upgrades
· Network troubleshooting

New LANs

For new network installations, our staff can assist with network needs analysis; prepare or review specs for new networks or network upgrades; install/upgrade network operating system on network server; install, connect, and configure workstations and peripherals, and install, upgrade and configure network software applications.

LAN Upgrades

Network upgrades, including the upgrade of network operating system software; the installation and configuration of new network applications; the installation, connection, and configuration of additional workstations and peripherals; and the installation and configuration of hardware upgrades in network servers, are all a part of this new service. In addition, our staff can help coordinate LAN connections with the campus-wide network (when available).

Trouble Shooting & Problem Solving

We can troubleshoot network problems involving operating systems, the server, workstations, network applications, and printing. Network maintenance can also be provided including maintaining network documentation, remote network monitoring, optimizing server performance, design and help maintain network backup schedule, and installation of network operating system upgrades and fixes. Our staff can also design and/or conduct seminars for network managers and for network users as a non-contract service.

Network Maintence:

Preventive Maintenance

Preventive maintenance is one of the most ignored aspects of network ownership. Preventive Maintenance refers to performing proactive maintenance in order to prevent system problems. This is different from diagnostic or corrective maintenance, which is performed to correct an
already-existing problem. Here are some reasons why you should develop a preventive maintenance plan for your network:

1. Preventive Maintenance Saves Money: Avoiding problems with your PC will save you money in the long run. By preventing a problem from occurring, you will no longer need to spend money on new components or repair jobs.

2. Preventive Maintenance Saves Time: Preventive maintenance saves time because it saves you the inconvenience and disruption of system failures and lost data. Most preventive maintenance procedures are quite simple compared to troubleshooting and repair procedures.

3. Preventive Maintenance Helps Safeguard Your Data: For most people, the data on the hard disk is more important than the hardware that houses it. Taking steps to protect this data therefore makes sense, and that is what preventative maintenance is all about.

4.Preventive Maintenance Improves Performance: Some parts of your system will actually degrade in performance over time, and preventive maintenance will help to improve the speed of your system in these respects. It is important to us at Dapoy that your computer systems will be as
secure and steady as possible. If you would like to get an estimate for preventive maintenance that will suit your business needs, please contact the office to speak to a technical representative today.

Cabling and Infrastructure :

Network Performance

The performance of a network infrastructure depends not only on the quality of its components, but also on the quality of the cabling installation. Each network infrastructure is installed and tested by trained quality assurance engineers and technicians.

A properly installed cable network should function efficiently for 10-12 years. We guarantee all of our cabling installation for up to 12 years.

TimeTiger Technical Overview and Architecture

2008-11-28T22:05:00.000-08:00

The TimeTiger,time and project tracking system has been designed to meet the needs of organizations from 1 to over 1,000 individual users. This document describes the components that make up TimeTiger and how these components work together to form a system. Various deployment approaches are illustrated, for installations ranging from a single-user desktop configuration to a multi-server, fault tolerant set-up suitable for 1,000 or more time loggers.

How TimeTiger Works

At the core of the TimeTiger system is the TimeTiger System Server. The TimeTiger System Server is a web server that hosts one or more TimeTiger applications, each of which is connected to a TimeTiger database. The TimeTiger database houses all the time log data, system configuration and user data required for the entire system. As of TimeTiger 2, the TimeTiger database can be stored in Microsoft Access 2000 format or on a Microsoft SQL Server. The TimeTiger database is open-architecture, meaning you are able to use third-party reporting and analysis tools to look at TimeTiger data, and even create your own applications that interface with the TimeTiger system. The TimeTiger database resides in a single location on your PC (for single-user installations) or network (for multi-user installations).

You install the TimeTiger System Server on a single computer (running Windows XP, 2000 or 2003), and then access the TimeTiger application using a web browser from the same PC or any other PC connected to your network.

For single-user installations, the TimeTiger application, database, and web browser can all reside on the same PC.

A single-user TimeTiger system

The single-user installation is the simplest TimeTiger configuration we support. A single PC houses the TimeTiger System Server, which has been used to create a single TimeTiger application connected to an Access 2000 format TimeTiger database. Note that owning Microsoft Access 2000 is not required to use the system: everything you need is already built-in to TimeTiger.

A Peer-to-Peer TimeTiger system

For small workgroups using a peer-to-peer network (such as Microsoft Windows 95/98/ME networking) multiple workstations can connect to a single TimeTiger System Server located on one of the machines on the network. This machine must be on at all times so that the other machines can connect to and use the TimeTiger system. This configuration is not recommended for workgroups larger than 10 machines.

A LAN-based TimeTiger system

For larger departmental or organization-wide deployments, the TimeTiger System Server should be deployed on a network server machine and the database should reside on a network file server (for Access 2000 databases), or a Microsoft SQL Server (for SQL Server databases, shown here). All LAN workstations access TimeTiger using a standard web browser. Optionally, you can allow Internet or WAN users to connect to the same TimeTiger System Server through your corporate firewall. This configuration is recommended for up to 150 users (using an Access format database) or 1,000+ users (using a SQL Server database).

An enterprise TimeTiger system

For enterprise-wide deployments where scalability, performance and reliability are critical, component redundancy and load balancing can be introduced using the facilities already available in Microsoft Windows Server and Microsoft SQL Server. By clustering the various servers involved and implementing SQL Server replication and Windows Advanced Server cascading failover, TimeTiger can reliably support your entire enterprise of 1,000+ users.

For large installations such as this we recommend you take advantage of the skills provided by our professional services team to help design and configure your deployment. We can help you architect the perfect tracking solution for your entire organization.

Microsoft Access or SQL Server?

TimeTiger gives you the option of using a database in Microsoft Access 2000 format or a Microsoft SQL Server database. When choosing which of these two platforms to deploy on, bear the following considerations in mind:

Although you do not require your own copy of Microsoft Access to use an Access 2000 format database with TimeTiger, you do require your own Microsoft SQL Server to use a SQL Server format database.
Databases in both formats require some administration. An Access 2000 database must be regularly compacted to preserve performance and data integrity. A SQL Server should be managed by a qualified database administrator to ensure the security, safety, and performance of your application.
There is no hard user limit imposed on either database format. Performance and reliability are the chief considerations in deciding to go with SQL Server, especially for installations of over 150 users.
You can always change your mind. TimeTiger can seamlessly convert your data from Access 2000 to SQL Server format, or vice-versa.

Wi-Fi Network

2008-11-23T05:29:00.000-08:00

Wi-Fi the trade name for the popular wireless technology used in home networks, mobile phones, video games and other electronic devices that require some form of wireless networking capability. In particular, it covers the various IEEE 802.11 technologies (including 802.11a, 802.11b, 802.11g, and 802.11n).

Wi-Fi technologies are supported by nearly every modern personal computer operating system, most advanced game consels and laptops, and many printers and other periphirals.

Purpose

The purpose of Wi-Fi is to provide wireless access to digital content. This content may include applications, audio and visual media, Internet connectivity, or other data. Wi-Fi generally makes access to information easier, as it can eliminate some of the physical restraints of wiring; this can be especially true for mobile devices.

Uses

A Wi-Fi enabled device such as a PC, game console, mobile phone, MP3 player or PDA can connect to the Internet when within range of a wireless network connected to the Internet. The coverage of one or more interconnected access printers — called a hotspot — can comprise an area as small as a single room with wireless-opaque walls or as large as many square miles covered by overlapping access points. Wi-Fi technology has served to set up mesh networks, for example, in London.Both architectures can operate in community networks.

In addition to restricted use in homes and offices, Wi-Fi can make access publicly available at Wi-Fi hotspots provided either free of charge or to subscribers to various providers. Organizations and businesses such as airports, hotels and restaurants often provide free hotspots to attract or assist clients. Enthusiasts or authorities who wish to provide services or even to promote business in a given area sometimes provide free Wi-Fi access. Metropolitan-wide Wi-Fi has more than 300 projects in process.There were 879 Wi-Fi based Wireless Internet Service Provider in the Czech Republic as of May 2008.

Wi-Fi also allows connectivity in peer to peer mode, which enables devices to connect directly with each other. This connectivity mode can prove useful in consumer electronics and gaming applications.

Advantages

Wi-Fi allows local area networks(LANs) to be deployed without cabling for client devices, typically reducing the costs of network deployment and expansion. Spaces where cables cannot be run, such as outdoor areas and historical buildings, can host wireless LANs.

Wireless network adapters are now built into most laptops. The price of chipsets for Wi-Fi continues to drop, making it an economical networking option included in even more devices. Wi-Fi has become widespread in corporate infrastructures.

Different competitive brands of access points and client network interfaces are inter-operable at a basic level of service. Products designated as "Wi-Fi Certified" by the Wi-Fi Alliance are backwards compatible. Wi-Fi is a global set of standards. Unlike mobile telephones, any standard Wi-Fi device will work anywhere in the world.

Wi-Fi is widely available in more than 220,000 public hotspots and tens of millions of homes and corporate and university campuses worldwide. WPA is not easily cracked if strong passwords are used and WPA2 encryption has no known weaknesses. New protocols for Quality of Service (WMM) make Wi-Fi more suitable for latency-sensitive applications (such as voice and video), and power saving mechanisms (WMM Power Save) improve battery operation.

Limitations

Spectrum assignments and operational limitations are not consistent worldwide. Most of Europe allows for an additional 2 channels beyond those permitted in the U.S. for the 2.4 GHz band. (1–13 vs. 1–11); Japan has one more on top of that (1–14). Europe, as of 2007, was essentially homogeneous in this respect. A very confusing aspect is the fact that a Wi-Fi signal actually occupies five channels in the 2.4 GHz band resulting in only three non-overlapped channels in the U.S.: 1, 6, 11, and three or four in Europe: 1, 5, 9, 13 can be used if all the equipment on a specific area can be guaranteed not to use 802.11b at all, even as fallback or beacon.

2008-03-17T18:53:00.000-07:00

Types of wireless LANs

PEER TO PEER

An ad-hoc network is a network where stations communicate only peer to peer (P2P). There is no base and no one gives permission to talk. This is accomplished using the Independent Basic Service Set (IBSS).

A peer-to-peer (P2P) allows wireless devices to directly communicate with each other. Wireless devices within range of each other can discover and communicate directly without involving central access points. This method is typically used by two computers so that they can connect to each other to form a network.

If a signal strength meter is used in this situation, it may not read the strength accurately and can be misleading, because it registers the strength of the strongest signal, which may be the closest computer.

802.11 specs define the physical layer (PHY) and MAC (Media Access Control) layers. However, unlike most other IEEE specs, 802.11 includes three alternative PHY standards: diffuse infrared operating at 1 Mbit/s in; frequency-hopping spread spectrum operating at 1 Mbit/s or 2 Mbit/s; and direct-sequence spread spectrum operating at 1 Mbit/s or 2 Mbit/s. A single 802.11 MAC standard is based on CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance). The 802.11 specification includes provisions designed to minimize collisions. Because two mobile units may both be in range of a common access point, but not in range of each other. The 802.11 has two basic modes of operation: Ad hoc mode enables peer-to-peer transmission between mobile units. Infrastructure mode in which mobile units communicate through an access point that serves as a bridge to a wired network infrastructure is the more common wireless LAN application the one being covered. Since wireless communication uses a more open medium for communication in comparison to wired LANs, the 802.11 designers also included a shared-key encryption mechanism, called wired equivalent privacy (WEP), or Wi-Fi Protected Access, (WPA, WPA2) to secure wireless computer networks.

Bridge

A bridge can be used to connect networks, typically of different types. A wireless Ethernet bridge allows the connection of devices on a wired Ethernet network to a wireless network. The bridge acts as the connection point to the Wireless LAN.

2008-03-12T23:42:00.000-07:00

Computer networking

Network cards such as this one can transmit and receive data at high rates over various types of network cables. This card is a 'Combo' card which supports three cabling standards.
Network cards such as this one can transmit and receive data at high rates over various types of network cables. This card is a 'Combo' card which supports three cabling standards.
This article is about computer networking, the discipline of engineering computer networks. For the article on computer networks, see Computer network.

Computer networking is the engineering discipline concerned with communication between computer systems or devices. Networking, routers, routing protocols, and networking over the public Internet have their specifications defined in documents called RFCs.[1] Computer networking is sometimes considered a sub-discipline of telecommunications, computer science, information technology and/or computer engineering. Computer networks rely heavily upon the theoretical and practical application of these scientific and engineering disciplines.

A computer network is any set of computers or devices connected to each other with the ability to exchange data.[2] Examples of networks are:

* local area network (LAN), which is usually a small network constrained to a small geographic area.
* wide area network (WAN) that is usually a larger network that covers a large geographic area.
* wireless LANs and WANs (WLAN & WWAN) is the wireless equivalent of the LAN and WAN

All networks are interconnected to allow communication with a variety of different kinds of media, which including twisted-pair copper wire cable, coaxial cable, optical fiber, and various wireless technologies.[3] The devices can be separated by a few meters (e.g. via Bluetooth) or nearly unlimited distances (e.g. via the interconnections of the Internet)

History

Before the advent of computer networks that were based upon some type of telecommunications system, communication between calculation machines and early computers was performed by human users by carrying instructions between them. Many of the social behavior seen in today's Internet was demonstrably present in nineteenth-century telegraph networks, and arguably in even earlier networks using visual signals. [5]

In September 1940 George Stibitz used a teletype machine to send instructions for a problem set from his Model K at Dartmouth College in New Hampshire to his Complex Number Calculator in New York and received results back by the same means. Linking output systems like teletypes to computers was an interest at the Advanced Research Projects Agency (ARPA) when, in 1962, J.C.R. Licklider was hired and developed a working group he called the "Intergalactic Network", a precursor to the ARPANet.

In 1964, researchers at Dartmouth developed the Dartmouth Time Sharing System for distributed users of large computer systems. The same year, at MIT, a research group supported by General Electric and Bell Labs used a computer (DEC's PDP-8) to route and manage telephone connections.

Throughout the 1960s Leonard Kleinrock, Paul Baran and Donald Davies independently conceptualized and developed network systems which used datagrams or packets that could be used in a packet switched network between computer systems.

The first widely used PSTN switch that used true computer control was the Western Electric 1ESS switch, introduced in 1965.

In 1969 the University of California at Los Angeles, SRI (in Stanford), University of California at Santa Barbara, and the University of Utah were connected as the beginning of the ARPANet network using 50 kbit/s circuits. Commercial services using X.25, an alternative architecture to the TCP/IP suite, were deployed in 1972.

Computer networks, and the technologies needed to connect and communicate through and between them, continue to drive computer hardware, software, and peripherals industries. This expansion is mirrored by growth in the numbers and types of users of networks from the researcher to the home user.

Today, computer networks are the core of modern communication. For example, all modern aspects of the Public Switched Telephone Network (PSTN) are computer-controlled, and telephony increasingly runs over the Internet Protocol, although not necessarily the public Internet. The scope of communication has increased significantly in the past decade and this boom in communications would not have been possible without the progressively advancing computer network.

Network topology

The network topology defines the way in which computers, printers, and other devices are connected, physically and logically. A network topology describes the layout of the wire and devices as well as the paths used by data transmissions. Commonly used topologies include:

* Bus
* Star
* Tree (hierarchical)
* Linear
* Ring
* Mesh
o partially connected
o fully connected (sometimes known as fully redundant)

The network topologies mentioned above are only a general representation of the kinds of topologies used in computer network and are considered basic topologies.

Networking methods

Networking is a complex part of computing that makes up most of the IT Industry. Without networks, almost all communication in the world would cease to happen. It is because of networking that telephones, televisions, the internet, etc. work.

One way to categorize computer networks is by their geographic scope, although many real-world networks interconnect Local Area Networks (LAN) via Wide Area Networks (WAN). These two (broad) types are:

Local area network (LAN)

A local area network is a network that spans a relatively small space and provides services to a small number of people. Depending on the number of people that use a Local Area Network, a peer-to-peer or client-server method of networking may be used. A peer-to-peer network is where each client shares their resources with other workstations in the network. Examples of peer-to-peer networks are: Small office networks where resource use is minimal and a home network. A client-server network is where every client is connected to the server and each other. Client-server networks use servers in different capacities. These can be classified into two types: Single-service servers, where the server performs one task such as file server, print server, etc.; while other servers can not only perform in the capacity of file servers and print servers, but they also conduct calculations and use these to provide information to clients (Web/Intranet Server). Computers are linked via Ethernet Cable, can be joined either directly (one computer to another), or via a network hub that allows multiple connections.

Historically, LANs have featured much higher speeds than WANs. This is not necessarily the case when the WAN technology appears as Metro Ethernet, implemented over optical transmission systems.

Wide area network (WAN)

A wide area network is a network where a wide variety of resources are deployed across a large domestic area or internationally. An example of this is a multinational business that uses a WAN to interconnect their offices in different countries. The largest and best example of a WAN is the Internet, which is a network comprised of many smaller networks. The Internet is considered the largest network in the world.[6]. The PSTN (Public Switched Telephone Network) also is an extremely large network that is converging to use Internet technologies, although not necessarily through the public Internet.

A Wide Area Network involves communication through the use of a wide range of different technologies. These technologies include Point-to-Point WANs such as Point-to-Point Protocol (PPP) and High-Level Data Link Control (HDLC), Frame Relay, ATM (Asynchronous Transfer Mode) and Sonet (Synchronous Optical Network). The difference between the WAN technologies is based on the switching capabilities they perform and the speed at which sending and receiving bits of information (data) occur.

For more information on WANs, see Frame Relay, ATM and Sonet.

Wireless networks (WLAN, WWAN)

A wireless network is basically the same as a LAN or a WAN but there are no wires between hosts and servers. The data is transferred over sets of radio transceivers. These types of networks are beneficial when it is too costly or inconvenient to run the necessary cables. For more information, see Wireless LAN and Wireless wide area network. The media access protocols for LANs come from the IEEE.

The most common IEEE 802.11 WLANs cover, depending on antennas, ranges from hundreds of meters to low kilometers. For larger areas, either communications satellites of various types, cellular radio, or wireless local loop (IEEE 802.16) all have advantages and disadvantages. Depending on the type of mobility needed, the relevant standards may come from the IETF or the ITU.