|
|
The TCP/IP LANA Hands-on How-toSMfrom Brass Cannon ConsultingA little vague handwaving can often save hours of tedious explanation. |
A LAN is a Local Area Network -- it's a fancy way of saying "the two or three computers in this room, give or take the dozen down the hall." It implies a fast connection -- dozens, hundreds, even thousands of times faster than a dial-up modem. It used to be pretty challenging to hook computers together this way, but the parts have become cheaper and software has gotten smarter.
TCP/IP is one of the reasons it's easier. TCP/IP is actually two things: TCP, or Transmission Control Protocol; and IP, or Internet Protocol. (A protocol is just "a clearly defined way of doing something.") TCP/IP (the combination of TCP with IP) defines one way that computers on a network can communicate by exchanging packets. One definition of "The Internet" with a capital "I" is simply "All the computers that can talk to each other right now by using TCP/IP." If your computer can run TCP/IP and can talk to any other computer that is already on the Internet, then by our definition your computer is part of the Internet too.
Before TCP/IP won out over its rivals, you might have had to fight with any number of salespeople, all pointing fingers at each other and none of them willing to take responsibility for making your network, well, work. The triumph of TCP/IP means that when you go to the Windows Control Panel and select the Networks icon, you can ignore everything that isn't related to TCP/IP.
Let's assume you're reading this on a machine that has a modem. It's a standalone PC (for values of "PC" that include Macs, or any other computer you can pick up without a forklift). "Standalone" means it isn't part of a LAN (yet). But maybe you have another PC, in the same room or just down the hall. So far, so good.
LAN networking does not use modems; it requires Network Interface Cards, or NICs. It's almost a given that these will be Ethernet NICs. There is a socket, called an RJ-45 jack, on the NIC. The wire that snaps into this jack has a plastic plug, which looks very much like the one used with modern US telephones.
"RJ" stands for "Registered Jack." The common telephone plug is called an RJ-11. The RJ-45 is a little wider and carries another two pairs of wires. As a matter of fact, lots of offices use "Cat-5" wiring for both their data and their internal telephone system. In the equipment room, all of the cables end up at a "switch panel" where some of the cables will go on to the phone company, while the rest go to the company's central computer switch. You can plug an RJ-11 telephone cord into an RJ-45 jack, so it sort of makes sense to order just one type of part; but you still have to keep track of which ones are hooked to the telephone equipment and which are hooked to the computer network! In the equipment room, a technician will use a "punch-down" tool to connect ports to individual telephone company wires, both for phone service and for Internet service.
Network cable used to be heavily shielded (see the comments on "thinwire" below); but as technology has improved, it was discovered that the simpler -- and less expensive -- twisted pair cable gives better performance at a much lower price. "Category 5 UTP" -- Unshielded Twisted Pair -- is quality tested for use up to 100 megabits per second or higher, also known as 100-Base-TX. "Category 3" is only guaranteed up to 10 megabits per second, or 10-Base-T. Buy cat-5 now to avoid the embarassment of having to replace all your wiring later. "Category 6" was recently standardized but isn't making its way into the market very quickly; consumer hardware just doesn't need more than cat-5 provides.
Cat-5 is a rather thin and lumpy round cable, made up of multiple pairs of solid copper wire. If you were to strip off the plastic coating, you would find that, yes indeed! each pair of wires is (slightly) twisted along the length of the cable. Pairing and twisting the wires in this way provides protection against electrical noise; that is, it keeps the wires from acting as an antenna and picking up spurious outside signals.
Installing a NIC is like installing any other bit of hardware; you turn off your computer, install the card according to the directions, and find out whether your operating system (Windows, Linux, whatever) recognizes it. If you've gotten this far, you're the sort of person who reads directions, and that means you are very likely to be successful in this effort. To connect two computers together in a minimal LAN, each of them needs to have a NIC... and you'll need a cable.
The older, slower Ethernet NICs called "10-Base-2" used thinwire -- round coaxial cable, almost a centimeter in diameter; something like TV cable but with a twist-to-lock BNC connector, not the screw-on "F" connectors that TV cable uses. "Coax" is a single wire, surrounded in succession by a plastic insulator, a braided metal-mesh shield, and a rubber or vinyl outer coating. It's relatively expensive to manufacture.
Some NICs have both RJ-45 and BNC connectors; in that case, only one is enabled at a time. Strangely enough, if you had an old hand-me-down NIC that used coax, it would be easier to connect two computers, because there is no need for a hub. With coax, machines are connected in a simple "daisy-chain." With RJ-45 (10-Base-T), machines are generally connected to a hub or a switch. You must use a hub for 10-Base-T if you have more than two devices. If you have only two machines you can connect them directly to each other by using a crossover cable. So here is your first network administration decision: Do you use a crossover cable, or do you buy a hub?
The answer is simple: Will you ever add another device to your network? If so, then get a hub. You have to have one to add any other networked device (including a "cable modem," not just other PCs). Get one with as many ports as you can afford, because networks tend to grow. If you will not be adding anything to your network for months and months, then a crossover cable is fine. Just make sure your crossover cable is a distinctive color and/or has a label of some kind. Not knowing whether a cable is a crossover or not will increase your stress level when you start dealing with hubs and switches.
Computer science was born when the late Claude Shannon discovered (or invented?) a new law of nature. Information can be measured in units that can be counted, just as we measure flour in cups or diamonds in karats. The natural unit of information is the bit, or binary digit. Any kind of information can be represented in units of binary storage. One bit is the amount of information needed to decide between two equally probable things -- the result of a coin toss (heads or tails?) is one example. A light switch (on or off?) is an example of a "binary device." To a mathematician, the obvious choice to represent a bit is a one or a zero.
When you add nine plus one, you get ten. The number ten is too big to fit in a single digit, so you "carry the one." In binary arithmetic, you have to "carry the one" much more often, so binary numbers quickly become longer than ordinary decimal numbers. The number 255 takes eight binary digits: 11111111. To add one to that, you need a ninth bit: 256 in decimal is 100000000 in binary.
A "byte" is a chunk of bits used to represent a character. Eight bits is a convenient chunk to work with, and has become the standard size for a byte.
Fascinating as this is, I'm sure you're wondering why I brought it up. Fair question. It's important because every piece of Internet-aware equipment -- every NIC that speaks TCP/IP -- uses a four-byte IP address. That address is usually expressed as four three-digit numbers, separated by dots. The numbers must each be in the range from zero to 255, because they are 8-bit numbers.
So: 0.0.0.0 would be a valid Internet address (although a very special one). 255.255.255.255 would also be valid (and very special). 255.255.255.256 would not be, because the decimal number 256 will not fit in eight bits. Never has, never will.
Some addresses have special meanings, and will never be assigned to an individual device. The address 0.0.0.0 means "All machines, everywhere." When you want to tell your NIC to look for "The Internet," you tell it to look for address 0.0.0.0. The address 255.255.255.255 has a similar use, but in a different context. That still leaves a lot of addresses, of course... but we're not done reserving some for special uses.
Three blocks of addresses have been set aside for "private" use. These addresses can be used to set up a private LAN, secure in the knowledge that even if you accidentally hook it up to the Internet, your traffic won't (well, should not) flow out to other sites. The set of addresses that most home users are familiar with is the private range 192.168.0.0 through 192.168.255.255, which is 256 blocks of 256 addresses. Each block of 256 addresses (count them!) is what used to be called a "Class C" block. Note that your private network can be on any of 256 Class C blocks, from 192.168.0.0 through 192.168.255.0. If you want to be "different," you can pick any valid number for that third byte, not just zero.
Addresses are assigned to users by the Internet Assigned Numbers Authority, or IANA. They "own" all the addresses, from 0.0.0.0 through 255.255.255.255. It is their responsibility to allocate blocks of addresses to major organizations such as ARIN, the American Registry of Internet Numbers. ARIN in turn allocates blocks to other organizations in the Western Hemisphere (such as major backbone providers), who eventually assign blocks to end-users.
For reasons we will soon discuss, there is a limit to how few addresses can be assigned to a user (an individual, a company, or an organization). You can't really use a single address, for example. It takes two machines to make a network! You can be assigned one address out of a larger block, but fitting that block to the needs of your organization is often tricky. Why? First, because addresses need to be contiguous -- that is, they need to run in numeric order; and second, it's not enough to give someone (say) sixty addresses that run in order; you have to assign them a multiple of some power of two (four, eight, sixteen, thirty-two, and so forth). If someone needs twelve addresses, they have to take sixteen or make do with eight -- they can't get just twelve. We'll cover that in some detail in just a moment.
It used to be that the smallest block a company could get was a "Class C," or 256 addresses. It is much more efficient to assign smaller blocks than this, though, so the IANA is requiring Internet Service Providers (ISPs) to handle the larger blocks and divide them up into smaller blocks for distribution to individual customers. The term "Class C" has fallen out of favor, but is still used by old timers.
Your netblock is also known as your network, and a device can only talk to other devices that are in the same network. "Wait a minute," I hear you cry. "That's ridiculous. I'm here at wombats.au, you're over there at brasscannon.org, and I'm reading your web page just fine!" Ah, but the trick is that some devices -- routers, for one -- can belong to two networks at once, and there are lots of routers between you and me. That doesn't help you, though, with your two PCs and a crossover cable. Those two machines have to belong to the same network, or else you have no network at all.
What defines a "network" in this new sense of the word? We spoke about a Class C network, a block of 256 addresses that begins at an address such as 192.168.16.0 and ends with 192.168.16.255. That's a pretty natural grouping, because we are simply using all the possible values in the last 8-bit byte.
Three of these 256 addresses are reserved for networking purposes. The zero address is called the network address, and so this Class C would be the 192.168.16.0 network. A router outside your LAN would use that address to send a packet to your LAN, similar to the way that the Post Office forwards out-of-state mail to your city as the first step in getting it to you.
The address that ends with .255 is the broadcast address, and is used to send messages to all the machines in the network. The router would use this address to "poll" all the local machines to see what addresses are in use.
Finally, the address that ends with .1 is usually the gateway address. (At least, that's how we do it at the day job. Most Internet Service Providers will have some sort of internal standard for this.) This is where machines on the LAN would send their outgoing packets to be routed to another LAN, or to the Internet (remember address "0.0.0.0"?). There is a bit more flexibility with this address than with the other two -- you don't HAVE to use the second address in your netblock, but it's a good idea.
Actually, at the day job we use five reserved addresses: The network address, broadcast address, gateway, and the last two addresses above the broadcast for VRRP, the Virtual Router Redundancy Protocol. VRRP allows us to provide a second path to the Internet for all our clients. I mention this as an object lesson: When allocating addresses for a webfarm, don't cut things too close or you may come up short. Obviously, we can't allocate a netblock smaller than eight addresses, of which only three are usable for servers!
If you've tried to set up a network before this and it didn't work, there are three common problems to check. One likely reason is that you tried to use the 192.168.0.0 address for an actual machine rather than for its reserved purpose. All the other values from .1 to .254 should work just fine. The second possible problem is giving two machines the same number -- but even Windows is smart enough to detect that situation and put up a meaningful error message. The third possible problem has to do with your netmask, which we'll explain in just a moment.
Let's try a more modern example using a smaller netblock. If you understand this one, you've mastered the subject. Let's say you need to set up a network with 16 addresses. That's a power of two, so it's a legitimate size for a "netblock." For a challenge, let's start it somewhere other than the zero address this time. (Yes, you can do that!)
To use a block of addresses smaller than a whole byte's worth, we use a netmask. It's another four-byte number that acts like a stencil or a paper mask. Where all the bits are "1", that part of the matching IP address always stays the same. Where the bits of the mask are "0", the bits in your IP addresses can vary. Here's a picture:
| Example One - a "Class C", 256 addresses: | |
| In binary: | |
| Your network address: | 11000000.10101000.00011000.00000000 |
| Your netmask: | 11111111.11111111.11111111.00000000 |
| Your addresses can be: | 11000000.10101000.00011000.00000000 |
| through: | 11000000.10101000.00011000.11111111 |
| In decimal: | |
| Your network address: | 192.168.24.0 |
| Your netmask: | 255.255.255.0 |
| Your addresses can be: | 192.168.24.0 |
| through: | 192.168.24.255 |
| Example Two - one half of a "Class C," or 128 addresses: | |
| In binary: | |
| Your network address: | 11000000.10101000.00011000.10000000 |
| Your netmask: | 11111111.11111111.11111111.10000000 |
| Your addresses can be: | 11000000.10101000.00011000.10000000 |
| through: | 11000000.10101000.00011000.11111111 |
| In decimal: | |
| Your network address: | 192.168.24.128 |
| Your netmask: | 255.255.255.128 |
| Your addresses can be: | 192.168.24.128 |
| through: | 192.168.24.255 |
| Example Three - one sixteenth of a "Class C," or 16 addresses: | |
| In binary: | |
| Your network address: | 11000000.10101000.00011000.00010000 |
| Your netmask: | 11111111.11111111.11111111.11110000 |
| Your addresses can be: | 11000000.10101000.00011000.00010000 |
| through: | 11000000.10101000.00011000.00011111 |
| In decimal: | |
| Your network address: | 192.168.24.16 |
| Your netmask: | 255.255.255.240 |
| Your addresses can be: | 192.168.24.16 |
| through: | 192.168.24.31 |
| Example Four - ditto: | |
| In binary: | |
| Your network address: | 11000000.10101000.00011000.00000000 |
| Your netmask: | 11111111.11111111.11111111.11110000 |
| Your addresses can be: | 11000000.10101000.00011000.00000000 |
| through: | 11000000.10101000.00011000.00001111 |
| In decimal: | |
| Your network address: | 192.168.24.0 |
| Your netmask: | 255.255.255.240 |
| Your addresses can be: | 192.168.24.0 |
| through: | 192.168.24.15 |
It's easier to type in decimal, but it makes more sense in binary. The parts of the netmask that are "1" are the parts that cannot change. Where the netmask has zeros, you are free to use either zeros or ones in your address. All of the zeros in the netmask must come at the end. The more "ones" you have, the fewer the number of zeros, and so the smaller the size of the block (the fewer choices you have).
Another way of writing the netmask is to count the number of "ones" and put it after the network address -- saying "192.168.0.16/28" is the same as saying "192.168.0.16 with netmask 255.255.255.240" (Count the red ones in the binary version of Example Three and Four above. There should be 28 of them.) Note that both of those examples use the same netmask -- the only difference is the starting address.
A customer recently tried to set up two blocks, a /27 and a /28, that just happenned to share the same broadcast address. That can work, sort of... sometimes two machines in that situation can even ping each other. But that just makes it harder to diagnose the problems that arise. Check your netmask against your allocation, early and often.
Let's pretend I'm the IANA, and you and your two next-door neighbors are small Internet Service Providers. I'm going to give your first neighbor the block of sixteen addresses starting at 192.168.32.0. His netmask is /28, or 255.255.255.240. That means the next available block would be the network starting at 192.168.32.16. Now, just to be different, I'd like to give you 32 addresses -- but I can't do that if I'm going to give you the next available address. Why not? Try setting up the netmask, and you'll see that a 32-address netmask is /27, or 255.255.255.224. If you apply that mask to the address 192.168.32.16, you will see that it covers the range beginning at .0 and ending at .31 -- and that includes your neighbor's sixteen addresses. Remember, where the netmask has zeros, that means that all the values are allowed. You can't tell your neighbor "It's okay, I just won't use those numbers." Starting at .16 and applying the /27 netmask says that "You are in the middle of a block that includes everything from .0 to .31" -- and your network card is going to assume that it can talk to any other NICs that it finds in that range. So when we divide up a block of addresses, we have think in terms of chunks that do not overlap.
| Example Five: | |||
| Your network address: | 11000000.10101000.00100000.00010000 | or | 192.168.32.16 |
| Your netmask: | 11111111.11111111.11111111.11100000 | or | 255.255.255.224 |
| Your addresses can be: | 11000000.10101000.00100000.00000000 | or | 192.168.32.0 (oops!) |
| through: | 11000000.10101000.00100000.00011111 | or | 192.168.32.31 |
The problem is that .16 is not the first address in the netblock specified by the netmask. It's natural to think "Start at .16 and add to it," but the netmask says that the bit in "the sixteens place" can be zero as well as one. A chunk of thirty-two addresses has to start on a multiple of 32. A chunk of sixty-four addresses has to start on a multiple of 64, and so forth.
As the make-believe IANA, I have to give the next sixteen addresses to someone else before I can give you a 32-address chunk. Giving away two chunks of 16 addreses is the same as giving away one chunk of 32 addresses, so now I'm ready to give away a 32-address block. So I skip over you, give your other neighbor 16 addresses, and come back to you.
What addresses do you get, and what are your reserved addresses?
Your (second) neighbor's broadcast address is the last address in her block: 192.168.32.31. Your network address is the first one after that, 192.168.32.32. You get 32 addresses, so your last address is 192.168.32.63 -- that will be your broadcast address. To tell your computers that they are only to use 32 addresses and not the entire Class C, you must specify a netmask, which in this case would be 255.255.255.224.
Note that two computers on a LAN use the broadcast address to find each other, and the netmask determines the broadcast address. If your two computers don't use the same netmask, they won't find each other. That is the third of the "three common problems" mentioned above.
Now you can open the Windows Control Panel, Networks applet, and assign an address to your computer. Let's say 192.168.32.34, netmask 255.255.255.224.
This process is called "setting up a static IP address." You do this in Windows by opening the "Network" icon in the Windows Control Panel. In Linux, you can do it from the command line by running the command "ifconfig" (which is short for "interface configuration"):
linux$> ifconfig eth0 192.168.32.34 netmask 255.255.255.224 linux$> route add -net 192.168.32.32
There is another choice: "setting up a dynamic IP address." It's simpler, because you generally get someone else -- a "Network Administrator" -- to do the hard part for you. :-) Instead of having a permanent static address entered into a configuration file, an address is temporarily assigned or "leased" to your machine by a DHCP server. DHCP is another example of a protocol (remember, a protocol is just a scheme or method for doing something). Many providers of "cable modem" service use it to give you your address. If you are using Microsoft Windows, you can see your current address by running the command winipcfg from the Run option of the Start menu. In Linux, there are a couple of DHCP utilities; one is called dhcpd, and another is called pump. Running one of them should persuade any DHCP server within reach to assign an address to your Linux system.
In a current RedHat or Mandrake setup, you save your static address (including netmask!) by updating the file /etc/sysconfig/network-scripts/ifcfg-eth0. The gateway address is set in the file /etc/sysconfig/networks.
If you decide to use an IP sharing device it may also act as a DHCP server. It will probably have a web-based interface where you can specify a "pool" of available numbers for it to assign to other devices on your LAN. You may also be able to set it up so that some devices on your home LAN will have fixed or "static" addresses, while others get their addresses using DHCP. (As a consultant, it's convenient for me to leave my notebook set up to use a dynamic address, because most of the clients I visit use DHCP to assign addresses to machines on their office LANs.)
If you've read this far without having your eyes glaze over, you're doing well. Congratulations! I'd like to encourage you to continue, whether by picking up a real networking book, or at least reading the Linux Documentation Project (LDP) Networking HOW-TO. For less handwaving, check the online course at www.freesoft.org; it's part of Connected: An Internet Encyclopedia.
If you have questions about your physical network connection, go on to our next thrilling chapter, Hubs, Switches, and Routers.
If you got here by way of the Hands-on How-to for Linux connection sharing, you can get back to it now. Thanks for visiting!
You are invited to discuss this article with the author on the Brass Cannon webboard.
