| [<--Prev] [Next-->] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[Printable Version]
[Daryl's ColdFusion Primer]
[About Daryl]
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
The following are questions submitted to me via e-mail. The answers may not always be complete, and quite often there are unmentioned exceptions (that, of course, prove the rule :-)
As usual, use any information here at your own risk; I am not responsible if any errors or omissions that adversely affect you. If you submit a question to me, please include whatever details you can to help me answer. I don't guarantee a response; if I do respond, I may post the response here, without your full name, edited for brevity, and after altering any IP addresses to preserve your anonymity. |
| Question added 6/8/2001, submitted by Manoj |
| Q: Can you please tell the differences between logical port and physical port? |
| A: Think of a logical port as a "software" port and a physical port as a "hardware" port. For example, if you have a Frame Relay T1 line installed so that you can commumicate with 5 branch offices, each of the 5 virtual circuits are terminated at a logical port, yet there is only one physical T1 port on the router. Every physical port has at least one logical port associated with it (unless it's disabled.) |
| Question added 12/1/2000, submitted by Suraj |
| Q: Can you explain to me the concept of "SUPERNETTING" with a good example? |
| A: "Supernetting" is really a term that predates RFC 1812, and refers to the practice of combining multiple contiguous "classfull" networks into a larger subnet than RFC 950 would allow. For example, you could combine the networks 192.168.2.0/24 and 192.168.3.0/24 into one network 192.168.2.0/23 (note the 23), but RFC 950 does not allow for "Class C" addresses to have a subnet mask of less than 24 bits. RFC 1812, however, removes the class restrictions from networks, and therefore effectively obsoleted the term "supernetting." Technically, RFC 1812 also obsoletes the term "subnet mask" and replaces it with the term "network prefix", but it's a distinction that is rarely made. |
| Question added 10/15/2000, submitted by Shaowu |
| Q: I was wondering if you would like to give me some ideas about the following question? Consider that a host, say A, of IP address in class B and the subnet mask "255.255.0.0", and a host, say B, of IP address in class C and the subnet mask "255.255.255.0". Assuming that the host A and host B can "ping" each other. After changing the subnet mask of the node B to "255.255.0.0" (just done on the host B), could host A and host B "ping" each other? If not, how to let them "ping" each other with the codition that they keep their original IP address and use the same subnet mask "255.255.0.0"? |
| A: As long as the subnets don't overlap, and the routing is properly configured (which it is if you can ping each other), then you're fine. Remember, you only know (or care) what the destination subnet mask is if the destination subnet also happens to be the source subnet. The first routing decision is made by the sender, and that decision is whether to send the packet to the router, or to send it directly to the destination host (if the sender determines that both machines are on the same subnet.) As long as the routing is properly configured on both sides, you'll be fine. In fact, many misconfigurations will work fine, too, if a touch inefficiently. If you use a subnet mask that is too specific, you may wind up sending many packets destined for local hosts to the router, which then will put the packets right back on the same wire back to the local destination. If your subnet mask is too broad, then you won't be able to reach any hosts on non-local subnets included in the overly broad mask (since the packets won't be sent to the router for delivery.) The goal of routing is to eventually get the packet to a router that is on the same subnet as the destination. Play with the subnet calculator a bit to see that first routing decision in action. |
| Question added 6/13/2000, submitted by Victor |
| Q: What does a company like yahoo do when they receive too many hits on their single IP address. Do they just get a bigger router? i.e. Two routers on the net cannot have the same IP address which implies they just have to upgrade to a bigger router, they can't just add another. Also, what if the servers behind the router use up all the port numbers? Does this mean that no more servers can hide behind the single IP address? I've just been really curious how the major internet companies scale their networks to handle thousands of transactions and users. |
A: First, remember that there can be a one-to-many relationship between names and IP addresses, and with hardware assistance, between IP addresses and servers. For example, www.microsoft.com maps to five different IP addresses:C:\>nslookup www.microsoft.comAdditionally, each of those IP addresses probably represents whole cluster of Web servers hidden behind a hardware device such as Cisco's Local Director. Remember, it's the Web servers doing the bulk of the work; routing is relatively simple by comparison. Building a database cluster to handle that page request load is another feat. The two flaws in the question: first, a DNS name can (and often does) point to multiple IP addresses, which facilitates running many servers in parallel to handle very large loads; second, it's not the routers that are problematic in handling significant loads-- generally speaking, Web site capacity planning focuses on the database and Web server(s), not the router(s). |
| Question added 3/21/2000, submitted by Kathy |
| Q: I have been trying for several months to find information on tracking the origin of an e-mail thru the message ID, I have had no success. Do you know of a way to track if so can you share that information or is this considered a trade secret??????? |
| A: No secrets here :-) You can find out much about the origin of a message by the headers. The following are the headers from a SPAM letter I got the other day (you may need to find a "view headers" option in your e-mail client to view these on your own messages):
What we're seeing here (read the Received: lines from bottom to top) is that someone at 198.144.76.204 (which has a DNS name of pt-006-00189.greenapple.com) used the mail server rech1.werbebuero1.de (195.90.0.60) to relay SPAM to me. I would notify abuse@greenapple.com and postmaster@greenapple.com that a customer was sending SPAM from their network, and I would notify abuse@werbebuero1.de and postmaster@werbebuero1.de that their mail server was misconfigured and being used to relay SPAM, thereby filling up their mail queue and causing mail delays for their important mail, using all their expensive bandwidth, etc... Note that the From: address is probably forged/fraudulent, and the To: address has nothing to do with who the mail was sent to. The from, to, and reply-to headers are created by the sender; the commands that indicate who the /real/ recipient is don't get included in the actual message. Note that it's a trivial matter to forge un-digitally-signed e-mail from and to someone. Fortunately, the intermediate mail servers generally always include the IP address of the source of the e-mail. If that can be tracked (with help from the date/time stamp) to a sender, you can find the exact individual who sent the e-mail. If you require secure communications with someone, look into PGP at http://web.mit.edu/network/pgp.html. It is a system that can prove a message is from a certain sender and has not been tampered with (digital signature) and, optionally, it can also encrypt the message so that only the sender's designated recipients can read it (though they also need PGP to either verify the signature or decrypt the message.) It's free for personal use, and businesses need to pay a reasonable fee. For an excellent document on how PGP works, see http://www.pgpi.org/doc/pgpintro/. |
| Question added 3/2/2000, submitted by Luis |
| Q: If host A wants to PING host B which is 3 routers away, host A must ARP for his gateway (router). Once he gets the MAC for the gateway, host A sends the packet to the gateway ( we know it did a Boolean "AND" and determined that the "pinged" IP address was not local. My question is this: When the router closest to host A (his gateway) receives the packet and realizes that he does have a route to host B, does the packet leaving router have as a source IP that of the router itself or the IP of the host A???? |
| A: The layer 3 source and destination IP address do not change between the source and destination, unless you have a firewall in between performing Network Address Translation. The layer 2 information, however, is stripped off and replaced at every hop. If a packet traverses an Ethernet network to the first router, a PPP link to another router, and reaches a destination on a Token-Ring network, then the packet will have a destination MAC address of the first router for the first hop, no destination MAC address for the second hop (since PPP is point-to-point, it doesn't need to specify which machine is supposed to get the packet), and the third hop will have a Token-Ring header with a source MAC address of the router, and destination MAC address of the target machine. At no point do the source and destination machines know anything about the layer 2 configuration of each other (unless they're on the same subnet.) |
| Question added 3/1/2000, submitted by Sid |
| Q: This is a great and very useful source of information. [Thanks!] I still don't completely understand TCP/IP subnets and submasking, but this really helps. Hopefully, after I've read it a few more times, I'll find the answer to my question: do all hosts on a LAN need to have the same submask setting? |
| A: All hosts on a given LAN subnet must share the same mask. The subnet mask, when applied to the host's IP address, indicates which other IP addresses should be on the same network. Packets sent to destinations not believed to be on the same network are sent via the best available route-- usually to the default router. An easy way to theoretically disconnect yourself from the world is to set a subnet mask for your workstation that suggests that your default router is on a different network. If you can't send packets to your default router, then you can't talk to anyone not on your subnet. (I've noticed, however, that Windows machines will attempt to ARP the Ethernet address for any IP address given to Windows as the default router's IP address. So, in this case, if the default router is physically on the same network, even if it's logically seperate, it will work.) To see the subnet mask in action, refer to Daryl's Subnet Calculator (heh.. someday I'll come up with a more creative name), at http://ipprimer.windsorcs.com/subnet.html |
| Question added 6/5/1999, submitted by Kent |
| Q: This is a great site. Thank You. [You're welcome.] I do have one question concerning subnetting and when to do so. How many nodes can you put on one TCP/IP subnet before it requires segmenting your network? I am referring to a Lan with approx. 300 users. Is there a reason why I can't use a standard 255.255.000.000 subnet. I will only be assigning addresses in my DHCP scope as the network requires them. |
| A: This is a good question, and really is more of a layer two question than a TCP/IP question. I would not run a 300 user lan on a single 10Mbps Ethernet segment; however, I wouldn't balk at a 300 user network segmented into 12 or 24 switched partitions using a centralized Ethernet switch. So the real question here is, "will my current layer two network topology support 300 users on one segment?" You can put as many nodes as you want on one TCP/IP segment; however, that lack of limitation does not apply to Ethernet. (I would ensure no Windows boxes are running NetBEUI, though.) Remember, a switch "segments" networks on layer two, and a router "segments" on layer three. The main difference, from a topology planning standpoint, is that switches forward broadcast packets and routers don't. Thus, switching becomes a problem quickly with "loud" protocols like NetBEUI, since switching doesn't reduce or segment broadcast traffic. You can use a subnet mask of 255.255.0.0 to put up to 65,534 hosts on a single routed network segment; or you can use a subnet mask of 255.255.254.0 to put up to 512 hosts on a network segment. I'm assuming you're using "reserved" addresses (such as 10.1.x.x) behind a NAT firewall or proxy, so the choice of subnet mask is yours. The choice of whether or not to segment by switching or routing is also yours; I tend to prefer switching, since it tends to keep things simpler. |
| Question added 1/23/1999, submitted by NBK |
| Q: How vulnerable is Linux against Net attacks compared to NT??? Damn NT has to many holes.... |
| A: In both cases, it depends on the administrator :-) a good packet filter or (better yet) firewall, good knowledge of the security issues of the services the box is providing, and keeping current on the security updates/mailing lists for the OS'es and running services makes for a pretty strong box. Any badly installed service can present the opportunity for a full breach; be sure to read the security FAQ's (and I'll often scan cracker websites) for the OS and the services you're making available to the public. |
| Question added 12/3/1998, submitted by David |
| Q: This is to request from you a tutorial on TCP/IP. Thank you very much. [Answer: can you be more specific? Platform, etc?] Actually I'm looking for an overview on the internet network. How the providers build their network... How do they get inteconnections... What are the critical economical issues for internet on the next years...etc |
| A: Hm... That's intentionally outside the scope of the Primer (hence the subtitle, "...the near side of the 'net.") For the information you're looking for, search for "BGP4" re: interconnections, and regarding economic issues (etc) try any of the Internet trade rags for the professional pundits :-) Doing generic dialup and hosting does not (IMHO) have an entry level any more; the services are very commoditized and the economies of scale involved will squeeze out the smaller non-value-added providers. But (apologies to Dennis Miller) that's just my opinion, I could be wrong. |
| Question added 10/12/1998, submitted by Joanne |
| Q: The part I don't understand is: what is the reason to subnet? You can't possibly get more destinations that way, I mean, 32 bits are 32 bits. There's only 4 billion possible internet destinations, no matter how you split it up. So what does subnetting do for ya? |
| A: Subnetting does two things, depending on what context you're in: If you're a workstation (or server), the subnet mask is used to determine whether the destination IP address is on your same subnet; if so, the workstation will attempt to ARP the destination's Ethernet card address and deliver the data directly; remember, the first routing decision is made by the workstation, and the decision is: whether or not to send the packet to a router. Routers keep their routing tables managable by clumping large blocks of addresses together using broad subnet masks ("Network Prefixes"). In the old days of classful routing, routers would have to keep track of each "Class C" address individually, which was causing extreme growth of routing tables; CIDR routing allows you to clump as many "Class C" networks together as you want (in powers of 2.) So, you may ask, what about servers that also act as routers? In which category to they fall? Well, I lied when I said that subnetting does different things depending on context; it's just that most IP end stations (workstations) don't bother trying to keep track of the whole network; they just know that "these addresses are local, and I'll send anything else to my default gateway/router." |
| Question added 10/6/1998, submitted by Bob |
| Q: Is it possible with IE or netscape to address a web server by its MAC address? |
| A: It sounds like you're asking if you could run HTTP over DLC; the short answer is "no." The long answer: the HTTP protocol is based on the TCP protocol, which is based on IP; therefore, both the client and server must already be running IP for HTTP to work. You could force client and server IP address into their local ARP caches if they are on the same subnetwork (bounded by routers), but I dont know how well that would work (I doubt the IP stack checks its arp cache before it determines whether or not a given IP is on a locally attached subnet.) If it did work, you could then type the (fake?) IP address of the server into your browser's location line to pull pages. The server would then reply to your (fake?) IP address. Alternatively, if there is an IP router involved, you could play with its ARP cache; routers are more likely to be forgiving about having multiple IP subnets (or, network prefixes, in RFC 1812 parlance) on the same subnetwork than, say, Win95 workstations. Note that on any point-to-multipoint network (like Ethernet or Token Ring, but not including serial PPP or HDLC connections), the most basic address (in the layer 2 MAC header) is the MAC address. But you cannot type a MAC address into 'IE or netscape' and connect to a web server; even if you could, the web server would not know what IP address nor TCP socket number to reply to. |
| Question added 9/30/1998, submitted by Jim |
| Q: I just have a quick question, its regarding Windows 95 (Yeah, I hear you screaming), when you set the computer to 'disable DNS', and don't set a gateway address (all via control panel) and disable WINS--how is anything assigned to the computer? Is it fair to assume its BOOTP, or something else? |
| A: Probably DHCP; BOOTP assigns the IP address, subnet mask, default gateway (route), and (if memory serves) the DNS information. DHCP allows for a bunch of other information to be sent to the workstation, including WINS server addresses. DHCP also has a facility for "lease expiration", where addresses that are not renewed are returned to the pool of available addresses; under BOOTP, IP addresses are permanently associated with the NIC's MAC address, so if you throw out the NIC, the IP address is "lost." Win95 does not support BOOTP. DHCP and WINS are two very different things, they just seemed to "appear" at the same time (with the introduction and subsequent popularity of Windows 95 and NT Server 3.5x). DHCP is used for automatically configuring workstations with all the information they need to access the TCP/IP resources available to them, including IP address, subnet mask, default gateway, and on Windows NT networks, WINS server addresses. WINS is like DNS for NT networks; WINS is used to "advertise" and locate NT server and (win95|nt) workstation resources on the NT network, such as shared drives and printers. DHCP is a non-Microsoft-specific "upgrade" to BOOTP, WINS can be described as a Microsoft Networking version of DNS. (Novell's version of WINS for distributing SAP information is called DSS, or Domain SAP Server.) BTW-- Win95 doesn't make me scream, but don't bring any Win3.X machines by unless you're equipped with earplugs :-) |
| Question added , submitted by Ana |
| Q: In a real network how would you connect two routers together over a WAN? |
| A: Well, in a nutshell, there are connections that connect many devices together (point to multipoint), and there are connections that connect only two points together (point to point). Point to point connections are usually used for long distance connections that involve the telephone network. The connections are serial; some sort of serial cable translator/extender is needed to adapt a serial cable to a telephone network. Broadly speaking, a modem connection to the Internet is a WAN connection. You'll notice that modems are always assigned to serial port numbers (eg COM3). At your end, TCP/IP packets are turned into serial data (using the PPP protocol), which your modem then turns into a series of noises that can be carried over a phone wire. At the ISP end of the connection, there is a bank of modems that re-translate the signal back to serial data, which is then turned back into TCP/IP packets. Router-to-router connections generally involve leasing specialized digital lines from the phone comany (e.g. T1/E1 or faster), and the devices that convert serial data from the routers into signals the phone company will accept are called CSU/DSUs. So, [router]--serialcable--[csu/dsu]---{{phonenetwork}}---[csu/dsu]---serialcable---[router] Note that in modern hardware, the csu/dsu is typically integrated into the router, so no physical serial cable exists. |