Which type of network is used in corporate offices?

Interconnecting Ethernet Devices

Figure 5.12 illustrates a basic in-home (or office) network with two computers and a game console. Other devices could be connected. All wiring is home-run from a hub or central device. The specified maximum distance between any endpoint and the hub is 100 meters. The end devices, computers, game consoles, or whatever are known as data terminal equipment (DTE). The central device has a number of names, depending on what it does and who is naming it.

Ethernet connections (at least the common ones you are likely to encounter) are never looped through from one device to another. Despite the attempts of some home installers to install loop-through connections, it doesn't work. Loop-through means that the same wire pairs are run from one outlet to another, after originating at a hub. Suppose you have a loop-through connection as shown on the game console in the figure. If the game console (or computer or whatever) is placed at the end of the loop-through, it will work. But if it is placed at the first point, as shown, the cable from there to the end of the loop-through will act as an unterminated stub and will reflect pulses, disrupting the performance of the link. We have found that in some cases, terminating the end connection point will allow the system to work, but this is only an emergency solution, not a recommendation.

It is true that one Ethernet connection will listen for others transmitting before it transmits, but physically what happens is that there is a central hub that can echo signals entering one port to all other ports. The hub may perform other functions as well. A hub is a common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN, as shown in Figure 5.12. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.

A switch, or sometimes switching hub, is a bit more intelligent. It filters and forwards packets between LAN segments. Each DTE is assigned a unique identification called a MAC address, described later. A switch learns the MAC address of each DTE connected to it; when it gets a packet with that MAC destination address, it forwards the packet only to the appropriate port. The switch learns the MAC address of each DTE by listening to what comes in on that port. Each transmission includes a destination MAC address and a source MAC address. The switch listens to the source addresses to learn what is on each port. This usually suffices to allow the switch to know how to route any packet it receives.

However, sometimes a packet will arrive with a destination MAC address the switch doesn't recognize. In that case, the switch will replicate the packet on all ports, just as a hub would do. When the correct port (if any) receives the packet and sends an acknowledgment, the switch will learn the correct port for that MAC address.

A router is a yet more intelligent device that can operate at layer 3 as well as layer 2. It often is placed between two LANs or between a LAN and a WAN. We shall cover their functions in more detail later.

A gateway is a router used to connect two or more networks, as shown in Figure 5.12. It may have a number of higher-layer services, which will be described below.

A bridge is a low-end gateway that interconnects two LANs or two segments of the same LAN.

L2F

Cisco’s Layer 2 Forwarding protocol is used for tunneling the link layer (layer 2 in the OSI model). This protocol allows for virtual dial-up that allows for the sharing of modems, ISDN routers, servers, and other hardware.

This protocol was popular in the mid- to late-1990s and was utilized by Shiva’s products to share a bank of modems to a network of personal computers. This was a fantastic cost savings for network administrators wanting to share a small number of modems and modem lines to a large user group. Instead of having 50 modems hooked up to individual PCs, you could have a bank of eight modems that could be used during the day to dial out and connect to external resources, becoming available at night for workers to dial back into the computer system for remote access to corporate data resources.

For those long-distance calls to remote computer systems, an employee could dial into the office network. For security and billing reasons, the office computer system would dial back to the home user. The home user would access a second modem line to dial out to a long distance computer system. This would eliminate all charges for the home user except for the initial call to get connected. RFC 2341 on IETF.org gives you the detailed standard.9

IV.B Telecommunications Link

Early telecommuting programs provided voice-grade telephone lines and analog modems to link the remote employee's computer to the office network. The bandwidth limitations of these early systems restricted the communication to e-mail and Telnet to remote systems. It was difficult to maintain this link reliably for the entire workday. Many studies of telecommuting cost-effectiveness focused on the cost of providing this link and the related productivity enhancement. ISDN (Integrated Services Digital Network) provided the first reliable digital links via phone lines. The system had many configuration complexities and never became a significant method of providing digital links to the home. The delivery of a robust digital link for the last mile, the link from the branch office to the home, remained a problem for many years and stalled many telecommuting programs.

Two currently popular approaches to providing digital links for the last mile are DSL (Digital Subscriber Lines) and cable modems. DSL uses existing telephone wiring, and conditioning of the line to provide bandwidths of up to 512 Kbps to the home. However, the technology works only for a short hop from the branch office to the home and is dependent on the quality of the wiring. After many stumbling blocks DSL services are slowly being rolled out across the country. Cable modems use the coaxial cable delivering TV to the home. This cable is intrinsically capable of much higher bandwidth than telephone wires. The problem here is that cable wiring is designed to broadcast multiple TV channels to all the households in a loop. This means that the individual user does not have a private line to the branch office; rather the individual shares the cable bandwidth with other customers in the loop. As a result available bandwidth varies with the number of users on a loop. Both technologies do provide vastly improved bandwidth to users and eliminate the need to make the connection required with analog telephone lines. This means that maintaining a broadband connection to an office for the entire workday (or longer) is no longer a challenging feat in much of the country.

A third approach does away with the wires altogether by using wireless access. Because communications between the user and the central office are very bursty in nature, the bandwidth in a dedicated connection is used only for short intervals. Hence, a well-designed system can manage to provide continuous links using a shared wireless link.

Computer peripherals

Traditionally, computer peripherals like printers and scanners were connected to the back of one of the workstations in a typical office network. The workstation would act as a server to all other workstations wanting to use the peripheral. Nowadays, it is becoming quite common for peripherals to connect directly to the office's local area network (Figure 1-7). That is, without the use of a workstation managing the printer driver. From the user's point of view, the printer or plotter looks just like another web site. The user accesses the printer web site using their Internet browser to control and setup its parameters (page size etc), and to send it files for printing. One very practical advantage of this method is that individual workstations do not need to have special printer device drivers installed. Any workstation with a web browser can use the peripheral immediately.

5.3.1 Indoor Optical Communications: Visible Light Communication and Li-Fi

Indoor communications have been described in the literature extensively [4,5]. Indoor FSO networks are desirable for wireless broadband communications inside houses and offices. The optical wireless home and office networks are used to construct a LAN comprised of various cells that divide various sections within the building. A base station for each cell has a number of terminals connected by short-range FSO communication links. These links are basically infrared (IR) links using LEDs or diode lasers at visible wavelengths offering visible light communication (VLC). These wireless optical cells in a given section of the building or a room are connected and integrated with a broadband infrastructure. Indoor FSO optical links can be line-of-sight (LOS), or non–line-of-sight (NLOS), which is established by reflection, scattering, or diffused mechanisms inside the room. LOS link requires a direct path between a transmitter and a receiver whereas for a NLOS link lights from a diffused source undergo multipath propagation due to reflection and scattering by the walls, ceilings, floor, and furniture or objects in the room. Because of a better power budget the LOS links achieve higher capacity supporting higher data rate compared to NLOS links; however, the NLOS links are more robust to support mobile terminals. The diffused system for NLOS suffers multipath dispersion, causing pulse spreading and severe intersymbol interference (ISI), thus offering a lower data rate. Since fundamentals and different architectures of indoor communications are discussed in the literature [4,5], some specific areas of indoor communications, namely VLC and introductions to the Li-Fi for broadband communications, will be emphasized here. Fig. 5.2 shows visible light spectrum of electromagnetic waves for selecting LED/LD emitters for visible light communication applications.

Service Node

Modern computer systems often rely on network support to function at all. It is common for machines to obtain IP addresses from Dynamic Host Configuration Protocol (DHCP) servers, to pick their root file systems from NFS, or to load kernels over FTP or TFTP. To simplify the simulation of such systems, Simics provides a service node for Ethernet and TCP/IP. As shown in Figure 5.2, the service node is a member of the simulated network with its own Ethernet MAC and IP address. It provides the most common TCP/IP network services, including DHCP, DNS, PING, RARP, FTP, TFTP, and NFS.

With the service node, it is easy to create a self-contained Simics setup that lets a target machine boot from the network or load user files over FTP without having to connect the simulated network to the real world and set up a server on the simulation host. This means that the execution is deterministic, checkpointable, and repeatable, and that setups can be trivially provided from one user to another without needing anything except Simics.

A Cautionary Tale

Wrecking the Host Network

It has happened more than once that Simics users have left a service node active in their virtual network as they connected it to the physical office network. If you use a sufficiently low-level connection mechanism like raw sockets or low-level bridging, this implies that the Simics service node finds itself on the office network. This means that it will see and reply to DHCP requests from real machines. For some reason it has proven to be very fast at replying and will often win over the real DHCP servers. Thus, when other machines on the office network do DHCP requests, the Simics service node would reply, giving them addresses that are quite bogus from the perspective of the real world, neatly shutting down network communications and generally causing mayhem.

The lesson is that there is a reason that raw sockets are restricted on all modern operating systems (it is far too easy to accidentally do bad things with them, not to mention what can be done intentionally). It is also important to know what you are doing when starting to connect different networks—if you bridge a virtual network to the real network, you essentially become an IT administrator for the entire office network. As discussed later, the NAT-based real-network connection does not have this problem and is sufficient for many use cases.

Accessing SQL Server from home

The most common reason for not following the advice laid out in this chapter is to make it easier for the database administrator or developer to connect to the SQL Server remotely, so that problems can be addressed as quickly and easily as possible. Being able to respond to issues quickly is an admirable goal; however, keep in mind that if you can connect to the SQL Server from anywhere, then so can someone who isn’t supposed to be able to.

The only secure way to connect from outside a network to inside the network is to use a Virtual Private Network (VPN) connection. This allows you to create a secure encrypted tunnel between your home computer to your office or data center. Your home computer is then issued an IP Address on the office network, and you are able to communicate with the office computers over the secured link instead of connecting to the machines directly over the public Internet. Even if you have multiple offices or an office and a data center, you can configure your network so that you can connect to one location and then access the other sites over secure connections between your facilities.

The office-to-office or office-to-data center connections are usually made in the same way, with a persistent site-to-site VPN connection. This site-to-site VPN connection is very similar to the one that you use from your home computer to the office, except that it is persistent, always on connection that connects as soon as the devices on both sides of the VPN connection are booted up. This allows you to easily and cheaply expand your network across multiple sites without the expense of purchasing a dedicated network line between the sites. This network connection design may be better explained with the diagram shown in Figure 1.4.

Figure 1.4 shows two facilities: the office that uses the subnet 10.3.0.0, and the CoLo (Colocation) that has our servers in it, which uses the subnet 10.3.2.0. Our house uses the default IP range, which our home router uses and is probably 192.168.0.1. There is then a site-to-site VPN connection between the routers at the CoLo and the office that allows those two networks to talk to each other securely. When a connection is needed to an office computer, or a server located at the CoLo, you can simply VPN (Virtual Private Network) into the office network. This VPN connection effectively puts the remote machine on the office network. From the office network, the network routers allow access to the office machines and the servers at the CoLo over a secure, encrypted connection. This secure VPN connection allows users to quickly and easily manage the servers in their environment without exposing the servers to the public Internet, allowing the user not only to manage the servers, but to manage them safely.

FAQ