Because routers operate at the network layer, a connection across a router requires only that the higher layers use the same protocols.. For instance, if you need to connect a network th
Trang 1NOTE Because they operate below the network layer at which protocols such as TCP/IP and IPX/ SPX are defined, bridges don’t care about the network protocols they’re carrying They care only about the information required to operate at the data-link layer This means that whether or not data
is carried over the bridge depends on its MAC address
You should use bridges only on smaller networks, or in cases where you would otherwise use a repeater, but would benefit from keeping traffic on one segment from being transmitted on the other segment unnecessarily Often, routers or switches offer solutions that perform better and create fewer problems, so examine these other options before choosing a bridge
Routers
Just as bridges are basically more intelligent repeaters, routers are more intelligent
bridges Routers operate at the network layer (layer 3) of the OSI model, and they are
far more intelligent than bridges in sending incoming packets off to their destination Because routers operate at the network layer, a connection across a router requires only that the higher layers use the same protocols The router can translate from any of the protocols at layers 1 through 3 to any other protocols at layers 1 through 3 (provided the router has been configured and designed to do so) Routers can connect both similar and dissimilar networks They are often used for wide area network (WAN) links Routers actually become a node on a network, and they have their own network address Other nodes send packets to the router, which then examines the contents of the packets and forwards them appropriately For this reason, routers often have fast microprocessors—usually of the reduced instruction set computer (RISC) type—and memory built into them to perform this job Routers can also determine the shortest route to a destination and use it They can perform other tricks to maximize network bandwidth and dynamically adjust to changing problems or traffic patterns on a network
NOTE To learn about the networks to which they’re connected, and what they should do to route
various types of packets properly, routers use a process called discovery During the discovery
process, the router carefully “listens” to traffic on its ports and also sends out advertisement packets letting other devices know of the router’s presence
Routers form the backbone of the Internet When you use the TRACERT command
to trace the route from a node to a destination, most of the addresses that appear for the hops are actually different routers, each one forwarding the packet to the next until it reaches its destination
NOTE Routers can route only protocols that are routable AppleTalk, NetBIOS, and NetBEUI are examples of protocols that are not routable, while TCP/IP and IPX/SPX are routable
Trang 2Routers must be programmed to function correctly They need to have the addresses
assigned to each of their ports, and various network protocol settings must be configured
Routers are usually programmed in one of two ways:
N Most routers include an RS-232C port You can connect a terminal or PC with
terminal emulation software to this port and program the router in text mode
N Most routers have network-based software that enables you to program the
router, often using graphical tools or a simple web interface
The method you use depends on the router and your security needs (You might
want to disable network-based router programming so that unauthorized users cannot
change the router’s configuration.) Figure 6–4 shows an example of a network that uses
routers
Gateways
Gateways are application-specific interfaces that link all seven layers of the OSI model
when they are dissimilar at any or all levels For instance, if you need to connect a
network that uses one of the OSI networking models to one using IBM’s Systems
Network Architecture (SNA) model, use a gateway Gateways can also translate from
Ethernet to Token Ring, although simpler solutions than gateways exist if you need
such a translation Because gateways must translate so much, they tend to be slower
than other solutions, particularly under heavy loads
The primary use for gateways today is for handling e-mail POP3 and SMTP are
two examples of protocols that are handled by gateways Most e-mail systems that can
connect to disparate systems either use a computer set up as a gateway for that chore
or let the e-mail server handle the gateway chores itself
Figure 6-4. A network using routers
Trang 3Protecting a Network with Firewalls
Firewalls are hardware devices that enforce your network security policies Firewalls
often are installed with routers For instance, firewalls are sometimes installed with routers to create internetwork connections In most routers designed for small office/ home office use, a firewall is part of the router itself Equipment for larger networks still keeps these duties in separate pieces of equipment, however
A firewall is a hardware device (which can be a computer set up for the task that runs firewall software or a dedicated firewall device that contains a computer within it) that sits between two networks and enforces network security policies Generally, firewalls sit between a company LAN and the Internet, but they can also be used between LANs or WANs
There are basically two different types of firewalls:
N A network-based firewall operates at the network level (layer 3) and usually
implements a technique called packet filtering, where packets between networks are compared against a set of rules programmed into the firewall before the packets are allowed to cross the boundary between the two networks Packet-filtering rules can allow or deny packets based on source or destination address,
or based on TCP/IP port
N An application-based firewall usually acts in a proxy role between the two
networks, such that no network traffic passes directly between the two networks Instead, the firewall (usually called a proxy firewall) acts as a proxy for the users of one network to interact with services on the other network This proxy interaction is usually done using a technique called network address translation (NAT), where the network addresses on the internal network are not directly exposed to the external network In the application-based model, the proxy firewall takes care of translating the addresses so that the connections can take place
NOTE Firewalls do not provide a network security panacea The best firewall in the world won’t protect your network from other security threats, such as some discussed in Chapter 11 However, they are an important part of network security, particularly for LANs connected to the Internet Firewalls come in all shapes and sizes, and range in cost from as little as a few hundred dollars to thousands of dollars In fact, these days, you can even find small personal firewalls for home use that cost less than $200 for hardware-based devices, or around $40 for firewall software that can be installed on a home computer
Different firewall devices have various features, and might encompass both
network-based and application-based techniques to protect the network Firewalls also usually serve as an audit point for the traffic between the two networks, using logging and reporting tools to help the administrator detect and deal with inappropriate network traffic
Firewalls are discussed in the context of network security in Chapter 11
Trang 4Connecting RS-232 Devices with Short-Haul Modems
While some might not consider a short-haul modem to be a true network device, it is a
device that your network might require to provide point-to-point connectivity between
a workstation or terminal and another device Short-haul modems (sometimes called
line drivers) enable you to connect two distant RS-232C devices to one another
Standard RS-232C cables are limited in distance to 15 to 30 meters (50 to 100 feet)
Short-haul modems allow the same connection to run as far as 5 miles using simple
telephone-grade twisted-pair cabling
Short-haul modems can often be perfect solutions when a computer needs terminal
access to a remote device For example, a user might need to access a terminal on a PBX
telephone system, which uses an RS-232C port You have two options to provide this
remote access:
N Install regular modems on each end and use a telephone connection to connect
from the workstation to the PBX
N Use two short-haul modems and run a twisted-pair cable between the two
points
Depending on how frequently access is needed and how distant the device is, either
approach can be good Generally, short-haul modems are preferred when the two
devices often or always need to be connected, and running a twisted-pair wire between
the locations is not prohibitively expensive or difficult Short-haul modems are fairly
inexpensive, at about $100 each
In most short-haul modem systems, two pairs of wire connect each short-haul
modem, although one-pair variants exist With the two-pair variety, one pair is used to
transmit data and the other to receive data Most short-haul modems are full duplex,
allowing transmission to take place in both directions simultaneously
To hook up two devices using short-haul modems, you use a standard RS-232C
cable to connect each device to its short-haul modem Then you wire the twisted-pair
wire to the short-haul modem, using the instructions that come with the modem
Finally, most short-haul modems require external power, so you need to plug them into
a power outlet Figure 6-5 shows an example of a short-haul modem connection
TIP If you frequently do RS-232C interfacing, you should invest in a device called a breakout
box This is a small device that has two RS-232C connectors on each end In the box, each of
the RS-232C pin signals is represented with a light-emitting diode (LED) Special patch posts and
switches in the breakout box enable you to reconfigure the RS-232C connection on the fly Breakout
boxes can be invaluable for achieving RS-232C communications between two devices that aren’t
communicating They can show what is actually happening with the signals and enable you to try
different cable configurations dynamically Once you use the breakout box to figure out how to make
the devices communicate, a permanent cable can then be made to those specifications
Trang 5Chapter Summary
In this chapter, you learned about the key pieces of hardware that make up most networks It is important for you to be familiar with the capabilities of all these types of network hardware, which should form the basis of any network design or performance-tuning efforts Be aware that you need to know about other types of network hardware as well Additional important network hardware is discussed in later chapters In particular, you should also know about remote access hardware, hardware that supports WAN links, and certain network functions that are carried out
on different types of network servers
Chapter 7 discusses the different technologies used to connect networks to other networks, usually over large distances WAN connections are used to connect to the Internet and also to form part-time or full-time connections between LANs, such as from one company location to another
Figure 6-5. Short-haul modem connection
RS-232 cable Twisted-pair cable
RS-232 cable Short-haul
modem
Short-haul modem