08-03-2011, 02:28 PM
presented by:
Kent Reuber
Building-Home-Network[1].ppt (Size: 1.2 MB / Downloads: 65)
Building a Home Network
Outline
Will focus on physical layouts. Hard to get very specific.
Z Too many OS versions and network hardware combinations.
Example network layouts.
Z Example home network components.
Z General recommendations
Buying things:
Z Ask questions (e.g., Expert Partners list) before you buy. Have a goal…
Z Check online to see if manuals are available.
Z Buy stuff that you can return, if possible.
Use dedicated hardware (e.g., print servers, broadband routers) rather than software
Z Dedicated hardware is more robust and simpler to operate.
Z Don’t have to depend on a computer being up.
Networking shopping list
Necessary or highly recommended:
Z Internet Service Provider (ISP).
Z Broadband (NAT) router.
Z Print server or network printer.
Z Cables.
Optional:
Z Wireless access point.
Z Wireless repeater.
Z Small hubs/switches.
Z Web cams, …
Network addressing
Z All IP addresses within the network must be unique.
Z Check your docs for subnet mask and gateway.
Z Most broadband routers have DHCP servers, so you don’t have to manage addresses manually.
Broadband routers
Broadband (NAT) router
Z Hides network from the outside world using NAT.
Connections:
Z WAN Ethernet interface for connection to ISP equipment.
Z Ethernet LAN interface(s).
Z Usually also has wireless.
What is NAT?
Z NAT = “Net Address Translation”
Z Several different methods. For the gory details, see RFC 1613.
Z Most frequently encountered method is the one used in home broadband routers which “hide” an entire non-routable network range behind a single routable “public” IP address.
Z Ref: Bill Dutcher: “The NAT Handbook” (Wiley)
Why would you want to use NAT?
Z Allows you to buy a single IP address from your ISP and share that address among a large number of devices. (May save $$)
Z All devices on the local network can access the Internet at the same time, though the bandwidth is shared.
Firewall:
Z Outside hosts can *reply* to hosts behind the NAT router.
Z Inside hosts have to initiate the connection.
Z Note: there are some ways around this.
Z NAT router setup
Z NAT routers are given two IP’s addresses:
Z 1 non-routable (LAN -- you)
Z 1 routable (WAN – ISP)
Z Machines on LAN side get special non-routable addresses (usually 10.*.*.* or 192.168.*.*).
Z No IP addresses in these ranges are routed on the Internet.
Z How NAT works
Z Normal routers maintain source and destination IP addresses from end-to-end.
Z NAT routers change IP addresses and port.
Z Outgoing packets appear to come from the NAT router’s public address.
Z NAT routers keep track of each “flow” so that replies can be returned.
Z How NAT firewalling works
Z Suppose a host (either friendly or malicious) sends a packet to the NAT router without the connection being initiated from the inside.
Z Outside hosts can’t send directly to the hosts on the local network side -- they have non-routable addresses!
Z Since there is no entry in the flow table, the NAT router has no idea where to forward it and drops the packet. Instant firewall!
Z Circumventing the NAT firewall (if you must)
Z You may want to run a server behind your NAT router. How do you let in some traffic?
Z NAT routers have a limited ability to “port forward”, sending all traffic to a given computer on the internal net and bypassing the flow table.
Z For example:
Z Send all Web traffic (port 80) to 192.168.1.3
Z Send all mail traffic (port 25) to 192.168.1.5
Z You can get hacked if forwarded port is running a vulnerable service! For example, if your IIS Web server isn’t patched, your firewall won’t help you. Always keep services with open ports patched.
Z Should you use a NAT router?
Z It’s your only choice if you get 1 address from your ISP and you want to create a network.
Z If you get multiple addresses from your ISP, you don’t necessarily need one, but it’s still a good idea.
Z Examples: Stanford DSL, Stanford West, Welch Rd. apartments.
Z May want to put one or more hosts on the public side of the NAT (e.g., file server).
Z You should keep most private information (e.g., bank accounts) on the private side.
Z Example home network: mixed public/NAT setup
Z Wireless
Z Wireless frequency choices
Z Usually you’ll want wireless 802.11b/g support.
Z My opinion: wait on 802.11n until the standard is more mature.
Z Internet access speed is usually limited by the ISP.
Z Most DSL is only 1 Mbps. Even 802.11b won’t be a bottleneck.
Z Faster 802.11g usually only matters for transfers within your network.
Z Wireless network name
Z A computer will be able to roam freely between access points with the same network name (also called SSID)
Z Any of your access points should have a different SSID than those of your neighbors.
Z In most cases, all of your access points should broadcast the same SSID.
Z If you put up your own wireless on campus, it should not use the SSID “Stanford”. Use a name that indicates that it belongs to you.
Wireless protection
Z Use address filters, WEP or WPA to prevent neighbors from using your wireless.
Z May want to use hidden SSID (network name).
Z Use encrypted protocols (https, SSH, Kerberos, SSL) especially in public wireless areas.
Printing and cabling
Z Print server
Z Used to network a printer that doesn’t have a network interface.
Z Usually has one Ethernet and one or more parallel or USB interfaces.
Wireless also available.
Cables
Z Ethernet cables
Z Category 5 or 5e is sufficient. No need for Category 6.
Z Only 2 pair cable is necessary for 10/100. Gigabit needs 4 pairs.
Z May need crossover cables for switch-switch connections.
Z May also need USB or parallel cables.
Other devices
Z Wireless access point
Z Wireless broadband router without the router.
Z Usually only 1 Ethernet port.
Z Use if you need more than one wireless for coverage.
Z Also useful if your broadband router doesn’t have wireless.
Z Range extenders are also available.
Hubs and switches
Z Probably doesn’t matter which you use. Unlikely that your net is so congested that a switch would add performance.
Z Switch speed is almost always faster than your ISP, so switch speed will not be a bottleneck to accessing the Internet.
Z Always remember not to create loops in cabling -- you must wire in a “star” shape.
Z Web cams
Z Many of the new Internet cameras have built-in Web servers so that you don’t need a computer.
Z Some people use cams for security or just to watch their kittens…
Voice over IP (VoIP)
Z Many companies are starting to sell equipment that can place calls over Internet connections.
Z Expect lower quality voice, but you may save money.
Stanford-run networks
Stanford DSL
Z 5 usable Stanford IP addresses.
Z Network is ready to go.
Z Can access resources IP limited resources (e.g., journals)
Z Don’t need a broadband router, but it’s still a good idea.
Netopia router (provided):
Z Can distribute your addresses via DHCP. Good for laptops.
Z Has 4 10/100 ports for devices.
Z Only routes IP.
Z DNS is provided by campus servers.
Z You can connect to your computer by specifying its hostname (xxx.stanford.edu).
Kent’s Stanford DSL Network
Stanford West/Welch Rd.
Z 10Mbit Ethernet service. Not DSL!
Z Way faster than DSL. 100Mbit service available.
Z Up to 4 Stanford IP address for each paid jack. Can also get additional private (non-routable) addresses for print-servers, access points, etc.
Z Like department Ethernet networks, any network protocol that gets sent onto the wire can affect your neighbors. Play nice!
Z DHCP & DNS provided by campus servers.