Planning and Configuring Routing and Switching
Download
Report
Transcript Planning and Configuring Routing and Switching
70-293: MCSE Guide to
Planning a Microsoft Windows
Server 2003 Network,
Enhanced
Chapter 4:
Planning and Configuring
Routing and Switching
Objectives
•
•
•
•
•
•
•
•
Build IP networks
Configure Windows Server 2003 as a router
Create and configure demand-dial connections
Understand the purpose of virtual LANs
Implement Network Address Translation
Work with Internet Connection Sharing
Configure Internet Connection Firewall
Plan Internet connectivity
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
2
Building a Subnetted IP Network
• Subnetting: breaking a single large IP network into
smaller networks
• Main benefit of subnetting is network traffic control
• Supernetting is the opposite process of subnetting
• Supernetting combines multiple small networks into
one large network
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
3
Binary Numbering and TCP/IP
• IP addresses are expressed in dotted decimal notation
• A computer looks at an IP address as a single group
of 32 binary digits
• The subnet mask determines which bits are part of the
network ID and which bits are part of the host ID
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
4
Decimal Numbering
• The decimal system uses the values from 0 to 9 for
each digit
• The value of the first column in the decimal
numbering system is ten to the zero power (100=1);
the value of the second column is ten to the first
power (101=10) etc.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
5
Binary Numbering
• Subnetting is based on binary
• Binary is a base-two numbering system, which means
that there are only two potential values for each digit,
0 and 1
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
6
Conversion Between Binary and
Decimal
• To convert a binary octet to a decimal value, multiply
the digit in each column by the value of each column
and then determine the sum of those products
• Binary digits are always either 1 or 0, so multiply the
value of each column by 1 or 0
• Most people use Windows Calculator to perform the
conversion
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
7
Activity 4-1: Converting Binary
Numbers to Decimal Using
Windows Calculator
• The purpose of this activity is to convert numbers
between binary and decimal numbering systems
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
8
Binary Subnet Masks
• The binary process used by your computer to find the
network ID is called ANDing
• If both binary digits being compared have a value of
1, then the result is 1
• If one digit is 0 and the other is 1, or if both digits are
zero, then the result is 0
• When an IP address is ANDed with a subnet mask,
the result is the network ID
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
9
Activity 4-2: ANDing
• The purpose of this activity is to find the network ID
of several IP addresses based on the given subnet
mask
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
10
The Benefits of Subnets
• Subnetting provides the following benefits:
•
•
•
•
Improves performance
Reduces collisions
Limits broadcasts
Controls traffic
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
11
Reducing Collisions
• Subnetting reduces the number of hosts on each
network, reduces the amount of traffic on the network
and improves throughput
• In a routed network, each network is a separate
collision domain
• Collisions that occur on one network do not affect
another network
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
12
Limiting Broadcasts
• Subnetting a network creates multiple networks with
fewer hosts on each network
• The presence of fewer hosts on each network results
in fewer broadcast messages, which reduces the
processing load on each host
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
13
Controlling Traffic
• Routers provides greater control over network traffic
• Routers can implement rules about which packets
they forward
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
14
Subnetting a Network
• To subnet a network, you take some bits from the host
ID and give them to the network ID
• The number of subnets can be calculated using the
formula 2n-2
• In this formula, n is the number of bits taken from the host
ID and used for subnetting
• The minus 2 is only used for traditional subnetting in which
the subnets of all 1s and all 0s are removed
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
15
Activity 4-3: Complex Subnetting
• The purpose of this activity is to subnet a single large
network into 10 smaller networks
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
16
Subnet Hosts
• The formula 2n-2, is also used to calculate the number
of usable hosts on a subnet
• The formula finds the total number of combinations
that can be created from n bits
• However, when used to calculate the number of
usable hosts on a subnet, n is the number of bits in the
host ID, and two combinations are removed for the
broadcast on the subnet and the subnet itself
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
17
Activity 4-4: Finding Valid Hosts
• The purpose of this activity is to calculate the number
of valid hosts on a subnet
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
18
Supernetting
• Supernetting is used to create one large network from
several smaller ones
• Supernetting takes bits from the network ID and gives
them to the host ID
• All of the networks being combined for supernetting
must be contiguous
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
19
Router Installation and
Configuration
• Main benefit of implementing Windows Server 2003
as a router within a small or midsized organization is
cost
• Routing is part of Routing and Remote Access
Service (RRAS) and can be configured using the
same wizard that is used to configure dial-up and
VPN servers
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
20
Router Installation and
Configuration (continued)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
21
Activity 4-5: Configuring RRAS
as a Router
• The purpose of this activity is to configure Windows
Server 2003 as a router
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
22
Routing Tables
• The routing table is a list of the networks that are
known to the router
• Each entry in an IP routing table contains:
•
•
•
•
•
the IP address of the network
the subnet mask of the network
the gateway that is used to reach the network
the router interface that is used to reach the gateway
the metric that measures how far away the network is
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
23
Routing Tables (continued)
• Static routing is the process by which routing tables
are maintained manually by an administrator
• Dynamic routing is the process by which routing
tables are automatically generated by routers based on
communication with other routers
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
24
Routing Protocols
• Routing protocols are responsible for calculating the
best path from one network to another and advertising
routes for dynamic routing
• The two routing protocols used in Windows Server
2003 for IP routing are:
• Routing Information Protocol (RIP)
• Open Shortest Path First (OSPF)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
25
RIP
• In Routing Information Protocol (RIP), the distance
between networks is measured by the number of
routers through which the data must pass, or hops
• RIP is the simpler and more popular of the two
protocols
• The best path from one network to another is the path
with the least number of hops
• This is known as distance-vector routing
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
26
Activity 4-6: Installing and Using
RIP
• The purpose of this activity is to configure your
server as an RIP router
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
27
OSPF
• Open Shortest Path First (OSPF) is a routing
algorithm that determines the best path from one
network to another based on a configurable value
called cost
• OSPF is more flexible than RIP and better suited to
complex routing environments
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
28
Configuring RIP
• In RIP you can configure:
•
•
•
•
•
•
The type of events to be logged
From which IP addresses this router accepts updates
Settings for each interface
How often routing table announcements are sent
How long entries in the routing table last before they expire
Many other options
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
29
Demand-Dial Connections
• A demand-dial connection establishes a connection
between two routers only when there is data to send
• When a router with a demand-dial interface receives
packets destined for a remote network, a connection
is created so the packets can be sent
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
30
Creating Demand-Dial
Connections
• For a demand-dial connection to function properly
you must:
• Enable the server to perform demand-dial routing
• Configure a port to allow demand-dial routing
• Create a demand-dial interface
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
31
Demand-Dial Interface Wizard
• New demand-dial connections are created using the
Demand-Dial Interface Wizard
• To start this wizard in the Routing and Remote
Access snap-in, right-click Network Interfaces, and
click New Demand-dial Interface
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
32
Activity 4-7: Creating a DemandDial Connection
• The purpose of this activity is to create a demand-dial
VPN connection
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
33
Demand-dial Interface Properties
• Properties of the demand-dial interface can be used to
configure security settings and the idle timeout
• The idle timeout is on the Options tab
• If the Connection type chosen is the Persistent
connection option, then the servers are connected
whenever RRAS is functional
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
34
Dial-out Hours/Demand-Dial
Filters
• A demand-dial connection can be configured with a
set of dial-out hours that control when it can be active
• Controls unwanted dial-up connections that might result in
large long-distance charges
• Demand-dial filters control which types of network
traffic trigger a demand-dial connection
• Reduces the number of connections activated and the
amount of long-distance charges
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
35
Activity 4-8: Configuring
Demand-Dial Filters
• The purpose of this activity is to configure demanddial filters to control the activation of demand-dial
connections
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
36
Virtual LANs
• A VLAN is a broadcast domain created by a switch
based on:
•
•
•
•
Subnets
Protocols
MAC addresses
switch ports
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
37
Network Address Translation
• NAT is a protocol used by routers to allow multiple
clients to share a single Internet-addressable IP
address
• IP headers are modified to make the packet look as
though it came from the NAT router
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
38
How NAT Works
• NAT modifies the IP headers of packets that are
forwarded through a router
• When a packet is forwarded through the router, NAT
removes the original source IP address and source
port number
• The source IP address changes to the IP address of the
router
• The source port number is changed to a randomly
generated port number
• To keep track of the translations that are being
performed, NAT builds a table
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
39
How NAT Works (continued)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
40
How NAT Works
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
41
Installing NAT
• NAT is automatically installed when RRAS is
configured to be a router, but interfaces must be
added
• The NAT/Basic Firewall tab allows you to configure
whether this interface is a private interface, public
interface, or basic firewall
• For proper NAT functionality, one interface must be
configured as public and one as private
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
42
Activity 4-9: Installing and
Testing NAT
• The purpose of this activity is to Install NAT and
confirm it is functioning using a Web page on your
instructor’s computer
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
43
Configuring NAT
• The NAT protocol is configured by right-clicking
NAT/Basic Firewall, and clicking Properties
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
44
Internet Connection Sharing
• Internet Connection Sharing (ICS) is a Windows
Server 2003 service that provides an automated way
for a small office using Windows Server 2003 as a
router to connect to the Internet
• ICS automatically performs NAT and configures
network connections
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
45
Internet Connection Firewall
• Internet Connection Firewall (ICF) is a stateful
packet filter (a filter that automatically creates reverse
rules for response traffic) that can be used to protect
any server running Windows Server 2003
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
46
Enabling ICF
• ICF is configured per connection
• ICF is enabled in the properties of a connection
• If ICF is enabled on a server that is not a router, only
that server is protected
• If ICF is enabled on a router, then all computers on
the internal network are protected
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
47
Configuring ICF
• To allow requests from the network to access services
on the server running ICF, you need to configure
services
• The Security Logging tab, is used to configure:
•
•
•
•
the type of information that is logged
the location of the log
the maximum size of the log
ICF is capable of logging both dropped packets and
successful connections
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
48
Activity 4-10: Installing ICF
• The purpose of this activity is to install and configure
ICF on your server
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
49
Planning Internet Connectivity
• When planning Internet Connectivity a decision must
be made on whether to use internal private addresses
or Internet accessible IP addresses
• Using Internet accessible IP addresses is more
expensive
• Using internal private IP addresses is more secure
• Most organizations use internal private IP addresses
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
50
Summary
• Subnetting is used to divide a single large network
into multiple smaller networks
• Supernetting is used to combine multiple smaller
networks into one large network
• The formula 2n-2 is used to calculate the number of
subnets that can be created from n bits
• RIP is a distance-vector routing algorithm that
calculates paths based on hops
• OSPF is a link-state routing algorithm that calculates
paths based on a configurable metric called cost
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
51
Summary (continued)
• Demand-dial connections are activated only when
network traffic requires them
• NAT allows many computers to access the Internet
using a single Internet-addressable IP address
• ICS is an automated way to configure a router for
NAT
• ICF is a stateful packet filter
• When planning Internet Connectivity a decision must
be made on whether to use internal private addresses
or Internet accessible IP addresses
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
52