This document is designed to introduce non-expert users (particularly those with little or
no previous networking experience) to some of the terminology and principles that it is
useful to understand when itcomes to dealing with not just a private network of
computers, but also the larger interconnected series of networks that comprise the
Internet.
Topics that will be discussed in some detail are listed below - the information included in
this document should be sufficient to enable secure configuration of a SmoothWal
system, and hence ensure that the private network that is subsequently connected to the
Internet remains just that - private and secure. If you already know the principles of
networking and how to configure an IP-based network you will find much of the following information redundant.
To best discuss networking, and TCP/IP networking in particular, it is perhaps best to
take a step back from the details and to briefly consider what a network is, and how it all works, which is the intent of this first section.
What is a network?
The answer to that is most easily described (in the context of a network of personal
computers) by stating that a computer network is a number of interconnected computer
systems, each able to communicate with one another, and to move and share data
between individual systems, often known as nodes.
In order to be able to communicate between different, independent computer systems,
there has to be an underlying common mechanism in place so that each system can
both talk and listen to other systems. This mechanism can be viewed as a number of
parts:
Hardware
The system (for the remainder of this document it is assumed, unless stated otherwise,
that the system in question will be a PC) has to be able to communicate with the rest of
network. This can be by means of a piece of cable, infrared or radio waves, or by some
other format that is suited to the rest of the network. So that this becomes possible the
PC has to be able to communicate at a very basic level with the hardware that provides
the interface to the network - this is normally by means of a piece of software called a
driver which provides the necessary code to permit communication.
Protocol
Once a PC has been attached to the network it is necessary to have some form of
common method of communication, or disparate nodes will be unable to understand the
communications passing between them on the network. As an analogy, if you happen to
be fluent in English, French, and German, but end up in the middle of China, your
language skills will not be of much use to you unless you can also find an interpreter who
speaks a common language to yourself.
There are a number of protocols that have been, and still are, used in computer network
systems, but we shall only concentrate on IP in this document. Note that the principles of networking still apply in most cases - only the specifics actually change with the network.
Once a driver has been installed (so that the PC can communicate with the network
interface) a protocol is loaded to allow pieces of data (known as packets) to be sent and received across the network to and from other systems. In this case the protocol is IP, and normally TCP/IP.
What are IP and TCP/IP?
IP (Internet Protocol) is the standard (or protocol) by which independent remote nodes
communicate with each other across the Internet - it is the foundation upon which the
entire Internet is built, and without it there would be no Internet as we know it today. IP is in effect a common language by which networked computers can communicate with
one another.
There are, of course, other network protocols that have been specifically designed for a
number of other purposes, but these are typically found only in closed private networks
that do not communicate with other external systems, and as such, are not relevant to
this discussion and so will not be covered. Although in general the same basic principles
of networking are adhered to in these types of networks, not everything will be the same
for non-IP based networks.
There are two additional standard protocols that control exactly how the data traversing
networks using the IP protocol is sent and received - these are known as UDP (User
Datagram Protocol) and TCP (Transmission Control Protocol), but there is no
requirement to know the specific details of either. As might be guessed from the name,
TCP offers a more control over the sending and receiving of data than UDP does
because it has some means of error checking built in to the specifications of the protocol
itself. A network that is using the TCP protocol to control the flow of data over an
underlying IP protocol is referred to as a TCP/IP network.
IP addresses and notation
The first thing to be aware of is how IP-enabled machines are labelled. Every individual
system reachable on the Internet has a unique reference by which it can be addressed.
These references are numerical in nature, although there are systems designed to
enable a more human-readable form to be used, which are then subsequently translated
to the computer-friendly numeric format. Systems of this sort will be discussed briefly
later in section Example IP networks. Each Internet-visible system has what is referred
to as an IP address, which is also referred to as a dotted quad. The reason for this
nomenclature becomes obvious when the numerical format of the address is examined -
each IP address consists of a set of four numbers, each separated by a dot or full-stop -
for example - 111.22.33.44. Each of the individual numbers ranges from 0 to 255, which allows potentially 4,294,967,296 unique addresses to exist.
However, some of these addresses are reserved for use in specific ways that relate to
how the networking protocol itself actually works, and consequently are not available for use. Suffice it to say that there are still a large number of addresses available for use or IP networking would not be especially useful.
In order that no two systems choose to use the same address a central database is
maintained, and allocation of addresses for use by individual systems is controlled from
this. Your ISP will have been allocated a series of addresses to use, a subset of which
are passed onto you in turn. The ISP handles the secondary allocation to you of some of
its own allocation of addresses (known as address space), and you then choose which
of your systems will be given each of these allocated addresses. Provided that no
duplication occurs each of your systems will then have a unique address by which it can
be identified.
As mentioned above, there are a number of addresses, or ranges of numbers, that have
been reserved for specific purposes. One of these very purposes is to allow private
networks to use the IP networking system, as it is considered reliable and has a number
of features that make it a useful protocol to implement. The least of these is perhaps the
relative ease that private IP-based networks can be subsequently connected to other IP-based networks such as the Internet. Hence there are certain ranges of addresses that should only be used as part of a private network. These are listed below, with a brief description.
10.X.Y.Z
where X, Y and Z is each in the range 0-255. This is the Class A
private network range. Use this sort of address if you have a
private network of upwards of 1.6 million systems to address.
172.16.X.Y to where X and Y is each in the range 0-255. This is the series of
Class B private 172.31.X.Y network ranges, which each allow over
65,000 different addresses to be assigned.
192.168.X.Y where X and Y is each in the range 0-255. These are a range of
256 (0-255, as determined by the value of X) Class C private
network addresses, which each allow over 250 different addresses.
For smaller private networks it is conventional to use addresses in the 192.168.X.Y
ranges, and unless there is a need to service larger networks this is a sensible
convention to adhere to.
Now that there exists a means of allocating individual IP addresses to systems on your
private network all that remains to do is to begin the process of giving your systems
unique addresses.
There are some features of the standard IP protocol that mean that an IP-based network cannot use the entire range of the address space. There are a variety of methods that can be used to either sub-divide IP networks into smaller, more manageable, chunks, or to combine a number of smaller networks that use different addresses into a larger, extended network. These methods take up a small number of addresses in their implementation - the price to be paid for using a very flexible networking protocol.
It is perhaps easiest to understand some of the terms used by means of examples, and
a variety of sample network layouts including these details are discussed in section
Example IP networks below.
Connecting IP networks
In order that a number of networks can be connected together to allow data to pass from one to another there needs to be a means to allow the connection of networks with
different addresses. The way this is achieved is to use a system known as a gateway,
which is simply the term for the point of connection between different networks.
By means of devices known as routers, data sent from one network for a system within
another network can be seamlessly passed from one network to another. Each router
contains a series of rules that relate to the addresses of known networked systems, and
each piece (or packet) of data that passes through them is checked against this ruleset
and sent, or routed, appropriately. A gateway and a router perform similar functions, with a router usually having a more complex set of rules to contend with.
Each router or gateway is configured with a set of rules that determine where network
data, or traffic, is to be sent. Note that it is not necessary for each individual router or
gateway to know about the existence of every other network in the world, but rather just the local ones that it manages network traffic for. Instead, upstream of the router there will be a system that has been designated in the routers ruleset as possessing more
information about remote networks. The initial route that is taken for any traffic
designated for an unknown remote network destination is for it to be passed upstream to the next router. In turn, this upstream router will have information about where to forward the packet of data, whether that is to a known network local to itself, or to pass it on again to its upstream router. Since each and every packet of IP traffic contains
information about where it originated from, and where it is being sent to, in addition to
the message data itself, packets can easily be routed across a number of different
networks to reach their final destination. In addition, using the TCP protocol means that
packets need not necessarily be received in the same order that they were sent, so if a
problem in routing the network traffic occurs, an alternative route can be used instead
and the data reassembled at the final destination into the correct order of transmission.
It is evident that such a network system is not only robust and very able to deal with any
failures or other issues on a temporary basis, yet still allows a great degree of flexibility.
These are features that have made IP networks the primary choice for most.
Network addresses
In order that a network can be found it is assigned what is called the network address. It
is fairly common practise for the gateway into a network to be the next highest numerical
IP address from the network address, but this is by no means necessary. Beyond that,
the highest numerical IP address is reserved for the broadcast address of the network,
and everything else in between is left up to you to assign to your individual systems.
Most network administrators, particularly those in charge of large networks, have a set of rules by which they assign IP addresses, and perhaps the most common of these is to
reserve a number of addresses at the lower end of the range for use by servers, and for
workstations to use the higher end of the address range, although this is merely
convention.
There is a process known as subnetting a network that allows you to split a range of
addresses into a series of sub-networks for a variety of reasons. In order to do this, there is a mechanism that prevents traffic from one sub-network from reaching another, unless it passes through a specific router or gateway, and this is called the network mask, or netmask. If you have a reason for subnetting your network then you should already know about netmasks and how they operate, and since a discussion of such is beyond the intended scope of this document, readers who are interested in pursuing this further should consult the list of further reading at the end of this document.
