When planning your network, consider the connectivity requirements of your users. Network protocols are similar to languages in the sense that languages haves different words, word patterns, and punctuation. A network protocol serves a similar role for computers attempting to communicate. The network protocol used on a network determines how packets (units of data) are configured and sent over the network cable. Consider the following questions:
Identify various network protocols used in Windows 2000Estimated lesson time: 30 minutes
Transmission Control Protocol/InternetProtocol
Transmission Control Protocol/Internet Protocol (TCP/IP) is an industry-standard suite of protocols designed for large networks. TCP/IP is routable, which means that data packets can be switched (routed to a different subnet) by use of the packet's destination address. TCP/IP's ability to be routed provides fault tolerance, which is the ability of a computer or an operating system to respond to a catastrophic event or fault, such as a power outage or a hardware failure, to ensure that data is not lost or corrupted. If a network failure occurs, TCP/IP packets are transported on a different route.Although the original purpose of TCP/IP was to provide connection between disparate networks, TCP/IP now provides high-speed communication network links between networks. Microsoft has implemented TCP/IP as a standard network transport for Windows 2000. You will learn more about the architecture, installation, and configuration of TCP/IP in Chapter 2, "Implementing TCP/IP."
Benefits of Implementing TCP/IP
TCP/IP in Windows 2000 includes many performance improvements for highbandwidth networks. These features are described in the following sections.
Large Window Support
The window size in TCP-based communication is the maximum number of packets that can be sent before the first packet must be acknowledged. Window size is typically fixed and established at the beginning of a session between sending and receiving hosts. With large window support, window size is dynamically recalculated and increased if a large number of packets is exchanged during a lengthy session. This increases bandwidth and allows more data packets to be in transit on the network at one time.
Selective Acknowledgments
With selective acknowledgments, the receiver can notify and request specific packets that were missing or corrupted during delivery from the sender. This allows networks to recover quickly from a state of temporary congestion or interference, because only corrupted packets are re-sent. In previous TCP/IP implementations, if a receiving host failed to receive a single TCP packet, the sender was forced to retransmit all packets transmitted following the negatively acknowledged packet. Using selective acknowledgments, fewer packets are re-sent, providing better network utilization and performance.
Round Trip Time Estimation
Round Trip Time (RTT) is the amount of time it takes for a round-trip communication between a sender and receiver on a TCP-based connection. RTT estimation is a technique of estimating packet transit times and adjusting for the optimum retransmission time for packets. Because performance depends on knowing how long to wait for a missing packet, improving the accuracy of RTT estimation results in better time-out values being set on each host, so that a host cannot request a packet to be retransmitted until the requisite time interval expires. Better timing improves performance over long round-trip network links, such as WANs, that span large distances (for example, continent-to-continent) or use either wireless or satellite links.
IP Security (IPSec) Support
IPSec provides the ideal platform for safeguarding intranet and Internet communications. IPSec can secure paths between two computers, two security gateways, or a host and a security gateway. Windows 2000 Server tightly integrates IPSec with system policy management to enforce encryption between systems. Customers can have encryption-secured communications managed by group policy-a safeguard that protects information sent over networks. Because IPSec is integrated into the operating system, it is easier to configure and manage than add-on solutions.
The services available and required for traffic are configured using IPSec policy. IPSec policy can be configured locally on a computer, or can be assigned through Windows 2000 Group Policy mechanisms using the Active Directory directory service, as illustrated in Figure 1.5. When using Active Directory, hosts detect policy assignment at startup, retrieve the policy, and periodically check for policy updates. The IPSec policy specifies the trust relationship among computers. The easiest trust relationship to use is the Windows 2000 domain trust based on the Kerberos version 5 protocol. Predefined IPSec policies are configured to trust computers in the same or other trusted Windows 2000 domains.
At the IP (network) layer, each incoming or outgoing packet is referred to as a datagram. Each IP datagram bears the source IP address of the sender and the destination IP address of the intended recipient. Each IP datagram processed at the IP layer is compared against a set of filters that are provided by the security policy, which is maintained by an administrator for a computer, user, group, or an entire domain. The IP layer can perform one of the following actions with a datagram:
- Provide IPSec services to the datagram
- Allow the datagram to pass unmodified
- Discard the datagram
Because IPSec typically encrypts the entire IP packet, capturing an IPSec datagram sent after the security association (SA) is established reveals very little of what is actually in the datagram. The only parts of the packet that can be parsed or read by a network sniffer such as Network Monitor are the Ethernet and IP headers. This lends greater security to IP transactions. IPSec is covered in more detail in Chapter 5, "Implementing IPSec."
Generic Quality of Service
Generic Quality of Service (GQoS) is a method by which a TCP/IP network can offer Quality of Service guarantees for multimedia applications. Generic Quality of Service allocates different bandwidths for each connection on an as-needed basis.
Quality of Service (QoS) allows network administrators to use their existing resources efficiently and to guarantee that critical applications receive high-quality service without having to expand as quickly or upgrade their networks. Deploying QoS means that network administrators can have better control over their networks, reduce costs, and improve customer satisfaction. The suite of QoS components included in Windows 2000 works with the different QoS mechanisms that can exist in network elements such as routers and switches. These host mechanisms give administrators an idea of which applications are in use and what their resource requirements are without having to calculate the mappings between actual users, network ports, and addresses. When the host and the network operate cooperatively, resources can be utilized easily and more knowledgeably...
loading...