Local area networks - Interconnection

systems
Article Table of contents

The need for interconnections

A local area network is used to connect an organisation's computers to one another;
nevertheless, a single organisation often includes several local area networks, so it is
sometimes necessary to link the networks together. In such a case, specialised equipment
is needed.
If it's just two networks of the same type, all that is needed is to send the data frames
from one to the other. Otherwise, that is, when the networks use different protocols, you
need to convert the protocol before sending the frames. For this reason, the equipment
that must be installed varies depending on the configuration at hand.

Connection equipment
The primary hardware set up in local area networks is:

Repeaters, used to refresh a signal

Hubs, used for connecting multiple hosts together
Bridges, used for linking local area networks of the same type
Switches, used for linking various elements while they divide up the network
Gateways, used for linking local area networks of different types
Routers, used for linking numerous local area networks so as to allow data to
travel optimally between networks
Bridge/routers, which join the features of a router and a bridge

Network equipment - The hub

Article Table of contents

What is a hub?
A hub is an element of hardware for centralising network traffic coming from multiple
hosts, and to propagate the signal. The hub has a certain number of ports (it has enough
ports to link machines to one another, usually 4, 8, 16 or 32). Its only goal is to recover
binary data coming into a port and send it to all the other ports. As with a repeater, a hub
operates on layer 1 of the OSI model, which is why it is sometimes called a multiport
repeater.

The hub connects several machines together, sometimes arranged in a star shape, which
gives it its name, due to the fact that all communication coming from the machines on the
network passes through it.

Types of hubs
There are several categories of hubs:

"Active" hubs: They are connected to an electrical power source and are used to
refresh the signal being sent to the ports.
"Passive" ports: They simply send the signal to all the connected hosts, without
amplifying it.

Connecting multiple hubs

It is possible to connect several hubs together in order to centralise a larger number of
machines; this is sometimes called a daisy chain. To do this, all that is needed is to
connect the hubs using crossover cable, a kind of cable which links the in/out ports on
one end to those on the other.
Hubs generally have a special port called an "uplink" for connecting two hubs together
using a patch cable. There are also hubs which can cross or uncross their ports
automatically depending on whether they are connected to a host or a hub.

Up to three hubs can be chained.

If you want to connect multiple machines to your Internet connection, a hub is not
enough. You'll either need to have a router or a switch, or to leave the computer
connected directly as a gateway (it will stay on constantly for as long as the other
computers on the network want to access the Internet.)

Network equipment - Repeater

Article Table of contents

Repeaters
On a transmission line, the signal suffers from distorsion, and becomes weaker as the
distance is between the two active elements becomes longer. Two local area network
nodes are usually no further than a few hundred meters apart; this is why additional
equipment is needed to place nodes beyond that distance.
A repeater is a simple device for refreshing a signal between two network nodes, in
order to extend the range of a network. The repeater works only on the physical layer
(layer 1 of the OSI model), meaning that it only acts on the binary information travelling
on the transmission line and cannot interpret the packets.
What's more, a repeater can be used as an interface between physical media of two
different types, meaning that it can, for example, link a length of twisted-pair wire to a
fibre-optic line.

Network equipment - The hub

Article Table of contents

What is a hub?
A hub is an element of hardware for centralising network traffic coming from multiple
hosts, and to propagate the signal. The hub has a certain number of ports (it has enough
ports to link machines to one another, usually 4, 8, 16 or 32). Its only goal is to recover
binary data coming into a port and send it to all the other ports. As with a repeater, a hub
operates on layer 1 of the OSI model, which is why it is sometimes called a multiport
repeater.

The hub connects several machines together, sometimes arranged in a star shape, which
gives it its name, due to the fact that all communication coming from the machines on the
network passes through it.

Types of hubs
There are several categories of hubs:

"Active" hubs: They are connected to an electrical power source and are used to
refresh the signal being sent to the ports.
"Passive" ports: They simply send the signal to all the connected hosts, without
amplifying it.

Connecting multiple hubs

It is possible to connect several hubs together in order to centralise a larger number of
machines; this is sometimes called a daisy chain. To do this, all that is needed is to
connect the hubs using crossover cable, a kind of cable which links the in/out ports on
one end to those on the other.
Hubs generally have a special port called an "uplink" for connecting two hubs together
using a patch cable. There are also hubs which can cross or uncross their ports
automatically depending on whether they are connected to a host or a hub.

Up to three hubs can be chained.

If you want to connect multiple machines to your Internet connection, a hub is not
enough. You'll either need to have a router or a switch, or to leave the computer
connected directly as a gateway (it will stay on constantly for as long as the other
computers on the network want to access the Internet.)

Network equipment - Bridges

Article Table of contents

Bridges
A bridge is a hardware device for linking two networks that work with the same protocol.
Unlike a repeater, which works at the physical level, a bridge works at the logical level
(on layer 2 in the OSI model), which means that it can filter frames so that it only lets
past data whose destination address corresponds to a machine located on the other side of
the bridge.
The bridge is used to segment a network, holding back the frames intended for the local
area network while transmitting those meant for other networks. This reduces traffic (and
especially collisions) on all networks, and increases the level of privacy, as information
intended for one network cannot be listened to on the other end.
On the other hand, the filtering carried out by the bridge can cause a slight delay when
going from one network to another, and this is why bridges must be carefully placed
within a network.

A bridge's normal role is to send packets between two networks of the same type.

Concept
A bridge has two connections to two distinct networks. When the bridge receives a frame
on one of its interfaces, it analyses the MAC address of both the sender and recipient. If a
bridge doesn't recognise the sender, it stores its address in a table in order to "remember"
which side of the network the sender was on. This way, the bridge can find out if the
sender and receiver are found on the same side or opposite sides of the bridge. If it's the
former, the bridge ignores the message; if it's the latter, the bridge sends the frame along
to the other network.

How a bridge works

A bridge works at the data link layer of the OSI model, meaning that it operates using the
physical addresses of the machines. In reality, the bridge is linked to several local area
networks, called segments. The bridge creates a function table with the machines'
addresses and the segments they belong to, and "listens" to the data running through the
segments.
When data is transmitted, the bridge checks the function table for the segment the
sending and receiving computers belong to (using their physical address, called the MAC
address, and not their IP address). If they belong to the same segment, the bridge does
nothing; otherwise, it switches the data over to the destination computer's segment.

What use is a bridge?

The bridge is used to segment a network, meaning that in the diagram shown above,
communication between the three computers on top will not obstruct the lines running
between the three computers on the bottom. The information will only pass through when
a computer on one side of the bridge sends data to a computer on the other side.
What's more, these bridges can be linked to a modem, so they can work with a remote
local area network as well.
Here is a diagram of a bridge:

Network equipment - The switch

Article Table of contents

Switches
A switch is a multi-port bridge, meaning that it is an active element working on layer 2 of
the OSI model.
The switch analyses the frames coming in on its entry ports and filters the data in order to
focus solely on the right ports (this is called switching and is used in switched
networks). As a result, the switch can act as both a port when filtering and as a hub when
handling connections. Here is a diagram of a switch:

Switching
The switch uses a filtering/switching mechanism that redirects data flow to the most
suitable machines, based on certain elements found in the data packets.
A layer-4 switch, operating on the transport layer of the OSI model, inspects the source
and destination addresses of the messages, and creates a table that lets it find out which
machine is connected to which port on the switch (in general this process is done
automatically, but the switch manager can work differently if the right adjustments are
made).
Once it knows the destination port, the switch only sends the message to the right port,
and the other ports are then free for other transmissions which may be taking place at the
same time. Consequently, each data exchange can run at the nominal transfer rate (more
bandwidth sharing), without collisions, with the end result being a very significant
increase in the network's bandwidth (at an equal nominal speed).

The most advanced switches, called layer 7 switches (corresponding to the application
layer of the OSI model) can redirect data based on advanced application data contained in
the data packets, such as cookies for HTTP, the type of the file being sent for FTP, etc.
For this reason, a layer 7 switch can be used for load balancing, by routing the incoming
data flow to the most appropriate servers, which have a lower load or are responding
more quickly.

Network equipment - Gateways

Article Table of contents

Application gateways
An application gateway is a hardware/software system for connecting two networks
together, in order to serve as an interface between different network protocols.
When a remote user contacts the gateway, it examines his/her request; if that request
corresponds to the rules that the network administrator has set, the gateway creates a link
between the two networks. The information, therefore, is not directly transmitted; rather,
it is translated in order to ensure continuity between the two protocols.
Besides an interface between two different kinds of networks, this system offers
additional security, as all information is carefully inspected (which may cause a delay)
and is sometimes recorded in an event log.
The major drawback of this system is that there must be an application of this kind
available for each service (FTP, HTTP, Telnet, etc.).

Network equipment - Router

Article Table of contents

Router
A router is a device for connecting computer networks to one another, used for handling
the routing of packets between two networks, or to determine the path that a data packet
shall take.
When a user enters a URL, the Web client (the browser) queries the domain name server,
which shows it the IP address of the desired machine.

The workstation sends the request to the nearest router, i.e. to the default gateway on the
network it is located on. This router determines the next machine to which the data will
be forwarded, in such a way as to choose the best pathway possible. To do so, the routers
keep up-to-date routing tables, which are like maps showing the paths that can be taken to
get to the destination address. There are numerous protocols designed to handle this
process.

In addition to their routing function, routers are also used to manipulate data travelling in
the form of datagrams so that they can go from one kind of network to another. As not all
networks are able to handle the same size of data packets, routers are tasked with
fragmenting packets so they can travel freely.

Physical design of routers

The first routers were simply computers with multiple network cards, with each one
linked to a different network. Current routers are mostly hardware designed for routing,
generally in the form of 1U servers.

A router has several network interfaces, with each one connected to a different network.
Therefore, it has one IP address for every network it is connected to.

Wireless router
A wireless router is the same in principle as a traditional router, the difference being that
it lets wireless devices (such as WiFi stations) connect to the networks which the router is
connected to by wired connections (usually Ethernet).

Routing protocols
There are two major types of routing protocols:

Distance vector routers generate a routing table that calculates the "cost" (in
terms of the number of hops) of each route, then sends that table to nearby
routers. Each time a connection request is made, the router chooses the least
costly route.
Link state routers listen to the network continuously, in order to identify the
various elements surrounding it. With this information, each router calculates the
shortest pathway (in terms of time) to each neighbouring router, and sends this
information in the form of update packets. Finally, each router builds its own
routing table by calculating the shortest pathways to all other routers (using the
Dijkstra algorithm).

Network equipment - Bridge/routers

Article Table of contents

Introduction to bridge/routers
A bridge/router is a hybrid element that joins the features of a router and those of a
bridge. Therefore, this kind of hardware is used for transferring non-routable protocols
from one network to another, and to route the others. More precisely, the bridge/router
acts first and foremost as a bridge if it can, and routes the packets if that isn't possible.
A bridge/router can, in some architectures, save more money and space than having both
a router and a bridge.

Proxy and reverse proxy servers

Article Table of contents

Proxy servers

A proxy server is a machine which acts as an intermediary between the computers of a

local area network (sometimes using protocols other than TCP/IP) and the Internet
Most of the time the proxy server is used for the web, and when it is, it's an HTTP proxy.
However, there can be proxy servers for every application protocol (FTP, etc.).

The operating principle of a proxy server

The basic operating principle of a proxy server is quite simple: It is server which acts as a
"proxy" for an application by making a request on the Internet in its stead. This way,
whenever a user connects to the Internet using a client application configured to use a
proxy server, the application will first connect to the proxy server and give it its request.
The proxy server then connects to the server which the client application wants to
connect to and sends that server the request. Next, the server gives its reply to the proxy,
which then finally sends it to the application client

Features of a proxy server

Nowadays, by using TCP/IP within local area networks, the relaying role that the proxy
server plays is handled directly by gateways and routers. However, proxy servers are still
being used, as they have some other features.

Caching

Most proxies have a cache, the ability to keep pages commonly visited by users in
memory (or "in cache"), so they can provide them as quickly as possible. Indeed, the term
"cache" is used often in computer science to refer to a temporary data storage space (also
sometimes called a "buffer.")
A proxy server with the ability to cache information is generally called a "proxy-cache
server".
The feature, implemented on some proxy servers, is used both to reduce Internet
bandwidth use and to reduce document loading time for users.
Nevertheless, to achieve this, the proxy must compare the data it stores in cached
memory with the remote data on a regular basis, in order to ensure that the cached data is
still valid.

Filtering
What's more, by using a proxy server, connections can be tracked by creating logs for
systematically recording user queries when they request connections to the Internet
Because of this, Internet connections can be filtered, by analysing both client requests
and server replies. When filtering is done by comparing a client's request to a list of
authorised requests, this is called whitelisting, and when it's done with a list of forbidden
sites, it's called blacklisting. Finally, analysing server replies that comply with a list of
criteria (such as keywords) is called content filtering.

Authentication
As a proxy is an indispensable intermediary tool for internal network users who want to
access external resources, it can sometimes be used to authenticate users, meaning to ask
them to identify themselves, such as with a username and password. It is also easy to
grant access to external resources only to individuals authorised to do so, and to record
each use of external resources in log files.
This type of mechanism, when implemented, obviously raises many issues related to
individual liberties and personal rights.

Reverse-proxy servers
A reverse-proxy is a "backwards" proxy-cache server; it's a proxy server that, rather than
allowing internal users to access the Internet, lets Internet users indirectly access certain
internal servers.

The reverse-proxy server is used as an intermediary by Internet users who want to access
an internal website, by sending it requests indirectly. With a reverse-proxy, the web server
is protected from direct outside attacks, which increases the internal network's strength.
What's more, a reverse-proxy's cache function can lower the workload if the server it is
assigned to, and for this reason is sometimes called a server accelerator.
Finally, with perfected algorithms, the reverse-proxy can distribute the workload by
redirecting requests to other, similar servers; this process is called load balancing.

Setting up a proxy server

The most widely used proxy, without a doubt, is Squid, a free software program available
for several platforms, including Windows and Linux.
In Windows, there are several programs for setting up a local area network proxy server
at a low cost:

Wingate is the most common solution (but isn't free of charge)

Configuring a proxy with Jana server is becoming more and more common
Windows 2000 includes Microsoft Proxy Server (MSP), which works with
Microsoft Proxy Client