File - Sharma Dhillon
Download
Report
Transcript File - Sharma Dhillon
CHAPTER 3
PLANNING INTERNET CONNECTIVITY
DETERMINING INTERNET CONNECTIVITY
REQUIREMENTS
Factors to be considered in internet access strategy:
Sufficient internet bandwidth to support the need
Possibility of users abuses internet access
Dangers of having your private network connected to
internet
How much bandwidth?
To know how much bandwidth the users will need, we have
to find out the type of WAN connection the network will
need, the ISP account type required & how highly the
monthly fees will be.
You may need to know how many users will need access at
one time, what application they will use & activities they will
perform & when.
DETERMINING INTERNET CONNECTIVITY
REQUIREMENTS
How many users?
Need to know how many users are working at one
time & how much of time they spend accessing the
internet.
What applications users need?
Certain type of applications need certain amount of
bandwidth. You must estimate the internet use
patterns of network users & provide them with
sufficient bandwidth.
Allocate some bandwidth for the company’s server
DETERMINING INTERNET CONNECTIVITY
REQUIREMENTS
When internet bandwidth is needed?
Provide sufficient support during the peak time
Where are the users located?
Knowing the locations of computers to determine
where you should place the routers & other
equipments.
Help in assigning IP addresses
CHOOSING AN INTERNET CONNECTION
TYPE
Dial up modem connections
ISDN
CATV & DSL
Leased Lines
Frame Relay
Group
Assignment 1
20%
CHOOSING A ROUTER TYPE
Stand-alone internet routers are hardware
devices that connect to your network & to the
WAN providing access to the internet.
All in one ( NAT, DHCP, basic routing)
High-end modular routers enables you to add
modules supporting many different types of WAN
& LAN connections
CHOOSING AN ISP
Multiple WAN support
ISP’s oriented towards residential users might only
support dial-up modem connections, but business
oriented ISP’s can support a variety of WAN connection
types such as ISDN, DSL, leased lines & provide internet
access at a wide range of bandwidth levels
IP Addresses
Every access need at least one IP address. If you plan to
use unregistered IP address, you still need one registered
address to connect your NAT router or proxy server to the
internet.
CHOOSING AN ISP
DNS servers
Internet clients need the DNS service to resolve the names
of sites & users into IP addresses.
E-mail services
Stand-alone computer, the email service an ISP provides
include one email account
Ex: [email protected] / [email protected]
Web Hosting
Running a web server requires you to have registered IP
with the ISP.
If you rely on your ISP to host your web server, then you
may need to pay the hosting fees but don’t have to worry
about security
DETERMINING INTERNET SECURITY
REQUIREMENTS
Using unregistered IP addresses is a simpler method
to secure client computers rather than using firewalls.
Determining the security requirements help you to
identify the additional hardware & software you may
need to install.
Ways to secure the client on unregistered IP address;
Limiting Applications
Limiting users
Regulating internet access (restriction on sites)
USING NAT
Is a primary method enabling computers with
unregistered IP addresses to access the internet
3 basic types of NAT
Static NAT – translates a number of unregistered IP
addresses to an equal number of registered addresses so
that each client always uses the same registered address.
(NOT secure)
Dynamic NAT – used in conditions where you have fewer
registered IP addresses compared to unregistered
computers. The IP addresses assigned changes regularly
(More secure than static NAT)
Masquerading – translates all the unregistered IP
addresses on your network using a single registered IP
address. IP address last for each single connection. (Secure)
USING PROXY SERVER
A proxy server is an intermediary between client &
the internet just like a NAT router except that it
function on the application layer.
Unregistered clients sends their internet access
request to the proxy server, which generates its own
identical requests & sends them to the server on the
internet. When a proxy server receives a response, it
relays the information back to the client on
unregistered network.
Also capable of caching information downloaded from
internet so accessing frequently visited site is fast.
SELECTING AN INTERNET ACCESS METHOD
When using unregistered IP addresses, deciding
whether to use NAT router or proxy server to
provide internet access, should be based on the
amount of security needed!
TROUBLESHOOTING INTERNET
CONNECTIVITY
Determining the scope of the problem
Diagnosing client configuration problem
Diagnosing NAT & proxy server problem
Diagnosing internet connection problem
DETERMINING THE SCOPE OF THE
PROBLEM
First, determine how wide spread the problem is.
Begin with help desk technician to try to reproduce the fault
on other computer using the same steps user took before
experiencing the problem.
If the problem cant be reproduced, then the problem is in the
computer itself.
If the problem can be reproduced then the problem is the
computer’s connection to the network.
Next, determine whether the problem is limited to
internet connectivity.
Try to access resource from the local network from the
computer with the problem, & repeat with other LANs.
If user’s computer cant contact the local network / Internet,
then problem is related to internal network infrastructure.
DIAGNOSING CLIENT CONFIGURATION
PROBLEM
If computer cant connect to local network / Internet,
then you should check the basic TCP/IP configuration
parameters such as IP address & subnet mask.
Default Gateway Problems
Every computer must have access to a default gateway on
the local network.
If problematic computer can access local network but cant
access Internet, the default gateway address in the TCP/IP
configuration is pointing to a functional router but the
router might not be configured to forward the internet
traffic properly !
Check the routing table on the default gateway router.
DIAGNOSING CLIENT CONFIGURATION
PROBLEM
Name resolution problem
Common cause of connectivity problem is the client
computer’s failure to resolve DNS names into IP
addresses.
When a name resolution fails, client computer cant
access the internet resources using names.
Try by using IP address to see whether this is the
cause & if you can access then ;
The client computer is configured with incorrect DNS
server address / the DNA server specified in the
computer’s TCP/IP configuration is not functioning
properly.
DIAGNOSING NAT & PROXY SERVER
PROBLEMS
If the connection problem is reproducible on other
computers, then it can be due to NAT / proxy
server.
Both NAT router & proxy server must have an
interface the connects to the internet using a
registered IP address. Therefore, these devices
can suffer from any of the same TCP/IP
configuration problem as a client computer.
Check the IP address, subnet mask, default
gateway & DNS server addresses.
Proxy servers may block access due to
authentication issue, policy prohibits access.
DIAGNOSING INTERNET CONNECTION
PROBLEM
If individual computer is not at fault, NAT router
or proxy server is functioning properly then the
problem might lie with internet access router.
Routing table might be having a problem.
Your ISP’s also might be having problem