Windows Internet Connection Sharing

Download Report

Transcript Windows Internet Connection Sharing

Windows Internet
Connection Sharing
Dave Eitelbach
Program Manager
Networking And Communications
Microsoft Corporation
Goals




Enable multiple users in the home
to connect to the Internet
Handle roaming laptops transparently
Simplify or eliminate configuration
Enable telecommuting using the
Internet as a WAN (VPNs)
Issues For Deployment
Of Home Networks

Installation should be easy


Automatic Network Configuration
has to be automatic


There are no Net admins at home .
There are no Net admins at home ..
Network health and recovery should
take care of itself

There are no Net admins at home ...
Requirements





Transparent network configuration
for end user
No client software (from both
IHVs and OEMs)
Support for legacy and non-Windows clients
Demand dial support
Support for remote client UI for demand dial
control and progress indication


Dial control and client “usage” APIs
Comprehensive protocol support



Built in support for basic protocols (e.g., FTP, etc.)
Built-in support for Internet games (no config UI)
Built-in support for VPNs (e.g., PPTP)
Connecting To The Internet

Share the Internet connection
transparently for both




Dial-Up media
Always-available media
Resolve Internet names to addresses
Use Internet protocols (DNS and
DHCP) to solve the problem

Clients on the home network
should just work
Addresses And The Internet

Home network clients need to share
the public IP address of the gateway
system when sending and receiving
traffic on the Internet


Internet addresses must be
unique and routable
 Private home addresses won’t work
Consumer Internet access (via an ISP)
is typically a single IP address
Connection Sharing
Architecture

“Connection Sharing" components:




NAT transparently shares single public IP
address for clients on the local network
DHCP Allocator assigns address, gateway
and name server on the local-network
DNS Proxy resolves names on behalf of
local-network clients
Auto-dial makes connections automatically
Alternative Gateways

Basic options for Internet Gateway



Application Proxy Server
Winsock Proxy Server
Network Address Translator (NAT)
Application Proxy
app
winsock
app-proxy
stack
winsock
stack


Every application on every client must be
configured to use proxy
Proxy requires logic for every application
Winsock Proxy
app
winsock
stack
winsock
proxy
stack


Client winsock must be configured to
forward socket calls to winsock proxy
Transparent for most applications
Network Address Translation
app
winsock
stack
NAT


No client configuration; transparent for all
applications on the client
NAT requires protocol handlers for some
protocols (FTP, games, etc)
Network Address Translator

NAT (Network Address Translation)



Typically maps set of private addresses
to set of public addresses
NAT keeps state on private source IP address and
public destination address for outbound flows
NAT changes the IP address information and edits
needed IP header information on the fly
10.0.0.2
Internet
10.0.0.3
10.0.0.1
157.55.0.1
What Is NAT?

A NAT changes IP addresses in
packets on the fly

Records the mapping between
original and replacement address
10.0.0.2
S 172.31.249.14
D
131.107.1.7
10.0.0.2=172.31.249.14
Autoconfiguring The
Home Network Via DHCP





The client machines in the home network need to be
configured for address, name server address, and
default gateway address
Static addressing requires “networking 101”
knowledge, and configuration of each PC
Automatic self-addressing generates a unique
address for each PC (in single subnet)
DHCP (Dynamic Host Configuration Protocol)
assigns IP address, default gateway, and DNS info to
each client
DHCP is widely used on both Enterprise and small
networks (e.g., Small Business Server)
Autoconfiguring The
Home Network Via DHCP

Enable mobile laptops



Laptops will come home from Enterprise network
They should work on both the Enterprise network
as well as the home network without
reconfiguration
Laptops must return to the Enterprise network
without causing network problems
 Base solution on standard protocols, DHCP
DHCP Allocator


A simplified DHCP server for
the home network
Assumes single segment LAN (i.e., single
subnet) connected to the Internet gateway



Relies on broadcast-based defense
Multiple segments would require true DHCP
server and potentially DHCP relays
Assigns its own address
(i.e., the address of the
“private” interface of
Internet sharing PC)
as the DNS address
and default gateway
address
local client
broadcasts
DHCP request
local
client 1
access
point
access point
gives gateway
and DNS
local
client 2
DNS Proxy

DHCP Allocator provides its own address as DNS
server address to home network client machines



Clients have DNS server address in disconnected dial-up case
Clients are shielded from changing Internet
DNS server addresses
Internet DNS requests are then proxied
to the Internet connection

Dial up link is connected if needed
local
client 2
local
client 1
runs DNS
proxy
DNS
server
access
point
ISP
router
services
DHCP clients
translates
addresses
Connection Sharing
Example

Auto-configured home/
small-office networking
NAT translates
packets to and from
the assigned public
IP address
DHCP allocator
assigns address,
gateway, and nameserver on home LAN;
DNS proxy forwards
queries
Clients access
corporate networks
using PPTP through
the NAT
Home LAN
169.254.0.3
Internet
Windows Internet
Connection Sharing
169.254.0.4
Corporate RAS
Windows Internet
Connection Sharing

Windows 2000 and Windows 98 will provide
base Connection Sharing capabilities





DHCP Allocator
DNS Proxy
Network Address Translation
 Support for popular applications and games
APIs for config, status, and dial control
Enable ISV hybrid solutions on
Windows platform
Windows Internet
Connection Sharing
Requirements revisited




Transparent network configuration
for end user - YES
Support for legacy and non-Windows clients - YES
Demand dial support - YES
Support for remote client UI for demand dial control
and progress indication - YES



Dial control and client “usage” APIs
No client software (from both IHVs and OEMs) - YES
Comprehensive protocol support - YES


Easy support (e.g., no config UI) for popular Internet games
VPN (e.g., PPTP)
Windows 2000 Connection
Sharing Architecture
Automatically dials
public network for
LAN clients
Automates
addressing of
LAN clients
Windows Connection Sharing
DHCP
DNS Proxy
Forwards name queries
from LAN clients
User
Kernel
Extensions
TCPIP
Forwards packets
through NAT
before routing
NAT
Shares single IP
address among
LAN clients
Windows 98 Internet Connection
Sharing Architecture
TCP/UDP
IP
ICSPROT
NDIS protocols
NDIS
NDIS adapters
Ethernet
ICSMAC
Internal Home Network
Data flow in kernel
PPPMAC
Modem
Windows 2000 Connection
Sharing Integration

Turning on
connection
sharing for
new dial-up
connections
Windows 2000 Connection
Sharing Integration

Turning on
connection
sharing for
existing
connections
Windows 98 Internet
Connection Sharing

Turning on
Internet
Connection
Sharing
Windows Internet
Connections Sharing Demo
Internet
Client PC
DSL link
HomePNA
ICS PC
Client PC
Call To Action

Provide feedback on your key Internet
sharing requirements


Ship “Sharing Enabled” PCs




Send e-mail to [email protected]
Broadband + LAN
Dial + LAN
ISDN + LAN
Build value add control applications
and UI on base Internet Sharing APIs