On This Page
Overview
Support for Standards
TCP/IP Improvements
Virtual Private Networks (VPNs)
Network Driver Interface Specification (NDIS)
Routing
Quality of Service (QoS)
How Do Other Operating Systems Fit In?
Summary
Overview
Developed from the start as a network operating system, Microsoft
Windows 2000 Server continues to improve its presence on networks and
the Internet. Microsoft is following the worldwide trend of using the
Internet for as much as possible.
Windows 2000 Server will help companies make better use of their
Internet connections. By providing support for additional standardized
features of TCP/IP, Microsoft has improved the performance of its
premier network operating system both for communications with other
Windows systems and with UNIX systems. Technologies such as virtual
private networks (VPNs) will allow organizations to reduce costs without
sacrificing security. The routing features built in to Windows 2000
servers allow those servers to act as routers, with graphical user
interfaces far superior to those of hardware-based routers. The new
Quality of Service (QoS) standards allow more consistent and reliable
networking, especially when using real-time audio and video.
Support for Standards
With the first releases of the LAN Manager and Windows NT operating
systems, Microsoft made an effort not only to support Internet standards
but also to create its own protocols where standards did not meet the
needs of its customers. NetBIOS Enhanced User Interface (NetBEUI), the
networking foundation of the first versions of Windows NT, was
proprietary in nature and the details of the protocol were well hidden.
TCP/IP, on the contrary, is based entirely on committee-created,
completely documented standards. TCP/IP is the standard of the Internet
and the future of networking, and Windows 2000 is well designed to
leverage these standards.
Microsoft is not simply following open standards; it is leading the
development. For example, Microsoft has been working with Cisco, Ascend,
IBM, and 3Com to create the Layer 2 Tunneling Protocol (L2TP)
standards. Microsoft's active involvement in standards committees
ensures that Windows will take advantage of these technologies just as
soon as they are finalized—and sometimes before!
TCP/IP Improvements
While the core of TCP/IP (Transmission Control Protocol/Internet
Protocol) has been a standard for many years, not all TCP/IP
implementations are alike. Many aspects of TCP/IP are considered
optional, and software developers tend to add only those features they
feel will benefit their customers. Microsoft has improved the TCP/IP
stack included in Windows 2000 by adding optional, standardized features
not found in previous versions of Windows. The end result is that users
will enjoy improved network performance on both local area networks
(LANs) and wide area networks (WANs).
Security-minded administrators will appreciate the new support for
robust packet filtering. Windows 2000 can now filter packets based on
TCP port, UDP port, IP protocol ID, ICMP type, ICMP code, source
address, and destination address. An example of packet filtering is
shown in Figure 6-1. With these filtering capabilities, you can control
which networks are allowed to download mail from your Post Office
Protocol (POP) server. This control would allow you to guarantee that
only users on the local network can even attempt to establish network
connections.
Filter lists make it easier to manage multiple filtering policies.
Figure 6-2 shows how several lists can be used to provide separate
policies for internal and external networks. You can create separate
filters for each subnet in your network, if you so desire.
Windows 2000 now includes support for RFCs 1122, 1123, 1323, and
Selective Acknowledgements. RFCs 1122 and 1123 were written in 1989 and
summarize mandatory and optional features of TCP/IP stacks—support for
these documents means better compatibility with other operating systems.
RFC 1323 provides extensions to TCP that allow for better performance
over high-bandwidth and high-delay networks, such as satellite links.
Selective Acknowledgements improve performance when used with large TCP
window sizes, by allowing only lost packets to be resent; packets that
were already received are not retransmitted. For more information on
Selective Acknowledgements, refer to RFC 2018.
Figure 6-1: Windows 2000 allows packet filtering based on IP address and port number.
Figure 6-2: Multiple filters can be grouped together and managed as policies.
Windows 2000 Server continues Microsoft's support of the Winsock 2.0
interface. Winsock provides an API for Internet applications and
automatically handles tasks such as name resolution, QoS, establishing
outgoing connections, and listening for incoming connections. Winsock
2.0 allows applications to specify QoS requirements, regardless of the
underlying QoS mechanism in use.
Virtual Private Networks (VPNs)
A VPN allows data to travel securely across an untrusted network. In
the Internet age, this means that companies that formerly required
leased lines to ensure security can now leverage the public Internet for
private communications. It also means that corporate users who travel
can connect to a local Internet service provider (ISP) and communicate
securely with the corporate network, without dialing in to a private
bank of modems. See Figure 6-3 for an illustration of a VPN across the
public Internet.
Figure 6-3: A virtual private network carries data securely across a public network.
The primary advantages of VPNs are reduced costs and improved
privacy. Companies can reduce costs by maintaining only a single WAN
connection for each remote office—a connection to an ISP. The ISP
forwards the traffic across the public Internet, in much the same way
that frame relay providers have operated for many years, except at a
greatly reduced cost. The VPN technologies included in Windows 2000
ensure that this data cannot be read or modified on its journey to the
destination network.
While different VPN technologies vary in their specifics, they have many things in common. All VPNs transport data through a
tunnel,
as illustrated in Figure 6-4. The tunnel is created between two tunnel
endpoints, which agree upon a set of protocols for the tunnel before any
payload is transmitted. As data is sent through the tunnel, the frame
or packet is
encapsulated within another packet. Once the data
reaches the opposite endpoint, the data is unencapsulated and processed
as if it had been sent from a system on the same LAN.
Figure 6-4: Tunnels encapsulate data within IP packets.
Windows 2000 includes three technologies for creating virtual private
networks. PPTP, the Point-to-Point Tunneling Protocol, is a familiar
technology to those who have worked with Windows in the past. L2TP
provides similar functionality but has the benefit of support from a
variety of vendors. Internet Protocol security (IPSec) represents the
future of tunneling. Though IPSec is still under development, Windows
2000 provides support for much of the published functionality.
Point-to-Point Tunneling Protocol (PPTP)
PPTP is a multiprotocol tunneling technology developed by Microsoft
for Windows NT 4.0. It is based on the well-established Point-to-Point
Protocol (PPP), which is used for the vast majority of dial-up
connections. While PPP allows two computers to communicate over a single
link, PPTP allows a
virtual link to be created that can
traverse public or private networks. PPTP was quick to develop because
it borrows the authentication and handshaking mechanisms from PPP.
While only Windows NT 4.0 Server or Windows 2000 Server can act as
the server end of a PPTP connection, any member of the Windows family
can be a client. This allows traveling users to dial in to an ISP with a
Windows 98 laptop and initiate a private connection across the Internet
to the corporate server. This will work properly regardless of the
protocol in use at the corporate network; the traveler can dial in to an
ISP and connect to a NetWare server located on a private network, using
only IPX/SPX.
Layer 2 Tunneling Protocol (L2TP)
L2TP, seen as an evolution of PPTP, is a multiprotocol tunneling
technology developed by Microsoft, Cisco, Ascend, IBM, and 3Com. L2TP
meets many of the same goals as PPTP and borrows heavily from Cisco's
Layer-2 Forwarding (L2F).
One of the interesting features of L2TP is MPPP, or Multilink
Point-to-Point Protocol. This differs from the MPPP technology built in
to Windows NT 4.0. The MPPP built in to Windows NT 4.0 could be used
only to connect to a dial-up server that specifically supported this
technology. Unfortunately, the technology was not widely supported where
it was needed most—by the ISPs. L2TP's MPPP technology allows a Windows
2000 system to dial in to two entirely separate ISP connections. Data
can be transmitted through both of these links to a Windows 2000 server
using L2TP MPPP, where the server will reassemble the traffic and
transmit it onto the Internet or a private network. In this way, Windows
2000 Server and the L2TP MPPP allow multiple analog links to be
combined for greater data throughput. This process is illustrated in
Figure 6-5.
Figure 6-5: L2TP allows multiple links to be aggregated.
L2TP offers other advantages over PPTP. L2TP can be used over a
variety of Internet connections, including frame relay, X.25, and
Asynchronous Transfer Mode (ATM). L2TP allows multiple tunnels to be
created, each with a different QoS. Header compression in L2TP reduces
the header to 4 bytes, compared to the 6 bytes PPTP uses.
Both L2TP and PPTP are configured and managed in Windows 2000 using
the Routing And Remote Access service. Figure 6-6 shows a screen shot of
the management utility.
Figure 6-6: The Routing And Remote Access service is used to configure L2TP and PPTP.
Windows Internet Protocol Security (IPSec)
One of the new standards that the Internet Engineering Task Force
(IETF) has been working on is IPSec. The goal of the IPSec working group
is to allow private and secure communications across the public
Internet, regardless of the application or higher-level protocol being
used. PPTP, L2TP, and several other technologies also accomplish these
goals, but IPSec has one distinct advantage—it is an Internet standard.
This single factor will allow IPSec to become one of the primary
protocols used in VPNs in the years to come.
Microsoft, in a continuing effort to support international standards,
has provided an implementation of IPSec in Windows 2000. When used with
Windows 2000, IPSec provides transparent authentication of clients and
servers, confidentiality of data transmitted across a network, and the
flexibility to work with any IP-based application.
Encapsulating Security Payload (ESP) is IPSec's standard for
encryption and validation. ESP operates at either the network layer or
the transport layer of the Open Systems Interconnection (OSI) model, and
therefore can encrypt data created by any higher-layer protocols. For
example, a Telnet session could be tunneled within ESP, and all data
transmitted during that Telnet session would be immune to eavesdropping.
When ESP is used at the transport layer, an ESP header is inserted
between the IP header and the TCP header. The TCP header information and
all data contained within the packet are encrypted.
ESP can also be used at the network layer to provide VPN
functionality and privacy. When ESP is used at the network layer, the
exact IP address of the packets can be obscured. In this way, data can
travel between remote networks, but the IP addresses within the networks
will not be revealed to anyone watching the traffic.
The encryption ensures that the traffic cannot be monitored and used
maliciously. Further, ESP provides protection from replay attacks by
providing a sequencing number within the header. A
replay attack is
a scenario wherein an unauthorized user retransmits packets that had
been intercepted. Windows Internet Protocol security leverages the
Internet Security Association and Key Management Protocol (ISAKMP) using
the Oakley key determination protocol to identify each packet uniquely
and ensure that it can never be reused. Figure 6-7 shows an event log
entry generated by an error associated with ISAKMP/Oakley.
Figure 6-7: IPSec uses ISAKMP with the Oakley key determination protocol.
The other significant standard being designed by the IPSec working
group is the IP Authentication Header, or simply AH. AH allows the
client and server to validate each other before they begin to exchange
data, limiting the opportunity for a malicious third party to
impersonate either end of the connection. AH and ESP together provide
authentication and encryption of IP traffic.
The IETF provided a framework for data encryption and session
authentication using the ESP and AH standards. It did not provide
standards for the actual mechanisms used to encrypt the data or to
authenticate the hosts. Fortunately, Microsoft has built a strong
authentication mechanism into Windows 2000 Server—client and server
certificates. The encryption is provided by mixing public key and secret
key cryptography. By leveraging existing components of Windows 2000
Server, Microsoft has provided an easy-to-use and powerful method of
network security.
Note: Figure 6-8 shows how administrators can configure
custom IPSec security policies using the IP Security Policies MMC
snap-in. If protocols other than IP must be tunneled, IPSec can be
combined with L2TP. For more information on IPSec standards, please
visit the IETF's Web site at
http://www.ietf.org/ids.by.wg/ipsec.html.
Figure 6-8: Set custom IPSec policies with the IP Security Policies MMC snap-in.
Network Driver Interface Specification (NDIS)
NDIS is a layer of abstraction that exists between the network
protocol driver (at the network layer of the OSI model) and the network
card driver (at the data link layer of the OSI model). Among other
features, it allows multiple network cards to work with a single network
protocol. NDIS is an international standard, and providing NDIS support
allows network card vendors to ensure that their driver will be
compatible with Windows.
Both Windows 98 and Windows 2000 provide native support for NDIS 5.0.
This is an upgrade from Windows NT 4.0 and Windows 95 (OSR2), which
shipped with NDIS 4.0 support. NDIS 5.0 adds several features that were
absent in NDIS 4.0:
-
Advanced network power management and network wake-up capabilities.
-
Plug and Play is now supported with network drivers.
-
Improved performance.
-
Improved support for ATM and QoS.
-
Lower total cost of ownership (TCO).
Routing
Microsoft has built routing functionality into its server operating
systems since Windows NT 3.51 was released. However, the multiprotocol
router (MPR) built in to Windows NT 3.51 and Windows NT 4.0 was limited
in functionality and found very little use on production networks.
Microsoft recognized the need for a flexible, extensible routing
technology, and began developing a replacement for the built-in routing
in Windows NT 4.0. Windows 2000 Server continues to build on Windows
NT's routing capabilities with the new Routing And Remote Access
service.
With the routing functionality built in to Windows 2000 Server,
Microsoft allows organizations to build entire network infrastructures
based strictly on Microsoft products. By integrating routing features
into the operating system, small companies will benefit by not having to
purchase expensive routing hardware to segment networks. Large
companies will benefit by being able to administer their routers using
Windows 2000's graphical user interface (GUI), a major improvement over
most routers' text-based interfaces.
Network Address Translation (NAT)
Network address translation, or NAT, is the process of transparently
using a proxy to transfer packets between an internal and external
network. With the NAT functionality built in to Windows 2000 Server, a
single dial-up connection can be used to allow an entire network access
to the Internet, without making a single change to the clients. Until
now, administrators had to make use of application- or session-layer
proxies, both of which require modifications to the client and support a
limited number of applications.
For NAT to work properly, clients on the internal network must be
using private IP addresses, such as those in the 192.168.0.0 range. The
clients must have the NAT server configured as their default gateway.
The NAT server will act as a router to the clients, forwarding packets
from the internal network to the external network. However, NAT does
more than a traditional router—it not only forwards the packets, it
replaces the private source IP address with a valid public IP address.
NAT also listens for reply packets and returns those responses to the
client that initiated the connection.
Beyond providing outside access to clients within a private network,
the NAT services included with Windows 2000 Server are also capable of
acting as a reverse-proxy. This allows administrators to create publicly
available Web and e-mail services without placing the servers on a
public network. NAT can also be configured to use a range of public IP
addresses, assign clients private IP addresses using Dynamic Host
Configuration Protocol (DHCP), and act as a proxy for DNS (Domain Name
System) requests to the outside world. All of these features combined
allow administrators to easily provide a private network access to the
public Internet or any other network.
NAT is configured using the Routing And Remote Access MMC snap-in. It
is treated as a routing protocol, though it is not a true routing
protocol. Enabling NAT can be as simple as adding the protocol and
selecting the proper radio button, as shown in Figure 6-9.
Figure 6-9: The Routing And Remote Access MMC snap-in makes configuring network address translation simple.
Static Routing
Routers forward traffic one
hop at a time. For a router to
correctly forward traffic in networks where multiple paths exist, the
router must be configured to know where the next hop is for any given
destination network. Routing protocols allow routers to automatically
learn their way around a network, but routing protocols require
administrative overhead and may not be worthwhile in small networks and
networks that do not require dynamic redundancy. If an administrator
wants to manually configure each router in a network with a list of
paths to different destination networks, he or she can do so using
static routing.
Static routing is useful in small networks and extremely stable
networks. Static routes can be configured on a Windows 2000 Server using
the ROUTE command-line interface or the Routing And Remote Access GUI,
as shown in Figure 6-10. For those familiar with the command-line
interface included in previous versions of Windows, this graphical
interface is a great improvement.
Figure 6-10: Windows 2000 allows static routes to be configured within the Routing And Remote Access MMC snap-in.
Routing Protocols
In many small networks, all network segments connect to a single
router. This router knows where to forward packets because it has a
direct connection to every network segment. In this situation, only a
very simple router is required. However, larger networks require
multiple routers. This presents a bit of a challenge—how will the
routers know where to forward packets that are not destined for directly
attached networks? Consider Figure 6-11, which shows a network with two
routers. Router A is directly connected to Networks W and X, and
therefore knows how to forward packets from Network W destined for
Network X. However, how will it know where to forward packets for
Network Y or Network Z?
Figure 6-11: Routing protocols are required so that routers will be aware of remote networks.
There are two correct answers to the question: either the network
administrator can implement static routes, or a routing protocol can be
used. A routing protocol enables Router B to tell Router A that it has a
direct connection to Network Y and Network Z. That way, when Router A
receives packets destined for Network Z, Router A will know to forward
the packets directly to Router B for delivery.
For routers to exchange information about networks, they must use the
same routing protocol. Routing protocols each have specific advantages
and disadvantages. Windows 2000 Server includes support for a variety of
routing protocols and provides an open API for the development of
additional routing protocols. Using this open API, Microsoft or
third-party vendors can write code that allows Windows 2000 servers to
communicate with other routers on the network, regardless of the routing
protocol.
The following section describes the routing protocols included with
Windows 2000 Server: Routing Information Protocol (RIP) and Open
Shortest Path First (OSPF).
RIP version 1, RIP version 2, and RIP for IPX
RIP (Routing Information Protocol) has been in use since 1982 and is still commonly used today. RIP is a member of the
distance-vector
routing protocol family. Distance-vector routing protocols learn a
limited amount of information about the surrounding network and tend to
suffer from problems such as routing loops. RIP version 1 is based on
RFC 1058; RIP version 2 is based on RFC 1723.
While RIP is considered to be an outdated routing protocol, it is
simple to configure and is widely supported by routing software. Many
people still use RIP for backward compatibility with older routers.
Indeed, RIP was the only dynamic routing protocol supported by Windows
NT 3.51.
You should use RIP only if you have to. If your organization requires
the use of RIP as the routing protocol, RIP version 2 is the better
choice. RIP version 2 has several advantages over RIP version 1. The
newer version of the protocol allows classless networks to be used; RIP
version 1 required that all subnets be divided into standard Class A,
Class B, or Class C networks. While RIP version 1 sent all updates
between routers on a timed basis, RIP version 2 sends updates only as
required. Finally, RIP version 1 was susceptible to attacks because it
lacked a method to authenticate other routers; RIP version 2 adds simple
clear-text authentication.
RIP for IPX is a variant of the RIP standard, modified to work with
Novell's native network protocol. It is the only routing protocol
Windows 2000 Server supports that is compatible with IPX.
OSPF
OSPF (Open Shortest Path First) is a robust protocol, well suited to medium-to-large networks. It is a member of the
link-state
routing protocol family—a family characterized by complete knowledge of
surrounding networks and sophisticated router-to-router communications.
While distance-vector routing protocols such as RIP typically
communicate only with directly neighboring routers, OSPF-based routers
communicate with all other routers in their network. This allows the
router to build a map of the network, providing for more intelligent
path choices when traffic must be redirected around a failed router or
network.
OSPF is an Internet standard defined by RFC 1583.
Internet Group Membership Protocol (IGMP)
Windows 2000 Server supports version 2 of IGMP as defined in RFC
1112. IGMP, often called IP multicasting, is an Internet standard
protocol that allows a single packet to be delivered to multiple hosts.
Further, it shifts part of the responsibility for identifying those
hosts from the server to the network. Using IGMP, a server can transmit a
real-time data stream, such as a video presentation, to any number of
subscribers on the network—while transmitting only a single copy of the
data. While IGMP is gaining wider acceptance, it is still usable only on
the part of the Internet called the multicast backbone (MBONE). The
MBONE is a special part of the Internet that is multicast compatible.
Multicasting is similar to broadcasting because both multicast and
broadcast packets can be received by multiple hosts. However, broadcast
packets interrupt every system on the network, while multicast packets
only interrupt those systems that listen for specific multicast IP
addresses. Further, broadcasts are generally limited to a single network
segment. When used with IGMP, multicast packets can traverse large,
routed networks. Multicast packets make use of a special range of IP
addresses called Class D addresses, which have a first octet between 224
and 239.
Windows 2000 Server includes an IGMP router and an IGMP proxy. Using
these two services, a Windows 2000 Server connected to the MBONE can
receive and forward multicast packets on behalf of an intranet. Do not
confuse the IGMP router capability with an IGMP routing protocol—Windows
2000 Server is currently not capable of acting as an IGMP router in
multirouter environments. IGMP router and proxy settings can be
configured from within the Routing And Remote Access snap-in by opening
the IGMP Properties dialog box, shown in Figure 6-12.
Figure 6-12: Enabling IGMP is done from the Routing And Remote Access MMC snap-in.
DHCP (Dynamic Host Configuration Protocol) Relay Agent
Windows 2000 Server continues to provide DHCP relay agent
functionality. Using the DHCP relay agent, administrators can have all
hosts on multiple network segments retrieve their IP address information
from a single DHCP server.
Upon startup, a DHCP client transmits a broadcast query requesting an
IP address to be used. If a DHCP server is on the same network segment,
it will respond with an IP address and any additional information the
administrator has configured. However, broadcast queries do not normally
pass through routers, so Microsoft provides the DHCP relay agent. By
placing a computer with the DHCP relay agent installed on every network
segment in a network, DHCP clients do not need to be on the same network
segment as the DCHP server. The DHCP relay agent will listen for DHCP
requests and forward them to the DHCP server.
To configure the DHCP relay agent in Windows 2000 Server, add the
service as a routing protocol using the Routing And Remote Access
interface.
Quality of Service (QoS)
If you have ever experienced choppy audio and video across a network,
you will appreciate QoS. Windows 2000 uses QoS to prioritize network
traffic and make the most efficient use of bandwidth. Further, the QoS
features built in to Windows 2000 allow it to request and reserve
bandwidth from network hardware.
Real-time applications will see the greatest benefit from the use of
QoS. Audio and video streams do not have the opportunity to retransmit
packets that are dropped, and they deserve a higher priority than a file
transfer that occurs in the background and is not time-sensitive.
Applications written specifically to take advantage of the QoS API can
benefit by specifying requirements on a per-session basis. For example,
Microsoft Windows 2000 Server Media Services can request from the
network a specific amount of bandwidth for a given data stream.
Administrators can use the QoS features built in to Windows 2000
Server to give specific users priority on the network, prioritize
different types of traffic, guarantee that specific applications receive
a dedicated amount of bandwidth, and prevent protocols that don't
support QoS (such as UDP) from stealing too many resources. QoS is a
complex topic. To work correctly, every piece of equipment on a network
must support the same QoS standards. Windows 2000 adds QoS support, but
that is only a small part of what is required. Even if the switches and
routers on your corporate network support QoS, that will not be
sufficient to use QoS across the Internet—your ISP and all ISPs between
you and the destination computer must support the standards. Even if
this is not the case currently, you can still benefit from using QoS.
To understand QoS, it is important to understand latency and jitter.
Latency is
a measure of delay on a network. Routers are the biggest cause of
latency—each router takes a small amount of time to process a packet and
forward it to the next network. While an individual router might not
add an appreciable amount of latency, the combined latency of all the
routers between a client and a server can be significant. In general,
the busier a router is, the more latency it adds. Latency is not a
problem for real-time audio and video presentations if they are one-way
communications (each packet is delayed the same amount and received in
appropriate intervals). However, latency presents a serious problem if
the communication is two-way, as is the case with Internet telephony and
video conferencing. Video conferencing across a high-latency network
leads to unnatural pauses that can be frustrating to the participants.
Jitter is the measurement of change in latency. For example, if
the average latency of a packet traveling between a client and server
is one-half of a second, some packets might take as long as a full
second to travel, while others take only a quarter of a second. Jitter
is not an important consideration for file transfers, but it has a
profound impact on real-time network applications such as audio and
video. One of the primary causes of high jitter is a feature of IP
networks: different packets in a single session can follow different
paths through a network. If different paths have different latency, high
jitter results. Clients often compensate for jitter by buffering
network traffic, thereby increasing overall delay.
Consistent with Microsoft's goal of making Windows more extensible,
Windows 2000 Server provides several APIs to allow third-party software
vendors to develop their own QoS standards. There are several QoS
standards supported by Windows 2000 Server.
Resource Reservation Setup Protocol (RSVP)
When you place a telephone call, you are never concerned that the
quality of your telephone call is going to degrade because your provider
becomes busy. Telephone service providers never get that busy; once
their network has reached capacity, new telephone calls are rejected
completely. Each telephone call that you place is guaranteed a
high-quality connection until you hang up your telephone.
This is certainly not the case with most IP networks. If you have
ever tried to carry on an audio conversation across a busy IP network,
you know that the sound might break up when other network applications
steal your bandwidth. Windows 2000 adds the IETF RSVP to provide QoS.
RSVP is one method of making IP networks perform more like telephone
networks. RSVP allows a system to reserve a predetermined amount of
bandwidth along a specific path in the network—eliminating the
possibility of bandwidth starvation and reducing jitter. The specific
path, combined with the QoS specifications, is called a
flow.
To reserve a flow, the client and server must have resources
allocated from every piece of network hardware that will participate.
The client starts the reservation process by sending a
PATH
message to the receiver. As each piece of network hardware receives the
PATH message, it adds itself to the list and forwards the message on.
This list allows future packets in the same session to follow the same
route. Any piece of hardware that does not speak RSVP will forward the
message on like any other packet, without adding itself to the list of
hardware.
The receiving station then sends a response to the PATH message called an
RESV
(for reservation) message. The RESV message is guaranteed to travel the
same route as the PATH message, because each hop in the path is listed
in the message. As each piece of hardware forwards the RESV message
toward the client, it verifies that it really does have the requested
bandwidth and actually reserves it. The entire RSVP reservation process
is illustrated in Figure 6-13. If one of the pieces of hardware cannot
reserve the resources, an error message indicates the problem. The
jitter that can occur by using varying paths is reduced because all
packets in that session will pass through exactly the same routers.
Figure 6-13: Both a PATH and an RESV message are required to reserve resources using RSVP.
The sender automatically resends a PATH message on a regular basis to
adapt to changing states in the network. By default, this resend of the
PATH message occurs every 30 seconds. If the network hardware that has
reserved resources does not see a PATH message within a certain amount
of time (defaulting to 90 seconds), it will remove the reservation. This
prevents a failed connection from tying up resources unnecessarily.
When the session is complete, the station that breaks the connection
will send a special PATH message instructing the network hardware to
release the resources. This is called a
PATH-tear message.
Traffic Control
Traffic control is analogous to assigning priorities to different
processes within the operating system—the most important processes
receive the most processor time, and therefore become more responsive to
the user. The traffic control API provides the operating system with
finer control over the packets it generates, allowing it to make better
use of network bandwidth.
Traffic control and RSVP are not mutually exclusive. On the contrary,
they complement each other well. Traffic control can be used across
parts of the network that do not support RSVP. In fact, RSVP and traffic
control can be used together on a single session where only some of the
network components support RSVP.
Packet Scheduling
Not all network traffic is created equal. If you are uploading a
large file via File Transfer Protocol (FTP), it would be nice if this
transfer would not hurt the performance of the Telnet session you have
open. In this scenario, you are not concerned about the time the FTP
transfer takes, but you do want Telnet to be more responsive. The
operating system should be able to prioritize your Telnet packets so
that they are sent before FTP packets.
The QoS Packet Scheduler does just this. It retrieves packets from
the outgoing queue and transmits them according to QoS parameters. These
parameters allow users and applications to specify that certain
applications have a higher priority in the packet queue. If congestion
exists, higher priority packets will be bumped to the front of the
queue, reducing for these packets latency caused by the local network
segment.
External Prioritization (Diff-Serv, 802.1p, and IP Precedence)
IETF Diff-Serv is an IETF working group whose mission is to make use
of the 6-bit Type Of Service field included in the IP header. The Type
Of Service field was included to be used by network hardware to
prioritize packets, but it was never implemented. Windows 2000 Server
now allows applications to set priority, allowing this field to specify a
level of QoS when compatible network hardware is used.
QoS extends to layer 2 of the OSI model for Ethernet networks.
Windows 2000 supports the IEEE 802.1p priority standard to allow
switches to prioritize frames. The priority is carried as a 2-byte tag
in the data portion of the frame. This allows switches to drop
low-priority frames when their queue is full, increasing the chance for
high-priority frames to be carried successfully on a busy network
segment.
The OSI Model
Computers communicate on networks by agreeing on standard languages,
also known as protocols. Each network communication relies on several
protocols. To make it even more confusing, protocols are
hierarchical—they rely on one another. Fortunately, there's a standard
way of organizing them—the OSI model. The OSI model consists of seven
distinct layers, and all network protocols exist at one of these seven
layers:
-
Application layer (layer 7). This highest level is
used directly by applications to communicate on a network. Examples of
protocols at this layer are HTTP, SMTP, and FTP.
-
Presentation layer (layer 6). Rarely used. It is intended to act as an interface between the session layer and the application layer.
-
Session layer (layer 5). Provides complex conversation controls. NetBIOS over TCP/IP is the best example of a session layer protocol.
-
Transport layer (layer 4). Allows for
connection-oriented communications, error-checking, and guaranteed
delivery. TCP and UDP are the most common examples.
-
Network layer (layer 3). Provides for routing, navigation, and addressing. IP and IPX are the most popular examples.
-
Data link layer (layer 2). Provides communications
within a single network segment. Protocols can include collision
avoidance and error checking. Ethernet, token ring, and FDDI (Fiber
Distributed Data Interface) are all layer 2 protocols.
-
Physical layer (layer 1). The format of the cables and electrical signals. Cat 5 copper wire, fiber optics, and repeaters live at this level.
At layer 3 of the OSI model, IP Precedence allows routers to
prioritize traffic and to better select packets that must be dropped. IP
Precedence is simpler than the RSVP protocol because it does not
require the PATH and RECV messages, nor does it require network hardware
to preallocate the necessary resources. However, bandwidth is not
guaranteed and jitter is still prevalent.
ISSLOW—Latency Reduction on Slow Links
Using ISSLOW, large packets can be fragmented to improve performance.
Consider the example of audio and video being transmitted
simultaneously. Video packets are much larger than audio packets, and
the delay while the packet is transmitted over a slow link can be as
much as half a second. If audio packets are separated by half-second
intervals, the quality of the audio becomes unacceptable.
ISSLOW solves this problem by fragmenting large packets into
multiple, smaller packets. This way, many smaller audio packets can be
transmitted in the middle of the big packets, ensuring a smooth service
quality. ISSLOW is the name of an IETF working group—the actual letters
represent "ISSLL subgroup on low bitrate links."
Quality of Service Admission Control Service (QoS ACS)
The Quality of Service Admission Control Service (QoS ACS) allows
administrators to control which users and groups can reserve bandwidth
on the network. Naturally, RSVP could be dangerous if control wasn't
provided—a user could request so much bandwidth that the rest of the
organization suffered! QoS ACS uses policies to determine whether
resource requests should be approved or disapproved. QoS ACS controls
RSVP, SBM (Subnet Bandwidth Management), IP Precedence, and 802.1p usage
to prevent bandwidth overcommitment on both routers and network
segments.
QoS ACS policies can be based on network topology, available
resources, users, groups, and applications. These policies are stored in
Active Directory, so they are available across the enterprise. QoS ACS
is an open standard, so third-party switches and routers can make use of
Windows 2000 Active Directory to determine policy.
How Do Other Operating Systems Fit In?
Windows 2000 Server is intended to provide network services to a
variety of clients, including Windows for Workgroups, Windows 95,
Windows 98, Windows 2000 Professional, and UNIX operating systems. More
recent versions of the Windows operating systems will benefit the most
from the network advances added to Windows 2000 Server. For example,
Windows 98 systems are shipped ready to participate in Active
Directories and to use Microsoft Distributed file system (Dfs) shares.
Summary
As the Internet continues to evolve, so does Windows. The new
networking features of Windows 2000 Server enable administrators to take
better advantage of their existing network and of the Internet. Virtual
private networking technologies like PPTP, L2TP, and IPSec improve
security and increase the usefulness of the Internet. The routing
features of Windows 2000 Server expand the operating system's
functionality past that of merely a file and application server.
Finally, system-level support for Quality of Service technologies makes
real-time multimedia over IP networks a reality. Ultimately, all these
technological advancements lead to more productive and happier users.
The above article is courtesy of
Microsoft Press. Copyright 1999, Microsoft Corporation.